Merge branch 'main' into dcalavrezo_clippy

Author: FScholPer

.bazelrc

@@ -22,7 +22,6 @@ build --@rules_rust//rust/settings:clippy.toml=@score_rust_policies//clippy/stri
 
 # Flags needed by score_baselibs and communication modules.
 # Do not add more!
-build --@score_baselibs//score/mw/log/detail/flags:KUse_Stub_Implementation_Only=False
 build --@score_baselibs//score/mw/log/flags:KRemote_Logging=False
 build --@score_baselibs//score/json:base_library=nlohmann
 build --@score_communication//score/mw/com/flags:tracing_library=stub
@@ -47,6 +46,13 @@ build:bl-x86_64-qnx --config=_bl_common
 build:bl-x86_64-qnx --platforms=@score_bazel_platforms//:x86_64-qnx
 build:bl-x86_64-qnx --extra_toolchains=@toolchains_qnx_qcc//:qcc_x86_64
 
+# This config is for internal module usage ONLY.
+build:bl-x86_64-linux-autosd --config=_bl_common
+build:bl-x86_64-linux-autosd --define=score_sw_platform=autosd
+build:bl-x86_64-linux-autosd --platforms=@score_bazel_platforms//:x86_64-linux
+build:bl-x86_64-linux-autosd --extra_toolchains=@autosd_10_gcc_repo//:gcc_toolchain_linux_x86_64
+build:bl-x86_64-linux-autosd --force_pic
+
 # This config is for internal module usage ONLY.
 test:bl-x86_64-linux --config=_bl_common
 test:bl-x86_64-linux --build_tests_only

.devcontainer/devcontainer.json

@@ -1,5 +1,6 @@
 {
     "name": "eclipse-s-core",
-    "image": "ghcr.io/eclipse-score/devcontainer:1.0.0",
+    "image": "ghcr.io/eclipse-score/devcontainer:v1.1.0",
+    "postCreateCommand": "bash .devcontainer/prepare_workspace.sh",
     "postStartCommand": "ssh-keygen -f '/home/vscode/.ssh/known_hosts' -R '[localhost]:2222' || true"
 }

.devcontainer/prepare_workspace.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -euo pipefail
+
+# Install pipx
+sudo apt update
+sudo apt install -y pipx
+
+# Install gita
+pipx install gita
+
+# Enable bash autocompletion for gita
+echo "eval \"\$(register-python-argcomplete gita -s bash)\"" >> ~/.bashrc
+
+# Set GITA_PROJECT_HOME environment variable
+echo "export GITA_PROJECT_HOME=$(pwd)/.gita" >> ~/.bashrc
+GITA_PROJECT_HOME=$(pwd)/.gita
+mkdir -p "$GITA_PROJECT_HOME"
+export GITA_PROJECT_HOME
+
+# Generate workspace metadata files from known_good.json:
+# - .gita-workspace.csv
+python3 tools/known_good_to_workspace_metadata.py --known-good known_good.json --gita-workspace .gita-workspace.csv

.github/codeql/codeql-config.yml

@@ -0,0 +1,7 @@
+name: "Custom CodeQL Configuration for MISRA"
+
+paths-ignore:
+  - "**/*test*"
+  - "**/*mock*"
+  - "**/test/**"
+  - "**/mock/**"

.github/codeql/coding-standards.yml

@@ -0,0 +1,3 @@
+deviations: []
+guideline-recategorizations: []
+deviation-permits: []

.github/workflows/build_and_test_autosd.yml

@@ -23,9 +23,6 @@ jobs:
   build:
     name: build-and-test-autosd
     runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: autosd/build
 
     steps:
       - name: Checkout repository
@@ -37,31 +34,46 @@ jobs:
       - name: Install System Dependencies
         run: |
           sudo apt-get update -y
-          sudo apt-get install -y podman curl qemu-system
+          sudo apt-get install -y podman curl qemu-system createrepo-c
+
+      - name: Build Lola Demo
+        run: |
+          bazel build --config=bl-x86_64-linux-autosd //:lola-demo
+        working-directory: ./autosd
+
+      - name: Copy RPMs
+        run: |
+          set -e
+          mkdir -p ./build/rpms
+          cp bazel-out/k8-fastbuild/bin/lola-demo-1.0.0-1.x86_64.rpm ./build/rpms
+          cp bazel-out/k8-fastbuild/bin/lola-demo-1.0.0-1.src.rpm ./build/rpms
+          createrepo_c ./build/rpms/
+          ls -l ./build/rpms/
+        working-directory: ./autosd
 
