autopkg-wrapper 2025.11.1__py3-none-any.whl → 2026.2.2__py3-none-any.whl

autopkg_wrapper/autopkg_wrapper.py

@@ -4,6 +4,7 @@ import logging
 import plistlib
 import subprocess
 import sys
+from concurrent.futures import ThreadPoolExecutor, as_completed
 from datetime import datetime
 from itertools import chain
 from pathlib import Path
@@ -12,6 +13,7 @@ import autopkg_wrapper.utils.git_functions as git
 from autopkg_wrapper.notifier import slack
 from autopkg_wrapper.utils.args import setup_args
 from autopkg_wrapper.utils.logging import setup_logger
+from autopkg_wrapper.utils.report_processor import process_reports
 
 
 class Recipe(object):
@@ -94,7 +96,7 @@ class Recipe(object):
             self.results["failed"] = True
             self.results["imported"] = ""
         else:
-            report_dir = Path("/tmp/autopkg")
+            report_dir = Path("/private/tmp/autopkg")
             report_time = datetime.now().strftime("%Y-%m-%dT%H-%M-%S")
             report_name = Path(f"{self.name}-{report_time}.plist")
 
@@ -358,31 +360,50 @@ def main():
 
     failed_recipes = []
 
-    for recipe in recipe_list:
-        logging.info(f"Processing Recipe: {recipe.name}")
+    # Run recipes concurrently using a thread pool to parallelize subprocess calls
+    max_workers = max(1, int(getattr(args, "concurrency", 1)))
+    logging.info(f"Running recipes with concurrency={max_workers}")
+
+    def run_one(r: Recipe):
+        logging.info(f"Processing Recipe: {r.name}")
         process_recipe(
-            recipe=recipe,
+            recipe=r,
             disable_recipe_trust_check=args.disable_recipe_trust_check,
             args=args,
         )
+        # Git updates and notifications are applied serially after all recipes finish
+        return r
+
+    with ThreadPoolExecutor(max_workers=max_workers) as executor:
+        futures = [executor.submit(run_one, r) for r in recipe_list]
+        for fut in as_completed(futures):
+            r = fut.result()
+            if r.error or r.results.get("failed"):
+                failed_recipes.append(r)
+
+    # Apply git updates serially to avoid branch/commit conflicts when concurrency > 1
+    for r in recipe_list:
         update_recipe_repo(
             git_info=override_repo_info,
-            recipe=recipe,
+            recipe=r,
             disable_recipe_trust_check=args.disable_recipe_trust_check,
             args=args,
         )
-        slack.send_notification(
-            recipe=recipe, token=args.slack_token
-        ) if args.slack_token else None
-
-        if recipe.error or recipe.results.get("failed"):
-            failed_recipes.append(recipe)
 
-    recipe.pr_url = (
-        git.create_pull_request(git_info=override_repo_info, recipe=recipe)
-        if args.create_pr
-        else None
-    )
+    # Send notifications serially to simplify rate limiting and ordering
+    if args.slack_token:
+        for r in recipe_list:
+            slack.send_notification(recipe=r, token=args.slack_token)
+
+    # Optionally open a PR for updated trust information
+    if args.create_pr and recipe_list:
+        # Choose a representative recipe for the PR title/body
+        rep_recipe = next(
+            (r for r in recipe_list if r.updated is True or r.verified is False),
+            recipe_list[0],
+        )
+        pr_url = git.create_pull_request(git_info=override_repo_info, recipe=rep_recipe)
+        logging.info(f"Created Pull Request for trust info updates: {pr_url}")
 
     # Create GitHub issue for failed recipes
     if args.create_issues and failed_recipes and args.github_token:
@@ -390,3 +411,20 @@ def main():
             git_info=override_repo_info, failed_recipes=failed_recipes
         )
         logging.info(f"Created GitHub issue for failed recipes: {issue_url}")
+
+    # Optionally process reports after running recipes
+    if getattr(args, "process_reports", False):
+        rc = process_reports(
+            zip_file=getattr(args, "reports_zip", None),
+            extract_dir=getattr(
+                args, "reports_extract_dir", "autopkg_reports_summary/reports"
+            ),
+            reports_dir=(getattr(args, "reports_dir", None) or "/private/tmp/autopkg"),
+            environment="",
+            run_date=getattr(args, "reports_run_date", ""),
+            out_dir=getattr(args, "reports_out_dir", "autopkg_reports_summary/summary"),
+            debug=bool(getattr(args, "debug", False)),
+            strict=bool(getattr(args, "reports_strict", False)),
+        )
+        if rc:
+            sys.exit(rc)

autopkg_wrapper/utils/args.py

@@ -90,6 +90,12 @@ def setup_args():
             If this option is used, git commands won't be run
             """,
     )
+    parser.add_argument(
+        "--concurrency",
+        type=int,
+        default=int(os.getenv("AW_CONCURRENCY", "1")),
+        help="Number of recipes to run in parallel (default: 1)",
+    )
     parser.add_argument(
         "--slack-token",
         default=os.getenv("SLACK_WEBHOOK_TOKEN", None),
@@ -144,4 +150,41 @@ def setup_args():
         """,
     )
 
