Expose wheel metadata file

Author: jobselko

pulp_python/app/pypi/views.py

@@ -29,6 +29,7 @@
 from pulpcore.plugin.viewsets import OperationPostponedResponse
 from pulpcore.plugin.tasking import dispatch
 from pulpcore.plugin.util import get_domain, get_url
+from pulpcore.plugin.models import ContentArtifact
 from pulp_python.app.models import (
     PythonDistribution,
     PythonPackageContent,
@@ -248,7 +249,7 @@ class SimpleView(PackageUploadMixin, ViewSet):
     DEFAULT_ACCESS_POLICY = {
         "statements": [
             {
-                "action": ["list", "retrieve"],
+                "action": ["list", "retrieve", "retrieve_metadata"],
                 "principal": "*",
                 "effect": "allow",
             },
@@ -392,6 +393,29 @@ def retrieve(self, request, path, package):
             kwargs = {"content_type": media_type, "headers": headers}
             return HttpResponse(detail_data, **kwargs)
 
+    # TODO now: extend schema
+    def retrieve_metadata(self, request, path, filename):
+        """Retrieves content of metadata file for a wheel package."""
+        domain = get_domain()
+        _, content = self.get_rvc()
+
+        try:
+            package_content = content.get(filename=filename, _pulp_domain=domain)
+            metadata_ca = ContentArtifact.objects.filter(
+                content=package_content, relative_path=f"{filename}.metadata"
+            ).first()
+
+            if metadata_ca and metadata_ca.artifact:
+                headers = {"Content-Type": "text/plain; charset=utf-8"}
+                with metadata_ca.artifact.file.open("rb") as f:
+                    content = f.read()
+                return HttpResponse(content, headers=headers)
+            else:
+                return HttpResponseNotFound(f"Metadata for {filename} not found")
+
+        except ObjectDoesNotExist:
+            return HttpResponseNotFound(f"Package {filename} not found")
+
     @extend_schema(
         request=PackageUploadSerializer,
         responses={200: PackageUploadTaskSerializer},

pulp_python/app/tasks/upload.py

@@ -7,7 +7,7 @@
 from pulpcore.plugin.util import get_domain
 
 from pulp_python.app.models import PythonPackageContent, PythonRepository
-from pulp_python.app.utils import artifact_to_python_content_data
+from pulp_python.app.utils import artifact_to_metadata_artifact, artifact_to_python_content_data
 
 
 def upload(artifact_sha256, filename, repository_pk=None):
@@ -77,11 +77,16 @@ def create_content(artifact_sha256, filename, domain):
     """
     artifact = Artifact.objects.get(sha256=artifact_sha256, pulp_domain=domain)
     data = artifact_to_python_content_data(filename, artifact, domain)
+    metadata_artifact = artifact_to_metadata_artifact(filename, artifact)
 
     @transaction.atomic()
     def create():
         content = PythonPackageContent.objects.create(**data)
         ContentArtifact.objects.create(artifact=artifact, content=content, relative_path=filename)
+        if metadata_artifact:
+            ContentArtifact.objects.create(
+                artifact=metadata_artifact, content=content, relative_path=f"{filename}.metadata"
+            )
         return content
 
     new_content = create()

pulp_python/app/urls.py

@@ -39,5 +39,10 @@
         SimpleView.as_view({"get": "list", "post": "create"}),
         name="simple-detail",
     ),
+    path(
+        PYPI_API_URL + "<str:filename>.metadata",
+        SimpleView.as_view({"get": "retrieve_metadata"}),
+        name="simple-metadata",
+    ),
     path(PYPI_API_URL, PyPIView.as_view({"get": "retrieve"}), name="pypi-detail"),
 ]

pulp_python/app/utils.py

@@ -1,4 +1,5 @@
 import hashlib
+import logging
 import pkginfo
 import re
 import shutil
@@ -14,10 +15,13 @@
 from packaging.requirements import Requirement
 from packaging.version import parse, InvalidVersion
 from pypi_simple import ACCEPT_JSON_PREFERRED, ProjectPage
-from pulpcore.plugin.models import Remote
+from pulpcore.plugin.models import Artifact, Remote
 from pulpcore.plugin.exceptions import TimeoutException
 
 
+log = logging.getLogger(__name__)
+
+
 PYPI_LAST_SERIAL = "X-PYPI-LAST-SERIAL"
 """TODO This serial constant is temporary until Python repositories implements serials"""
 PYPI_SERIAL_CONSTANT = 1000000000
@@ -206,25 +210,34 @@ def get_project_metadata_from_file(filename):
     return metadata
 
 
-def compute_metadata_sha256(filename: str) -> str | None:
+def extract_wheel_metadata(filename: str) -> bytes | None:
     """
-    Compute SHA256 hash of the metadata file from a Python package.
+    Extract the metadata file content from a wheel file.
 
