Merge branch 'main' into pr1234

Resolved conflicts:
tests/validation/configs/test_config.yaml
tests/validation/conftest.py
tests/validation/tests/single/st20p/resolutions/test_resolutions.py
tests/validation/tests/single/st22p/format/test_format.py
tests/validation/tests/single/st30p/st30p_format/test_st30p_format.py
tests/validation/tests/single/st41/payload_type/test_payload_type.py

Author: MateuszGrabuszynski

.github/workflows/scorecards.yml

@@ -72,6 +72,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/smoke-tests.yml

@@ -0,0 +1,205 @@
+name: smoke-tests-bare-metal
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - 'maint-**'
+  pull_request:
+    branches:
+      - main
+      - 'maint-**'
+env:
+  BUILD_TYPE: 'Release'
+  DPDK_VERSION: '25.03'
+  DPDK_REBUILD: 'false'
+permissions:
+  contents: read
+jobs:
+  validation-build-mtl:
+    runs-on: [Linux, self-hosted, DPDK]
+    timeout-minutes: 60
+    outputs:
+      pipenv-activate: ${{ steps.pipenv-install.outputs.VIRTUAL_ENV }}
+    steps:
+      - name: 'preparation: Harden Runner'
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        with:
+          egress-policy: audit
+      - name: 'preparation: Restore valid repository owner and print env'
+        if: always()
+        run: |
+          sudo chown -R "${USER}" "$(pwd)" || true
+          env | grep TEST_ || true
+      - name: 'preparation: Checkout MTL'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: '${{ github.ref }}'
+      - name: 'preparation: Checkout DPDK'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        if: env.DPDK_REBUILD == 'true'
+        with:
+          repository: 'DPDK/dpdk'
+          ref: 'v${{  env.DPDK_VERSION  }}'
+          path: 'dpdk'
+      - name: 'preparation: Checkout openh264'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          repository: 'cisco/openh264'
+          ref: 'openh264v2.4.0'
+          path: 'openh264'
+      - name: 'preparation: Checkout FFmpeg'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          repository: 'FFmpeg/FFmpeg'
+          ref: 'release/7.0'
+          path: 'ffmpeg'
+      - name: 'configuration: Install the build dependency'
+        run: |
+          sudo apt update
+          sudo apt-get remove -y pipenv || true
+          sudo apt-get install -y \
+              git gcc meson tar zip \
+              pkg-config \
+              python3 \
+              python3-pyelftools \
+              python3-virtualenv \
+              python3-pip \
+              libnuma-dev \
+              libjson-c-dev \
+              libpcap-dev \
+              libgtest-dev \
+              libsdl2-dev \
+              libsdl2-ttf-dev \
+              libssl-dev \
+              systemtap-sdt-dev \
+              libbpf-dev \
+              libelf1 \
+              gstreamer1.0-plugins-base \
+              gstreamer1.0-plugins-good \
+              gstreamer1.0-tools \
+              gstreamer1.0-libav \
+              libgstreamer1.0-dev \
+              libgstreamer-plugins-base1.0-dev
+      - name: 'configuration: Apply dpdk patches'
+        if: env.DPDK_REBUILD == 'true'
+        run: |
+          patch -d "dpdk" -p1 -i <(cat patches/dpdk/${{  env.DPDK_VERSION  }}/*.patch)
+      - name: 'installation: Build dpdk'
+        working-directory: dpdk
+        if: env.DPDK_REBUILD == 'true'
+        run: |
+          meson build
+          ninja -C build
+          sudo ninja -C build install
+      - name: 'installation: Build mtl'
+        run: |
+          ./build.sh
+          sudo ldconfig
+      - name: 'installation: Build openh264'
+        working-directory: openh264
+        run: |
+          make -j "$(nproc)"
+          sudo make install
+          sudo ldconfig
+      - name: 'installation: Build FFmpeg'
+        working-directory: ffmpeg
+        run: |
+          git am ../ecosystem/ffmpeg_plugin/7.0/*.patch
+          cp ../ecosystem/ffmpeg_plugin/mtl_*.c -rf libavdevice/
+          cp ../ecosystem/ffmpeg_plugin/mtl_*.h -rf libavdevice/
+          ./configure --enable-shared --disable-static --enable-nonfree --enable-pic --enable-gpl --enable-libopenh264 --enable-encoder=libopenh264 --enable-mtl
