Edge Virtualization Platform v1.43.0

Author: jordi-midokura

.devcontainer/raspi/Dockerfile

@@ -58,7 +58,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && apt-get clean -y\
     && update-alternatives --install /usr/bin/python python /usr/bin/python3 50
 
-RUN echo "deb https://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
+RUN echo "deb https://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
     curl -sL https://apt.llvm.org/llvm-snapshot.gpg.key | tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc && \
     apt-get update && apt-get install -y --no-install-recommends \
     clang-format-${LLVM_VERSION} \

.devcontainer/ubuntu/Dockerfile

@@ -62,7 +62,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 # Remove this once stdeb is fully released for ubuntu:24.04 (python3.12)
 RUN pip3 install git+https://github.com/astraw/stdeb.git --break-system-packages
 
-RUN echo "deb https://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
+RUN echo "deb https://apt.llvm.org/noble/ llvm-toolchain-noble-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
     curl -sL https://apt.llvm.org/llvm-snapshot.gpg.key | tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc && \
     apt-get update && apt-get install -y --no-install-recommends \
     clang-format-${LLVM_VERSION} \

.github/CODEOWNERS

@@ -0,0 +1,20 @@
+# SPDX-FileCopyrightText: 2023-2024 Sony Semiconductor Solutions Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# The sole reason of this file is to make github assign reviews to
+# all team members explicitly.
+# Every member in https://github.com/orgs/midokura/teams/device/members
+# is responsible for review of any PRs in this repo.
+# The each members are intentionally listed here instead of @midokura/device
+# team because we want to assign reviews to individuals, not the team.
+#
+# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners
+
+* @midokura/device
+
+# We need to ensure documentation is validated at PR time.
+# The validation must be done before merging to ensure we can do a release and
+# generate the documentation artifacts safely
+*.md @jimken-mido @midokura/device
+*.rst @jimken-mido @midokura/device

.github/pull_request_template.md

@@ -0,0 +1,16 @@
+<!--
+SPDX-FileCopyrightText: 2023-2024 Sony Semiconductor Solutions Corporation
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+<!-- Start badge -->
+<!-- End badge -->
+
+## What?
+
+Include an explanation of what are the changes about.
+
+## Why?
+
+Include an explanation of why we need the changes.

