ci(version-check): also require PR version > latest PyPI stable

Mirrors socket-python-cli's fix at 0462b77 (in PR #199). The workflow
previously only compared the PR version against main, which missed
the case where the same or newer version had already been published
to PyPI — that would slip through CI and either collide on publish
or leave PyPI ahead of the repo.

- workflow: hits pypi.org/pypi/socketdev/json, filters to stable
  (non-prerelease, non-devrelease), requires PR > max(main, PyPI).
- sync_version.py: splits PYPI_PROD_API vs PYPI_TEST_API. Stable
  auto-bumps now use prod PyPI as the floor via
  find_next_stable_patch_version(). The .devN flow keeps using
  TestPyPI. New 'already bumped but ≤ PyPI' path auto-corrects the
  version when somebody bumps to a stale number.

Author: flowstate

.github/workflows/version-check.yml

@@ -33,16 +33,43 @@ jobs:
           MAIN_VERSION=$(grep -o "__version__.*" socketdev/version.py | awk '{print $3}' | tr -d '"' | tr -d "'")
           echo "MAIN_VERSION=$MAIN_VERSION" >> $GITHUB_ENV
 
-          # Compare versions using Python
-          python3 -c "
+          export PR_VERSION
+          export MAIN_VERSION
+
+          # Compare against both main and latest published PyPI release.
+          python3 <<'PY'
+          import json
+          import os
+          import urllib.request
           from packaging import version
-          pr_ver = version.parse('${PR_VERSION}')
-          main_ver = version.parse('${MAIN_VERSION}')
-          if pr_ver <= main_ver:
-              print(f'❌ Version must be incremented! Main: {main_ver}, PR: {pr_ver}')
-              exit(1)
-          print(f'✅ Version properly incremented from {main_ver} to {pr_ver}')
-          "
+
+          pr_ver = version.parse(os.environ["PR_VERSION"])
+          main_ver = version.parse(os.environ["MAIN_VERSION"])
+
+          with urllib.request.urlopen("https://pypi.org/pypi/socketdev/json") as response:
+              pypi_data = json.load(response)
+
+          published_versions = []
+          for raw in pypi_data.get("releases", {}).keys():
+              parsed = version.parse(raw)
+              if not parsed.is_prerelease and not parsed.is_devrelease:
+                  published_versions.append(parsed)
+
+          pypi_ver = max(published_versions) if published_versions else version.parse("0.0.0")
+          required_floor = max(main_ver, pypi_ver)
+
+          if pr_ver <= required_floor:
+              print(
+                  f"❌ Version must be greater than main and PyPI! "
+                  f"Main: {main_ver}, PyPI: {pypi_ver}, PR: {pr_ver}"
+              )
+              raise SystemExit(1)
+
+          print(
+              f"✅ Version properly incremented. "
+              f"Main: {main_ver}, PyPI: {pypi_ver}, PR: {pr_ver}"
+          )
+          PY
 
       - name: Require uv.lock update when pyproject changes
         run: |

.hooks/sync_version.py

@@ -12,7 +12,9 @@
 
 VERSION_PATTERN = re.compile(r"__version__\s*=\s*['\"]([^'\"]+)['\"]")
 PYPROJECT_PATTERN = re.compile(r'^version\s*=\s*".*"$', re.MULTILINE)
-PYPI_API = "https://test.pypi.org/pypi/socketdev/json"
+STABLE_VERSION_PATTERN = re.compile(r"^\d+\.\d+\.\d+$")
+PYPI_PROD_API = "https://pypi.org/pypi/socketdev/json"
+PYPI_TEST_API = "https://test.pypi.org/pypi/socketdev/json"
 
 def read_version_from_version_file(path: pathlib.Path) -> str:
     content = path.read_text()
@@ -39,24 +41,61 @@ def bump_patch_version(version: str) -> str:
     parts[-1] = str(int(parts[-1]) + 1)
     return ".".join(parts)
 
