forge

package

v0.1.0 Latest Latest Go to latest Published: May 13, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/git-pkgs/pin

Links

Open Source Insights

Documentation ¶

Overview ¶

Package forge resolves manifest entries against git forges. Dispatch is purl-driven: pkg:github/owner/repo@ref routes to the GitHub implementation; pkg:gitlab, pkg:bitbucket etc. plug in via the type switch without touching the public surface or lockfile schema.

Index ¶

type Attestation
type Options
type Resolved
type ResolvedFile
type Source
- func New(opts Options) *Source
- func (s *Source) Resolve(ctx context.Context, p *purl.PURL, files []string) (*Resolved, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Attestation ¶

type Attestation = source.Attestation

type Options ¶

type Options struct {
	HTTPClient *client.Client

	// API and CDN base URLs; overridable for tests and self-hosted.
	GitHubAPI   string
	JSDelivrCDN string

	// Verifier validates each attestation bundle the forge path
	// records. Nil = record-only.
	Verifier source.ProvenanceVerifier
}

type Resolved ¶

type Resolved = source.Resolved

type ResolvedFile ¶

type ResolvedFile = source.ResolvedFile

type Source ¶

type Source struct {
	// contains filtered or unexported fields
}

func New ¶

func New(opts Options) *Source

func (*Source) Resolve ¶

func (s *Source) Resolve(ctx context.Context, p *purl.PURL, files []string) (*Resolved, error)

Resolve fetches files for a forge-hosted package. The ref (p.Version) is resolved to a commit SHA which becomes PackageIntegrity and a vcs_revision purl qualifier.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL