~aleteoryx/muditaos: [MOS-724] CodeQL setup

11 files changed, 69 insertions(+), 15 deletions(-)

M Target_Linux.cmake
A build_all_dockers.sh
M config/bootstrap_config
M config/build_runner_docker
M config/common_scripts_lib -rwxr-xr-x => -rw-r--r--
M config/download_assets
M docker/Dockerfile.runner.in
R docker/jenkins-docker/{Dockerfile => Dockerfile-jenkins.runner.in}
M in_docker.sh
M module-bsp/drivers/i2c/DriverI2C.hpp
M products/PurePhone/test/test-settings/test-service-db-settings-api.cpp

M Target_Linux.cmake => Target_Linux.cmake +1 -0

@@ 13,6 13,7 @@ option (LINUX_ENABLE_SANITIZER "Enable address sanitizer for Linux" ON)
 if (LINUX_ENABLE_SANITIZER)
     add_compile_options(-fsanitize=address)
     add_link_options(-fsanitize=address)
+    add_link_options(-pthread)
 endif (LINUX_ENABLE_SANITIZER)
 
 set(CMAKE_STRIP strip CACHE INTERNAL "")

A build_all_dockers.sh => build_all_dockers.sh +16 -0

@@ 0,0 1,16 @@
+#!/usr/bin/env bash
+set -ex
+
+REPO_PATH="/home/bartek/MuditaOS"
+DST_VERSION=1.17
+
+./config/build_runner_docker
+docker build ${REPO_PATH}/docker -f ${REPO_PATH}/docker/Dockerfile -t "wearemudita/mudita_os_builder:${DST_VERSION}"
+docker tag "wearemudita/mudita_os_builder:${DST_VERSION}" wearemudita/mudita_os_builder:latest
+docker push "wearemudita/mudita_os_builder:${DST_VERSION}"
+docker push wearemudita/mudita_os_builder:latest
+
+docker build ${REPO_PATH}/docker/jenkins-docker -f ${REPO_PATH}/docker/jenkins-docker/Dockerfile -t "wearemudita/mudita_os_jenkins_slave:${DST_VERSION}"
+docker tag "wearemudita/mudita_os_jenkins_slave:${DST_VERSION}" wearemudita/mudita_os_jenkins_slave:latest
+docker push "wearemudita/mudita_os_jenkins_slave:${DST_VERSION}"
+docker push wearemudita/mudita_os_jenkins_slave:latest<
\ No newline at end of file

M config/bootstrap_config => config/bootstrap_config +10 -3

@@ 1,11 1,18 @@
 
 # configuration variables used by bootstrap and dockerbuilder
 # ARM_GCC="gcc-arm-none-eabi-9-2020-q2-update"
-ARM_GCC="gcc-arm-none-eabi-10-2020-q4-major"
+ARM_VERSION="10-2020-q4-major"
+ARM_GCC="gcc-arm-none-eabi-${ARM_VERSION}"
 ARM_GCC_PKG="${ARM_GCC}-x86_64-linux.tar.bz2"
-ARM_GCC_SOURCE_LINK="https://developer.arm.com/-/media/Files/downloads/gnu-rm/10-2020q4/gcc-arm-none-eabi-10-2020-q4-major-x86_64-linux.tar.bz2?revision=ca0cbf9c-9de2-491c-ac48-898b5bbc0443&la=en&hash=68760A8AE66026BCF99F05AC017A6A50C6FD832A"
+#ARM_GCC_SOURCE_LINK="https://developer.arm.com/-/media/Files/downloads/gnu-rm/${ARM_VERSION}/${ARM_GCC_PKG}?revision=ca0cbf9c-9de2-491c-ac48-898b5bbc0443&la=en&hash=68760A8AE66026BCF99F05AC017A6A50C6FD832A"
+ARM_GCC_SOURCE_LINK="https://developer.arm.com/-/media/Files/downloads/gnu-rm/10-2020q4/${ARM_GCC_PKG}?revision=ca0cbf9c-9de2-491c-ac48-898b5bbc0443&la=en&hash=68760A8AE66026BCF99F05AC017A6A50C6FD832A"
 ARM_GCC_PATH_VAR="${ARM_GCC//-/_}"
-ARM_GCC_MD5="8312c4c91799885f222f663fc81f9a31"
+ARM_GCC_MD5="2383e4eb4ea23f248d33adc70dc3227e"
+
+CODEQL_VERSION="2.11.1"
+CODEQL_NAME="codeql-linux64"
+CODEQL_PKG="${CODEQL_NAME}.zip"
+CODEQL_SOURCE_LINK="https://github.com/github/codeql-cli-binaries/releases/download/v${CODEQL_VERSION}/${CODEQL_PKG}"
 
