autopkg-wrapper 2025.11.1__py3-none-any.whl → 2026.2.5__py3-none-any.whl

autopkg_wrapper/autopkg_wrapper.py

@@ -4,6 +4,7 @@ import logging
 import plistlib
 import subprocess
 import sys
+from concurrent.futures import ThreadPoolExecutor, as_completed
 from datetime import datetime
 from itertools import chain
 from pathlib import Path
@@ -12,6 +13,8 @@ import autopkg_wrapper.utils.git_functions as git
 from autopkg_wrapper.notifier import slack
 from autopkg_wrapper.utils.args import setup_args
 from autopkg_wrapper.utils.logging import setup_logger
+from autopkg_wrapper.utils.recipe_ordering import order_recipe_list
+from autopkg_wrapper.utils.report_processor import process_reports
 
 
 class Recipe(object):
@@ -34,43 +37,39 @@ class Recipe(object):
         return name
 
     def verify_trust_info(self, args):
-        verbose_output = ["-vvvv"] if args.debug else None
+        verbose_output = ["-vvvv"] if args.debug else []
         prefs_file = (
-            ["--prefs", args.autopkg_prefs.as_posix()] if args.autopkg_prefs else None
+            ["--prefs", args.autopkg_prefs.as_posix()] if args.autopkg_prefs else []
         )
-        cmd = ["/usr/local/bin/autopkg", "verify-trust-info", self.filename]
-        cmd = cmd + verbose_output if verbose_output else cmd
-        cmd = cmd + prefs_file if prefs_file else cmd
-        cmd = " ".join(cmd)
-        logging.debug(f"cmd: {str(cmd)}")
-
-        p = subprocess.Popen(
-            cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True
+        autopkg_bin = getattr(args, "autopkg_bin", "/usr/local/bin/autopkg")
+        cmd = (
+            [autopkg_bin, "verify-trust-info", self.filename]
+            + verbose_output
+            + prefs_file
         )
-        (output, err) = p.communicate()
-        p_status = p.wait()
-        if p_status == 0:
+        logging.debug(f"cmd: {cmd}")
+
+        result = subprocess.run(cmd, capture_output=True, text=True)
+        if result.returncode == 0:
             self.verified = True
         else:
-            err = err.decode()
-            self.results["message"] = err
+            self.results["message"] = (result.stderr or "").strip()
             self.verified = False
         return self.verified
 
     def update_trust_info(self, args):
         prefs_file = (
-            ["--prefs", args.autopkg_prefs.as_posix()] if args.autopkg_prefs else None
+            ["--prefs", args.autopkg_prefs.as_posix()] if args.autopkg_prefs else []
         )
-        cmd = ["/usr/local/bin/autopkg", "update-trust-info", self.filename]
-        cmd = cmd + prefs_file if prefs_file else cmd
-        cmd = " ".join(cmd)
-        logging.debug(f"cmd: {str(cmd)}")
+        autopkg_bin = getattr(args, "autopkg_bin", "/usr/local/bin/autopkg")
+        cmd = [autopkg_bin, "update-trust-info", self.filename] + prefs_file
+        logging.debug(f"cmd: {cmd}")
 
         # Fail loudly if this exits 0
         try:
-            subprocess.check_call(cmd, shell=True)
+            subprocess.check_call(cmd)
         except subprocess.CalledProcessError as e:
-            logging.error(e.stderr)
+            logging.error(str(e))
             raise e
 
     def _parse_report(self, report):
@@ -94,7 +93,7 @@ class Recipe(object):
             self.results["failed"] = True
             self.results["imported"] = ""
         else:
-            report_dir = Path("/tmp/autopkg")
+            report_dir = Path("/private/tmp/autopkg")
             report_time = datetime.now().strftime("%Y-%m-%dT%H-%M-%S")
             report_name = Path(f"{self.name}-{report_time}.plist")
 
@@ -106,9 +105,9 @@ class Recipe(object):
                 prefs_file = (
                     ["--prefs", args.autopkg_prefs.as_posix()]
                     if args.autopkg_prefs
-                    else None
+                    else []
                 )
-                verbose_output = ["-vvvv"] if args.debug else None
+                verbose_output = ["-vvvv"] if args.debug else []
                 post_processor_cmd = (
                     list(
                         chain.from_iterable(
@@ -119,25 +118,25 @@ class Recipe(object):
                         )
                     )
                     if self.post_processors
-                    else None
+                    else []
                 )
+                autopkg_bin = getattr(args, "autopkg_bin", "/usr/local/bin/autopkg")
                 cmd = [
-                    "/usr/local/bin/autopkg",
+                    autopkg_bin,
                     "run",
                     self.filename,
                     "--report-plist",
                     str(report),
                 ]
-                cmd = cmd + post_processor_cmd if post_processor_cmd else cmd
-                cmd = cmd + verbose_output if verbose_output else cmd
-                cmd = cmd + prefs_file if prefs_file else cmd
-                cmd = " ".join(cmd)
+                cmd = cmd + post_processor_cmd + verbose_output + prefs_file
 
