feat: Build to binary + CI/CD job + SBOM

clemlesne · Aug 17, 2024 · 766183c · 766183c
1 parent 3828793
commit 766183c
Show file tree

Hide file tree

Showing 11 changed files with 399 additions and 10 deletions.
diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
@@ -0,0 +1,170 @@
+name: Pipeline
+
+on:
+  push:
+    branches:
+      - develop
+      - feat/*
+      - hotfix/*
+      - main
+  pull_request:
+    branches:
+      - develop
+      - feat/*
+      - hotfix/*
+      - main
+
+jobs:
+  init:
+    name: Init
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    outputs:
+      VERSION: ${{ steps.version.outputs.version }}
+      VERSION_FULL: ${{ steps.version.outputs.version_full }}
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+        with:
+          # We need all Git history for "version.sh"
+          fetch-depth: 0
+          # Ensure "version.sh" submodule are up-to-date
+          submodules: recursive
+
+      - name: Generate versions
+        id: version
+        run: |
+          echo "version=$(bash cicd/version/version.sh -g . -c)" >> $GITHUB_OUTPUT
+          echo "version_full=$(bash cicd/version/version.sh -g . -c -m)" >> $GITHUB_OUTPUT
+
+  build-app:
+    name: Build & publish app
+    permissions:
+      contents: write
+      packages: write
+    runs-on: ${{ matrix.os }}
+    needs:
+      - init
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          # Last 2 versions of macOS
+          - macos-13
+          - macos-14
+          # Last 2 versions of Ubuntu
+          - ubuntu-22.04
+          - ubuntu-24.04
+          # Last 2 versions of Windows
+          - windows-2019
+          - windows-2022
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+
+      - name: Configure Git
+        run: |
+          git config user.name "${{ github.actor }}"
+          git config user.email "${{ github.actor }}@users.noreply.github.com"
+
+      - name: Set up Python
+        uses: actions/[email protected]
+        with:
+          cache: pip
+          python-version: "3.12"
+
+      - name: Install make (Windows)
+        if: runner.os == 'Windows'
+        run: choco install make
+
+      - name: Install dependencies
+        run: |
+          python3 -m pip install --upgrade pip wheel setuptools
+          make install-deps
+
+      - name: Install dependencies (Windows)
+        if: runner.os == 'Windows'
+        run: |
+          python3 -m pip install pywin32-ctypes pefile
+
+      - name: Build to binary
+        run: make build
+
+      - name: Rename binary (Linux)
+        if: runner.os == 'Linux' || runner.os == 'macOS'
+        run: mv dist/scrape-it-now dist/scrape-it-now-${{ needs.init.outputs.VERSION }}-${{ matrix.os }}
+
+      - name: Rename binary (Windows)
+        if: runner.os == 'Windows'
+        run: mv dist\scrape-it-now.exe dist\scrape-it-now-${{ needs.init.outputs.VERSION }}-${{ matrix.os }}.exe
+
+      - name: Upload artifact
+        uses: actions/[email protected]
+        with:
+          name: binary-${{ matrix.os }}
+          path: dist/*
+
+  attest-dependencies:
+    name: Attest - Dependencies
+    permissions:
+      contents: write
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+
+      - name: Run attestation
+        uses: advanced-security/[email protected]
+        with:
+          directoryExclusionList: docs
+
+  attest-sbom:
+    name: Attest - SBOM
+    runs-on: ubuntu-22.04
+    needs:
+      - init
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+
+      - name: Init Syft
+        uses: anchore/sbom-action/[email protected]
+
+      - name: Run attestation
+        run: make sbom version_full=${{ needs.init.outputs.VERSION_FULL }}
+
+      - name: Upload results to release
+        uses: actions/[email protected]
+        with:
+          name: sbom
+          path: sbom-reports/*
+
+  publish-release:
+    name: Release
+    permissions:
+      contents: write
+    runs-on: ubuntu-22.04
+    needs:
+      - attest-dependencies
+      - attest-sbom
+      - build-app
+      - init
+    # Only publish on non-scheduled default branch
+    # if: (github.event_name != 'schedule') && (github.ref == 'refs/heads/main')
+    steps:
+      - name: Download artifacts
+        id: download
+        uses: actions/[email protected]
+        with:
+          merge-multiple: true
+          path: artifacts
+
+      - name: Publish
+        uses: softprops/[email protected]
+        with:
+          files: artifacts/*
+          generate_release_notes: true
+          make_latest: true
+          name: scrape-it-now v${{ needs.init.outputs.VERSION }}
+          tag_name: ${{ needs.init.outputs.VERSION }}
diff --git a/.syft.yaml b/.syft.yaml
@@ -5,4 +5,4 @@ python:
   guess-unpinned-requirements: true
 
