puba 0.1.0__tar.gz

puba-0.1.0/PKG-INFO

@@ -0,0 +1,167 @@
+Metadata-Version: 2.4
+Name: puba
+Version: 0.1.0
+Summary: Safe Python package release CLI
+Author: Griffin McManus
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: keyring>=23.0
+
+# puba
+
+**Safe Python Package Release CLI**
+
+A minimal, dependency-free CLI to safely check, build, and publish Python packages without risking secrets.
+
+---
+
+## Features
+
+- Ensure git working directory is clean before releasing  
+- Scan for secrets in the repo before publishing  
+- Run tests automatically (via `pytest` if installed)  
+- Build the package (`python -m build`)  
+- Safely upload to PyPI or TestPyPI  
+- Store your PyPI token securely in **macOS Keychain**, **Windows Credential Manager**, or Linux keyring  
+- Dry run mode for testing builds without uploading  
+- `checks` command to validate the repo without publishing  
+- No external dependencies required for CLI parsing  
+
+---
+
+## Usage
+
+### 1️⃣ Store PyPI token securely
+
+```bash
+puba auth
+```
+
+- On macOS → stored in Keychain  
+- On Windows → stored in Credential Manager  
+- On Linux → stored in system keyring if available  
+- Fallback → prompts you for input each time  
+
+---
+
+### 2️⃣ Install optional dev tools (for tests, builds, and publishing)
+
+If you want to run tests, build packages, or publish safely, install optional dependencies:
+
+```bash
+# zsh users: quote the extras to avoid glob errors
+pip install ".[dev]"
+```
+
+- Installs: `pytest`, `build`, `twine`  
+- You can also install subsets:
+  ```bash
+  pip install ".[test]"   # only pytest
+  pip install ".[build]"  # only build and twine
+  ```
+
+---
+
+### 3️⃣ Run safety checks only
+
+```bash
+puba checks
+```
+
+Checks performed:
+
+- Git working directory is clean  
+- Secret scan (requires `gitleaks`)  
+- Runs tests (`pytest`)  
+- Builds the package  
+
+> No upload occurs in this step.  
+
+---
+
+### 4️⃣ Publish package
+
+```bash
+puba publish
+```
+
+**Options:**
+
+- `--test` → Upload to **TestPyPI** instead of PyPI  
+- `--dry` → Run all checks and build without uploading  
+
+**Examples:**
+
+```bash
+# Standard release
+puba publish
+
+# Upload to TestPyPI
+puba publish --test
+
+# Dry run (check + build only)
+puba publish --dry
+```
+
+---
+
+### 5️⃣ Help
+
+```bash
+puba help
+```
+
+Displays usage instructions and available commands.
+
+---
+
+## Example Workflow
+
+```
+          +----------------+
+          | puba auth |
+          +----------------+
+                   |
+                   v
+          +------------------+
+          | puba checks |
+          +------------------+
+                   |
+                   v
+          +-------------------+
+          | puba publish |
+          +-------------------+
+```
+
+1. Store token (one-time)  
+2. Check repo before release  
+3. Publish safely  
+
+Optional: test PyPI or dry-run:  
+```bash
+puba publish --test
+puba publish --dry
+```
+
+---
+
+## Notes
+
+- **Secrets are never committed** — always stored in system keyring or provided via environment variable `PYPI_TOKEN`.  
+- Works on **macOS, Windows, and Linux**.  
+- Can be integrated into **CI/CD pipelines** with environment variables:
+
+```bash
+export PYPI_TOKEN=pypi-xxxxxxxxxxxx
+puba publish --dry
+```
+
+---
+
+## Recommended Tools (Optional)
+
+- `pytest` → for running tests automatically  
+- `gitleaks` → for scanning secrets before publishing  
+- `build` → Python build system (`pip install build`)  
+- `twine` → for uploading packages (`pip install twine`)
+