-                logging.debug(f"cmd: {str(cmd)}")
+                logging.debug(f"cmd: {cmd}")
 
-                subprocess.check_call(cmd, shell=True)
+                result = subprocess.run(cmd, capture_output=True, text=True)
+                if result.returncode != 0:
+                    self.error = True
 
-            except subprocess.CalledProcessError:
+            except Exception:
                 self.error = True
 
             self._has_run = True
@@ -244,7 +243,12 @@ def update_recipe_repo(recipe, git_info, disable_recipe_trust_check, args):
 
 
 def parse_recipe_list(recipes, recipe_file, post_processors, args):
-    """Parsing list of recipes into a common format"""
+    """Parse recipe inputs into a common list of recipe names.
+
+    The arguments assume that `recipes` and `recipe_file` are mutually exclusive.
+    If `args.recipe_processing_order` is provided, the list is re-ordered before
+    creating `Recipe` objects.
+    """
     recipe_list = None
 
     logging.info(f"Recipes: {recipes}") if recipes else None
@@ -254,6 +258,12 @@ def parse_recipe_list(recipes, recipe_file, post_processors, args):
         if recipe_file.suffix == ".json":
             with open(recipe_file, "r") as f:
                 recipe_list = json.load(f)
+        elif recipe_file.suffix in {".yaml", ".yml"}:
+            from ruamel.yaml import YAML
+
+            yaml = YAML(typ="safe")
+            with open(recipe_file, "r", encoding="utf-8") as f:
+                recipe_list = yaml.load(f)
         elif recipe_file.suffix == ".txt":
             with open(recipe_file, "r") as f:
                 recipe_list = f.read().splitlines()
@@ -277,11 +287,16 @@ def parse_recipe_list(recipes, recipe_file, post_processors, args):
             """Please provide recipes to run via the following methods:
     --recipes recipe_one.download recipe_two.download
     --recipe-file path/to/recipe_list.json
-    Comma separated list in the AUTOPKG_RECIPES env variable"""
+    Comma separated list in the AW_RECIPES env variable"""
         )
         sys.exit(1)
 
-    logging.info(f"Processing the following recipes: {recipe_list}")
+    if args.recipe_processing_order:
+        recipe_list = order_recipe_list(
+            recipe_list=recipe_list, order=args.recipe_processing_order
+        )
+
+    logging.info(f"Processing {len(recipe_list)} recipes.")
     recipe_map = [Recipe(name, post_processors=post_processors) for name in recipe_list]
 
     return recipe_map
@@ -358,31 +373,50 @@ def main():
 
     failed_recipes = []
 
-    for recipe in recipe_list:
-        logging.info(f"Processing Recipe: {recipe.name}")
+    # Run recipes concurrently using a thread pool to parallelize subprocess calls
+    max_workers = max(1, int(getattr(args, "concurrency", 1)))
+    logging.info(f"Running recipes with concurrency={max_workers}")
+
+    def run_one(r: Recipe):
+        logging.info(f"Processing Recipe: {r.name}")
         process_recipe(
-            recipe=recipe,
+            recipe=r,
             disable_recipe_trust_check=args.disable_recipe_trust_check,
             args=args,
         )
+        # Git updates and notifications are applied serially after all recipes finish
+        return r
+
+    with ThreadPoolExecutor(max_workers=max_workers) as executor:
+        futures = [executor.submit(run_one, r) for r in recipe_list]
+        for fut in as_completed(futures):
+            r = fut.result()
+            if r.error or r.results.get("failed"):
+                failed_recipes.append(r)
+
+    # Apply git updates serially to avoid branch/commit conflicts when concurrency > 1
+    for r in recipe_list:
         update_recipe_repo(
             git_info=override_repo_info,
-            recipe=recipe,
+            recipe=r,
             disable_recipe_trust_check=args.disable_recipe_trust_check,
             args=args,
         )
-        slack.send_notification(
-            recipe=recipe, token=args.slack_token
-        ) if args.slack_token else None
 
