open-edge-platform · elvin03 · Apr 9, 2025 · Apr 13, 2025 · Apr 23, 2025 · Apr 23, 2025
@@ -11,6 +11,8 @@ on:
       - .github/workflows/check-circular-deps.yml
       - '**.spec'
 
+permissions: read-all
+
 jobs:
   spec-check:
     name: Circular dependency check
@@ -20,6 +22,8 @@ jobs:
       # Checkout the branch of our repo that triggered this action
       - name: Workflow trigger checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Check for circular dependencies
         run: |

@@ -20,7 +20,9 @@ jobs:
       # Checkout the branch of our repo that triggered this action
       - name: Workflow trigger checkout
         uses: actions/checkout@v4
-
+        with:
+          persist-credentials: false
+
       # For consistency, we use the same major/minor version of Python that Azure Linux ships
       - name: Setup Python 3.12
         uses: actions/setup-python@v5

@@ -24,7 +24,9 @@ jobs:
       # Checkout the branch of our repo that triggered this action
       - name: Workflow trigger checkout
         uses: actions/checkout@v4
-
+        with:
+          persist-credentials: false
+
       - name: Setup Python 3.12
         uses: actions/setup-python@v5
         with:

@@ -22,6 +22,8 @@ jobs:
     steps:
     - name: Check out code
       uses: actions/checkout@v4
+      with:
+          persist-credentials: false
 
     # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond
     - name: Define missing rpm macros

@@ -22,6 +22,8 @@ jobs:
     steps:
     - name: Check out code
       uses: actions/checkout@v4
+      with:
+          persist-credentials: false
 
     # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond
     - name: Define missing rpm macros
@@ -33,9 +35,12 @@ jobs:
     - name: Get base commit for PRs
       if: ${{ github.event_name == 'pull_request' }}
       run: |
-        git fetch origin ${{ github.base_ref }}
-        echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV"
-        echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"
+        base_ref="${BASE_REF}"
+        git fetch origin $base_ref
+        echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV"
+        echo "Merging ${{ github.sha }} into $base_ref"
+      env:
+        BASE_REF: ${{ github.base_ref }}
 
     - name: Get base commit for Pushes
       if: ${{ github.event_name == 'push' }}

@@ -11,6 +11,8 @@ on:
       - .github/workflows/check-source-signatures.yml
       - '**.spec'
 
+permissions: read-all
+
 jobs:
   spec-check:
     name: Source Signature Check
@@ -24,6 +26,7 @@ jobs:
       - name: Workflow trigger checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           fetch-depth: 0
 
       # For consistency, we use the same major/minor version of Python that Azure Linux ships
@@ -38,8 +41,11 @@ jobs:
       - name: Get base commit for PRs
         if: ${{ github.event_name == 'pull_request' }}
         run: |
-          echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV"
-          echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"
+          base_ref="${BASE_REF}"
+          echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV"
+          echo "Merging ${{ github.sha }} into $base_ref"
+        env:
+          BASE_REF: ${{ github.base_ref }}
 
       - name: Get base commit for Pushes
         if: ${{ github.event_name == 'push' }}

@@ -24,6 +24,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       # For consistency, we use the same major/minor version of Python that Azure Linux ships
       - name: Setup Python 3.12
@@ -37,8 +38,11 @@ jobs:
       - name: Get base commit for PRs
         if: ${{ github.event_name == 'pull_request' }}
         run: |
-          echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV"
-          echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"
+          base_ref="${BASE_REF}"
+          echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV"
+          echo "Merging ${{ github.sha }} into $base_ref"
+        env:
+          BASE_REF: ${{ github.base_ref }}
 
       - name: Get base commit for Pushes
         if: ${{ github.event_name == 'push' }}
@@ -63,6 +67,7 @@ jobs:
         with:
           ref: '3.0'
           path: '3.0-checkout'
+          persist-credentials: false
 
       - name: Verify .spec files
         if: ${{ env.updated-specs != '' }}

@@ -22,6 +22,8 @@ jobs:
       # Checkout the branch of our repo that triggered this action
       - name: Workflow trigger checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       # For consistency, we use the same major/minor version of Python that Azure Linux ships
       - name: Setup Python 3.12

@@ -33,6 +33,8 @@ jobs:
 
     - name: Check out code into the Go module directory
       uses: actions/checkout@v4
+      with:
+          persist-credentials: false
 
     - name: Check go.mod
       run: |

@@ -24,13 +24,17 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Get base commit for PRs
         if: ${{ github.event_name == 'pull_request' }}
         run: |
-          echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV"
-          echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"
-
+          base_ref="${BASE_REF}"
+          echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV"
+          echo "Merging ${{ github.sha }} into $base_ref"
+        env:
+          BASE_REF: ${{ github.base_ref }}
+
       - name: Get base commit for Pushes
         if: ${{ github.event_name == 'push' }}
         run: |
@@ -50,6 +54,7 @@ jobs:
         with:
           ref: '3.0'
           path: '3.0-checkout'
+          persist-credentials: false
 
       # Our linter is based on the spec-cleaner tool from the folks at openSUSE
       # We apply a patch to modify it for our needs
@@ -59,6 +64,7 @@ jobs:
           repository: 'rpm-software-management/spec-cleaner'
           ref: 'spec-cleaner-1.2.0'
           path: 'spec-cleaner'
+          persist-credentials: false
 
       # For consistency, we use the same major/minor version of Python that Azure Linux ships
       - name: Setup Python 3.12

@@ -16,6 +16,8 @@ on:
       - "**.spec"
       - "**.patch"
 
+permissions: read-all
+
 jobs:
   lint:
     name: Lint Workflows and Code
@@ -32,6 +34,8 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
+
       - name: Lint
         uses: github/super-linter/slim@v7
         env:

@@ -7,6 +7,8 @@ on:
   pull_request:
     branches: [main, 3.0*]
 
+permissions: read-all
+
 jobs:
   spec-check:
     name: Github Merge Conflict Check
@@ -16,13 +18,18 @@ jobs:
       # Checkout the branch of our repo that triggered this action
       - name: Workflow trigger checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Get base commit for PRs
         if: ${{ github.event_name == 'pull_request' }}
         run: |
-          git fetch origin ${{ github.base_ref }}
-          echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV
-          echo "Merging ${{ github.sha }} into ${{ github.base_ref }}"
+          base_ref="${BASE_REF}"
+          git fetch origin $base_ref
+          echo "base_sha=$(git rev-parse origin/$base_ref)" >> $GITHUB_ENV
+          echo "Merging ${{ github.sha }} into $base_ref"
+        env:
+          BASE_REF: ${{ github.base_ref }}
 
       - name: Get base commit for Pushes
         if: ${{ github.event_name == 'push' }}

@@ -12,15 +12,19 @@ on:
           - microvisor-toolkit
 
 permissions:
-  contents: read
+  contents: read          # needed for actions/checkout
+  pull-requests: read     # needed for gh pr list
+  issues: write           # needed to post PR comment
 
 jobs:
   build_microvisor-toolkit:
     if: ${{ (github.event.inputs.target == 'microvisor-toolkit') || (github.event.inputs.target == 'all-documentation') }}
-    uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@2fc4c75be6b7f308dd95bdf5a822e466437734ac
+    uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@734970a73e3d6e8d7cd160e2cad6366770f52403
     secrets:
       SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }}
       DOC_AWS_ACCESS_KEY_ID: ${{ secrets.DOC_AWS_ACCESS_KEY_ID }}
       DOC_AWS_SECRET_ACCESS_KEY: ${{ secrets.DOC_AWS_SECRET_ACCESS_KEY }}
     with:
-      docs_directory: docs
+      docs_directory: '.'
+      branch_pattern: '^3\.0.*$'
+
@@ -16,8 +16,8 @@ The currently published versions are:
 
 * Edge Microvisor Toolkit (immutable)
 * Edge Microvisor Toolkit with real time extensions (immutable)
-* Edge Microvisor Toolkit Standalone (immutable)
-* Edge Microvisor Toolkit Developer (mutable)
+* Edge Microvisor Toolkit Standalone (immutable) ([Download link](https://edgesoftwarecatalog.intel.com/details/?microserviceType=recipe&microserviceNameForUrl=edge-microvisor-toolkit-standalone-node))
+* Edge Microvisor Toolkit Developer (mutable) ([Download link](https://edgesoftwarecatalog.intel.com/details/?microserviceType=recipe&microserviceNameForUrl=edge--microvisor-toolkit-development-node))
 
 The Edge Microvisor Toolkit has undergone extensive validation across all Intel
 platforms such as  Xeon®, Intel® Core Ultra™, Intel Core™ and Intel® Atom®. It

@@ -3,7 +3,7 @@ Description=Docker Socket for the API
 PartOf=docker.service
 
 [Socket]
-ListenStream=/var/run/docker.sock
+ListenStream=/run/docker.sock
 SocketMode=0660
 SocketUser=root
 SocketGroup=docker

@@ -1,7 +1,7 @@
 {
  "Signatures": {
   "docker.service": "b150b3ce0947a65c655ed09dfe4e48b7464c60542f9f9902330288bbf87af38e",
-  "docker.socket": "51a06786cae46bc63b7314c25d0bd5bb2e676120d80874b99e35bf60d0b0ffa8",
+  "docker.socket": "cc1b8bd06696541caa64ec96694f1b7aacae8394286125463ead25fb4286b37d",
   "moby-engine-25.0.3.tar.gz": "4cdb516f5d6f5caf8b3bcf93c2962277ba727cfd2d1620176a3bb0cf153b3590"
  }
 }
@@ -3,7 +3,7 @@
 Summary: The open-source application container engine
 Name:    moby-engine
 Version: 25.0.3
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: ASL 2.0
 Group:   Tools/Container
 URL: https://mobyproject.org
@@ -87,6 +87,11 @@ GIT_COMMIT=%{commit_hash}
 DOCKER_GITCOMMIT=${GIT_COMMIT:0:7} DOCKER_BUILDTAGS='seccomp' hack/make.sh dynbinary
 
 %install
+# Create runtime/config directories
+mkdir -p %{buildroot}/var/lib/docker
+mkdir -p %{buildroot}/var/log/docker
+mkdir -p %{buildroot}%{_sysconfdir}/docker
+
 mkdir -p %{buildroot}%{_bindir}
 install -p -m 755 ./bundles/dynbinary-daemon/dockerd %{buildroot}%{_bindir}/dockerd
 
@@ -105,6 +110,9 @@ if ! grep -q "^docker:" /etc/group; then
     groupadd --system docker
 fi
 
+%{_bindir}/systemctl enable docker
+%{_bindir}/systemctl start docker
+
 %preun
 %systemd_preun docker.service
 
@@ -117,8 +125,14 @@ fi
 %{_libexecdir}/docker-proxy
 %{_sysconfdir}/*
 %{_unitdir}/*
+/var/lib/docker
+/var/log/docker
+%dir %{_sysconfdir}/docker
 
 %changelog
+* Fri May 2 2025 Mah Yock Gen <[email protected]> - 25.0.3-12
+- Enable Docker service to start during system initialization
+
 * Fri Mar 21 2025 Anuj Mittal <[email protected]> - 25.0.3-11
 - Bump Release to rebuild