1. Patchew
  2. Xen
  3. [XEN PATCH v1 0/6] automation: Refresh the remaining Debian containers
  4. View patch

[XEN PATCH v1 5/6] CI: Refresh the Debian 12 cppcheck container

Javi Merino posted 6 patches 1 year, 3 months ago
There is a newer version of this series
[XEN PATCH v1 5/6] CI: Refresh the Debian 12 cppcheck container
Posted by Javi Merino 1 year, 3 months ago 
Rework the container to build and run cppcheck as a normal user.  Use
heredocs for readability and use apt-get --no-install-recommends to
keep the size down.

Changed the libpcre3-dev dependency to libpcre3, as the -dev package
is only needed for building, not for running.

With the cleanups, the size of the container is reduced from 882MB to
782MB.

Signed-off-by: Javi Merino <javi.merino@cloud.com>
---

I tried updating cppcheck to the latest upstream version (2.15.0) but
it reports misra errors like:

    xen/common/sched/cpupool.c(0,0):internalError:error:Bailing out from analysis: Checking file failed: Failed to execute addon 'misra' - exitcode is 1
    [...]
    xen/arch/arm/decode.c(220,10):misra-config:error:Because of missing configuration, misra checking is incomplete. There can be false negatives! Variable 'type' is unknown

The output log xen-cppcheck.txt from job #8164274901 which uses
cppcheck 2.15.0 can be found at:
https://gitlab.com/xen-project/people/javimerino/xen/-/jobs/8164274901/artifacts/browse

Therefore, I'm keeping cppcheck at 2.7, which aligns with what
docs/misra/cppcheck.txt says is the last tested version.

 .../debian/12-arm64v8-cppcheck.dockerfile     | 80 +++++++++++++++++++
 .../build/debian/bookworm-cppcheck.dockerfile | 54 -------------
 automation/gitlab-ci/build.yaml               | 12 +--
 automation/scripts/containerize               |  2 +-
 4 files changed, 87 insertions(+), 61 deletions(-)
 create mode 100644 automation/build/debian/12-arm64v8-cppcheck.dockerfile
 delete mode 100644 automation/build/debian/bookworm-cppcheck.dockerfile

