Query Package Registry for Latest Version

[alelom]

Problem

The current implementation uses git tags to determine the starting version for semantic-release, but:

• Git tags may not reflect what's actually published to package registries
• Tags can be out of sync with published versions
• The authoritative source should be the package registry (PyPI/Azure Artifacts), not git

Solution

Modify get-next-version.cjs to:

1. Query the target package registry API for the latest published version
2. Use that version as the baseline for semantic-release
3. Fall back to git tags if the package doesn't exist yet (first release)
4. Support PyPI, TestPyPI, and Azure Artifacts

Implementation Details

1. Update Script Interface

Modify get-next-version.cjs to accept repository information:

• Add optional parameters: repository (pypi|testpypi|azure), repository_url (for Azure)
• If repository info is provided, query the registry API first
• If not provided or package doesn't exist, fall back to git tags (current behavior)

2. Registry API Queries

PyPI:

• API: https://pypi.org/pypi/{package-name}/json
• Extract latest version from info.version or releases keys
• Handle 404 (package doesn't exist) gracefully

TestPyPI:

• API: https://test.pypi.org/pypi/{package-name}/json
• Same structure as PyPI

Azure Artifacts:

• API endpoint: Convert upload URL to simple index URL
• Upload URL: https://pkgs.dev.azure.com/ORG/PROJECT/_packaging/FEED/pypi/upload
• Simple index: https://pkgs.dev.azure.com/ORG/PROJECT/_packaging/FEED/pypi/simple/{package-name}/
• May require authentication (PAT token)
• Parse HTML response or use JSON API if available
• Note: Azure Artifacts API may be more complex and require authentication

3. Integration with Semantic-Release

• Query registry API first (if repository info provided)
• If version found: Use it as baseline, then analyze commits since that version
• If not found: Fall back to git tags (current behavior)
• Pass the baseline version to semantic-release via configuration or environment

4. Update Python CLI

Modify resolve_version_via_semantic_release() in python_package_folder.py to:

• Accept optional repository and repository_url parameters
• Pass these to the Node.js script
• This allows the script to query the correct registry

5. Handle Edge Cases

• Package doesn't exist on registry (first release) → Use git tags
• Registry API unavailable → Fall back to git tags with warning
• Azure Artifacts authentication → May need to pass credentials or use environment variables
• Network errors → Graceful fallback to git tags

Files to Modify

1. src/python_package_folder/scripts/get-next-version.cjs:

• Add repository query logic before semantic-release
• Implement PyPI/TestPyPI JSON API queries
• Implement Azure Artifacts API query (may need research)
• Fall back to git tags if registry query fails

2. src/python_package_folder/python_package_folder.py:

• Update resolve_version_via_semantic_release() signature to accept repository and repository_url
• Pass these parameters to the Node.js script
• Update call sites to pass repository information when available

3. src/python_package_folder/manager.py:

• Update build_and_publish() to pass repository info to version resolution
• Ensure repository information flows through the call chain

4. README.md:

• Document that version resolution queries the target registry
• Explain fallback to git tags behavior
• Note Azure Artifacts authentication requirements if needed

Azure Artifacts Considerations

Azure Artifacts may require:

• Authentication (Personal Access Token)
• Different API endpoint structure
• HTML parsing instead of JSON (simple index format)

Research needed:

• Exact Azure Artifacts API endpoint for package version info
• Authentication method (PAT in header, query param, or environment variable)
• Response format (JSON vs HTML)

Fallback strategy:

• If Azure Artifacts query fails or is too complex, fall back to git tags
• Document this limitation
• Consider making Azure Artifacts support optional initially

Testing

• Test with package that exists on PyPI
• Test with package that doesn't exist (first release)
• Test with TestPyPI
• Test with Azure Artifacts (if API is accessible)
• Test fallback to git tags when registry query fails
• Test network error handling

Migration Path

• Make repository parameters optional
• Default to current behavior (git tags) if not provided
• This ensures backward compatibility
• Users can opt-in to registry queries by providing repository info

[alelom]

Closed by 0d5405f