Fixed package validation logic an url construction#26
Merged
danielmeppiel merged 2 commits intomicrosoft:mainfrom Nov 13, 2025
Merged
Fixed package validation logic an url construction#26danielmeppiel merged 2 commits intomicrosoft:mainfrom
danielmeppiel merged 2 commits intomicrosoft:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a bug in package validation logic where is_valid_fqdn() failed to recognize fully-qualified package references containing paths (e.g., github.com/user/repo). The fix prevents incorrect URL construction that would result in malformed URLs like https://github.com/github.com/user/repo.git.
Key Changes:
- Modified
is_valid_fqdn()to strip path components before FQDN validation - Added test coverage for the
github.com/user/repoformat
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
src/apm_cli/utils/github_host.py |
Added path-stripping logic to handle package references with path components |
tests/unit/test_github_host.py |
Added test case for github.com/user/repo format to verify the fix |
| return False | ||
|
|
||
|
|
||
| hostname = hostname.split('/')[0] # Remove any path components |
There was a problem hiding this comment.
While this fix solves the immediate issue, the function's name and docstring don't accurately reflect that it now accepts and strips path components. The docstring says "Validate if a string is a valid Fully Qualified Domain Name (FQDN)" but an FQDN by definition shouldn't contain paths.
Consider adding a comment here explaining why path stripping is needed (e.g., "// Strip path components to support package references like 'github.com/user/repo'") or update the function's docstring to document this behavior.
danielmeppiel
approved these changes
Nov 13, 2025
danielmeppiel
added a commit
that referenced
this pull request
Apr 30, 2026
…#1073) * docs(notice): rename NOTICE.md -> NOTICE; add CLA third-party section Two changes, one file rename: 1. Rename NOTICE.md -> NOTICE, matching the Apache / CNCF convention used by upstream third-party-attribution files (kubernetes-sigs/kro, kubernetes-sigs/headlamp, etc.). The .md extension was non-idiomatic for a generated legal artifact -- NOTICE files are read by tooling (license scanners, SBOM generators) that match on the bare filename. Generator (scripts/generate-notice.py), Makefile target, and the NOTICE Drift Check workflow are all updated to operate on the extension-less path. 2. Add a 'Submitted on behalf of a third-party' section to NOTICE, crediting five contributors whose pull requests landed before the microsoft-github-policy-service CLA bot recorded a signature on file. The repo transferred from danielmeppiel/awd-cli to the microsoft org; some early PRs predate CLA enforcement, and we could not retroactively reach all contributors. Mirrors section 7 of common CLA texts (the wording adopted by CNCF NOTICE files). Driven by a new _third_party_submissions block in scripts/notice-metadata.yaml -- legally-significant wording stays alongside the per-component data, not buried in code. Contributors named (verified via Check Runs API against the microsoft-github-policy-service app, license/cla check on every merged PR by each suspected author): - @pofallon (PR #4) - @richgo (PRs #8, #25, #26, #33, #34) - @ryanfk (PR #92 -- bot ran with conclusion=null, output: 'Contributor License Agreement is not agreed yet.') - @foutoucour (PR #108) - @Jah-yee (PR #184) Listed contributors who later sign the CLA (or who were signed under a different GitHub account at the time) can request removal via issue. Co-authored-by: Copilot <[email protected]> * docs(notice): trim third-party section preamble Strip the historical/CNCF-citation paragraph and the verbatim CLA-section-7 quote. Keep only the active sentence (what the listing means + how to request removal). Co-authored-by: Copilot <[email protected]> * docs(notice): address PR #1073 review Three fixes from copilot-pull-request-reviewer: 1. Drop spurious leading '---' separator in the third-party-submissions renderer. render_component already ends each component with '---\n\n', so prepending another '---' produced two consecutive separators in NOTICE. Verified: separator count dropped from 17 to 16. 2. Sweep stale 'NOTICE.md' references in scripts/generate-notice.py (top-level docstring, Modes section, ComponentMeta and DepSpec field docstrings). The constant was renamed; the docs lagged. 3. Append (#1073) PR refs to both CHANGELOG entries; ASCII-correct the arrow ('->' instead of '->'). Co-authored-by: Copilot <[email protected]> --------- Co-authored-by: Copilot <[email protected]> Co-authored-by: Copilot <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Description
Fixed package validation logic. There was an error in the is_valid_fqdn() function when a package name like github.com/user/repo was passed in - it failed to recognise the fqdn.
Fixed by removing the all past the first /.
Added test.
Type of Change
🏷️ IMPORTANT: Apply the appropriate label after creating this PR:
enhancementorfeaturebugorfixdocumentationordocsignore-for-releaseTesting
Checklist
Fixes # (issue)