autopkg-wrapper 2025.11.1__tar.gz → 2026.2.5__tar.gz

{autopkg_wrapper-2025.11.1 → autopkg_wrapper-2026.2.5}/.github/workflows/build-publish.yml

@@ -34,7 +34,6 @@ jobs:
       contents: write
 
     steps:
-      # - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - id: check-inputs
         env:
           INPUT_DRY_RUN: ${{ github.event.inputs.dry_run }}
@@ -104,26 +103,24 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
-      - name: Setup UV
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - name: Setup mise
+        uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
         with:
-          activate-environment: true
-          enable-cache: true
-          cache-dependency-glob: uv.lock
+          install: true
+          cache: true
 
-      - name: Setup Python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version-file: pyproject.toml
+      - name: Run tests
+        run: mise run test
+
+      - name: Build package
+        env:
+          RELEASE_VERSION: ${{ needs.release.outputs.version }}
+        run: mise run build
 
-      - name: Build Package with UV
-        run: |
-          uv version ${{ needs.release.outputs.version }}
-          uv build
       - name: Upload Package Artifacts
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: python-package-distributions
           path: dist/
@@ -142,7 +139,7 @@ jobs:
 
     steps:
       - name: Download Package Artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: python-package-distributions
           path: dist/
@@ -166,7 +163,7 @@ jobs:
 
     steps:
       - name: Download Package Artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: python-package-distributions
           path: dist/
@@ -185,11 +182,11 @@ jobs:
 
     steps:
       - name: Download Package Artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: python-package-distributions
           path: dist/
-      - uses: sigstore/gh-action-sigstore-python@f832326173235dcb00dd5d92cd3f353de3188e6c # v3.1.0
+      - uses: sigstore/gh-action-sigstore-python@a5caf349bc536fbef3668a10ed7f5cd309a4b53d # v3.2.0
         with:
           inputs: |
             dist/*.whl

{autopkg_wrapper-2025.11.1 → autopkg_wrapper-2026.2.5}/.github/workflows/codeql.yml

@@ -27,14 +27,14 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@382a50a0284c0de445104889a9d6003acb4b3c1d # v2.15.4
+      uses: github/codeql-action/init@25a224b8085c21d4d61b7fc051468805fc3ac490 # codeql-bundle-v2.24.0
       with:
         languages: ${{ matrix.language }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@382a50a0284c0de445104889a9d6003acb4b3c1d # v2.15.4
+      uses: github/codeql-action/analyze@25a224b8085c21d4d61b7fc051468805fc3ac490 # codeql-bundle-v2.24.0
       with:
         category: "/language:${{matrix.language}}"

{autopkg_wrapper-2025.11.1 → autopkg_wrapper-2026.2.5}/.github/workflows/dependency-review.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout Repository"
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: "Dependency Review"
         uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2

