Reworked action with linters

[lwbt]

Linters

Improve quality, consistency and readbility with the following pre-commit hooks:

• action-lint
• shellcheck
• shfmt
• zizmor

Findings

Lint GitHub Actions workflow files.......................................Failed
- hook id: actionlint
- exit code: 1

.github/workflows/licheervnano-host-linux-amd64.yml:16:19: property "os" is not defined in object type {} [expression]
   |
16 |           key: ${{matrix.os }}-${{ matrix.type }}
   |                   ^~~~~~~~~
.github/workflows/licheervnano-host-linux-amd64.yml:18:9: shellcheck reported issue in this script: SC2086:info:1:43: Double quote to prevent globbing and word splitting [shellcheck]
   |
18 |         run: |
   |         ^~~~
.github/workflows/licheervnano-host-linux-amd64.yml:18:9: shellcheck reported issue in this script: SC2086:info:2:38: Double quote to prevent globbing and word splitting [shellcheck]
   |
18 |         run: |
   |         ^~~~
.github/workflows/licheervnano-host-linux-amd64.yml:55:9: shellcheck reported issue in this script: SC2002:style:9:7: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead [shellcheck]
   |
55 |         run: |
   |         ^~~~
.github/workflows/licheervnano-host-linux-amd64.yml:55:9: shellcheck reported issue in this script: SC2002:style:18:7: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead [shellcheck]
   |
55 |         run: |
   |         ^~~~
.github/workflows/licheervnano-host-linux-amd64.yml:55:9: shellcheck reported issue in this script: SC2002:style:27:7: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead [shellcheck]
   |
55 |         run: |
   |         ^~~~

zizmor...................................................................Failed
- hook id: zizmor
- exit code: 13
warning[artipacked]: credential persistence through GitHub Actions artifacts
  --> .github/workflows/licheervnano-host-linux-amd64.yml:42:9
   |
42 |         - name: Checkout Repo
   |  _________-
43 | |         uses: actions/checkout@v3
44 | |         with:
45 | |           path: 'cvi_mmf_sdk' # TODO: make this name a global variable
46 | |           ref: 'main'
   | |_____________________- does not set persist-credentials: false
   |
   = note: audit confidence → Low

1 finding: 0 unknown, 0 informational, 0 low, 1 medium, 0 high

Worklog

• property "os" is not defined -- ignored
• SC2086 -- resolved
• SC2002 -- resolved
• does not set persist-credentials: false -- resolved
• TODO: make this name a global variable -- resolved, creates more linter warnings, also resolved
• list of packages flattened and de-duplicated (flex and other packages were included twice), some of the packages look like meta packages to me and should be checked, Consider using --no-install-recommends option to only install the required packages.
• variant configuration is processed 3 times and has been turned into a loop by leveraging bash string manipulation https://www.gnu.org/software/bash/manual/bash.html#Shell-Parameter-Expansion
  Example to proof that it works as intended:

$ panel="hd228001c31"
$ sed -e "s/CONFIG_MIPI_PANEL_ZCT2133V1/CONFIG_MIPI_PANEL_ST7701_${panel^^}/g" <<< "CONFIG_MIPI_PANEL_ZCT2133V1__123"
CONFIG_MIPI_PANEL_ST7701_HD228001C31__123

[scpcom]

Thank you for the rework. I am not using this workflow, it is part of the original project.
Do you use the workflow? I would merge it if it is OK.
On your rework a backslash is missing:
https://github.com/lwbt/LicheeSG-Nano-Build/blob/develop/.github/workflows/licheervnano-host-linux-amd64.yml#L73

[lwbt]

Thank you for checking and finding this one issue, it was not on purpose.

Edit: I'm wondering how this could pass the linters. 🤔

I was wondering how this workflow is used. Thanks for clearing it up. My intention was to work on the scripts actually, but I thought if there is a GitHub Action, it would be more important and have more value for anyone who uses it. However I don't use it myself yet.

Do you plan to maintain this repository and eventually upstream the work so that images with more recent components and patches/fixes can be built, or was it a one-off after my EMBA report?

I think the work you did here has a lot of value and should be upstreamed to encourage community contributions to NanoKVM and other products while also improving workflows and collaboration.

But at the moment I'm rather confused about how the product comes together. If you intend to maintain a fork that is synced with upstream from time to time that would also be fine. I'd be glad to offer support.

[scpcom]

I tried to upstream some stuff month ago but did not get any response there:
sipeed/LicheeRV-Nano-Build#44
sipeed/LicheeRV-Nano-Build#45

At this moment it is much easier to maintain my own variant and I will try my best to keep it alive.
My main focus was to be able to build a reproducible full open source image.
For the future I can not provide "real-time" updates to include all available patches/fixes for the sub-components.
Her are some thoughts about what I can do:

• NanoKVM app (server/web): I use the original repo, updates can be provided fast if no breaking changes are included
• Commits from original LicheeRV-Nano-Build project: This is a semi-auomated process and actually easy to keep up to date.
• linux: merging from kernel.org is easy and can be done frequently as long as the LTS support is active
• buildroot: Merging is possible but to much things can go wrong because releases like 2024.05.3 already contain updates that are conflicting with 2024.08 or later. Maybe I will (semi-)annual start a fresh branch with latest release and re-apply the patches.
• sopho middleware.: Updating was useful at the beginning but is useless at this moment because instead of making more open source they splitted the closed source .so libs into hundreds of .o files.
• sophgo osdrv: depending on middleware