acie-io
diff --git a/‎.env.example‎
Lines changed: 4 additions & 4 deletions b/‎.env.example‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 165 additions & 0 deletions b/‎.github/workflows/publish.yml‎
Lines changed: 165 additions & 0 deletions
diff --git a/‎.github/workflows/readme.md‎
Lines changed: 68 additions & 0 deletions b/‎.github/workflows/readme.md‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎ackc/__init__.py‎
Lines changed: 8 additions & 18 deletions b/‎ackc/__init__.py‎
Lines changed: 8 additions & 18 deletions
diff --git a/‎ackc/api/__init__.py‎
Lines changed: 7 additions & 7 deletions b/‎ackc/api/__init__.py‎
Lines changed: 7 additions & 7 deletions
@@ -1,20 +1,20 @@
 
 # - For Docker Compose, you can set the project name to avoid conflicts with other projects.
-# export COMPOSE_PROJECT_NAME=ackc
+# export COMPOSE_PROJECT_NAME=auth
 
 # - Environment variable prefix for the variables below.
 #   Non-prefixed variables will still be used if prefixed values are not set.
 # export KEYCLOAK_ENV_PREFIX=AUTH_
 
 # - URL to your Keycloak server.
-# export KEYCLOAK_URL=https://id.acie.dev
+# export KEYCLOAK_URL=https://id.example.com
 # - Management interface URL, usually only Docker/VPC-local.
 # export KEYCLOAK_MANAGEMENT_URL=http://localhost:9000
 
 # - Keycloak realm for your application.
-# export KEYCLOAK_REALM=acie
+# export KEYCLOAK_REALM=example
 # - Keycloak authentication realm for the client.
-# export KEYCLOAK_AUTH_REALM=acie
+# export KEYCLOAK_AUTH_REALM=example
 