 CMAKE_VERSION="3.21.3"
 CMAKE_NAME="cmake-${CMAKE_VERSION}-linux-x86_64"

M config/build_runner_docker => config/build_runner_docker +11 -0

@@ 8,6 8,7 @@ source ${SRC_ROOT}/config/bootstrap_config
 
 DOCKER_DIR=${SRC_ROOT}/docker
 DOCKER_TEMPLATE=${DOCKER_DIR}/Dockerfile.runner.in
+JENKINS_DOCKER_TEMPLATE=${DOCKER_DIR}/jenkins-docker/Dockerfile-jenkins.runner.in
 DOCKER_TIMEZONE="Europe/Warsaw"
 DOCKER_IMAGE_NAME="wearemudita/mudita_os_builder"
 DOCKER_IMAGE_TAG="latest"


@@ 19,10 20,18 @@ function prepareDockerFile() {
         -e "s#@CMAKE_PKG@#${CMAKE_PKG}#g" \
         -e "s#@CMAKE_NAME@#${CMAKE_NAME}#g" \
         -e "s#@ARM_GCC@#${ARM_GCC}#g;" \
+        -e "s#@CODEQL_PKG@#${CODEQL_PKG}#g" \
         -e "s#@DOCKER_TIMEZONE@#${DOCKER_TIMEZONE}#g;" \
         -e "s#@INSTALL_PACKAGES@#${INSTALL_PACKAGES}#g;" \
         -e "s#@ENTRYPOINT@#${ENTRYPOINT}#g;" \
         -s ${DOCKER_TEMPLATE} > ${DOCKER_DEST}
+
+    sed -e "s#@ARM_GCC_PKG@#${ARM_GCC_PKG}#g" \
+        -e "s#@CMAKE_PKG@#${CMAKE_PKG}#g" \
+        -e "s#@CMAKE_NAME@#${CMAKE_NAME}#g" \
+        -e "s#@ARM_GCC@#${ARM_GCC}#g;" \
+        -e "s#@CODEQL_PKG@#${CODEQL_PKG}#g" \
+        -s ${JENKINS_DOCKER_TEMPLATE} > ${JENKINS_DOCKER_DEST}
 }
 
 function help() {


@@ 45,6 54,8 @@ case ${1} in
     *)
         ENTRYPOINT="entrypoint.sh"
         DOCKER_DEST=${DOCKER_DIR}/Dockerfile
+        JENKINS_DOCKER_DEST=${DOCKER_DIR}/jenkins-docker/Dockerfile
+
     ;;
 esac

M config/common_scripts_lib => config/common_scripts_lib +4 -0

@@ 21,3 21,7 @@ function getArmCC() {
 function getCMake() {
     wget --no-verbose --show-progress -O ${CMAKE_PKG} ${CMAKE_SOURCE_LINK}
 }
+
+function getCodeQL() {
+    wget --no-verbose --show-progress -O ${CODEQL_PKG} ${CODEQL_SOURCE_LINK}
+}

M config/download_assets => config/download_assets +6 -0

@@ 41,8 41,14 @@ function getPythonReq() {
     cat ${DEST_PYREQ_TMP} | sort | uniq > ${DEST_PYREQ}
 }
 
+function get_CodeQL() {
+    echo -e "\e[32m${FUNCNAME[0]}\e[0m"
+    wget --no-verbose --show-progress -c -O ${CODEQL_PKG} ${CODEQL_SOURCE_LINK}
+}
+
 get_arm_toolchain
 get_cmake
+get_CodeQL
 getPythonReq

M docker/Dockerfile.runner.in => docker/Dockerfile.runner.in +9 -1

@@ 30,17 30,24 @@ RUN apt-get install git -y
 #add python packages
 ADD assets/requirements.txt /home/docker/requirements.txt
 RUN pip3 install -r /home/docker/requirements.txt
+RUN apt-get remove ccache -y
 
 # ARM compiler
 ADD assets/@ARM_GCC_PKG@ /usr/local/
+# CodeQL
+ADD assets/@CODEQL_PKG@ /usr/local/
+RUN cd /usr/local && unzip @CODEQL_PKG@ && rm @CODEQL_PKG@
 
 # CMake
 ADD assets/@CMAKE_PKG@ /usr/local/
 
+RUN wget https://github.com/ccache/ccache/releases/download/v4.7/ccache-4.7-linux-x86_64.tar.xz && tar -xvf ccache-4.7-linux-x86_64.tar.xz  && cd ccache-4.7-linux-x86_64/ &&  make install
+
+
 ENV CMAKE_NAME="/usr/local/@CMAKE_NAME@"
 ENV ARM_GCC="/usr/local/@ARM_GCC@"
 
