chore(go-packages):SP-4143 add support for golang packages

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.7.0] - 2026-03-11
+### Added
+- Added support for Golang packages lookup via `GolangProjects` model and `pkg.go.dev` integration
+
 ## [0.6.0] - 2026-03-09
 ### Changed
 - Improved version query in `GetURLsByPurlNameTypeVersion` to cover semver "v" prefix variants using new `SemverTogglePrefix` helper
@@ -71,4 +75,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [0.4.0]: https://github.com/scanoss/go-models/compare/v0.3.0...v0.4.0
 [0.5.0]: https://github.com/scanoss/go-models/compare/v0.4.0...v0.5.0
 [0.5.1]: https://github.com/scanoss/go-models/compare/v0.5.0...v0.5.1
-[0.6.0]: https://github.com/scanoss/go-models/compare/v0.5.1...v0.6.0
+[0.6.0]: https://github.com/scanoss/go-models/compare/v0.5.1...v0.6.0
+[0.7.0]: https://github.com/scanoss/go-models/compare/v0.6.0...v0.7.0

go.mod

@@ -12,23 +12,38 @@ require (
 )
 
 require (
+	github.com/PuerkitoBio/goquery v1.7.1 // indirect
+	github.com/andybalholm/cascadia v1.2.0 // indirect
+	github.com/antchfx/htmlquery v1.2.4 // indirect
+	github.com/antchfx/xmlquery v1.3.7 // indirect
+	github.com/antchfx/xpath v1.2.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/gocolly/colly/v2 v2.1.0 // indirect
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/guseggert/pkggodev-client v0.0.0-20240318140526-cdb0034504cf // indirect
+	github.com/kennygrant/sanitize v1.2.4 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/ncruces/go-strftime v1.0.0 // indirect
-	github.com/package-url/packageurl-go v0.1.3 // indirect
+	github.com/package-url/packageurl-go v0.1.5 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
+	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
+	github.com/scanoss/go-grpc-helper v0.13.0 // indirect
+	github.com/temoto/robotstxt v1.1.2 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
-	go.uber.org/zap v1.27.0 // indirect
+	go.uber.org/zap v1.27.1 // indirect
 	golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/grpc v1.71.0 // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect
+	google.golang.org/grpc v1.79.1 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	modernc.org/libc v1.67.6 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect

internal/testutils/mock/golang_projects.sql

@@ -0,0 +1,26 @@
+DROP TABLE IF EXISTS golang_projects;
+CREATE TABLE golang_projects
+(
+    component                   text    not null,
+    version                     text    not null,
+    version_id                  integer not null,
+    version_date                text    not null,
+    is_module                   boolean,
+    is_package                  boolean,
+    license                     text    not null,
+    license_id                  integer not null,
+    has_valid_go_mod_file       boolean,
+    has_redistributable_license boolean,
+    has_tagged_version          boolean,
+    has_stable_version          boolean,
+    repository                  text    not null,
+    is_indexed                  boolean,
+    purl_name                   text    not null,
+    mine_id                     integer not null,
+    index_timestamp             text    not null,
+    primary key (purl_name, version)
+);
+
+INSERT INTO golang_projects (component, version, version_id, version_date, license, license_id, repository, purl_name, mine_id, index_timestamp, is_indexed) VALUES ('github.com/scanoss/papi', 'v0.0.1', 5958021, '', 'MIT', 5614, 'github.com/scanoss/papi', 'github.com/scanoss/papi', 45, '2022-02-21T19:51:21.112979Z', True);
+INSERT INTO golang_projects (component, version, version_id, version_date, license, license_id, repository, purl_name, mine_id, index_timestamp, is_indexed) VALUES ('google.golang.org/grpc', 'v1.19.0', 5193086, '', 'Apache-2.0', 552, 'github.com/grpc/grpc-go', 'google.golang.org/grpc', 45, '2022-05-09T20:17:02.339878Z', True);
+INSERT INTO golang_projects (component, version, version_id, version_date, license, license_id, repository, purl_name, mine_id, index_timestamp, is_indexed) VALUES ('google.golang.org/grpc', 'v1.7.0', 11640350, '', '', 9999, 'github.com/grpc/grpc-go', 'google.golang.org/grpc', 45, '2023-11-24T20:17:02.339878Z', True);

pkg/models/all_urls.go

@@ -20,10 +20,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"
 