-    Returns SHA256 hash or None if metadata cannot be extracted.
+    Returns the raw metadata content as bytes or None if metadata cannot be extracted.
     """
     if not filename.endswith(".whl"):
         return None
     try:
         with zipfile.ZipFile(filename, "r") as f:
             for file_path in f.namelist():
                 if file_path.endswith(".dist-info/METADATA"):
-                    metadata_content = f.read(file_path)
-                    return hashlib.sha256(metadata_content).hexdigest()
-    except (zipfile.BadZipFile, KeyError, OSError):
-        pass
+                    return f.read(file_path)
+    except (zipfile.BadZipFile, KeyError, OSError) as e:
+        log.warning(f"Failed to extract metadata file from {filename}: {e}")
     return None
 
 
+def compute_metadata_sha256(filename: str) -> str | None:
+    """
+    Compute SHA256 hash of the metadata file from a Python package.
+
+    Returns SHA256 hash or None if metadata cannot be extracted.
+    """
+    metadata_content = extract_wheel_metadata(filename)
+    return hashlib.sha256(metadata_content).hexdigest() if metadata_content else None
+
+
 def artifact_to_python_content_data(filename, artifact, domain=None):
     """
     Takes the artifact/filename and returns the metadata needed to create a PythonPackageContent.
@@ -245,6 +258,27 @@ def artifact_to_python_content_data(filename, artifact, domain=None):
     return data
 
 
+def artifact_to_metadata_artifact(filename: str, artifact: Artifact) -> Artifact | None:
+    """
+    Creates artifact for metadata from the provided wheel artifact.
+    """
+    if not filename.endswith(".whl"):
+        return None
+
+    with tempfile.NamedTemporaryFile("wb", dir=".", suffix=filename) as temp_file:
+        shutil.copyfileobj(artifact.file, temp_file)
+        temp_file.flush()
+        metadata_content = extract_wheel_metadata(temp_file.name)
+        if not metadata_content:
+            return None
+        with tempfile.NamedTemporaryFile(suffix=".metadata") as metadata_temp:
+            metadata_temp.write(metadata_content)
+            metadata_temp.flush()
+            metadata_artifact = Artifact.init_and_validate(metadata_temp.name)
+            metadata_artifact.save()
+            return metadata_artifact
+
+
 def fetch_json_release_metadata(name: str, version: str, remotes: set[Remote]) -> dict:
     """
     Fetches metadata for a specific release from PyPI's JSON API. A release can contain

pulp_python/app/viewsets.py

@@ -348,6 +348,7 @@ class Meta:
         }
 
 
+# TODO now: create metadata artifact for sync upload
 class PythonPackageSingleArtifactContentUploadViewSet(
     core_viewsets.SingleArtifactContentUploadViewSet
 ):

pulp_python/tests/functional/api/test_pypi_apis.py

@@ -137,6 +137,38 @@ def test_package_upload_simple(
     assert summary.added["python.python"]["count"] == 1
 
 
+@pytest.mark.parallel
+def test_wheel_package_upload_with_metadata(
+    python_content_summary,
+    python_empty_repo_distro,
+    python_package_dist_directory,
+    monitor_task,
+):
+    """Tests that the wheel metadata artifact is created during upload."""
+    repo, distro = python_empty_repo_distro()
+    url = urljoin(distro.base_url, "simple/")
+    dist_dir, egg_file, wheel_file = python_package_dist_directory
+    response = requests.post(
+        url,
+        data={"sha256_digest": PYTHON_WHEEL_SHA256},
+        files={"content": open(wheel_file, "rb")},
+        auth=("admin", "password"),
+    )
+    assert response.status_code == 202
+    monitor_task(response.json()["task"])
+    summary = python_content_summary(repository=repo)
+    assert summary.added["python.python"]["count"] == 1
+
+    # Test that metadata is accessible
+    metadata_url = urljoin(distro.base_url, f"{PYTHON_WHEEL_FILENAME}.metadata")
+    metadata_response = requests.get(metadata_url)
+    assert metadata_response.status_code == 200
+    assert metadata_response.headers["content-type"] == "text/plain; charset=utf-8"
+    assert len(metadata_response.content) > 0
+    metadata_text = metadata_response.text
+    assert "Name: shelf-reader" in metadata_text
+
+
 @pytest.mark.parallel
 def test_twine_upload(
     pulpcore_bindings,