[stable-v2.2] cherry-pick docker and other upgrade from main branch

.github/workflows/codestyle.yml

@@ -27,7 +27,7 @@ jobs:
       # depth 2 so:
       # ^1. we can show the Subject of the current target branch tip
       # ^2. we reconnect/graft to the later fetch pull/1234/head,
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with: {fetch-depth: 2}
 
       - name: install codespell
@@ -50,7 +50,12 @@ jobs:
   yamllint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: run yamllint
-        run: yamllint --strict .github/workflows/*.yml
+        # Quoting to please all parsers is hard. This indirection helps.
+        env:
+          yamllint_config: '{extends: default, rules: {line-length: {max: 100}}}'
+        run: yamllint -f parsable
+          -d "$yamllint_config"
+          --strict .github/workflows/*.yml

.github/workflows/installer.yml

@@ -28,7 +28,7 @@ jobs:
         ]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         # From time to time this will catch a git tag and change SOF_VERSION
         with: {fetch-depth: 50, submodules: recursive}
 

.github/workflows/pull-request.yml

@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: apt get doxygen graphviz
         run: sudo apt-get -y install ninja-build doxygen graphviz
@@ -58,7 +58,7 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with: {fetch-depth: 5}
 
       - name: apt get valgrind
@@ -83,6 +83,26 @@ jobs:
         run: ./scripts/host-testbench.sh
 
 
+  # This is a bit redundant with the other jobs below and with the (much
+  # faster!) installer[.yml] but it may differ in which platforms are
+  # built.  This makes sure platforms without any open-source toolchain
+  # are added in the right place and do not accidentally break the -a
+  # option, Docker testing etc.
+  gcc-build-default-platforms:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - uses: actions/checkout@v3
+        with: {fetch-depth: 5, submodules: recursive}
+
+      - name: docker
+        run: docker pull thesofproject/sof && docker tag thesofproject/sof sof
+
+      - name: xtensa-build-all.sh -a
+        run: ./scripts/docker-run.sh ./scripts/xtensa-build-all.sh -a ||
+             ./scripts/docker-run.sh ./scripts/xtensa-build-all.sh -a -j 1
+
+
   gcc-build-only:
     runs-on: ubuntu-20.04
 
@@ -101,13 +121,13 @@ jobs:
 
     steps:
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with: {fetch-depth: 0, submodules: recursive}
 
       - name: docker
         run: docker pull thesofproject/sof && docker tag thesofproject/sof sof
 
-      - name: xtensa-build-all
+      - name: xtensa-build-all.sh platforms
         env:
           PLATFORM: ${{ matrix.platform }}
         run: ./scripts/docker-run.sh
@@ -136,7 +156,7 @@ jobs:
 
     steps:
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with: {fetch-depth: 0, submodules: recursive}
 
       - name: turn off HAVE_AGENT
@@ -146,7 +166,7 @@ jobs:
       - name: docker SOF
         run: docker pull thesofproject/sof && docker tag thesofproject/sof sof
 
-      - name: xtensa-build-all -o no-agent
+      - name: xtensa-build-all.sh -o no-agent platforms
         env:
           PLATFORM: ${{ matrix.platform }}
         run: ./scripts/docker-run.sh

.github/workflows/repro-build.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with: {fetch-depth: 5, submodules: recursive}
 
       - name: docker pull

.github/workflows/tools.yml

@@ -12,7 +12,7 @@ jobs:
   top-level_default_CMake_target_ALL:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       # The ALSA version in Ubuntu 20.04 is buggy
       # (https://github.com/thesofproject/sof/issues/2543) and likely

.github/workflows/unit-tests.yml

@@ -14,7 +14,7 @@ jobs:
   cmocka_utests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with: {fetch-depth: 2}
 
       - name: build and run all defconfigs

.github/workflows/zephyr.yml

@@ -11,15 +11,23 @@ jobs:
   zephyr-build:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         # From time to time this will catch a git tag and change SOF_VERSION
         with: {fetch-depth: 10, submodules: recursive}
 
+      # v0.23.4 is the last image with Zephyr SDK 0.14.
+      # SDK 0.15 fails with the following Werror:
+      #   /workdir/zephyrproject/zephyr/include/zephyr/kernel/thread_stack.h:190:16:
+      #   error: ignoring attribute 'section (".cached.\"WEST_TOPDIR/zephyr/kernel/init.c\".3")'
+      #   because it conflicts with previous 'section
+      #   (".cached.\"WEST_TOPDIR/zephyr/arch/xtensa/include/kernel_arch_func.h\"'
+      #   [-Werror=attributes]
+
       # https://github.com/zephyrproject-rtos/docker-image
       # Note: env variables can be passed to the container with
       # -e https_proxy=...
       - name: build
         run: docker run -v "$(pwd)":/workdir
-             ghcr.io/zephyrproject-rtos/zephyr-build:latest
+             ghcr.io/zephyrproject-rtos/zephyr-build:v0.23.4
              ./zephyr/docker-build.sh --cmake-args=-DEXTRA_CFLAGS=-Werror
              --cmake-args=--warn-uninitialized   -a

scripts/docker-run.sh

@@ -25,12 +25,16 @@ if tty --quiet; then
     SOF_DOCKER_RUN="$SOF_DOCKER_RUN --tty"
 fi
 
