From de7b5f532a9fdd3d4ce81678b7a6019223506f1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Tue, 14 Jan 2025 13:25:07 +0100 Subject: [PATCH 1/6] FIX:L Update codeql.yml with proper script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update codeql.yml with proper script Signed-off-by: Miłosz Linkiewicz --- .github/workflows/codeql.yml | 58 ++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 25 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4deb242..93352dc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,25 +1,28 @@ -name: "CodeQL" +name: scan-codeql-workflow on: push: - branches: [ "master", "main", "dev" ] + branches: [ "main" ] pull_request: - branches: [ "master", "main", "dev" ] + branches: [ "main" ] schedule: - - cron: '42 8 * * 1' + - cron: '15 0 * * *' env: - # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) - BUILD_TYPE: Release + BUILD_TYPE: "Release" PREFIX_DIR: /usr/local - DEBIAN_FRONTEND: noninteractive + DEBIAN_FRONTEND: "noninteractive" permissions: contents: read +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + jobs: analyze: - name: Analyze + name: 'scan-codeql-workflow-analyze' runs-on: ${{ matrix.runner-os }} timeout-minutes: 90 strategy: @@ -28,12 +31,10 @@ jobs: runner-os: [ 'ubuntu-22.04' ] permissions: actions: read - contents: read security-events: write defaults: run: shell: bash - steps: - name: 'Harden Runner' uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 @@ -43,24 +44,31 @@ jobs: - name: 'Checkout repository' uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: 'Initialize CodeQL' + - name: 'Get RAISR prerequisites and set-up git' + run: | + sudo apt update -y + sudo apt install -y sudo git wget curl pkg-config bash tar zip unzip make + git config --global user.email "you@example.com" + git config --global user.name "Your Name" + + - name: 'Build RAISR prerequisites and install' + run: | + mkdir -p "${{ github.workspace }}/build" + "${{ github.workspace }}/scripts/01_pull_resources.sh" + "${{ github.workspace }}/scripts/02_install_prerequisites.sh" "${{ github.workspace }}/build/raisr.tar.gz" + + - name: 'Initialize CodeQL action' uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: - languages: 'c-cpp' - build-mode: autobuild - # config-file: ${{ github.workspace }}/.github/codeql/codeql-config.yml + languages: "c-cpp" + config-file: "${{ github.workspace }}/.github/codeql/codeql-config.yml" - - if: matrix.build-mode == 'manual' - shell: bash + - name: 'Build RAISR source library' run: | - echo 'If you are using a "manual" build mode for one or more of the' \ - 'languages you are analyzing, replace this with the commands to build' \ - 'your code, for example:' - echo ' make bootstrap' - echo ' make release' - exit 1 + "${{ github.workspace }}/scripts/03_build_raisr_ffmpeg.sh" "${{ github.workspace }}/build/raisr/Video-Super-Resolution-Library" + "${{ github.workspace }}/build.sh" - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + - name: 'Perform CodeQL Analysis' + uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: - category: "/language:${{matrix.language}}" + category: "/language:c-cpp" From 0c146cb686a67b756875ed5c99835706f7423216 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Tue, 14 Jan 2025 13:49:18 +0100 Subject: [PATCH 2/6] Update codeql-config.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miłosz Linkiewicz --- .github/codeql/codeql-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index ba5aa0c..3291251 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -1 +1 @@ -name: "MCM CodeQL Config" +name: "RAISR CodeQL Config" From 47ff5f1c05a75c7c897781f457eed2c797d8a5c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Tue, 14 Jan 2025 13:55:19 +0100 Subject: [PATCH 3/6] Update codeql.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miłosz Linkiewicz --- .github/workflows/codeql.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 93352dc..bae977f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -48,12 +48,13 @@ jobs: run: | sudo apt update -y sudo apt install -y sudo git wget curl pkg-config bash tar zip unzip make + mkdir -p "${{ github.workspace }}/build" git config --global user.email "you@example.com" git config --global user.name "Your Name" - name: 'Build RAISR prerequisites and install' + working-directory: "${{ github.workspace }}/build" run: | - mkdir -p "${{ github.workspace }}/build" "${{ github.workspace }}/scripts/01_pull_resources.sh" "${{ github.workspace }}/scripts/02_install_prerequisites.sh" "${{ github.workspace }}/build/raisr.tar.gz" @@ -64,6 +65,7 @@ jobs: config-file: "${{ github.workspace }}/.github/codeql/codeql-config.yml" - name: 'Build RAISR source library' + working-directory: "${{ github.workspace }}/build" run: | "${{ github.workspace }}/scripts/03_build_raisr_ffmpeg.sh" "${{ github.workspace }}/build/raisr/Video-Super-Resolution-Library" "${{ github.workspace }}/build.sh" From 7bfa08e63054c37433f2b0db4d7f67d8d396c69b Mon Sep 17 00:00:00 2001 From: Milosz Linkiewicz Date: Tue, 14 Jan 2025 20:49:31 +0000 Subject: [PATCH 4/6] FIX: Update codeql.yml with proper script Update codeql.yml with proper script Update codeql-config.yml Update codeql.yml ADD super-linter: perform super-linter scan workflow using config files: Linter to dependency-review.yml Create hadolint.yaml for docker scaning acrtions Created template for docker-cached-build Create template-docker-cached-build.yml Create docker-cached-build.yml Signed-off-by: Milosz Linkiewicz --- .github/configs/hadolint.yaml | 16 ++ .github/configs/super-linter/.clang-format | 1 + .../configs/super-linter/.markdown-lint.yml | 35 +++ .github/configs/super-linter/.yaml-lint.yml | 59 +++++ .github/workflows/build-baremetal-ubuntu.yml | 107 +++++++++ .github/workflows/codeql.yml | 1 - .github/workflows/dependency-review.yml | 62 +++++- .github/workflows/docker-build.yml | 66 ------ .github/workflows/docker-cached-build.yml | 60 ++++++ .github/workflows/scorecard.yml | 57 +++-- .../template-docker-cached-build.yml | 204 ++++++++++++++++++ docker/Flex/Dockerfile.ubuntu22.04 | 92 ++++---- docker/Xeon/Dockerfile.centos9 | 20 +- docker/Xeon/Dockerfile.rockylinux9-mini | 18 +- docker/Xeon/Dockerfile.ubuntu18.04 | 28 +-- docker/Xeon/Dockerfile.ubuntu20.04 | 28 +-- docker/Xeon/Dockerfile.ubuntu22.04 | 32 +-- scripts/03_build_raisr_ffmpeg.sh | 16 +- 18 files changed, 682 insertions(+), 220 deletions(-) create mode 100644 .github/configs/hadolint.yaml create mode 100644 .github/configs/super-linter/.clang-format create mode 100644 .github/configs/super-linter/.markdown-lint.yml create mode 100644 .github/configs/super-linter/.yaml-lint.yml create mode 100644 .github/workflows/build-baremetal-ubuntu.yml delete mode 100644 .github/workflows/docker-build.yml create mode 100644 .github/workflows/docker-cached-build.yml create mode 100644 .github/workflows/template-docker-cached-build.yml diff --git a/.github/configs/hadolint.yaml b/.github/configs/hadolint.yaml new file mode 100644 index 0000000..c325e92 --- /dev/null +++ b/.github/configs/hadolint.yaml @@ -0,0 +1,16 @@ +ignored: + - DL3002 # DL3002 Last user should not be root. + - DL3006 # DL3006 Always tag the version of an image explicitly + - DL3008 # DL3008⁠ Pin versions in apt-get install. + - DL3013 # DL3013 Pin versions in pip. + - DL3016 # DL3016 Pin versions in npm. + - DL3018 # DL3018 Pin versions in apk add. Instead of apk add use apk add =. + - DL3028 # DL3028 Pin versions in gem install. Instead of gem install use gem install :. + - DL3033 # DL3033 warning: Specify version with `yum install -y -`. + - SC2086 # SC2086 Double quote to prevent globbing and word splitting. + - SC2267 # SC2267 info: GNU xargs -i is deprecated in favor of -I{} +trustedRegistries: + - docker.io + - gcr.io + - ghcr.io + - quay.io diff --git a/.github/configs/super-linter/.clang-format b/.github/configs/super-linter/.clang-format new file mode 100644 index 0000000..9b3aa8b --- /dev/null +++ b/.github/configs/super-linter/.clang-format @@ -0,0 +1 @@ +BasedOnStyle: LLVM diff --git a/.github/configs/super-linter/.markdown-lint.yml b/.github/configs/super-linter/.markdown-lint.yml new file mode 100644 index 0000000..f4abcce --- /dev/null +++ b/.github/configs/super-linter/.markdown-lint.yml @@ -0,0 +1,35 @@ +--- +########################### +########################### +## Markdown Linter rules ## +########################### +########################### + +# Linter rules doc: +# - https://github.com/DavidAnson/markdownlint +# +# Note: +# To comment out a single error: +# +# any violations you want +# +# + +############### +# Rules by id # +############### +MD004: false # Unordered list style +MD007: + indent: 2 # Unordered list indentation +MD013: + line_length: 400 # Line length 80 is far too short +MD026: + punctuation: ".,;:!。