       - name: Install AIB Tools
         run: |
-          curl -o auto-image-builder.sh "https://gitlab.com/CentOS/automotive/src/automotive-image-builder/-/raw/main/auto-image-builder.sh"
+          curl -o auto-image-builder.sh "https://gitlab.com/lrossett/automotive-image-builder/-/raw/script-fix/auto-image-builder.sh?ref_type=heads"
           chmod +x auto-image-builder.sh
 
           curl -o automotive-image-runner "https://gitlab.com/CentOS/automotive/src/automotive-image-builder/-/raw/main/automotive-image-runner"
           chmod +x automotive-image-runner
+        working-directory: ./autosd/build
 
       - name: Build lola-demo.aib.yml
         run: |
-          sudo ./auto-image-builder.sh build \
+          sudo ./auto-image-builder.sh build-deprecated \
           --distro autosd10 \
           --mode package \
           --target qemu \
           --export qcow2 \
           --define-file vars.yml \
           --define-file vars-devel.yml \
-          lola-demo.aib.yml \
+          image.aib.yml \
           disk.qcow2
 
           sudo chown $(id -u) disk.qcow2
-
-          mv disk.qcow2 ../disk.qcow2
+        working-directory: ./autosd/build
 
       - name: Enable KVM group perms
         run: |
@@ -80,6 +92,12 @@ jobs:
           sshcmd 'bluechictl start agent-qm lola-ipc-sub.service'
           sleep 5
           sshcmd '/usr/bin/lola-ipc-test'
-        working-directory: ./autosd
+        working-directory: ./autosd/build
         env:
           SSH_PASSWORD: password
+      
+      - name: Archive QEMU disk image
+        uses: actions/upload-artifact@v4
+        with:
+          name: autosd10-score-reference_integration-x86_64.qcow2
+          path: autosd/build/disk.qcow2

.github/workflows/build_and_test_on_every_pr.yml

@@ -53,4 +53,4 @@ jobs:
             done < ci/showcase_targets_run.txt
         - name: Feature Integration Tests
           run: |
-            bazel run --config bl-x86_64-linux //feature_integration_tests/python_test_cases:fit
+            bazel test --config bl-x86_64-linux //feature_integration_tests/python_test_cases:fit

