From e85cebce9175013dc12bea3764c30dab80a460bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Wed, 26 Mar 2025 13:08:29 +0100 Subject: [PATCH 1/5] FIX: Trivy related update to `github_pages_update.yml` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit FIX: Trivy related update to `github_pages_update.yml` Pinning the versions of action workflows Signed-off-by: Miłosz Linkiewicz --- .github/workflows/github_pages_update.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/github_pages_update.yml b/.github/workflows/github_pages_update.yml index 168255574..6a266628d 100644 --- a/.github/workflows/github_pages_update.yml +++ b/.github/workflows/github_pages_update.yml @@ -48,10 +48,10 @@ jobs: run: make -C docs/sphinx html - name: Upload GitHub Pages artifact - uses: actions/upload-pages-artifact@v3.0.1 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 with: path: ./docs/_build/html - name: Publish to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 From 3776e872614f001f5a63c2b0ae6e000b8132880e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Wed, 26 Mar 2025 13:15:21 +0100 Subject: [PATCH 2/5] FIX: Security scans versioning in `validation-tests.yml` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit FIX: Security scans versioning in `validation-tests.yml` Pinned down the version of pipenv being installed by `python3 -m pip` Signed-off-by: Miłosz Linkiewicz --- .github/workflows/validation-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validation-tests.yml b/.github/workflows/validation-tests.yml index adcd1154e..eb9ff3a63 100644 --- a/.github/workflows/validation-tests.yml +++ b/.github/workflows/validation-tests.yml @@ -187,7 +187,7 @@ jobs: working-directory: tests/validation id: pipenv-install run: | - python3 -m pip install pipenv + python3 -m pip install pipenv~=2024.0.3 python3 -m pipenv install -r requirements.txt echo "VIRTUAL_ENV=$(python3 -m pipenv --venv)/bin/activate" >> "$GITHUB_ENV" From f6bebb55a7002b2f2627d3ad26564309575f7c69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Wed, 26 Mar 2025 13:18:07 +0100 Subject: [PATCH 3/5] FIX: Added version pinning in setup_build_env.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit FIX: Added version pinning in setup_build_env.sh. This addressed another issue found by trivy and security tools. Signed-off-by: Miłosz Linkiewicz --- scripts/setup_build_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setup_build_env.sh b/scripts/setup_build_env.sh index 98a9e5c2c..830f4bb93 100755 --- a/scripts/setup_build_env.sh +++ b/scripts/setup_build_env.sh @@ -144,7 +144,7 @@ function install_yum_package_dependencies() texinfo \ wget \ zlib-devel && \ - python3 -m pip install meson ninja && \ + python3 -m pip install meson~=0.61.2 ninja~=1.11.1 && \ lib_install_nasm_from_rpm && \ lib_build_and_install_libfdt && \ lib_build_and_install_jsonc && \ From 5004be6ec0b5dd2b3c6f4c29e3cc719da833ce5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Thu, 8 May 2025 02:34:19 +0200 Subject: [PATCH 4/5] Update setup_build_env.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miłosz Linkiewicz --- scripts/setup_build_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setup_build_env.sh b/scripts/setup_build_env.sh index 830f4bb93..98a9e5c2c 100755 --- a/scripts/setup_build_env.sh +++ b/scripts/setup_build_env.sh @@ -144,7 +144,7 @@ function install_yum_package_dependencies() texinfo \ wget \ zlib-devel && \ - python3 -m pip install meson~=0.61.2 ninja~=1.11.1 && \ + python3 -m pip install meson ninja && \ lib_install_nasm_from_rpm && \ lib_build_and_install_libfdt && \ lib_build_and_install_jsonc && \ From 3d3aeff315cdb828a128f0ad6c4477ca6e90a015 Mon Sep 17 00:00:00 2001 From: KarolinaPomian Date: Wed, 27 Aug 2025 08:46:23 +0000 Subject: [PATCH 5/5] rm [DPDK] and prettier for workflows --- .github/workflows/base_build.yml | 154 ++++++++++----------- .github/workflows/build_docker_tpl.yml | 12 +- .github/workflows/coverity.yml | 158 +++++++++++----------- .github/workflows/docker_build.yml | 12 +- .github/workflows/github_pages_update.yml | 4 +- .github/workflows/scorecard.yml | 4 +- .github/workflows/trivy.yml | 18 +-- .github/workflows/validation-tests.yml | 78 +++++------ 8 files changed, 220 insertions(+), 220 deletions(-) diff --git a/.github/workflows/base_build.yml b/.github/workflows/base_build.yml index 6abb7ee03..1a96b49bb 100644 --- a/.github/workflows/base_build.yml +++ b/.github/workflows/base_build.yml @@ -2,9 +2,9 @@ name: Base Build on: push: - branches: [ "main" ] + branches: ["main"] pull_request: - branches: [ "main" ] + branches: ["main"] workflow_dispatch: env: @@ -27,80 +27,80 @@ concurrency: jobs: build-baremetal-ubuntu: - runs-on: 'ubuntu-22.04' + runs-on: "ubuntu-22.04" timeout-minutes: 120 steps: - - name: 'Harden Runner' - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - with: - egress-policy: audit - - - name: 'Checkout repository' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: 'Install OS level dependencies' - run: eval 'source scripts/setup_build_env.sh && install_package_dependencies' - - - name: 'Check local dependencies build cache' - id: load-local-dependencies-cache - uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - with: - path: ${{ env.BUILD_DIR }} - key: ${{ runner.os }}-${{ hashFiles('versions.env') }}-${{ hashFiles('scripts/setup*.sh') }} - - - name: 'Download, unpack and patch build dependencies' - if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' - run: eval 'source scripts/setup_build_env.sh && get_download_unpack_dependencies' - - - name: 'Clone and patch ffmpeg 6.1 and 7.0' - if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' - run: | - ffmpeg-plugin/clone-and-patch-ffmpeg.sh "6.1" - ffmpeg-plugin/clone-and-patch-ffmpeg.sh "7.0" - - - name: 'Build and Install xdp and libbpf' - run: eval 'source scripts/setup_build_env.sh && lib_install_xdp_bpf_tools' - - - name: 'Build and Install libfabric' - run: eval 'source scripts/setup_build_env.sh && lib_install_fabrics' - - - name: 'Build and Install the DPDK' - run: eval 'source scripts/setup_build_env.sh && lib_install_dpdk' - - - name: 'Build and Install the MTL' - run: eval 'source scripts/setup_build_env.sh && lib_install_mtl' - - - name: 'Build and Install JPEG XS' - run: eval 'source scripts/setup_build_env.sh && lib_install_jpeg_xs' - - - name: 'Build and Install JPEG XS ffmpeg plugin' - run: eval 'source scripts/setup_build_env.sh && lib_install_mtl_jpeg_xs_plugin' - - - name: 'Build gRPC and dependencies' - run: eval 'source scripts/setup_build_env.sh && lib_install_grpc' - - - name: 'Build MCM SDK and Media Proxy' - run: eval 'source scripts/common.sh && ./build.sh "${PREFIX_DIR}"' - - - name: 'Build FFmpeg 6.1 with MCM plugin' - working-directory: ${{ github.workspace }}/ffmpeg-plugin - run: | - ./configure-ffmpeg.sh "6.1" --disable-doc --disable-debug && \ - ./build-ffmpeg.sh "6.1" - - - name: 'Build FFmpeg 7.0 with MCM plugin' - working-directory: ${{ github.workspace }}/ffmpeg-plugin - run: | - ./configure-ffmpeg.sh "7.0" --disable-doc --disable-debug && \ - ./build-ffmpeg.sh "7.0" - - - name: 'upload media-proxy and mcm binaries' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 - with: - name: mcm-build - path: | - ${{ env.BUILD_DIR }}/mcm/bin/media_proxy - ${{ env.BUILD_DIR }}/mcm/bin/mesh-agent - ${{ env.BUILD_DIR }}/mcm/lib/libmcm_dp.so.