autopkg_wrapper-2026.2.5/PKG-INFO

@@ -0,0 +1,107 @@
+Metadata-Version: 2.4
+Name: autopkg-wrapper
+Version: 2026.2.5
+Summary: A package used to execute some autopkg functions, primarily within the context of a GitHub Actions runner.
+Project-URL: Repository, https://github.com/smithjw/autopkg-wrapper
+Author-email: James Smith <james@smithjw.me>
+License-Expression: BSD-3-Clause
+License-File: LICENSE
+Requires-Python: ~=3.14.0
+Requires-Dist: chardet
+Requires-Dist: idna
+Requires-Dist: jamf-pro-sdk
+Requires-Dist: pygithub
+Requires-Dist: requests
+Requires-Dist: ruamel-yaml
+Requires-Dist: toml
+Requires-Dist: urllib3
+Description-Content-Type: text/markdown
+
+# autopkg-wrapper
+
+`autopkg_wrapper` is a small package that can be used to run [`autopkg`](https://github.com/autopkg/autopkg) within CI/CD environments such as GitHub Actions.
+
+The easiest way to run it is by installing with pip.
+
+```shell
+pip install autopkg-wrapper
+```
+
+## Command Line Parameters
+
+```shell
+-h, --help                      Show this help message and exit
+--recipe-file RECIPE_FILE       Path to a list of recipes to run (cannot be run with --recipes)
+--recipes [RECIPES ...]         Recipes to run with autopkg (cannot be run with --recipe-file)
+--recipe-processing-order [RECIPE_PROCESSING_ORDER ...]
+                                Optional processing order for recipe "types" (suffix segments after the first '.'); supports partial tokens like upload/auto_update; env var AW_RECIPE_PROCESSING_ORDER expects comma-separated values
+--debug                         Enable debug logging when running script
+ --disable-recipe-trust-check    If this option is used, recipe trust verification will not be run prior to a recipe run.
+ --github-token GITHUB_TOKEN     A token used to publish a PR to your GitHub repo if overrides require their trust to be updated
+ --branch-name BRANCH_NAME       Branch name to be used where recipe overrides have failed their trust verification and need to be updated.
+                                 By default, this will be in the format of "fix/update_trust_information/YYYY-MM-DDTHH-MM-SS"
+ --create-pr                     If enabled, autopkg_wrapper will open a PR for updated trust information
+ --create-issues                 Create a GitHub issue for recipes that fail during processing
+ --disable-git-commands          If this option is used, git commands won't be run
+ --post-processors [POST_PROCESSORS ...]
+                                 One or more autopkg post processors to run after each recipe execution
+ --autopkg-prefs AW_AUTOPKG_PREFS_FILE
+                                 Path to the autopkg preferences you'd like to use
+ --overrides-repo-path AUTOPKG_OVERRIDES_REPO_PATH
+                                 The path on disk to the git repository containing the autopkg overrides directory. If none is provided, we will try to determine it for you.
+ --concurrency CONCURRENCY       Number of recipes to run in parallel (default: 1)
+ --process-reports               Process autopkg report directories or zip and emit markdown summaries (runs after recipes complete)
+ --reports-zip REPORTS_ZIP       Path to an autopkg_report-*.zip to extract and process
+ --reports-extract-dir REPORTS_EXTRACT_DIR
+                                 Directory to extract the zip into (default: autopkg_reports_summary/reports)
+ --reports-dir REPORTS_DIR       Directory of reports to process (if no zip provided). Defaults to /private/tmp/autopkg when processing after a run
+ --reports-out-dir REPORTS_OUT_DIR
+                                 Directory to write markdown outputs (default: autopkg_reports_summary/summary)
+ --reports-run-date REPORTS_RUN_DATE
+                                 Run date string to include in the summary
+ --reports-strict                Exit non-zero if any errors are detected in processed reports
+```
+
+## Examples
+
+Run recipes (serial):
+
+```bash
+autopkg_wrapper --recipes Foo.download Bar.download
+```
+
+Run 3 recipes concurrently and process reports afterward:
+
+```bash
+autopkg_wrapper \
+  --recipe-file /path/to/recipe_list.txt \
+  --concurrency 3 \
+  --disable-git-commands \
+  --process-reports \
+  --reports-out-dir /tmp/autopkg_reports_summary \
+  --reports-strict
+```
+
+Process a reports zip explicitly (no recipe run):
+
+```bash
+autopkg_wrapper \
+  --process-reports \
+  --reports-zip /path/to/autopkg_report-2026-02-02.zip \
+  --reports-extract-dir /tmp/autopkg_reports \
+  --reports-out-dir /tmp/autopkg_reports_summary
+```
+
+Notes:
+
+- During recipe runs, per‑recipe plist reports are written to `/private/tmp/autopkg`.
+- When `--process-reports` is supplied without `--reports-zip` or `--reports-dir`, the tool processes `/private/tmp/autopkg`.
+- If `AUTOPKG_JSS_URL`, `AUTOPKG_CLIENT_ID`, and `AUTOPKG_CLIENT_SECRET` are set, uploaded package rows are enriched with Jamf package links.
+  - No extra CLI flag is required; enrichment runs automatically when all three env vars are present.
+
+An example folder structure and GitHub Actions Workflow is available within the [`actions-demo`](actions-demo)
+
+## Credits
+
+- [`autopkg_tools` from Facebook](https://github.com/facebook/IT-CPE/tree/main/legacy/autopkg_tools)
+- [`autopkg_tools` from Facebook, modified by Gusto](https://github.com/Gusto/it-cpe-opensource/tree/main/autopkg)