+    # Report processing options
+    parser.add_argument(
+        "--process-reports",
+        action="store_true",
+        help="Process autopkg report directories or zip and emit markdown summaries",
+    )
+    parser.add_argument(
+        "--reports-zip",
+        default=os.getenv("AW_REPORTS_ZIP", None),
+        help="Path to an autopkg_report-*.zip to extract and process",
+    )
+    parser.add_argument(
+        "--reports-extract-dir",
+        default=os.getenv("AW_REPORTS_EXTRACT_DIR", "autopkg_reports_summary/reports"),
+        help="Directory to extract the zip into (default: autopkg_reports_summary/reports)",
+    )
+    parser.add_argument(
+        "--reports-dir",
+        default=os.getenv("AW_REPORTS_DIR", None),
+        help="Directory of reports to process (if no zip provided)",
+    )
+    parser.add_argument(
+        "--reports-out-dir",
+        default=os.getenv("AW_REPORTS_OUT_DIR", "autopkg_reports_summary/summary"),
+        help="Directory to write markdown outputs (default: autopkg_reports_summary/summary)",
+    )
+    parser.add_argument(
+        "--reports-run-date",
+        default=os.getenv("AW_REPORTS_RUN_DATE", ""),
+        help="Run date string to include in the summary",
+    )
+    parser.add_argument(
+        "--reports-strict",
+        action="store_true",
+        help="Exit non-zero if any errors are detected in processed reports",
+    )
+
     return parser.parse_args()