* - ${{ env.BUILD_DIR }}/ffmpeg-6-1/ffmpeg - ${{ env.BUILD_DIR }}/ffmpeg-7-0/ffmpeg + - name: "Harden Runner" + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + + - name: "Checkout repository" + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: "Install OS level dependencies" + run: eval 'source scripts/setup_build_env.sh && install_package_dependencies' + + - name: "Check local dependencies build cache" + id: load-local-dependencies-cache + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: ${{ env.BUILD_DIR }} + key: ${{ runner.os }}-${{ hashFiles('versions.env') }}-${{ hashFiles('scripts/setup*.sh') }} + + - name: "Download, unpack and patch build dependencies" + if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' + run: eval 'source scripts/setup_build_env.sh && get_download_unpack_dependencies' + + - name: "Clone and patch ffmpeg 6.1 and 7.0" + if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' + run: | + ffmpeg-plugin/clone-and-patch-ffmpeg.sh "6.1" + ffmpeg-plugin/clone-and-patch-ffmpeg.sh "7.0" + + - name: "Build and Install xdp and libbpf" + run: eval 'source scripts/setup_build_env.sh && lib_install_xdp_bpf_tools' + + - name: "Build and Install libfabric" + run: eval 'source scripts/setup_build_env.sh && lib_install_fabrics' + + - name: "Build and Install the DPDK" + run: eval 'source scripts/setup_build_env.sh && lib_install_dpdk' + + - name: "Build and Install the MTL" + run: eval 'source scripts/setup_build_env.sh && lib_install_mtl' + + - name: "Build and Install JPEG XS" + run: eval 'source scripts/setup_build_env.sh && lib_install_jpeg_xs' + + - name: "Build and Install JPEG XS ffmpeg plugin" + run: eval 'source scripts/setup_build_env.sh && lib_install_mtl_jpeg_xs_plugin' + + - name: "Build gRPC and dependencies" + run: eval 'source scripts/setup_build_env.sh && lib_install_grpc' + + - name: "Build MCM SDK and Media Proxy" + run: eval 'source scripts/common.sh && ./build.sh "${PREFIX_DIR}"' + + - name: "Build FFmpeg 6.1 with MCM plugin" + working-directory: ${{ github.workspace }}/ffmpeg-plugin + run: | + ./configure-ffmpeg.sh "6.1" --disable-doc --disable-debug && \ + ./build-ffmpeg.sh "6.1" + + - name: "Build FFmpeg 7.0 with MCM plugin" + working-directory: ${{ github.workspace }}/ffmpeg-plugin + run: | + ./configure-ffmpeg.sh "7.0" --disable-doc --disable-debug && \ + ./build-ffmpeg.sh "7.0" + + - name: "upload media-proxy and mcm binaries" + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: mcm-build + path: | + ${{ env.BUILD_DIR }}/mcm/bin/media_proxy + ${{ env.BUILD_DIR }}/mcm/bin/mesh-agent + ${{ env.BUILD_DIR }}/mcm/lib/libmcm_dp.so.* + ${{ env.BUILD_DIR }}/ffmpeg-6-1/ffmpeg + ${{ env.BUILD_DIR }}/ffmpeg-7-0/ffmpeg diff --git a/.github/workflows/build_docker_tpl.yml b/.github/workflows/build_docker_tpl.yml index 2571b14dc..ae26615aa 100644 --- a/.github/workflows/build_docker_tpl.yml +++ b/.github/workflows/build_docker_tpl.yml @@ -6,15 +6,15 @@ on: build_type: required: false type: string - default: 'Release' + default: "Release" docker_registry: required: false type: string - default: 'ghcr.io' + default: "ghcr.io" docker_registry_prefix: required: false type: string - default: 'openvisualcloud/media-communications-mesh' + default: "openvisualcloud/media-communications-mesh" docker_registry_login: required: false type: boolean @@ -26,11 +26,11 @@ on: docker_build_args: required: false type: string - default: '' + default: "" docker_build_platforms: required: false type: string - default: 'linux/amd64' + default: "linux/amd64" docker_image_tag: required: false type: string @@ -40,7 +40,7 @@ on: docker_file_path: required: false type: string - default: './Dockerfile' + default: "./Dockerfile" secrets: docker_registry_login: required: false diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 6cea7daee..3da9ee595 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -2,12 +2,12 @@ name: Coverity Build on: schedule: - - cron: '0 18 * * *' + - cron: "0 18 * * *" workflow_dispatch: inputs: branch: - description: 'Branch to run scans on' - default: 'main' + description: "Branch to run scans on" + default: "main" type: string env: @@ -26,81 +26,81 @@ concurrency: jobs: coverity: - runs-on: 'ubuntu-22.04' + runs-on: "ubuntu-22.04" timeout-minutes: 90 steps: - - name: 'Harden Runner' - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - with: - egress-policy: audit - - - name: 'Checkout repository' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: ${{ inputs.branch }} - - - name: 'Install OS level dependencies' - run: eval 'source scripts/setup_build_env.sh && install_package_dependencies' - - - name: 'Check local dependencies build cache' - id: load-local-dependencies-cache - uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - with: - path: ${{ env.BUILD_DIR }} - key: ${{ runner.os }}-${{ hashFiles('versions.env') }}-${{ hashFiles('scripts/setup*.sh') }} - - - name: 'Download, unpack and patch build dependencies' - if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' - run: eval 'source scripts/setup_build_env.sh && get_download_unpack_dependencies' - - - name: 'Clone and patch ffmpeg 6.1 and 7.0' - if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' - run: | - ffmpeg-plugin/clone-and-patch-ffmpeg.sh "6.1" - ffmpeg-plugin/clone-and-patch-ffmpeg.sh "7.0" - - - name: 'Build and Install xdp and libbpf' - run: eval 'source scripts/setup_build_env.sh && lib_install_xdp_bpf_tools' - - - name: 'Build and Install libfabric' - run: eval 'source scripts/setup_build_env.sh && lib_install_fabrics' - - - name: 'Build and Install the DPDK' - run: eval 'source scripts/setup_build_env.sh && lib_install_dpdk' - - - name: 'Build and Install the MTL' - run: eval 'source scripts/setup_build_env.sh && lib_install_mtl' - - - name: 'Build and Install JPEG XS' - run: eval 'source scripts/setup_build_env.sh && lib_install_jpeg_xs' - - - name: 'Build and Install JPEG XS ffmpeg plugin' - run: eval 'source scripts/setup_build_env.sh && lib_install_mtl_jpeg_xs_plugin' - - - name: 'Build gRPC and dependencies' - run: eval 'source scripts/setup_build_env.sh && lib_install_grpc' - - - name: 'Configure ffmpeg and dependencies' - run: | - sed -i 's/strlen (MEMIF_DEFAULT_APP_NAME)/(sizeof(MEMIF_DEFAULT_APP_NAME) - 1)/g' ${{ github.workspace }}/sdk/3rdparty/libmemif/src/memif_private.h && \ - ${{ github.workspace }}/build.sh && \ - ${{ github.workspace }}/ffmpeg-plugin/configure-ffmpeg.sh "6.1" --disable-doc --disable-debug && \ - ${{ github.workspace }}/ffmpeg-plugin/configure-ffmpeg.sh "7.0" --disable-doc --disable-debug && \ - rm -rf ${{ github.workspace }}/_build/mcm - echo "\"${{ github.workspace }}/ffmpeg-plugin/build-ffmpeg.sh\" \"6.1\"" > ${{ github.workspace }}/build.sh - echo "\"${{ github.workspace }}/ffmpeg-plugin/build-ffmpeg.sh\" \"7.0\"" > ${{ github.workspace }}/build.sh - - - name: 'Run coverity' - uses: vapier/coverity-scan-action@2068473c7bdf8c2fb984a6a40ae76ee7facd7a85 # v1.8.0 - with: - project: 'Media-Communications-Mesh' - email: ${{ secrets.COVERITY_SCAN_EMAIL }} - token: ${{ secrets.COVERITY_SCAN_TOKEN }} - build_language: 'cxx' - build_platform: 'linux64' - command: ${{ github.workspace }}/build.sh - - - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 - with: - name: coverity-reports - path: '${{ github.workspace }}/cov-int' + - name: "Harden Runner" + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + + - name: "Checkout repository" + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ inputs.branch }} + + - name: "Install OS level dependencies" + run: eval 'source scripts/setup_build_env.sh && install_package_dependencies' + + - name: "Check local dependencies build cache" + id: load-local-dependencies-cache + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: ${{ env.BUILD_DIR }} + key: ${{ runner.os }}-${{ hashFiles('versions.env') }}-${{ hashFiles('scripts/setup*.sh') }} + + - name: "Download, unpack and patch build dependencies" + if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' + run: eval 'source scripts/setup_build_env.sh && get_download_unpack_dependencies' + + - name: "Clone and patch ffmpeg 6.1 and 7.0" + if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' + run: | + ffmpeg-plugin/clone-and-patch-ffmpeg.sh "6.1" + ffmpeg-plugin/clone-and-patch-ffmpeg.sh "7.0" + + - name: "Build and Install xdp and libbpf" + run: eval 'source scripts/setup_build_env.sh && lib_install_xdp_bpf_tools' + + - name: "Build and Install