Xen project Mailing List

[PATCH v2] CI: Refresh the Debian 12 cppcheck container

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 5 May 2026 20:17:08 +0100

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=citrix.com header.i="@citrix.com" header.h="Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From"

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>

Delivery-date: Tue, 05 May 2026 19:17:23 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Javi Merino <javi.merino@xxxxxxxxx> Rework the container to derive from bookworm-slim, and to build and run cppcheck as a normal user. User heredocs for readability and use apt-get --no-install-recommends to keep the size down. Changed the libpcre3-dev dependency to libpcre3, as the -dev package is only needed for building, not for running. Signed-off-by: Javi Merino <javi.merino@xxxxxxxxx> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Anthony PERARD <anthony.perard@xxxxxxxxxx> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> CC: Michal Orzel <michal.orzel@xxxxxxx> CC: Doug Goldstein <cardoe@xxxxxxxxxx> v2: * Switch to bookworm-slim * Perform a SHA check on downloaded content I've deployed this container already. The new size is 233.47 MiB, as opposed to 307.40 MiB before (as given by Gitlab). https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/2502273068 --- .../debian/12-arm64v8-cppcheck.dockerfile | 86 +++++++++++++++++++ .../build/debian/bookworm-cppcheck.dockerfile | 54 ------------ automation/gitlab-ci/build.yaml | 12 +-- automation/scripts/containerize | 2 +- 4 files changed, 93 insertions(+), 61 deletions(-) create mode 100644 automation/build/debian/12-arm64v8-cppcheck.dockerfile delete mode 100644 automation/build/debian/bookworm-cppcheck.dockerfile diff --git a/automation/build/debian/12-arm64v8-cppcheck.dockerfile b/automation/build/debian/12-arm64v8-cppcheck.dockerfile new file mode 100644 index 000000000000..50d2614453de --- /dev/null +++ b/automation/build/debian/12-arm64v8-cppcheck.dockerfile @@ -0,0 +1,86 @@ +# syntax=docker/dockerfile:1 +FROM --platform=linux/arm64/v8 debian:bookworm-slim AS builder + +ENV DEBIAN_FRONTEND=noninteractive +ENV CPPCHECK_VERSION=2.7 + +# dependencies for cppcheck build +RUN <<EOF +#!/bin/bash + set -eu + + useradd --home /build --create-home user + + apt-get update + + DEPS=( + build-essential + ca-certificates + curl + libpcre3-dev + python-is-python3 + ) + + apt-get -y --no-install-recommends install "${DEPS[@]}" + + rm -rf /var/lib/apt/lists* +EOF + +WORKDIR /build +USER user + +# cppcheck release build (see cppcheck readme.md) +RUN <<EOF +#!/bin/bash + set -eu + + curl -fsSLO https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz + echo "5fd20549bb2fabf9a8026f772779d8cc6a5782c8f17500408529f7747afbc526 ${CPPCHECK_VERSION}.tar.gz" | sha256sum -c - + + tar oxf "$CPPCHECK_VERSION".tar.gz + cd cppcheck-"$CPPCHECK_VERSION" + + MAKE_OPTS=( + MATCHCOMPILER=yes + DESTDIR=/build/out + FILESDIR="/usr/share/cppcheck" + HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" + ) + make install -j$(nproc) "${MAKE_OPTS[@]}" +EOF + +FROM --platform=linux/arm64/v8 debian:bookworm-slim +COPY --from=builder /build/out/usr/bin/cppcheck /usr/bin/cppcheck +COPY --from=builder /build/out/usr/share/cppcheck /usr/share/cppcheck + +LABEL maintainer.name="The Xen Project" +LABEL maintainer.email="xen-devel@xxxxxxxxxxxxxxxxxxxx" + +ENV DEBIAN_FRONTEND=noninteractive + +# dependencies for cppcheck analysis including Xen-only build/cross-build +RUN <<EOF +#!