about to refactor Package

Author: flowstate

Dockerfile

@@ -1,12 +1,14 @@
 FROM python:3-alpine
 LABEL org.opencontainers.image.authors="socket.dev"
 ARG CLI_VERSION
+ARG SDK_VERSION
 ARG PIP_INDEX_URL=https://pypi.org/simple
 ARG PIP_EXTRA_INDEX_URL=https://pypi.org/simple
 
 RUN apk update \
     && apk add --no-cache git nodejs npm yarn
 
+# Install CLI first
 RUN pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketsecurity==$CLI_VERSION \
-    && socketcli -v \
-    && socketcli -v | grep -q $CLI_VERSION
+    # Then override SDK version
+    && pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socket-sdk-python==${SDK_VERSION:-latest}

pyproject.toml

@@ -13,7 +13,7 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv', 
-    'socket-sdk-python>=2.0.2'
+    'socket-sdk-python>=2.0.4'
 ]
 readme = "README.md"
 description = "Socket Security CLI for CI/CD"

scripts/build_container.sh

@@ -26,8 +26,18 @@ if [ $ENABLE_PYPI_BUILD = "pypi-build=test" ]; then
   python -m build --wheel --sdist
   twine upload --repository testpypi dist/*$VERSION*
   sleep 120
-  docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:$VERSION-test . \
-    && docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:test . \
+  docker build --no-cache \
+    --build-arg CLI_VERSION=$VERSION \
+    --build-arg PIP_INDEX_URL=https://test.pypi.org/simple \
+    --build-arg PIP_EXTRA_INDEX_URL=https://pypi.org/simple \
+    --platform linux/amd64,linux/arm64 \
+    -t socketdev/cli:$VERSION-test . \
+    && docker build --no-cache \
+    --build-arg CLI_VERSION=$VERSION \
+    --build-arg PIP_INDEX_URL=https://test.pypi.org/simple \
+    --build-arg PIP_EXTRA_INDEX_URL=https://pypi.org/simple \
+    --platform linux/amd64,linux/arm64 \
+    -t socketdev/cli:test . \
     && docker push socketdev/cli:$VERSION-test \
     && docker push socketdev/cli:test
 fi

scripts/deploy-test-docker.sh

@@ -0,0 +1,63 @@
+#!/bin/sh
+
+CLI_VERSION=$1
+SDK_VERSION=$2
+
+get_latest_version() {
+    package=$1
+    curl -s https://test.pypi.org/pypi/$package/json | python -c "
+import sys, json
+data = json.load(sys.stdin)
+versions = list(data.get('releases', {}).keys())
+versions.sort(key=lambda x: (
+    x.split('.dev')[0],
+    int(x.split('.dev')[1]) if '.dev' in x else 0
+))
+print(versions[-1] if versions else '')
+"
+}
+
+if [ -z "$CLI_VERSION" ]; then
+    echo "No CLI version specified, checking TestPyPI for latest version..."
+    CLI_VERSION=$(get_latest_version "socketsecurity")
+    echo "Latest CLI version on TestPyPI is: $CLI_VERSION"
+fi
+
+if [ -z "$SDK_VERSION" ]; then
+    echo "No SDK version specified, checking TestPyPI for latest version..."
+    SDK_VERSION=$(get_latest_version "socket-sdk-python")
+    echo "Latest SDK version on TestPyPI is: $SDK_VERSION"
+fi
+
+echo -n "Deploy with CLI=$CLI_VERSION and SDK=$SDK_VERSION? (y/n): "
+read answer
+
+case $answer in
+    [Yy]* ) ;;
+    * ) echo "Aborted."; exit;;
+esac
+
+echo "Building and pushing Docker image..."
+docker build --no-cache \
+    --build-arg CLI_VERSION=$CLI_VERSION \
+    --build-arg SDK_VERSION=$SDK_VERSION \
+    --build-arg PIP_INDEX_URL=https://test.pypi.org/simple \
+    --build-arg PIP_EXTRA_INDEX_URL=https://pypi.org/simple \
+    --platform linux/amd64,linux/arm64 \
+    -t socketdev/cli:$CLI_VERSION-test . \
+    && docker build --no-cache \
+    --build-arg CLI_VERSION=$CLI_VERSION \
+    --build-arg SDK_VERSION=$SDK_VERSION \
+    --build-arg PIP_INDEX_URL=https://test.pypi.org/simple \
+    --build-arg PIP_EXTRA_INDEX_URL=https://pypi.org/simple \
+    --platform linux/amd64,linux/arm64 \
+    -t socketdev/cli:test . \
+    && docker push socketdev/cli:$CLI_VERSION-test \
+    && docker push socketdev/cli:test
+
+if [ $? -eq 0 ]; then
+    echo "Successfully deployed version $CLI_VERSION"
+else
+    echo "Failed to deploy version $CLI_VERSION"
+    exit 1
+fi 