-        if recipe.error or recipe.results.get("failed"):
-            failed_recipes.append(recipe)
-
-    recipe.pr_url = (
-        git.create_pull_request(git_info=override_repo_info, recipe=recipe)
-        if args.create_pr
-        else None
-    )
+    # Send notifications serially to simplify rate limiting and ordering
+    if args.slack_token:
+        for r in recipe_list:
+            slack.send_notification(recipe=r, token=args.slack_token)
+
+    # Optionally open a PR for updated trust information
+    if args.create_pr and recipe_list:
+        # Choose a representative recipe for the PR title/body
+        rep_recipe = next(
+            (r for r in recipe_list if r.updated is True or r.verified is False),
+            recipe_list[0],
+        )
+        pr_url = git.create_pull_request(git_info=override_repo_info, recipe=rep_recipe)
+        logging.info(f"Created Pull Request for trust info updates: {pr_url}")
 
     # Create GitHub issue for failed recipes
     if args.create_issues and failed_recipes and args.github_token:
@@ -390,3 +424,20 @@ def main():
             git_info=override_repo_info, failed_recipes=failed_recipes
         )
         logging.info(f"Created GitHub issue for failed recipes: {issue_url}")
+
+    # Optionally process reports after running recipes
+    if getattr(args, "process_reports", False):
+        rc = process_reports(
+            zip_file=getattr(args, "reports_zip", None),
+            extract_dir=getattr(
+                args, "reports_extract_dir", "autopkg_reports_summary/reports"
+            ),
+            reports_dir=(getattr(args, "reports_dir", None) or "/private/tmp/autopkg"),
+            environment="",
+            run_date=getattr(args, "reports_run_date", ""),
+            out_dir=getattr(args, "reports_out_dir", "autopkg_reports_summary/summary"),
+            debug=bool(getattr(args, "debug", False)),
+            strict=bool(getattr(args, "reports_strict", False)),
+        )
+        if rc:
+            sys.exit(rc)

autopkg_wrapper/notifier/slack.py

@@ -5,7 +5,7 @@ import requests
 
 
 def send_notification(recipe, token):
-    logging.debug("Skipping Slack notification as DEBUG is enabled!")
+    logging.debug("Preparing Slack notification")
 
     if token is None:
         logging.error("Skipping Slack Notification as no SLACK_WEBHOOK_TOKEN defined!")

autopkg_wrapper/utils/args.py

@@ -68,6 +68,33 @@ def setup_args():
                 `autopkg-wrapper`
             """,
     )
+    parser.add_argument(
+        "--recipe-processing-order",
+        nargs="*",
+        default=os.getenv("AW_RECIPE_PROCESSING_ORDER", None),
+        help="""
+            This option comes in handy if you include additional recipe type names in your overrides and wish them to be processed in a specific order.
+            We'll specifically look for these recipe types after the first period (.) in the recipe name.
+            Order items can be either a full type suffix (e.g. "upload.jamf") or a partial token (e.g. "upload", "auto_update").
+            Partial tokens are matched against the dot-separated segments after the first '.' so recipes like "Foo.epz.auto_update.jamf" will match "auto_update".
+            This can also be provided via the 'AW_RECIPE_PROCESSING_ORDER' environment variable as a comma-separated list (e.g. "upload,self_service,auto_update").
+            For example, if you have the following recipes to be processed:
+                ExampleApp.auto_install.jamf
+                ExampleApp.upload.jamf
+                ExampleApp.self_service.jamf
+            And you want to ensure that the .upload recipes are always processed first, followed by .auto_install, and finally .self_service, you would provide the following processing order:
+                `--recipe-processing-order upload.jamf auto_install.jamf self_service.jamf`
+            This would ensure that all .upload recipes are processed before any other recipe types.
+            Within each recipe type, the recipes will be ordered alphabetically.
+            We assume that no extensions are provided (but will strip them if needed - extensions that are stripped include .recipe or .recipe.yaml).
+            """,
+    )
+    parser.add_argument(
+        "--autopkg-bin",
+        default=os.getenv("AW_AUTOPKG_BIN", "/usr/local/bin/autopkg"),
+        help="Path to the autopkg binary (default: /usr/local/bin/autopkg). Can also be set via AW_AUTOPKG_BIN.",
+    )
+
     parser.add_argument(
         "--debug",
         default=validate_bool(os.getenv("AW_DEBUG", False)),
@@ -90,6 +117,12 @@ def setup_args():
             If this option is used, git commands won't be run
             """,
     )
+    parser.add_argument(
+        "--concurrency",
+        type=int,
+        default=int(os.getenv("AW_CONCURRENCY", "1")),
+        help="Number of recipes to run in parallel (default: 1)",
+    )
     parser.add_argument(
         "--slack-token",
         default=os.getenv("SLACK_WEBHOOK_TOKEN", None),
@@ -144,4 +177,41 @@ def setup_args():
         """,
     )
 
