envrcctl 0.2.1__tar.gz → 0.2.3__tar.gz

{envrcctl-0.2.1 → envrcctl-0.2.3}/.gitignore

@@ -9,3 +9,7 @@ __pycache__/
 htmlcov/
 .DS_Store
 .envrc
+dist/helper/
+dist/*-arm64.tar.gz
+dist/*-darwin-arm64.tar.gz
+src/*.egg-info/

envrcctl-0.2.1/README.md → envrcctl-0.2.3/PKG-INFO

@@ -1,3 +1,21 @@
+Metadata-Version: 2.4
+Name: envrcctl
+Version: 0.2.3
+Summary: Manage .envrc with managed blocks and OS-backed secrets.
+Project-URL: Homepage, https://github.com/rioriost/envrcctl
+Project-URL: Issues, https://github.com/rioriost/envrcctl/issues
+Project-URL: Repository, https://github.com/rioriost/envrcctl
+Author-email: Rio Fujita <rio_github@rio.st>
+License-Expression: MIT
+License-File: LICENSE
+Requires-Python: >=3.14
+Requires-Dist: typer>=0.24.1
+Provides-Extra: test
+Requires-Dist: bandit>=1.7.10; extra == 'test'
+Requires-Dist: pytest-cov>=7; extra == 'test'
+Requires-Dist: pytest>=9; extra == 'test'
+Description-Content-Type: text/markdown
+
 # envrcctl
 
 envrcctl is a CLI tool that manages `.envrc` files safely through a managed
@@ -34,23 +52,17 @@ It is designed for macOS first, with Linux support via SecretService.
 Tap and install:
 
 ```sh
-brew tap rioriost/envrcctl
+brew tap rioriost/tap
 brew install envrcctl
 ```
 
-For the next patch release, the Homebrew formula is intended to install a
-prebuilt Apple Silicon macOS authentication helper from a GitHub release
-`tar.gz` asset instead of compiling it at install time.
-
-This Homebrew path is therefore intended for:
+This Homebrew path is intended for:
 
 - Apple Silicon (`arm64`) Macs
 - macOS installs that should not require a full Xcode.app build dependency
 
 Intel Macs are not a target for this Homebrew distribution path.
 
-After release, Homebrew will download the release from GitHub.
-
 Install direnv with Homebrew:
 
 ```sh
@@ -69,42 +81,25 @@ pipx install envrcctl
 uv tool install envrcctl
 ```
 
-### From source (macOS/Linux)
-
-```sh
-git clone <REPO_URL>
-cd envrcctl
-uv sync
-uv run python -m envrcctl.main --help
-```
-
-### Build the macOS auth helper manually (macOS only)
+### About the macOS auth helper (Apple Silicon macOS only)
 
 The macOS device owner authentication flow requires a native helper named
 `envrcctl-macos-auth`.
 
-On Apple Silicon macOS, the Homebrew installation path for the next patch
-release is intended to install a prebuilt helper automatically from a GitHub
-release `tar.gz` asset, so you should not need to compile it yourself in the
-common case.
+Homebrew on Apple Silicon is intended to install this helper automatically, so
+you should not need to build it yourself in the common case.
 
 Manual helper installation is still useful when:
 
-- you are running from source
-- you are developing on this repository
 - you want to place the helper in a custom location
 - you are not using the Apple Silicon Homebrew distribution path
 
-The Homebrew release asset is expected to be named
-`envrcctl-macos-auth-arm64.tar.gz` and to contain an executable named
-`envrcctl-macos-auth`.
-
-If you are building the helper yourself, place the binary at either:
+If you are building the helper yourself, use Apple Silicon (`arm64`) macOS and place the binary at either:
 
 - `src/envrcctl/envrcctl-macos-auth`
 - or a custom path set via `ENVRCCTL_MACOS_AUTH_HELPER`
 
-Example build flow:
+Example build flow on Apple Silicon macOS:
 
 ```sh
 swiftc -O -framework LocalAuthentication -framework Security \
@@ -113,20 +108,6 @@ swiftc -O -framework LocalAuthentication -framework Security \
 chmod +x src/envrcctl/envrcctl-macos-auth
 ```
 