autopkg_wrapper/utils/report_processor.py

@@ -0,0 +1,674 @@
+import json
+import logging
+import os
+import plistlib
+import re
+import zipfile
+from typing import Dict, List, Optional, Tuple
+
+
+def find_report_dirs(base_path: str) -> List[str]:
+    dirs: List[str] = []
+    if not os.path.exists(base_path):
+        return dirs
+    for root, subdirs, _files in os.walk(base_path):
+        for d in subdirs:
+            if d.startswith("autopkg_report-"):
+                dirs.append(os.path.join(root, d))
+    if not dirs:
+        try:
+            has_files = any(
+                os.path.isfile(os.path.join(base_path, f))
+                for f in os.listdir(base_path)
+            )
+        except FileNotFoundError:
+            has_files = False
+        if has_files:
+            dirs.append(base_path)
+    return sorted(dirs)
+
+
+def parse_json_file(path: str) -> Dict:
+    try:
+        with open(path, "r", encoding="utf-8") as f:
+            return json.load(f)
+    except Exception:
+        return {}
+
+
+def _infer_recipe_name_from_filename(path: str) -> str:
+    base = os.path.basename(path)
+    if base.endswith(".plist"):
+        base = base[:-6]
+    m = re.search(r"-(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2})$", base)
+    if m:
+        return base[: m.start()]
+    return base
+
+
+def parse_text_file(path: str) -> Dict[str, List]:
+    uploads: List[Dict] = []
+    policies: List[Dict] = []
+    errors: List[str] = []
+
+    re_error = re.compile(r"ERROR[:\s-]+(.+)", re.IGNORECASE)
+    re_upload = re.compile(
+        r"(Uploaded|Upload|Uploading)[^\n]*?(?P<name>[A-Za-z0-9 ._+\-]+)(?:[^\n]*?version[^\d]*(?P<version>\d+(?:\.\d+)+))?",
+        re.IGNORECASE,
+    )
+    re_policy = re.compile(r"Policy (created|updated):\s*(?P<name>.+)", re.IGNORECASE)
+
+    try:
+        with open(path, "r", encoding="utf-8", errors="ignore") as f:
+            for line in f:
+                m_err = re_error.search(line)
+                if m_err:
+                    errors.append(m_err.group(1).strip())
+                    continue
+
+                m_up = re_upload.search(line)
+                if m_up:
+                    uploads.append(
+                        {
+                            "name": (m_up.group("name") or "").strip(),
+                            "version": (m_up.group("version") or "-") or "-",
+                        }
+                    )
+                    continue
+
+                m_pol = re_policy.search(line)
+                if m_pol:
+                    action = "updated" if "updated" in line.lower() else "created"
+                    policies.append(
+                        {
+                            "name": m_pol.group("name").strip(),
+                            "action": action,
+                        }
+                    )
+    except Exception:
+        pass
+
+    return {"uploads": uploads, "policies": policies, "errors": errors}
+
+
+def parse_plist_file(path: str) -> Dict[str, List]:
+    uploads: List[Dict] = []
+    policies: List[Dict] = []
+    errors: List[str] = []
+    upload_rows: List[Dict] = []
+    policy_rows: List[Dict] = []
+    error_rows: List[Dict] = []
+
+    try:
+        with open(path, "rb") as f:
+            plist = plistlib.load(f)
+    except Exception:
+        return {
+            "uploads": uploads,
+            "policies": policies,
+            "errors": errors,
+            "upload_rows": upload_rows,
+            "policy_rows": policy_rows,
+            "error_rows": error_rows,
+        }
+
+    failures = plist.get("failures", []) or []
+
+    sr = plist.get("summary_results", {}) or {}
+
+    recipe_name = _infer_recipe_name_from_filename(path)
+    recipe_identifier: Optional[str] = None
+
+    jpu = sr.get("jamfpackageuploader_summary_result")
+    if isinstance(jpu, dict):
+        rows = jpu.get("data_rows") or []
+        for row in rows:
+            name = (row.get("name") or row.get("pkg_display_name") or "-").strip()
+            version = (row.get("version") or "-").strip()
+            uploads.append({"name": name, "version": version})
+            pkg_name = (
+                row.get("pkg_name") or row.get("pkg_display_name") or "-"
+            ).strip()
+            pkg_path = (row.get("pkg_path") or "").strip()
+            if pkg_path:
+                parts = pkg_path.split("/cache/")
+                if len(parts) > 1:
+                    after = parts[1]
+                    rid = after.split("/")[0]
+                    recipe_identifier = rid or recipe_identifier
+            upload_rows.append(
+                {
+                    "recipe_name": recipe_name,
+                    "recipe_identifier": recipe_identifier or "-",
+                    "package": pkg_name,
+                    "version": version or "-",
+                }
+            )
+
+    for key, block in sr.items():
+        if not isinstance(block, dict):
+            continue
+        hdr = [h.lower() for h in (block.get("header") or [])]
+        rows = block.get("data_rows") or []
+        summary_text = (block.get("summary_text") or "").lower()
+        looks_like_policy = (
+            "policy" in key.lower()
+            or "policy" in summary_text
+            or any("policy" in h for h in hdr)
+        )
+        if looks_like_policy and rows:
+            for row in rows:
+                name = row.get("policy_name") or row.get("name") or row.get("title")
+                action = row.get("action") or row.get("status") or row.get("result")
+                if name:
+                    policies.append(
+                        {
+                            "name": str(name).strip(),
+                            "action": (str(action).strip() if action else "-"),
