aboutcode-org
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 44 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 18 additions & 0 deletions b/‎.github/workflows/release.yml‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 69 additions & 0 deletions b/‎Makefile‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 82 additions & 1 deletion b/‎README.md‎
Lines changed: 82 additions & 1 deletion
@@ -0,0 +1,44 @@
+name: Test CI
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-test:
+    name: Run test and build
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          - ubuntu-24.04-arm
+          - macos-14
+          - macos-15
+          - macos-15-intel
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: 'stable'
+
+      - name: Install dependencies
+        run: make dev
+
+      - name: Validate code format
+        run: make check
+
+      - name: Run tests
+        run: make test
+  
+      - name: Build
+        run: make build-fst
@@ -0,0 +1,18 @@
+name: Create GitHub release
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Create a GitHub release
+      uses: softprops/action-gh-release@v2
+      with:
+          generate_release_notes: true
+          draft: false
@@ -0,0 +1,69 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# ScanCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/purl-validator-go for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+GOCMD=go
+GOFMT=gofmt
+GOIMPORTS=goimports
+GOLINT=golangci-lint
+GOFMT_CMD = $(GOFMT) -l .
+GOIMPORTS_CMD = $(GOIMPORTS) -l .
+GOSEC=gosec
+
+build-fst:
+	go run ./cmd/main.go
+
+clean:
+	$(GOCMD) clean
+	rm -rf $(BUILD_DIR)
+
+test:
+	$(GOCMD) test -v
+
+dev:
+	$(GOCMD) install golang.org/x/tools/cmd/goimports@latest
+	$(GOCMD) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	$(GOCMD) install github.com/securego/gosec/v2/cmd/gosec@latest
+	$(GOCMD) mod tidy
+
+gofmt:
+	@echo "-> Apply gofmt code formatter"
+	$(GOFMT) -w .
+
+goimports:
+	@echo "-> Apply goimports changes to ensure proper imports ordering"
+	$(GOIMPORTS) -w .
+
+valid: goimports gofmt
+
+check-gofmt:
+	@echo "-> Running gofmt for code formatting validation..."
+	@files=$$($(GOFMT_CMD)); \
+	if [ -n "$$files" ]; then \
+		echo "The following files are not properly formatted:"; \
+		echo "$$files"; \
+		exit 1; \
+	fi
+
+check-goimports:
+	@echo "-> Running goimports for import ordering validation..."
+	@files=$$($(GOIMPORTS_CMD)); \
+	if [ -n "$$files" ]; then \
+		echo "The following files have incorrect imports:"; \
+		echo "$$files"; \
+		exit 1; \
+	fi
+
+check: check-gofmt check-goimports
+	@echo "\n-> Running golangci-lint for linting..."
+	$(GOLINT) run --issues-exit-code=1 ./...
+	@echo "\n-> Running gosec for security checks..."
+	$(GOSEC) ./...
+
+.PHONY: build-fst clean test dev gofmt goimports valid check-gofmt check-goimports check
@@ -1 +1,82 @@
-# purl-validator-go
+# purlvalidator
+
+[![License](https://img.shields.io/badge/License-Apache--2.0-blue.svg?style=for-the-badge)](https://opensource.org/licenses/Apache-2.0)
+[![Version](https://img.shields.io/github/v/release/aboutcode-org/purlvalidator-go?style=for-the-badge)](https://github.com/aboutcode-org/purlvalidator-go/releases)
+[![Test](https://img.shields.io/github/actions/workflow/status/aboutcode-org/purlvalidator-go/ci.yml?style=for-the-badge&logo=github)](https://github.com/aboutcode-org/purlvalidator-go/actions)
+
+**purlvalidator** is a Go library for validating [Package URLs (PURLs)](https://github.com/package-url/purl-spec). It works fully offline, including in **air-gapped** or **restricted environments**, and answers one key question: **Does the package this PURL represents actually exist?**
+
+## How It Works?
+
+**purlvalidator** is shipped with a pre-built FST (Finite State Transducer), a set of compact automata containing latest Package URLs mined by the MineCode[^1]. Library uses this FST to perform lookups and confirm whether the **base PURL**[^2] exists.
+
+## Currently Supported Ecosystems
+
+- **nuget**: [https://www.nuget.org/](https://www.nuget.org/)
+
+## Usage
+
+Add `purlvalidator` as dependency in your go.mod
+
+```bash
+require github.com/aboutcode-org/purlvalidator-go v0.1.0
+```
+
+Use it in your code like this
+
+```rust
+import "github.com/aboutcode-org/purlvalidator-go"
+
+var result bool = purlvalidator.Validate("pkg:nuget/FluentValidation");
+```
+
+## Contribution
+
+We welcome contributions from the community! If you find a bug or have an idea for a new feature, please open an issue on the GitHub repository. If you want to contribute code, you can fork the repository, make your changes, and submit a pull request.
+
+* Please try to write a good commit message, see [good commit message wiki](https://aboutcode.readthedocs.io/en/latest/contributing/writing_good_commit_messages.html).
+* Add DCO `Sign Off` to your commits.
+
+## Development Setup
+
+Run these commands, starting from a git clone of [https://github.com/aboutcode-org/purl-validator-rust.git](https://github.com/aboutcode-org/purlvalidator-go.git)
+
+Generate FST:
+
+```bash
+make build-fst
+```
+
+Run tests:
+
+```bash
+make test
+```
+
+Fix formatting and linting:
+
+```bash
+make valid
+```
+
+## License
+
+SPDX-License-Identifier: Apache-2.0
+
+purl-validator is licensed under Apache License version 2.0.
+
+```text
+You may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```
+
+[^1]: MineCode continuously collects package metadata from various package ecosystems to maintain an up-to-date catalog of known packages.
+[^2]: A Base Package URL is a Package URL without a version or subpath.