-You can also use the repository build script:
-
-```sh
-sh scripts/build_macos_auth_helper.sh
-```
-
-If you want to write the helper to a custom location, pass the source and output paths explicitly:
-
-```sh
-sh scripts/build_macos_auth_helper.sh \
-  scripts/macos/envrcctl-macos-auth.swift \
-  /usr/local/bin/envrcctl-macos-auth
-```
-
 If you install the helper elsewhere, set:
 
 ```sh
@@ -373,12 +354,7 @@ uv run python scripts/generate_completions.py
 - Audit integrity is based on a hash chain and can be checked with `envrcctl audit verify`
 - The tool refuses to write to world-writable `.envrc`
 
-## Development
 
-```sh
-uv sync
-.venv/bin/envrcctl --help
-```
 
 ## Acknowledgements
 

envrcctl-0.2.1/PKG-INFO → envrcctl-0.2.3/README.md

@@ -1,37 +1,3 @@
-Metadata-Version: 2.4
-Name: envrcctl
-Version: 0.2.1
-Summary: Manage .envrc with managed blocks and OS-backed secrets.
-License: MIT License
-        
-        Copyright (c) 2026 Rio Fujita
-        
-        Permission is hereby granted, free of charge, to any person obtaining a copy
-        of this software and associated documentation files (the "Software"), to deal
-        in the Software without restriction, including without limitation the rights
-        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-        copies of the Software, and to permit persons to whom the Software is
-        furnished to do so, subject to the following conditions:
-        
-        The above copyright notice and this permission notice shall be included in all
-        copies or substantial portions of the Software.
-        
-        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-        SOFTWARE.
-License-File: LICENSE
-Requires-Python: >=3.14
-Requires-Dist: typer>=0.24.1
-Provides-Extra: test
-Requires-Dist: bandit>=1.7.10; extra == 'test'
-Requires-Dist: pytest-cov>=7.0.0; extra == 'test'
-Requires-Dist: pytest>=9.0.2; extra == 'test'
-Description-Content-Type: text/markdown
-
 # envrcctl
 
 envrcctl is a CLI tool that manages `.envrc` files safely through a managed
@@ -68,23 +34,17 @@ It is designed for macOS first, with Linux support via SecretService.
 Tap and install:
 
 ```sh
-brew tap rioriost/envrcctl
+brew tap rioriost/tap
 brew install envrcctl
 ```
 
-For the next patch release, the Homebrew formula is intended to install a
-prebuilt Apple Silicon macOS authentication helper from a GitHub release
-`tar.gz` asset instead of compiling it at install time.
-
-This Homebrew path is therefore intended for:
+This Homebrew path is intended for:
 
 - Apple Silicon (`arm64`) Macs
 - macOS installs that should not require a full Xcode.app build dependency
 
 Intel Macs are not a target for this Homebrew distribution path.
 
-After release, Homebrew will download the release from GitHub.
-
 Install direnv with Homebrew:
 
 ```sh
@@ -103,42 +63,25 @@ pipx install envrcctl
 uv tool install envrcctl
 ```
 
-### From source (macOS/Linux)
-
-```sh
-git clone <REPO_URL>
-cd envrcctl
-uv sync
-uv run python -m envrcctl.main --help
-```
-
-### Build the macOS auth helper manually (macOS only)
+### About the macOS auth helper (Apple Silicon macOS only)
 
 The macOS device owner authentication flow requires a native helper named
 `envrcctl-macos-auth`.
 
-On Apple Silicon macOS, the Homebrew installation path for the next patch
-release is intended to install a prebuilt helper automatically from a GitHub
-release `tar.gz` asset, so you should not need to compile it yourself in the
-common case.
+Homebrew on Apple Silicon is intended to install this helper automatically, so
+you should not need to build it yourself in the common case.
 
 Manual helper installation is still useful when:
 
-- you are running from source
-- you are developing on this repository
 - you want to place the helper in a custom location
 - you are not using the Apple Silicon Homebrew distribution path
 
-The Homebrew release asset is expected to be named
-`envrcctl-macos-auth-arm64.tar.gz` and to contain an executable named
-`envrcctl-macos-auth`.
-
-If you are building the helper yourself, place the binary at either:
+If you are building the helper yourself, use Apple Silicon (`arm64`) macOS and place the binary at either:
 
 - `src/envrcctl/envrcctl-macos-auth`
 - or a custom path set via `ENVRCCTL_MACOS_AUTH_HELPER`
 
-Example build flow:
+Example build flow on Apple Silicon macOS:
 
 ```sh
 swiftc -O -framework LocalAuthentication -framework Security \
@@ -147,20 +90,6 @@ swiftc -O -framework LocalAuthentication -framework Security \
 chmod +x src/envrcctl/envrcctl-macos-auth
 ```
 
-You can also use the repository build script:
-
-```sh
-sh scripts/build_macos_auth_helper.sh
-```
-
-If you want to write the helper to a custom location, pass the source and output paths explicitly:
-
-```sh
-sh scripts/build_macos_auth_helper.sh \
-  scripts/macos/envrcctl-macos-auth.swift \
-  /usr/local/bin/envrcctl-macos-auth
-```
-
 If you install the helper elsewhere, set:
 