,;:" # List of not allowed +MD029: false # Ordered list item prefix +MD033: false # Allow inline HTML +MD036: false # Emphasis used instead of a heading + +################# +# Rules by tags # +################# +blank_lines: false # Error on blank lines diff --git a/.github/configs/super-linter/.yaml-lint.yml b/.github/configs/super-linter/.yaml-lint.yml new file mode 100644 index 0000000..2aa49bd --- /dev/null +++ b/.github/configs/super-linter/.yaml-lint.yml @@ -0,0 +1,59 @@ +--- +########################################### +# These are the rules used for # +# linting all the yaml files in the stack # +# NOTE: # +# You can disable line with: # +# # yamllint disable-line # +########################################### +rules: + braces: + level: warning + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: 1 + max-spaces-inside-empty: 5 + brackets: + level: warning + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: 1 + max-spaces-inside-empty: 5 + colons: + level: warning + max-spaces-before: 0 + max-spaces-after: 1 + commas: + level: warning + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: disable + comments-indentation: disable + document-end: disable + document-start: + level: warning + present: true + empty-lines: + level: warning + max: 2 + max-start: 0 + max-end: 0 + hyphens: + level: warning + max-spaces-after: 1 + indentation: + level: warning + spaces: consistent + indent-sequences: true + check-multi-line-strings: false + key-duplicates: enable + line-length: + level: warning + max: 80 + allow-non-breakable-words: true + allow-non-breakable-inline-mappings: true + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable diff --git a/.github/workflows/build-baremetal-ubuntu.yml b/.github/workflows/build-baremetal-ubuntu.yml new file mode 100644 index 0000000..09e5014 --- /dev/null +++ b/.github/workflows/build-baremetal-ubuntu.yml @@ -0,0 +1,107 @@ +name: build-baremetal-ubuntu + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + workflow_dispatch: + +env: + TZ: "Europe/Warsaw" + BUILD_TYPE: "Release" + DEBIAN_FRONTEND: "noninteractive" + FFMPEG_COMMIT_ID: "n6.1.1" + BUILD_DIR: "${{ github.workspace }}/build" + PREFIX: "${{ github.workspace }}/_install" + +defaults: + run: + shell: bash + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +jobs: + build-baremetal-ubuntu: + runs-on: 'ubuntu-22.04' + timeout-minutes: 70 + env: + LD_LIBRARY_PATH: "/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/lib:${PREFIX}/lib64:${LD_LIBRARY_PATH}" + steps: + - name: 'Harden Runner' + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + + - name: 'Checkout repository' + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: 'Install OS level dependencies' + run: | + set -exo pipefail && \ + mkdir -p "${PREFIX}" "${BUILD_DIR}/ffmpeg" && \ + sudo apt-get update --fix-missing && \ + sudo apt-get full-upgrade -y && \ + sudo apt-get install --no-install-recommends -y \ + build-essential \ + ca-certificates \ + cmake \ + curl \ + diffutils \ + git \ + gpg \ + libx264-dev \ + libx265-dev \ + nasm \ + ocl-icd-opencl-dev \ + opencl-headers \ + tar \ + unzip \ + wget \ + zlib1g-dev + + - name: 'Install Intel OneAPI APT repository' + run: | + set -exo pipefail && \ + curl -fsSL https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | gpg --dearmor | sudo tee /usr/share/keyrings/oneapi-archive-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" | sudo tee /etc/apt/sources.list.d/intel-oneAPI.list && \ + sudo apt-get update --fix-missing && \ + sudo apt-get install --no-install-recommends -y intel-oneapi-ipp-devel-2022.0 + + - name: 'Download and patch ffmpeg repository' + run: | + set -eo pipefail && \ + curl -Lf https://github.com/ffmpeg/ffmpeg/archive/${FFMPEG_COMMIT_ID}.tar.gz | tar -zx --strip-components=1 -C "${BUILD_DIR}/ffmpeg" + patch -d "${BUILD_DIR}/ffmpeg" -p1 -i <(cat "${{ github.workspace }}/ffmpeg/"*.patch) + cp "${{ github.workspace }}/ffmpeg/vf_raisr"*.c "${BUILD_DIR}/ffmpeg/libavfilter" + + - name: 'Build RAISR from source code' + run: './build.sh -DENABLE_RAISR_OPENCL=ON' + + - name: 'Configure, build and install ffmpeg repository' + working-directory: "${BUILD_DIR}/ffmpeg" + run: | + ./configure \ + --enable-libipp \ + --extra-cflags=-fopenmp \ + --extra-ldflags=-fopenmp \ + --enable-gpl \ + --enable-libx264 \ + --enable-libx265 \ + --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ + --enable-cross-compile \ + --prefix="${PREFIX}" && \ + make clean && \ + make -j"$(nproc)" && \ + sudo -E make install + + - name: 'Libraries path cleanup and ffmpeg check' + working-directory: "${BUILD_DIR}/ffmpeg" + run: | + sudo -E ldconfig + ffmpeg -buildconf diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bae977f..d8dd5fe 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -68,7 +68,6 @@ jobs: working-directory: "${{ github.workspace }}/build" run: | "${{ github.workspace }}/scripts/03_build_raisr_ffmpeg.sh" "${{ github.workspace }}/build/raisr/Video-Super-Resolution-Library" - "${{ github.workspace }}/build.sh" - name: 'Perform CodeQL Analysis' uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 7f9ed43..e4f1ba1 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,15 +1,21 @@ -# Dependency Review Action -# # Source repository: https://github.com/actions/dependency-review-action -name: 'Dependency Review' + +name: 'scan-dependency-review' on: [pull_request] permissions: contents: read +env: + LINTER_RULES_PATH: .github/configs/super-linter + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true jobs: dependency-review: - runs-on: ubuntu-latest + name: 'scan-dependency-review: Dependency review steps' + runs-on: 'ubuntu-22.04' steps: - name: 'Harden Runner' uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 @@ -21,3 +27,51 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3 + + super-linter: + name: 'scan-dependency-review: Super-Linter' + runs-on: 'ubuntu-22.04' + permissions: + contents: read + packages: read + actions: read + security-events: write + timeout-minutes: 90 + env: + SUPER_LINTER_OUTPUT_DIRECTORY_NAME: super-linter-output + SUPER_LINTER_SUMMARY_FILE_NAME: super-linter-summary.md + SAVE_SUPER_LINTER_SUMMARY: true + ENABLE_GITHUB_ACTIONS_STEP_SUMMARY : true + steps: + - name: 'super-linter: Harden Runner' + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + + - name: 'super-linter: checkout repository [fetch-depth=0]' + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + ref: ${{ inputs.branch }} + + - name: 'super-linter: perform super-linter scan workflow.' + uses: super-linter/super-linter/slim@e1cb86b6e8d119f789513668b4b30bf17fe1efe4 # v7.2.0 x-release-please-version + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DISABLE_ERRORS: true + VALIDATE_MARKDOWN: true + VALIDATE_MARKDOWN_PRETTIER: true + VALIDATE_JSONC: true + VALIDATE_GITHUB_ACTIONS: true + VALIDATE_CPP: true + VALIDATE_CLANG_FORMAT: true + VALIDATE_BASH: true + VALIDATE_BASH_EXEC: true + + - name: 'super-linter: upload linter results as an artifact.' + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + if: env.SAVE_SUPER_LINTER_SUMMARY == 'true' || env.ENABLE_GITHUB_ACTIONS_STEP_SUMMARY == 'true' + with: + name: coverity-reports + path: + '${{ github.workspace }}/${{ env.SUPER_LINTER_OUTPUT_DIRECTORY_NAME }}/${{ env.SUPER_LINTER_SUMMARY_FILE_NAME }}' diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml deleted file mode 100644 index 0229db5..0000000 --- a/.github/workflows/docker-build.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Docker Build -on: - push: - branches: [ "master", "main" ] - pull_request: - branches: [ "master", "main" ] - -permissions: - contents: read - -jobs: - docker-build: - name: Dockerfiles Build - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - dockerfiles: [ 'ubuntu22.04', 'ubuntu18.04', 'centos7.9' ] - permissions: - actions: read - contents: read - security-events: write - defaults: - run: - shell: bash - timeout-minutes: 90 - steps: - - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Set up QEMU - uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 - with: - buildkitd-flags: --debug - - - name: 'Build Dockerfile for ${{ matrix.dockerfiles }}' - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 - with: - file: '${{ github.workspace }}/docker/Dockerfile.${{ matrix.dockerfiles }}' - context: . - push: false - tags: 'docker.io/openvisualcloud/raisr/${{ matrix.dockerfiles }}:${{ github.sha }}' - - - name: 'Run Trivy vulnerability scanner on result' - uses: aquasecurity/trivy-action@0.20.0 - with: - image-ref: 'docker.io/openvisualcloud/raisr/${{ matrix.dockerfiles }}:${{ github.sha }}' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - format: 'sarif' - output: '${{ github.workspace }}/trivy-${{ matrix.dockerfiles }}-${{ github.sha }}.sarif' - - - name: 'Upload Trivy scan results to GitHub Security tab' - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: '${{ github.workspace }}/trivy-${{ matrix.dockerfiles }}-${{ github.sha }}.sarif' diff --git a/.github/workflows/docker-cached-build.yml b/.github/workflows/docker-cached-build.yml new file mode 100644 index 0000000..511be32 --- /dev/null +++ b/.github/workflows/docker-cached-build.yml @@ -0,0 +1,60 @@ +name: build-docker-images + +on: + pull_request: + branches: [ "main", "dev" ] + push: + branches: [ "main", "dev" ] + workflow_dispatch: + +permissions: + contents: read + security-events: write + packages: write + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +jobs: + flex-ubuntu-2204-build: + name: "Build Flex Ubuntu 22.04 Docker Image" + uses: ./.github/workflows/template-docker-cached-build.yml + with: + docker_file_path: "docker/Flex/Dockerfile.ubuntu22.04" + docker_image_name: "raisr-flex-ubuntu-22.04" + + xeon-ubuntu-1804-build: + name: "Build Xeon Ubuntu 18.04 Docker Image" + uses: ./.github/workflows/template-docker-cached-build.yml + with: + docker_file_path: "docker/Xeon/Dockerfile.ubuntu18.04" + docker_image_name: "raisr-xeon-ubuntu-18.04" + + xeon-ubuntu-2004-build: + name: "Build Xeon Ubuntu 20.04 Docker Image" + uses: ./.github/workflows/template-docker-cached-build.yml + with: + docker_file_path: "docker/Xeon/Dockerfile.ubuntu20.04" + docker_image_name: "raisr-xeon-ubuntu-20.04" + + xeon-ubuntu-2204-build: + name: "Build Xeon Ubuntu 22.04 Docker Image" + uses: ./.github/workflows/template-docker-cached-build.yml + with: + docker_file_path: "docker/Xeon/Dockerfile.ubuntu22.04" + docker_image_name: "raisr-xeon-ubuntu-22.04" + + xeon-centos-stream9-build: + name: "Build Xeon Centos Stream9 Docker Image" + uses: ./.github/workflows/template-docker-cached-build.yml + with: + docker_file_path: "docker/Xeon/Dockerfile.centos9" + docker_image_name: "raisr-xeon-centos-9" + + xeon-rockylinux-9-mini-build: + name: "Build Xeon Rockylinux 9-mini Docker Image" + uses: ./.github/workflows/template-docker-cached-build.yml + with: + docker_file_path: "docker/Xeon/Dockerfile.rockylinux9-mini" + docker_image_name: "raisr-xeon-rockylinux-9-mini" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b0fb2e6..280df89 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -17,57 +17,48 @@ on: # Declare default permissions as read only. permissions: read-all +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + jobs: analysis: name: Scorecard analysis runs-on: ubuntu-latest + if: ${{ github.repository == 'OpenVisualCloud/Video-Super-Resolution-Library' }} permissions: - # Needed to upload the results to code-scanning dashboard. security-events: write - # Needed to publish results and get a badge (see publish_results below). id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - + contents: read + actions: read steps: - - name: "Checkout code" + - name: "scorecard: Harden Runner security" + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + + - name: "scorecard: Checkout code" uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - name: "Run analysis" + - name: "scorecard: Run analysis" uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: - results_file: results.sarif + results_file: "scorecard-scan-results-${{ github.event.pull_request.number || github.sha }}.sarif" results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecard on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. + repo_token: ${{ secrets.GITHUB_TOKEN }} publish_results: true - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 + # Upload the results as artifacts (optional). + - name: "scorecard: Upload results artifact" + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: - name: SARIF file - path: results.sarif + name: "scorecard-scan-results-${{ github.event.pull_request.number || github.sha }}" + path: "scorecard-scan-results-${{ github.event.pull_request.number || github.sha }}.sarif" retention-days: 5 - # Upload the results to GitHub's code scanning dashboard (optional). - # Commenting out will disable upload of results to your repo's Code Scanning dashboard - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + - name: "scorecard: Upload results to code-scanning" + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: - sarif_file: results.sarif + sarif_file: "scorecard-scan-results-${{ github.event.pull_request.number || github.sha }}.sarif" diff --git a/.github/workflows/template-docker-cached-build.yml b/.github/workflows/template-docker-cached-build.yml new file mode 100644 index 0000000..b73a420 --- /dev/null +++ b/.github/workflows/template-docker-cached-build.yml @@ -0,0 +1,204 @@ +name: template-docker-cached-build + +on: + workflow_call: + inputs: + build_type: + required: false + type: string + default: 'Release' + docker_registry: + required: false + type: string + default: 'ghcr.io' + docker_registry_prefix: + required: false + type: string + default: 'openvisualcloud/video-super-resolution-library' + docker_registry_login: + required: false + type: boolean + default: false + docker_registry_push: + required: false + type: boolean + default: false + docker_build_args: + required: false + type: string + default: '' + docker_build_platforms: + required: false + type: string + default: 'linux/amd64' + docker_image_tag: + required: false + type: string + docker_image_name: + required: true + type: string + docker_file_path: + required: false + type: string + default: './Dockerfile' + secrets: + git_docker_registry_login: + required: false + git_docker_registry_passkey: + required: false + +env: + BUILD_TYPE: "${{ inputs.build_type }}" + CONCURRENCY_GROUP: "${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}" + DOCKER_REGISTRY: "${{ inputs.docker_registry }}" + DOCKER_REGISTRY_LOGIN: "${{ github.repository == inputs.docker_registry_prefix && inputs.docker_registry_login }}" + DOCKER_BUILD_ARGS: "${{ inputs.docker_build_args }}" + DOCKER_PLATFORMS: "${{ inputs.docker_build_platforms }}" + DOCKER_IMAGE_PUSH: "${{ github.repository == inputs.docker_registry_prefix && inputs.docker_registry_push }}" + DOCKER_IMAGE_BASE: "${{ inputs.docker_registry }}/${{ inputs.docker_registry_prefix }}" + DOCKER_IMAGE_TAG: "${{ inputs.docker_image_tag || github.sha }}" + DOCKER_IMAGE_NAME: "${{ inputs.docker_image_name }}" + DOCKER_FILE_PATH: "${{ inputs.docker_file_path }}" + +permissions: + contents: read + +jobs: + hadolint-scan-dockerfile: + name: "${{ inputs.docker_image_name }}: Perform Dockerfile scan." + runs-on: ubuntu-22.04 + permissions: + contents: read + security-events: write + timeout-minutes: 15 + steps: + - name: "${{ inputs.docker_image_name }} scan: Harden Runner." + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + + - name: "${{ inputs.docker_image_name }} scan: Checkout repository" + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: "${{ inputs.docker_image_name }} scan: Scanner Hadolint Dockerfile scan sarif format." + uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 + with: + dockerfile: "${{ env.DOCKER_FILE_PATH }}" + config: .github/configs/hadolint.yaml + format: sarif + output-file: "hadolint-${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif" + no-fail: true + failure-threshold: info + + - name: "${{ inputs.docker_image_name }} scan: Scanner Hadolint upload results to Security tab." + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + with: + sarif_file: "hadolint-${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif" + + - name: "${{ inputs.docker_image_name }} scan: Scanner Hadolint upload results as an artifact." + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: "hadolint-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}" + path: "hadolint-${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif" + + - name: "${{ inputs.docker_image_name }}: Scanner Hadolint Dockerfile scan tty output" + if: always() + uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 + with: + dockerfile: "${{ env.DOCKER_FILE_PATH }}" + config: .github/configs/hadolint.yaml + format: tty + failure-threshold: warning + + build-docker-image: + needs: hadolint-scan-dockerfile + name: "${{ inputs.docker_image_name }}: Perform build of Dockerfile." + runs-on: ubuntu-22.04 + permissions: + contents: read + security-events: write + packages: write + timeout-minutes: 70 + env: + BUILDKIT_STEP_LOG_MAX_SIZE: 50000000 + BUILDKIT_STEP_LOG_MAX_SPEED: 10000000 + DOCKER_TMPDIR: "/mnt/docker/docker-tmp" + steps: + - name: "${{ inputs.docker_image_name }}: Harden Runner" + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + + - name: "${{ inputs.docker_image_name }}: Disable OS SWAP, create mnt points, show settings." + shell: bash + run: | + SWAP_FILE="$(sudo swapon --show=NAME | tail -n 1)" + sudo swapoff "${SWAP_FILE}" + sudo rm "${SWAP_FILE}" + sudo mkdir -p "/mnt/docker/docker-d" "/mnt/docker/docker-tmp" + + - name: "${{ inputs.docker_image_name }}: Add data-root and JSON dockerd config. Reload daemons." + shell: bash + run: | + sudo chmod 666 /etc/docker/daemon.json + echo "$(sudo jq '. += {"data-root":"/mnt/docker/docker-d","log-driver":"json-file","log-format":"text","log-level":"info","log-opts":{"cache-disabled":"false","cache-max-file":"5","cache-max-size":"20m","max-file":"5","max-size":"10m"}}' /etc/docker/daemon.json)" > /etc/docker/daemon.json + sudo chmod 644 /etc/docker/daemon.json + sudo systemctl daemon-reload + sudo systemctl restart docker + + - name: "${{ inputs.docker_image_name }}: Show applied configuration." + shell: bash + run: | + sudo free -h + sudo lsblk + sudo df -h + sudo cat "/etc/docker/daemon.json" + + - name: "${{ inputs.docker_image_name }}: Set up Docker Buildx and Toolkit" + uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 + with: + buildkitd-flags: "--debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host" + platforms: "${{ env.DOCKER_PLATFORMS }}" + driver-opts: "memory=14Gib,memory-swap=25Gib,env.BUILDKIT_STEP_LOG_MAX_SIZE=${{ env.BUILDKIT_STEP_LOG_MAX_SIZE }},env.BUILDKIT_STEP_LOG_MAX_SPEED=${{ env.BUILDKIT_STEP_LOG_MAX_SPEED }}" + + - name: "${{ inputs.docker_image_name }}: Checkout repository" + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: "${{ inputs.docker_image_name }}: Login to Docker Container Registry" + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + if: ${{ env.DOCKER_REGISTRY_LOGIN == 'true' }} + with: + registry: "${{ env.DOCKER_REGISTRY }}" + username: "${{ secrets.GIT_DOCKER_REGISTRY_LOGIN || env.GITHUB_ACTOR }}" + password: "${{ secrets.GIT_DOCKER_REGISTRY_PASSKEY || secrets.GITHUB_TOKEN }}" + + - name: "${{ inputs.docker_image_name }}: Build and push image" + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + with: + load: true + push: "${{ env.DOCKER_IMAGE_PUSH }}" + outputs: type=docker + platforms: "${{ env.DOCKER_PLATFORMS }}" + file: "${{ env.DOCKER_FILE_PATH }}" + tags: "${{ env.DOCKER_IMAGE_BASE }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_IMAGE_TAG }}" + cache-from: type=gha,scope=${{ env.DOCKER_IMAGE_NAME }} + cache-to: type=gha,mode=max,scope=${{ env.DOCKER_IMAGE_NAME }} + build-args: "${{ env.DOCKER_BUILD_ARGS }}" + + - name: "${{ inputs.docker_image_name }}: Scanner Trivy run vulnerability scanner on image" + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 + with: + image-ref: "${{ env.DOCKER_IMAGE_BASE }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_IMAGE_TAG }}" + format: "sarif" + output: "${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif" + + - name: "${{ inputs.docker_image_name }}: Scanner Trivy upload results to Security tab" + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + with: + sarif_file: "${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif" + + - name: "${{ inputs.docker_image_name }}: Scanner Trivy upload results as an artifact." + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: "trivy-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}" + path: "${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif" diff --git a/docker/Flex/Dockerfile.ubuntu22.04 b/docker/Flex/Dockerfile.ubuntu22.04 index c21aeb8..c513b90 100644 --- a/docker/Flex/Dockerfile.ubuntu22.04 +++ b/docker/Flex/Dockerfile.ubuntu22.04 @@ -3,8 +3,10 @@ # Copyright (c) 2020-2021 Intel Corporation. # SPDX-License-Identifier: BSD-3-Clause -# use Ubuntu 22.04 with Intel IPP -FROM intel/oneapi-basekit:2023.2-devel-ubuntu22.04 AS build +# se Ubuntu 22.04 with Intel IPP +ARG IMAGE_CACHE_REGISTRY=docker.io +ARG IMAGE_NAME=intel/oneapi-basekit:2023.2.1-devel-ubuntu22.04 +FROM ${IMAGE_CACHE_REGISTRY}/${IMAGE_NAME} AS build ARG SVT_AV1_VER=v2.1.2 ARG SVT_VP9_VER=v0.3.0 @@ -56,50 +58,50 @@ RUN rm /etc/apt/sources.list.d/oneAPI.list && \ # build svt av1 WORKDIR ${DL_PREFIX}/SVT-AV1/Build/linux -RUN curl -Lf ${SVT_AV1_REPO} | tar zx --strip-components=1 -C "${DL_PREFIX}/SVT-AV1" && \ - cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=${PREFIX} -DCMAKE_INSTALL_LIBDIR=${PREFIX}/lib -DCMAKE_ASM_NASM_COMPILER=yasm ../.. && \ +RUN curl -Lf "${SVT_AV1_REPO}" | tar zx --strip-components=1 -C "${DL_PREFIX}/SVT-AV1" && \ + cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="${PREFIX}" -DCMAKE_INSTALL_LIBDIR="${PREFIX}/lib" -DCMAKE_ASM_NASM_COMPILER=yasm ../.. && \ make -j "$(nproc)" && \ make install # build svt vp9 WORKDIR ${DL_PREFIX}/SVT-VP9/Build/linux -RUN curl -Lf ${SVT_VP9_REPO} | tar zx --strip-components=1 -C "${DL_PREFIX}/SVT-VP9" && \ - cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=${PREFIX} -DCMAKE_INSTALL_LIBDIR=${PREFIX}/lib -DCMAKE_ASM_NASM_COMPILER=yasm ../.. && \ +RUN curl -Lf "${SVT_VP9_REPO}" | tar zx --strip-components=1 -C "${DL_PREFIX}/SVT-VP9" && \ + cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="${PREFIX}" -DCMAKE_INSTALL_LIBDIR="${PREFIX}/lib" -DCMAKE_ASM_NASM_COMPILER=yasm ../.. && \ make -j "$(nproc)" && \ make install # build libvpx WORKDIR ${DL_PREFIX}/libvpx -RUN curl -Lf ${LIBVPX_REPO} | tar zx --strip-components=0 -C "${DL_PREFIX}/libvpx" && \ - ./configure --prefix=${PREFIX} --libdir=${PREFIX}/lib --enable-shared --disable-examples --disable-unit-tests --enable-vp9-highbitdepth --as=nasm && \ +RUN curl -Lf "${LIBVPX_REPO}" | tar zx --strip-components=0 -C "${DL_PREFIX}/libvpx" && \ + ./configure --prefix="${PREFIX}" --libdir="${PREFIX}/lib" --enable-shared --disable-examples --disable-unit-tests --enable-vp9-highbitdepth --as=nasm && \ make -j"$(nproc)" && \ make install # build gmmlib WORKDIR ${DL_PREFIX}/gmmlib/build -RUN curl -Lf ${GMMLIB_REPO} | tar xz --strip-components=1 -C "${DL_PREFIX}/gmmlib" && \ - cmake -DCMAKE_INSTALL_PREFIX=${PREFIX} -DCMAKE_INSTALL_LIBDIR=${PREFIX}/lib .. && \ +RUN curl -Lf "${GMMLIB_REPO}" | tar xz --strip-components=1 -C "${DL_PREFIX}/gmmlib" && \ + cmake -DCMAKE_INSTALL_PREFIX="${PREFIX}" -DCMAKE_INSTALL_LIBDIR="${PREFIX}/lib" .. && \ make -j"$(nproc)" && \ make install # build libva2 WORKDIR ${DL_PREFIX}/libva -RUN curl -Lf ${LIBVA2_REPO} | tar xz --strip-components=1 -C "${DL_PREFIX}/libva" && \ - ./autogen.sh --prefix=${PREFIX} --libdir=${PREFIX}/lib && \ +RUN curl -Lf "${LIBVA2_REPO}" | tar xz --strip-components=1 -C "${DL_PREFIX}/libva" && \ + ./autogen.sh --prefix="${PREFIX}" --libdir="${PREFIX}/lib" && \ make -j"$(nproc)" && \ make install # build libva-utils WORKDIR ${DL_PREFIX}/libva-utils -RUN curl -Lf ${LIBVA_UTILS_REPO} | tar xz --strip-components=1 -C "${DL_PREFIX}/libva-utils" && \ - ./autogen.sh --prefix=${PREFIX} --libdir=${PREFIX}/lib && \ +RUN curl -Lf "${LIBVA_UTILS_REPO}" | tar xz --strip-components=1 -C "${DL_PREFIX}/libva-utils" && \ + ./autogen.sh --prefix="${PREFIX}" --libdir="${PREFIX}/lib" && \ make -j"$(nproc)" && \ make install # build media driver WORKDIR ${DL_PREFIX}/media-driver-intel-media/build -RUN curl -Lf ${MEDIA_DRIVER_REPO} | tar xz --strip-components=1 -C "${DL_PREFIX}/media-driver-intel-media" && \ - cmake -DCMAKE_INSTALL_PREFIX=${PREFIX} -DCMAKE_INSTALL_LIBDIR=${PREFIX}/lib -DENABLE_PRODUCTION_KMD=ON .. && \ +RUN curl -Lf "${MEDIA_DRIVER_REPO}" | tar xz --strip-components=1 -C "${DL_PREFIX}/media-driver-intel-media" && \ + cmake -DCMAKE_INSTALL_PREFIX="${PREFIX}" -DCMAKE_INSTALL_LIBDIR="${PREFIX}/lib" -DENABLE_PRODUCTION_KMD=ON .. && \ make -j"$(nproc)" && \ make install @@ -109,9 +111,9 @@ RUN ./build.sh -DENABLE_RAISR_OPENCL=ON WORKDIR ${DL_PREFIX}/ffmpeg RUN curl -Lf "${FFMPEG_REPO}" | \ - tar -zx --strip-components=1 -C ${DL_PREFIX}/ffmpeg && \ - git -C "${DL_PREFIX}/ffmpeg" apply --whitespace=fix ${DL_PREFIX}/Video-Super-Resolution-Library/ffmpeg/*.patch && \ - cp ${DL_PREFIX}/Video-Super-Resolution-Library/ffmpeg/vf_raisr*.c ${DL_PREFIX}/ffmpeg/libavfilter + tar -zx --strip-components=1 -C "${DL_PREFIX}/ffmpeg" && \ + git -C "${DL_PREFIX}/ffmpeg" apply --whitespace=fix "${DL_PREFIX}/Video-Super-Resolution-Library/ffmpeg/"*.patch && \ + cp "${DL_PREFIX}/Video-Super-Resolution-Library/ffmpeg/vf_raisr"*.c "${DL_PREFIX}/ffmpeg/libavfilter" # Configure and build ffmpeg WORKDIR ${DL_PREFIX}/ffmpeg @@ -130,26 +132,19 @@ RUN ./configure \ --enable-libvpx \ --prefix="${PREFIX}" && \ make clean && \ - make -j $(nproc) && \ + make -j"$(nproc)" && \ make install # cleanup WORKDIR ${PREFIX} -RUN mkdir -p ${PREFIX}/usr/lib && \ - ldd ${PREFIX}/bin/ffmpeg | cut -d ' ' -f 3 | xargs -i cp {} ${PREFIX}/usr/lib/ && \ - cp /opt/intel/oneapi/ipp/latest/lib/intel64/libippik0.so.10.8 ${PREFIX}/usr/lib && \ - cp /opt/intel/oneapi/ipp/latest/lib/intel64/libippsk0.so.10.8 ${PREFIX}/usr/lib && \ - cp /opt/intel/oneapi/ipp/latest/lib/intel64/libippsn0.so.10.8 ${PREFIX}/usr/lib && \ - cp /opt/intel/oneapi/ipp/latest/lib/intel64/libippsl9.so.10.8 ${PREFIX}/usr/lib && \ - cp /opt/intel/oneapi/ipp/latest/lib/intel64/libippse9.so.10.8 ${PREFIX}/usr/lib && \ - cp /opt/intel/oneapi/ipp/latest/lib/intel64/libippsy8.so.10.8 ${PREFIX}/usr/lib && \ - cp /opt/intel/oneapi/ipp/latest/lib/intel64/libippsn8.so.10.8 ${PREFIX}/usr/lib && \ - cp /opt/intel/oneapi/ipp/latest/lib/intel64/libippsm7.so.10.8 ${PREFIX}/usr/lib && \ - LD_LIBRARY_PATH=${PREFIX}/usr/lib:/usr/local/lib64 /opt/build/bin/ffmpeg -buildconf && \ - mv ${PREFIX}/bin ${PREFIX}/usr/bin && \ - mv ${PREFIX}/lib ${PREFIX}/usr/local/ - -FROM ubuntu:22.04 AS base +RUN mkdir -p "${PREFIX}/usr/lib" && \ + ldd "${PREFIX}/bin/ffmpeg" | cut -d ' ' -f 3 | xargs -i cp {} "${PREFIX}/usr/lib/" && \ + LD_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/usr/lib:/usr/local/lib:/usr/local/lib64" /opt/build/bin/ffmpeg -buildconf && \ + mv "${PREFIX}/bin" "${PREFIX}/usr/bin" && \ + mv "${PREFIX}/lib" "${PREFIX}/usr/local/" + +ARG IMAGE_CACHE_REGISTRY +FROM ${IMAGE_CACHE_REGISTRY}/library/ubuntu:22.04@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658 AS base LABEL org.opencontainers.image.authors="milosz.linkiewicz@intel.com,xiaoxia.liang@intel.com" LABEL org.opencontainers.image.url="https://github.com/OpenVisualCloud/Video-Super-Resolution-Library" @@ -160,7 +155,7 @@ LABEL org.opencontainers.image.version="1.0.0" LABEL org.opencontainers.image.vendor="Intel® Corporation" LABEL org.opencontainers.image.licenses="BSD 3-Clause License" -ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64 +ENV LD_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib/intel64:/usr/local/lib:/usr/local/lib64" ENV LIBVA_DRIVERS_PATH=/usr/local/lib/dri SHELL ["/bin/bash", "-ex", "-o", "pipefail", "-c"] @@ -170,6 +165,8 @@ COPY --from=build /opt/build / COPY ./filters_1.5x/ /opt/raisrfolder/filters_1.5x/ COPY ./filters_2x/ /opt/raisrfolder/filters_2x/ +COPY docker/Flex/nginx.conf /usr/local/nginx/conf/nginx.conf.copy + RUN apt-get update --fix-missing && \ apt-get full-upgrade -y && \ apt-get install --no-install-recommends -y \ @@ -186,31 +183,34 @@ RUN apt-get update --fix-missing && \ gcc \ zlib1g-dev \ make && \ - curl -fsSL https://repositories.intel.com/graphics/intel-graphics.key | gpg --dearmor | tee /usr/share/keyrings/intel-graphics-archive-keyring.gpg && \ + curl -fsSL https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | gpg --dearmor | tee /usr/share/keyrings/oneapi-archive-keyring.gpg > /dev/null && \ + curl -fsSL https://repositories.intel.com/graphics/intel-graphics.key | gpg --dearmor | tee /usr/share/keyrings/intel-graphics-archive-keyring.gpg > /dev/null && \ + echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" > /etc/apt/sources.list.d/intel-oneAPI.list && \ echo "deb [signed-by=/usr/share/keyrings/intel-graphics-archive-keyring.gpg arch=amd64] https://repositories.intel.com/graphics/ubuntu jammy flex" > /etc/apt/sources.list.d/intel-graphics.list && \ apt-get update --fix-missing && \ apt-get install --no-install-recommends -y \ intel-opencl-icd \ - intel-level-zero-gpu && \ + intel-level-zero-gpu \ + intel-oneapi-ipp && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ ln -s /usr/bin/ffmpeg /opt/raisrfolder/ffmpeg && \ mkdir -p /opt/nginx /opt/nginx-rtmp-module && \ curl -Lf https://github.com/arut/nginx-rtmp-module/archive/refs/heads/master.tar.gz | tar xz --strip-components=1 -C "/opt/nginx-rtmp-module" && \ - curl -Lf http://nginx.org/download/nginx-1.24.0.tar.gz | tar xz --strip-components=1 -C "/opt/nginx" + curl -Lf http://nginx.org/download/nginx-1.24.0.tar.gz | tar xz --strip-components=1 -C "/opt/nginx" && \ + ldconfig -# Run ffmpeg and verify that the raisr filter is supported -RUN ffmpeg -h filter=raisr -# install ngnix +# Install ngnix and run ffmpeg to verify that the raisr filter is supported WORKDIR /opt/nginx RUN ./configure --with-http_ssl_module --add-module=../nginx-rtmp-module && \ - make -j $(nproc) && \ + make -j"$(nproc)" && \ make install && \ - rm -rf nginx-rtmp-module nginx + rm -rf nginx-rtmp-module nginx && \ + cp -f /usr/local/nginx/conf/nginx.conf.copy /usr/local/nginx/conf/nginx.conf && \ + ffmpeg -buildconf && \ + ffmpeg -h filter=raisr -# copy nignx.conf file -COPY docker/Flex/nginx.conf /usr/local/nginx/conf/ WORKDIR /opt/raisrfolder SHELL ["/bin/bash", "-c"] CMD ["-h", "filter=raisr"] diff --git a/docker/Xeon/Dockerfile.centos9 b/docker/Xeon/Dockerfile.centos9 index bfb4aa1..e72aae9 100644 --- a/docker/Xeon/Dockerfile.centos9 +++ b/docker/Xeon/Dockerfile.centos9 @@ -43,15 +43,15 @@ RUN yum install -y \ WORKDIR ${DL_PREFIX}/libx264 RUN git clone https://github.com/mirror/x264 -b stable --depth 1 . && \ - ./configure --prefix=${PREFIX} --libdir=${PREFIX}/lib --enable-shared && \ - make -j $(nproc) && \ + ./configure --prefix="${PREFIX}" --libdir="${PREFIX}/lib" --enable-shared && \ + make -j"$(nproc)" && \ make install WORKDIR ${DL_PREFIX}/libx265/build/linux RUN curl -Lf https://github.com/videolan/x265/archive/3.4.tar.gz | \ tar -zx --strip-components=1 -C "${DL_PREFIX}/libx265/" && \ - cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${PREFIX} -DHIGH_BIT_DEPTH=ON ../../source && \ - make -j$(nproc) && \ + cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX="${PREFIX}" -DHIGH_BIT_DEPTH=ON ../../source && \ + make -j"$(nproc)" && \ make install ENV IPPROOT="/opt/intel/oneapi/ipp/latest" @@ -83,16 +83,16 @@ RUN ./configure \ --enable-cross-compile \ --prefix="${PREFIX}" && \ make clean && \ - make -j $(nproc) && \ + make -j"$(nproc)" && \ make install && \ - rm -rf ${DL_PREFIX}/libx265 ${DL_PREFIX}/libx264 + rm -rf "${DL_PREFIX}/libx265" "${DL_PREFIX}/libx264" ENV LIBIPP="/opt/intel/oneapi/ipp/latest/lib/intel64/" WORKDIR ${PREFIX}/usr/local/lib -RUN ldd ${PREFIX}/bin/ffmpeg | cut -d ' ' -f 3 | xargs -i cp {} . && \ - mv ${PREFIX}/bin ${PREFIX}/usr/local/ && \ - rm -rf ${PREFIX}/share ${PREFIX}/include ${PREFIX}/lib && \ - LD_LIBRARY_PATH="${PREFIX}/usr/local/lib:${LIBIPP}" ${PREFIX}/usr/local/bin/ffmpeg -buildconf +RUN ldd "${PREFIX}/bin/ffmpeg" | cut -d ' ' -f 3 | xargs -i cp {} . && \ + mv "${PREFIX}/bin" "${PREFIX}/usr/local/" && \ + rm -rf "${PREFIX:?}/share" "${PREFIX:?}/include" "${PREFIX:?}/lib" && \ + LD_LIBRARY_PATH="${PREFIX}/usr/local/lib:${LIBIPP}" "${PREFIX}/usr/local/bin/ffmpeg" -buildconf FROM quay.io/centos/centos:stream9 AS base diff --git a/docker/Xeon/Dockerfile.rockylinux9-mini b/docker/Xeon/Dockerfile.rockylinux9-mini index b71efc3..9b4aa15 100644 --- a/docker/Xeon/Dockerfile.rockylinux9-mini +++ b/docker/Xeon/Dockerfile.rockylinux9-mini @@ -45,15 +45,15 @@ RUN yum install -y \ WORKDIR ${DL_PREFIX}/libx264 RUN git clone https://github.com/mirror/x264 -b stable --depth 1 . && \ - ./configure --prefix=${PREFIX} --libdir=${PREFIX}/lib --enable-shared && \ - make -j $(nproc) && \ + ./configure --prefix="${PREFIX}" --libdir="${PREFIX}/lib" --enable-shared && \ + make -j"$(nproc)" && \ make install WORKDIR ${DL_PREFIX}/libx265/build/linux RUN curl -Lf https://github.com/videolan/x265/archive/3.4.tar.gz | \ tar -zx --strip-components=1 -C "${DL_PREFIX}/libx265/" && \ - cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${PREFIX} -DHIGH_BIT_DEPTH=ON ../../source && \ - make -j$(nproc) && \ + cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX="${PREFIX}" -DHIGH_BIT_DEPTH=ON ../../source && \ + make -j"$(nproc)" && \ make install ENV IPPROOT="/opt/intel/oneapi/ipp/latest" @@ -83,14 +83,14 @@ RUN ./configure \ --enable-cross-compile \ --prefix="${PREFIX}" && \ make clean && \ - make -j $(nproc) && \ + make -j"$(nproc)" && \ make install && \ - rm -rf ${DL_PREFIX}/libx265 ${DL_PREFIX}/libx264 + rm -rf "${DL_PREFIX}/libx265" "${DL_PREFIX}/libx264" WORKDIR ${PREFIX}/usr/local/lib -RUN ldd ${PREFIX}/bin/ffmpeg | cut -d ' ' -f 3 | xargs -i cp {} . && \ - mv ${PREFIX}/bin ${PREFIX}/usr/local/ && \ - rm -rf ${PREFIX}/share ${PREFIX}/include ${PREFIX}/lib +RUN ldd "${PREFIX}/bin/ffmpeg" | cut -d ' ' -f 3 | xargs -i cp {} . && \ + mv "${PREFIX}/bin" "${PREFIX}/usr/local/" && \ + rm -rf "${PREFIX:?}/share" "${PREFIX:?}/include" "${PREFIX:?}/lib" ARG IMAGE_CACHE_REGISTRY FROM ${IMAGE_CACHE_REGISTRY}/library/rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6 AS base diff --git a/docker/Xeon/Dockerfile.ubuntu18.04 b/docker/Xeon/Dockerfile.ubuntu18.04 index 64810ac..0d708a6 100644 --- a/docker/Xeon/Dockerfile.ubuntu18.04 +++ b/docker/Xeon/Dockerfile.ubuntu18.04 @@ -58,24 +58,24 @@ RUN ./configure \ --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ --enable-cross-compile \ --prefix="${PREFIX}" && \ - make clean && make -j $(nproc) && \ + make clean && make -j"$(nproc)" && \ make install ENV LIBIPP="/opt/intel/oneapi/ipp/latest/lib/intel64" WORKDIR ${PREFIX}/usr/local/lib -RUN ldd ${PREFIX}/bin/ffmpeg | cut -d ' ' -f 3 | xargs -i cp {} . && \ - cp ${LIBIPP}/libippsk0.so.10.5 . && \ - cp ${LIBIPP}/libippsn0.so.10.5 . && \ - cp ${LIBIPP}/libippsl9.so.10.5 . && \ - cp ${LIBIPP}/libippse9.so.10.5 . && \ - cp ${LIBIPP}/libippsy8.so.10.5 . && \ - cp ${LIBIPP}/libippsn8.so.10.5 . && \ - cp ${LIBIPP}/libippsm7.so.10.5 . && \ - cp ${LIBIPP}/libippik0.so.10.5 . && \ - cp ${LIBIPP}/libippil9.so.10.5 . && \ - mv ${PREFIX}/bin ${PREFIX}/usr/local/ && \ - LD_LIBRARY_PATH=${PREFIX}/usr/local/lib ${PREFIX}/usr/local/bin/ffmpeg -buildconf && \ - rm -rf ${PREFIX}/include/ ${PREFIX}/share/ ${PREFIX}/lib/ +RUN ldd "${PREFIX}/bin/ffmpeg" | cut -d ' ' -f 3 | xargs -i cp {} . && \ + cp "${LIBIPP}/libippsk0.so.10.5" . && \ + cp "${LIBIPP}/libippsn0.so.10.5" . && \ + cp "${LIBIPP}/libippsl9.so.10.5" . && \ + cp "${LIBIPP}/libippse9.so.10.5" . && \ + cp "${LIBIPP}/libippsy8.so.10.5" . && \ + cp "${LIBIPP}/libippsn8.so.10.5" . && \ + cp "${LIBIPP}/libippsm7.so.10.5" . && \ + cp "${LIBIPP}/libippik0.so.10.5" . && \ + cp "${LIBIPP}/libippil9.so.10.5" . && \ + mv "${PREFIX}/bin" "${PREFIX}/usr/local/" && \ + LD_LIBRARY_PATH="${PREFIX}/usr/local/lib" "${PREFIX}/usr/local/bin/ffmpeg" -buildconf && \ + rm -rf "${PREFIX:?}/include/" "${PREFIX:?}/share/" "${PREFIX:?}/lib/" ARG IMAGE_CACHE_REGISTRY FROM ${IMAGE_CACHE_REGISTRY}/library/ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98 AS base diff --git a/docker/Xeon/Dockerfile.ubuntu20.04 b/docker/Xeon/Dockerfile.ubuntu20.04 index 400680a..3bad5d1 100644 --- a/docker/Xeon/Dockerfile.ubuntu20.04 +++ b/docker/Xeon/Dockerfile.ubuntu20.04 @@ -51,24 +51,24 @@ RUN ./configure \ --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ --enable-cross-compile \ --prefix="${PREFIX}" && \ - make clean && make -j $(nproc) && \ + make clean && make -j"$(nproc)" && \ make install ENV LIBIPP="/opt/intel/oneapi/ipp/latest/lib/intel64" WORKDIR ${PREFIX}/usr/local/lib -RUN ldd ${PREFIX}/bin/ffmpeg | cut -d ' ' -f 3 | xargs -i cp {} . && \ - cp ${LIBIPP}/libippsk0.so.10.8 . && \ - cp ${LIBIPP}/libippsn0.so.10.8 . && \ - cp ${LIBIPP}/libippsl9.so.10.8 . && \ - cp ${LIBIPP}/libippse9.so.10.8 . && \ - cp ${LIBIPP}/libippsy8.so.10.8 . && \ - cp ${LIBIPP}/libippsn8.so.10.8 . && \ - cp ${LIBIPP}/libippsm7.so.10.8 . && \ - cp ${LIBIPP}/libippik0.so.10.8 . && \ - cp ${LIBIPP}/libippil9.so.10.8 . && \ - mv ${PREFIX}/bin ${PREFIX}/usr/local/ && \ - LD_LIBRARY_PATH=${PREFIX}/usr/local/lib ${PREFIX}/usr/local/bin/ffmpeg -buildconf && \ - rm -rf ${PREFIX}/include/ ${PREFIX}/share/ ${PREFIX}/lib/ +RUN ldd "${PREFIX}/bin/ffmpeg" | cut -d ' ' -f 3 | xargs -i cp {} . && \ + cp "${LIBIPP}/libippsk0.so.10.8" . && \ + cp "${LIBIPP}/libippsn0.so.10.8" . && \ + cp "${LIBIPP}/libippsl9.so.10.8" . && \ + cp "${LIBIPP}/libippse9.so.10.8" . && \ + cp "${LIBIPP}/libippsy8.so.10.8" . && \ + cp "${LIBIPP}/libippsn8.so.10.8" . && \ + cp "${LIBIPP}/libippsm7.so.10.8" . && \ + cp "${LIBIPP}/libippik0.so.10.8" . && \ + cp "${LIBIPP}/libippil9.so.10.8" . && \ + mv "${PREFIX}/bin" "${PREFIX}/usr/local/" && \ + LD_LIBRARY_PATH="${PREFIX}/usr/local/lib" "${PREFIX}/usr/local/bin/ffmpeg" -buildconf && \ + rm -rf "${PREFIX:?}/include/" "${PREFIX:?}/share/" "${PREFIX:?