diff --git a/automation/build/debian/12-arm64v8-cppcheck.dockerfile b/automation/build/debian/12-arm64v8-cppcheck.dockerfile
new file mode 100644
index 000000000000..a839d4c57bda
--- /dev/null
+++ b/automation/build/debian/12-arm64v8-cppcheck.dockerfile
@@ -0,0 +1,80 @@
+# syntax=docker/dockerfile:1
+FROM --platform=linux/arm64/v8 debian:bookworm AS builder
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV CPPCHECK_VERSION=2.7
+
+# dependencies for cppcheck build
+RUN <<EOF
+#!/bin/bash
+    set -eu
+
+    apt-get update
+    DEPS=(
+        build-essential
+        ca-certificates
+        curl
+        libpcre3-dev
+        python-is-python3
+    )
+
+    apt-get -y --no-install-recommends install "${DEPS[@]}"
+
+    rm -rf /var/lib/apt/lists*
+EOF
+
+RUN useradd --home /build --create-home user
+
+WORKDIR /build
+USER user
+
+# cppcheck release build (see cppcheck readme.md)
+RUN <<EOF
+#!/bin/bash
+    set -eu
+
+    curl -fsSL https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz | tar xvz
+    cd cppcheck-"$CPPCHECK_VERSION"
+
+    MAKE_OPTS=(
+        MATCHCOMPILER=yes
+        DESTDIR=/build/out
+        FILESDIR="/usr/share/cppcheck"
+        HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function"
+    )
+    make install -j$(nproc) "${MAKE_OPTS[@]}"
+EOF
+
+FROM --platform=linux/arm64/v8 debian:bookworm
+COPY --from=builder /build/out/usr/bin/cppcheck /usr/bin/cppcheck
+COPY --from=builder /build/out/usr/share/cppcheck /usr/share/cppcheck
+
+LABEL maintainer.name="The Xen Project" \
+      maintainer.email="xen-devel@lists.xenproject.org"
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV USER root
+
+# dependencies for cppcheck analysis including Xen-only build/cross-build
+RUN <<EOF
+#!/bin/bash
+    set -eu
+
+    useradd --create-home user
+
+    apt-get update
+    DEPS=(
+        bison
+        build-essential
+        python-is-python3
+        libpcre3
+        flex
+        gcc-arm-linux-gnueabihf
+        gcc-x86-64-linux-gnu
+    )
+    apt-get --yes --no-install-recommends install "${DEPS[@]}"
+    rm -rf /var/lib/apt/lists*
+EOF
+
+USER user
+WORKDIR /build
diff --git a/automation/build/debian/bookworm-cppcheck.dockerfile b/automation/build/debian/bookworm-cppcheck.dockerfile
deleted file mode 100644
index fe4cd4a1aaab..000000000000
--- a/automation/build/debian/bookworm-cppcheck.dockerfile
+++ /dev/null
@@ -1,54 +0,0 @@
-# syntax=docker/dockerfile:1
-FROM --platform=linux/arm64/v8 debian:bookworm AS builder
-
-ENV DEBIAN_FRONTEND=noninteractive
-ENV CPPCHECK_VERSION=2.7
-ENV USER root
-
-# dependencies for cppcheck build
-RUN apt-get update && \
-    apt-get --quiet --yes install \
-        curl \
-        build-essential \
-        python-is-python3 \
-        libpcre3-dev
-
-RUN mkdir /build
-WORKDIR /build
-
-# cppcheck release build (see cppcheck readme.md)
-RUN curl -fsSLO https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz && \
-    tar xvzf "$CPPCHECK_VERSION".tar.gz && \
-    cd cppcheck-"$CPPCHECK_VERSION" && \
-    make install -j$(nproc) \
-        MATCHCOMPILER=yes \
-        FILESDIR=/usr/share/cppcheck \
-        HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function"
-
-FROM --platform=linux/arm64/v8 debian:bookworm
-COPY --from=builder /usr/bin/cppcheck /usr/bin/cppcheck
-COPY --from=builder /usr/share/cppcheck /usr/share/cppcheck
-
-LABEL maintainer.name="The Xen Project" \
-      maintainer.email="xen-devel@lists.xenproject.org"
-
-ENV DEBIAN_FRONTEND=noninteractive
-ENV USER root
-
-RUN mkdir /build
-WORKDIR /build
-
-# dependencies for cppcheck analysis including Xen-only build/cross-build
-RUN apt-get update && \
-    apt-get --quiet --yes install \
-        build-essential \
-        python-is-python3 \
-        libpcre3-dev \
-        flex \
-        bison \
-        gcc-arm-linux-gnueabihf \
-        gcc-x86-64-linux-gnu \
-        && \
-        apt-get autoremove -y && \
-        apt-get clean && \
-        rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index 380021d49f12..c57882b8846e 100644
--- a/automation/gitlab-ci/build.yaml
+++ b/automation/gitlab-ci/build.yaml
@@ -488,26 +488,26 @@ yocto-qemux86-64:
 
 # Cppcheck analysis jobs
 
-debian-bookworm-gcc-cppcheck:
+debian-12-x86_64-gcc-cppcheck:
   extends: .gcc-x86-64-cross-build
   variables:
-    CONTAINER: debian:bookworm-cppcheck
+    CONTAINER: debian:12-arm64v8-cppcheck
     CROSS_COMPILE: /usr/bin/x86_64-linux-gnu-
     CPPCHECK: y
     HYPERVISOR_ONLY: y
 
-debian-bookworm-gcc-arm32-cppcheck:
+debian-12-arm32-gcc-cppcheck:
   extends: .gcc-arm32-cross-build
   variables:
-    CONTAINER: debian:bookworm-cppcheck
+    CONTAINER: debian:12-arm64v8-cppcheck
     CROSS_COMPILE: /usr/bin/arm-linux-gnueabihf-
     CPPCHECK: y
     HYPERVISOR_ONLY: y
 