.github/workflows/build.yml

@@ -0,0 +1,184 @@
+# SPDX-FileCopyrightText: 2023-2024 Sony Semiconductor Solutions Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+on:
+  workflow_call:
+    inputs:
+      builder-tag:
+        description: The builder tag to be used
+        default: latest
+        required: false
+        type: string
+      ref:
+        type: string
+        required: true
+
+jobs:
+  build-agent:
+    name: Agent (${{ matrix.name }}, ${{ matrix.platform }})
+    runs-on: ${{ matrix.runner }}
+    container:
+      image: ghcr.io/${{ github.repository }}/builder-${{ matrix.name }}:${{ inputs.builder-tag }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+      options: ${{ startsWith(matrix.runner, 'buildjet') && '--user 1000:1001' || '--user 1001:127' }}
+    timeout-minutes: 8 # the worst case is 3 minutes
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: raspios-bookworm
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+            platform: arm64
+          - name: ubuntu-noble
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+            platform: arm64
+          - name: ubuntu-noble
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204' || 'ubuntu-24.04' }}
+            platform: amd64
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Build
+        run: bear -- make -j$((`nproc` * 2)) CFLAGS="-g -Werror"
+
+      - name: Generate SBOM
+        run: |
+          ./scripts/sources bin/evp_agent > sources.lst
+          ./scripts/mk-sbom -d -c `dpkg -l libc6 | awk '/libc6/ {print $3}'` sources.lst
+
+      - name: Agent Debian Package
+        run: make dist
+
+      - name: Upload agent debian package
+        uses: actions/upload-artifact@v4
+        with:
+          name: agent-deb-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: evp-agent*.deb
+
+      - name: Upload sdk debian package
+        uses: actions/upload-artifact@v4
+        with:
+          name: libevp-app-sdk-dev-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: libevp-app-sdk-dev*.deb
+
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-agent-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: |
+            compile_commands.json
+            sources.lst
+            sbom.tsv
+            sbom-files.txt
+            sbom-tmp.txt
+
+  build-sdk:
+    name: SDK (${{ matrix.name }}, ${{ matrix.platform }})
+    runs-on: ${{ matrix.runner }}
+    container:
+      image: ghcr.io/${{ github.repository }}/builder-${{ matrix.name }}:${{ inputs.builder-tag }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+      options: ${{ startsWith(matrix.runner, 'buildjet') && '--user 1000:1001' || '--user 1001:127' }}
+    timeout-minutes: 8 # the worst case is 3 minutes
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: raspios-bookworm
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+            platform: arm64
+          - name: ubuntu-noble
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+            platform: arm64
+          - name: ubuntu-noble
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204' || 'ubuntu-24.04' }}
+            platform: amd64
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Build SDK
+        run: make -j$((`nproc` * 2)) sdk \
+          CFLAGS="-O2 -Werror" \
+          KBUILD_DEFCONFIG=configs/linux-docker.config
+
+      - name: Install python test dependencies
+        working-directory: src/python-evp-app-sdk
+        run: |
+          python3 -m venv .venv
+          . .venv/bin/activate
+          pip install \
+            -e . \
+            -r requirements.test.txt
+
+      - name: Run python SDK tests
+        working-directory: src/python-evp-app-sdk
+        run: |
+          . .venv/bin/activate
+          python -m pytest \
+            --cov=evp.app \
+            --cov-report="xml:pysdk-cov.xml" \
+            --junit-xml="pysdk-test-res.xml" \
+            -v
+
+      - name: Publish pytest coverage
+        id: pysdk-cov
+        uses: MishaKav/pytest-coverage-comment@main
+        if: always()
+        with:
+          title: EVP Python Application SDK coverage report
+          badge-title: Python Application SDK
+          coverage-path-prefix: src/python-evp-app-sdk/evp/app/
+          pytest-xml-coverage-path: src/python-evp-app-sdk/pysdk-cov.xml
+          junitxml-path: src/python-evp-app-sdk/pysdk-test-res.xml
+          junitxml-title: Python Application SDK test report
+
+      - name: Publish pytest results to summary
+        if: steps.pysdk-cov.outputs.summaryReport
+        run: echo ${{ steps.pysdk-cov.outputs.summaryReport }}  >> $GITHUB_STEP_SUMMARY
+
+      - name: Build Python package
+        working-directory: src/python-evp-app-sdk
+        run: python3 -m build
+
+      - name: SDK Debian package
+        working-directory: src/python-evp-app-sdk
+        run: python setup.py --command-packages=stdeb.command bdist_deb
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: python-sdk-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: src/python-evp-app-sdk/dist/*
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: python-sdk-deb-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: src/python-evp-app-sdk/deb_dist/*.deb
+
+  run-static-analysis:
+    name: Static Code Analysis
+    runs-on: ubuntu-24.04
+    container:
+      image: ghcr.io/${{ github.repository }}/builder-ubuntu-noble:${{ inputs.builder-tag }}
+      options: --user 1001:127
+    timeout-minutes: 8 # the worst case is 3 minutes
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Run cppcheck analysis
+        run: make -j$((`nproc` * 2)) CFLAGS="-Werror" TOOL=cppcheck analysis

