yml, npm, gitmodules, foundry, npm features added

Author: NehharShah

.github/workflows/sbom.yml

@@ -0,0 +1,60 @@
+name: SBOM fetcher
+
+on:
+  workflow_dispatch:
+    inputs:
+      only:
+        description: "Owner prefix filter, e.g. opensource-observer/"
+        required: false
+        default: ""
+      limit:
+        description: "Limit number of repos to process (0 = all)"
+        required: false
+        default: "0"
+      incremental:
+        description: "Skip unchanged repos"
+        required: false
+        default: "true"
+  schedule:
+    - cron: "0 7 * * *"  # daily at 07:00 UTC
+
+concurrency:
+  group: sbom-fetcher
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Run SBOM fetcher
+        env:
+          OSO_API_KEY: ${{ secrets.OSO_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          python scripts/sbom_fetcher.py \
+            --output-dir data/sbom \
+            $([ "${{ github.event.inputs.incremental || true }}" = "true" ] && echo "--incremental") \
+            --only "${{ github.event.inputs.only || '' }}" \
+            --limit ${{ github.event.inputs.limit || 0 }}
+
+      - name: Commit and push results
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: "SBOM: snapshots and events"
+          file_pattern: data/sbom/**

.gitignore

@@ -205,3 +205,8 @@ cython_debug/
 marimo/_static/
 marimo/_lsp/
 __marimo__/
+
+
+*.parquet
+data/
+!.gitkeep

README.md

@@ -13,11 +13,11 @@ export OSO_API_KEY="<your_api_key>"
 # optional for higher clone rate limits
 export GITHUB_TOKEN="<your_gh_pat>"
 
-# Small test run (default limit applies if no --only)
+# Small smoke test run (default limit applies if no --only) to test setup end to end without assuming any specfic owner
 ./.venv/bin/python scripts/sbom_fetcher.py --output-dir data/sbom --incremental
 
-# Focused owner run (no default limit when --only is provided)
-./.venv/bin/python scripts/sbom_fetcher.py --output-dir data/sbom --only opensource-observer/ --limit 0 --incremental
+# Focused owner run (no default limit when --only is provided) to test the actual OSO scoped command
+./.venv/bin/python scripts/sbom_fetcher.py --output-dir data/sbom --only opensource-observer/ --limit 0
 
 # Source the deactivate script:
 source .venv/bin/deactivate