puba-0.1.0/README.md

@@ -0,0 +1,158 @@
+# puba
+
+**Safe Python Package Release CLI**
+
+A minimal, dependency-free CLI to safely check, build, and publish Python packages without risking secrets.
+
+---
+
+## Features
+
+- Ensure git working directory is clean before releasing  
+- Scan for secrets in the repo before publishing  
+- Run tests automatically (via `pytest` if installed)  
+- Build the package (`python -m build`)  
+- Safely upload to PyPI or TestPyPI  
+- Store your PyPI token securely in **macOS Keychain**, **Windows Credential Manager**, or Linux keyring  
+- Dry run mode for testing builds without uploading  
+- `checks` command to validate the repo without publishing  
+- No external dependencies required for CLI parsing  
+
+---
+
+## Usage
+
+### 1️⃣ Store PyPI token securely
+
+```bash
+puba auth
+```
+
+- On macOS → stored in Keychain  
+- On Windows → stored in Credential Manager  
+- On Linux → stored in system keyring if available  
+- Fallback → prompts you for input each time  
+
+---
+
+### 2️⃣ Install optional dev tools (for tests, builds, and publishing)
+
+If you want to run tests, build packages, or publish safely, install optional dependencies:
+
+```bash
+# zsh users: quote the extras to avoid glob errors
+pip install ".[dev]"
+```
+
+- Installs: `pytest`, `build`, `twine`  
+- You can also install subsets:
+  ```bash
+  pip install ".[test]"   # only pytest
+  pip install ".[build]"  # only build and twine
+  ```
+
+---
+
+### 3️⃣ Run safety checks only
+
+```bash
+puba checks
+```
+
+Checks performed:
+
+- Git working directory is clean  
+- Secret scan (requires `gitleaks`)  
+- Runs tests (`pytest`)  
+- Builds the package  
+
+> No upload occurs in this step.  
+
+---
+
+### 4️⃣ Publish package
+
+```bash
+puba publish
+```
+
+**Options:**
+
+- `--test` → Upload to **TestPyPI** instead of PyPI  
+- `--dry` → Run all checks and build without uploading  
+
+**Examples:**
+
+```bash
+# Standard release
+puba publish
+
+# Upload to TestPyPI
+puba publish --test
+
+# Dry run (check + build only)
+puba publish --dry
+```
+
+---
+
+### 5️⃣ Help
+
+```bash
+puba help
+```
+
+Displays usage instructions and available commands.
+
+---
+
+## Example Workflow
+
+```
+          +----------------+
+          | puba auth |
+          +----------------+
+                   |
+                   v
+          +------------------+
+          | puba checks |
+          +------------------+
+                   |
+                   v
+          +-------------------+
+          | puba publish |
+          +-------------------+
+```
+
+1. Store token (one-time)  
+2. Check repo before release  
+3. Publish safely  
+
+Optional: test PyPI or dry-run:  
+```bash
+puba publish --test
+puba publish --dry
+```
+
+---
+
+## Notes
+
+- **Secrets are never committed** — always stored in system keyring or provided via environment variable `PYPI_TOKEN`.  
+- Works on **macOS, Windows, and Linux**.  
+- Can be integrated into **CI/CD pipelines** with environment variables:
+
+```bash
+export PYPI_TOKEN=pypi-xxxxxxxxxxxx
+puba publish --dry
+```
+
+---
+
+## Recommended Tools (Optional)
+
+- `pytest` → for running tests automatically  
+- `gitleaks` → for scanning secrets before publishing  
+- `build` → Python build system (`pip install build`)  
+- `twine` → for uploading packages (`pip install twine`)
+

puba-0.1.0/puba/build.py

@@ -0,0 +1,32 @@
+import subprocess
+import shutil
+
+
+def build_package():
+
+    shutil.rmtree("dist", ignore_errors=True)
+    shutil.rmtree("build", ignore_errors=True)
+
+    subprocess.run(["python", "-m", "build"], check=True)
+
+
+def upload_package(token, test=False):
+
+    repo = "testpypi" if test else "pypi"
+
+    subprocess.run(
+        [
+            "python",
+            "-m",
+            "twine",
+            "upload",
+            "--repository",
+            repo,
+            "dist/*",
+            "-u",
+            "__token__",
+            "-p",
+            token,
+        ],
+        check=True,
+    )