+                        }
+                    )
+                    policy_rows.append(
+                        {
+                            "recipe_name": recipe_name,
+                            "recipe_identifier": recipe_identifier or "-",
+                            "policy": str(name).strip(),
+                        }
+                    )
+
+    for fail in failures:
+        if isinstance(fail, dict):
+            msg = fail.get("message") or json.dumps(fail)
+            rec = fail.get("recipe") or recipe_name
+        else:
+            msg = str(fail)
+            rec = recipe_name
+        errors.append(msg)
+        error_rows.append(
+            {
+                "recipe_name": rec,
+                "error_type": _classify_error_simple(msg),
+            }
+        )
+
+    return {
+        "uploads": uploads,
+        "policies": policies,
+        "errors": errors,
+        "upload_rows": upload_rows,
+        "policy_rows": policy_rows,
+        "error_rows": error_rows,
+    }
+
+
+def aggregate_reports(base_path: str) -> Dict:
+    summary = {
+        "uploads": [],
+        "policies": [],
+        "errors": [],
+        "recipes": 0,
+        "upload_rows": [],
+        "policy_rows": [],
+        "error_rows": [],
+    }
+    report_dirs = find_report_dirs(base_path)
+
+    for repdir in report_dirs:
+        for root, _subdirs, files in os.walk(repdir):
+            for fn in files:
+                p = os.path.join(root, fn)
+                ext = os.path.splitext(fn)[1].lower()
+
+                if ext == ".plist":
+                    data = parse_plist_file(p)
+                    summary["uploads"] += data.get("uploads", [])
+                    summary["policies"] += data.get("policies", [])
+                    summary["errors"] += data.get("errors", [])
+                    summary["upload_rows"] += data.get("upload_rows", [])
+                    summary["policy_rows"] += data.get("policy_rows", [])
+                    summary["error_rows"] += data.get("error_rows", [])
+                    summary["recipes"] += 1
+                elif ext == ".json":
+                    data = parse_json_file(p)
+                    if not data:
+                        continue
+                    if isinstance(data, dict):
+                        uploads = data.get("uploads")
+                        policies = data.get("policies")
+                        errors = data.get("errors")
+                        recipes = data.get("recipes")
+                        if isinstance(uploads, list):
+                            summary["uploads"] += uploads
+                        if isinstance(policies, list):
+                            summary["policies"] += policies
+                        if isinstance(errors, list):
+                            summary["errors"] += errors
+                        if isinstance(errors, list):
+                            for e in errors:
+                                if isinstance(e, dict):
+                                    rn = e.get("recipe") or "-"
+                                    msg = e.get("message") or json.dumps(e)
+                                    summary["error_rows"].append(
+                                        {
+                                            "recipe_name": rn,
+                                            "error_type": _classify_error_simple(
+                                                str(msg)
+                                            ),
+                                        }
+                                    )
+                        if isinstance(recipes, int):
+                            summary["recipes"] += recipes
+                else:
+                    data = parse_text_file(p)
+                    summary["uploads"] += data.get("uploads", [])
+                    summary["policies"] += data.get("policies", [])
+                    summary["errors"] += data.get("errors", [])
+
+    return summary
+
+
+# ---------- Rendering ----------
+
+
+def _aggregate_for_display(
+    summary: Dict,
+) -> Tuple[Dict[str, set], Dict[str, set], Dict[str, int]]:
+    uploads = summary.get("uploads", [])
+    policies = summary.get("policies", [])
+    errors = summary.get("errors", [])
+
+    def plausible_app_name(n: str) -> bool:
+        if not n or n == "-":
+            return False
+        if n.lower() in {"apps", "packages", "pkg", "file", "37"}:
+            return False
+        if not re.search(r"[A-Za-z]", n):
+            return False
+        return True
+
+    uploads_by_app: Dict[str, set] = {}
+    for u in uploads:
+        if isinstance(u, dict):
+            name = (u.get("name") or "-").strip()
+            ver = (u.get("version") or "-").strip()
+        else:
+            name = str(u).strip()
+            ver = "-"
+        if not plausible_app_name(name):
+            name = "-"
+        uploads_by_app.setdefault(name, set()).add(ver)
+
+    policies_by_name: Dict[str, set] = {}
+    for p in policies:
+        if isinstance(p, dict):
+            name = (p.get("name") or "-").strip()
+            action = (p.get("action") or "-").strip()
+        else:
+            name = str(p).strip()
+            action = "-"
+        policies_by_name.setdefault(name, set()).add(action)
+
+    error_categories: Dict[str, int] = {
+        "trust": 0,
+        "signature": 0,
+        "download": 0,
+        "network": 0,
+        "auth": 0,
+        "jamf": 0,
+        "other": 0,
+    }
+
+    def classify_error(msg: str) -> str:
+        lm = msg.lower()
+        if "trust" in lm:
+            return "trust"
+        if "signature" in lm or "codesign" in lm:
+            return "signature"
+        if "download" in lm or "fetch" in lm:
+            return "download"
+        if (
+            "proxy" in lm
+            or "timeout" in lm
+            or "network" in lm
+            or "url" in lm
+            or "dns" in lm
+        ):
+            return "network"
+        if (
+            "auth" in lm
+            or "token" in lm
+            or "permission" in lm
+            or "401" in lm
+            or "403" in lm
+        ):
+            return "auth"
+        if "jamf" in lm or "policy" in lm:
+            return "jamf"
+        return "other"
+
+    for e in errors:
+        emsg = e if isinstance(e, str) else json.dumps(e)
+        cat = classify_error(emsg)
+        error_categories[cat] = error_categories.get(cat, 0) + 1
+
+    return uploads_by_app, policies_by_name, error_categories
+
+
+def render_job_summary(summary: Dict, environment: str, run_date: str) -> str:
+    lines: List[str] = []
+    title_bits: List[str] = []
+    if environment:
+        title_bits.append(environment)
+    if run_date:
+        title_bits.append(run_date)
+    if title_bits:
+        lines.append(f"# Autopkg Report Summary ({' '.join(title_bits)})")
+    else:
+        lines.append("# Autopkg Report Summary")
+    lines.append("")
+
+    total_uploads_raw = len(summary.get("uploads", []))
+    uploads_by_app, policies_by_name, error_categories = _aggregate_for_display(summary)
+    total_uploads_apps = len(uploads_by_app)
+    total_policies = len(policies_by_name)
+    total_errors = len(summary.get("errors", []))
+    recipes = summary.get("recipes") or "N/A"
+
+    lines.append("| Metric | Value |")
+    lines.append("| --- | --- |")
+    lines.append(f"| Recipes processed | {recipes} |")
+    lines.append(
+        f"| Apps uploaded | {total_uploads_apps} (items: {total_uploads_raw}) |"
+    )
+    lines.append(f"| Policies changed | {total_policies} |")
+    lines.append(f"| Errors | {total_errors} |")
+    lines.append("")
+
+    if summary.get("upload_rows"):
+        lines.append("## Uploaded Recipes")
+        lines.append("")
+        lines.append("| Recipe Name | Identifier | Package | Version |")
+        lines.append("| --- | --- | --- | --- |")
+        for row in sorted(
+            summary["upload_rows"], key=lambda r: str(r.get("recipe_name", "")).lower()
+        ):
+            pkg = row.get("package", "-")
+            pkg_url = row.get("package_url")
+            pkg_cell = f"[{pkg}]({pkg_url})" if pkg_url else pkg
+            lines.append(
+                f"| {row.get('recipe_name', '-')} | {row.get('recipe_identifier', '-')} | {pkg_cell} | {row.get('version', '-')} |"
+            )
+        lines.append("")
+    else:
+        lines.append("No uploads in this run.")
+        lines.append("")
+
+    if summary.get("policy_rows"):
+        lines.append("## Policy Recipes")
+        lines.append("")
+        lines.append("| Recipe Name | Identifier | Policy |")
+        lines.append("| --- | --- | --- |")
+        for row in sorted(
+            summary["policy_rows"], key=lambda r: str(r.get("recipe_name", "")).lower()
+        ):
+            lines.append(
+                f"| {row.get('recipe_name', '-')} | {row.get('recipe_identifier', '-')} | {row.get('policy', '-')} |"
+            )
+        lines.append("")
+
+    if total_errors:
+        lines.append("## Errors Summary")
+        lines.append("")
+        lines.append("| Category | Count |")
+        lines.append("| --- | --- |")
+        for cat in [
+            "trust",
+            "signature",
+            "download",
+            "network",
+            "auth",
+            "jamf",
+            "other",
+        ]:
+            lines.append(f"| {cat} | {error_categories.get(cat, 0)} |")
+        lines.append("")
+
+    return "\n".join(lines)
+
+
+def render_issue_body(summary: Dict, environment: str, run_date: str) -> str:
+    lines: List[str] = []
+    total_errors = len(summary.get("errors", []))
+    _uploads_by_app, _policies_by_name, _error_categories = _aggregate_for_display(
+        summary
+    )
+
+    prefix = "Autopkg run"
+    suffix_bits: List[str] = []
+    if run_date:
+        suffix_bits.append(f"on {run_date}")
+    if environment:
+        suffix_bits.append(f"({environment})")
+    suffix = (" ".join(suffix_bits)).strip()
+    if suffix:
+        lines.append(f"{prefix} {suffix} reported {total_errors} error(s).")
+    else:
+        lines.append(f"{prefix} reported {total_errors} error(s).")
+    lines.append("")
+    lines.append("### Errors")
+    lines.append("| Recipe | Error Type |")
+    lines.append("| --- | --- |")
+    for row in summary.get("error_rows", []):
+        lines.append(
+            f"| {row.get('recipe_name', '-')} | {row.get('error_type', 'other')} |"
+        )
+
+    lines.append("")
+
+    return "\n".join(lines)
+
+
+# ---------- Utility ----------
+
+
+def _redact_sensitive(s: str) -> str:
+    s = re.sub(r"ghs_[A-Za-z0-9]+", "ghs_***", s)
+    s = re.sub(
+        r"(Authorization:\s*token)\s+[A-Za-z0-9_\-]+",
+        r"\1 ***",
+        s,
+        flags=re.IGNORECASE,
+    )
+    s = re.sub(r"(Bearer)\s+[A-Za-z0-9._\-]+", r"\1 ***", s, flags=re.IGNORECASE)
+    return s
+
+
+def _classify_error_simple(msg: str) -> str:
+    lm = msg.lower()
+    if "trust" in lm:
+        return "trust"
+    if "signature" in lm or "codesign" in lm:
+        return "signature"
+    if (
+        "401" in lm
+        or "403" in lm
+        or "auth" in lm
+        or "token" in lm
+        or "permission" in lm
+    ):
+        return "auth"
+    if "download" in lm or "fetch" in lm or "curl" in lm:
+        return "download"
+    if (
+        "proxy" in lm
+        or "timeout" in lm
+        or "network" in lm
+        or "url" in lm
+        or "dns" in lm
+    ):