+    # Report processing options
+    parser.add_argument(
+        "--process-reports",
+        action="store_true",
+        help="Process autopkg report directories or zip and emit markdown summaries",
+    )
+    parser.add_argument(
+        "--reports-zip",
+        default=os.getenv("AW_REPORTS_ZIP", None),
+        help="Path to an autopkg_report-*.zip to extract and process",
+    )
+    parser.add_argument(
+        "--reports-extract-dir",
+        default=os.getenv("AW_REPORTS_EXTRACT_DIR", "autopkg_reports_summary/reports"),
+        help="Directory to extract the zip into (default: autopkg_reports_summary/reports)",
+    )
+    parser.add_argument(
+        "--reports-dir",
+        default=os.getenv("AW_REPORTS_DIR", None),
+        help="Directory of reports to process (if no zip provided)",
+    )
+    parser.add_argument(
+        "--reports-out-dir",
+        default=os.getenv("AW_REPORTS_OUT_DIR", "autopkg_reports_summary/summary"),
+        help="Directory to write markdown outputs (default: autopkg_reports_summary/summary)",
+    )
+    parser.add_argument(
+        "--reports-run-date",
+        default=os.getenv("AW_REPORTS_RUN_DATE", ""),
+        help="Run date string to include in the summary",
+    )
+    parser.add_argument(
+        "--reports-strict",
+        action="store_true",
+        help="Exit non-zero if any errors are detected in processed reports",
+    )
+
     return parser.parse_args()

autopkg_wrapper/utils/git_functions.py

@@ -1,4 +1,5 @@
 import logging
+import re
 import subprocess
 from datetime import datetime
 
@@ -21,12 +22,26 @@ def git_run(*args):
 
 
 def get_repo_info(override_repo_git_git_dir):
-    repo_url = (
-        git_run(override_repo_git_git_dir, "config", "--get", "remote.origin.url")
-        .stdout.strip()
-        .split(".git")[0]
+    remote = git_run(
+        override_repo_git_git_dir, "config", "--get", "remote.origin.url"
+    ).stdout.strip()
+
+    # Supports:
+    # - https://github.com/<owner>/<repo>.git
+    # - git@github.com:<owner>/<repo>.git
+    # - ssh://git@github.com/<owner>/<repo>.git
+    m = re.search(
+        r"github\.com[:/](?P<owner>[^/]+)/(?P<repo>[^\s/]+?)(?:\.git)?$",
+        remote,
+        flags=re.IGNORECASE,
     )
-    remote_repo_ref = repo_url.split("https://github.com/")[1]
+    if not m:
+        raise ValueError(f"Unsupported Git remote URL: {remote}")
+
+    owner = m.group("owner")
+    repo = m.group("repo")
+    remote_repo_ref = f"{owner}/{repo}"
+    repo_url = f"https://github.com/{remote_repo_ref}"
 
     logging.debug(f"Repo URL: {repo_url}")
     logging.debug(f"Remote Repo Ref: {remote_repo_ref}")