autopkg_wrapper-2026.2.5/README.md

@@ -0,0 +1,88 @@
+# autopkg-wrapper
+
+`autopkg_wrapper` is a small package that can be used to run [`autopkg`](https://github.com/autopkg/autopkg) within CI/CD environments such as GitHub Actions.
+
+The easiest way to run it is by installing with pip.
+
+```shell
+pip install autopkg-wrapper
+```
+
+## Command Line Parameters
+
+```shell
+-h, --help                      Show this help message and exit
+--recipe-file RECIPE_FILE       Path to a list of recipes to run (cannot be run with --recipes)
+--recipes [RECIPES ...]         Recipes to run with autopkg (cannot be run with --recipe-file)
+--recipe-processing-order [RECIPE_PROCESSING_ORDER ...]
+                                Optional processing order for recipe "types" (suffix segments after the first '.'); supports partial tokens like upload/auto_update; env var AW_RECIPE_PROCESSING_ORDER expects comma-separated values
+--debug                         Enable debug logging when running script
+ --disable-recipe-trust-check    If this option is used, recipe trust verification will not be run prior to a recipe run.
+ --github-token GITHUB_TOKEN     A token used to publish a PR to your GitHub repo if overrides require their trust to be updated
+ --branch-name BRANCH_NAME       Branch name to be used where recipe overrides have failed their trust verification and need to be updated.
+                                 By default, this will be in the format of "fix/update_trust_information/YYYY-MM-DDTHH-MM-SS"
+ --create-pr                     If enabled, autopkg_wrapper will open a PR for updated trust information
+ --create-issues                 Create a GitHub issue for recipes that fail during processing
+ --disable-git-commands          If this option is used, git commands won't be run
+ --post-processors [POST_PROCESSORS ...]
+                                 One or more autopkg post processors to run after each recipe execution
+ --autopkg-prefs AW_AUTOPKG_PREFS_FILE
+                                 Path to the autopkg preferences you'd like to use
+ --overrides-repo-path AUTOPKG_OVERRIDES_REPO_PATH
+                                 The path on disk to the git repository containing the autopkg overrides directory. If none is provided, we will try to determine it for you.
+ --concurrency CONCURRENCY       Number of recipes to run in parallel (default: 1)
+ --process-reports               Process autopkg report directories or zip and emit markdown summaries (runs after recipes complete)
+ --reports-zip REPORTS_ZIP       Path to an autopkg_report-*.zip to extract and process
+ --reports-extract-dir REPORTS_EXTRACT_DIR
+                                 Directory to extract the zip into (default: autopkg_reports_summary/reports)
+ --reports-dir REPORTS_DIR       Directory of reports to process (if no zip provided). Defaults to /private/tmp/autopkg when processing after a run
+ --reports-out-dir REPORTS_OUT_DIR
+                                 Directory to write markdown outputs (default: autopkg_reports_summary/summary)
+ --reports-run-date REPORTS_RUN_DATE
+                                 Run date string to include in the summary
+ --reports-strict                Exit non-zero if any errors are detected in processed reports
+```
+
+## Examples
+
+Run recipes (serial):
+
+```bash
+autopkg_wrapper --recipes Foo.download Bar.download
+```
+
+Run 3 recipes concurrently and process reports afterward:
+
+```bash
+autopkg_wrapper \
+  --recipe-file /path/to/recipe_list.txt \
+  --concurrency 3 \
+  --disable-git-commands \
+  --process-reports \
+  --reports-out-dir /tmp/autopkg_reports_summary \
+  --reports-strict
+```
+
+Process a reports zip explicitly (no recipe run):
+
+```bash
+autopkg_wrapper \
+  --process-reports \
+  --reports-zip /path/to/autopkg_report-2026-02-02.zip \
+  --reports-extract-dir /tmp/autopkg_reports \
+  --reports-out-dir /tmp/autopkg_reports_summary
+```
+
+Notes:
+
+- During recipe runs, per‑recipe plist reports are written to `/private/tmp/autopkg`.
+- When `--process-reports` is supplied without `--reports-zip` or `--reports-dir`, the tool processes `/private/tmp/autopkg`.
+- If `AUTOPKG_JSS_URL`, `AUTOPKG_CLIENT_ID`, and `AUTOPKG_CLIENT_SECRET` are set, uploaded package rows are enriched with Jamf package links.
+  - No extra CLI flag is required; enrichment runs automatically when all three env vars are present.
+
+An example folder structure and GitHub Actions Workflow is available within the [`actions-demo`](actions-demo)
+
+## Credits
+
+- [`autopkg_tools` from Facebook](https://github.com/facebook/IT-CPE/tree/main/legacy/autopkg_tools)
+- [`autopkg_tools` from Facebook, modified by Gusto](https://github.com/Gusto/it-cpe-opensource/tree/main/autopkg)