-debian-bookworm-gcc-arm64-cppcheck:
+debian-12-arm64-gcc-cppcheck:
   extends: .gcc-arm64-build
   variables:
-    CONTAINER: debian:bookworm-cppcheck
+    CONTAINER: debian:12-arm64v8-cppcheck
     CPPCHECK: y
     HYPERVISOR_ONLY: y
 
diff --git a/automation/scripts/containerize b/automation/scripts/containerize
index c9988bfe927d..e5502c81a759 100755
--- a/automation/scripts/containerize
+++ b/automation/scripts/containerize
@@ -38,7 +38,7 @@ case "_${CONTAINER}" in
     _bookworm-i386|_bookworm-x86_32) CONTAINER="${BASE}/debian:12-x86_32" ;;
     _bookworm-arm64v8-arm32-gcc) CONTAINER="${BASE}/debian:12-arm64v8-arm32-gcc" ;;
     _bookworm-arm64v8) CONTAINER="${BASE}/debian:12-arm64v8" ;;
-    _bookworm-cppcheck) CONTAINER="${BASE}/debian:bookworm-cppcheck" ;;
+    _bookworm-cppcheck) CONTAINER="${BASE}/debian:12-arm64v8-cppcheck" ;;
     _opensuse-leap|_leap) CONTAINER="${BASE}/opensuse:leap-15.6-x86_64" ;;
     _opensuse-tumbleweed|_tumbleweed) CONTAINER="${BASE}/opensuse:tumbleweed-x86_64" ;;
     _xenial) CONTAINER="${BASE}/ubuntu:16.04-x86_64" ;;
-- 
2.45.2
Re: [XEN PATCH v1 5/6] CI: Refresh the Debian 12 cppcheck container
Posted by Stefano Stabellini 1 year, 3 months ago 
> heredocs for readability and use apt-get --no-install-recommends to
> keep the size down.
> 
> Changed the libpcre3-dev dependency to libpcre3, as the -dev package
> is only needed for building, not for running.
> 
> With the cleanups, the size of the container is reduced from 882MB to
> 782MB.
> 
> Signed-off-by: Javi Merino <javi.merino@cloud.com>

Assuming everything works as expected:
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>


> ---
> 
> I tried updating cppcheck to the latest upstream version (2.15.0) but
> it reports misra errors like:
> 
>     xen/common/sched/cpupool.c(0,0):internalError:error:Bailing out from analysis: Checking file failed: Failed to execute addon 'misra' - exitcode is 1
>     [...]
>     xen/arch/arm/decode.c(220,10):misra-config:error:Because of missing configuration, misra checking is incomplete. There can be false negatives! Variable 'type' is unknown
> 
> The output log xen-cppcheck.txt from job #8164274901 which uses
> cppcheck 2.15.0 can be found at:
> https://gitlab.com/xen-project/people/javimerino/xen/-/jobs/8164274901/artifacts/browse
> 
> Therefore, I'm keeping cppcheck at 2.7, which aligns with what
> docs/misra/cppcheck.txt says is the last tested version.

