Edge Virtualization Platform v1.48.0

.devcontainer/raspi/Dockerfile

@@ -23,6 +23,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     git \
     gpg \
     make \
+    patchelf \
     pycodestyle \
     python3-pip \
     python3-bashate \
@@ -90,6 +91,8 @@ RUN echo "deb https://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-${LLVM_VERS
     && update-alternatives --install /usr/bin/ld.lld ld.lld /usr/bin/ld.lld-${LLVM_VERSION} 50 \
     && update-alternatives --install /usr/bin/wasm-ld wasm-ld /usr/bin/wasm-ld-${LLVM_VERSION} 50
 
+RUN pip3 install auditwheel==6.3.0 --break-system-packages
+
 ENV WASI_PREFIX=/usr/bin/
 ARG WASI_SDK_VERSION=24
 ENV WASI_SYSROOT=/opt/wasi-sysroot-${WASI_SDK_VERSION}.0

.devcontainer/ubuntu/Dockerfile

@@ -24,6 +24,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     git \
     gpg \
     make \
+    patchelf \
     pycodestyle \
     python3-pip \
     python3-bashate \
@@ -60,7 +61,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && update-alternatives --install /usr/bin/python python /usr/bin/python3 50
 
 # Remove this once stdeb is fully released for ubuntu:24.04 (python3.12)
-RUN pip3 install git+https://github.com/astraw/stdeb.git --break-system-packages
+RUN pip3 install \
+    auditwheel==6.3.0 \
+    git+https://github.com/astraw/stdeb.git \
+    --break-system-packages
 
 RUN echo "deb https://apt.llvm.org/noble/ llvm-toolchain-noble-${LLVM_VERSION} main" > /etc/apt/sources.list.d/apt.llvm.org.list && \
     curl -sL https://apt.llvm.org/llvm-snapshot.gpg.key | tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc && \

.github/workflows/build-sdk.yml

@@ -29,7 +29,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ github.token }}
       options: ${{ startsWith(matrix.runner, 'buildjet') && '--user 1000:1001' || '--user 1001:127' }}
-    timeout-minutes: 8 # the worst case is 3 minutes
+    timeout-minutes: ${{ startsWith(matrix.runner, 'buildjet') && 20 || 8 }} # the worst case is 3 minutes but buildjet sometimes is slower downloading the docker image
     strategy:
       fail-fast: false
       matrix:
@@ -92,7 +92,7 @@ jobs:
 
       - name: Build Python package
         working-directory: src/python-evp-app-sdk
-        run: python3 -m build
+        run: make
 
       - name: SDK Debian package
         working-directory: src/python-evp-app-sdk
@@ -101,7 +101,7 @@ jobs:
       - uses: actions/upload-artifact@v4
         with:
           name: python-sdk-${{ matrix.name }}-${{ matrix.platform }}-${{ github.run_id }}
-          path: src/python-evp-app-sdk/dist/*
+          path: lib/python/*
 
       - uses: actions/upload-artifact@v4
         with:

.github/workflows/build.yml

@@ -29,7 +29,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ github.token }}
       options: ${{ startsWith(matrix.runner, 'buildjet') && '--user 1000:1001' || '--user 1001:127' }}
-    timeout-minutes: 8 # the worst case is 3 minutes
+    timeout-minutes: ${{ startsWith(matrix.runner, 'buildjet') && 20 || 8 }} # the worst case is 3 minutes but buildjet sometimes is slower downloading the docker image
     strategy:
       fail-fast: false
       matrix:
@@ -50,7 +50,8 @@ jobs:
           ref: ${{ inputs.ref }}
 
       - name: Build
-        run: bear -- make -j$((`nproc` * 2)) CFLAGS="-g -Werror"
+        run: bear -- make -j$((`nproc` * 2)) CFLAGS="-g -Werror" \
+          LDFLAGS="-Wl,--export-dynamic"
 
       - name: Generate SBOM
         run: |

.github/workflows/release.yml

@@ -13,14 +13,26 @@ jobs:
   release-artifacts:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v4
+      - name: Get release version name
+        id: version
+        run: |
+          name=$(echo "${{ github.ref_name }}" | awk -F/ '{print $NF}')
+          echo "name=$name" >> $GITHUB_OUTPUT
 
