Merge branch 'main' into gstreamer_tests

OpenVisualCloud · Jan 17, 2025 · 6c9512a · 6c9512a
2 parents 9f180ef + c48cd2f
commit 6c9512a
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 65 deletions.
diff --git a/.github/workflows/ecosystem.yml b/.github/workflows/ecosystem.yml
@@ -17,7 +17,7 @@ permissions:
 
 jobs:
   changes:
-    runs-on: ubuntu-latest
+    runs-on: 'ubuntu-22.04'
     permissions:
       pull-requests: read
     outputs:
@@ -37,7 +37,7 @@ jobs:
     timeout-minutes: 60
     strategy:
       matrix:
-        os: [ubuntu-latest]
+        os: ['ubuntu-22.04']
 
     steps:
       - name: Harden Runner
@@ -49,12 +49,10 @@ jobs:
 
       - name: Install the build dependency
         run: |
-          sudo apt-get update -y
-          sudo apt-get install -y sudo git gcc meson python3 python3-pyelftools pkg-config libnuma-dev libjson-c-dev libpcap-dev libgtest-dev libsdl2-dev libsdl2-ttf-dev libssl-dev
-          sudo apt-get install -y dpdk-dev
-          sudo apt-get install -y libobs-dev
-          sudo apt-get install -y swig
-          sudo apt-get install -y systemtap-sdt-dev
+          sudo apt-get update --fix-missing -y
+          sudo apt-get install --no-install-recommends -y sudo git gcc gcc-multilib meson python3 python3-pyelftools pkg-config libnuma-dev libjson-c-dev libpcap-dev libgtest-dev libsdl2-dev libsdl2-ttf-dev libssl-dev llvm clang
+          sudo apt-get install --no-install-recommends -y dpdk-dev systemtap-sdt-dev software-properties-common
+          sudo apt-get install --no-install-recommends -y libobs-dev swig
 
       - name: Git config
         run: |
@@ -84,4 +82,4 @@ jobs:
           cargo clippy --all-targets
           cargo build --all-targets --verbose
           cd imtl-sys
-          cargo test --verbose
+          cargo test --verbose
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -16,75 +16,54 @@ env:
   MTL_BUILD_DISABLE_PCAPNG: true
   PREFIX_DIR: /usr/local
   DEBIAN_FRONTEND: noninteractive
+  TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+  TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
 permissions:
   contents: read
 
+
 jobs:
-  trivy:
-    name: Build
+  triv-security-tab:
+    name: sarif output scan
     runs-on: ubuntu-20.04
+    permissions:
+        security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
         with:
           ref: ${{ inputs.branch }}
-      - name: 'Install dependencies'
-        run: |
-          sudo apt-get update -y && \
-          sudo apt-get install -y --no-install-recommends \
-              git build-essential meson python3 python3-pyelftools pkg-config \
-              libnuma-dev libjson-c-dev libpcap-dev libgtest-dev libsdl2-dev \
-              libsdl2-ttf-dev libssl-dev ca-certificates m4 clang llvm zlib1g-dev \
-              libelf-dev libcap-ng-dev libcap2-bin gcc-multilib systemtap-sdt-dev ninja-build \
-              nasm dpdk-dev librdmacm-dev && \
-          sudo apt-get clean && \
-          sudo rm -rf /var/lib/apt/lists/*
-          
-      - name: Build an image from Dockerfile
-        run: |
-          cd docker
-          docker build -t mtl:latest -f ubuntu.dockerfile ../
 
       - name: Run Trivy vulnerability scanner with sarif output
         uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
         with:
-          image-ref: 'mtl:latest'
-          format: 'sarif'
-          exit-code: '0'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          output: 'Trivy-image-scan-results.sarif'
-      - name: Upload Trivy scan results to GitHub Security tab
-        if: always()
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
-        with:
-          sarif_file: 'Trivy-image-scan-results.sarif'
-      - name: Run Trivy vulnerability scanner with with table output
-        if: always()
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
-        with:
-          image-ref: 'mtl:latest'
-          format: 'sarif'
-          scanners: 'vuln,secret,misconfig'
-          exit-code: '1'
-          output: 'Trivy-image-scan-results.sarif'
+          scan-type: config
+          scan-ref: ./docker
+          format: sarif
+          exit-code: 0
+          vuln-type: os,library
+          output: Trivy-dockerfile.sarif
+
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
         with:
-          sarif_file: 'Trivy-image-scan-results.sarif'
-      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-        with:
-          name: trivy-results
-          path: 'trivy-results.sarif'
-          format: 'table'
-          exit-code: '0'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          output: 'Trivy-image-scan-results.txt'
+          sarif_file: Trivy-dockerfile.sarif
 
-      - uses: actions/upload-artifact@v4
-        if: always()
+  trivy-stdout:
+    name: table output scan
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
         with:
-          name: trivy-results
-          path: 'Trivy-image-scan-results.txt'
+          ref: ${{ inputs.branch }}
 
+      - name: Run Trivy vulnerability scanner with table output
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
+        with:
+          scan-type: config
+          scan-ref: ./docker
+          cache: false
+          format: table
+          exit-code: 1
+          vuln-type: os,library
diff --git a/docker/ubuntu.dockerfile b/docker/ubuntu.dockerfile
@@ -8,7 +8,7 @@
 # Ubuntu 22.04, build stage
 FROM ubuntu@sha256:149d67e29f765f4db62aa52161009e99e389544e25a8f43c8c89d4a445a7ca37 AS builder
 
-LABEL maintainer="frank.du@intel.com,ming3.li@intel.com"
+LABEL maintainer="andrzej.wilczynski@intel.com,[email protected],marek.kasiewicz@intel.com"
 
 # Install build dependencies and debug tools
 RUN apt-get update -y && \
@@ -52,12 +52,12 @@ RUN make install && \
 WORKDIR /$MTL_REPO
 RUN ./build.sh && \
     DESTDIR=/install meson install -C build && \
-    setcap 'cap_net_raw+ep' ./build/app/RxTxApp
+    setcap 'cap_net_raw+ep' ./tests/tools/RxTxApp/build/RxTxApp
 
 # Ubuntu 22.04, runtime stage
 FROM ubuntu@sha256:149d67e29f765f4db62aa52161009e99e389544e25a8f43c8c89d4a445a7ca37 AS final
 
-LABEL maintainer="frank.du@intel.com,ming3.li@intel.com"
+LABEL maintainer="andrzej.wilczynski@intel.com,[email protected],marek.kasiewicz@intel.com"
 
 # Install runtime dependencies
 RUN apt-get update -y && \

diff --git a/manager/Dockerfile b/manager/Dockerfile
@@ -8,7 +8,7 @@
 # Build stage, ubuntu 22.04
 FROM ubuntu@sha256:149d67e29f765f4db62aa52161009e99e389544e25a8f43c8c89d4a445a7ca37 AS builder
 
-LABEL maintainer="ming3.li@intel.com"
+LABEL maintainer="[email protected],[email protected],marek.kasiewicz@intel.com"
 
 ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/lib64/pkgconfig