+        return "network"
+    if "jamf" in lm or "policy" in lm:
+        return "jamf"
+    return "other"
+
+
+# ---------- Jamf Helpers ----------
+
+
+def _normalize_host(url: str) -> str:
+    h = (url or "").strip()
+    if h.startswith("https://"):
+        h = h[len("https://") :]
+    if h.startswith("http://"):
+        h = h[len("http://") :]
+    return h.rstrip("/")
+
+
+def build_pkg_map(jss_url: str, client_id: str, client_secret: str) -> Dict[str, str]:
+    host = _normalize_host(jss_url)
+    _ = host  # silence linters about unused var; kept for readability
+    pkg_map: Dict[str, str] = {}
+    try:
+        from jamf_pro_sdk import (  # type: ignore
+            ApiClientCredentialsProvider,
+            JamfProClient,
+        )
+
+        client = JamfProClient(
+            _normalize_host(jss_url),
+            ApiClientCredentialsProvider(client_id, client_secret),
+        )
+        packages = client.pro_api.get_packages_v1()
+        for p in packages:
+            try:
+                name = str(getattr(p, "packageName")).strip()
+                pid = str(getattr(p, "id")).strip()
+            except Exception as e:  # noqa: F841
+                # ignore objects that do not match expected shape
+                continue
+            if not name or not pid:
+                continue
+            url = f"{jss_url}/view/settings/computer-management/packages/{pid}"
+            if name not in pkg_map:
+                pkg_map[name] = url
+    except Exception as e:  # noqa: F841
+        return {}
+    return pkg_map
+
+
+def enrich_upload_rows(upload_rows: List[Dict], pkg_map: Dict[str, str]) -> int:
+    linked = 0
+    for row in upload_rows:
+        pkg_name = str(row.get("package") or "").strip()
+        url = pkg_map.get(pkg_name)
+        if url:
+            row["package_url"] = url
+            linked += 1
+    return linked
+
+
+def enrich_upload_rows_with_jamf(
+    summary: Dict, jss_url: str, client_id: str, client_secret: str
+) -> Tuple[int, List[str]]:
+    pkg_map = build_pkg_map(jss_url, client_id, client_secret)
+    linked = enrich_upload_rows(summary.get("upload_rows", []), pkg_map)
+    return linked, sorted(set(pkg_map.keys()))
+
+
+def process_reports(
+    *,
+    zip_file: Optional[str],
+    extract_dir: str,
+    reports_dir: Optional[str],
+    environment: str = "",
+    run_date: str = "",
+    out_dir: str,
+    debug: bool,
+    strict: bool,
+) -> int:
+    os.makedirs(out_dir, exist_ok=True)
+
+    if zip_file:
+        zpath = zip_file
+        if not os.path.exists(zpath):
+            raise FileNotFoundError(f"zip file not found: {zpath}")
+        os.makedirs(extract_dir, exist_ok=True)
+        with zipfile.ZipFile(zpath, "r") as zf:
+            zf.extractall(extract_dir)
+        process_dir = extract_dir
+    else:
+        process_dir = reports_dir or extract_dir
+
+    summary = aggregate_reports(process_dir)
+
+    jss_url = os.environ.get("AUTOPKG_JSS_URL")
+    jss_client_id = os.environ.get("AUTOPKG_CLIENT_ID")
+    jss_client_secret = os.environ.get("AUTOPKG_CLIENT_SECRET")
+    jamf_attempted = False
+    jamf_linked = 0
+    jamf_keys: List[str] = []
+    jamf_total = len(summary.get("upload_rows", []))
+    if jss_url and jss_client_id and jss_client_secret and jamf_total:
+        jamf_attempted = True
+        try:
+            jamf_linked, jamf_keys = enrich_upload_rows_with_jamf(
+                summary, jss_url, jss_client_id, jss_client_secret
+            )
+        except Exception:
+            jamf_linked = 0
+
+    job_md = render_job_summary(summary, environment, run_date)
+    issue_md = None
+    if summary.get("errors"):
+        issue_md = render_issue_body(summary, environment, run_date)
+
+    with open(os.path.join(out_dir, "job_summary.md"), "w", encoding="utf-8") as f:
+        f.write(job_md)
+
+    if issue_md:
+        with open(os.path.join(out_dir, "errors_issue.md"), "w", encoding="utf-8") as f:
+            f.write(issue_md)
+
+    jamf_log_path = ""
+    if debug:
+        jamf_log_path = os.path.join(out_dir, "jamf_lookup_debug.json")
+        try:
+            upload_pkg_names = [
+                str(r.get("package") or "").strip()
+                for r in summary.get("upload_rows", [])
+            ]
+            matched = [
+                r for r in summary.get("upload_rows", []) if r.get("package_url")
+            ]
+            unmatched = [
+                r for r in summary.get("upload_rows", []) if not r.get("package_url")
+            ]
+            diag = {
+                "jss_url": jss_url or "",
+                "jamf_keys_count": len(jamf_keys),
+                "jamf_keys_sample": jamf_keys[:20],
+                "uploads_count": len(upload_pkg_names),
+                "matched_count": len(matched),
+                "unmatched_count": len(unmatched),
+                "unmatched_names": [r.get("package") for r in unmatched][:20],
+            }
+            with open(jamf_log_path, "w", encoding="utf-8") as jf:
+                json.dump(diag, jf, indent=2)
+        except Exception:
+            jamf_log_path = ""
+
+    status = [
+        f"Processed reports in '{process_dir}'. Recipes: {summary.get('recipes', 'N/A')}",
+        f"Summary: '{os.path.join(out_dir, 'job_summary.md')}'",
+        f"Errors file: {'errors_issue.md' if issue_md else 'none'}",
+    ]
+    if jamf_attempted:
+        status.append(f"Jamf links added: {jamf_linked}/{jamf_total}")
+        if jamf_log_path:
+            status.append(f"Jamf lookup log: '{jamf_log_path}'")
+    else:
+        status.append("Jamf links: skipped (missing env or no uploads)")
+    logging.info(". ".join(status))
+
+    if strict and summary.get("errors"):
+        return 1
+    return 0