Yes, better to do the upgrade separately


>  .../debian/12-arm64v8-cppcheck.dockerfile     | 80 +++++++++++++++++++
>  .../build/debian/bookworm-cppcheck.dockerfile | 54 -------------
>  automation/gitlab-ci/build.yaml               | 12 +--
>  automation/scripts/containerize               |  2 +-
>  4 files changed, 87 insertions(+), 61 deletions(-)
>  create mode 100644 automation/build/debian/12-arm64v8-cppcheck.dockerfile
>  delete mode 100644 automation/build/debian/bookworm-cppcheck.dockerfile
> 
> diff --git a/automation/build/debian/12-arm64v8-cppcheck.dockerfile b/automation/build/debian/12-arm64v8-cppcheck.dockerfile
> new file mode 100644
> index 000000000000..a839d4c57bda
> --- /dev/null
> +++ b/automation/build/debian/12-arm64v8-cppcheck.dockerfile
> @@ -0,0 +1,80 @@
> +# syntax=docker/dockerfile:1
> +FROM --platform=linux/arm64/v8 debian:bookworm AS builder
> +
> +ENV DEBIAN_FRONTEND=noninteractive
> +ENV CPPCHECK_VERSION=2.7
> +
> +# dependencies for cppcheck build
> +RUN <<EOF
> +#!/bin/bash
> +    set -eu
> +
> +    apt-get update
> +    DEPS=(
> +        build-essential
> +        ca-certificates
> +        curl
> +        libpcre3-dev
> +        python-is-python3
> +    )
> +
> +    apt-get -y --no-install-recommends install "${DEPS[@]}"
> +
> +    rm -rf /var/lib/apt/lists*
> +EOF
> +
> +RUN useradd --home /build --create-home user
> +
> +WORKDIR /build
> +USER user
> +
> +# cppcheck release build (see cppcheck readme.md)
> +RUN <<EOF
> +#!/bin/bash
> +    set -eu
> +
> +    curl -fsSL https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz | tar xvz
> +    cd cppcheck-"$CPPCHECK_VERSION"
> +
> +    MAKE_OPTS=(
> +        MATCHCOMPILER=yes
> +        DESTDIR=/build/out
> +        FILESDIR="/usr/share/cppcheck"
> +        HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function"
> +    )
> +    make install -j$(nproc) "${MAKE_OPTS[@]}"
> +EOF
> +
> +FROM --platform=linux/arm64/v8 debian:bookworm
> +COPY --from=builder /build/out/usr/bin/cppcheck /usr/bin/cppcheck
> +COPY --from=builder /build/out/usr/share/cppcheck /usr/share/cppcheck
> +
> +LABEL maintainer.name="The Xen Project" \
> +      maintainer.email="xen-devel@lists.xenproject.org"
> +
> +ENV DEBIAN_FRONTEND=noninteractive
> +ENV USER root
> +
> +# dependencies for cppcheck analysis including Xen-only build/cross-build
> +RUN <<EOF
> +#!/bin/bash
> +    set -eu
> +
> +    useradd --create-home user
> +
> +    apt-get update
> +    DEPS=(
> +        bison
> +        build-essential
> +        python-is-python3
> +        libpcre3
> +        flex
> +        gcc-arm-linux-gnueabihf
> +        gcc-x86-64-linux-gnu
> +    )
> +    apt-get --yes --no-install-recommends install "${DEPS[@]}"
> +    rm -rf /var/lib/apt/lists*
> +EOF
> +
> +USER user
> +WORKDIR /build
> diff --git a/automation/build/debian/bookworm-cppcheck.dockerfile b/automation/build/debian/bookworm-cppcheck.dockerfile
> deleted file mode 100644
> index fe4cd4a1aaab..000000000000
> --- a/automation/build/debian/bookworm-cppcheck.dockerfile
> +++ /dev/null
> @@ -1,54 +0,0 @@
> -# syntax=docker/dockerfile:1
> -FROM --platform=linux/arm64/v8 debian:bookworm AS builder
> -
> -ENV DEBIAN_FRONTEND=noninteractive
> -ENV CPPCHECK_VERSION=2.7
> -ENV USER root
> -
> -# dependencies for cppcheck build
> -RUN apt-get update && \
> -    apt-get --quiet --yes install \
> -        curl \
> -        build-essential \
> -        python-is-python3 \