puba-0.1.0/puba/checks.py

@@ -0,0 +1,63 @@
+import subprocess
+import importlib.util
+import sys
+
+DEV_DEPS = ["build", "twine"]
+
+
+def check_installs():
+    missing = []
+
+    for tool in DEV_DEPS:
+        if importlib.util.find_spec(tool) is None:
+            missing.append(tool)
+
+    if not missing:
+        return
+
+    print(f"⚠️ Missing required tools: {', '.join(missing)}")
+
+    response = input("Install them now? [y/N]: ").strip().lower()
+
+    if response != "y":
+        print("Install manually with: pip install build twine")
+        sys.exit(1)
+
+    try:
+        subprocess.check_call([sys.executable, "-m", "pip", "install", *missing])
+        print("✅ Dev tools installed.")
+    except subprocess.CalledProcessError:
+        print("❌ Failed to install dev tools.")
+        sys.exit(1)
+
+
+def run_secret_scan():
+
+    try:
+        subprocess.run(["gitleaks", "detect", "--no-git"], check=True)
+    except FileNotFoundError:
+        print("gitleaks not installed — skipping secret scan")
+
+
+import subprocess
+
+
+def run_secret_scan():
+    try:
+        subprocess.run(["gitleaks", "detect", "--no-git"], check=True)
+    except FileNotFoundError:
+        print("gitleaks not installed — skipping secret scan")
+
+
+def run_tests():
+    """Run pytest if available. Skip if no tests are found."""
+    try:
+        result = subprocess.run(["pytest"], capture_output=True, text=True)
+        if result.returncode == 5:
+            print("No tests found — skipping test step.")
+        elif result.returncode != 0:
+            raise RuntimeError(f"Tests failed with exit code {result.returncode}")
+        else:
+            print("Tests passed successfully.")
+    except FileNotFoundError:
+        print("pytest not installed — skipping tests.")

puba-0.1.0/puba/cli.py

@@ -0,0 +1,48 @@
+import sys
+from .pipeline import release, run_checks_only
+from .secrets import store_token
+
+HELP_TEXT = """
+pyrelease - Safe Python package release tool
+
+Commands:
+  auth       Store PyPI token securely
+  checks     Run safety checks only (git, secrets, tests)
+  publish    Build and upload your package safely
+             Options:
+               --test   Upload to TestPyPI
+               --dry    Run checks and build without uploading
+  help       Show this help message
+"""
+
+
+def main():
+    if len(sys.argv) < 2:
+        print(HELP_TEXT)
+        sys.exit(0)
+
+    cmd = sys.argv[1].lower()
+    options = sys.argv[2:]
+
+    if cmd == "auth":
+        store_token()
+
+    elif cmd == "checks":
+        run_checks_only()
+
+    elif cmd == "publish":
+        test = "--test" in options
+        dry = "--dry" in options
+        release(test=test, dry=dry)
+
+    elif cmd == "help":
+        print(HELP_TEXT)
+
+    else:
+        print(f"Unknown command: {cmd}\n")
+        print(HELP_TEXT)
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()

puba-0.1.0/puba/git.py

@@ -0,0 +1,11 @@
+import subprocess
+import sys
+
+
+def ensure_clean_repo():
+
+    result = subprocess.check_output(["git", "status", "--porcelain"]).decode()
+
+    if result.strip():
+        print("Git working directory not clean.")
+        sys.exit(1)