autopkg_wrapper-2026.2.5/actions-demo/requirements.txt

@@ -0,0 +1,3 @@
+autopkg-wrapper==2025.11.1 \
+    --hash=sha256:1f6e650fb386f7bc010a02be7fc019d90b9a6ebab9b37638492fde1deb962d87 \
+    --hash=sha256:7304c6aa7a944ad86526583ec89115d704b49fe450d0bf4f2b4f7a2ab2aa57d6

{autopkg_wrapper-2025.11.1 → autopkg_wrapper-2026.2.5}/autopkg_wrapper/autopkg_wrapper.py

@@ -4,6 +4,7 @@ import logging
 import plistlib
 import subprocess
 import sys
+from concurrent.futures import ThreadPoolExecutor, as_completed
 from datetime import datetime
 from itertools import chain
 from pathlib import Path
@@ -12,6 +13,8 @@ import autopkg_wrapper.utils.git_functions as git
 from autopkg_wrapper.notifier import slack
 from autopkg_wrapper.utils.args import setup_args
 from autopkg_wrapper.utils.logging import setup_logger
+from autopkg_wrapper.utils.recipe_ordering import order_recipe_list
+from autopkg_wrapper.utils.report_processor import process_reports
 
 
 class Recipe(object):
@@ -34,43 +37,39 @@ class Recipe(object):
         return name
 
     def verify_trust_info(self, args):
-        verbose_output = ["-vvvv"] if args.debug else None
+        verbose_output = ["-vvvv"] if args.debug else []
         prefs_file = (
-            ["--prefs", args.autopkg_prefs.as_posix()] if args.autopkg_prefs else None
+            ["--prefs", args.autopkg_prefs.as_posix()] if args.autopkg_prefs else []
         )
-        cmd = ["/usr/local/bin/autopkg", "verify-trust-info", self.filename]
-        cmd = cmd + verbose_output if verbose_output else cmd
-        cmd = cmd + prefs_file if prefs_file else cmd
-        cmd = " ".join(cmd)
-        logging.debug(f"cmd: {str(cmd)}")
-
-        p = subprocess.Popen(
-            cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True
+        autopkg_bin = getattr(args, "autopkg_bin", "/usr/local/bin/autopkg")
+        cmd = (
+            [autopkg_bin, "verify-trust-info", self.filename]
+            + verbose_output
+            + prefs_file
         )
-        (output, err) = p.communicate()
-        p_status = p.wait()
-        if p_status == 0:
+        logging.debug(f"cmd: {cmd}")
+
+        result = subprocess.run(cmd, capture_output=True, text=True)
+        if result.returncode == 0:
             self.verified = True
         else:
-            err = err.decode()
-            self.results["message"] = err
+            self.results["message"] = (result.stderr or "").strip()
             self.verified = False
         return self.verified
 
     def update_trust_info(self, args):
         prefs_file = (
-            ["--prefs", args.autopkg_prefs.as_posix()] if args.autopkg_prefs else None
+            ["--prefs", args.autopkg_prefs.as_posix()] if args.autopkg_prefs else []
         )
-        cmd = ["/usr/local/bin/autopkg", "update-trust-info", self.filename]
-        cmd = cmd + prefs_file if prefs_file else cmd
-        cmd = " ".join(cmd)
-        logging.debug(f"cmd: {str(cmd)}")
+        autopkg_bin = getattr(args, "autopkg_bin", "/usr/local/bin/autopkg")
+        cmd = [autopkg_bin, "update-trust-info", self.filename] + prefs_file
+        logging.debug(f"cmd: {cmd}")
 
