Merge branch 'develop' into sync_master_into_develop

Author: SaikrishnaBairamoni

.devcontainer/Visual_Studio_Code_Setup.md

@@ -1,10 +1,15 @@
-# Using VS Code For Development
+# Development Environment Setup
+
+## Using VS Code For Development
 
 [Visual Studio Code](https://code.visualstudio.com/) is a functional free IDE which can be used to develop many projects. Through the use of Docker images it allows developers to develop in containers where build tools can be pre-configured, precluding the need to have a special host to build on with instructions to follow for tool installation.  It can be used on Windows hosts using Docker Desktop or on Linux hosts with Docker installed.
 
 ## Setup
 
-See https://code.visualstudio.com/docs/devcontainers/containers as a reference on setting up your environment.  Here is a summary of the steps below with the assumption that a Linux environment is being used.
+This project includes a DevContainer setup which allows for developing in a containerized environment that will spawn run-time depedencies for testing.
+
+> [!NOTE]
+> This setup will recreate a Dev Container docker image for V2X Hub, targeting the `build` stage in the dockerfile in order to include build dependencies. This image will be called **v2xhub-devcontainer**
 
 ### Installation
 
@@ -35,4 +40,102 @@ The configuration comes with 3 configured tasks.  These can be run under from th
 * test: After a successful build you can use this task to run all the build unit tests
 
 > [!NOTE]
-> Both **test** and **build** tasks have a duplicate version which includes **coverage** to build the source code and run the unit tests to get code coverage metrics. 
+> Both **test** and **build** tasks have a duplicate version which includes **coverage** to build the source code and run the unit tests to get code coverage metrics. 
+
+## DevContainer VSCode Extensions
+
+By default our dev container installs several VSCode extensions helpful for developing and testing V2X Hub code changes. These are documented in the `.devcontainer/devcontainer.json` under **customizations.vscode.extensions** and also listed below:
+- **CPP Tools**, **CPP Tools Extension Pack**, and **CMake Tools** are extensions for C++ and CMake to make editing our source code and build files easier and more intuitive
+- **Sonar Lint** is a code quality and linting tool that provides feedback about best practices and security issues or hotspots
+
+
+### Sonar Lint One-Time Setup
+
+The first time setting up Sonar Lint, there are a couple VSCode prompts to navitigate to allow you to get Sonar Lint feedback. After deploying the DevContainer, you should see on the right hand side a new icon at the bottom representing the SonarLint VSCode extension.
+
+![alt text](docs/sonar_lint_tab.png)
+
+Clicking this icon should bring up a SonarQube Setup page. Under **Connected Mode** there should be a **SonarQube Cloud** menu with a single connection. Clicking this connection should provide a connection page that allows you to generate a token for a SonarQube Cloud connection. This provides some additional features such as a connection to Quality Profiles set on Sonar Cloud. Simply click **Generate Token** which should open a browser and allow you to login to Sonar Cloud with you GitHub account. Doing so will grant the VSCode extension a token to use to connect to Sonar Cloud.
+
+![alt text](docs/sonar_lint_connect.png)
+
+> [!NOTE]
+> Please ensure you save the connection after generating the token. Sometimes the **Save Connection** button is greyed out but simply resetting the organization or connection name should allow you to save the connection.
+
+Lastly you will need to build the code, using **Ctrl + Shift + B** or the build task. The Sonar Lint VS Code extension requires a compilation database file which is generated during the build to function.
+
+### Confirming Setup was Successful
+
+After compiling once, you should be able to edit a *.cpp file an save it. This should result in code smells reported both in the code editor and in the Sonar Qube Terminal
+
+![alt text](docs/sonar_lint_report.png)
+
+Using **Ctrl + I** will allow you to generate AI recommended fixes for reported issues where applicable 
+
+
+## Configuring DevContainer to Trust Organizational Certificate Authorities / Internal TLS
+
+> [!NOTE]
+> Skip if not required. For developers, developing inside coporate VPN, this step is required to avoid certificate issues.
+
+If your organization uses private Certificate Authorities (CA), TLS inspection, or a corporate VPN that intercepts HTTPS traffic, the DevContainer must trust your organization’s root and/or intermediate CA certificates.
+
+Without these certificates installed, tools such as curl, nvm, git, or package managers may fail with TLS certificate verification errors.
+
+### Steps
+1. Obtain Required Certificates
+Request from your IT/security team:
+
+The organization’s Root CA certificate
+Any Intermediate CA certificates used for perimeter or TLS inspection
+You do not need the VPN server certificate or any private keys — only public CA certificates.
+
+2. Save Certificates to the Repository
+Place the certificate files (public certs only) in:
+
+.devcontainer/perimeter-certs/
+Requirements:
+
+Files must be in PEM format
+Use the .crt file extension (required for automatic installation)
+Multiple certificates may be added if needed
+Example:
+
+.devcontainer/perimeter-certs/
+├── Corp-Root-CA.crt
+├── Corp-Perimeter-CA.crt
+3. Rebuild the DevContainer
+In VS Code:
+
+Dev Containers: Rebuild Container
+During container setup, the DevContainer initialization script will:
+
+Detect any .crt files in .devcontainer/perimeter-certs/
+Install them into /usr/local/share/ca-certificates/
+Update the container’s system trust store
+No manual installation steps are required.
+
+Verification (Optional)
+After rebuilding, verify that TLS trust works from DevContainer:
+
+curl -I https://nodejs.org/dist/index.json
+Expected result:
+
+You should see an HTTP/1.1 200 or HTTP/2 200 response
+No certificate verification errors
+If this succeeds, certificate trust is correctly configured.
+
+### Troubleshooting
+
+If you still see certificate errors:
+
+Ensure certificate files use the .crt extension
+Confirm the files contain valid PEM-encoded certificates
+Verify you included both root and intermediate CA certificates (if required)
+Rebuild the container again after changes
+Security Note
+Only public CA certificates should be committed to the repository.
+Never commit private keys.
+
+Proceed
+After certificate trust is configured, continue with V2XHub deployment as usual.

