Merge branch 'main' into 237-custom-pipelines-docs

Author: tdruez

CHANGELOG.rst

@@ -3,6 +3,10 @@
 
 ### unreleased
 
+- Add ability to register custom pipelines through a new SCANCODEIO_PIPELINES_DIRS
+  setting.
+  https://github.com/nexB/scancode.io/issues/237
+
 - Add a pipeline `scan_package.ScanPackage` to scan a single package archive with
   ScanCode-toolkit.
   https://github.com/nexB/scancode.io/issues/25

docs/introduction.rst

@@ -32,16 +32,16 @@ that are adapted to a software project's unique context and technology platform
 can be difficult. This will require deploying and running multiple specialized
 tools and merge their results with a consistent workflow. Moreover,
 when reusing thousands of open source packages is becoming commonplace,
-code scans pipelines need to be scripted as code and running on servers backed
+code scans pipelines need to be scripted as code is running on servers backed
 by a shared database, not on a laptop.
 
 For instance, when you analyze Docker container images, there could be hundreds
 to thousands of system packages, such as Debian, RPM, Alpine, and application
 packages, including npm, PyPI, Rubygems, Maven, installed in an image
-side-by-side with your own code. Taking care of all these can be
+side-by-side with your own code. Taking care of all this can be
 an extremely hard task, and that's when **ScanCode.io** comes into play to help
 organizing these complex code analysis as scripted pipelines and store their
-results in a uniform database for automated code analysis.
+results in a database for automated code analysis.
 
 
 What is ScanPipe?
@@ -73,9 +73,10 @@ are planning to start a new one, consider the following questions:
 2. **Complexity**: Does the project use many third-party components or technologies?
 3. **Reproducibility**: Is it important that the results are reproducible, traceable, and auditable?
 
-If you answered "yes" to any of the above, keep reading - ScanPipe can help you.
-If the answer is "no" to all of the above, which is a valid scenario, e.g., when you
-are doing small-scale analysis, ScanPipe may provide only limited benefit for you.
+If you answered **"yes"** to any of the above, keep reading - ScanPipe can help
+you. If the answer is **"no"** to all of the above, which is a valid scenario,
+e.g., when you are doing small-scale analysis, ScanPipe may provide only limited
+benefit for you.
 
 The first set of available pipelines helps automate the analysis of Docker
 container images and virtual machine (VM) disk images that often harbor

docs/run-docker.rst

@@ -27,8 +27,8 @@ create an environment file, and build the Docker image::
     docker-compose build
 
 .. note::
-    The image will need to be re-build when the ScanCode.io app source code if
-    modified or updated.
+    The image will need to be re-build when the ScanCode.io source code is modified or
+    updated.
 
 Run the Image
 -------------

docs/scancodeio-settings.rst

@@ -74,6 +74,15 @@ of parallel processes to 4::
 
     SCANCODE_DEFAULT_OPTIONS=--processes 4,--timeout 120
 
+SCANCODEIO_PIPELINES_DIRS
+-------------------------
+
+This setting defines the additional locations ScanCode.io will search for pipelines.
+This should be set to a list of comma-separated strings that contain full paths to your additional
+pipelines directories::
+
+    SCANCODEIO_PIPELINES_DIRS=/var/scancodeio/pipelines/,/home/user/pipelines/
+
 SCANCODEIO_POLICIES_FILE
 ------------------------
 

docs/scanpipe-output.rst

@@ -1,7 +1,7 @@
 .. _scanpipe_output:
 
-Output
-======
+Output Files
+============
 
 Whether you use the command line or the web application to run your
 scans, the generated results are available for review or export in

docs/scanpipe-pipelines.rst

@@ -29,3 +29,8 @@ Scan Codebase
 -------------
 .. autoclass:: scanpipe.pipelines.scan_codebase.ScanCodebase()
     :members:
+
+Scan Package
+------------
+.. autoclass:: scanpipe.pipelines.scan_package.ScanPackage()
+    :members:

docs/tutorial-1.rst

@@ -1,7 +1,7 @@
 .. _tutorial_1:
 
-Docker Image Analysis (command line)
-====================================
+Analyze Docker Image (command line)
+===================================
 
 In this tutorial, you will learn by example how to use ScanCode.io to analyze
 a test Docker image by following the given steps and, along the way,

docs/tutorial-2.rst

@@ -1,37 +1,69 @@
 .. _tutorial_2:
 
-Scan Codebase (command line)
-============================
+Analyze Codebase (command line)
+===============================
+
+The focus of this tutorial is to guide you through scanning a codebase package
+using ScanCode.io.
+
+.. note::
+    This tutorial assumes you have a current version of ScanCode.io installed
+    locally on your machine. If you do not have it installed,
+    see our :ref:`installation` guide for instructions.
 