puba-0.1.0/puba/pipeline.py

@@ -0,0 +1,55 @@
+from .git import ensure_clean_repo
+from .checks import run_secret_scan, run_tests, check_installs
+from .build import build_package, upload_package
+from .secrets import get_pypi_token
+
+
+def release(test=False, dry=False):
+    print(f"Checking installs...")
+    check_installs()
+
+    print("Checking git state...")
+    ensure_clean_repo()
+
+    print("Scanning for secrets...")
+    run_secret_scan()
+
+    print("Running tests...")
+    run_tests()
+
+    print("Building package...")
+    build_package()
+
+    if dry:
+        print("Dry run complete")
+        return
+
+    token = get_pypi_token()
+
+    print("Uploading package...")
+    upload_package(token, test)
+
+    print("Release complete")
+
+
+def run_checks_only():
+    """
+    Run safety checks without uploading package.
+    Useful for CI or pre-release verification.
+    """
+    print(f"Checking installs...")
+    check_installs()
+
+    print("Checking git state...")
+    ensure_clean_repo()
+
+    print("Scanning for secrets...")
+    run_secret_scan()
+
+    print("Running tests...")
+    run_tests()
+
+    print("Building package...")
+    build_package()
+
+    print("All checks passed. Package is ready for release.")

puba-0.1.0/puba/secrets.py

@@ -0,0 +1,56 @@
+import os
+import keyring
+import getpass
+import platform
+
+SERVICE = "puba"
+
+
+def get_pypi_token():
+    """
+    Retrieve the PyPI token safely.
+    Order:
+      1. Environment variable
+      2. Keyring
+      3. Prompt user
+    """
+    # 1. Env var
+    token = os.getenv("PYPI_TOKEN")
+    if token:
+        print("Using PyPI token from environment variable.")
+        return token
+
+    # 2. Keyring
+    token = keyring.get_password(SERVICE, "puba")
+    if token:
+        backend = keyring.get_keyring()
+        print(f"Using PyPI token stored in {backend}.")
+        return token
+
+    # 3. Prompt
+    token = getpass.getpass("Enter PyPI token: ")
+    return token
+
+
+def store_token():
+    """
+    Prompt the user for PyPI token and store it securely.
+    """
+    token = getpass.getpass("Enter PyPI token: ")
+
+    keyring.set_password(SERVICE, "puba", token)
+
+    system = platform.system()
+
+    if system == "Darwin":
+        location = "macOS Keychain"
+    elif system == "Windows":
+        location = "Windows Credential Manager"
+    elif system == "Linux":
+        location = "Linux Keyring backend (may vary)"
+    else:
+        location = "Unknown secure store"
+
+    print(
+        f"PyPI token stored securely in {location}. You can now run 'pyrelease publish' without re-entering it."
+    )

