app-bricks-py/Taskfile.dist.yml at main · beanrepo/app-bricks-py · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
version: "3"

vars:
  PYTHON_VERSION_MIN: "3.13"
  LICENSED_VERSION: '5.0.6'

tasks:
  init:
    desc: Setup local env
    cmds:
      - task: check:python:version
      - task: install:deps

  init:ci:
    desc: Initialize CI environment
    deps:
      - init
    cmds:
      - pip install reuse

  check:python:version:
    desc: Check if Python version is at least {{.PYTHON_VERSION_MIN}}
    cmds:
      - |
        check_version() {
          python_alias=$1
          python_version=$($python_alias --version 2>&1 | awk '{print $2}')
          required_version="{{.PYTHON_VERSION_MIN}}"
          if [ "$(printf '%s\n' "$required_version" "$python_version" | sort -V | head -n1)" != "$required_version" ]; then
            echo "$python_alias version must be at least $required_version. Current version: $python_version"
            exit 1
          fi
        }

        check_version python

  install:deps:
    desc: Install project dependencies
    cmds:
      - apt-get update
      - apt-get install -y --no-install-recommends --no-install-suggests libasound2-dev portaudio19-dev libzbar0
      - apt-get install -y --no-install-recommends --no-install-suggests gh git ca-certificates build-essential pkg-config
      - apt-get install -y --no-install-recommends --no-install-suggests python3 python3-dev python3-pip python-is-python3
      - apt-get install -y --no-install-recommends --no-install-suggests libavcodec-dev libavformat-dev libavutil-dev libswscale-dev
      - apt-get install -y --no-install-recommends --no-install-suggests libjpeg62-turbo-dev libpng-dev libtiff-dev libwebp-dev libopenblas-dev liblapacke-dev
      - apt-get install -y --no-install-recommends --no-install-suggests libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev
      - pip install --no-cache-dir build
      - pip install --no-cache-dir -e ".[dev]"

  doc:
    desc: Generate documentation
    cmds:
      - python -m docs_generator.runner

  test:
    desc: Run all unit tests
    cmds:
      - pytest -vs ./tests --ignore=tests/arduino/app_bricks/cloud_llm/

  llm_test:
    desc: Run all LLM tests
    cmds:
      - deepeval test run tests/arduino/app_bricks/cloud_llm/ -n 4 -vs

  test:*:
    desc: Run tests for a specific folder
    cmds:
      - pytest -vs ./tests/{{index .MATCH 0}}

  lint:
    desc: Run linters
    cmds:
      - ruff check --fix .

  fmt:
    desc: Format code
    cmds:
      - ruff format

  build-dev:
    desc: Build a development package
    cmds:
      - rm -rf dist
      - task doc
      - python -m build --config-setting "build_type=dev" .

  build:
    desc: Build a production package
    cmds:
      - rm -rf dist
      - task doc
      - python -m build .

  license:headers:
    desc: Update SPDX license headers (REUSE)
    cmds:
      - |
        git ls-files |
        grep -Ev "(^|/)(docs|examples-internal|tools)/|\.(md|txt|json|yml|yaml|toml|gitignore|gitmodules|in|ini|eim)$" |
        sed 's/ /\\ /g' |
        xargs reuse annotate -r --skip-unrecognized --copyright-prefix 'spdx-string-c' --copyright 'ARDUINO SRL (http://www.arduino.cc)' --exclude-year --license 'MPL-2.0'
      - reuse download --all
      - |
        licenses_dir="LICENSES"
        if [ -d "$licenses_dir" ]; then
          if [ -f "$licenses_dir/MPL-2.0.txt" ]; then
            mv "$licenses_dir/MPL-2.0.txt" LICENSE.txt
          fi
          rm -rf "$licenses_dir"
        fi
        # Strip trailing whitespace from license files.
        # The upstream SPDX license texts (fetched by `reuse download`)
        # contain stray trailing spaces that break license parsers such
        # as `licensed`.  `sed -i` is POSIX-portable and available on
        # every GitHub Actions runner.
        find . -maxdepth 1 -name 'LICENSE*' -type f -exec sed -i 's/[[:space:]]*$//' {} +