-def fetch_existing_versions() -> set:
+def parse_stable_version(version: str):
+    if not STABLE_VERSION_PATTERN.fullmatch(version):
+        return None
+    return tuple(int(part) for part in version.split("."))
+
+
+def format_stable_version(version_parts) -> str:
+    return ".".join(str(part) for part in version_parts)
+
+
+def fetch_existing_versions(api_url: str) -> set:
     try:
-        with urllib.request.urlopen(PYPI_API) as response:
+        with urllib.request.urlopen(api_url) as response:
             data = json.load(response)
             return set(data.get("releases", {}).keys())
     except Exception as e:
-        print(f"⚠️ Warning: Failed to fetch existing versions from Test PyPI: {e}")
+        print(f"⚠️ Warning: Failed to fetch versions from {api_url}: {e}")
         return set()
 
+
+def fetch_latest_stable_pypi_version():
+    versions = fetch_existing_versions(PYPI_PROD_API)
+    stable_versions = []
+    for ver in versions:
+        parsed = parse_stable_version(ver)
+        if parsed is not None:
+            stable_versions.append(parsed)
+    if not stable_versions:
+        return None
+    return max(stable_versions)
+
+
 def find_next_available_dev_version(base_version: str) -> str:
-    existing_versions = fetch_existing_versions()
+    existing_versions = fetch_existing_versions(PYPI_TEST_API)
     for i in range(1, 100):
         candidate = f"{base_version}.dev{i}"
         if candidate not in existing_versions:
             return candidate
     print("❌ Could not find available .devN slot after 100 attempts.")
     sys.exit(1)
 
+
+def find_next_stable_patch_version(current_version: str) -> str:
+    current_stable = current_version.split(".dev")[0] if ".dev" in current_version else current_version
+    current_parts = parse_stable_version(current_stable)
+    if current_parts is None:
+        print(f"❌ Unsupported version format for stable bump: {current_version}")
+        sys.exit(1)
+
+    latest_pypi_parts = fetch_latest_stable_pypi_version()
+    base_parts = max([current_parts, latest_pypi_parts] if latest_pypi_parts else [current_parts])
+    next_parts = (base_parts[0], base_parts[1], base_parts[2] + 1)
+    return format_stable_version(next_parts)
+
+
 def inject_version(version: str):
     print(f"🔁 Updating version to: {version}")
 
@@ -102,13 +141,25 @@ def main():
             print(f"⚠️ Version was unchanged — auto-bumped. Please git add{lock_hint} + commit again.")
             sys.exit(0)
         else:
-            new_version = bump_patch_version(current_version)
+            new_version = find_next_stable_patch_version(current_version)
             inject_version(new_version)
             uv_lock_changed = run_uv_lock()
             lock_hint = " and uv.lock" if uv_lock_changed else ""
-            print(f"⚠️ Version was unchanged — auto-bumped. Please git add{lock_hint} + commit again.")
+            print(f"⚠️ Version was unchanged — auto-bumped to {new_version}. Please git add{lock_hint} + commit again.")
             sys.exit(1)
     else:
+        if not dev_mode:
+            current_parts = parse_stable_version(current_version)
+            latest_pypi_parts = fetch_latest_stable_pypi_version()
+            if current_parts is not None and latest_pypi_parts is not None and current_parts <= latest_pypi_parts:
+                next_parts = (latest_pypi_parts[0], latest_pypi_parts[1], latest_pypi_parts[2] + 1)
+                new_version = format_stable_version(next_parts)
+                inject_version(new_version)
+                uv_lock_changed = run_uv_lock()
+                lock_hint = " and uv.lock" if uv_lock_changed else ""
+                print(f"⚠️ Version {current_version} is already published on PyPI — auto-bumped to {new_version}. Please git add{lock_hint} + commit again.")
+                sys.exit(1)
+
         uv_lock_changed = run_uv_lock()
         if uv_lock_changed:
             print("⚠️ Version already bumped, but uv.lock was out of date and has been updated. Please git add uv.lock + commit again.")