 # - Default Keycloak client ID and secret for authentication.
 # export KEYCLOAK_CLIENT_ID=ackc-admin
 
@@ -0,0 +1,165 @@
+name: Publish
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  check-version:
+    name: Check Version Change
+    runs-on: ubuntu-latest
+    environment: Publish
+    outputs:
+      should_publish: ${{ steps.version_check.outputs.changed }}
+      version: ${{ steps.version_check.outputs.version }}
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.PAT_TOKEN }}
+      
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          enable-cache: true
+      
+      - name: Check if version changed
+        id: version_check
+        run: |
+          # Get current version from pyproject.toml
+          CURRENT_VERSION=$(uv run python -c "import tomllib; print(tomllib.load(open('pyproject.toml', 'rb'))['project']['version'])")
+          echo "version=${CURRENT_VERSION}" >> $GITHUB_OUTPUT
+          
+          # Get last published version from latest-publish tag
+          if git show-ref --tags --quiet --verify refs/tags/latest-publish; then
+            # Checkout the last published commit
+            git checkout latest-publish
+            LAST_VERSION=$(uv run python -c "import tomllib; print(tomllib.load(open('pyproject.toml', 'rb'))['project']['version'])")
+            git checkout -
+          else
+            LAST_VERSION=""
+          fi
+          
+          echo "Current version: ${CURRENT_VERSION}"
+          echo "Last published version: ${LAST_VERSION:-none}"
+          
+          if [ "${CURRENT_VERSION}" != "${LAST_VERSION}" ]; then
+            echo "Version changed, will publish"
+            echo "changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "Version unchanged, skipping publish"
+            echo "changed=false" >> $GITHUB_OUTPUT
+          fi
+
+  publish:
+    name: Publish PyPI Package and GitHub Release
+    needs: check-version
+    if: ${{ needs.check-version.outputs.should_publish == 'true' }}
+    runs-on: ubuntu-latest
+    environment: Publish
+    permissions:
+      contents: write
+      id-token: write
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Need full history for commit count
+          token: ${{ secrets.PAT_TOKEN }}
+      
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          enable-cache: true
+      
+      - name: Set up Python
+        run: uv python install
+      
+      - name: Install dependencies
+        run: |
+          uv sync --all-groups --locked
+      
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
+      
+      - name: Configure Git
+        run: |
+          git config user.name "${{ vars.SIGNED_COMMIT_USER }}"
+          git config user.email "${{ vars.SIGNED_COMMIT_EMAIL }}"
+          git config commit.gpgsign true
+          git config tag.gpgsign true
+      
+      - name: Build and tag release
+        run: |
+          # Get current version (3-part)
+          V=${{ needs.check-version.outputs.version }}
+          echo "VERSION=${V}" >> $GITHUB_ENV
+          
+          # Build the package
+          UV_FROZEN=true uv build
+          
+          # Create a 3-part version tag
+          TAG="v${V}"
+          echo "TAG=${TAG}" >> $GITHUB_ENV
+          TAG_MESSAGE="[Automatic] Release Version ${V} from $(git rev-parse --short HEAD)"
+          git tag -s -m "${TAG_MESSAGE}" "${TAG}"
+          
+          # Create or update 2-digit version tag (simple, unsigned)
+          MAJOR_MINOR=$(echo ${V} | cut -d. -f1-2)
+          TAG_2DIGIT="v${MAJOR_MINOR}"
+          # Delete existing 2-digit tag if it exists
+          git tag -d "${TAG_2DIGIT}" 2>/dev/null || true
+          git push origin :refs/tags/"${TAG_2DIGIT}" 2>/dev/null || true
+          # Create new simple unsigned tag
+          git tag --no-sign "${TAG_2DIGIT}"
+          
+          # Update latest-publish tag after getting changelog
+          LATEST_TAG="latest-publish"
+          
+          # Get changelog since last release with rich formatting
+          echo "CHANGELOG<<EOFEOF" >> $GITHUB_ENV
+          git log ${LATEST_TAG}..${{ github.sha }} --pretty=format:'### [%s](https://github.com/${{ github.repository }}/commit/%H)%nDate: %ad%n%n%b%n' | sed '/^Signed-off-by:/d' >> $GITHUB_ENV
+          echo "EOFEOF" >> $GITHUB_ENV
+          
+          # Delete remote latest-publish tag FIRST (before creating new one)
+          git push origin :refs/tags/${LATEST_TAG} || true
+          
+          # Now create the new latest-publish tag locally
+          git tag -d ${LATEST_TAG} || true
+          git tag --no-sign ${LATEST_TAG}
+          
+          # Push all tags to remote
+          git push origin --tags
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ env.TAG }}
+          name: ACKC Release v${{ env.VERSION }}
+          body: |
+            ## Changes
+            ${{ env.CHANGELOG }}
+
+            ## Installation
+            ```bash
+            uv add ackc==${{ env.VERSION }}
+            ```
+          files: |
+            dist/*.tar.gz
+            dist/*.whl
+
+      - name: Publish to PyPI
+        if: success()
+        env:
+          PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+        run: |
+          uv publish --token $PYPI_TOKEN
@@ -0,0 +1,68 @@
+# GitHub Actions Workflows for ACKC
+
+This directory contains GitHub Actions workflows for automated publishing of the ACKC package to PyPI.
+
+## Workflows
+
+### Publish to PyPI (`publish.yml`)
+- **Trigger**: On push to main branch
+- **Purpose**: Automatically publish new versions to PyPI when version changes
+- **Actions**:
+  1. Check if version in pyproject.toml has changed since last publish
+  2. If changed, build the package
+  3. Create GPG-signed tag (vX.Y.Z)
+  4. Create simplified tag for major.minor (vX.Y)
+  5. Push tags to repository
+  6. Create GitHub release with changelog
+  7. Publish to PyPI
+  8. Update latest-publish tag for future comparisons
+
+## Required Secrets
+
+The following secrets must be configured in the GitHub repository settings:
+
+- `PAT_TOKEN`: Personal Access Token with read/write permissions on Content
+- `GPG_PRIVATE_KEY`: The GPG private key for signing commits and tags
+- `GPG_PASSPHRASE`: The passphrase for the GPG key
+- `PYPI_TOKEN`: The API token for publishing to PyPI
+
+## Required Environment Variables
+
+The following environment variables should be set in the `Publish` environment:
+
+- `GPG_PUBLIC_KEY`: The GPG public key (informational)
+- `PYPI_TOKEN_NAME`: The name of the PyPI token (informational)
+- `SIGNED_COMMIT_USER`: The name for git commits
+- `SIGNED_COMMIT_EMAIL`: The email for git commits
+
+## Version Numbering
+
+The version number follows the pattern `X.Y.Z` where:
+- X = Major version (breaking changes)
+- Y = Minor version (new features)
+- Z = Patch version (bug fixes)
+
+The workflow only publishes when the version in pyproject.toml is manually changed.
+
+## Environment Configuration
+
+The publish environment requires:
+- `SIGNED_COMMIT_USER`: Git username for commits
+- `SIGNED_COMMIT_EMAIL`: Git user email for commits
+
+## Usage
+
+**Publishing to PyPI**: 
+1. Update version in pyproject.toml
+2. Commit and push to main branch
+3. Workflow will automatically detect version change and publish
+
+## Branch Strategy
+
+- **main**: Production branch - triggers PyPI releases
+
+## Troubleshooting
+
+- If git operations fail, ensure the PAT_TOKEN has sufficient permissions
+- If GPG signing fails, ensure the GPG key is properly imported and the secrets are correct
+- If PyPI publishing fails, check that the PYPI_TOKEN has sufficient permissions
@@ -1,20 +1,4 @@
-"""ACIE Auth Client - High-performance Keycloak client using niquests.
-
-This package provides a modern, async-first Python client for Keycloak with:
-- Auto-generated API from OpenAPI spec
-- High-performance niquests backend (HTTP/2, multiplexing)
-- Type safety with Pydantic models
-- Async and sync interfaces
-
-Basic usage:
-    from acie.auth.client import KeycloakClient
-    
-    # Client will auto-authenticate using KEYCLOAK_* env vars
-    client = KeycloakClient()
-    
-    # Use the generated API directly
-    from acie.auth.client.api.users import get_admin_realms_realm_users
-    users = get_admin_realms_realm_users.sync(realm="master", client=client)
+"""ACKC - Keycloak API client using niquests.
 """
 from importlib.metadata import version
 
