Prepare release 1.43.0

.devcontainer/raspi/Dockerfile

@@ -58,7 +58,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && apt-get clean -y\
     && update-alternatives --install /usr/bin/python python /usr/bin/python3 50
 
-RUN echo "deb https://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
+RUN echo "deb https://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
     curl -sL https://apt.llvm.org/llvm-snapshot.gpg.key | tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc && \
     apt-get update && apt-get install -y --no-install-recommends \
     clang-format-${LLVM_VERSION} \

.devcontainer/ubuntu/Dockerfile

@@ -62,7 +62,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 # Remove this once stdeb is fully released for ubuntu:24.04 (python3.12)
 RUN pip3 install git+https://github.com/astraw/stdeb.git --break-system-packages
 
-RUN echo "deb https://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
+RUN echo "deb https://apt.llvm.org/noble/ llvm-toolchain-noble-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
     curl -sL https://apt.llvm.org/llvm-snapshot.gpg.key | tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc && \
     apt-get update && apt-get install -y --no-install-recommends \
     clang-format-${LLVM_VERSION} \

.github/CODEOWNERS

@@ -0,0 +1,20 @@
+# SPDX-FileCopyrightText: 2023-2024 Sony Semiconductor Solutions Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# The sole reason of this file is to make github assign reviews to
+# all team members explicitly.
+# Every member in https://github.com/orgs/midokura/teams/device/members
+# is responsible for review of any PRs in this repo.
+# The each members are intentionally listed here instead of @midokura/device
+# team because we want to assign reviews to individuals, not the team.
+#
+# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners
+
+* @midokura/device
+
+# We need to ensure documentation is validated at PR time.
+# The validation must be done before merging to ensure we can do a release and
+# generate the documentation artifacts safely
+*.md @jimken-mido @midokura/device
+*.rst @jimken-mido @midokura/device

.github/pull_request_template.md

@@ -0,0 +1,16 @@
+<!--
+SPDX-FileCopyrightText: 2023-2024 Sony Semiconductor Solutions Corporation
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+<!-- Start badge -->
+<!-- End badge -->
+
+## What?
+
+Include an explanation of what are the changes about.
+
+## Why?
+
+Include an explanation of why we need the changes.

.github/workflows/build.yml

@@ -0,0 +1,189 @@
+# SPDX-FileCopyrightText: 2023-2024 Sony Semiconductor Solutions Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+on:
+  workflow_call:
+    inputs:
+      builder-tag:
+        description: The builder tag to be used
+        default: latest
+        required: false
+        type: string
+      package-namespace:
+        description: The package namespace for docker images
+        default: ${{ github.repository }}
+        required: false
+        type: string
+      ref:
+        type: string
+        required: true
+
+jobs:
+  build-agent:
+    name: Agent (${{ matrix.name }}, ${{ matrix.platform }})
+    runs-on: ${{ matrix.runner }}
+    container:
+      image: ghcr.io/${{ inputs.package-namespace }}/builder-${{ matrix.name }}:${{ inputs.builder-tag }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+      options: ${{ startsWith(matrix.runner, 'buildjet') && '--user 1000:1001' || '--user 1001:127' }}
+    timeout-minutes: 8 # the worst case is 3 minutes
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: raspios-bookworm
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+            platform: arm64
+          - name: ubuntu-noble
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+            platform: arm64
+          - name: ubuntu-noble
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204' || 'ubuntu-24.04' }}
+            platform: amd64
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Build
+        run: bear -- make -j$((`nproc` * 2)) CFLAGS="-g -Werror"
+
+      - name: Generate SBOM
+        run: |
+          ./scripts/sources bin/evp_agent > sources.lst
+          ./scripts/mk-sbom -d -c `dpkg -l libc6 | awk '/libc6/ {print $3}'` sources.lst
+
+      - name: Agent Debian Package
+        run: make dist
+
+      - name: Upload agent debian package
+        uses: actions/upload-artifact@v4
+        with:
+          name: agent-deb-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: evp-agent*.deb
+
+      - name: Upload sdk debian package
+        uses: actions/upload-artifact@v4
+        with:
+          name: libevp-app-sdk-dev-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: libevp-app-sdk-dev*.deb
+
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-agent-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: |
+            compile_commands.json
+            sources.lst
+            sbom.tsv
+            sbom-files.txt
+            sbom-tmp.txt
+
+  build-sdk:
+    name: SDK (${{ matrix.name }}, ${{ matrix.platform }})
+    runs-on: ${{ matrix.runner }}
+    container:
+      image: ghcr.io/${{ inputs.package-namespace }}/builder-${{ matrix.name }}:${{ inputs.builder-tag }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+      options: ${{ startsWith(matrix.runner, 'buildjet') && '--user 1000:1001' || '--user 1001:127' }}
+    timeout-minutes: 8 # the worst case is 3 minutes
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: raspios-bookworm
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+            platform: arm64
+          - name: ubuntu-noble
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204-arm' || 'ubuntu-24.04-arm' }}
+            platform: arm64
+          - name: ubuntu-noble
+            runner: ${{ github.event.repository.private && 'buildjet-4vcpu-ubuntu-2204' || 'ubuntu-24.04' }}
+            platform: amd64
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Build SDK
+        run: make -j$((`nproc` * 2)) sdk \
+          CFLAGS="-O2 -Werror" \
+          KBUILD_DEFCONFIG=configs/linux-docker.config
+
+      - name: Install python test dependencies
+        working-directory: src/python-evp-app-sdk
+        run: |
+          python3 -m venv .venv
+          . .venv/bin/activate
+          pip install \
+            -e . \
+            -r requirements.test.txt
+
+      - name: Run python SDK tests
+        working-directory: src/python-evp-app-sdk
+        run: |
+          . .venv/bin/activate
+          python -m pytest \
+            --cov=evp.app \
+            --cov-report="xml:pysdk-cov.xml" \
+            --junit-xml="pysdk-test-res.xml" \
+            -v
+
+      - name: Publish pytest coverage
+        id: pysdk-cov
+        uses: MishaKav/pytest-coverage-comment@main
+        if: always()
+        with:
+          title: EVP Python Application SDK coverage report
+          badge-title: Python Application SDK
+          coverage-path-prefix: src/python-evp-app-sdk/evp/app/
+          pytest-xml-coverage-path: src/python-evp-app-sdk/pysdk-cov.xml
+          junitxml-path: src/python-evp-app-sdk/pysdk-test-res.xml
+          junitxml-title: Python Application SDK test report
+
+      - name: Publish pytest results to summary
+        if: steps.pysdk-cov.outputs.summaryReport
+        run: echo ${{ steps.pysdk-cov.outputs.summaryReport }}  >> $GITHUB_STEP_SUMMARY
+
+      - name: Build Python package
+        working-directory: src/python-evp-app-sdk
+        run: python3 -m build
+
+      - name: SDK Debian package
+        working-directory: src/python-evp-app-sdk
+        run: python setup.py --command-packages=stdeb.command bdist_deb
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: python-sdk-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: src/python-evp-app-sdk/dist/*
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: python-sdk-deb-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
+          path: src/python-evp-app-sdk/deb_dist/*.deb
+
+  run-static-analysis:
+    name: Static Code Analysis
+    runs-on: ubuntu-24.04
+    container:
+      image: ghcr.io/${{ inputs.package-namespace }}/builder-ubuntu-noble:${{ inputs.builder-tag }}
+      options: --user 1001:127
+    timeout-minutes: 8 # the worst case is 3 minutes
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Run cppcheck analysis
+        run: make -j$((`nproc` * 2)) CFLAGS="-Werror" TOOL=cppcheck analysis