feat: add github actions for deployment automation

Author: flowstate

.github/workflows/docker-stable.yml

@@ -0,0 +1,22 @@
+name: Mark Release as Stable
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to mark as stable (e.g., v1.2.3)'
+        required: true
+
+jobs:
+  stable:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build & Push Stable Docker
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: socketdev/cli:stable
+          build-args: |
+            CLI_VERSION=${{ inputs.version }}

.github/workflows/pr-preview.yml

@@ -0,0 +1,61 @@
+name: PR Preview
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  preview:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Set preview version
+        run: |
+          BASE_VERSION=$(grep -o "__version__.*" socketsecurity/__init__.py | awk '{print $3}' | tr -d "'")
+          echo "VERSION=${BASE_VERSION}.dev${GITHUB_PR_NUMBER}" >> $GITHUB_ENV
+
+      - name: Build package
+        run: |
+          pip install build
+          python -m build
+
+      - name: Publish to Test PyPI
+        uses: pypa/[email protected]
+        with:
+          repository-url: https://test.pypi.org/legacy/
+          password: ${{ secrets.TEST_PYPI_TOKEN }}
+
+      - name: Comment on PR
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const version = process.env.VERSION;
+            const comment = `
+            🚀 Preview package published!
+
+            Install with:
+            \`\`\`bash
+            pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==${version}
+            \`\`\`
+
+            Docker image: \`socketdev/cli:pr-${context.issue.number}\`
+            `;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.name,
+              body: comment
+            })
+
+      - name: Build & Push Docker Preview
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: socketdev/cli:pr-${{ github.event.pull_request.number }}
+          build-args: |
+            CLI_VERSION=${{ env.VERSION }}
+            PIP_INDEX_URL=https://test.pypi.org/simple

.github/workflows/release.yml

@@ -0,0 +1,33 @@
+name: Release
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Build package
+        run: |
+          pip install build
+          python -m build
+
+      - name: Publish to PyPI
+        uses: pypa/[email protected]
+        with:
+          password: ${{ secrets.PYPI_TOKEN }}
+
+      - name: Build & Push Docker
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            socketdev/cli:latest
+            socketdev/cli:${{ github.ref_name }}

.github/workflows/version-check.yml

@@ -0,0 +1,56 @@
+name: Version Check
+on:
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - 'socketsecurity/**'
+      - 'setup.py'
+      - 'pyproject.toml'
+
+jobs:
+  check_version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetch all history for all branches
+
+      - name: Check version increment
+        run: |
+          # Get version from current PR
+          PR_VERSION=$(grep -o "__version__.*" socketsecurity/__init__.py | awk '{print $3}' | tr -d "'")
+
+          # Get version from main branch
+          git checkout origin/main
+          MAIN_VERSION=$(grep -o "__version__.*" socketsecurity/__init__.py | awk '{print $3}' | tr -d "'")
+
+          # Compare versions using Python
+          python3 -c "
+          from packaging import version
+          pr_ver = version.parse('${PR_VERSION}')
+          main_ver = version.parse('${MAIN_VERSION}')
+          if pr_ver <= main_ver:
+              print(f'❌ Version must be incremented! Main: {main_ver}, PR: {pr_ver}')
+              exit(1)
+          print(f'✅ Version properly incremented from {main_ver} to {pr_ver}')
+          "
+
+      - name: Comment on PR if version check fails
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const comment = `
+            ❌ **Version Check Failed**
+
+            Please increment the version number in \`socketsecurity/__init__.py\`.
+            Current version on main: \`${process.env.MAIN_VERSION}\`
+            Your PR version: \`${process.env.PR_VERSION}\`
+            `;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.name,
+              body: comment
+            })

.gitignore

@@ -19,4 +19,5 @@ markdown_security_temp.md
 *.pyc
 test.py
 *.cpython-312.pyc`
-file_generator.py
+file_generator.py
+.env.local

Dockerfile

@@ -1,8 +1,16 @@
 FROM python:3-alpine
 LABEL org.opencontainers.image.authors="socket.dev"
 ARG CLI_VERSION
+ARG PIP_INDEX_URL=https://pypi.org/simple
 RUN apk update \
     && apk add --no-cache git nodejs npm yarn
-RUN pip install socketsecurity --upgrade \
+
+RUN pip install --index-url ${PIP_INDEX_URL} socketsecurity==$CLI_VERSION \
     && socketcli -v \
-    && socketcli -v | grep -q $CLI_VERSION
+    && socketcli -v | grep -q $CLI_VERSION
+
+# !! Uncomment to test local build - requires running `python -m build` first (and correct version number)
+# COPY dist/socketsecurity-1.0.34-py3-none-any.whl /tmp/
+# RUN pip install /tmp/socketsecurity-1.0.34-py3-none-any.whl \
+#     && socketcli -v \
+#     && socketcli -v | grep -q $CLI_VERSION

pyproject.toml

@@ -12,7 +12,6 @@ dependencies = [
     'prettytable',
     'argparse',
     'GitPython',
-    'packaging'
 ]
 readme = "README.md"
 description = "Socket Security CLI for CI/CD"
@@ -32,6 +31,11 @@ classifiers = [
     "Programming Language :: Python :: 3.12",
 ]
 
+[project.optional-dependencies]
+dev = [
+    "packaging"
+]
+
 [project.scripts]
 socketcli = "socketsecurity.socketcli:cli"
 

socketsecurity/__init__.py

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '1.0.32'
+__version__ = '1.0.36'