final PR polish

Author: flowstate

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,5 @@
+Click on the "Preview" tab and select appropriate PR template:
+
+[New Feature](?expand=1&template=feature.md)
+[Bug Fix](?expand=1&template=bug-fix.md)
+[Improvement](?expand=1&template=improvement.md)

.github/PULL_REQUEST_TEMPLATE/bug-fix.md

@@ -0,0 +1,28 @@
+<!--Description: Briefly describe the bug and its impact. If there's a related Linear ticket or Sentry issue, link it here. ⬇️ -->
+
+## Root Cause
+<!-- Concise explanation of what caused the bug ⬇️ -->
+
+
+
+## Fix
+<!-- Explain how your changes address the bug ⬇️ -->
+
+## Public Changelog
+<!-- Write a changelog message between comment tags if this should be included in the public product changelog, Leave blank otherwise. -->
+
+<!-- changelog ⬇️-->
+N/A
+<!-- /changelog ⬆️ -->
+
+## Checklist
+
+- Is PR safe to revert (yes/no)?:
+
+---
+<!-- Add any additional notes, context, or relevant links (RFCs, Slack threads, Linear tickets, etc.) below if needed. -->
+
+
+
+
+<!-- TEMPLATE TYPE DON'T REMOVE: depscan-template-bug-fix -->

.github/PULL_REQUEST_TEMPLATE/feature.md

@@ -0,0 +1,25 @@
+<!-- Description: Briefly describe the new feature you're introducing ⬇️ -->
+
+
+## Why?
+<!-- Explain the motivation behind this feature and its expected benefits ⬇️ -->
+
+
+
+## Public Changelog
+<!-- Write a changelog message between comment tags if this should be included in the public product changelog. -->
+
+<!-- changelog ⬇️-->
+N/A
+<!-- /changelog ⬆️ -->
+
+## Checklist
+
+- Is PR safe to revert (yes/no)?:
+
+---
+<!-- Any other context, screenshots, or specific testing instructions. If there are relevant RFCs, Slack threads, Linear tickets, etc., please link to them here. ⬇️  -->
+
+
+
+<!-- TEMPLATE TYPE DON'T REMOVE: depscan-template-feature -->

.github/PULL_REQUEST_TEMPLATE/improvement.md

@@ -0,0 +1,19 @@
+<!-- Description: Briefly describe the code improvement you're making. This could include things like lint fixes, adding monitoring dashboards, optimizing scripts, refactoring, etc. ⬇️ -->
+
+## Public Changelog
+<!-- Write a changelog message between comment tags if this should be included in the public product changelog. -->
+
+<!-- changelog ⬇️-->
+N/A
+<!-- /changelog ⬆️ -->
+
+## Checklist
+
+- Is PR safe to revert (yes/no)?:
+
+---
+<!-- Any other context, screenshots, or specific testing instructions. If there are relevant RFCs, Slack threads, Linear tickets, etc., please link to them here. ⬇️  -->
+
+
+
+<!-- TEMPLATE TYPE DON'T REMOVE: depscan-template-improvement -->

.python-version

@@ -1 +1 @@
-3.11
+3.12

Dockerfile

@@ -8,7 +8,8 @@ ARG PIP_EXTRA_INDEX_URL=https://pypi.org/simple
 RUN apk update \
     && apk add --no-cache git nodejs npm yarn
 
-# Install CLI first
+# Install CLI and optionally override SDK version
 RUN pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketsecurity==$CLI_VERSION \
-    # Then override SDK version
-    && pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socket-sdk-python==${SDK_VERSION:-latest}
+    && if [ ! -z "$SDK_VERSION" ]; then \
+       pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socket-sdk-python==${SDK_VERSION}; \
+    fi

scripts/build_container.sh

@@ -2,52 +2,98 @@
 VERSION=$(grep -o "__version__.*" socketsecurity/__init__.py | awk '{print $3}' | tr -d "'")
 ENABLE_PYPI_BUILD=$1
 STABLE_VERSION=$2
+
+verify_package() {
+    local version=$1
+    local pip_index=$2
+    echo "Verifying package availability..."
+    
+    for i in $(seq 1 30); do
+        if pip install --index-url $pip_index socketsecurity==$version; then
+            echo "Package $version is now available and installable"
+            pip uninstall -y socketsecurity
+            return 0
+        fi
+        echo "Attempt $i: Package not yet installable, waiting 20s... ($i/30)"
+        sleep 20
+    done
+    
+    echo "Package verification failed after 30 attempts"
+    return 1
+}
+
 echo $VERSION
 if [ -z $ENABLE_PYPI_BUILD ] || [ -z $STABLE_VERSION ]; then
-  echo "$0 pypi-build=enable stable=true"
-  echo "\tpypi-build: Build and publish a new version of the package to pypi. Options are prod or test"
-  echo "\tstable: Only build and publish a new version for the stable docker tag if it has been tested and going on the changelog"
-  exit
+    echo "$0 pypi-build=enable stable=true"
+    echo "\tpypi-build: Build and publish a new version of the package to pypi. Options are prod or test"
+    echo "\tstable: Only build and publish a new version for the stable docker tag if it has been tested and going on the changelog"
+    exit
 fi
 