 ```sh
@@ -407,12 +336,7 @@ uv run python scripts/generate_completions.py
 - Audit integrity is based on a hash chain and can be checked with `envrcctl audit verify`
 - The tool refuses to write to world-writable `.envrc`
 
-## Development
 
-```sh
-uv sync
-.venv/bin/envrcctl --help
-```
 
 ## Acknowledgements
 

envrcctl-0.2.3/pyproject.toml

@@ -0,0 +1,67 @@
+[project]
+name = "envrcctl"
+version = "0.2.3"
+description = "Manage .envrc with managed blocks and OS-backed secrets."
+readme = { file = "README.md", content-type = "text/markdown" }
+license = "MIT"
+requires-python = ">=3.14"
+authors = [
+    { name = "Rio Fujita", email = "rio_github@rio.st" },
+]
+dependencies = [
+    "typer>=0.24.1",
+]
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/envrcctl"]
+
+[tool.hatch.build.targets.sdist]
+include = [
+    "src/**",
+    "tests/**",
+    "scripts/**",
+    "completions/**",
+    "README.md",
+    "LICENSE",
+    "pyproject.toml",
+]
+exclude = [
+    "src/envrcctl/envrcctl-macos-auth",
+]
+
+[project.urls]
+Homepage = "https://github.com/rioriost/envrcctl"
+Issues = "https://github.com/rioriost/envrcctl/issues"
+Repository = "https://github.com/rioriost/envrcctl"
+
+[project.scripts]
+envrcctl = "envrcctl.main:main"
+
+[project.optional-dependencies]
+test = [
+    "pytest>=9",
+    "pytest-cov>=7",
+    "bandit>=1.7.10",
+]
+
+[dependency-groups]
+dev = [
+    "build>=1.2.2",
+    "twine>=6.1.0",
+    "ruff>=0.12.0",
+]
+
+[build-system]
+requires = ["hatchling>=1.25.0"]
+build-backend = "hatchling.build"
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+
+[tool.ruff]
+line-length = 100
+target-version = "py314"
+
+[tool.ruff.lint]
+select = ["E", "F", "I", "B", "UP"]

{envrcctl-0.2.1 → envrcctl-0.2.3}/scripts/build_macos_auth_helper.sh

@@ -11,6 +11,11 @@ if [ "$(uname -s)" != "Darwin" ]; then
   exit 1
 fi
 
+if [ "$(uname -m)" != "arm64" ]; then
+  echo "This helper only supports Apple Silicon (arm64) macOS." >&2
+  exit 1
+fi
+
 if ! command -v swiftc >/dev/null 2>&1; then
   echo "swiftc not found. Install Xcode Command Line Tools first." >&2
   exit 1
@@ -24,7 +29,7 @@ fi
 
 mkdir -p "$(dirname "$OUTPUT_PATH")"
 
-echo "Building macOS auth helper..."
+echo "Building macOS auth helper for Apple Silicon (arm64)..."
 echo "  source: $SWIFT_SOURCE"
 echo "  output: $OUTPUT_PATH"
 

envrcctl-0.2.3/scripts/package_for_ship.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -eu
+
+echo "scripts/package_for_ship.sh is obsolete." >&2
+echo "Run 'make release-artifacts' from the repository root instead." >&2
+exit 1

