multicz 0.1.0__tar.gz → 0.2.0__tar.gz

{multicz-0.1.0 → multicz-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: multicz
-Version: 0.1.0
+Version: 0.2.0
 Summary: Multi-component versioning for monorepos: bump apps, charts, and images independently from conventional commits.
 Keywords: semver,monorepo,helm,conventional-commits,release,versioning
 Author: Chris
@@ -293,7 +293,14 @@ Each component declares:
 * `mirrors` — files that should reflect this component's version (e.g. a
   Helm chart's `appVersion` mirroring the app version);
 * `triggers` — other components whose bumps should trigger this one;
-* `changelog` — path to a `CHANGELOG.md` the planner should keep in sync.
+* `changelog` — path to a `CHANGELOG.md` the planner should keep in sync;
+* `post_bump` — shell commands run after the writes to regenerate
+  lockfiles (`uv lock`, `npm install --package-lock-only`,
+  `cargo update --workspace`, `helm dependency update charts/foo`,
+  `bundle lock`, `composer update --lock`, `go mod tidy`, …). Files
+  modified by these commands are auto-detected and folded into the
+  release commit, so the lockfile and the version it pins land
+  atomically.
 
 The planner runs three passes:
 

{multicz-0.1.0 → multicz-0.2.0}/README.md

@@ -265,7 +265,14 @@ Each component declares:
 * `mirrors` — files that should reflect this component's version (e.g. a
   Helm chart's `appVersion` mirroring the app version);
 * `triggers` — other components whose bumps should trigger this one;
-* `changelog` — path to a `CHANGELOG.md` the planner should keep in sync.
+* `changelog` — path to a `CHANGELOG.md` the planner should keep in sync;
+* `post_bump` — shell commands run after the writes to regenerate
+  lockfiles (`uv lock`, `npm install --package-lock-only`,
+  `cargo update --workspace`, `helm dependency update charts/foo`,
+  `bundle lock`, `composer update --lock`, `go mod tidy`, …). Files
+  modified by these commands are auto-detected and folded into the
+  release commit, so the lockfile and the version it pins land
+  atomically.
 
 The planner runs three passes:
 

{multicz-0.1.0 → multicz-0.2.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "multicz"
-version = "0.1.0"
+version = "0.2.0"
 description = "Multi-component versioning for monorepos: bump apps, charts, and images independently from conventional commits."
 readme = "README.md"
 authors = [

{multicz-0.1.0 → multicz-0.2.0}/src/multicz/cli.py

@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+import shlex
 import subprocess
 import sys
 from pathlib import Path
@@ -1006,6 +1007,50 @@ def _git(repo: Path, *args: str) -> str:
     return result.stdout
 
 
+def _porcelain_paths(repo: Path) -> set[str]:
+    """Repo-relative paths currently dirty in the working tree.
+
+    Used to diff working-tree state before vs. after running ``post_bump``
+    hooks: anything that wasn't dirty before but is dirty after came from
+    a hook, and gets pulled into the release commit.
+    """
+    out = subprocess.run(
+        ["git", "status", "--porcelain"],
+        cwd=repo, capture_output=True, text=True,
+    )
+    if out.returncode != 0:
+        return set()
+    paths: set[str] = set()
+    for line in out.stdout.splitlines():
+        if len(line) < 4:
+            continue
+        rest = line[3:]
+        # Renames render as "OLD -> NEW"; we care about the new path only.
+        if " -> " in rest:
+            rest = rest.split(" -> ", 1)[1]
+        paths.add(rest)
+    return paths
+
+
+def _run_post_bump_hook(repo: Path, command: str) -> None:
+    """Execute a single ``post_bump`` shell command in ``repo``."""
+    args = shlex.split(command)
+    if not args:
+        return
+    console.print(f"  [dim]post_bump:[/] {command}")
+    result = subprocess.run(
+        args, cwd=repo, capture_output=True, text=True
+    )
+    if result.returncode != 0:
+        err.print(
+            f"[red]post_bump hook failed[/] (exit {result.returncode}): "
+            f"{command}"
+        )
+        if result.stderr.strip():
+            err.print(result.stderr.strip())
+        raise typer.Exit(code=1)
+
+
 def _resolve_maintainer(repo: Path, configured: str | None) -> str:
     """Pick a Debian-format maintainer string ``Name <email>``.
 
@@ -1375,6 +1420,29 @@ def bump(
     sign_commits_flag = sign or config.project.sign_commits
     sign_tags_flag = sign or config.project.sign_tags
 
+    # post_bump hooks: run after every file write (bump_files, mirrors,
+    # changelog, state) so commands like `uv lock`, `npm install
+    # --package-lock-only`, `cargo update --workspace`, `helm dependency
+    # update` see the new pyproject.toml / package.json / Chart.yaml /
+    # Cargo.toml. Files modified by hooks are auto-detected via the git
+    # status diff and folded into ``written`` so they ride the release
+    # commit. Hooks only run when ``not dry_run`` — same gate as the
+    # writes themselves.
+    if not dry_run and applied:
+        hook_components = [
+            n for n in applied if config.components[n].post_bump
+        ]
+        if hook_components:
+            before_dirty = _porcelain_paths(repo)
+            for name in hook_components:
+                for command in config.components[name].post_bump:
+                    _run_post_bump_hook(repo, command)
+            after_dirty = _porcelain_paths(repo)
+            for relpath in sorted(after_dirty - before_dirty):
+                path = (repo / relpath).resolve()
+                if path.is_file() and path not in written:
+                    written.append(path)
+
     if not dry_run and commit and written:
         rel_paths = [str(p.relative_to(repo)) for p in written]
         _git(repo, "add", "--", *rel_paths)

{multicz-0.1.0 → multicz-0.2.0}/src/multicz/config.py

@@ -14,6 +14,7 @@ from __future__ import annotations
 
 import json
 import re
+import shlex
 from pathlib import Path
 from typing import Any, Literal
 
@@ -116,12 +117,35 @@ class Component(BaseModel):
     ignored_types: list[str] = Field(default_factory=list)
     version_scheme: Literal["semver", "pep440"] = "semver"
     artifacts: list[Artifact] = Field(default_factory=list)
-
-    @field_validator("paths", "exclude_paths")
+    # Shell commands run after multicz has rewritten this component's
+    # bump_files but before it stages them for the release commit. The
+    # canonical use-case is regenerating lockfiles that depend on the
+    # version multicz just wrote (uv.lock, package-lock.json, Cargo.lock,
+    # Chart.lock, …). Each entry is parsed via shlex.split and executed
+    # in the repo root. Files modified by these hooks are auto-detected
+    # and joined to the release commit.
+    post_bump: list[str] = Field(default_factory=list)
+
+    @field_validator("paths", "exclude_paths", "post_bump")
     @classmethod
     def _strip_globs(cls, value: list[str]) -> list[str]:
         return [v.strip() for v in value if v.strip()]
 
+    @field_validator("post_bump")
+    @classmethod
+    def _validate_post_bump_shellable(cls, value: list[str]) -> list[str]:
+        """Surface bad quoting at config-load time (i.e. via
+        ``multicz validate``) instead of at bump-run time."""
+        for entry in value:
+            try:
+                shlex.split(entry)
+            except ValueError as exc:
+                raise ValueError(
+                    f"post_bump entry {entry!r} is not a valid shell "
+                    f"command: {exc}"
+                ) from exc
+        return value
+
     @model_validator(mode="after")
     def _merge_triggers_alias(self) -> Component:
         """Fold ``triggers`` (legacy name) into ``depends_on`` (canonical).