ADDED: Dockerfiles and RAISR build (#20)

* FIX:L Update codeql.yml with proper script
* Update codeql-config.yml
* Update codeql.yml

* FIX: Update codeql.yml with proper script
Update codeql.yml with proper script
Update codeql-config.yml
Update codeql.yml

* ADD super-linter: perform super-linter scan workflow using config files:
Linter to Dependency-Review.yml
Create Hadolint.yaml for Docker Scaning actions
Created template for docker-cached-build
Create template-docker-cached-build.yaml
Create docker-cached-build.yaml
Minor changes to ubuntu build
Minor update to Flex Ubuntu22

---------

Signed-off-by: Miłosz Linkiewicz <[email protected]>

.dockerignore

@@ -3,3 +3,9 @@
 ./license*
 ./test*
 *Dockerfile*
+.github/**
+.vscode**
+./_build/*
+./build/*
+./docs*
+./_install*

.github/codeql/codeql-config.yml

@@ -1 +1 @@
-name: "MCM CodeQL Config"
+name: "RAISR CodeQL Config"

.github/configs/hadolint.yaml

@@ -0,0 +1,16 @@
+ignored:
+  - DL3002 # DL3002 Last user should not be root.
+  - DL3006 # DL3006 Always tag the version of an image explicitly
+  - DL3008 # DL3008⁠ Pin versions in apt-get install.
+  - DL3013 # DL3013 Pin versions in pip.
+  - DL3016 # DL3016 Pin versions in npm.
+  - DL3018 # DL3018 Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>.
+  - DL3028 # DL3028 Pin versions in gem install. Instead of gem install <gem> use gem install <gem>:<version>.
+  - DL3033 # DL3033 warning: Specify version with `yum install -y <package>-<version>`.
+  - SC2086 # SC2086 Double quote to prevent globbing and word splitting.
+  - SC2267 # SC2267 info: GNU xargs -i is deprecated in favor of -I{}
+trustedRegistries:
+  - docker.io
+  - gcr.io
+  - ghcr.io
+  - quay.io

.github/configs/super-linter/.clang-format

@@ -0,0 +1 @@
+BasedOnStyle: LLVM

.github/configs/super-linter/.markdown-lint.yml

@@ -0,0 +1,35 @@
+---
+###########################
+###########################
+## Markdown Linter rules ##
+###########################
+###########################
+
+# Linter rules doc:
+# - https://github.com/DavidAnson/markdownlint
+#
+# Note:
+# To comment out a single error:
+#   <!-- markdownlint-disable -->
+#   any violations you want
+#   <!-- markdownlint-restore -->
+#
+
+###############
+# Rules by id #
+###############
+MD004: false # Unordered list style
+MD007:
+  indent: 2 # Unordered list indentation
+MD013:
+  line_length: 400 # Line length 80 is far too short
+MD026:
+  punctuation: ".,;:!。，；:" # List of not allowed
+MD029: false # Ordered list item prefix
+MD033: false # Allow inline HTML
+MD036: false # Emphasis used instead of a heading
+
+#################
+# Rules by tags #
+#################
+blank_lines: false # Error on blank lines

.github/configs/super-linter/.yaml-lint.yml

@@ -0,0 +1,59 @@
+---
+###########################################
+# These are the rules used for            #
+# linting all the yaml files in the stack #
+# NOTE:                                   #
+# You can disable line with:              #
+# # yamllint disable-line                 #
+###########################################
+rules:
+  braces:
+    level: warning
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: 1
+    max-spaces-inside-empty: 5
+  brackets:
+    level: warning
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: 1
+    max-spaces-inside-empty: 5
+  colons:
+    level: warning
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    level: warning
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments: disable
+  comments-indentation: disable
+  document-end: disable
+  document-start:
+    level: warning
+    present: true
+  empty-lines:
+    level: warning
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    level: warning
+    max-spaces-after: 1
+  indentation:
+    level: warning
+    spaces: consistent
+    indent-sequences: true
+    check-multi-line-strings: false
+  key-duplicates: enable
+  line-length:
+    level: warning
+    max: 80
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable

.github/workflows/build-baremetal-ubuntu.yml

@@ -0,0 +1,119 @@
+name: build-baremetal-ubuntu
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  workflow_dispatch:
+
+env:
+  TZ: "Europe/Warsaw"
+  BUILD_TYPE: "Release"
+  DEBIAN_FRONTEND: "noninteractive"
+  FFMPEG_COMMIT_ID: "n6.1.1"
+  BUILD_DIR: "${{ github.workspace }}/build"
+  PREFIX: "${{ github.workspace }}/_install"
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+jobs:
+  build-baremetal-ubuntu:
+    runs-on: 'ubuntu-22.04'
+    timeout-minutes: 70
+    env:
+      LD_LIBRARY_PATH: "/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/usr/lib:${PREFIX}/lib:${PREFIX}/lib64:${LD_LIBRARY_PATH}"
+    steps:
+    - name: 'Harden Runner'
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      with:
+        egress-policy: audit
+
+    - name: 'Checkout repository'
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+    - name: 'Install OS level dependencies'
+      run: |
+        set -exo pipefail && \
+        mkdir -p "${PREFIX}" "${BUILD_DIR}/ffmpeg" && \
+        sudo apt-get update --fix-missing && \
+        sudo apt-get full-upgrade -y && \
+        sudo apt-get install --no-install-recommends -y \
+          build-essential \
+          ca-certificates \
+          cmake \
+          curl \
+          diffutils \
+          git \
+          gpg \
+          libx264-dev \
+          libx265-dev \
+          nasm \
+          ocl-icd-opencl-dev \
+          opencl-headers \
+          tar \
+          unzip \
+          wget \
+          zlib1g-dev
+
+    - name: 'Install Intel OneAPI APT repository'
+      run: |
+        set -exo pipefail && \
+        curl -fsSL https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | gpg --dearmor | sudo tee /usr/share/keyrings/oneapi-archive-keyring.gpg && \
+        echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" | sudo tee /etc/apt/sources.list.d/intel-oneAPI.list && \
+        sudo apt-get update --fix-missing && \
+        sudo apt-get install --no-install-recommends -y intel-oneapi-ipp-devel-2022.0
+
+    - name: 'Download and patch ffmpeg repository'
+      run: |
+        set -eo pipefail && \
+        curl -Lf https://github.com/ffmpeg/ffmpeg/archive/${FFMPEG_COMMIT_ID}.tar.gz | tar -zx --strip-components=1 -C "${BUILD_DIR}/ffmpeg"
+        patch -d "${BUILD_DIR}/ffmpeg" -p1 -i <(cat "${{ github.workspace }}/ffmpeg/"*.patch)
+        cp "${{ github.workspace }}/ffmpeg/vf_raisr"*.c "${BUILD_DIR}/ffmpeg/libavfilter"
+
+    - name: 'Build RAISR from source code'
+      run: |
+        ./build.sh -DENABLE_RAISR_OPENCL=ON \
+          -DCMAKE_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib;${PREFIX}/lib;" \
+          -DCMAKE_C_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp" \
+          -DCMAKE_CXX_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp"
+
+    - name: 'Configure ffmpeg repository'
+      working-directory: "${BUILD_DIR}/ffmpeg"
+      continue-on-error: true
+      run: |
+        ./configure \
+          --disable-shared \
+          --disable-debug  \
+          --disable-doc    \
+          --enable-static  \
+          --enable-libipp  \
+          --enable-gpl \
+          --enable-libx264 \
+          --enable-libx265 \
+          --enable-opencl  \
+          --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm' \
+          --extra-cflags='-fopenmp -I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp' \
+          --extra-ldflags="-fopenmp -L/opt/intel/oneapi/ipp/latest/lib -L${PREFIX}/lib" \
+          --enable-cross-compile \
+          --prefix="${PREFIX}" || \
+        { tail -n 100 "${BUILD_DIR}/ffmpeg/ffbuild/config.log && exit 1 }
+
+    - name: 'Build, install and check ffmpeg'
+      working-directory: "${BUILD_DIR}/ffmpeg"
+      continue-on-error: true
+      run: |
+        make clean
+        make -j"$(nproc)"
+        sudo -E make install
+        sudo -E ldconfig
+        ffmpeg -buildconf

