Vendor Grab

Download gzipped tar files from URLs and extract only selected files to destination paths in current working directory.

Configuration file is in TOML format. Takes a list of vendors that can have multiple files.

[[vendors]]
archive = "https://github.com/csstools/normalize.css/archive/refs/tags/12.0.0.tar.gz"

# Verify the downloaded tar file with this sha256 hash hexdigest.
checksum = "0820f46861766b7aef99ffd1601e61279d399700e1683e7863f9400af068e3ed"

# The dst_checksum is optional. Delete it to always replace dst files from the downloaded tar file.
#dst_checksum = ""

# The strip_components will default to 1. It is the same as --strip-components flag in tar command.
#strip_components = 1

[[vendors.files]]
# The source (src) of the file in the tar (with the first component stripped off
# since it is usually a directory with the version.
src = "normalize.css"
# The destination (dst) is where it extracts the file to.
dst = "vendor/normalize.css/normalize.css"

# It is common to grab any license files and include them along with source
# files.
[[vendors.files]]
src = "LICENSE.md"
dst = "vendor/normalize.css/LICENSE.md"

The created dst files can be committed to source control (git, fossil, etc.) and if the dst_checksum fields are set; it won't needlessly fetch the tar file each time. This also prevents the vendor dst files from being modified without also updating the dst_checksum value.

Install

pip install vendor_grab

Usage

Create a configuration file in TOML format that has 'vendors' list. See example above or the example-vendors.toml file in this project.

Pass the configuration file as the only arg:

vendor_grab example-vendors.toml

View the downloaded files in the 'vendors' directory (if using the example-vendors.toml configuration file).

Why?

The Simplest Thing That Could Possibly Work.

Why use a tool like npm to download some CSS files? That was the main reason I created this script. I did not need all the capability (and potential security holes) that the npm tool provided. I simply wanted to automate getting some vendor files into my git repository and keep them up to date.

Initially this script started off as a messy shell script that used jq, wget, md5sum commands. It also used JSON for the configuration, which isn't great for adding inline comments. It was rewritten in Python to be more compatible and easier to follow.