autopkg_wrapper-2026.2.2.dist-info/METADATA

@@ -0,0 +1,105 @@
+Metadata-Version: 2.4
+Name: autopkg-wrapper
+Version: 2026.2.2
+Summary: A package used to execute some autopkg functions, primarily within the context of a GitHub Actions runner.
+Project-URL: Repository, https://github.com/smithjw/autopkg-wrapper
+Author-email: James Smith <james@smithjw.me>
+License-Expression: BSD-3-Clause
+License-File: LICENSE
+Requires-Python: ~=3.14.0
+Requires-Dist: chardet
+Requires-Dist: idna
+Requires-Dist: jamf-pro-sdk
+Requires-Dist: pygithub
+Requires-Dist: requests
+Requires-Dist: ruamel-yaml
+Requires-Dist: toml
+Requires-Dist: urllib3
+Description-Content-Type: text/markdown
+
+# autopkg-wrapper
+
+`autopkg_wrapper` is a small package that can be used to run [`autopkg`](https://github.com/autopkg/autopkg) within CI/CD environments such as GitHub Actions.
+
+The easiest way to run it is by installing with pip.
+
+```shell
+pip install autopkg-wrapper
+```
+
+## Command Line Parameters
+
+```shell
+-h, --help                      Show this help message and exit
+--recipe-file RECIPE_FILE       Path to a list of recipes to run (cannot be run with --recipes)
+--recipes [RECIPES ...]         Recipes to run with autopkg (cannot be run with --recipe-file)
+--debug                         Enable debug logging when running script
+ --disable-recipe-trust-check    If this option is used, recipe trust verification will not be run prior to a recipe run.
+ --github-token GITHUB_TOKEN     A token used to publish a PR to your GitHub repo if overrides require their trust to be updated
+ --branch-name BRANCH_NAME       Branch name to be used where recipe overrides have failed their trust verification and need to be updated.
+                                 By default, this will be in the format of "fix/update_trust_information/YYYY-MM-DDTHH-MM-SS"
+ --create-pr                     If enabled, autopkg_wrapper will open a PR for updated trust information
+ --create-issues                 Create a GitHub issue for recipes that fail during processing
+ --disable-git-commands          If this option is used, git commands won't be run
+ --post-processors [POST_PROCESSORS ...]
+                                 One or more autopkg post processors to run after each recipe execution
+ --autopkg-prefs AW_AUTOPKG_PREFS_FILE
+                                 Path to the autopkg preferences you'd like to use
+ --overrides-repo-path AUTOPKG_OVERRIDES_REPO_PATH
+                                 The path on disk to the git repository containing the autopkg overrides directory. If none is provided, we will try to determine it for you.
+ --concurrency CONCURRENCY       Number of recipes to run in parallel (default: 1)
+ --process-reports               Process autopkg report directories or zip and emit markdown summaries (runs after recipes complete)
+ --reports-zip REPORTS_ZIP       Path to an autopkg_report-*.zip to extract and process
+ --reports-extract-dir REPORTS_EXTRACT_DIR
+                                 Directory to extract the zip into (default: autopkg_reports_summary/reports)
+ --reports-dir REPORTS_DIR       Directory of reports to process (if no zip provided). Defaults to /private/tmp/autopkg when processing after a run
+ --reports-out-dir REPORTS_OUT_DIR
+                                 Directory to write markdown outputs (default: autopkg_reports_summary/summary)
+ --reports-run-date REPORTS_RUN_DATE
+                                 Run date string to include in the summary
+ --reports-strict                Exit non-zero if any errors are detected in processed reports
+```
+
+## Examples
+
+Run recipes (serial):
+
+```bash
+autopkg_wrapper --recipes Foo.download Bar.download
+```
+
+Run 3 recipes concurrently and process reports afterward:
+
+```bash
+autopkg_wrapper \
+  --recipe-file /path/to/recipe_list.txt \
+  --concurrency 3 \
+  --disable-git-commands \
+  --process-reports \
+  --reports-out-dir /tmp/autopkg_reports_summary \
+  --reports-strict
+```
+
+Process a reports zip explicitly (no recipe run):
+
+```bash
+autopkg_wrapper \
+  --process-reports \
+  --reports-zip /path/to/autopkg_report-2026-02-02.zip \
+  --reports-extract-dir /tmp/autopkg_reports \
+  --reports-out-dir /tmp/autopkg_reports_summary
+```
+
+Notes:
+
+- During recipe runs, per‑recipe plist reports are written to `/private/tmp/autopkg`.
+- When `--process-reports` is supplied without `--reports-zip` or `--reports-dir`, the tool processes `/private/tmp/autopkg`.
+- If `AUTOPKG_JSS_URL`, `AUTOPKG_CLIENT_ID`, and `AUTOPKG_CLIENT_SECRET` are set, uploaded package rows are enriched with Jamf package links.
+  - No extra CLI flag is required; enrichment runs automatically when all three env vars are present.
+
+An example folder structure and GitHub Actions Workflow is available within the [`actions-demo`](actions-demo)
+
+## Credits
+
+- [`autopkg_tools` from Facebook](https://github.com/facebook/IT-CPE/tree/main/legacy/autopkg_tools)
+- [`autopkg_tools` from Facebook, modified by Gusto](https://github.com/Gusto/it-cpe-opensource/tree/main/autopkg)

autopkg_wrapper-2026.2.2.dist-info/RECORD

@@ -0,0 +1,14 @@
+autopkg_wrapper/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+autopkg_wrapper/autopkg_wrapper.py,sha256=lIcsLJoaHqhQx8yWvew3_GVm3Vn3DgAp9nBAvfz2JnY,15364
+autopkg_wrapper/notifier/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+autopkg_wrapper/notifier/slack.py,sha256=aPxQDGd5zPxSsu3mEqalNOF0ly0QnYog0ieHokd5-OY,1979
+autopkg_wrapper/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+autopkg_wrapper/utils/args.py,sha256=s7QawLF_WV8nReXTLlyXzT1yGL3M03FXegeTUJ3mzNw,6463
+autopkg_wrapper/utils/git_functions.py,sha256=Ojsq-wQsw7Gezq9pYDTtXF9SxrK9b9Cfap3mbJyVgdw,4456
+autopkg_wrapper/utils/logging.py,sha256=3knpMViO_zAU8WM5bSImQaz5M01vMFk_raB4lt1cbvo,324
+autopkg_wrapper/utils/report_processor.py,sha256=kjKgumD2ERYOrPqvg6ozmIsOxDZLSabs1UTjm4bMl6o,22391
+autopkg_wrapper-2026.2.2.dist-info/METADATA,sha256=j07Aix7InD5wasrgREyTNqIEVU3kiMqqCPc3ayDOOVU,4936
+autopkg_wrapper-2026.2.2.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+autopkg_wrapper-2026.2.2.dist-info/entry_points.txt,sha256=TVIcOt7OozzX1c00pwMGbBysaHg_v_N3mO3juoFqPpo,73
+autopkg_wrapper-2026.2.2.dist-info/licenses/LICENSE,sha256=PpNOQjZGcsKFuA0wU16YU7PueVxqPX4OnyZ7TlLQlq4,1602
+autopkg_wrapper-2026.2.2.dist-info/RECORD,,