+          make -j "$(nproc)"
+          sudo make install
+          sudo ldconfig
+      - name: 'installation: Build GStreamer'
+        working-directory: ecosystem/gstreamer_plugin
+        run: |
+          ./build.sh
+      - name: 'installation: Install pipenv environment'
+        working-directory: tests/validation
+        id: pipenv-install
+        run: |
+          python3 -m venv venv
+          source venv/bin/activate
+          pip install -r requirements.txt
+          echo "VIRTUAL_ENV=$PWD/venv/bin/activate" >> "$GITHUB_ENV"
+  validation-run-tests:
+    needs: [validation-build-mtl]
+    runs-on: [Linux, self-hosted, DPDK]
+    timeout-minutes: 720
+    env:
+      PYTEST_RETRIES: '3'
+    steps:
+      - name: 'preparation: Harden Runner'
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        with:
+          egress-policy: audit
+      - name: 'preparation: Evaluate choosen validation-test-port-p and validation-test-port-r'
+        run: |
+          eval "export TEST_PORT_P=TEST_VF_PORT_P_0"
+          eval "export TEST_PORT_R=TEST_VF_PORT_P_1"
+          echo "TEST_PORT_P=${TEST_PORT_P}" >> "$GITHUB_ENV"
+          echo "TEST_PORT_R=${TEST_PORT_R}" >> "$GITHUB_ENV"
+          echo "TEST_PORT_P=${TEST_PORT_P}"
+          echo "TEST_PORT_R=${TEST_PORT_R}"
+      - name: 'preparation: Kill MtlManager and pytest routines'
+        run: |
+          sudo killall -SIGINT pipenv || true
+          sudo killall -SIGINT pytest || true
+          sudo killall -SIGINT MtlManager || true
+      - name: 'preparation: Create VFs'
+        run: |
+          sudo rmmod irdma || true
+          sudo ./script/nicctl.sh create_vf "${TEST_PF_PORT_P}" || true
+          sudo ./script/nicctl.sh create_vf "${TEST_PF_PORT_R}" || true
+      - name: 'preparation: Start MtlManager at background'
+        run: |
+          sudo MtlManager &
+      - name: 'execution: Run validation-bare-metal tests in virtual environment'
+        run: |
+          sudo tests/validation/venv/bin/python3 -m pytest --topology_config=tests/validation/configs/topology_config.yaml --test_config=tests/validation/configs/test_config.yaml -m smoke  --template=html/index.html --report=report.html
+      - name: "upload report"
+        id: upload-report
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: smoke-tests-report
+          path: |
+            report.html
+      - name: "Add report to summary"
+        if: always()
+        run: |
+          {
+            echo "## Smoke Tests Report"
+            echo ""
+            # Check if JSON report exists
+            if [ -f "report.json" ]; then
+              # Parse JSON report
+                PASSED=$(jq '.summary.passed // 0' report.json)
+                FAILED=$(jq '.summary.failed // 0' report.json)
+                SKIPPED=$(jq '.summary.skipped // 0' report.json)
+                ERROR=$(jq '.summary.errors // 0' report.json)
+              # Add summary stats
+              echo "| Status | Count |"
+              echo "| ------ | ----- |"
+              echo "| ✅ Passed | ${PASSED:-0} |"
+              echo "| ❌ Failed | ${FAILED:-0} |"
+              echo "| ⚠️ Error | ${ERROR:-0} |"
+              echo "| ⏭️ Skipped | ${SKIPPED:-0} |"
+              echo ""
+              # Add test result details if available
+              TOTAL=$((${PASSED:-0} + ${FAILED:-0} + ${ERROR:-0} + ${SKIPPED:-0}))
+              echo "**Total Tests:** $TOTAL"
+              echo ""
+              if [ "${FAILED:-0}" -gt 0 ] || [ "${ERROR:-0}" -gt 0 ]; then
+                echo "❌ **Some tests failed!** Please check the detailed report."
+              else
+                echo "✅ **All tests passed!**"
+              fi
+              echo ""
+              # Add link to full report artifact
+              echo "📄 [Download Full HTML Report](https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/artifacts/${{ steps.upload-report.outputs.artifact-id }})"
+            else
+              echo "❌ No report.json file was generated"
+            fi
+          } >> "$GITHUB_STEP_SUMMARY"