envrcctl-0.2.3/scripts/release_artifacts.py

@@ -0,0 +1,286 @@
+#!/usr/bin/env python3
+from __future__ import annotations
+
+import argparse
+import hashlib
+import shutil
+import subprocess
+import sys
+import tarfile
+import tempfile
+from pathlib import Path
+
+
+def run(cmd: list[str], *, cwd: Path) -> None:
+    print("+", " ".join(cmd))
+    subprocess.run(cmd, cwd=cwd, check=True)
+
+
+def sha256_file(path: Path) -> str:
+    digest = hashlib.sha256()
+    with path.open("rb") as fh:
+        for chunk in iter(lambda: fh.read(1024 * 1024), b""):
+            digest.update(chunk)
+    return digest.hexdigest()
+
+
+def project_root() -> Path:
+    return Path(__file__).resolve().parents[1]
+
+
+def project_version(pyproject_path: Path) -> str:
+    for line in pyproject_path.read_text(encoding="utf-8").splitlines():
+        stripped = line.strip()
+        if stripped.startswith("version = "):
+            value = stripped.split("=", 1)[1].strip()
+            if value.startswith('"') and value.endswith('"'):
+                return value[1:-1]
+            if value.startswith("'") and value.endswith("'"):
+                return value[1:-1]
+    raise RuntimeError(f"Could not find project version in {pyproject_path}")
+
+
+def require_command(name: str) -> None:
+    if shutil.which(name) is None:
+        raise RuntimeError(f"Required command not found in PATH: {name}")
+
+
+def ensure_macos_arm64() -> None:
+    if sys.platform != "darwin":
+        raise RuntimeError("This script must run on macOS.")
+    machine = getattr(__import__("os"), "uname")().machine
+    if machine != "arm64":
+        raise RuntimeError("This script only supports Apple Silicon (arm64) macOS.")
+
+
+def dist_dir(repo_root: Path) -> Path:
+    return repo_root / "dist"
+
+
+def helper_output_path(repo_root: Path) -> Path:
+    return repo_root / "src" / "envrcctl" / "envrcctl-macos-auth"
+
+
+def generate_completions(repo_root: Path) -> None:
+    require_command("uv")
+    run(["uv", "run", "python", "scripts/generate_completions.py"], cwd=repo_root)
+
+    expected = [
+        repo_root / "completions" / "envrcctl.bash",
+        repo_root / "completions" / "envrcctl.zsh",
+        repo_root / "completions" / "envrcctl.fish",
+    ]
+    missing = [path for path in expected if not path.exists()]
+    if missing:
+        joined = ", ".join(str(path) for path in missing)
+        raise RuntimeError(f"Completion generation did not create expected files: {joined}")
+
+
+def sync_dev_environment(repo_root: Path) -> None:
+    require_command("uv")
+    run(["uv", "sync", "--extra", "test", "--group", "dev"], cwd=repo_root)
+
+
+def clean_dist(repo_root: Path) -> None:
+    out = dist_dir(repo_root)
+    if out.exists():
+        shutil.rmtree(out)
+    out.mkdir(parents=True, exist_ok=True)
+
+
+def build_python_artifacts(repo_root: Path) -> tuple[Path, Path]:
+    require_command("uv")
+    run(["uv", "build"], cwd=repo_root)
+
+    version = project_version(repo_root / "pyproject.toml")
+    sdist = dist_dir(repo_root) / f"envrcctl-{version}.tar.gz"
+    wheel = dist_dir(repo_root) / f"envrcctl-{version}-py3-none-any.whl"
+
+    if not sdist.exists():
+        raise RuntimeError(f"Expected sdist was not created: {sdist}")
+    if not wheel.exists():
+        raise RuntimeError(f"Expected wheel was not created: {wheel}")
+
+    return sdist, wheel
+
+
+def build_helper_binary(repo_root: Path) -> Path:
+    ensure_macos_arm64()
+    run(["sh", "scripts/build_macos_auth_helper.sh"], cwd=repo_root)
+
+    helper_path = helper_output_path(repo_root)
+    if not helper_path.exists():
+        raise RuntimeError(f"Expected helper binary was not created: {helper_path}")
+    if not helper_path.is_file():
+        raise RuntimeError(f"Helper path is not a file: {helper_path}")
+    return helper_path
+
+
+def package_helper_archive(repo_root: Path, version: str, helper_binary: Path) -> Path:
+    archive_path = dist_dir(repo_root) / f"envrcctl-macos-auth-{version}-arm64.tar.gz"
+
+    with tempfile.TemporaryDirectory() as tmpdir:
+        stage_dir = Path(tmpdir)
+        staged_binary = stage_dir / "envrcctl-macos-auth"
+        shutil.copy2(helper_binary, staged_binary)
+        staged_binary.chmod(0o755)
+
+        with tarfile.open(archive_path, "w:gz") as tf:
+            tf.add(staged_binary, arcname="envrcctl-macos-auth")
+
+    if not archive_path.exists():
+        raise RuntimeError(f"Expected helper archive was not created: {archive_path}")
+
+    return archive_path
+
+
+def formula_content(
+    *,
+    version: str,
+    source_sha256: str,
+    helper_sha256: str,
+    homepage: str,
