search

aboutcode-org / purldb

Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
https://purldb.readthedocs.io/
35 stars 23 forks source link

Collect endpoint sorting ability and default ordering. #508

Open tdruez opened 4 months ago

tdruez commented 4 months ago

In general, when multiple package entries are found in the PurlDB, we decided to use the most recent version for "package enriching" or data display in ScanCode.io and DejaCode.

When using the packages endpoint, one can use the sort=-version filter for ordering, but this is not available on the collect endpoint.

I think we should:

  1. Add the ability to provide the sort parameter to the collect endpoint
  2. Set a default order_by on the collect endpoint package QuerySet, to avoid returning a random order by the results. I would suggest always sorting by the most recent version, ie: -version, to be coherent with the data we care to display first.
JonoYang commented 4 months ago

@tdruez I've set ordering of the package results from collect to -version. Just wondering: should the sort parameter be a list of fields?

tdruez commented 4 months ago

@JonoYang We want consistency across all endpoints. The sort parameter on collect should work the same way it does on the packages endpoint. https://github.com/nexB/purldb/blob/main/packagedb/api.py#L334

JonoYang commented 3 months ago

@tdruez I've merged #513 and I've deployed it to public instance of purldb. Let me know if there are more changes needed