scripts/deploy-test-pypi.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# Get version from __init__.py
+INIT_FILE="socketsecurity/__init__.py"
+ORIGINAL_VERSION=$(grep -o "__version__.*" $INIT_FILE | awk '{print $3}' | tr -d "'")
+BACKUP_FILE="${INIT_FILE}.bak"
+
+# Get existing versions from TestPyPI
+echo "Checking existing versions on TestPyPI..."
+EXISTING_VERSIONS=$(curl -s https://test.pypi.org/pypi/socketsecurity/json | python -c "
+import sys, json
+data = json.load(sys.stdin)
+versions = [v for v in data.get('releases', {}).keys() if v.startswith('$ORIGINAL_VERSION.dev')]
+if versions:
+    versions.sort(key=lambda x: int(x.split('dev')[1]))
+    print(versions[-1])
+")
+
+# Determine new version
+if [ -z "$EXISTING_VERSIONS" ]; then
+    VERSION="${ORIGINAL_VERSION}.dev1"
+    echo "No existing dev versions found. Using ${VERSION}"
+else
+    LAST_DEV_NUM=$(echo $EXISTING_VERSIONS | grep -o 'dev[0-9]*' | grep -o '[0-9]*')
+    NEXT_DEV_NUM=$((LAST_DEV_NUM + 1))
+    VERSION="${ORIGINAL_VERSION}.dev${NEXT_DEV_NUM}"
+    echo "Found existing version ${EXISTING_VERSIONS}. Using ${VERSION}"
+fi
+
+echo "Deploying version ${VERSION} to Test PyPI"
+
+# Backup original __init__.py
+cp $INIT_FILE $BACKUP_FILE
+
+# Update version in __init__.py
+sed -i.tmp "s/__version__ = '${ORIGINAL_VERSION}'/__version__ = '${VERSION}'/" $INIT_FILE
+rm "${INIT_FILE}.tmp"
+
+# Build and upload to test PyPI
+python -m build --wheel --sdist > /dev/null 2>&1
+
+# Restore original __init__.py
+mv $BACKUP_FILE $INIT_FILE
+
+# Upload to TestPyPI using python -m
+python -m twine upload --repository testpypi dist/*${VERSION}*
+
+echo "Deployed to Test PyPI. Wait a few minutes before installing the new version." 
+echo
+
+echo "New version:"
+echo "${VERSION}"

scripts/run.sh

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '2.0.0'
+__version__ = '2.0.2'

socketsecurity/__init__.py

@@ -40,13 +40,18 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig':
         # Get API token from env or args
         api_token = os.getenv("SOCKET_SECURITY_API_KEY") or args.api_token
 
+        # Strip quotes from commit message if present
+        commit_message = args.commit_message
+        if commit_message and commit_message.startswith('"') and commit_message.endswith('"'):
+            commit_message = commit_message[1:-1]
+
         config_args = {
             'api_token': api_token,
             'repo': args.repo,
             'branch': args.branch,
             'committers': args.committers,
             'pr_number': args.pr_number,
-            'commit_message': args.commit_message,
+            'commit_message': commit_message,
             'default_branch': args.default_branch,
             'target_path': args.target_path,
             'scm': args.scm,

socketsecurity/config.py

@@ -11,6 +11,7 @@
 from socketdev.fullscans import (
     FullScanParams,
     SocketArtifact,
+    DiffArtifact,
 )
 from socketdev.org import Organization
 from socketdev.repos import RepositoryInfo
@@ -312,25 +313,64 @@ def get_added_and_removed_packages(self, head_full_scan: Optional[FullScan], new
         """
         if head_full_scan is None:
             # First scan - all packages are new, none removed
+            log.info(f"No head scan found. New scan ID: {new_full_scan.id}")
             return new_full_scan.packages, {}
 
