Package for PyPI: structure, release docs, and CI (#11, #12, #13)#19
Merged
Conversation
Restructure the project into a proper Python package suitable for PyPI: - Add domain_security_analyzer/ package: __init__, __version__, __main__, analyzer (core logic moved from domain_analyzer.py), and cli (argparse interface with --help/--version plus the friendly dependency check). - Replace domain_analyzer.py with a thin backward-compatible shim so `python domain_analyzer.py ...` and `from domain_analyzer import DomainAnalyzer` keep working. - Add pyproject.toml (setuptools build, metadata/classifiers/keywords/URLs, dynamic version, `domain-analyzer` console entry point) and MANIFEST.in. - Ignore build/dist/egg-info artifacts. Verified: pip install -e ., `from domain_security_analyzer import DomainAnalyzer`, `domain-analyzer --help/--version`, `python -m domain_security_analyzer`, end-to-end 29-column CSV output, and `python -m build` + `twine check` both pass. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01XYvSCw1sjoG2AHbLPCsX7S
Cover the doable parts of the Phase 2 release-docs issue: - CHANGELOG.md: promote the Unreleased notes into a tagged v1.0.0 entry (Keep a Changelog format) covering packaging, SRI scanning, and wildcard filtering; add version compare links. - README.md: add PyPI/source install instructions, the `domain-analyzer` console command and `python -m` usage, and PyPI/license badges. - Add CONTRIBUTING.md (dev setup, layout, change workflow) and AUTHORS.md. - Ship the new docs in the sdist via MANIFEST.in. Package metadata (classifiers, keywords, project URLs) already landed in pyproject.toml with #11. Verified `python -m build` and `twine check` pass for both wheel and sdist. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01XYvSCw1sjoG2AHbLPCsX7S
Establish automated testing toward the Phase 3 QA issue: - tests/: pytest suite covering the public API/version, the legacy import shim, DomainAnalyzer pure logic (parent domain, external-resource and hash-algorithm detection, SRI counting/coverage), and end-to-end 29-column CSV writing with analyze_domain stubbed (no network). Plus CLI tests for --version/--help and argument parsing. - .github/workflows/ci.yml: matrix across ubuntu/windows/macos x Python 3.8-3.12 that installs the package, runs pytest, and smoke-tests the entry points; a separate job runs `python -m build` + `twine check`. - pyproject.toml: add a `dev` optional-dependencies extra (pytest, build, twine). Note: the matrix starts at 3.8 (3.7 is EOL and unavailable on current GitHub runners); requires-python remains >=3.7. Cross-platform/full-version validation in the issue is delivered by CI rather than this container. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01XYvSCw1sjoG2AHbLPCsX7S
This was referenced Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Converts the project from a flat script into an installable, PyPI-ready Python package, with release documentation and an automated test/CI scaffold. Delivers the doable work across the Phase 1–3 issues.
This is the keystone work that unblocks the remaining release tasks. Closes #11. Substantial progress on #12 and #13 (remaining items noted below).
What changed
#11 — Package structure (complete)
domain_security_analyzer/package:__init__,__version__,__main__,analyzer.py(core logic moved fromdomain_analyzer.py), andcli.py(argparse interface with--help/--version+ the friendly dependency check).domain_analyzer.pyis now a thin backward-compatible shim —python domain_analyzer.py ...andfrom domain_analyzer import DomainAnalyzerstill work.pyproject.toml(setuptools build, metadata/classifiers/keywords/URLs, dynamic version,domain-analyzerconsole entry point) andMANIFEST.in..gitignoreexcludes build/dist/egg-info artifacts.#12 — Release docs & metadata (doable parts)
CHANGELOG.md: tagged[1.0.0]entry in Keep a Changelog format.README.md: PyPI/source install instructions,domain-analyzer/python -musage, and badges.CONTRIBUTING.mdandAUTHORS.md, shipped in the sdist viaMANIFEST.in.pyproject.toml).#13 — Testing & QA (scaffold)
tests/: pytest suite (23 tests) covering the public API/version, the legacy import shim,DomainAnalyzerpure logic (parent domain, external-resource and hash-algorithm detection, SRI counting/coverage), and end-to-end 29-column CSV writing withanalyze_domainstubbed (no network); plus CLI parsing and--version/--help..github/workflows/ci.yml: matrix across ubuntu/windows/macos × Python 3.8–3.12 (install + pytest + entry-point smoke tests), and a separatebuild+twine checkjob.devoptional-dependencies extra (pytest,build,twine).Verification (local, Python 3.11)
pip install -e ".[dev]"from domain_security_analyzer import DomainAnalyzer,domain-analyzer --help/--version,python -m domain_security_analyzer, legacy shimpytest→ 23 passedpython -m build+twine check→ PASSED (wheel + sdist)Out of scope / follow-ups
requires-pythonremains>=3.7. Real cross-platform/version validation happens in CI.sri_parser.pyconsolidation into the importable API.🤖 Generated with Claude Code
Generated by Claude Code