 Requirements
 ------------
+Before you follow the instructions in this tutorial, you need to:
 
-- **ScanCode.io is installed**, see :ref:`installation`
-- **Shell access** on the machine where ScanCode.io is installed
+- Install **ScanCode.io** locally
+- Download the following **package archive** and save it to your home directory: `asgiref-3.3.0-py3-none-any.whl <https://files.pythonhosted.org/packages/c0/e8/578887011652048c2d273bf98839a11020891917f3aa638a0bc9ac04d653/asgiref-3.3.0-py3-none-any.whl>`_
+- Have **Shell access** on the machine where ScanCode.io is installed
 
+Instructions
+------------
 
-Before you start
-----------------
+- Open a shell in the ScanCode.io installation directory and activate the
+  virtual environment - **virtualenv**:
 
-Download the following package archive save this in your home directory:
-`asgiref-3.3.0-py3-none-any.whl <https://files.pythonhosted.org/packages/c0/e8/578887011652048c2d273bf98839a11020891917f3aa638a0bc9ac04d653/asgiref-3.3.0-py3-none-any.whl>`_
+.. code-block:: console
 
+    $ source bin/activate
 
-Step-by-step
-------------
+.. code-block:: console
 
-- Open a shell in the ScanCode.io installation directory and activate the virtualenv::
+    >> (scancodeio) $
 
-    $ source bin/activate
+- Create a new project named ``asgiref``:
 
-- The following command will create a new project named ``asgiref``,
-  add the archive as an input for the project,
-  add the ``scan_codebase`` pipeline, and execute it::
+.. code-block:: console
 
-    $ scanpipe create-project asgiref \
-        --input-file ~/asgiref-3.3.0-py3-none-any.whl \
-        --pipeline scan_codebase \
-        --execute
+    $ scanpipe create-project asgiref
+
+.. code-block:: console
+
+    >> Project asgiref created with work directory projects/asgiref-072c89db
+
+- Add the package archive to the project workspace's :guilabel:`input/`
+  directory:
+
+.. code-block:: bash
+
+    $ scanpipe add-input --project asgiref --input-file ~/asgiref-3.3.0-py3-none-any.whl
+
+.. code-block:: console
+
+    >> File(s) copied to the project inputs directory:
+      - asgiref-3.3.0-py3-none-any.whl
+
+- Add the ``scan_codebase`` pipeline to your project:
+
+.. code-block:: console
+
+    $ scanpipe add-pipeline --project asgiref scan_codebase
+
+.. code-block:: console
+
+    >> Pipeline(s) added to the project
 
 .. note::
     The content of the :guilabel:`input/` directory will be copied in the
@@ -41,5 +73,36 @@ Step-by-step
     :guilabel:`codebase/` directory in which case the ``--input`` option can be
     omitted.
 
-- The scan results as JSON and CSV will be available in the project
-  :guilabel:`output/` directory.
+- Run the ``scan_codebase`` pipeline on your project. The pipeline execution
+  progress is shown within the following command's output:
+
+.. code-block:: bash
+
+    $ scanpipe execute --project asgiref
+
+.. code-block:: console
+
+    >> Pipeline scan_codebase run in progress..
+       2021-07-12 17:45:53.85 Pipeline [scan_codebase] starting
+       2021-07-12 17:45:53.85 Step [copy_inputs_to_codebase_directory] starting
+       2021-07-12 17:45:53.86 Step [copy_inputs_to_codebase_directory] completed in 0.00 seconds
+       2021-07-12 17:45:53.86 Step [run_extractcode] starting
+       [...]
+       2021-07-12 17:46:01.61 Pipeline completed
+
+- Finally, you can view your scan results in JSON or CSV file formats inside
+  the project's :guilabel:`output/` directory.
+
+.. tip::
+    The ``inputs`` and ``pipelines`` can be provided at the same time when
+    calling the ``create-project`` command. For instance, the following command
+    will create a new project named ``asgiref``, add the package archive as the
+    project input, add the ``scan_codebase`` pipeline to the project, and
+    execute it:
+
+.. code-block:: bash
+
+    $ scanpipe create-project asgiref \
+        --input-file ~/asgiref-3.3.0-py3-none-any.whl \
+        --pipeline scan_codebase \
+        --execute

docs/user-interface.rst

@@ -90,8 +90,8 @@ to your project by clicking the **"Add inputs"** and **"Add pipeline"** buttons.
 .. image:: images/UI-4-new.png
 
 .. warning::
-    You will not be able to add more inputs once a pipeline has been run on the project.
-    You can add and run more pipelines though.
+    You will not be able to add any extra inputs once a pipeline has been run on
+    the project. However, you still can add and run extra pipelines as needed!
 
 Within each project, you can view your project details, review the results of
 the pipeline execution, or download the output files.

scancodeio/settings/base.py

@@ -53,6 +53,11 @@
 
 SCANCODEIO_POLICIES_FILE = env.str("SCANCODEIO_POLICIES_FILE", default="policies.yml")
 
+# This setting defines the additional locations ScanCode.io will search for pipelines.
+# This should be set to a list of strings that contain full paths to your additional
+# pipelines directories.
+SCANCODEIO_PIPELINES_DIRS = env.list("SCANCODEIO_PIPELINES_DIRS", default=[])
+
 # Application definition
 
 INSTALLED_APPS = (