Skip to content

SDLe fix: Github workflow vulnerabilities and migration to github runner #8

Merged
dmkarthi merged 17 commits into
mainfrom
gha-cleanup
May 12, 2026
Merged

SDLe fix: Github workflow vulnerabilities and migration to github runner #8
dmkarthi merged 17 commits into
mainfrom
gha-cleanup

Conversation

@dmkarthi

@dmkarthi dmkarthi commented May 11, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Description

Checklist

Code Quality

  • Code follows project style guidelines
  • No unnecessary debug logs or commented-out code
  • No hardcoded values / secrets

Testing

  • Unit test added/modified accordingly
  • Perform manual basic sanity testing at system level

Review Readiness

  • PR title and description are clear and meaningful
  • Story/Task IDs are linked

Documentation

  • README or relevant docs updated (if applicable)

Security

  • No sensitive data exposed (keys, passwords, tokens)
  • Input validation added where needed

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Documentation content changes
  • Testing
  • Other... Please describe:

dmkarthi and others added 4 commits May 11, 2026 09:33
@dmkarthi
ci: fix zizmor findings - concurrency, fork guards, env intermediarie…
89b9296 
…s for workspace
@dmkarthi
ci: switch to ubuntu-latest runners, remove self-hosted fork guards
1e00cbf
@roshan-ku
Switch to GitHub-hosted runners: environment-check installs all deps
6407e24 
- Rewrite environment-check to install missing APT/pip/analysis packages
- Add DPDK 25.11, MTL v26.01, openh264, FFmpeg 7.0+MTL build-from-source steps
- Skip builds if dependencies already present (cache-friendly)
- Verify all build dependencies and FFmpeg MTL plugin after setup
@roshan-ku
git am to git apply
b9c1202
dmkarthi
dmkarthi commented May 11, 2026
View reviewed changes
Comment thread .github/actions/environment-check/action.yml Outdated
Comment thread .github/actions/environment-check/action.yml Outdated
roshan-ku added 3 commits May 11, 2026 11:52
@roshan-ku
Re-enable Coverity and Trivy with auto-install on GitHub runners
caa1a03 
- Coverity action: downloads and installs from URL via secrets (COVERITY_URL, COVERITY_TOKEN)
- Trivy action: installs from Aqua Security apt repository if not present
- Both actions skip install if tools are already available
- Re-added Coverity and Trivy steps to ci, daily_build, and pull_request workflows
@roshan-ku
Add self-install steps to shellcheck and cppcheck actions
81ccc11 
- Each analysis action now installs its own tool if missing
- Removed analysis tools check from environment-check (no longer needed)
@roshan-ku
Use COVERITY_ARTIFACTORY_USER/PASSWORD secrets for Coverity download
bee877d
dmkarthi
dmkarthi commented May 11, 2026
View reviewed changes
Comment thread .github/actions/environment-check/action.yml Outdated
roshan-ku and others added 10 commits May 11, 2026 11:57
@roshan-ku
Make DPDK, MTL, and FFmpeg versions configurable via action inputs
3a00e5c 
Defaults: DPDK 25.11, MTL v26.01, FFmpeg 7.0
@dmkarthi
ci: add zizmor action, fix template-injection, comment coverity, clea…
cde6f71 
…nup workflows
@dmkarthi
ci: add actions/cache to environment-check, use RUNNER_TEMP for build…
829899f 
… sources
@dmkarthi
ci: fix artifact paths, rename artifacts to DVLED-SW-TK, add scan-on-…
64ca0fa 
…demand workflow
@dmkarthi
ci: fix cache permission errors - use RUNNER_TEMP staging, fix artifa…
4bf3cef 
…ct paths, rename artifacts
@dmkarthi
ci: use DESTDIR to capture only built library installables for cache
b2be0f1
@dmkarthi
ci: run DESTDIR capture before sudo install to fix meson-logs permiss…
e0b4667 
…ion error
@dmkarthi
ci: fix MTL DESTDIR - restore meson-logs ownership after build.sh sud…
3239179 
…o install
@dmkarthi
ci: add scan metadata report with git details and trigger info to sca…
a888809 
…n-on-demand
@dmkarthi
Merge branch 'main' into gha-cleanup
e0f32a9
@dmkarthi dmkarthi changed the title Github workflow vulnerabilities and migration to github runner SDLe fix: Github workflow vulnerabilities and migration to github runner May 12, 2026
@dmkarthi dmkarthi requested a review from roshan-ku May 12, 2026 05:27
@dmkarthi dmkarthi merged commit 7619927 into main May 12, 2026
1 check passed
@dmkarthi dmkarthi deleted the gha-cleanup branch May 12, 2026 05:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@roshan-ku roshan-ku roshan-ku approved these changes

@sunilnom sunilnom sunilnom approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dmkarthi @roshan-ku @sunilnom