> -        libpcre3-dev
> -
> -RUN mkdir /build
> -WORKDIR /build
> -
> -# cppcheck release build (see cppcheck readme.md)
> -RUN curl -fsSLO https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz && \
> -    tar xvzf "$CPPCHECK_VERSION".tar.gz && \
> -    cd cppcheck-"$CPPCHECK_VERSION" && \
> -    make install -j$(nproc) \
> -        MATCHCOMPILER=yes \
> -        FILESDIR=/usr/share/cppcheck \
> -        HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function"
> -
> -FROM --platform=linux/arm64/v8 debian:bookworm
> -COPY --from=builder /usr/bin/cppcheck /usr/bin/cppcheck
> -COPY --from=builder /usr/share/cppcheck /usr/share/cppcheck
> -
> -LABEL maintainer.name="The Xen Project" \
> -      maintainer.email="xen-devel@lists.xenproject.org"
> -
> -ENV DEBIAN_FRONTEND=noninteractive
> -ENV USER root
> -
> -RUN mkdir /build
> -WORKDIR /build
> -
> -# dependencies for cppcheck analysis including Xen-only build/cross-build
> -RUN apt-get update && \
> -    apt-get --quiet --yes install \
> -        build-essential \
> -        python-is-python3 \
> -        libpcre3-dev \
> -        flex \
> -        bison \
> -        gcc-arm-linux-gnueabihf \
> -        gcc-x86-64-linux-gnu \
> -        && \
> -        apt-get autoremove -y && \
> -        apt-get clean && \
> -        rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
> diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
> index 380021d49f12..c57882b8846e 100644
> --- a/automation/gitlab-ci/build.yaml
> +++ b/automation/gitlab-ci/build.yaml
> @@ -488,26 +488,26 @@ yocto-qemux86-64:
>  
>  # Cppcheck analysis jobs
>  
> -debian-bookworm-gcc-cppcheck:
> +debian-12-x86_64-gcc-cppcheck:
>    extends: .gcc-x86-64-cross-build
>    variables:
> -    CONTAINER: debian:bookworm-cppcheck
> +    CONTAINER: debian:12-arm64v8-cppcheck
>      CROSS_COMPILE: /usr/bin/x86_64-linux-gnu-
>      CPPCHECK: y
>      HYPERVISOR_ONLY: y
>  
> -debian-bookworm-gcc-arm32-cppcheck:
> +debian-12-arm32-gcc-cppcheck:
>    extends: .gcc-arm32-cross-build
>    variables:
> -    CONTAINER: debian:bookworm-cppcheck
> +    CONTAINER: debian:12-arm64v8-cppcheck
>      CROSS_COMPILE: /usr/bin/arm-linux-gnueabihf-
>      CPPCHECK: y
>      HYPERVISOR_ONLY: y
>  
> -debian-bookworm-gcc-arm64-cppcheck:
> +debian-12-arm64-gcc-cppcheck:
>    extends: .gcc-arm64-build
>    variables:
> -    CONTAINER: debian:bookworm-cppcheck
> +    CONTAINER: debian:12-arm64v8-cppcheck
>      CPPCHECK: y
>      HYPERVISOR_ONLY: y
>  
> diff --git a/automation/scripts/containerize b/automation/scripts/containerize
> index c9988bfe927d..e5502c81a759 100755
> --- a/automation/scripts/containerize
> +++ b/automation/scripts/containerize
> @@ -38,7 +38,7 @@ case "_${CONTAINER}" in
>      _bookworm-i386|_bookworm-x86_32) CONTAINER="${BASE}/debian:12-x86_32" ;;
>      _bookworm-arm64v8-arm32-gcc) CONTAINER="${BASE}/debian:12-arm64v8-arm32-gcc" ;;
>      _bookworm-arm64v8) CONTAINER="${BASE}/debian:12-arm64v8" ;;
> -    _bookworm-cppcheck) CONTAINER="${BASE}/debian:bookworm-cppcheck" ;;
> +    _bookworm-cppcheck) CONTAINER="${BASE}/debian:12-arm64v8-cppcheck" ;;
>      _opensuse-leap|_leap) CONTAINER="${BASE}/opensuse:leap-15.6-x86_64" ;;
>      _opensuse-tumbleweed|_tumbleweed) CONTAINER="${BASE}/opensuse:tumbleweed-x86_64" ;;
>      _xenial) CONTAINER="${BASE}/ubuntu:16.04-x86_64" ;;
> -- 
> 2.45.2
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.