+	"github.com/Masterminds/semver/v3"
 	"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"github.com/jmoiron/sqlx"
-	"github.com/scanoss/go-models/pkg/helpers"
+	purlutils "github.com/scanoss/go-purl-helper/pkg"
 )
 
 // AllUrlsModel provides database access for URL information.
@@ -51,6 +53,20 @@ func NewAllURLModel(db *sqlx.DB) *AllUrlsModel {
 	}
 }
 
+// semverTogglePrefix returns the alternate version string by toggling the "v" prefix.
+func semverTogglePrefix(version string) string {
+	if len(version) == 0 {
+		return version
+	}
+	if _, err := semver.NewVersion(version); err == nil {
+		if version[0] != 'v' {
+			return "v" + version
+		}
+		return strings.TrimLeft(version, "v")
+	}
+	return version
+}
+
 // GetURLsByPurlNameType retrieves all component URLs matching the specified PURL name and type.
 func (m *AllUrlsModel) GetURLsByPurlNameType(ctx context.Context, purlName, purlType string) ([]AllURL, error) {
 	s := ctxzap.Extract(ctx).Sugar()
@@ -99,7 +115,7 @@ func (m *AllUrlsModel) GetURLsByPurlNameTypeVersion(ctx context.Context, purlNam
 		s.Error("Please specify a valid Purl Version to query")
 		return nil, errors.New("please specify a valid Purl Version to query")
 	}
-	semverV := helpers.SemverTogglePrefix(purlVersion)
+	semverV := semverTogglePrefix(purlVersion)
 
 	// This query is same as GetURLsByPurlNameType but adds a WHERE clause for versions
 	query := "SELECT component, v.version_name AS version, v.semver AS semver," +
@@ -120,3 +136,66 @@ func (m *AllUrlsModel) GetURLsByPurlNameTypeVersion(ctx context.Context, purlNam
 	s.Debugf("Found %v results for %v, %v, %v.", len(allUrls), purlType, purlName, purlVersion)
 	return allUrls, nil
 }
+
+// PickOneUrl takes the potential matching component/versions and selects the most appropriate one.
+//
+
+func PickOneUrl(ctx context.Context, allUrls []AllURL, purlName, purlType, purlReq string) (AllURL, error) {
+	s := ctxzap.Extract(ctx).Sugar()
+
+	if len(allUrls) == 0 {
+		s.Infof("No component match (in urls) found for %v, %v", purlName, purlType)
+		return AllURL{}, nil
+	}
+
+	var c *semver.Constraints
+	if len(purlReq) > 0 {
+		s.Debugf("Building version constraint for %v: %v", purlName, purlReq)
+		var err error
+		c, err = semver.NewConstraint(purlReq)
+		if err != nil {
+			s.Warnf("Encountered an issue parsing version constraint string '%v' (%v,%v): %v", purlReq, purlName, purlType, err)
+		}
+	}
+
+	zeroVersion, _ := semver.NewVersion("v0.0.0")
+	var bestVersion *semver.Version
+	var bestURL AllURL
+
+	s.Debugf("Checking versions...")
+	for _, url := range allUrls {
+		if len(url.SemVer) == 0 && len(url.Version) == 0 {
+			s.Infof("Skipping match as it doesn't have a version: %#v", url)
+			continue
+		}
+
+		v, err := semver.NewVersion(url.Version)
+		if err != nil && len(url.SemVer) > 0 {
+			s.Debugf("Failed to parse SemVer: '%v'. Trying Version instead: %v (%v)", url.Version, url.SemVer, err)
+			v, err = semver.NewVersion(url.SemVer)
+		}
+		if err != nil {
+			s.Warnf("Encountered an issue parsing version string '%v' (%v) for %v: %v. Using v0.0.0", url.Version, url.SemVer, url, err)
+			v = zeroVersion
+		}
+
+		if c != nil && !c.Check(v) {
+			continue
+		}
+
+		if bestVersion == nil || v.GreaterThan(bestVersion) {
+			bestVersion = v
+			bestURL = url
+		}
+	}
+
+	if bestVersion == nil { // TODO should we return the latest version anyway?
+		s.Warnf("No component match found for %v, %v after filter %v", purlName, purlType, purlReq)
+		return AllURL{}, nil
+	}
+
+	s.Debugf("Selected highest version: %v", bestVersion)
+	bestURL.URL, _ = purlutils.ProjectUrl(purlName, purlType)
+	s.Debugf("Selected version: %#v", bestURL)
+	return bestURL, nil
+}