       - name: Get last successful run id
         id: run-id
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
-          last_run_id=$(gh run list -w main.yml -c ${{ github.sha }} -b main -s completed --json databaseId -L 1 | jq -r .[].databaseId)
+          last_run_id=$(
+            gh run list \
+            --repo ${{ github.repository }} \
+            -w main.yml \
+            -c ${{ github.sha }} \
+            -b main \
+            -s completed \
+            --json databaseId -L 1 | jq -r .[].databaseId
+          )
           test -z $last_run_id && echo "cannot find last successful run_id" && exit 1 || echo "last_run_id=$last_run_id" && echo "last_run_id=$last_run_id" >> $GITHUB_OUTPUT
 
       - name: Download Python SDK (RaspiOS bookworm ARM64)
@@ -113,6 +125,17 @@ jobs:
           path: dist-ubuntu-noble-amd64
           github-token: ${{ github.event.repository.private && secrets.MIDOJENKINS_ARTIFACT_READ_EVP_AGENT_OSS || github.token }}
 
+      - name: Download SBOM
+        uses: actions/download-artifact@v4
+        env:
+          LAST_RUN_ID: ${{ steps.run-id.outputs.last_run_id }}
+        with:
+          pattern: sbom-agent-*${{ env.LAST_RUN_ID }}
+          merge-multiple: false
+          run-id: ${{ env.LAST_RUN_ID }}
+          path: sbom
+          github-token: ${{ github.event.repository.private && secrets.MIDOJENKINS_ARTIFACT_READ_EVP_AGENT_OSS || github.token }}
+
       - name: Rename deb artifacts
         run: |
           set -x
@@ -124,15 +147,13 @@ jobs:
             mv $deb $(echo $deb | sed -E 's/(.*)_([^_]*).deb/\1-raspios-bookworm_\2.deb/');
           done
 
-      - name: Rename whl artifacts
+      - name: Create a zip for sbom
         run: |
           set -x
-          for whl in dist-ubuntu-noble-*/*.whl; do
-            mv $whl $(echo $whl | sed -E 's/(.*)-([^-]*).whl/\1-ubuntu_noble-\2.whl/');
-          done
-
-          for whl in dist-raspios-bookworm-*/*.whl; do
-            mv $whl $(echo $whl | sed -E 's/(.*)-([^-]*).whl/\1-raspios_bookworm-\2.whl/');
+          cd sbom
+          for dir in sbom-agent*; do
+            sbom_name="${dir%-*}"
+            zip -r ${sbom_name}-${{ steps.version.outputs.name }}.zip $dir;
           done
 
       - name: List files in dist-ubuntu-noble-amd64
@@ -151,3 +172,4 @@ jobs:
           files: |
             dist-*/*.deb
             dist-*/*.whl
+            sbom/*.zip

.github/workflows/test.yml

@@ -29,7 +29,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ github.token }}
       options: ${{ startsWith(matrix.runner, 'buildjet') && '--user 1000:1001' || '--user 1001:127' }}
-    timeout-minutes: 30
+    timeout-minutes: ${{ startsWith(matrix.runner, 'buildjet') && 20 || 8 }} # the worst case is 3 minutes but buildjet sometimes is slower downloading the docker image
     strategy:
       fail-fast: false
       matrix:
@@ -67,7 +67,7 @@ jobs:
           make -j$((`nproc` * 2))\
             KBUILD_DEFCONFIG=configs/unit-test-all-hubs-wasm.config\
             test_modules/tests
-            
+
       - name: Run tests
         env:
           ASAN_OPTIONS: detect_leaks=1:detect_stack_use_after_return=1

.gitignore

@@ -56,6 +56,7 @@ test/lorem-ipsum
 .venv/
 *.core
 /dist
+/src/python-evp-app-sdk/dist-stamp
 /src/sdkenc/stamp
 /src/sdkenc/*.h
 /include/sdkenc/*.h

.gitmodules

@@ -16,7 +16,7 @@
 	url = https://github.com/apache/nuttx-apps
 [submodule "src/wasm-micro-runtime"]
 	path = src/wasm-micro-runtime
-	url = https://github.com/bytecodealliance/wasm-micro-runtime
+	url = https://github.com/midokura/wasm-micro-runtime.git
 [submodule "test/libweb"]
 	path = test/libweb
 	url = https://github.com/midokura/libweb.git