 if [ $ENABLE_PYPI_BUILD = "pypi-build=prod" ]; then
-  echo "Doing production build"
-  python -m build --wheel --sdist
-  twine upload dist/*$VERSION*
-  sleep 120
-  docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:$VERSION . \
-    && docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:latest . \
-    && docker push socketdev/cli:$VERSION \
-    && docker push socketdev/cli:latest
+    echo "Doing production build"
+    if ! python -m build --wheel --sdist; then
+        echo "Build failed"
+        exit 1
+    fi
+    
+    if ! twine upload dist/*$VERSION*; then
+        echo "Upload to PyPI failed"
+        exit 1
+    fi
+    
+    if ! verify_package $VERSION "https://pypi.org/simple"; then
+        echo "Failed to verify package on PyPI"
+        exit 1
+    fi
+    
+    docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:$VERSION . \
+        && docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:latest . \
+        && docker push socketdev/cli:$VERSION \
+        && docker push socketdev/cli:latest
 fi
 
 if [ $ENABLE_PYPI_BUILD = "pypi-build=test" ]; then
-  echo "Doing test build"
-  python -m build --wheel --sdist
-  twine upload --repository testpypi dist/*$VERSION*
-  sleep 120
-  docker build --no-cache \
-    --build-arg CLI_VERSION=$VERSION \
-    --build-arg PIP_INDEX_URL=https://test.pypi.org/simple \
-    --build-arg PIP_EXTRA_INDEX_URL=https://pypi.org/simple \
-    --platform linux/amd64,linux/arm64 \
-    -t socketdev/cli:$VERSION-test . \
-    && docker build --no-cache \
-    --build-arg CLI_VERSION=$VERSION \
-    --build-arg PIP_INDEX_URL=https://test.pypi.org/simple \
-    --build-arg PIP_EXTRA_INDEX_URL=https://pypi.org/simple \
-    --platform linux/amd64,linux/arm64 \
-    -t socketdev/cli:test . \
-    && docker push socketdev/cli:$VERSION-test \
-    && docker push socketdev/cli:test
+    echo "Doing test build"
+    if ! python -m build --wheel --sdist; then
+        echo "Build failed"
+        exit 1
+    fi
+    
+    if ! twine upload --repository testpypi dist/*$VERSION*; then
+        echo "Upload to TestPyPI failed"
+        exit 1
+    fi
+    
+    if ! verify_package $VERSION "https://test.pypi.org/simple"; then
+        echo "Failed to verify package on TestPyPI"
+        exit 1
+    fi
+    
+    docker build --no-cache \
+        --build-arg CLI_VERSION=$VERSION \
+        --build-arg PIP_INDEX_URL=https://test.pypi.org/simple \
+        --build-arg PIP_EXTRA_INDEX_URL=https://pypi.org/simple \
+        --platform linux/amd64,linux/arm64 \
+        -t socketdev/cli:$VERSION-test . \
+        && docker build --no-cache \
+        --build-arg CLI_VERSION=$VERSION \
+        --build-arg PIP_INDEX_URL=https://test.pypi.org/simple \
+        --build-arg PIP_EXTRA_INDEX_URL=https://pypi.org/simple \
+        --platform linux/amd64,linux/arm64 \
+        -t socketdev/cli:test . \
+        && docker push socketdev/cli:$VERSION-test \
+        && docker push socketdev/cli:test
 fi
 
-
 if [ $STABLE_VERSION = "stable=true" ]; then
     if [ $ENABLE_PYPI_BUILD = "pypi-build=enable" ]; then
-        sleep 120
+        if ! verify_package $VERSION "https://pypi.org/simple"; then
+            echo "Failed to verify package on PyPI"
+            exit 1
+        fi
     fi
     docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:stable . \
-      && docker push socketdev/cli:stable
-  fi
+        && docker push socketdev/cli:stable
+fi
 

scripts/deploy-test-docker.sh

@@ -1,5 +1,9 @@
 #!/bin/sh
 
+# This script builds the Docker image tagged cli:test and cli:$CLI_VERSION-test and pushes them to docker hub
+
+# If CLI Version and/or SDK Version are not provided, it will check TestPyPI for the latest dev versions and use that after asking the user for confirmation
+
 CLI_VERSION=$1
 SDK_VERSION=$2
 

scripts/deploy-test-pypi.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+# This script finds the latest dev version on TestPyPI, increments the dev version, and then uploads the new version to TestPyPI
+
 # Get version from __init__.py
 INIT_FILE="socketsecurity/__init__.py"
 ORIGINAL_VERSION=$(grep -o "__version__.*" $INIT_FILE | awk '{print $3}' | tr -d "'")
@@ -11,8 +13,10 @@ EXISTING_VERSIONS=$(curl -s https://test.pypi.org/pypi/socketsecurity/json | pyt
 import sys, json
 data = json.load(sys.stdin)
 versions = [v for v in data.get('releases', {}).keys() if v.startswith('$ORIGINAL_VERSION.dev')]
+print('Filtered versions:', versions, file=sys.stderr)
 if versions:
     versions.sort(key=lambda x: int(x.split('dev')[1]))
+    print('Sorted versions:', versions, file=sys.stderr)
     print(versions[-1])
 ")
 
@@ -43,10 +47,14 @@ python -m build --wheel --sdist > /dev/null 2>&1
 mv $BACKUP_FILE $INIT_FILE
 
 # Upload to TestPyPI using python -m
-python -m twine upload --repository testpypi dist/*${VERSION}*
-
-echo "Deployed to Test PyPI. Wait a few minutes before installing the new version." 
-echo
-
-echo "New version:"
-echo "${VERSION}"
+if python -m twine upload --repository testpypi dist/*${VERSION}*; then
+    echo
+    echo "Deployed to Test PyPI. Wait a few minutes before installing the new version." 
+    echo
+    echo "New version:"
+    echo "${VERSION}"
+else
+    echo
+    echo "Failed to deploy to Test PyPI"
+    exit 1
+fi