         # Normal case - compare scans
+        log.info(f"Comparing scans - Head scan ID: {head_full_scan.id}, New scan ID: {new_full_scan.id}")
         diff_report = self.sdk.fullscans.stream_diff(self.config.org_slug, head_full_scan.id, new_full_scan.id).data
-        added_artifacts = diff_report.artifacts.added
-        removed_artifacts = diff_report.artifacts.removed
+        
+        # Debug output for artifact counts
+        log.info(f"Diff report artifact counts:")
+        log.info(f"Added: {len(diff_report.artifacts.added)}")
+        log.info(f"Removed: {len(diff_report.artifacts.removed)}")
+        log.info(f"Unchanged: {len(diff_report.artifacts.unchanged)}")
+        log.info(f"Replaced: {len(diff_report.artifacts.replaced)}")
+        log.info(f"Updated: {len(diff_report.artifacts.updated)}")
+
+        added_artifacts = diff_report.artifacts.added + diff_report.artifacts.updated
+        removed_artifacts = diff_report.artifacts.removed + diff_report.artifacts.replaced
 
         added_packages: Dict[str, Package] = {}
         removed_packages: Dict[str, Package] = {}
 
         for artifact in added_artifacts:
-            # Get the full package data from new_full_scan
-            pkg = new_full_scan.packages[artifact.id]
-            added_packages[artifact.id] = Package(**asdict(pkg))
+            try:
+                # Get the full package data from new_full_scan
+                pkg = new_full_scan.packages[artifact.id]
+                added_packages[artifact.id] = Package(**asdict(pkg))
+            except KeyError:
+                # Debug output to find matching packages
+                log.error(f"KeyError: Could not find added artifact {artifact.id} in new_full_scan")
+                log.error(f"Artifact details - name: {artifact.name}, version: {artifact.version}")
+                # Look for packages with matching name/version
+                matches = [p for p in new_full_scan.packages.values() 
+                          if p.name == artifact.name and p.version == artifact.version]
+                if matches:
+                    log.error(f"Found {len(matches)} packages with matching name/version:")
+                    for m in matches:
+                        log.error(f"  ID: {m.id}, name: {m.name}, version: {m.version}")
+                else:
+                    log.error("No matching packages found in new_full_scan")
 
         for artifact in removed_artifacts:
-            # Get the full package data from head_full_scan
-            pkg = head_full_scan.packages[artifact.id]
-            removed_packages[artifact.id] = Package(**asdict(pkg))
+            try:
+                # Get the full package data from head_full_scan
+                pkg = head_full_scan.packages[artifact.id]
+                removed_packages[artifact.id] = Package(**asdict(pkg))
+            except KeyError:
+                # Debug output to find matching packages
+                log.error(f"KeyError: Could not find removed artifact {artifact.id} in head_full_scan")
+                log.error(f"Artifact details - name: {artifact.name}, version: {artifact.version}")
+                # Look for packages with matching name/version
+                matches = [p for p in head_full_scan.packages.values() 
+                          if p.name == artifact.name and p.version == artifact.version]
+                if matches:
+                    log.error(f"Found {len(matches)} packages with matching name/version:")
+                    for m in matches:
+                        log.error(f"  ID: {m.id}, name: {m.name}, version: {m.version}")
+                else:
+                    log.error("No matching packages found in head_full_scan")
 
         return added_packages, removed_packages
 

socketsecurity/core/__init__.py

@@ -1,6 +1,6 @@
 import json
 from dataclasses import dataclass, field
-from typing import Dict, List, TypedDict
+from typing import Dict, List, TypedDict, Any
 
 from socketdev.fullscans import FullScanMetadata, SocketArtifact
 
@@ -393,8 +393,6 @@ def to_dict(self) -> dict:
         }
 
 
-
-
 class GithubComment:
     url: str
     html_url: str