autopkg_wrapper/utils/recipe_ordering.py

@@ -0,0 +1,149 @@
+import logging
+
+
+def order_recipe_list(recipe_list, order):
+    # This option comes in handy if you include additional recipe type names in your overrides and wish them to be processed in a specific order.
+    # We'll specifically look for these recipe types after the first period (.) in the recipe name.
+    # For example, if you have the following recipes to be processed:
+    #     ExampleApp.auto_install.jamf
+    #     ExampleApp.upload.jamf
+    #     ExampleApp.self_service.jamf
+    # And you want to ensure that the .upload recipes are always processed first, followed by .auto_install, and finally .self_service, you would provide the following processing order:
+    #     `--recipe-processing-order upload.jamf auto_install.jamf self_service.jamf`
+    # This would ensure that all .upload recipes are processed before any other recipe types.
+    # Within each recipe type, the recipes will be ordered alphabetically.
+    # We assume that no extensions are provided (but will strip them if needed - extensions that are stripped include .recipe or .recipe.yaml).
+
+    def strip_known_extensions(value: str) -> str:
+        value = value.strip()
+        if value.endswith(".recipe.yaml"):
+            return value[: -len(".recipe.yaml")]
+        if value.endswith(".recipe"):
+            return value[: -len(".recipe")]
+        return value
+
+    def normalise_processing_order(value):
+        if not value:
+            return []
+
+        items: list[str] = []
+        if isinstance(value, str):
+            raw = value.strip()
+            if not raw:
+                return []
+            # String values generally come from env var defaults; treat as comma-separated.
+            items = [v.strip() for v in raw.split(",")]
+        else:
+            # argparse typically provides a list here, but env var defaults can leak through.
+            for v in value:
+                if v is None:
+                    continue
+                v = str(v).strip()
+                if not v:
+                    continue
+                if "," in v:
+                    items.extend([p.strip() for p in v.split(",")])
+                else:
+                    items.append(v)
+
+        normalised: list[str] = []
+        seen: set[str] = set()
+        for item in items:
+            if not item:
+                continue
+            item = item.lstrip(".")
+            item = strip_known_extensions(item)
+            if not item or item in seen:
+                continue
+            seen.add(item)
+            normalised.append(item)
+        return normalised
+
+    def recipe_type(recipe_name: str) -> str:
+        # Type is everything after the first '.' (e.g. Example.upload.jamf -> upload.jamf)
+        parts = recipe_name.split(".", 1)
+        return parts[1] if len(parts) == 2 else ""
+
+    def recipe_segments_after_first_dot(recipe_name: str) -> list[str]:
+        after_first = recipe_type(recipe_name)
+        return [p for p in after_first.split(".") if p] if after_first else []
+
+    def pattern_matches_segments(pattern: str, segments: list[str]) -> bool:
+        # Pattern can be a single token ("auto_update") or a dot-separated sequence
+        # ("upload.jamf", "auto_update.jamf", etc.).
+        if not pattern:
+            return False
+        pattern_parts = [p for p in pattern.split(".") if p]
+        if not pattern_parts:
+            return False
+
+        # Case-insensitive matching.
+        segments_norm = [s.casefold() for s in segments]
+        pattern_parts_norm = [p.casefold() for p in pattern_parts]
+
+        if len(pattern_parts_norm) == 1:
+            return pattern_parts_norm[0] in segments_norm
+
+        # Contiguous subsequence match.
+        for start in range(0, len(segments_norm) - len(pattern_parts_norm) + 1):
+            if (
+                segments_norm[start : start + len(pattern_parts_norm)]
+                == pattern_parts_norm
+            ):
+                return True
+        return False
+
+    if not recipe_list:
+        return recipe_list
+
+    normalised_order = normalise_processing_order(order)
+
+    # If the provided order contains no usable tokens, do not re-order.
+    # (We still strip known extensions, which is order-preserving.)
+    if not normalised_order:
+        return [
+            strip_known_extensions(str(r).strip()) for r in recipe_list if r is not None
+        ]
+
+    # First, normalise recipe names by stripping known extensions.
+    normalised_recipes: list[str] = []
+    for r in recipe_list:
+        if r is None:
+            continue
+        normalised_recipes.append(strip_known_extensions(str(r).strip()))
+
+    # If a processing order is supplied, match each recipe to the *first* pattern it satisfies.
+    # This supports both direct matches ("upload.jamf") and partial matches ("upload",
+    # "auto_update") against dot-separated segments after the first '.' in the recipe name.
+    pattern_groups: dict[str, list[str]] = {p: [] for p in normalised_order}
+    unmatched: list[str] = []
+
+    for r in normalised_recipes:
+        segments = recipe_segments_after_first_dot(r)
+        matched = False
+        for p in normalised_order:
+            if pattern_matches_segments(p, segments):
+                pattern_groups[p].append(r)
+                matched = True
+                break
+        if not matched:
+            unmatched.append(r)
+
+    ordered: list[str] = []
+    for p in normalised_order:
+        ordered.extend(sorted(pattern_groups[p], key=str.casefold))
+
+    # Remaining recipes: group by their full type string and order groups alphabetically,
+    # with empty-type last.
+    groups: dict[str, list[str]] = {}
+    for r in unmatched:
+        t = recipe_type(r)
+        groups.setdefault(t, []).append(r)
+
+    for t in sorted(groups.keys(), key=lambda x: (x == "", x.casefold())):
+        ordered.extend(sorted(groups[t], key=str.casefold))
+
+    logging.debug(f"Recipe processing order: {normalised_order}")
+    logging.debug(f"Ordered recipes: {ordered}")
+
+    return ordered