/bin/bash + set -eu + + useradd --create-home user + + apt-get update + + DEPS=( + bison + build-essential + python-is-python3 + libpcre3 + flex + gcc-arm-linux-gnueabihf + gcc-x86-64-linux-gnu + ) + + apt-get --yes --no-install-recommends install "${DEPS[@]}" + + rm -rf /var/lib/apt/lists* +EOF + +USER user +WORKDIR /build diff --git a/automation/build/debian/bookworm-cppcheck.dockerfile b/automation/build/debian/bookworm-cppcheck.dockerfile deleted file mode 100644 index fe4cd4a1aaab..000000000000 --- a/automation/build/debian/bookworm-cppcheck.dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# syntax=docker/dockerfile:1 -FROM --platform=linux/arm64/v8 debian:bookworm AS builder - -ENV DEBIAN_FRONTEND=noninteractive -ENV CPPCHECK_VERSION=2.7 -ENV USER root - -# dependencies for cppcheck build -RUN apt-get update && \ - apt-get --quiet --yes install \ - curl \ - build-essential \ - python-is-python3 \ - libpcre3-dev - -RUN mkdir /build -WORKDIR /build - -# cppcheck release build (see cppcheck readme.md) -RUN curl -fsSLO https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz && \ - tar xvzf "$CPPCHECK_VERSION".tar.gz && \ - cd cppcheck-"$CPPCHECK_VERSION" && \ - make install -j$(nproc) \ - MATCHCOMPILER=yes \ - FILESDIR=/usr/share/cppcheck \ - HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" - -FROM --platform=linux/arm64/v8 debian:bookworm -COPY --from=builder /usr/bin/cppcheck /usr/bin/cppcheck -COPY --from=builder /usr/share/cppcheck /usr/share/cppcheck - -LABEL maintainer.name="The Xen Project" \ - maintainer.email="xen-devel@xxxxxxxxxxxxxxxxxxxx" - -ENV DEBIAN_FRONTEND=noninteractive -ENV USER root - -RUN mkdir /build -WORKDIR /build - -# dependencies for cppcheck analysis including Xen-only build/cross-build -RUN apt-get update && \ - apt-get --quiet --yes install \ - build-essential \ - python-is-python3 \ - libpcre3-dev \ - flex \ - bison \ - gcc-arm-linux-gnueabihf \ - gcc-x86-64-linux-gnu \ - && \ - apt-get autoremove -y && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index eff96beaa5c3..8fb68004a00d 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -510,26 +510,26 @@ yocto-qemux86-64: # Cppcheck analysis jobs -debian-bookworm-gcc-cppcheck: +debian-12-x86_64-gcc-cppcheck: extends: .gcc-x86-64-cross-build variables: - CONTAINER: debian:bookworm-cppcheck + CONTAINER: debian:12-arm64v8-cppcheck CROSS_COMPILE: /usr/bin/x86_64-linux-gnu- CPPCHECK: y HYPERVISOR_ONLY: y -debian-bookworm-gcc-arm32-cppcheck: +debian-12-arm32-gcc-cppcheck: extends: .gcc-arm32-cross-build variables: - CONTAINER: debian:bookworm-cppcheck + CONTAINER: debian:12-arm64v8-cppcheck CROSS_COMPILE: /usr/bin/arm-linux-gnueabihf- CPPCHECK: y HYPERVISOR_ONLY: y -debian-bookworm-gcc-arm64-cppcheck: +debian-12-arm64-gcc-cppcheck: extends: .gcc-arm64-build variables: - CONTAINER: debian:bookworm-cppcheck + CONTAINER: debian:12-arm64v8-cppcheck CPPCHECK: y HYPERVISOR_ONLY: y diff --git a/automation/scripts/containerize b/automation/scripts/containerize index 743567cb772a..ad3e2372703f 100755 --- a/automation/scripts/containerize +++ b/automation/scripts/containerize @@ -40,7 +40,7 @@ case "_${CONTAINER}" in _bookworm-i386|_bookworm-x86_32) CONTAINER="${BASE}/debian:12-x86_32" ;; _bookworm-arm64v8-arm32-gcc) CONTAINER="${BASE}/debian:bookworm-arm64v8-arm32-gcc" ;; _bookworm-arm64v8) CONTAINER="${BASE}/debian:bookworm-arm64v8" ;; - _bookworm-cppcheck) CONTAINER="${BASE}/debian:bookworm-cppcheck" ;; + _bookworm-cppcheck) CONTAINER="${BASE}/debian:12-arm64v8-cppcheck" ;; _opensuse-leap|_leap) CONTAINER="${BASE}/opensuse:leap-15.6-x86_64" ;; _opensuse-tumbleweed|_tumbleweed) CONTAINER="${BASE}/opensuse:tumbleweed-x86_64" ;; _xenial) CONTAINER="${BASE}/ubuntu:16.04-x86_64" ;; -- 2.39.5

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.