}/lib/" ARG IMAGE_CACHE_REGISTRY FROM ${IMAGE_CACHE_REGISTRY}/library/ubuntu:20.04@sha256:fa17826afb526a9fc7250e0fbcbfd18d03fe7a54849472f86879d8bf562c629e AS base diff --git a/docker/Xeon/Dockerfile.ubuntu22.04 b/docker/Xeon/Dockerfile.ubuntu22.04 index 9e7cf9c..9a0284a 100644 --- a/docker/Xeon/Dockerfile.ubuntu22.04 +++ b/docker/Xeon/Dockerfile.ubuntu22.04 @@ -3,7 +3,7 @@ # Copyright (c) 2020-2021 Intel Corporation. # SPDX-License-Identifier: BSD-3-Clause -# use Ubuntu 22.04 with Intel IPP +# Use Ubuntu 22.04 with Intel IPP ARG IMAGE_CACHE_REGISTRY=docker.io ARG IMAGE_NAME=intel/oneapi-basekit:2023.2.1-devel-ubuntu22.04 FROM ${IMAGE_CACHE_REGISTRY}/${IMAGE_NAME} AS build @@ -29,7 +29,7 @@ RUN rm /etc/apt/sources.list.d/oneAPI.list && \ cmake && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - curl -Lf https://github.com/ffmpeg/ffmpeg/archive/${FFMPEG_COMMIT_ID}.tar.gz | \ + curl -Lf "https://github.com/ffmpeg/ffmpeg/archive/${FFMPEG_COMMIT_ID}.tar.gz" | \ tar -zx --strip-components=1 -C "${DL_PREFIX}/ffmpeg" COPY . ${DL_PREFIX}/Video-Super-Resolution-Library @@ -51,24 +51,24 @@ RUN ./configure \ --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ --enable-cross-compile \ --prefix="${PREFIX}" && \ - make clean && make -j $(nproc) && \ + make clean && make -j"$(nproc)" && \ make install ENV LIBIPP="/opt/intel/oneapi/ipp/latest/lib/intel64" WORKDIR ${PREFIX}/usr/local/lib -RUN ldd ${PREFIX}/bin/ffmpeg | cut -d ' ' -f 3 | xargs -i cp {} . && \ - cp ${LIBIPP}/libippsk0.so.10.8 . && \ - cp ${LIBIPP}/libippsn0.so.10.8 . && \ - cp ${LIBIPP}/libippsl9.so.10.8 . && \ - cp ${LIBIPP}/libippse9.so.10.8 . && \ - cp ${LIBIPP}/libippsy8.so.10.8 . && \ - cp ${LIBIPP}/libippsn8.so.10.8 . && \ - cp ${LIBIPP}/libippsm7.so.10.8 . && \ - cp ${LIBIPP}/libippik0.so.10.8 . && \ - cp ${LIBIPP}/libippil9.so.10.8 . && \ - mv ${PREFIX}/bin ${PREFIX}/usr/local/ && \ - LD_LIBRARY_PATH=${PREFIX}/usr/local/lib ${PREFIX}/usr/local/bin/ffmpeg -buildconf && \ - rm -rf ${PREFIX}/include/ ${PREFIX}/share/ ${PREFIX}/lib/ +RUN ldd "${PREFIX}/bin/ffmpeg" | cut -d ' ' -f 3 | xargs -i cp {} . && \ + cp "${LIBIPP}/libippsk0.so.10.8" . && \ + cp "${LIBIPP}/libippsn0.so.10.8" . && \ + cp "${LIBIPP}/libippsl9.so.10.8" . && \ + cp "${LIBIPP}/libippse9.so.10.8" . && \ + cp "${LIBIPP}/libippsy8.so.10.8" . && \ + cp "${LIBIPP}/libippsn8.so.10.8" . && \ + cp "${LIBIPP}/libippsm7.so.10.8" . && \ + cp "${LIBIPP}/libippik0.so.10.8" . && \ + cp "${LIBIPP}/libippil9.so.10.8" . && \ + mv "${PREFIX}/bin" "${PREFIX}/usr/local/" && \ + LD_LIBRARY_PATH="${PREFIX}/usr/local/lib" "${PREFIX}/usr/local/bin/ffmpeg" -buildconf && \ + rm -rf "${PREFIX:?}/include/" "${PREFIX:?}/share/" "${PREFIX:?}/lib/" ARG IMAGE_CACHE_REGISTRY FROM ${IMAGE_CACHE_REGISTRY}/library/ubuntu:22.04@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658 AS base diff --git a/scripts/03_build_raisr_ffmpeg.sh b/scripts/03_build_raisr_ffmpeg.sh index 82ed88d..dad5d9f 100755 --- a/scripts/03_build_raisr_ffmpeg.sh +++ b/scripts/03_build_raisr_ffmpeg.sh @@ -27,26 +27,28 @@ export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH" export C_INCLUDE_PATH="/opt/intel/oneapi/ipp/latest/include/ipp" # build raisr -pushd "$raisr_path" - +pushd "${raisr_path}" sudo -E ./build.sh popd + # build ffmpeg pushd "${raisr_path}/../ffmpeg" cp "${raisr_path}/ffmpeg/vf_raisr.c" libavfilter/ ./configure \ + --disable-debug \ + --disable-doc \ --enable-libipp \ - --extra-cflags="-fopenmp -I/opt/intel/oneapi/ipp/latest/include/ipp" \ - --extra-ldflags=-fopenmp \ --enable-gpl \ --enable-libx264 \ --enable-libx265 \ --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi' \ + --extra-cflags='-fopenmp -I/opt/intel/oneapi/ipp/latest/include/ipp' \ + --extra-ldflags='-fopenmp' \ --enable-cross-compile make clean -make -j "$(nproc)" -make install +make -j"$(nproc)" +sudo -E make install popd cp -r "${raisr_path}/filters"* . @@ -60,4 +62,4 @@ log_info And you can see more use cases in README file of Video-Super-Resolution log_info "\tNotice: If you get \"ffmpeg: error while loading shared libraries\", try first doing:" log_info "\t\texport LD_LIBRARY_PATH=\"/opt/intel/oneapi/ipp/latest/lib/intel64:/usr/local/lib:${LD_LIBRARY_PATH}\"" -log_info "Finished script execution \"${BASH_SOURCE[0]}\"" \ No newline at end of file +log_info "Finished script execution \"${BASH_SOURCE[0]}\"" From 920058433fae7dd1c694d4fa87068b4dc1dac212 Mon Sep 17 00:00:00 2001 From: Milosz Linkiewicz Date: Wed, 15 Jan 2025 00:13:08 +0000 Subject: [PATCH 5/6] Minor changes to ubuntu build Minor changes to ubuntu build Signed-off-by: Milosz Linkiewicz --- .github/workflows/build-baremetal-ubuntu.yml | 7 +- .github/workflows/codeql.yml | 62 +++++++++---- build.sh | 91 +++++++++++--------- docker/Flex/Dockerfile.ubuntu22.04 | 50 +++++++---- 4 files changed, 133 insertions(+), 77 deletions(-) diff --git a/.github/workflows/build-baremetal-ubuntu.yml b/.github/workflows/build-baremetal-ubuntu.yml index 09e5014..73a0599 100644 --- a/.github/workflows/build-baremetal-ubuntu.yml +++ b/.github/workflows/build-baremetal-ubuntu.yml @@ -87,13 +87,16 @@ jobs: working-directory: "${BUILD_DIR}/ffmpeg" run: | ./configure \ + --disable-debug \ + --disable-doc \ --enable-libipp \ - --extra-cflags=-fopenmp \ - --extra-ldflags=-fopenmp \ + --enable-static \ --enable-gpl \ --enable-libx264 \ --enable-libx265 \ --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ + --extra-cflags='-fopenmp -I/opt/intel/oneapi/ipp/latest/include/ipp/' \ + --extra-ldflags='-fopenmp -L/opt/intel/oneapi/ipp/latest/lib' \ --enable-cross-compile \ --prefix="${PREFIX}" && \ make clean && \ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d8dd5fe..262dd4f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,9 +9,16 @@ on: - cron: '15 0 * * *' env: + TZ: "Europe/Warsaw" BUILD_TYPE: "Release" - PREFIX_DIR: /usr/local DEBIAN_FRONTEND: "noninteractive" + FFMPEG_COMMIT_ID: "n6.1.1" + BUILD_DIR: "${{ github.workspace }}/build" + PREFIX: "${{ github.workspace }}/_install" + +defaults: + run: + shell: bash permissions: contents: read @@ -32,9 +39,6 @@ jobs: permissions: actions: read security-events: write - defaults: - run: - shell: bash steps: - name: 'Harden Runner' uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 @@ -44,19 +48,43 @@ jobs: - name: 'Checkout repository' uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: 'Get RAISR prerequisites and set-up git' + - name: 'Install OS level dependencies' + run: | + set -exo pipefail && \ + mkdir -p "${PREFIX}" "${BUILD_DIR}/ffmpeg" && \ + sudo apt-get update --fix-missing && \ + sudo apt-get full-upgrade -y && \ + sudo apt-get install --no-install-recommends -y \ + build-essential \ + ca-certificates \ + cmake \ + diffutils \ + gpg \ + libx264-dev \ + libx265-dev \ + llvm \ + m4 \ + meson \ + nasm \ + ocl-icd-opencl-dev \ + opencl-headers \ + zlib1g-dev \ + make curl git sudo tar unzip wget yasm && \ + + - name: 'Install Intel OneAPI APT repository' run: | - sudo apt update -y - sudo apt install -y sudo git wget curl pkg-config bash tar zip unzip make - mkdir -p "${{ github.workspace }}/build" - git config --global user.email "you@example.com" - git config --global user.name "Your Name" + set -exo pipefail && \ + curl -fsSL https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | gpg --dearmor | sudo tee /usr/share/keyrings/oneapi-archive-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" | sudo tee /etc/apt/sources.list.d/intel-oneAPI.list && \ + sudo apt-get update --fix-missing && \ + sudo apt-get install --no-install-recommends -y intel-oneapi-ipp-devel-2022.0 - - name: 'Build RAISR prerequisites and install' - working-directory: "${{ github.workspace }}/build" + - name: 'Download and patch ffmpeg repository' run: | - "${{ github.workspace }}/scripts/01_pull_resources.sh" - "${{ github.workspace }}/scripts/02_install_prerequisites.sh" "${{ github.workspace }}/build/raisr.tar.gz" + set -eo pipefail && \ + curl -Lf https://github.com/ffmpeg/ffmpeg/archive/${FFMPEG_COMMIT_ID}.tar.gz | tar -zx --strip-components=1 -C "${BUILD_DIR}/ffmpeg" + patch -d "${BUILD_DIR}/ffmpeg" -p1 -i <(cat "${{ github.workspace }}/ffmpeg/"*.patch) + cp "${{ github.workspace }}/ffmpeg/vf_raisr"*.c "${BUILD_DIR}/ffmpeg/libavfilter" - name: 'Initialize CodeQL action' uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 @@ -64,10 +92,8 @@ jobs: languages: "c-cpp" config-file: "${{ github.workspace }}/.github/codeql/codeql-config.yml" - - name: 'Build RAISR source library' - working-directory: "${{ github.workspace }}/build" - run: | - "${{ github.workspace }}/scripts/03_build_raisr_ffmpeg.sh" "${{ github.workspace }}/build/raisr/Video-Super-Resolution-Library" + - name: 'Build RAISR from source code' + run: '${{ github.workspace }}/build.sh -DENABLE_RAISR_OPENCL=ON' - name: 'Perform CodeQL Analysis' uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 diff --git a/build.sh b/build.sh index 17de1f7..9f988b8 100755 --- a/build.sh +++ b/build.sh @@ -7,17 +7,20 @@ set -ex -o pipefail SCRIPT_DIR="$(readlink -f "$(dirname -- "${BASH_SOURCE[0]}")")" +REPOSITORY_DIR="$(readlink -f "${SCRIPT_DIR}")" + . "${SCRIPT_DIR}/scripts/common.sh" nproc="${nproc:-$(nproc)}" +# Env variable BUILD_TYPE can be one off: RelWithDebInfo, Release, Debug +BUILD_TYPE="${BUILD_TYPE:-Release}" + # Helpful when copying and pasting functions and debuging. if printf '%s' "$0" | grep -q '\.sh'; then IN_SCRIPT=true fi - - -cd_safe() { +function cd_safe() { if (cd "$1"); then cd "$1" else @@ -28,50 +31,57 @@ cd_safe() { } # Usage: build [test] -build() ( - build_type=Release - log_info "Create folder: build, build type: $build_type" - mkdir -p build > /dev/null 2>&1 - cd_safe build - - for file in *; do - rm -rf "$file" - done +function build() +( + log_info "Create folder: build, build type: ${BUILD_TYPE}" + + if [[ -d "${REPOSITORY_DIR:?}/build" ]]; then + rm -rf "${REPOSITORY_DIR:?