CODE_OF_CONDUCT.md

@@ -0,0 +1,138 @@
+<!--
+SPDX-FileCopyrightText: 2025 Sony Semiconductor Solutions Corporation
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement
+[our contact form](https://support.aitrios.sony-semicon.com/hc/en-us/requests/new).
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

CONTRIBUTING.md

@@ -0,0 +1,64 @@
+<!--
+SPDX-FileCopyrightText: 2025 Sony Semiconductor Solutions Corporation
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# Contributing Guidelines
+
+We gratefully accept contributions from the community. Please take a moment to review this document and our [Code of Conduct](CODE_OF_CONDUCT.md) in order to make the contribution process efficient and pleasant for everyone involved.
+
+## Bug Reports
+
+If you think you have found a bug, first make sure that you are testing against the latest version, in case your issue has already been fixed. Search our issues list on GitHub to see if a similar or related problem has already been reported.
+
+When creating a new issue, or updating an existing one, please provide as much contextual information as you can. What environment, device and OS do you use? What is your build configuration? With what version of dependencies and with which compiler and toolchain did you build?
+
+In addition it will be very helpful if you can provide a unit test, system test, or step by step instructions to reproduce the bug. It makes it much easier to find the problem and fix it.
+
+## Feature Requests
+
+If you find yourself wishing for a feature that doesn't exist, you are probably not alone. There are bound to be others with similar needs. Open an issue on our issues list on GitHub, detailing:
+- The feature you would like to see
+- Why it is important
+- How it should work
+- How you will use it
+
+## Security Vulnerabilities
+
+> [!WARNING]
+> Do not use public issues to report security vulnerabilities: contact us directly instead.
+
+If you think that you have identified a security vulnerability in Edge Virtualization Platform(EVP), please send us your report with as much context as possible via [our contact form](https://support.aitrios.sony-semicon.com/hc/en-us/requests/new).
+
+## Contributing Code, Tests, and Documentation
+
+Send us your pull requests! For those just getting started, GitHub has a [how to](https://help.github.com/articles/using-pull-requests/).
+
+In order to maintain proper traceability of contributions, we require that you agree to the four clauses of the [Developer's Certificate of Origin](https://developercertificate.org/). Particularly, commits should be signed off by their respective authors. This repository enforces this by means of the [DCO GitHub app](https://github.com/apps/dco).
+
+### Submit a Pull Request (PR)
+
+- Check for open issues or PRs related to your change.
+- Before writing any code, consider creating a new issue for any major change and enhancement that you wish to make. It may be that somebody is already working on it, or that there are particular complexities that you should know about.
+- Fork the repository on GitHub to start making your changes. As a general rule, you should use the "main" branch as a basis.
+- Include unit tests when you contribute new features, as they help to prove that your code works correctly and guard against future breaking changes.
+- Bug fixes also generally require unit tests, because the presence of bugs usually indicates insufficient test coverage.
+- Keep API compatibility in mind when you change code in core functionality. Any non-backward-compatible public API changes, i.e. breaking changes to header files in the `edge-virtualization-platform/src/` folder, will require a major version increment.
+- Include a license header at the top of all new files.
+- Please avoid including unrelated commits and changes in your PR branch.
+- Before submitting a PR, test locally. Run formatting checks and unit tests on your development machine. See [the build instructions](docs/README.md) for details.
+- Send a PR and work with us until it is merged. Contributions may need some modifications, so a few rounds of review and fixing may be necessary.
+- For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it takes to review and merge.
+- Include as much context as possible: What problem does your PR solve, how does it solve it, and why is it important?
+
+Our team members will review your PR, and once it is approved and passes continuous integration checks it will be ready to merge.
+
+Bear in mind that when you contribute a new feature, the maintenance burden is transferred to the edge-virtualization-platform team. This means that the benefit of the contribution must be compared against the cost of maintaining the feature.
+
+> [!WARNING]
+> By submitting a PR, you agree to license your work under the same license as that used by the project.
+
+## License and Copyright
+
+Contributors accept that their contributions are made under the Apache-2.0 license. All new files should include the Apache-2.0 standard license header where possible. See the [LICENSE](LICENSE) file for the full text of this license.