libfabric" + run: eval 'source scripts/setup_build_env.sh && lib_install_fabrics' + + - name: "Build and Install the DPDK" + run: eval 'source scripts/setup_build_env.sh && lib_install_dpdk' + + - name: "Build and Install the MTL" + run: eval 'source scripts/setup_build_env.sh && lib_install_mtl' + + - name: "Build and Install JPEG XS" + run: eval 'source scripts/setup_build_env.sh && lib_install_jpeg_xs' + + - name: "Build and Install JPEG XS ffmpeg plugin" + run: eval 'source scripts/setup_build_env.sh && lib_install_mtl_jpeg_xs_plugin' + + - name: "Build gRPC and dependencies" + run: eval 'source scripts/setup_build_env.sh && lib_install_grpc' + + - name: "Configure ffmpeg and dependencies" + run: | + sed -i 's/strlen (MEMIF_DEFAULT_APP_NAME)/(sizeof(MEMIF_DEFAULT_APP_NAME) - 1)/g' ${{ github.workspace }}/sdk/3rdparty/libmemif/src/memif_private.h && \ + ${{ github.workspace }}/build.sh && \ + ${{ github.workspace }}/ffmpeg-plugin/configure-ffmpeg.sh "6.1" --disable-doc --disable-debug && \ + ${{ github.workspace }}/ffmpeg-plugin/configure-ffmpeg.sh "7.0" --disable-doc --disable-debug && \ + rm -rf ${{ github.workspace }}/_build/mcm + echo "\"${{ github.workspace }}/ffmpeg-plugin/build-ffmpeg.sh\" \"6.1\"" > ${{ github.workspace }}/build.sh + echo "\"${{ github.workspace }}/ffmpeg-plugin/build-ffmpeg.sh\" \"7.0\"" > ${{ github.workspace }}/build.sh + + - name: "Run coverity" + uses: vapier/coverity-scan-action@2068473c7bdf8c2fb984a6a40ae76ee7facd7a85 # v1.8.0 + with: + project: "Media-Communications-Mesh" + email: ${{ secrets.COVERITY_SCAN_EMAIL }} + token: ${{ secrets.COVERITY_SCAN_TOKEN }} + build_language: "cxx" + build_platform: "linux64" + command: ${{ github.workspace }}/build.sh + + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: coverity-reports + path: "${{ github.workspace }}/cov-int" diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 03e689ef0..e728ac86e 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -2,9 +2,9 @@ name: Docker Build on: pull_request: - branches: [ "main", "dev" ] + branches: ["main", "dev"] push: - branches: [ "main", "dev" ] + branches: ["main", "dev"] workflow_dispatch: permissions: @@ -19,14 +19,14 @@ jobs: name: Build sdk Docker Image uses: ./.github/workflows/build_docker_tpl.yml with: - docker_file_path: "sdk/Dockerfile" + docker_file_path: "sdk/Dockerfile" docker_image_name: "sdk" ffmpeg-6-1-image-build: name: Build ffmpeg v6.1 Docker Image uses: ./.github/workflows/build_docker_tpl.yml with: - docker_file_path: "ffmpeg-plugin/Dockerfile" + docker_file_path: "ffmpeg-plugin/Dockerfile" docker_image_name: "ffmpeg-6-1" docker_build_args: "FFMPEG_VER=6.1" @@ -34,7 +34,7 @@ jobs: name: Build ffmpeg v7.0 Docker Image uses: ./.github/workflows/build_docker_tpl.yml with: - docker_file_path: "ffmpeg-plugin/Dockerfile" + docker_file_path: "ffmpeg-plugin/Dockerfile" docker_image_name: "ffmpeg-7-0" docker_build_args: "FFMPEG_VER=7.0" @@ -42,5 +42,5 @@ jobs: name: Build Media-Proxy Docker Image uses: ./.github/workflows/build_docker_tpl.yml with: - docker_file_path: "media-proxy/Dockerfile" + docker_file_path: "media-proxy/Dockerfile" docker_image_name: "media-proxy" diff --git a/.github/workflows/github_pages_update.yml b/.github/workflows/github_pages_update.yml index 6a266628d..8e689970f 100644 --- a/.github/workflows/github_pages_update.yml +++ b/.github/workflows/github_pages_update.yml @@ -3,7 +3,7 @@ on: workflow_call: workflow_dispatch: push: - branches: [ "main" ] + branches: ["main"] env: DEBIAN_FRONTEND: noninteractive @@ -45,7 +45,7 @@ jobs: run: python3 -m pip install sphinx_book_theme myst_parser sphinxcontrib.mermaid sphinx-copybutton - name: Build documentation - run: make -C docs/sphinx html + run: make -C docs/sphinx html - name: Upload GitHub Pages artifact uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3e7f940f1..569bb5565 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -6,10 +6,10 @@ on: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: '0 18 * * *' + - cron: "0 18 * * *" workflow_dispatch: push: - branches: [ "main" ] + branches: ["main"] permissions: contents: read diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index c5192e927..d29e76a58 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -1,14 +1,14 @@ name: Trivy on: push: - branches: [ "main", "maint-*" ] + branches: ["main", "maint-*"] pull_request: - branches: [ "main", "maint-*" ] + branches: ["main", "maint-*"] workflow_dispatch: inputs: branch: - description: 'branch to run scans on' - default: 'main' + description: "branch to run scans on" + default: "main" type: string permissions: @@ -21,7 +21,7 @@ concurrency: jobs: scan: permissions: - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-22.04 name: "Trivy: Perform scans job" steps: @@ -40,8 +40,8 @@ jobs: with: scan-type: config skip-dirs: deployment #helm charts not supported - exit-code: '0' - format: 'sarif' + exit-code: "0" + format: "sarif" output: "trivy-config-scan-results-${{ github.event.pull_request.number || github.sha }}.sarif" - name: "Trivy: Run vulnerability scanner for type=config (out=table)" @@ -50,8 +50,8 @@ jobs: with: scan-type: config skip-dirs: deployment #helm charts not supported - exit-code: '0' - format: 'table' + exit-code: "0" + format: "table" output: "trivy-config-scan-results-${{ github.event.pull_request.number || github.sha }}.txt" - name: "Trivy: Upload scan results to GitHub Security tab" diff --git a/.github/workflows/validation-tests.yml b/.github/workflows/validation-tests.yml index eb9ff3a63..e040e0ec6 100644 --- a/.github/workflows/validation-tests.yml +++ b/.github/workflows/validation-tests.yml @@ -6,13 +6,13 @@ on: inputs: branch-to-checkout: type: string - default: 'main' + default: "main" required: false - description: 'Branch name to use' + description: "Branch name to use" validation-iface-binding: type: choice required: true - description: 'Type of iface binding to use' + description: "Type of iface binding to use" options: - "create_vf" - "create_kvf" @@ -22,7 +22,7 @@ on: validation-test-port-p: type: choice required: true - description: 'Which to use as Test-Port-P' + description: "Which to use as Test-Port-P" options: - TEST_VF_PORT_P_0 - TEST_VF_PORT_P_1 @@ -37,7 +37,7 @@ on: validation-test-port-r: type: choice required: true - description: 'Which to use as Test-Port-R' + description: "Which to use as Test-Port-R" options: - TEST_VF_PORT_P_1 - TEST_VF_PORT_P_0 @@ -52,22 +52,22 @@ on: validation-no-fail-tests: type: choice required: false - description: 'Run all tests, non will fail' + description: "Run all tests, non will fail" options: - "true" - "false" validation-tests-1: type: string - default: 'single/video/pacing' + default: "single/video/pacing" required: true - description: '1st validation tests to run' + description: "1st validation tests to run" validation-tests-2: type: string - default: 'single/ancillary' + default: "single/ancillary" required: false - description: '2nd validation tests to run' + description: "2nd validation tests to run" validation-pre-release-1: - description: 'Select from pre-release group tests nr-1' + description: "Select from pre-release group tests nr-1" required: false type: choice options: @@ -82,7 +82,7 @@ on: - video - xdp validation-pre-release-2: - description: 'Select from pre-release group tests nr-2' + description: "Select from pre-release group tests nr-2" required: false type: choice options: @@ -96,7 +96,7 @@ on: - virtio-enable - wrong-parameter validation-pre-release-3: - description: 'Select from pre-release group tests nr-3' + description: "Select from pre-release group tests nr-3" required: false type: choice options: @@ -105,85 +105,85 @@ on: - gpu-enabling env: - BUILD_TYPE: 'Release' - DPDK_VERSION: '23.11' - DPDK_REBUILD: 'false' + BUILD_TYPE: "Release" + DPDK_VERSION: "23.11" + DPDK_REBUILD: "false" permissions: contents: read jobs: validation-build-mtm: - runs-on: [Linux, self-hosted, DPDK] + runs-on: [Linux, self-hosted] timeout-minutes: 60 outputs: pipenv-activate: ${{ steps.pipenv-install.outputs.VIRTUAL_ENV }} steps: - - name: 'preparation: Harden Runner' + - name: "preparation: Harden Runner" uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit - - name: 'Checkout repository' + - name: "Checkout repository" uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: 'Install OS level dependencies' + - name: "Install OS level dependencies" run: eval 'source scripts/setup_build_env.sh && install_package_dependencies' - - name: 'Check local dependencies build cache' + - name: "Check local dependencies build cache" id: load-local-dependencies-cache uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ env.BUILD_DIR }} key: ${{ runner.os }}-${{ hashFiles('versions.env') }}-${{ hashFiles('scripts/setup*.sh') }} - - name: 'Download, unpack and patch build dependencies' + - name: "Download, unpack and patch build dependencies" if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' run: eval 'source scripts/setup_build_env.sh && get_download_unpack_dependencies' - - name: 'Clone and patch ffmpeg 6.1 and 7.0' + - name: "Clone and patch ffmpeg 6.1 and 7.0" if: steps.load-local-dependencies-cache.outputs.cache-hit != 'true' run: | ffmpeg-plugin/clone-and-patch-ffmpeg.sh "6.1" ffmpeg-plugin/clone-and-patch-ffmpeg.sh "7.0" - - name: 'Build and Install xdp and libbpf' + - name: "Build and Install xdp and libbpf" run: eval 'source scripts/setup_build_env.sh && lib_install_xdp_bpf_tools' - - name: 'Build and Install libfabric' + - name: "Build and Install libfabric" run: eval 'source scripts/setup_build_env.sh && lib_install_fabrics' - - name: 'Build and Install the DPDK' + - name: "Build and Install the DPDK" run: eval 'source scripts/setup_build_env.sh && lib_install_dpdk' - - name: 'Build and Install the MTL' + - name: "Build and Install the MTL" run: eval 'source scripts/setup_build_env.sh && lib_install_mtl' - - name: 'Build and Install JPEG XS' + - name: "Build and Install JPEG XS" run: eval 'source scripts/setup_build_env.sh && lib_install_jpeg_xs' - - name: 'Build and Install JPEG XS ffmpeg plugin' + - name: "Build and Install JPEG XS ffmpeg plugin" run: eval 'source scripts/setup_build_env.sh && lib_install_mtl_jpeg_xs_plugin' - - name: 'Build gRPC and dependencies' + - name: "Build gRPC and dependencies" run: eval 'source scripts/setup_build_env.sh && lib_install_grpc' - - name: 'Build MCM SDK and Media Proxy' + - name: "Build MCM SDK and Media Proxy" run: eval 'source scripts/common.sh && ./build.sh "${PREFIX_DIR}"' - - name: 'Build FFmpeg 6.1 with MCM plugin' + - name: "Build FFmpeg 6.1 with MCM plugin" working-directory: ${{ github.workspace }}/ffmpeg-plugin run: | ./configure-ffmpeg.sh "6.1" --disable-doc --disable-debug && \ ./build-ffmpeg.sh "6.1" - - name: 'Build FFmpeg 7.0 with MCM plugin' + - name: "Build FFmpeg 7.0 with MCM plugin" working-directory: ${{ github.workspace }}/ffmpeg-plugin run: | ./configure-ffmpeg.sh "7.0" --disable-doc --disable-debug && \ ./build-ffmpeg.sh "7.0" - - name: 'installation: Install pipenv environment' + - name: "installation: Install pipenv environment" working-directory: tests/validation id: pipenv-install run: | @@ -194,19 +194,19 @@ jobs: # Timeout of this job is set to 12h [60m/h*12h=720m] validation-run-tests: needs: [validation-build-mtm] - runs-on: [Linux, self-hosted, DPDK] + runs-on: [Linux, self-hosted] timeout-minutes: 720 env: - PYTEST_ALIAS: 'sudo --preserve-env python3 -m pipenv run pytest' + PYTEST_ALIAS: "sudo --preserve-env python3 -m pipenv run pytest" PYTEST_PARAMS: '--media=/mnt/media --build="../.."' - PYTEST_RETRIES: '3' + PYTEST_RETRIES: "3" steps: - - name: 'preparation: Harden Runner' + - name: "preparation: Harden Runner" uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit - - name: 'cleanup: Generate runner summary' + - name: "cleanup: Generate runner summary" if: always() run: | {