         # Fail loudly if this exits 0
         try:
-            subprocess.check_call(cmd, shell=True)
+            subprocess.check_call(cmd)
         except subprocess.CalledProcessError as e:
-            logging.error(e.stderr)
+            logging.error(str(e))
             raise e
 
     def _parse_report(self, report):
@@ -94,7 +93,7 @@ class Recipe(object):
             self.results["failed"] = True
             self.results["imported"] = ""
         else:
-            report_dir = Path("/tmp/autopkg")
+            report_dir = Path("/private/tmp/autopkg")
             report_time = datetime.now().strftime("%Y-%m-%dT%H-%M-%S")
             report_name = Path(f"{self.name}-{report_time}.plist")
 
@@ -106,9 +105,9 @@ class Recipe(object):
                 prefs_file = (
                     ["--prefs", args.autopkg_prefs.as_posix()]
                     if args.autopkg_prefs
-                    else None
+                    else []
                 )
-                verbose_output = ["-vvvv"] if args.debug else None
+                verbose_output = ["-vvvv"] if args.debug else []
                 post_processor_cmd = (
                     list(
                         chain.from_iterable(
@@ -119,25 +118,25 @@ class Recipe(object):
                         )
                     )
                     if self.post_processors
-                    else None
+                    else []
                 )
+                autopkg_bin = getattr(args, "autopkg_bin", "/usr/local/bin/autopkg")
                 cmd = [
-                    "/usr/local/bin/autopkg",
+                    autopkg_bin,
                     "run",
                     self.filename,
                     "--report-plist",
                     str(report),
                 ]
-                cmd = cmd + post_processor_cmd if post_processor_cmd else cmd
-                cmd = cmd + verbose_output if verbose_output else cmd
-                cmd = cmd + prefs_file if prefs_file else cmd
-                cmd = " ".join(cmd)
+                cmd = cmd + post_processor_cmd + verbose_output + prefs_file
 
-                logging.debug(f"cmd: {str(cmd)}")
+                logging.debug(f"cmd: {cmd}")
 
-                subprocess.check_call(cmd, shell=True)
+                result = subprocess.run(cmd, capture_output=True, text=True)
+                if result.returncode != 0:
+                    self.error = True
 
-            except subprocess.CalledProcessError:
+            except Exception:
                 self.error = True
 
             self._has_run = True
@@ -244,7 +243,12 @@ def update_recipe_repo(recipe, git_info, disable_recipe_trust_check, args):
 
 
 def parse_recipe_list(recipes, recipe_file, post_processors, args):
-    """Parsing list of recipes into a common format"""
+    """Parse recipe inputs into a common list of recipe names.
+
+    The arguments assume that `recipes` and `recipe_file` are mutually exclusive.
+    If `args.recipe_processing_order` is provided, the list is re-ordered before
+    creating `Recipe` objects.
+    """
     recipe_list = None
 
     logging.info(f"Recipes: {recipes}") if recipes else None
@@ -254,6 +258,12 @@ def parse_recipe_list(recipes, recipe_file, post_processors, args):
         if recipe_file.suffix == ".json":
             with open(recipe_file, "r") as f:
                 recipe_list = json.load(f)
+        elif recipe_file.suffix in {".yaml", ".yml"}:
+            from ruamel.yaml import YAML
+
+            yaml = YAML(typ="safe")
+            with open(recipe_file, "r", encoding="utf-8") as f:
+                recipe_list = yaml.load(f)
         elif recipe_file.suffix == ".txt":
             with open(recipe_file, "r") as f:
                 recipe_list = f.read().splitlines()
@@ -277,11 +287,16 @@ def parse_recipe_list(recipes, recipe_file, post_processors, args):
             """Please provide recipes to run via the following methods:
     --recipes recipe_one.download recipe_two.download
     --recipe-file path/to/recipe_list.json
-    Comma separated list in the AUTOPKG_RECIPES env variable"""
+    Comma separated list in the AW_RECIPES env variable"""
         )
         sys.exit(1)
 