puba-0.1.0/puba.egg-info/PKG-INFO

@@ -0,0 +1,167 @@
+Metadata-Version: 2.4
+Name: puba
+Version: 0.1.0
+Summary: Safe Python package release CLI
+Author: Griffin McManus
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: keyring>=23.0
+
+# puba
+
+**Safe Python Package Release CLI**
+
+A minimal, dependency-free CLI to safely check, build, and publish Python packages without risking secrets.
+
+---
+
+## Features
+
+- Ensure git working directory is clean before releasing  
+- Scan for secrets in the repo before publishing  
+- Run tests automatically (via `pytest` if installed)  
+- Build the package (`python -m build`)  
+- Safely upload to PyPI or TestPyPI  
+- Store your PyPI token securely in **macOS Keychain**, **Windows Credential Manager**, or Linux keyring  
+- Dry run mode for testing builds without uploading  
+- `checks` command to validate the repo without publishing  
+- No external dependencies required for CLI parsing  
+
+---
+
+## Usage
+
+### 1️⃣ Store PyPI token securely
+
+```bash
+puba auth
+```
+
+- On macOS → stored in Keychain  
+- On Windows → stored in Credential Manager  
+- On Linux → stored in system keyring if available  
+- Fallback → prompts you for input each time  
+
+---
+
+### 2️⃣ Install optional dev tools (for tests, builds, and publishing)
+
+If you want to run tests, build packages, or publish safely, install optional dependencies:
+
+```bash
+# zsh users: quote the extras to avoid glob errors
+pip install ".[dev]"
+```
+
+- Installs: `pytest`, `build`, `twine`  
+- You can also install subsets:
+  ```bash
+  pip install ".[test]"   # only pytest
+  pip install ".[build]"  # only build and twine
+  ```
+
+---
+
+### 3️⃣ Run safety checks only
+
+```bash
+puba checks
+```
+
+Checks performed:
+
+- Git working directory is clean  
+- Secret scan (requires `gitleaks`)  
+- Runs tests (`pytest`)  
+- Builds the package  
+
+> No upload occurs in this step.  
+
+---
+
+### 4️⃣ Publish package
+
+```bash
+puba publish
+```
+
+**Options:**
+
+- `--test` → Upload to **TestPyPI** instead of PyPI  
+- `--dry` → Run all checks and build without uploading  
+
+**Examples:**
+
+```bash
+# Standard release
+puba publish
+
+# Upload to TestPyPI
+puba publish --test
+
+# Dry run (check + build only)
+puba publish --dry
+```
+
+---
+
+### 5️⃣ Help
+
+```bash
+puba help
+```
+
+Displays usage instructions and available commands.
+
+---
+
+## Example Workflow
+
+```
+          +----------------+
+          | puba auth |
+          +----------------+
+                   |
+                   v
+          +------------------+
+          | puba checks |
+          +------------------+
+                   |
+                   v
+          +-------------------+
+          | puba publish |
+          +-------------------+
+```
+
+1. Store token (one-time)  
+2. Check repo before release  
+3. Publish safely  
+
+Optional: test PyPI or dry-run:  
+```bash
+puba publish --test
+puba publish --dry
+```
+
+---
+
+## Notes
+
+- **Secrets are never committed** — always stored in system keyring or provided via environment variable `PYPI_TOKEN`.  
+- Works on **macOS, Windows, and Linux**.  
+- Can be integrated into **CI/CD pipelines** with environment variables:
+
+```bash
+export PYPI_TOKEN=pypi-xxxxxxxxxxxx
+puba publish --dry
+```
+
+---
+
+## Recommended Tools (Optional)
+
+- `pytest` → for running tests automatically  
+- `gitleaks` → for scanning secrets before publishing  
+- `build` → Python build system (`pip install build`)  
+- `twine` → for uploading packages (`pip install twine`)
+

puba-0.1.0/puba.egg-info/SOURCES.txt

@@ -0,0 +1,15 @@
+README.md
+pyproject.toml
+puba/__init__.py
+puba/build.py
+puba/checks.py
+puba/cli.py
+puba/git.py
+puba/pipeline.py
+puba/secrets.py
+puba.egg-info/PKG-INFO
+puba.egg-info/SOURCES.txt
+puba.egg-info/dependency_links.txt
+puba.egg-info/entry_points.txt
+puba.egg-info/requires.txt
+puba.egg-info/top_level.txt

puba-0.1.0/puba.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

puba-0.1.0/puba.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+puba = puba.cli:main

puba-0.1.0/puba.egg-info/requires.txt

@@ -0,0 +1 @@
+keyring>=23.0

puba-0.1.0/puba.egg-info/top_level.txt

@@ -0,0 +1 @@
+puba

puba-0.1.0/pyproject.toml

@@ -0,0 +1,23 @@
+[project]
+name = "puba"
+version = "0.1.0"
+description = "Safe Python package release CLI"
+readme = "README.md"
+authors = [{name = "Griffin McManus"}]
+requires-python = ">=3.9"
+dependencies = [
+    "keyring>=23.0"    # secure token storage (runtime dependency)
+]
+
+[project.scripts]
+puba = "puba.cli:main"
+
+# Optional dependencies for development, testing, and publishing
+[project.optional-dependencies]
+
+[build-system]
+requires = [
+    "setuptools>=61.0",
+    "wheel>=0.37"
+]
+build-backend = "setuptools.build_meta"

puba-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+