packaging.python.org icon indicating copy to clipboard operation
packaging.python.org copied to clipboard

Published 20 hours ago verified publisher icon pypa

Add simple repository API specification

Open EpicWink opened this issue 2 years ago • 9 comments

  • More fleshed-out introduction to the API
  • Add specification for latest standard of both HTML and JSON formats
    • For each API endpoint, its features are described generally, then how those features are provided are described for each format
    • The specifications are summarised (without loss of precision) from the PEPs to ease reading. Let me know if more/all of the specifications should be added to the PEP. I've left out some clarifying notes, rationale, recommendations, etc
    • The specs were added as prose, but perhaps something akin to API docs is more suitable
  • Add OpenAPI spec, specifically detailing the JSON format (inside collapsible)
  • Convert existing history to bullet-list

Solves part of #1093

:books: Documentation preview :books:: https://python-packaging-user-guide--1442.org.readthedocs.build/en/1442/

EpicWink avatar Dec 08 '23 04:12 EpicWink

TODO

  • [x] Add base HTML format specification
  • [x] Add yank support
  • [x] Add versioning metadata
  • [x] Add package metadata file
    • [x] Renamed
  • [x] Add base JSON format specification
  • [x] Add client format selection
  • [x] Add additional fields to JSON format
  • [ ] Ascertain API is HTTP-based
  • [ ] PEP 708 - see EpicWink#3

EpicWink avatar Dec 08 '23 04:12 EpicWink

PEP 503 says nothing about the API being provided via HTTP, while PEP 691 clearly assumes it (I don't think it goes so far as to say that the index server must be using HTTP, though: just use HTTP features like content-negotiation)

EpicWink avatar Dec 08 '23 04:12 EpicWink

PEP 503 is unclear as to whether the project-details lists GPG signature files (ie do they get an <a> element as well?), or if they're only implied. Same goes for core-metadata files.

I'll work under the assumption that they're only implied.

EpicWink avatar Dec 08 '23 09:12 EpicWink

I don't understand how any of these specs relate to PEP 458 (Secure PyPI downloads with signed repository metadata), so I'll leave that out completely for now.

EpicWink avatar Dec 08 '23 10:12 EpicWink

I think this MR could be squash-merged: no need to keep the commit history I think

EpicWink avatar Dec 08 '23 11:12 EpicWink

@dstufft You might be interested in reviewing this, maybe also @pfmoore?

jeanas avatar Dec 10 '23 10:12 jeanas

@EpicWink What is the status of this PR now that #1477 has been merged?

jeanas avatar Jan 25 '24 20:01 jeanas

What is the status of this PR now that #1477 has been merged?

@jeanas this change is a more focused write-up of the simple repo API spec, rather than a copy of the PEPs. This PR is still open for consideration, however some questions I asked above are not answered yet:

  • Is the API based on HTTP?
  • Are GPG signature and core-metadata files to be listed in the project files page?
  • How does PEP 458 relate to the simple repo API spec?
  • Have I summarised the specs too much?
  • Should the specs be displayed as API docs instead of prose (I think I started on this with the JSON format portion)?

EpicWink avatar Jan 25 '24 23:01 EpicWink

cc @CAM-Gerlach ^

webknjaz avatar Jan 26 '24 00:01 webknjaz