-    logging.info(f"Processing the following recipes: {recipe_list}")
+    if args.recipe_processing_order:
+        recipe_list = order_recipe_list(
+            recipe_list=recipe_list, order=args.recipe_processing_order
+        )
+
+    logging.info(f"Processing {len(recipe_list)} recipes.")
     recipe_map = [Recipe(name, post_processors=post_processors) for name in recipe_list]
 
     return recipe_map
@@ -358,31 +373,50 @@ def main():
 
     failed_recipes = []
 
-    for recipe in recipe_list:
-        logging.info(f"Processing Recipe: {recipe.name}")
+    # Run recipes concurrently using a thread pool to parallelize subprocess calls
+    max_workers = max(1, int(getattr(args, "concurrency", 1)))
+    logging.info(f"Running recipes with concurrency={max_workers}")
+
+    def run_one(r: Recipe):
+        logging.info(f"Processing Recipe: {r.name}")
         process_recipe(
-            recipe=recipe,
+            recipe=r,
             disable_recipe_trust_check=args.disable_recipe_trust_check,
             args=args,
         )
+        # Git updates and notifications are applied serially after all recipes finish
+        return r
+
+    with ThreadPoolExecutor(max_workers=max_workers) as executor:
+        futures = [executor.submit(run_one, r) for r in recipe_list]
+        for fut in as_completed(futures):
+            r = fut.result()
+            if r.error or r.results.get("failed"):
+                failed_recipes.append(r)
+
+    # Apply git updates serially to avoid branch/commit conflicts when concurrency > 1
+    for r in recipe_list:
         update_recipe_repo(
             git_info=override_repo_info,
-            recipe=recipe,
+            recipe=r,
             disable_recipe_trust_check=args.disable_recipe_trust_check,
             args=args,
         )
-        slack.send_notification(
-            recipe=recipe, token=args.slack_token
-        ) if args.slack_token else None
 
-        if recipe.error or recipe.results.get("failed"):
-            failed_recipes.append(recipe)
-
-    recipe.pr_url = (
-        git.create_pull_request(git_info=override_repo_info, recipe=recipe)
-        if args.create_pr
-        else None
-    )
+    # Send notifications serially to simplify rate limiting and ordering
+    if args.slack_token:
+        for r in recipe_list:
+            slack.send_notification(recipe=r, token=args.slack_token)
+
+    # Optionally open a PR for updated trust information
+    if args.create_pr and recipe_list:
+        # Choose a representative recipe for the PR title/body
+        rep_recipe = next(
+            (r for r in recipe_list if r.updated is True or r.verified is False),
+            recipe_list[0],
+        )
+        pr_url = git.create_pull_request(git_info=override_repo_info, recipe=rep_recipe)
+        logging.info(f"Created Pull Request for trust info updates: {pr_url}")
 
     # Create GitHub issue for failed recipes
     if args.create_issues and failed_recipes and args.github_token:
@@ -390,3 +424,20 @@ def main():
             git_info=override_repo_info, failed_recipes=failed_recipes
         )
         logging.info(f"Created GitHub issue for failed recipes: {issue_url}")
+
+    # Optionally process reports after running recipes
+    if getattr(args, "process_reports", False):
+        rc = process_reports(
+            zip_file=getattr(args, "reports_zip", None),
+            extract_dir=getattr(
+                args, "reports_extract_dir", "autopkg_reports_summary/reports"
+            ),
+            reports_dir=(getattr(args, "reports_dir", None) or "/private/tmp/autopkg"),
+            environment="",
+            run_date=getattr(args, "reports_run_date", ""),
+            out_dir=getattr(args, "reports_out_dir", "autopkg_reports_summary/summary"),
+            debug=bool(getattr(args, "debug", False)),
+            strict=bool(getattr(args, "reports_strict", False)),
+        )
+        if rc:
+            sys.exit(rc)

{autopkg_wrapper-2025.11.1 → autopkg_wrapper-2026.2.5}/autopkg_wrapper/notifier/slack.py

@@ -5,7 +5,7 @@ import requests
 
 
 def send_notification(recipe, token):
-    logging.debug("Skipping Slack notification as DEBUG is enabled!")
+    logging.debug("Preparing Slack notification")
 
     if token is None:
         logging.error("Skipping Slack Notification as no SLACK_WEBHOOK_TOKEN defined!")