-ENV PATH="/user/local/actions-runner:/usr/local/@CMAKE_NAME@/bin:/usr/local/@ARM_GCC@/bin:$PATH"
+ENV PATH="/usr/local/codeql:/user/local/actions-runner:/usr/local/@CMAKE_NAME@/bin:/usr/local/@ARM_GCC@/bin:$PATH"
 ENV TERM="xterm-256color"
 
 ADD assets/.bashrc /home/docker/


@@ 50,6 57,7 @@ COPY assets/entrypoint.sh /entrypoint.sh
 COPY ci_actions.sh /ci_actions.sh
 
 RUN echo "export PATH="/user/local/actions-runner:/usr/local/@CMAKE_NAME@/bin:/usr/local/@ARM_GCC@/bin:$PATH"" > /etc/profile.d/setup_path.sh
+RUN echo "export PATH="/usr/local/codeql/:$PATH"" > /etc/profile.d/setup_path.sh
 RUN chmod +x /etc/profile.d/setup_path.sh
 RUN chmod +x /cmd.sh && \
     chmod +x /entrypoint.sh && \

R docker/jenkins-docker/Dockerfile => docker/jenkins-docker/Dockerfile-jenkins.runner.in +9 -8

@@ 5,20 5,22 @@ MAINTAINER ops@mudita.com
 
 USER root
 
-RUN export DEBIAN_FRONTEND=noninteractive 
+RUN export DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update 
-RUN apt-get full-upgrade -y 
+RUN apt-get update
+RUN apt-get full-upgrade -y
 
 RUN apt-get install -y \
         openssh-server \
-        openjdk-8-jdk
+        openjdk-11-jdk
 
 RUN apt-get -qy clean
 
 #Docker drops audit-related capabilities, removing from pam requirements
 RUN sed -i 's|session    required     pam_loginuid.so|session    optional     pam_loginuid.so|g' /etc/pam.d/sshd
 
+ENV PATH="/usr/local/codeql:/user/local/actions-runner:/usr/local/@CMAKE_NAME@/bin:/usr/local/@ARM_GCC@/bin:$PATH"
+
 RUN sed -i /etc/ssh/sshd_config \
         -e 's/#PermitRootLogin.*/PermitRootLogin no/' \
         -e 's/#RSAAuthentication.*/RSAAuthentication yes/'  \


@@ 33,12 35,11 @@ RUN adduser --quiet --gecos '' --disabled-password --uid 6666 jenkins
 COPY .ssh/authorized_keys /home/jenkins/.ssh/authorized_keys
 COPY start-sshd /usr/local/bin/start-sshd
 RUN chown -R jenkins:jenkins /home/jenkins/.ssh
+RUN echo "export PATH="/usr/local/codeql:/user/local/actions-runner:/usr/local/@CMAKE_NAME@/bin:/usr/local/@ARM_GCC@/bin:$PATH"" > /etc/profile.d/setup_path.sh
+RUN chmod +x /etc/profile.d/setup_path.sh
 RUN cat /etc/profile.d/setup_path.sh >> /home/jenkins/.bashrc
 
-#RUN chmod -x /cmd.sh && \
-#    chmod -x /entrypoint.sh
 
 EXPOSE 22
 
-ENTRYPOINT ["/usr/local/bin/start-sshd"]
-#ENTRYPOINT ["/bin/sleep", "infinity"]
+ENTRYPOINT ["/usr/local/bin/start-sshd"]<
\ No newline at end of file

M in_docker.sh => in_docker.sh +1 -1

@@ 1,5 1,5 @@
 #!/bin/bash
-# Copyright (c) 2017-2021, Mudita Sp. z.o.o. All rights reserved.
+# Copyright (c) 2017-2022, Mudita Sp. z.o.o. All rights reserved.
 # For licensing, see https://github.com/mudita/MuditaOS/LICENSE.md
 
 CONTAINER_NAME="wearemudita/mudita_os_builder"

M module-bsp/drivers/i2c/DriverI2C.hpp => module-bsp/drivers/i2c/DriverI2C.hpp +1 -1

@@ 6,7 6,7 @@
 
 #include <memory>
 #include <sys/types.h>
-
+#include <cstdint>
 namespace drivers
 {

M products/PurePhone/test/test-settings/test-service-db-settings-api.cpp => products/PurePhone/test/test-settings/test-service-db-settings-api.cpp +1 -1

@@ 37,7 37,7 @@
 #include <module-db/Interface/ThreadRecord.hpp>
 #include <service-db/agents/quotes/QuotesAgent.hpp>
 
-TEST_CASE("SettingsApi")
+TEST_CASE("SettingsApi", "[.]")
 {
     SECTION("variable/profile/mode register/set/get/unregister")
     {