  license:init-venvs:
    desc: Dynamically create virtual environments for licensed dependency scanning
    internal: true
    cmds:
      - |
        echo "Creating library venv (.licensed-venv)..."
        python3 -m venv .licensed-venv
        .licensed-venv/bin/python -m pip install --upgrade pip -q
        SETUPTOOLS_SCM_PRETEND_VERSION=0.0.0 .licensed-venv/bin/pip install -q ".[all]"
      - |
        for d in containers/*/; do
          venv_path="$d.licensed-venv"
          reqs=()
          [ -f "$d/requirements-base.txt" ] && reqs+=("$d/requirements-base.txt")
          [ -f "$d/requirements.txt" ] && reqs+=("$d/requirements.txt")
          if [ ${#reqs[@]} -gt 0 ]; then
            echo "Creating venv for $d ($venv_path)..."
            python3 -m venv "$venv_path"
            "$venv_path"/bin/python -m pip install --upgrade pip -q
            failed_pkgs=()
            for req in "${reqs[@]}"; do
              while IFS= read -r line || [ -n "$line" ]; do
                pkg=$(echo "$line" | sed 's/#.*//;s/^[[:space:]]*//;s/[[:space:]]*$//')
                [ -z "$pkg" ] && continue
                "$venv_path"/bin/pip install -q "$pkg" || failed_pkgs+=("$pkg")
              done < "$req"
            done
            if [ ${#failed_pkgs[@]} -gt 0 ]; then
              for pkg in "${failed_pkgs[@]}"; do
                echo "::warning::Failed to install $pkg in $venv_path" >&2
              done
            fi
          else
            echo "No requirements found for $d, skipping venv creation."
          fi
        done

  license:cleanup-venvs:
    desc: Remove all persistent licensed virtual environments (manual only)
    internal: true
    cmds:
      - rm -rf .licensed-venv
      - rm -rf containers/*/.licensed-venv

  install:licensed:
    desc: Install or verify licensed Ruby gem
    cmds:
      - |
        if command -v licensed &> /dev/null; then
          INSTALLED=$(licensed version 2>/dev/null || echo "0")
          if echo "$INSTALLED" | grep -q "{{.LICENSED_VERSION}}"; then
            echo "licensed {{.LICENSED_VERSION}} already installed."
            exit 0
          fi
        fi
        if [[ "${CI:-}" == "true" ]]; then
          gem install licensed -v {{.LICENSED_VERSION}}
        else
          echo "Please install licensed v{{.LICENSED_VERSION}} manually: gem install licensed -v {{.LICENSED_VERSION}}"
          exit 1
        fi

  license:deps:
    desc: Check and cache dependency licenses (licensed)
    cmds:
      - task: license:init-venvs
      - task: install:licensed
      - licensed cache
      - licensed status || true

  license:
    desc: Update license headers, files, and dependency license caches
    cmds:
      - task: license:headers
      - task: license:deps

  sbom:generate:internal:
    internal: true
    cmds:
      - |
        if [ -z "{{.IMAGE}}" ] || [ -z "{{.TAG}}" ] || [ -z "{{.FILENAME}}" ]; then
          echo "Error: IMAGE, TAG, and FILENAME must be set."
          exit 1
        fi

        docker sbom "{{.IMAGE}}:{{.TAG}}" --output "{{.FILENAME}}" --format spdx-json

  sbom:update:internal:
    internal: true
    cmds:
      - task: sbom:generate:internal
        vars:
          IMAGE: '{{.IMAGE}}'
          TAG: '{{.TAG}}'
          FILENAME: '{{.DIR}}/sbom_new.json'
      - |
        NEW_SBOM="{{.DIR}}/sbom_new.json"
        TMP_FILE="{{.DIR}}/sbom_tmp.json"
        CURRENT_SBOM="{{.DIR}}/sbom.spdx.json"

        jq --indent 1 --argfile current "$CURRENT_SBOM" '
          .packages |= map(
            . as $outer
            | if $outer.licenseDeclared == "NONE" or $outer.licenseDeclared == "NOASSERTION" then
                (
                 [$current.packages[]
                    | select(.name == $outer.name and .versionInfo == $outer.versionInfo)
                  ] | first
                ) as $matched
                | if $matched != null and $matched.licenseDeclared != null then
                    $outer
                    + {licenseDeclared: $matched.licenseDeclared}
                    + (if $matched.comment != null then {comment: $matched.comment} else {} end)
                  else
                    $outer
                  end
              else
                $outer
              end
          )
        ' "$NEW_SBOM" > "$TMP_FILE"

        cp "$TMP_FILE" "$CURRENT_SBOM"
        rm -f "$NEW_SBOM" "$TMP_FILE"

  sbom:
    desc: "Update SBOM files for python-apps-base and ei-models-runner containers. Parameters: BRICKS_TAG and EI_TAG."
    cmds:
      - task: sbom:update:internal
        vars:
          IMAGE: 'public.ecr.aws/arduino/app-bricks/python-apps-base'
          TAG: '{{.BRICKS_TAG}}'
          DIR: './containers/python-apps-base'
      - task: sbom:update:internal
        vars:
          IMAGE: 'public.ecr.aws/arduino/app-bricks/ei-models-runner'
          TAG: '{{.EI_TAG}}'
          DIR: './containers/ei-models-runner'

  sbom:delta:
    desc: Generate delta SBOMs for containers (requires syft and registry access)
    cmds:
      - python3 ./scripts/sbom_delta.py {{.CLI_ARGS}}