 source:
-  name: Solution Architect AI
+  name: scrape-it-now
diff --git a/Makefile b/Makefile
@@ -1,3 +1,5 @@
+.PHONY: version version-full install upgrade test dev build lint
+
 # Versioning
 version_full ?= $(shell $(MAKE) --silent version-full)
 version_small ?= $(shell $(MAKE) --silent version)
@@ -19,22 +21,29 @@ version:
 version-full:
 	@bash ./cicd/version/version.sh -g . -c -m
 
+brew:
+	@echo "➡️ Installing Syft..."
+	brew install syft
+
 install:
+	$(MAKE) install-deps
+
+	@echo "➡️ Installing Playwright dependencies..."
+	python3 -m playwright install chrome --with-deps
+
+install-deps:
 	@echo "➡️ Installing pip-tools..."
 	python3 -m pip install pip-tools
 
 	@echo "➡️ Syncing dependencies..."
 	pip-sync --pip-args "--no-deps" requirements-dev.txt
 
-	@echo "➡️ Installing Playwright dependencies..."
-	python3 -m playwright install chrome --with-deps
-
 upgrade:
 	@echo "➡️ Updating Git submodules..."
 	git submodule update --init --recursive
 
 	@echo "➡️ Upgrading pip..."
-	python3 -m pip install --upgrade pip wheel
+	python3 -m pip install --upgrade pip wheel setuptools
 
 	@echo "➡️ Upgrading pip-tools..."
 	python3 -m pip install --upgrade pip-tools
@@ -73,9 +82,27 @@ dev:
 	python3 -m pip install --editable .
 	@echo "Now you can run 'scrape-it-now' CLI!"
 
+build:
+	@echo "➡️ Building app..."
+	pyinstaller \
+		--add-data resources:resources \
+		--clean \
+		--icon resources/logo.ico \
+		--name scrape-it-now \
+		--onefile \
+		--optimize 2 \
+		app/app.py
+
 lint:
 	@echo "➡️ Fix with generic formatter (Black)..."
 	python3 -m black .
 
 	@echo "➡️ Fix with import formatter (isort)..."
 	python3 -m isort --jobs -1 .
+
+sbom:
+	@echo "🔍 Generating SBOM..."
+	syft scan \
+		--source-version $(version_full)  \
+		--output spdx-json=./sbom-reports/$(version_full).json \
+		.
diff --git a/app/app.py b/app/app.py
@@ -1,4 +1,4 @@
-import asyncio, functools, random, re, string
+import asyncio, functools, random, re, string, sys
 from os import cpu_count
 from platform import python_version
 
@@ -369,3 +369,7 @@ def _job_name(job_name: str | None) -> str:
     return job_name or "".join(
         random.choices(string.ascii_lowercase + string.digits, k=7)
     )
+
+
+if getattr(sys, "frozen", False):
+    cli(sys.argv[1:])
diff --git a/app/helpers/resources.py b/app/helpers/resources.py
@@ -1,6 +1,8 @@
+from os import makedirs
 import hashlib, os
 from os import path
 from pathlib import Path
+import click
 
 
 def resources_dir(folder: str) -> str:
@@ -56,3 +58,23 @@ def hash_url(url: str) -> str:
         url.encode(),
         usedforsecurity=False,
     ).hexdigest()
+
+
+def cache_dir() -> str:
+    """
+    Get the path to the cache directory.
+
+    See: https://click.palletsprojects.com/en/8.1.x/api/#click.get_app_dir
+    """
+    res = click.get_app_dir("scrape-it-now")
+    # Create if not exists
+    if not path.exists(res):
+        makedirs(res)
+    return res
+
+
+def browsers_path() -> str:
+    """
+    Get the path to the browser executable.
+    """
+    return path.join(cache_dir(), "browsers")