diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 84bf37035f..9506712951 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,5 +1,5 @@ * @open-edge-platform/edge-microvisor-toolkit-maintain # documentation content -/docs @open-edge-platform/open-edge-platform-docs-write -README.md @open-edge-platform/open-edge-platform-docs-write \ No newline at end of file +/docs/ @open-edge-platform/open-edge-platform-docs-write @open-edge-platform/edge-microvisor-toolkit-maintain +README.md @open-edge-platform/open-edge-platform-docs-write @open-edge-platform/edge-microvisor-toolkit-maintain \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 33d0ae6c7b..b78366ad45 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,16 +2,16 @@ name: "CodeQL Advanced" on: push: - branches: [ 3.0, 3.0-dev ] + branches: [3.0, 3.0-dev] pull_request: - branches: [ 3.0, 3.0-dev ] + branches: [3.0, 3.0-dev] schedule: - cron: '0 4 * * 3' jobs: analyze: name: Analyze (${{ matrix.language }}) - runs-on: [ ubuntu-latest ] + runs-on: [ubuntu-latest] permissions: # required for all workflows security-events: write @@ -20,24 +20,43 @@ jobs: fail-fast: false matrix: include: - - language: actions - build-mode: none - - language: go - build-mode: autobuild - - language: python - build-mode: none + - language: actions + build-mode: none + - language: go + build-mode: autobuild + - language: python + build-mode: none steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" + + - name: Generate Security Report + uses: rsdmike/github-security-report-action@v3.0.4 + with: + template: report + token: ${{ secrets.SECURITY_TOKEN }} + + - name: Rename Report by Code Matrix + run: | + mv ./report.pdf ./report-${{ matrix.language }}.pdf + + - name: GitHub Upload Release Artifacts + uses: actions/upload-artifact@v4 + with: + name: report-${{ matrix.language }} + path: | + ./report-${{ matrix.language }}.pdf diff --git a/docs/developer-guide/emt-bootkit.md b/docs/developer-guide/emt-bootkit.md index e85011ec3d..0b8f9b22b2 100644 --- a/docs/developer-guide/emt-bootkit.md +++ b/docs/developer-guide/emt-bootkit.md @@ -1,3 +1,7 @@ +::: +orphan: true +::: + # Edge Microvisor Bootkit Edge Microvisor Bootkit is a custom, minimal build of Edge Microvisor Toolkit. diff --git a/docs/developer-guide/emt-get-started.md b/docs/developer-guide/emt-get-started.md index a0ecaf4b75..0fb37f475b 100644 --- a/docs/developer-guide/emt-get-started.md +++ b/docs/developer-guide/emt-get-started.md @@ -34,4 +34,4 @@ applications. :::{toctree} ./get-started/emt-building-howto.md ./get-started/emt-installation-howto.md -::: \ No newline at end of file +::: diff --git a/toolkit/Makefile b/toolkit/Makefile index 0361ce8f38..2b742b24e8 100644 --- a/toolkit/Makefile +++ b/toolkit/Makefile @@ -143,12 +143,18 @@ SOURCE_URL ?= https://files-rs.edgeorchestration.intel.com/files-edge-or # assignments do not take affect without using 'override'. This means that all of the following PACKAGE_URL_LIST values will # be ignored if the user sets any value. ##help:var:PACKAGE_URL_LIST:=Space-separated list of URLs to download toolchain RPM packages from, used to populate the toolchain packages if `REBUILD_TOOLCHAIN=n'. The URLs will replace the default set of URLs. Print default list with 'make -s printvar-PACKAGE_URL_LIST'. -PACKAGE_URL_LIST ?= https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/rpm/$(RELEASE_MAJOR_ID)/RPMS/x86_64 -PACKAGE_URL_LIST += https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/rpm/$(RELEASE_MAJOR_ID)/RPMS/noarch -PACKAGE_URL_LIST += https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/rpm/$(RELEASE_MAJOR_ID)/RPMS/debuginfo +#PACKAGE_URL_LIST ?