Add --reach-disable-analysis-splitting flag and fix Docker entrypoint (#131)

dacoburn · web-flow · commit 1ab83ab3a700 · 2025-11-17T11:50:37.000+08:00
- Add new CLI option --reach-disable-analysis-splitting that maps to coana's --disable-analysis-splitting
- Implement full parameter chain: config field, argument parser, reachability analyzer
- Add flexible Docker entrypoint script to support both 'socketcli' prefix and direct argument patterns
- Update Dockerfile to use new entrypoint script instead of direct socketcli command
diff --git a/Dockerfile b/Dockerfile
@@ -99,4 +99,8 @@ RUN if [ "$USE_LOCAL_INSTALL" = "true" ]; then \
 # Create workspace directory with proper permissions
 RUN mkdir -p /go/src && chmod -R 777 /go
 
-ENTRYPOINT ["socketcli"]
+# Copy and setup entrypoint script
+COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
diff --git a/pyproject.toml b/pyproject.toml
@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.32"
+version = "2.2.33"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# Docker entrypoint script to support both patterns:
+# docker run socketdev/cli socketcli --params
+# docker run socketdev/cli --cli-params
+
+# Check if we have any arguments
+if [ $# -eq 0 ]; then
+    # No arguments provided, run socketcli with no args (will show help)
+    exec socketcli --help
+elif [ "$1" = "socketcli" ]; then
+    # If first argument is "socketcli", shift it out and pass the rest to socketcli
+    shift
+    exec socketcli "$@"
+else
+    # If first argument is not "socketcli", assume all arguments are for socketcli
+    exec socketcli "$@"
+fi
diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py
@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.32'
+__version__ = '2.2.33'
 USER_AGENT = f'SocketPythonCLI/{__version__}'
diff --git a/socketsecurity/config.py b/socketsecurity/config.py
@@ -68,6 +68,7 @@ class CliConfig:
     reach_analysis_memory_limit: Optional[int] = None
     reach_analysis_timeout: Optional[int] = None
     reach_disable_analytics: bool = False
+    reach_disable_analysis_splitting: bool = False
     reach_ecosystems: Optional[List[str]] = None
     reach_exclude_paths: Optional[List[str]] = None
     reach_skip_cache: bool = False
@@ -129,6 +130,7 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig':
             'reach_analysis_timeout': args.reach_analysis_timeout,
             'reach_analysis_memory_limit': args.reach_analysis_memory_limit,
             'reach_disable_analytics': args.reach_disable_analytics,
+            'reach_disable_analysis_splitting': args.reach_disable_analysis_splitting,
             'reach_ecosystems': args.reach_ecosystems.split(',') if args.reach_ecosystems else None,
             'reach_exclude_paths': args.reach_exclude_paths.split(',') if args.reach_exclude_paths else None,
             'reach_skip_cache': args.reach_skip_cache,
@@ -567,6 +569,12 @@ def create_argument_parser() -> argparse.ArgumentParser:
         action="store_true",
         help="Disable analytics sharing for reachability analysis"
     )
+    reachability_group.add_argument(
+        "--reach-disable-analysis-splitting",
+        dest="reach_disable_analysis_splitting",
+        action="store_true",
+        help="Disable analysis splitting/bucketing for reachability analysis"
+    )
     reachability_group.add_argument(
         "--reach-output-file",
         dest="reach_output_file",
diff --git a/socketsecurity/core/tools/reachability.py b/socketsecurity/core/tools/reachability.py
@@ -93,6 +93,7 @@ def run_reachability_analysis(
         min_severity: Optional[str] = None,
         skip_cache: bool = False,
         disable_analytics: bool = False,
+        disable_analysis_splitting: bool = False,
         repo_name: Optional[str] = None,
         branch_name: Optional[str] = None,
         version: Optional[str] = None,
@@ -115,6 +116,7 @@ def run_reachability_analysis(
             min_severity: Minimum severity level (info, low, moderate, high, critical)
             skip_cache: Skip cache usage
             disable_analytics: Disable analytics sharing
+            disable_analysis_splitting: Disable analysis splitting
             repo_name: Repository name
             branch_name: Branch name
             version: Specific version of @coana-tech/cli to use
@@ -149,6 +151,9 @@ def run_reachability_analysis(
         if disable_analytics:
             cmd.append("--disable-analytics-sharing")
         
+        if disable_analysis_splitting:
+            cmd.append("--disable-analysis-splitting")
+        
         # KEY POINT: Only add manifest tar hash if we have one
         if tar_hash:
             cmd.extend(["--run-without-docker", "--manifests-tar-hash", tar_hash])
diff --git a/socketsecurity/socketcli.py b/socketsecurity/socketcli.py
@@ -282,6 +282,7 @@ def main_code():
                     min_severity=config.reach_min_severity,
                     skip_cache=config.reach_skip_cache or False,
                     disable_analytics=config.reach_disable_analytics or False,
+                    disable_analysis_splitting=config.reach_disable_analysis_splitting or False,
                     repo_name=config.repo,
                     branch_name=config.branch,
                     version=config.reach_version,