.github/workflows/codeql-multiple-repo-scan.yml

@@ -0,0 +1,206 @@
+# *******************************************************************************
+# Copyright (c) 2025 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: "CodeQL - Multi-Repo Source Scan"
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+  merge_group:
+    types: [checks_requested]
+
+permissions:
+  contents: write
+
+jobs:
+  analyze-repos:
+    name: Analyze Multiple Repositories
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    steps:
+    - name: Checkout central repository
+      uses: actions/checkout@v4
+
+    - name: Checkout CodeQL Coding Standards scripts
+      uses: actions/checkout@v4
+      with:
+        repository: github/codeql-coding-standards
+        path: codeql-coding-standards-repo # Klonen in diesen Ordner
+        ref: main # Oder eine spezifische Release-Version, z.B. 'v2.53.0-dev'
+
+    # Add coding standard packages and dependencies
+    - name: Install Python dependencies for Coding Standards scripts
+      run: |
+        python3 -m pip install --upgrade pip
+        pip3 install pyyaml jsonpath-ng jsonschema jsonpatch jsonpointer pytest sarif-tools
+
+    - name: Parse known_good.json and create repos.json
+      id: parse-repos
+      run: |
+        sudo apt-get update && sudo apt-get install -y jq
+        JSON_FILE="./known_good.json" 
+
+        # Check if the file exists
+        if [ ! -f "$JSON_FILE" ]; then
+          echo "Error file not found '$JSON_FILE' "
+          ls -la .
+          exit 1
+        fi
+
+        # Create repos.json from known_good.json
+        # This jq command transforms the 'modules' object into an array of repository objects
+        # with 'name', 'url', 'version' (branch/tag/hash), and 'path'.
+        jq '[.modules | to_entries[] | {
+          name: .key, 
+          url: .value.repo, 
+          version: (.value.branch // .value.hash // .value.version),
+          path: ("repos/" + .key)
+        }]' "$JSON_FILE" > repos.json
+        
+        echo "Generated repos.json:"
+        cat repos.json
+        echo "" # Add a newline for better readability
+
+        # The following GITHUB_OUTPUT variables are set for each module.
+        # These might be useful for other steps, but are not directly used by the 'checkout-repos' step
+        # which now reads 'repos.json' directly.
+        echo "MODULE_COUNT=$(jq '.modules | length' "$JSON_FILE")" >> $GITHUB_OUTPUT
+
+        jq -c '.modules | to_entries[]' "$JSON_FILE" | while read -r module_entry; do
+          module_name=$(echo "$module_entry" | jq -r '.key')
+          repo_url=$(echo "$module_entry" | jq -r '.value.repo // empty')
+          version=$(echo "$module_entry" | jq -r '.value.version // empty')
+          branch=$(echo "$module_entry" | jq -r '.value.branch // empty')
+          hash=$(echo "$module_entry" | jq -r '.value.hash // empty')
+
+          echo "${module_name}_url=$repo_url" >> $GITHUB_OUTPUT
+      
+          if [ -n "$version" ]; then
+           echo "${module_name}_version=$version" >> $GITHUB_OUTPUT
+          fi
+      
+          if [ -n "$branch" ]; then
+            echo "${module_name}_branch=$branch" >> $GITHUB_OUTPUT
+          fi
+      
+          if [ -n "$hash" ]; then
+            echo "${module_name}_hash=$hash" >> $GITHUB_OUTPUT
+          fi
+        done
+      
+    - name: Checkout all pinned repositories
+      id: checkout-repos
+      run: |
+        # jq is already installed by the previous step.
+        
+        # Read repositories from the repos.json file created by the previous step
+        repos=$(cat repos.json)
+        repo_count=$(echo "$repos" | jq length)
+        
+        # Initialize an empty string for paths to be outputted
+        repo_paths_output=""
+
+        for i in $(seq 0 $((repo_count-1))); do
+          name=$(echo "$repos" | jq -r ".[$i].name")
+          url=$(echo "$repos" | jq -r ".[$i].url")
+          ref=$(echo "$repos" | jq -r ".[$i].version") # This can be a branch, tag, or commit hash
+          path=$(echo "$repos" | jq -r ".[$i].path") # e.g., "repos/score_baselibs"
+          
+          echo "Checking out $name ($ref) to $path"
+          
+          # Create the parent directory if it doesn't exist
+          mkdir -p "$(dirname "$path")"
+
+          # Check if 'ref' looks like a commit hash (e.g., 40 hex characters)
+          # This is a heuristic; a more robust check might involve fetching refs first.
+          if [[ "$ref" =~ ^[0-9a-fA-F]{40}$ ]]; then
+            echo "  Detected commit hash. Cloning and then checking out."
+            git clone "$url" "$path"
+            (cd "$path" && git checkout "$ref")
+          else
+            echo "  Detected branch/tag. Cloning with --branch."
+            git clone --depth 1 --branch "$ref" "$url" "$path"
+          fi
+          
+          # Append the path to the list, separated by commas
+          if [ -z "$repo_paths_output" ]; then
+            repo_paths_output="$path"
+          else
+            repo_paths_output="$repo_paths_output,$path"
+          fi
+        done
+        
+        # Output all paths as a single variable
+        echo "repo_paths=$repo_paths_output" >> $GITHUB_OUTPUT
+
+    - name: Initialize CodeQL for all repositories
+      uses: github/codeql-action/init@v4
+      with:
+        languages: cpp
+        build-mode: none
+        packs: codeql/misra-cpp-coding-standards
+        config-file: ./.github/codeql/codeql-config.yml
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v4
+      with:
+        upload-database: false # Don't upload databases for each repo
+        output: sarif-results/
+        category: "multi-repo-scan"
+
+    - name: Recategorize Guidelines
+      if: always()
+      run: |
+        RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py"
+        CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml"
+          
+        CODING_STANDARDS_SCHEMA="codeql-coding-standards-repo/schemas/coding-standards-schema-1.0.0.json"
+        SARIF_SCHEMA="codeql-coding-standards-repo/schemas/sarif-schema-2.1.0.json"
+          
+          
+        SARIF_FILE="sarif-results/cpp.sarif" 
+          
+        mkdir -p sarif-results-recategorized
+        echo "Processing $SARIF_FILE for recategorization..."
+        python3 "$RECATEGORIZE_SCRIPT" \
+          --coding-standards-schema-file "$CODING_STANDARDS_SCHEMA" \
+          --sarif-schema-file "$SARIF_SCHEMA" \
+          "$CODING_STANDARDS_CONFIG" \
+          "$SARIF_FILE" \
+          "sarif-results-recategorized/$(basename "$SARIF_FILE")"
+          
+          rm "$SARIF_FILE"
+          mv "sarif-results-recategorized/$(basename "$SARIF_FILE")" "$SARIF_FILE"
+
+    - name: Generate HTML Report from SARIF
+      run: |
+        SARIF_FILE="sarif-results/cpp.sarif"
+        sarif html "$SARIF_FILE" --output codeql-report.html
+
+    - name: Upload SARIF results as artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: codeql-sarif-results
+        path: sarif-results/
+
+
+    - name: Upload HTML Report as artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: codeql-html-report
+        path: codeql-report.html

.github/workflows/test_integration.yml

@@ -66,7 +66,7 @@ jobs:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         - name: Bazel build targets
           run: |
-            ./integration_test.sh --known-good known_good.updated.json
+            scripts/integration_test.sh --known-good known_good.updated.json
         - name: Show disk space after build
           if: always()
           run: |