= https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/rpm/$(RELEASE_MAJOR_ID)/RPMS/x86_64 +#PACKAGE_URL_LIST += https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/rpm/$(RELEASE_MAJOR_ID)/RPMS/noarch +#PACKAGE_URL_LIST += https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/rpm/$(RELEASE_MAJOR_ID)/RPMS/debuginfo + +PACKAGE_URL_LIST ?= http://rpm-emt.intel.com/pulp/content/emt-3.0-prod-base/release +PACKAGE_URL_LIST += http://rpm-emt.intel.com/pulp/content/emt-3.0-prod-debuginfo/release + +PACKAGE_REPO_LIST ?= $(PACKAGE_URL_LIST) REPO_LIST ?= -SRPM_URL_LIST ?= https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/rpm/$(RELEASE_MAJOR_ID)/SRPMS +#SRPM_URL_LIST ?= https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/rpm/$(RELEASE_MAJOR_ID)/SRPMS +SRPM_URL_LIST ?= http://rpm-emt.intel.com/pulp/content/emt-3.0-prod-srpm/release ##help:var:VALIDATE_TOOLCHAIN_GPG={y,n}=Enable or disable GPG validation of the toolchain RPMs. If enabled toolchain RPMs will be validated against the GPG keys in the TOOLCHAIN_GPG_VALIDATION_KEYS variable. On by default when using upstream toolchain RPMs. # Based on REBUILD_TOOLCHAIN and DAILY_BUILD_ID. If REBUILD_TOOLCHAIN is set to 'y' or DAILY_BUILD_ID is set to any non-empty value, then GPG validation is disabled by default. diff --git a/toolkit/resources/manifests/package/development.repo b/toolkit/resources/manifests/package/development.repo index a110df4ef4..abdf729484 100644 --- a/toolkit/resources/manifests/package/development.repo +++ b/toolkit/resources/manifests/package/development.repo @@ -1,6 +1,6 @@ [development-repo] name=development Repo -baseurl=http://rpm-edgemicrovisor.intel.com/3.0 +baseurl=http://rpm-emt.intel.com/pulp/content/emt-3.0-test-base enabled=1 gpgcheck=0 skip_if_unavailable=1 diff --git a/toolkit/scripts/daily_build.mk b/toolkit/scripts/daily_build.mk index 4a9158156b..1c56aa99bd 100644 --- a/toolkit/scripts/daily_build.mk +++ b/toolkit/scripts/daily_build.mk @@ -65,18 +65,23 @@ endif ifneq ($(DAILY_BUILD_REPO),) PACKAGE_ROOT := $(shell grep -m 1 "baseurl" $(DAILY_BUILD_REPO) | sed 's|baseurl=||g') + + PACKAGE_DEBUGINFO := $(subst base,debuginfo,$(PACKAGE_ROOT)) + PACKAGE_SRPM := $(subst base,srpm,$(PACKAGE_ROOT)) $(warning ) $(warning ######################### WARNING #########################) $(warning Using a Daily Build Repo at following location:) $(warning $(PACKAGE_ROOT)) $(warning ######################### WARNING #########################) $(warning ) - override PACKAGE_URL_LIST := $(PACKAGE_ROOT)/RPMS/x86_64 \ - $(PACKAGE_ROOT)/RPMS/noarch \ - $(PACKAGE_ROOT)/RPMS/debuginfo \ - $(PACKAGE_URL_LIST) - override SRPM_URL_LIST := $(PACKAGE_ROOT)/SRPMS \ - $(SRPM_URL_LIST) + override PACKAGE_URL_LIST := $(PACKAGE_URL_LIST) \ + $(PACKAGE_ROOT) \ + $(PACKAGE_DEBUGINFO) + override SRPM_URL_LIST := $(SRPM_URL_LIST) \ + $(PACKAGE_SRPM) + override PACKAGE_REPO_LIST := $(PACKAGE_REPO_LIST) \ + $(PACKAGE_ROOT) \ + $(PACKAGE_DEBUGINFO) endif # This does not use $(depend_DAILY_BUILD_ID) because that mechanism will not detect the conversion of "lkg" to a diff --git a/toolkit/scripts/toolchain/download_toolchain_rpm.sh b/toolkit/scripts/toolchain/download_toolchain_rpm.sh index 92de52431f..6a59aa40ef 100755 --- a/toolkit/scripts/toolchain/download_toolchain_rpm.sh +++ b/toolkit/scripts/toolchain/download_toolchain_rpm.sh @@ -166,6 +166,9 @@ function download() { attempt_log_file="$log_file.$log_num" src_url="$url/$rpm_name" + + first_char=$(echo "${rpm_name:0:1}" | tr '[:upper:]' '[:lower:]') + src_url="$url/Packages/$first_char/$rpm_name" echo "$src_url -> $attempt_log_file" >> "$log_file" { $downloader_tool $cert $key --no-clobber --output-file="$dst_file" --log-file="$attempt_log_file" "$src_url" 1>/dev/null 2>&1 ; res=$? ; } || true