}/build/"* + fi + + mkdir -p "${REPOSITORY_DIR}/build" > /dev/null 2>&1 - cmake .. -DCMAKE_BUILD_TYPE="$build_type" $CMAKE_EXTRA_FLAGS "$@" + cmake -DCMAKE_BUILD_TYPE="${BUILD_TYPE}" "${CMAKE_EXTRA_FLAGS}" -B "${REPOSITORY_DIR}/build" -S "${REPOSITORY_DIR}" "$@" #cmake .. -DCMAKE_BUILD_TYPE="RelWithDebInfo" $CMAKE_EXTRA_FLAGS "$@" - if [ -f Makefile ]; then - make -j "${nproc}" - make install -j "${nproc}" + if [ -f "${REPOSITORY_DIR}/build/Makefile" ]; then + make -j"${nproc}" -C "${REPOSITORY_DIR}/build" + as_root make install -j"${nproc}" -C "${REPOSITORY_DIR}/build" fi - - cd .. ) +function check_executable() +{ + print_exec=(printf '\0') + if [[ "$#" -ge "2" ]]; then + if [[ "${1}" == "-p" ]]; then + print_exec=(printf '%s\n') + fi + shift + fi -check_executable() ( - print_exec=false - while true; do - case "$1" in - -p) print_exec=true && shift ;; - *) break ;; - esac - done - [ -n "$1" ] && command_to_check="$1" || return 1 - shift - if [ -e "$command_to_check" ]; then - $print_exec && printf '%s\n' "$command_to_check" - return 0 + if [[ "$#" -ge "1" ]]; then + command_to_check="${1}" && shift + else + log_error "Wrong number of parameters passed to check_executable()." + return 1 + fi + + if [ -e "${command_to_check}" ]; then + "${print_exec[@]}" "${command_to_check}" + return 0 fi - for d in "$@" $(printf '%s ' "$PATH" | tr ':' ' '); do - if [ -e "$d/$command_to_check" ]; then - $print_exec && printf '%s\n' "$d/$command_to_check" - return 0 - fi + + for pt in "$@" $(echo "${PATH}" | tr ':' ' '); do + if [ -e "${pt}/${command_to_check}" ]; then + "${print_exec[@]}" "${pt}/${command_to_check}" + return 0 + fi done + return 127 -) +} + if check_executable icpx; then CXX=$(check_executable -p icpx) elif check_executable clang++; then @@ -79,9 +89,10 @@ elif check_executable clang++; then elif check_executable g++; then CXX=$(check_executable -p g++) else - die "No suitable cpp compiler found in path" \ - "Please either install one or set it via cxx=*" + log_error "No suitable cpp compiler found in path." + log_error "Please either install one or set it via cxx=*" + die "[Exiting due to error.]" fi -export CXX +export CXX build "$@" diff --git a/docker/Flex/Dockerfile.ubuntu22.04 b/docker/Flex/Dockerfile.ubuntu22.04 index c513b90..4b57e8e 100644 --- a/docker/Flex/Dockerfile.ubuntu22.04 +++ b/docker/Flex/Dockerfile.ubuntu22.04 @@ -5,7 +5,8 @@ # se Ubuntu 22.04 with Intel IPP ARG IMAGE_CACHE_REGISTRY=docker.io -ARG IMAGE_NAME=intel/oneapi-basekit:2023.2.1-devel-ubuntu22.04 +ARG IMAGE_NAME=library/ubuntu:22.04@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658 +# ARG IMAGE_NAME=intel/oneapi-basekit:2023.2.1-devel-ubuntu22.04 FROM ${IMAGE_CACHE_REGISTRY}/${IMAGE_NAME} AS build ARG SVT_AV1_VER=v2.1.2 @@ -37,22 +38,34 @@ ENV TZ="Europe/Warsaw" # Update apt and install dependances SHELL ["/bin/bash", "-ex", "-o", "pipefail", "-c"] WORKDIR ${PREFIX} -RUN rm /etc/apt/sources.list.d/oneAPI.list && \ +RUN rm -f /etc/apt/sources.list.d/oneAPI.list && \ apt-get update --fix-missing && \ apt-get full-upgrade -y && \ apt-get install --no-install-recommends -y \ + autoconf \ + automake \ + build-essential \ ca-certificates \ - automake libdrm-dev libtool libx11-dev libxext-dev libxfixes-dev libwayland-dev \ + clang \ cmake \ - curl \ - libx265-dev \ - libx264-dev \ - zlib1g-dev \ - nasm \ - opencl-headers \ + diffutils \ + g++ \ + gcc gcc-multilib gpg \ + libdrm-dev libtool libx11-dev libxext-dev libxfixes-dev \ + libwayland-dev libpciaccess-dev libx264-dev libx265-dev \ + llvm m4 meson nasm \ ocl-icd-opencl-dev \ - libpciaccess-dev \ - yasm && \ + opencl-headers \ + pkg-config \ + python3-pyelftools \ + systemtap-sdt-dev \ + ubuntu-drivers-common \ + zlib1g-dev \ + make curl git sudo tar unzip wget yasm && \ + curl -fsSL "https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB" | gpg --dearmor > "/usr/share/keyrings/oneapi-archive-keyring.gpg" && \ + echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" > "/etc/apt/sources.list.d/intel-oneAPI.list" && \ + apt-get update --fix-missing && \ + apt-get install --no-install-recommends -y intel-oneapi-ipp-devel-2022.0 && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* @@ -117,19 +130,23 @@ RUN curl -Lf "${FFMPEG_REPO}" | \ # Configure and build ffmpeg WORKDIR ${DL_PREFIX}/ffmpeg +# RUN ./configure --disable-shared \ RUN ./configure \ + --disable-debug \ + --disable-doc \ + --enable-static \ --enable-libipp \ - --extra-cflags=-fopenmp \ - --extra-ldflags=-fopenmp \ --enable-gpl \ --enable-libx264 \ --enable-libx265 \ - --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ - --enable-cross-compile \ --enable-opencl \ --enable-vaapi \ --enable-libsvtav1 \ --enable-libvpx \ + --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ + --extra-cflags='-fopenmp -I/opt/intel/oneapi/ipp/latest/include/ipp/' \ + --extra-ldflags='-fopenmp -L/opt/intel/oneapi/ipp/latest/lib' \ + --enable-cross-compile \ --prefix="${PREFIX}" && \ make clean && \ make -j"$(nproc)" && \ @@ -191,7 +208,7 @@ RUN apt-get update --fix-missing && \ apt-get install --no-install-recommends -y \ intel-opencl-icd \ intel-level-zero-gpu \ - intel-oneapi-ipp && \ + intel-oneapi-ipp-2022.0 && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ ln -s /usr/bin/ffmpeg /opt/raisrfolder/ffmpeg && \ @@ -200,7 +217,6 @@ RUN apt-get update --fix-missing && \ curl -Lf http://nginx.org/download/nginx-1.24.0.tar.gz | tar xz --strip-components=1 -C "/opt/nginx" && \ ldconfig - # Install ngnix and run ffmpeg to verify that the raisr filter is supported WORKDIR /opt/nginx RUN ./configure --with-http_ssl_module --add-module=../nginx-rtmp-module && \ From ef9203758081b057fcf37db5caac17cd6fa8e64c Mon Sep 17 00:00:00 2001 From: Milosz Linkiewicz Date: Wed, 15 Jan 2025 04:30:15 +0000 Subject: [PATCH 6/6] Minor update to Flex Ubuntu22 Minor update to Flex Ubuntu22 Signed-off-by: Milosz Linkiewicz --- .dockerignore | 6 ++ .github/workflows/build-baremetal-ubuntu.yml | 39 +++++---- .github/workflows/codeql.yml | 10 ++- build.sh | 11 ++- docker/Flex/Dockerfile.ubuntu22.04 | 85 +++++++++++--------- docker/Xeon/Dockerfile.ubuntu22.04 | 9 ++- 6 files changed, 98 insertions(+), 62 deletions(-) diff --git a/.dockerignore b/.dockerignore index 3b89851..ba0ebb6 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,3 +3,9 @@ ./license* ./test* *Dockerfile* +.github/** +.vscode** +./_build/* +./build/* +./docs* +./_install* diff --git a/.github/workflows/build-baremetal-ubuntu.yml b/.github/workflows/build-baremetal-ubuntu.yml index 73a0599..ff7e34d 100644 --- a/.github/workflows/build-baremetal-ubuntu.yml +++ b/.github/workflows/build-baremetal-ubuntu.yml @@ -31,7 +31,7 @@ jobs: runs-on: 'ubuntu-22.04' timeout-minutes: 70 env: - LD_LIBRARY_PATH: "/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/lib:${PREFIX}/lib64:${LD_LIBRARY_PATH}" + LD_LIBRARY_PATH: "/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/usr/lib:${PREFIX}/lib:${PREFIX}/lib64:${LD_LIBRARY_PATH}" steps: - name: 'Harden Runner' uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 @@ -81,30 +81,39 @@ jobs: cp "${{ github.workspace }}/ffmpeg/vf_raisr"*.c "${BUILD_DIR}/ffmpeg/libavfilter" - name: 'Build RAISR from source code' - run: './build.sh -DENABLE_RAISR_OPENCL=ON' + run: | + ./build.sh -DENABLE_RAISR_OPENCL=ON \ + -DCMAKE_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib;${PREFIX}/lib;" \ + -DCMAKE_C_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp" \ + -DCMAKE_CXX_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp" - - name: 'Configure, build and install ffmpeg repository' + - name: 'Configure ffmpeg repository' working-directory: "${BUILD_DIR}/ffmpeg" + continue-on-error: true run: | ./configure \ - --disable-debug \ - --disable-doc \ - --enable-libipp \ - --enable-static \ + --disable-shared \ + --disable-debug \ + --disable-doc \ + --enable-static \ + --enable-libipp \ --enable-gpl \ --enable-libx264 \ --enable-libx265 \ - --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ - --extra-cflags='-fopenmp -I/opt/intel/oneapi/ipp/latest/include/ipp/' \ - --extra-ldflags='-fopenmp -L/opt/intel/oneapi/ipp/latest/lib' \ + --enable-opencl \ + --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm' \ + --extra-cflags='-fopenmp -I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp' \ + --extra-ldflags="-fopenmp -L/opt/intel/oneapi/ipp/latest/lib -L${PREFIX}/lib" \ --enable-cross-compile \ - --prefix="${PREFIX}" && \ - make clean && \ - make -j"$(nproc)" && \ - sudo -E make install + --prefix="${PREFIX}" || \ + { tail -n 100 "${BUILD_DIR}/ffmpeg/ffbuild/config.log && exit 1 } - - name: 'Libraries path cleanup and ffmpeg check' + - name: 'Build, install and check ffmpeg' working-directory: "${BUILD_DIR}/ffmpeg" + continue-on-error: true run: | + make clean + make -j"$(nproc)" + sudo -E make install sudo -E ldconfig ffmpeg -buildconf diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 262dd4f..cec3308 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -69,7 +69,7 @@ jobs: ocl-icd-opencl-dev \ opencl-headers \ zlib1g-dev \ - make curl git sudo tar unzip wget yasm && \ + make curl git sudo tar unzip wget yasm - name: 'Install Intel OneAPI APT repository' run: | @@ -81,7 +81,7 @@ jobs: - name: 'Download and patch ffmpeg repository' run: | - set -eo pipefail && \ + set -exo pipefail && \ curl -Lf https://github.com/ffmpeg/ffmpeg/archive/${FFMPEG_COMMIT_ID}.tar.gz | tar -zx --strip-components=1 -C "${BUILD_DIR}/ffmpeg" patch -d "${BUILD_DIR}/ffmpeg" -p1 -i <(cat "${{ github.workspace }}/ffmpeg/"*.patch) cp "${{ github.workspace }}/ffmpeg/vf_raisr"*.c "${BUILD_DIR}/ffmpeg/libavfilter" @@ -93,7 +93,11 @@ jobs: config-file: "${{ github.workspace }}/.github/codeql/codeql-config.yml" - name: 'Build RAISR from source code' - run: '${{ github.workspace }}/build.sh -DENABLE_RAISR_OPENCL=ON' + run: | + "${{ github.workspace }}/build.sh" -DENABLE_RAISR_OPENCL=ON \ + -DCMAKE_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib;${PREFIX}/lib;" \ + -DCMAKE_C_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp" \ + -DCMAKE_CXX_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp" - name: 'Perform CodeQL Analysis' uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 diff --git a/build.sh b/build.sh index 9f988b8..adcf461 100755 --- a/build.sh +++ b/build.sh @@ -4,7 +4,7 @@ # Copyright 2024-2025 Intel Corporation # Fails the script if any of the commands error (Other than if and some others) -set -ex -o pipefail +set -e -o pipefail SCRIPT_DIR="$(readlink -f "$(dirname -- "${BASH_SOURCE[0]}")")" REPOSITORY_DIR="$(readlink -f "${SCRIPT_DIR}")" @@ -15,6 +15,11 @@ nproc="${nproc:-$(nproc)}" # Env variable BUILD_TYPE can be one off: RelWithDebInfo, Release, Debug BUILD_TYPE="${BUILD_TYPE:-Release}" +CMAKE_C_FLAGS=" -I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp ${CMAKE_C_FLAGS}" +CMAKE_CXX_FLAGS=" -I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp ${CMAKE_CXX_FLAGS}" +CMAKE_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib;${PREFIX}/lib;${CMAKE_LIBRARY_PATH}" +LDFLAGS="${LDFLAGS} -L/opt/intel/oneapi/ipp/latest/lib -L${PREFIX}/lib " + # Helpful when copying and pasting functions and debuging. if printf '%s' "$0" | grep -q '\.sh'; then IN_SCRIPT=true @@ -84,10 +89,10 @@ function check_executable() if check_executable icpx; then CXX=$(check_executable -p icpx) -elif check_executable clang++; then - CXX=$(check_executable -p clang++) elif check_executable g++; then CXX=$(check_executable -p g++) +elif check_executable clang++; then + CXX=$(check_executable -p clang++) else log_error "No suitable cpp compiler found in path." log_error "Please either install one or set it via cxx=*" diff --git a/docker/Flex/Dockerfile.ubuntu22.04 b/docker/Flex/Dockerfile.ubuntu22.04 index 4b57e8e..4a49e29 100644 --- a/docker/Flex/Dockerfile.ubuntu22.04 +++ b/docker/Flex/Dockerfile.ubuntu22.04 @@ -29,9 +29,8 @@ ARG FFMPEG_REPO=https://github.com/ffmpeg/ffmpeg/archive/${FFMPEG_VER}.tar.gz ARG PREFIX=/opt/build ARG DL_PREFIX=/opt - -ENV LD_LIBRARY_PATH="/opt/build/lib:/opt/build/lib64:$LD_LIBRARY_PATH" -ENV PKG_CONFIG_PATH="/opt/build/lib/pkgconfig:$PKG_CONFIG_PATH" +ENV LD_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/lib:${PREFIX}/lib64:/usr/lib:/usr/local/lib:/usr/local/lib64" +ENV PKG_CONFIG_PATH="${PREFIX}/lib/pkgconfig:$PKG_CONFIG_PATH" ENV DEBIAN_FRONTEND="noninteractive" ENV TZ="Europe/Warsaw" @@ -120,43 +119,46 @@ RUN curl -Lf "${MEDIA_DRIVER_REPO}" | tar xz --strip-components=1 -C "${DL_PREFI WORKDIR ${DL_PREFIX}/Video-Super-Resolution-Library COPY . ${DL_PREFIX}/Video-Super-Resolution-Library -RUN ./build.sh -DENABLE_RAISR_OPENCL=ON +RUN ./build.sh -DENABLE_RAISR_OPENCL=ON \ + -DCMAKE_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib;${PREFIX}/lib;" \ + -DCMAKE_C_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp" \ + -DCMAKE_CXX_FLAGS="-I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp" WORKDIR ${DL_PREFIX}/ffmpeg RUN curl -Lf "${FFMPEG_REPO}" | \ tar -zx --strip-components=1 -C "${DL_PREFIX}/ffmpeg" && \ - git -C "${DL_PREFIX}/ffmpeg" apply --whitespace=fix "${DL_PREFIX}/Video-Super-Resolution-Library/ffmpeg/"*.patch && \ + patch -d "${DL_PREFIX}/ffmpeg" -p1 -i <(cat "${DL_PREFIX}/Video-Super-Resolution-Library/ffmpeg/"*.patch) && \ cp "${DL_PREFIX}/Video-Super-Resolution-Library/ffmpeg/vf_raisr"*.c "${DL_PREFIX}/ffmpeg/libavfilter" # Configure and build ffmpeg WORKDIR ${DL_PREFIX}/ffmpeg -# RUN ./configure --disable-shared \ RUN ./configure \ - --disable-debug \ - --disable-doc \ - --enable-static \ - --enable-libipp \ - --enable-gpl \ + --disable-shared \ + --disable-debug \ + --disable-doc \ + --enable-static \ + --enable-libipp \ + --enable-gpl \ --enable-libx264 \ --enable-libx265 \ - --enable-opencl \ - --enable-vaapi \ + --enable-opencl \ + --enable-vaapi \ --enable-libsvtav1 \ - --enable-libvpx \ - --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm -lintlc -lsvml' \ - --extra-cflags='-fopenmp -I/opt/intel/oneapi/ipp/latest/include/ipp/' \ - --extra-ldflags='-fopenmp -L/opt/intel/oneapi/ipp/latest/lib' \ - --enable-cross-compile \ - --prefix="${PREFIX}" && \ + --enable-libvpx \ + --extra-libs='-lraisr -lstdc++ -lippcore -lippvm -lipps -lippi -lm' \ + --extra-cflags='-fopenmp -I/opt/intel/oneapi/ipp/latest/include -I/opt/intel/oneapi/ipp/latest/include/ipp' \ + --extra-ldflags="-fopenmp -L/opt/intel/oneapi/ipp/latest/lib -L${PREFIX}/lib" \ + --enable-cross-compile \ + --prefix="${PREFIX}" && \ make clean && \ make -j"$(nproc)" && \ make install -# cleanup +# # cleanup WORKDIR ${PREFIX} -RUN mkdir -p "${PREFIX}/usr/lib" && \ - ldd "${PREFIX}/bin/ffmpeg" | cut -d ' ' -f 3 | xargs -i cp {} "${PREFIX}/usr/lib/" && \ - LD_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/usr/lib:/usr/local/lib:/usr/local/lib64" /opt/build/bin/ffmpeg -buildconf && \ +RUN mkdir -p "${PREFIX}/usr/lib" "${PREFIX}/usr/local" && \ + LD_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/lib" ldd "${PREFIX}/bin/ffmpeg" | cut -d ' ' -f 3 | xargs -i cp {} "${PREFIX}/usr/lib/" && \ + LD_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib:${PREFIX}/usr/lib" "${PREFIX}/bin/ffmpeg" -buildconf && \ mv "${PREFIX}/bin" "${PREFIX}/usr/bin" && \ mv "${PREFIX}/lib" "${PREFIX}/usr/local/" @@ -172,18 +174,12 @@ LABEL org.opencontainers.image.version="1.0.0" LABEL org.opencontainers.image.vendor="Intel® Corporation" LABEL org.opencontainers.image.licenses="BSD 3-Clause License" -ENV LD_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib/intel64:/usr/local/lib:/usr/local/lib64" +ENV LD_LIBRARY_PATH="/opt/intel/oneapi/ipp/latest/lib:/usr/local/lib:/usr/local/lib64:/usr/lib" ENV LIBVA_DRIVERS_PATH=/usr/local/lib/dri SHELL ["/bin/bash", "-ex", "-o", "pipefail", "-c"] WORKDIR /opt/raisrfolder -COPY --from=build /opt/build / -COPY ./filters_1.5x/ /opt/raisrfolder/filters_1.5x/ -COPY ./filters_2x/ /opt/raisrfolder/filters_2x/ - -COPY docker/Flex/nginx.conf /usr/local/nginx/conf/nginx.conf.copy - RUN apt-get update --fix-missing && \ apt-get full-upgrade -y && \ apt-get install --no-install-recommends -y \ @@ -200,7 +196,14 @@ RUN apt-get update --fix-missing && \ gcc \ zlib1g-dev \ make && \ - curl -fsSL https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | gpg --dearmor | tee /usr/share/keyrings/oneapi-archive-keyring.gpg > /dev/null && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + groupadd -g 2110 vfio && \ + useradd -m -s /bin/bash -G vfio -u 2610 raisr && \ + usermod -aG sudo raisr && \ + passwd -d raisr + +RUN curl -fsSL https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | gpg --dearmor | tee /usr/share/keyrings/oneapi-archive-keyring.gpg > /dev/null && \ curl -fsSL https://repositories.intel.com/graphics/intel-graphics.key | gpg --dearmor | tee /usr/share/keyrings/intel-graphics-archive-keyring.gpg > /dev/null && \ echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" > /etc/apt/sources.list.d/intel-oneAPI.list && \ echo "deb [signed-by=/usr/share/keyrings/intel-graphics-archive-keyring.gpg arch=amd64] https://repositories.intel.com/graphics/ubuntu jammy flex" > /etc/apt/sources.list.d/intel-graphics.list && \ @@ -211,11 +214,14 @@ RUN apt-get update --fix-missing && \ intel-oneapi-ipp-2022.0 && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - ln -s /usr/bin/ffmpeg /opt/raisrfolder/ffmpeg && \ - mkdir -p /opt/nginx /opt/nginx-rtmp-module && \ + mkdir -p "/opt/nginx" "/opt/nginx-rtmp-module" && \ curl -Lf https://github.com/arut/nginx-rtmp-module/archive/refs/heads/master.tar.gz | tar xz --strip-components=1 -C "/opt/nginx-rtmp-module" && \ - curl -Lf http://nginx.org/download/nginx-1.24.0.tar.gz | tar xz --strip-components=1 -C "/opt/nginx" && \ - ldconfig + curl -Lf http://nginx.org/download/nginx-1.24.0.tar.gz | tar xz --strip-components=1 -C "/opt/nginx" + +COPY --from=build /opt/build / +COPY ./filters_1.5x/ /opt/raisrfolder/filters_1.5x/ +COPY ./filters_2x/ /opt/raisrfolder/filters_2x/ +COPY docker/Flex/nginx.conf /usr/local/nginx/conf/nginx.conf.copy # Install ngnix and run ffmpeg to verify that the raisr filter is supported WORKDIR /opt/nginx @@ -224,10 +230,15 @@ RUN ./configure --with-http_ssl_module --add-module=../nginx-rtmp-module && \ make install && \ rm -rf nginx-rtmp-module nginx && \ cp -f /usr/local/nginx/conf/nginx.conf.copy /usr/local/nginx/conf/nginx.conf && \ + ln -s /usr/bin/ffmpeg /opt/raisrfolder/ffmpeg && \ + ldconfig && \ ffmpeg -buildconf && \ ffmpeg -h filter=raisr WORKDIR /opt/raisrfolder -SHELL ["/bin/bash", "-c"] -CMD ["-h", "filter=raisr"] +USER "raisr" + +SHELL [ "/bin/bash", "-c" ] +CMD [ "-buildconf" ] ENTRYPOINT [ "/opt/raisrfolder/ffmpeg" ] +HEALTHCHECK --interval=30s --timeout=5s CMD ps aux | grep "ffmpeg" || exit 1 diff --git a/docker/Xeon/Dockerfile.ubuntu22.04 b/docker/Xeon/Dockerfile.ubuntu22.04 index 9a0284a..994f940 100644 --- a/docker/Xeon/Dockerfile.ubuntu22.04 +++ b/docker/Xeon/Dockerfile.ubuntu22.04 @@ -95,11 +95,12 @@ RUN apt-get update --fix-missing && \ ca-certificates \ libx264-1* \ libx265-1* && \ - apt-get clean && \ + apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ groupadd -g 2110 vfio && \ - useradd -m -s /bin/bash -G vfio -u 1002 raisr && \ - usermod -aG sudo raisr + useradd -m -s /bin/bash -G vfio -u 2610 raisr && \ + usermod -aG sudo raisr && \ + passwd -d raisr COPY --chown=raisr:raisr filters_1.5x /opt/raisrfolder/filters_1.5x COPY --chown=raisr:raisr filters_2x /opt/raisrfolder/filters_2x @@ -113,5 +114,5 @@ USER "raisr" HEALTHCHECK --interval=30s --timeout=5s CMD ps aux | grep "ffmpeg" || exit 1 SHELL ["/bin/bash", "-c"] -CMD ["-h", "filter=raisr"] +CMD ["-buildconf"] ENTRYPOINT [ "/opt/raisrfolder/ffmpeg" ]