.github/workflows/trivy.yml

@@ -53,7 +53,7 @@ jobs:
 
 
       - name: Run Trivy vulnerability scanner with sarif output
-        uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
+        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
         with:
           scan-type: config
           scan-ref: ./docker
@@ -63,7 +63,7 @@ jobs:
           output: Trivy-dockerfile.sarif
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
         with:
           sarif_file: Trivy-dockerfile.sarif
 
@@ -91,7 +91,7 @@ jobs:
           ref: ${{ inputs.branch }}
 
       - name: Run Trivy vulnerability scanner with sarif output
-        uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
+        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
         with:
           scan-type: config
           scan-ref: ./manager
@@ -101,7 +101,7 @@ jobs:
           output: Trivy-manager-dockerfile.sarif
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
         with:
           sarif_file: Trivy-manager-dockerfile.sarif
 
@@ -127,7 +127,7 @@ jobs:
           ref: ${{ inputs.branch }}
 
       - name: Run Trivy vulnerability scanner with table output
-        uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
+        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
         with:
           scan-type: config
           scan-ref: ./docker
@@ -137,7 +137,7 @@ jobs:
           vuln-type: os,library
 
       - name: Run Trivy manager vulnerability scanner with table output
-        uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
+        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
         with:
           scan-type: config
           scan-ref: ./manager

app/sample/ext_frame/rx_st20_pipeline_dyn_ext_frame_sample.c

@@ -42,13 +42,23 @@ static int rx_st20p_query_ext_frame(void* priv, struct st_ext_frame* ext_frame,
   struct rx_st20p_sample_ctx* s = priv;
   int i = s->ext_idx;
   MTL_MAY_UNUSED(meta);
-
   /* you can check the timestamp from lib by meta->timestamp */
 
   ext_frame->addr[0] = s->ext_frames[i].buf_addr;
   ext_frame->iova[0] = s->ext_frames[i].buf_iova;
   ext_frame->size = s->ext_frames[i].buf_len;
 
+  uint8_t* addr = ext_frame->addr[0];
+  uint8_t planes = st_frame_fmt_planes(meta->fmt);
+  for (int plane = 0; plane < planes; plane++) {
+    if (plane > 0)
+      ext_frame->iova[plane] =
+          ext_frame->iova[plane - 1] + ext_frame->linesize[plane - 1] * meta->height;
+    ext_frame->linesize[plane] = st_frame_least_linesize(meta->fmt, meta->width, plane);
+    ext_frame->addr[plane] = addr;
+    addr += ext_frame->linesize[plane] * meta->height;
+  }
+
   /* save your private data here get it from st_frame.opaque */
   /* ext_frame->opaque = ?; */
 
@@ -150,6 +160,15 @@ int main(int argc, char** argv) {
   ret = rx_sample_parse_args(&ctx, argc, argv);
   if (ret < 0) return ret;
 
+  bool is_output_yuv420 = ctx.output_fmt == ST_FRAME_FMT_YUV420CUSTOM8 ||
+                          ctx.output_fmt == ST_FRAME_FMT_YUV420PLANAR8;
+  if (ctx.ext_frame && is_output_yuv420) {
+    warn(
+        "%s: external frame mode does not support yuv420 output format, use other format "
+        "e.g. yuv422\n",
+        __func__);
+  }
+
   /* enable auto start/stop */
   ctx.param.flags |= MTL_FLAG_DEV_AUTO_START_STOP;
   ctx.st = mtl_init(&ctx.param);
@@ -199,12 +218,13 @@ int main(int argc, char** argv) {
     ops_rx.framebuff_cnt = app[i]->fb_cnt;
     ops_rx.notify_frame_available = rx_st20p_frame_available;
 
-    if (equal) {
-      /* no convert, use ext frame for example */
+    if (equal || ctx.ext_frame) {
+      /* pre-allocate ext frames */
       app[i]->ext_frames =
           (struct st20_ext_frame*)malloc(sizeof(*app[i]->ext_frames) * app[i]->fb_cnt);
-      size_t framebuff_size =
-          st20_frame_size(ops_rx.transport_fmt, ops_rx.width, ops_rx.height);
+      size_t framebuff_size = st_frame_size(ops_rx.output_fmt, ops_rx.width,
+                                            ops_rx.height, ops_rx.interlaced);
+
       size_t fb_size = framebuff_size * app[i]->fb_cnt;
       /* alloc enough memory to hold framebuffers and map to iova */
       mtl_dma_mem_handle dma_mem = mtl_dma_mem_alloc(ctx.st, fb_size);
@@ -225,6 +245,7 @@ int main(int argc, char** argv) {
       /* use dynamic external frames */
       ops_rx.query_ext_frame = rx_st20p_query_ext_frame;
       ops_rx.flags |= ST20P_RX_FLAG_RECEIVE_INCOMPLETE_FRAME;
+      ops_rx.flags |= ST20P_RX_FLAG_EXT_FRAME;
     }
 
     st20p_rx_handle rx_handle = st20p_rx_create(ctx.st, &ops_rx);

app/src/app_platform.h

@@ -162,12 +162,12 @@ static inline void st_usleep(
 #endif
 }
 
-static inline int st_get_real_time(struct timespec* ts) {
-  return clock_gettime(CLOCK_REALTIME, ts);
+static inline int st_get_tai_time(struct timespec* ts) {
+  return clock_gettime(CLOCK_TAI, ts);
 }
 
-static inline int st_set_real_time(struct timespec* ts) {
-  return clock_settime(CLOCK_REALTIME, ts);
+static inline int st_set_tai_time(struct timespec* ts) {
+  return clock_settime(CLOCK_TAI, ts);
 }
 
 #ifdef APP_HAS_SSL

lib/src/st2110/st_header.h

@@ -747,8 +747,6 @@ struct st_tx_audio_session_pacing {
   uint64_t cur_epochs;      /* epoch of current pkt */
   /* timestamp for rtp header */
   uint32_t rtp_time_stamp;
-  /* timestamp for pacing */
-  uint32_t pacing_time_stamp;
   uint64_t cur_epoch_time;
   /* in ns, tsc time cursor for packet pacing */
   uint64_t tsc_time_cursor;