{autopkg_wrapper-2025.11.1.dist-info → autopkg_wrapper-2026.2.2.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: hatchling 1.27.0
+Generator: hatchling 1.28.0
 Root-Is-Purelib: true
 Tag: py3-none-any

autopkg_wrapper-2025.11.1.dist-info/METADATA

@@ -1,54 +0,0 @@
-Metadata-Version: 2.4
-Name: autopkg-wrapper
-Version: 2025.11.1
-Summary: A package used to execute some autopkg functions, primarily within the context of a GitHub Actions runner.
-Project-URL: Repository, https://github.com/smithjw/autopkg-wrapper
-Author-email: James Smith <james@smithjw.me>
-License-Expression: BSD-3-Clause
-License-File: LICENSE
-Requires-Python: ~=3.12.0
-Requires-Dist: chardet
-Requires-Dist: idna
-Requires-Dist: pygithub
-Requires-Dist: requests
-Requires-Dist: ruamel-yaml
-Requires-Dist: toml
-Requires-Dist: urllib3
-Description-Content-Type: text/markdown
-
-# autopkg-wrapper
-
-`autopkg_wrapper` is a small package that can be used to run [`autopkg`](https://github.com/autopkg/autopkg) within CI/CD environments such as GitHub Actions.
-
-The easiest way to run it is by installing with pip.
-
-```shell
-pip install autopkg-wrapper
-```
-
-## Command Line Parameters
-
-```shell
--h, --help                      Show this help message and exit
---recipe-file RECIPE_FILE       Path to a list of recipes to run (cannot be run with --recipes)
---recipes [RECIPES ...]         Recipes to run with autopkg (cannot be run with --recipe-file)
---debug                         Enable debug logging when running script
---override-trust                If set recipe override trust verification will be disabled. (Default: True)
---github-token GITHUB_TOKEN     A token used to publish a PR to your GitHub repo if overrides require their trust to be updated
---branch-name BRANCH_NAME       Branch name to be used where recipe overrides have failed their trust verification and need to be updated.
-                                By default, this will be in the format of "fix/update_trust_information/YYYY-MM-DDTHH-MM-SS"
---create-pr                     If enabled, autopkg_wrapper will open a PR for updated trust information
---autopkg-prefs AW_AUTOPKG_PREFS_FILE
-                                Path to the autopkg preferences you'd like to use
---autopkg-overrides-repo-path AUTOPKG_OVERRIDES_REPO_PATH
-                                The path on disk to the git repository containing the autopkg overrides directory. If none is provided, we will try to determine it for you.
-```
-
-## Example
-
-An example folder structure and GitHub Actions Workflow is available within the [`actions-demo`](actions-demo)
-
-## Credits
-
-- [`autopkg_tools` from Facebook](https://github.com/facebook/IT-CPE/tree/main/legacy/autopkg_tools)
-- [`autopkg_tools` from Facebook, modified by Gusto](https://github.com/Gusto/it-cpe-opensource/tree/main/autopkg)

autopkg_wrapper-2025.11.1.dist-info/RECORD

@@ -1,13 +0,0 @@
-autopkg_wrapper/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-autopkg_wrapper/autopkg_wrapper.py,sha256=dF8BGhk1IpP4w6lRtJqgpY-VK9vkoOiD0jidIUaSn9M,13457
-autopkg_wrapper/notifier/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-autopkg_wrapper/notifier/slack.py,sha256=aPxQDGd5zPxSsu3mEqalNOF0ly0QnYog0ieHokd5-OY,1979
-autopkg_wrapper/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-autopkg_wrapper/utils/args.py,sha256=6sghB9DWZmv7VLUR9uJA5WkhxsZ08Ri1qoUY5rxydjY,4883
-autopkg_wrapper/utils/git_functions.py,sha256=Ojsq-wQsw7Gezq9pYDTtXF9SxrK9b9Cfap3mbJyVgdw,4456
-autopkg_wrapper/utils/logging.py,sha256=3knpMViO_zAU8WM5bSImQaz5M01vMFk_raB4lt1cbvo,324
-autopkg_wrapper-2025.11.1.dist-info/METADATA,sha256=qWyqCoaK3d4ttaNwIEFRrYeqQE1BKznnOP8twLpUJYc,2528
-autopkg_wrapper-2025.11.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-autopkg_wrapper-2025.11.1.dist-info/entry_points.txt,sha256=TVIcOt7OozzX1c00pwMGbBysaHg_v_N3mO3juoFqPpo,73
-autopkg_wrapper-2025.11.1.dist-info/licenses/LICENSE,sha256=PpNOQjZGcsKFuA0wU16YU7PueVxqPX4OnyZ7TlLQlq4,1602
-autopkg_wrapper-2025.11.1.dist-info/RECORD,,