.github/workflows/builder.yml

@@ -0,0 +1,154 @@
+# SPDX-FileCopyrightText: 2023-2024 Sony Semiconductor Solutions Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Build and push builders (if necessary)
+
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: The ref sha to checkout evp-agent
+        type: string
+        required: false
+        default: main
+  workflow_call:
+    inputs:
+      ref:
+        type: string
+        required: false
+    outputs:
+      builder-tag:
+        description: tag
+        value: ${{ jobs.builder-necessary.outputs.builder-tag }}
+
+concurrency:
+  group: ${{ github.workflow }} @ build-builders-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  builder-necessary:
+    name: Is builder necessary?
+    runs-on: ubuntu-24.04
+    outputs:
+      build: ${{ steps.changed-files.outputs.all_changed_and_modified_files != '' }}
+      builder-tag: ${{ steps.builder-tag.outputs.tag }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+
+      - uses: tj-actions/changed-files@v41
+        id: changed-files
+        with:
+          files: |
+            .devcontainer/ubuntu/Dockerfile
+            .devcontainer/raspi/Dockerfile
+            .github/workflows/builder.yml
+
+      - name: Set builder tag
+        id: builder-tag
+        run: |
+          echo "Modified: ${{ steps.changed-files.outputs.all_changed_and_modified_files != '' }}"
+          tag=${{ steps.changed-files.outputs.all_changed_and_modified_files != '' && github.ref != 'refs/heads/main' && github.sha || 'latest' }}
+          echo "github.ref is: ${{ github.ref }}"
+          echo "Is not main branch? ${{ github.ref != 'refs/heads/main' }}"
+          echo "github.sha is: ${{ github.sha }}"
+          echo "Tag: $tag"
+          echo "tag=$tag" >> $GITHUB_OUTPUT
+          echo Modified file list:
+          for file in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}; do
+            echo "$file"
+          done
+
+  build-push-raspi:
+    name: Build and push raspios bookworm builder
+    if: ${{ needs.builder-necessary.outputs.build == 'true' }}
+    needs:
+      - builder-necessary
+    runs-on: ${{ github.event.repository.private && 'buildjet-8vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Github Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          registry: ghcr.io
+
+      - name: Build and push raspios bookworm builder
+        uses: docker/build-push-action@v5
+        with:
+          context: .devcontainer/raspi
+          file: .devcontainer/raspi/Dockerfile
+          push: true
+          tags: ghcr.io/${{ github.repository }}/builder-raspios-bookworm:${{ needs.builder-necessary.outputs.builder-tag }}
+
+  build-push-ubuntu:
+    name: Build and push ubuntu noble (${{ matrix.platform }})
+    if: ${{ needs.builder-necessary.outputs.build == 'true' }}
+    needs:
+      - builder-necessary
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: amd64
+            runner: ${{ github.event.repository.private && 'buildjet-8vcpu-ubuntu-2204' || 'ubuntu-24.04' }}
+          - platform: arm64
+            runner: ${{ github.event.repository.private &&  'buildjet-8vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Github Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          registry: ghcr.io
+
+      - name: Build and push ubuntu builder
+        uses: docker/build-push-action@v5
+        with:
+          context: .devcontainer/ubuntu
+          file: .devcontainer/ubuntu/Dockerfile
+          push: true
+          provenance: false
+          tags: ghcr.io/${{ github.repository }}/builder-ubuntu-noble:${{ needs.builder-necessary.outputs.builder-tag }}-${{ matrix.platform }}
+
+  manifest-ubuntu:
+    if: ${{ needs.builder-necessary.outputs.build == 'true' }}
+    needs:
+      - builder-necessary
+      - build-push-ubuntu
+    name: Docker manifest
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Login to Github Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          registry: ghcr.io
+
+      - name: Create and push multiarch manifests
+        run: |
+          docker manifest create \
+            ghcr.io/${{ github.repository }}/builder-ubuntu-noble:${{ needs.builder-necessary.outputs.builder-tag }} \
+            ghcr.io/${{ github.repository }}/builder-ubuntu-noble:${{ needs.builder-necessary.outputs.builder-tag }}-amd64 \
+            ghcr.io/${{ github.repository }}/builder-ubuntu-noble:${{ needs.builder-necessary.outputs.builder-tag }}-arm64
+            docker manifest push ghcr.io/${{ github.repository }}/builder-ubuntu-noble:${{ needs.builder-necessary.outputs.builder-tag }}