refactor: extract zip template extraction to scripts/extract_template_zip.py

JonZeolla · claude · JonZeolla · commit 196a9b76ac06 · 2026-04-05T06:01:30.000-04:00
Move the inline Python zip extraction into a proper script file that
can be tested and maintained independently. The CI downloads it from
the raw GitHub URL since the repo cannot be checked out on Windows.
Also add python3 --version check to Docker image verification.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -129,37 +129,14 @@ jobs:
           git config --global user.email "ci@zenable.io"
 
           # The template directory name contains NTFS-illegal characters
-          # (double quotes, pipe). Use Python to extract the zip, renaming
-          # the template dir to {{cookiecutter.project_name}} which is
-          # NTFS-safe and renders identically for defaults (no spaces).
+          # (double quotes, pipe). Use extract_template_zip.py to safely
+          # extract and rename only the top-level template dir.
           zipUrl="https://github.com/${{ github.repository }}/archive/${TEMPLATE_REF}.zip"
+          scriptUrl="https://raw.githubusercontent.com/${{ github.repository }}/${TEMPLATE_REF}/scripts/extract_template_zip.py"
           tmpdir=$(mktemp -d)
           curl -fsSL "$zipUrl" -o "$tmpdir/template.zip"
-
-          repoDir=$(python3 -c "
-          import zipfile, os, sys
-          zf, dest = zipfile.ZipFile(sys.argv[1]), sys.argv[2]
-          for info in zf.infolist():
-              parts = info.filename.split('/')
-              # Only rename the top-level template dir (index 1) which has
-              # NTFS-illegal chars (pipe, quotes).  Nested cookiecutter dirs
-              # like {{cookiecutter.project_slug}} are NTFS-safe and must be
-              # preserved so cookiecutter renders them correctly.
-              safe = []
-              for i, p in enumerate(parts):
-                  if i == 1 and '{{cookiecutter.' in p:
-                      safe.append('{{cookiecutter.project_name}}')
-                  else:
-                      safe.append(p)
-              target = os.path.join(dest, *[s for s in safe if s])
-              if info.is_dir():
-                  os.makedirs(target, exist_ok=True)
-              else:
-                  os.makedirs(os.path.dirname(target), exist_ok=True)
-                  with zf.open(info) as s, open(target, 'wb') as d:
-                      d.write(s.read())
-          print(os.path.join(dest, os.listdir(dest)[0]))
-          " "$tmpdir/template.zip" "$tmpdir/src")
+          curl -fsSL "$scriptUrl" -o "$tmpdir/extract_template_zip.py"
+          repoDir=$(python3 "$tmpdir/extract_template_zip.py" "$tmpdir/template.zip" "$tmpdir/src")
 
           uvx --with gitpython cookiecutter "$repoDir" --no-input --output-dir "$RUNNER_TEMP"
       - name: Verify generated project
@@ -259,8 +236,10 @@ jobs:
       - name: Verify Docker image
         shell: bash
         run: |
-          docker run --rm --entrypoint python3 \
-            zenable-io/replace-me:latest \
+          # Verify the Python runtime is functional
+          docker run --rm --entrypoint python3 zenable-io/replace-me:latest --version
+          # Verify the project module is importable and reports its version
+          docker run --rm --entrypoint python3 zenable-io/replace-me:latest \
             -c "from replace_me import __version__; print(__version__)"
       - name: Verify zenable CLI
         shell: bash
diff --git a/scripts/extract_template_zip.py b/scripts/extract_template_zip.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+"""Extract a cookiecutter template from a GitHub archive zip.
+
+The top-level template directory in the zip contains NTFS-illegal characters
+(pipe, double-quotes) from the Jinja2 expression in
+``{{cookiecutter.project_name|replace(" ", "")}}``.  This script renames
+**only** that top-level directory to the safe ``{{cookiecutter.project_name}}``
+form while preserving nested cookiecutter directories like
+``{{cookiecutter.project_slug}}`` so cookiecutter renders them correctly.
+
+Usage:
+    python extract_template_zip.py <zip_path> <dest_dir>
+
+Prints the path to the extracted template root on stdout.
+"""
+
+import os
+import sys
+import zipfile
+
+
+def extract(zip_path: str, dest: str) -> str:
+    """Extract the zip, renaming only the top-level template directory."""
+    with zipfile.ZipFile(zip_path) as zf:
+        for info in zf.infolist():
+            parts = info.filename.split("/")
+
+            safe = []
+            for i, part in enumerate(parts):
+                # Index 0 is the repo root (e.g. ai-native-python-<sha>).
+                # Index 1 is the template directory with NTFS-illegal chars.
+                if i == 1 and "{{cookiecutter." in part:
+                    safe.append("{{cookiecutter.project_name}}")
+                else:
+                    safe.append(part)
+
+            target = os.path.join(dest, *[s for s in safe if s])
+
+            if info.is_dir():
+                os.makedirs(target, exist_ok=True)
+            else:
+                os.makedirs(os.path.dirname(target), exist_ok=True)
+                with zf.open(info) as src, open(target, "wb") as dst:
+                    dst.write(src.read())
+
+    return os.path.join(dest, os.listdir(dest)[0])
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 3:
+        print(f"Usage: {sys.argv[0]} <zip_path> <dest_dir>", file=sys.stderr)
+        sys.exit(1)
+    print(extract(sys.argv[1], sys.argv[2]))