.github/workflows/codeql.yml

@@ -1,25 +1,35 @@
-name: "CodeQL"
+name: scan-codeql-workflow
 
 on:
   push:
-    branches: [ "master", "main", "dev" ]
+    branches: [ "main" ]
   pull_request:
-    branches: [ "master", "main", "dev" ]
+    branches: [ "main" ]
   schedule:
-    - cron: '42 8 * * 1'
+    - cron: '15 0 * * *'
 
 env:
-  # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
-  BUILD_TYPE: Release
-  PREFIX_DIR: /usr/local
-  DEBIAN_FRONTEND: noninteractive
+  TZ: "Europe/Warsaw"
+  BUILD_TYPE: "Release"
+  DEBIAN_FRONTEND: "noninteractive"
+  FFMPEG_COMMIT_ID: "n6.1.1"
+  BUILD_DIR: "${{ github.workspace }}/build"
+  PREFIX: "${{ github.workspace }}/_install"
+
+defaults:
+  run:
+    shell: bash
 
 permissions:
   contents: read
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number ||  github.sha }}
+  cancel-in-progress: true
+
 jobs:
   analyze:
-    name: Analyze
+    name: 'scan-codeql-workflow-analyze'
     runs-on: ${{ matrix.runner-os }}
     timeout-minutes: 90
     strategy:
@@ -28,12 +38,7 @@ jobs:
         runner-os: [ 'ubuntu-22.04' ]
     permissions:
       actions: read
-      contents: read
       security-events: write
-    defaults:
-      run:
-        shell: bash
-
     steps:
     - name: 'Harden Runner'
       uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
@@ -43,24 +48,58 @@ jobs:
     - name: 'Checkout repository'
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
-    - name: 'Initialize CodeQL'
+    - name: 'Install OS level dependencies'
+      run: |
+        set -exo pipefail && \
+        mkdir -p "${PREFIX}" "${BUILD_DIR}/ffmpeg" && \
+        sudo apt-get update --fix-missing && \
+        sudo apt-get full-upgrade -y && \
+        sudo apt-get install --no-install-recommends -y \
+          build-essential \
+          ca-certificates \
+          cmake \
+          diffutils \
+          gpg \
+          libx264-dev \
+          libx265-dev \
+          llvm \
+          m4 \
+          meson \
+          nasm \
+          ocl-icd-opencl-dev \
+          opencl-headers \
+          zlib1g-dev \
+          make curl git sudo tar unzip wget yasm
+
+    - name: 'Install Intel OneAPI APT repository'
+      run: |
+        set -exo pipefail && \
+        curl -fsSL https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | gpg --dearmor | sudo tee /usr/share/keyrings/oneapi-archive-keyring.gpg && \
+        echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" | sudo tee /etc/apt/sources.list.d/intel-oneAPI.list && \
+        sudo apt-get update --fix-missing && \
+        sudo apt-get install --no-install-recommends -y intel-oneapi-ipp-devel-2022.0
+
+    - name: 'Download and patch ffmpeg repository'
+      run: |
+        set -exo pipefail && \
+        curl -Lf https://github.com/ffmpeg/ffmpeg/archive/${FFMPEG_COMMIT_ID}.tar.gz | tar -zx --strip-components=1 -C "${BUILD_DIR}/ffmpeg"
+        patch -d "${BUILD_DIR}/ffmpeg" -p1 -i <(cat "${{ github.workspace }}/ffmpeg/"*.patch)
+        cp "${{ github.workspace }}/ffmpeg/vf_raisr"*.c "${BUILD_DIR}/ffmpeg/libavfilter"
+
+    - name: 'Initialize CodeQL action'
       uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
       with:
-        languages: 'c-cpp'
-        build-mode: autobuild
-        # config-file: ${{ github.workspace }}/.github/codeql/codeql-config.yml
+        languages: "c-cpp"
+        config-file: "${{ github.workspace }}/.github/codeql/codeql-config.yml"
 
-    - if: matrix.build-mode == 'manual'
-      shell: bash
+    - name: 'Build RAISR from source code'
       run: |
-        echo 'If you are using a "manual" build mode for one or more of the' \
-          'languages you are analyzing, replace this with the commands to build' \
-          'your code, for example:'
-        echo '  make bootstrap'
-        echo '  make release'
-        exit 1
+        "${{ github.workspace }}/build.sh" -DENABLE_RAISR_OPENCL=ON \
+          -DCMAKE_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib;${PREFIX}/lib;" \
+          -DCMAKE_C_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp" \
+          -DCMAKE_CXX_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp"
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+    - name: 'Perform CodeQL Analysis'
+      uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
       with:
-        category: "/language:${{matrix.language}}"
+        category: "/language:c-cpp"