+    license_name: str,
+) -> str:
+    release_base = f"{homepage}/releases/download/{version}"
+    source_url = f"{release_base}/envrcctl-{version}.tar.gz"
+    helper_url = f"{release_base}/envrcctl-macos-auth-{version}-arm64.tar.gz"
+
+    return f"""class Envrcctl < Formula
+  include Language::Python::Virtualenv
+
+  desc "Manage .envrc with managed blocks and OS-backed secrets"
+  homepage "{homepage}"
+  url "{source_url}"
+  sha256 "{source_sha256}"
+  license "{license_name}"
+
+  depends_on "python@3.12"
+
+  on_macos do
+    on_arm do
+      resource "envrcctl-macos-auth-arm64" do
+        url "{helper_url}"
+        sha256 "{helper_sha256}"
+      end
+    end
+  end
+
+  def install
+    venv = virtualenv_create(libexec, "python3.12")
+    venv.pip_install buildpath
+
+    bin.install_symlink libexec/"bin/envrcctl"
+
+    if OS.mac? && Hardware::CPU.arm?
+      resource("envrcctl-macos-auth-arm64").stage do
+        bin.install "envrcctl-macos-auth"
+      end
+    end
+
+    bash_completion.install "completions/envrcctl.bash" => "envrcctl"
+    zsh_completion.install "completions/envrcctl.zsh" => "_envrcctl"
+    fish_completion.install "completions/envrcctl.fish"
+  end
+
+  test do
+    assert_predicate bin/"envrcctl", :exist?
+    assert_match version.to_s, shell_output("#{bin}/envrcctl --version")
+    if OS.mac? && Hardware::CPU.arm?
+      assert_predicate bin/"envrcctl-macos-auth", :exist?
+    end
+  end
+end
+"""
+
+
+def write_formula(repo_root: Path, formula_text: str, formula_dir: Path | None) -> Path:
+    target_dir = formula_dir or (repo_root.parent / "homebrew-tap" / "Formula")
+    target_dir.mkdir(parents=True, exist_ok=True)
+    formula_path = target_dir / "envrcctl.rb"
+    formula_path.write_text(formula_text, encoding="utf-8")
+    return formula_path
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(
+        description=(
+            "Build envrcctl release artifacts: sync dev dependencies, generate completions, "
+            "build Python artifacts, build the Apple Silicon helper, package the helper tarball, "
+            "and write a Homebrew formula. This is the canonical script entrypoint behind "
+            "`make release-artifacts`."
+        )
+    )
+    parser.add_argument(
+        "--homepage",
+        default="https://github.com/rioriost/envrcctl",
+        help="Project homepage / GitHub repository URL.",
+    )
+    parser.add_argument(
+        "--license",
+        dest="license_name",
+        default="MIT",
+        help="Homebrew formula license identifier.",
+    )
+    parser.add_argument(
+        "--formula-dir",
+        type=Path,
+        default=None,
+        help="Directory to write envrcctl.rb into. Defaults to ../homebrew-tap/Formula.",
+    )
+    return parser.parse_args()
+
+
+def main() -> int:
+    args = parse_args()
+    repo_root = project_root()
+    version = project_version(repo_root / "pyproject.toml")
+
+    print(f"Building release artifacts for envrcctl {version}")
+    print(f"Repository root: {repo_root}")
+
+    sdist_path = dist_dir(repo_root) / f"envrcctl-{version}.tar.gz"
+    wheel_path = dist_dir(repo_root) / f"envrcctl-{version}-py3-none-any.whl"
+    helper_archive = dist_dir(repo_root) / f"envrcctl-macos-auth-{version}-arm64.tar.gz"
+
+    if not sdist_path.exists() or not wheel_path.exists() or not helper_archive.exists():
+        sync_dev_environment(repo_root)
+        generate_completions(repo_root)
+        clean_dist(repo_root)
+        sdist_path, wheel_path = build_python_artifacts(repo_root)
+        helper_binary = build_helper_binary(repo_root)
+        helper_archive = package_helper_archive(repo_root, version, helper_binary)
+    else:
+        print("Reusing existing release artifacts from dist/")
+
+    source_sha256 = sha256_file(sdist_path)
+    helper_sha256 = sha256_file(helper_archive)
+
+    formula_path = write_formula(
+        repo_root,
+        formula_content(
+            version=version,
+            source_sha256=source_sha256,
+            helper_sha256=helper_sha256,
+            homepage=args.homepage,
+            license_name=args.license_name,
+        ),
+        args.formula_dir,
+    )
+
+    print()
+    print("Artifacts built successfully:")
+    print(f"- sdist:   {sdist_path}")
+    print(f"- wheel:   {wheel_path}")
+    print(f"- helper:  {helper_archive}")
+    print(f"- formula: {formula_path}")
+    print()
+    print("SHA256:")
+    print(f"- envrcctl-{version}.tar.gz: {source_sha256}")
+    print(f"- envrcctl-macos-auth-{version}-arm64.tar.gz: {helper_sha256}")
+
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())