-# Not fatal, just a warning to allow other "creative" solutions.
-# TODO: fix this with 'adduser' like in zephyr/docker-build.sh
-test "$(id -n)" = 1001 ||
-    >&2 printf "Warning: this script should be run as user ID 1001 to match the container\n"
+# The --user option below can cause the command to run as a user who
+# does not exist in the container. So far so good but in case something
+# ever goes wrong try replacing --user with the newer
+# scripts/sudo-cwd.sh script.
+test "$(id -u)" = 1000 ||
+  >&2 printf "Warning: this script should be run as user ID 1000 to match the container's account\n"
 
 set -x
+# FIXME: During the transition to sudo-cwd.sh, the tag will be "latest_ubuntu22.04".
+#       Later it will be back to latest
 docker run -i -v "${SOF_TOP}":/home/sof/work/sof.git \
 	-v "${SOF_TOP}":/home/sof/work/sof-bind-mount-DO-NOT-DELETE \
 	--env CMAKE_BUILD_TYPE \
@@ -40,6 +44,5 @@ docker run -i -v "${SOF_TOP}":/home/sof/work/sof.git \
 	--env VERBOSE \
 	--env http_proxy="$http_proxy" \
 	--env https_proxy="$https_proxy" \
-	--user "$(id -u)" \
 	$SOF_DOCKER_RUN \
-	thesofproject/sof "$@"
+	thesofproject/sof:latest_ubuntu22.04 ./scripts/sudo-cwd.sh "$@"

scripts/sudo-cwd.sh

@@ -0,0 +1,77 @@
+#!/bin/sh
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright(c) 2022 Intel Corporation. All rights reserved.
+
+# This is a "brute force" solution to filesystem permission issues:
+#
+# If the current user does not own the current directory then this
+# wrapper script switches to the user who does own the current directory
+# before running the given command.
+
+# If no user owns the current directory, a user who does gets created
+# first!
+
+# The main use case is to run this first thing inside a container to
+# solve file ownership mismatches.
+
+# `docker run --user=$(id -un) ...` achieves something very similar
+# without any code except the resulting user many not exist inside the
+# container. Some commands may not like that.
+#
+# To understand more about the Docker problem solved here take a look at
+# https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee
+# and many other similar questions.
+
+# TODO: replace sudo with gosu?
+
+set -e
+set -x
+
+main()
+{
+    cwd_uid="$(stat --printf='%u' .)"
+    local current_uid; current_uid="$(id -u)"
+    if test "$current_uid" = "$cwd_uid"; then
+        exec "$@"
+    else
+        exec_as_cwd_uid "$@"
+    fi
+}
+
+exec_as_cwd_uid()
+{
+    # If missing, add new user owning the current directory
+    local cwd_user; cwd_user="$(id "$cwd_uid")" || {
+        cwd_user='cwd_user'
+
+        local cwd_guid; cwd_guid="$(stat --printf='%g' .)"
+
+        getent group "$cwd_guid" ||
+            sudo groupadd -g  "$cwd_guid" 'cwd_group'
+
+        sudo useradd -m -u "$cwd_uid" -g "$cwd_guid" "$cwd_user"
+
+        local current_user; current_user="$(id -un)"
+
+        # Copy sudo permissions just in case the build needs it
+        if test -e /etc/sudoers.d/"$current_user"; then
+          sudo sed -e "s/$current_user/$cwd_user/" /etc/sudoers.d/"$current_user" |
+            sudo tee -a /etc/sudoers.d/"$cwd_user"
+          sudo chmod --reference=/etc/sudoers.d/"$current_user" \
+             /etc/sudoers.d/"$cwd_user"
+        fi
+    }
+
+    # Double sudo to work around some funny restriction in
+    # zephyr-build:/etc/sudoers: 'user' can do anything but... only as
+    # root.
+    # Passing empty http[s]_proxy is OK
+    # shellcheck disable=SC2154
+    sudo sudo -u "$cwd_user" REAL_CC="$REAL_CC" \
+         http_proxy="$http_proxy"  https_proxy="$https_proxy" \
+         "$@"
+
+    exit "$?"
+}
+
+main "$@"

zephyr/docker-build.sh

@@ -52,7 +52,7 @@ exec_as_sof_uid()
     # Double sudo to work around some funny restriction in
     # zephyr-build:/etc/sudoers: 'user' can do anything but... only as
     # root.
-    sudo sudo -u "$sof_user" "$0" "$@"
+    sudo sudo -u "$sof_user" http_proxy="$http_proxy"  https_proxy="$https_proxy" "$0" "$@"
     exit "$?"
 }