.devcontainer/devcontainer.json

@@ -7,7 +7,7 @@
 	// Check for .env file in configuration directory. Copy devcontainer.env if none exists
 	"initializeCommand" : ".devcontainer/check_for_env.sh",
 	// Update the 'dockerComposeFile' list if you have more compose files or use different names.
-	"dockerComposeFile": ["../configuration/docker-compose.yml","docker-compose-vscode.yml",],
+	"dockerComposeFile": ["../configuration/docker-compose.yml","docker-compose-vscode.yml"],
 
 	// The 'service' property is the name of the service for the container that VS Code should
 	// use. Update this value and .devcontainer/docker-compose.yml to the real service name.
@@ -23,7 +23,8 @@
 			"extensions": [
 				"ms-vscode.cpptools",
 				"ms-vscode.cpptools-extension-pack",
-				"ms-vscode.cmake-tools"			
+				"ms-vscode.cmake-tools",
+				"SonarSource.sonarlint-vscode"
 			]
 		}
 	},

.devcontainer/docker-compose-vscode.yml

@@ -4,6 +4,7 @@ services:
       context: ..
       dockerfile: ./Dockerfile
       target: build-environment
+    image: v2xhub-devcontainer
     privileged: true
     # Building source code is memory intensive so we increase the memory limit.
     deploy:

.devcontainer/docs/sonar_lint_connect.png

@@ -1,8 +1,26 @@
-#!/bin/sh
+#!/bin/bash
 /home/V2X-Hub/container/database.sh
 /home/V2X-Hub/container/library.sh
 ldconfig
 # Install development tools 
 
 apt update 
-apt install -y valgrind gdb net-tools vim
+apt install -y valgrind gdb net-tools vim
+
+# Install perimeter certificates if present (for VPN Access)
+if compgen -G ".devcontainer/perimeter-certs/*.crt" > /dev/null; then
+    echo "Perimeter certificate(s) found. Installing..."
+
+    mkdir -p /usr/local/share/ca-certificates/extra && \
+    cp .devcontainer/perimeter-certs/*.crt /usr/local/share/ca-certificates/extra/ && \
+    update-ca-certificates
+else
+    echo "No perimeter certificates found. Skipping installation."
+fi
+
+# Install Node 22 for SonarLint
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash
+export NVM_DIR="$HOME/.nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
+[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
+nvm install 22.22.0

.devcontainer/docs/sonar_lint_report.png

@@ -0,0 +1,92 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "develop", "hotfix/*", "master", "release/*" ]
+  pull_request:
+    branches: [ "develop", "hotfix/*", "master", "release/*" ]
+  schedule:
+    - cron: '19 6 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:jammy-20230126
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: actions
+            build-mode: none
+          - language: c-cpp
+            build-mode: manual
+          - language: java-kotlin
+            build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too.
+          - language: javascript-typescript
+            build-mode: none
+          - language: python
+            build-mode: none
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Install Dependencies
+      run: |
+        apt update
+        apt install -y curl gdb
+        curl -fsSL https://deb.nodesource.com/setup_18.x | bash -
+        apt install -y nodejs
+
+        # Run original dependency installers
+        scripts/install_dependencies.sh
+        cd ext/
+        ./build.sh
+        ../container/library.sh
+        ldconfig
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v4
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+
+    - name: Manual Build Steps (C/C++)
+      if: matrix.build-mode == 'manual'
+      run: |
+        chmod +x src/build.sh
+        cd src
+        ./build.sh coverage --j2735-version 2024 --skip-plugins ""
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v4
+      with:
+        category: "/language:${{matrix.language}}"

.devcontainer/docs/sonar_lint_tab.png

@@ -28,8 +28,6 @@ jobs:
           # Disabling shallow clone is recommended for improving relevancy of reporting
           fetch-depth: 0
           submodules: recursive
-      - name: Install Build Wrapper
-        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v6
       - name: Run install_dependencies.sh script
         run: |
           echo "CLONED_REPO_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
@@ -43,9 +41,8 @@ jobs:
           ldconfig
       - name: Run Tests & Generate Gcovr Reports
         run: |
-          mkdir bw-output
           cd src
-          build-wrapper-linux-x86-64 --out-dir ../bw-output bash build.sh coverage --j2735-version 2024 --skip-plugins ""
+          ./build.sh coverage --j2735-version 2024 --skip-plugins ""
           ./test.sh coverage
       - name: Run sonar-scanner
         uses: usdot-fhwa-stol/actions/sonar-scanner@main

.devcontainer/initialize_dev_environment.sh

@@ -1,10 +1,12 @@
 # build directories
 src/tmx/build
 src/v2i-hub/build
+src/build
 
 # manually created directories
 secrets/
 .devcontainer/MAP
+.devcontainer/perimeter-certs
 
 # Compiled source #
 ###################
@@ -91,4 +93,3 @@ tools/port-drayage-webservice/target/
 
 #Java PKS for HTTPS setup
 tools/port-drayage-webservice/src/main/resources/tutorial.jks
-.vscode/settings.json