@@ -29,6 +13,9 @@
     TokenExpiredError,
     InvalidTokenError,
     UserNotFoundError,
+    RealmNotFoundError,
+    ClientNotFoundError,
+    APIError,
 )
 
 __version__ = version("ackc")
@@ -51,4 +38,7 @@
     "TokenExpiredError",
     "InvalidTokenError",
     "UserNotFoundError",
-)
+    "RealmNotFoundError",
+    "ClientNotFoundError",
+    "APIError",
+)
@@ -30,28 +30,28 @@
 
 __all__ = (
     "AuthError", "APIError", "AuthenticatedClient", "Client", "BaseAPI", "BaseClientManager",
-    "UsersAPI", "UsersClientMixin", "UserRepresentation",
+    "UsersAPI", "UsersClientMixin", "UserRepresentation", "CredentialRepresentation", "UserConsentRepresentation", "FederatedIdentityRepresentation",
     "RealmsAPI", "RealmsClientMixin", "RealmRepresentation",
-    "ClientsAPI", "ClientsClientMixin", "ClientRepresentation",
+    "ClientsAPI", "ClientsClientMixin", "ClientRepresentation", "ManagementPermissionReference",
     "RolesAPI", "RolesClientMixin", "RoleRepresentation",
     "GroupsAPI", "GroupsClientMixin", "GroupRepresentation",
     "OrganizationsAPI", "OrganizationsClientMixin", "OrganizationRepresentation",
     "IdentityProvidersAPI", "IdentityProvidersClientMixin", "IdentityProviderRepresentation",
-    "ClientScopesAPI", "ClientScopesClientMixin", "ClientScopeRepresentation",
-    "ComponentsAPI", "ComponentsClientMixin", "ComponentRepresentation",
+    "ClientScopesAPI", "ClientScopesClientMixin", "ClientScopeRepresentation", "GlobalRequestResult",
+    "ComponentsAPI", "ComponentsClientMixin", "ComponentRepresentation", "ComponentTypeRepresentation",
     "SessionsAPI", "SessionsClientMixin", "UserSessionRepresentation",
     "EventsAPI", "EventsClientMixin", "RealmEventsConfigRepresentation", "EventRepresentation", "AdminEventRepresentation",
     "AuthenticationAPI", "AuthenticationClientMixin", "AuthenticationFlowRepresentation", "AuthenticationExecutionInfoRepresentation", "AuthenticatorConfigRepresentation", "RequiredActionProviderRepresentation",
-    "AuthorizationAPI", "AuthorizationClientMixin", "ResourceServerRepresentation", "ResourceRepresentation", "ScopeRepresentation", "AbstractPolicyRepresentation", "PolicyProviderRepresentation", "PolicyEvaluationResponse", "EvaluationResultRepresentation",
+    "AuthorizationAPI", "AuthorizationClientMixin", "ResourceServerRepresentation", "ResourceRepresentation", "ScopeRepresentation", "AbstractPolicyRepresentation", "PolicyProviderRepresentation", "PolicyEvaluationResponse", "EvaluationResultRepresentation", "PolicyRepresentation",
     "ProtocolMappersAPI", "ProtocolMappersClientMixin", "ProtocolMapperRepresentation",
     "KeysAPI", "KeysClientMixin", "KeysMetadataRepresentation",
     "ScopeMappingsAPI", "ScopeMappingsClientMixin",
     "ClientRoleMappingsAPI", "ClientRoleMappingsClientMixin",
     "RoleMapperAPI", "RoleMapperClientMixin",
     "RolesByIdAPI", "RolesByIdClientMixin",
     "AttackDetectionAPI", "AttackDetectionClientMixin",
-    "ClientInitialAccessAPI", "ClientInitialAccessClientMixin",
-    "ClientAttributeCertificateAPI", "ClientAttributeCertificateClientMixin",
+    "ClientInitialAccessAPI", "ClientInitialAccessClientMixin", "ClientInitialAccessPresentation", "ClientInitialAccessCreatePresentation",
+    "ClientAttributeCertificateAPI", "ClientAttributeCertificateClientMixin", "CertificateRepresentation", "KeyStoreConfig",
     "ClientRegistrationPolicyAPI", "ClientRegistrationPolicyClientMixin",
     "KeycloakClientMixin",
 )