build(deps): bump github.com/losisin/helm-values-schema-json/v2 from 2.4.0 to 2.5.0 in /xpumd/tools

.clang-tidy

@@ -0,0 +1,36 @@
+---
+Checks: '*, -abseil-*, -altera-*, -android-*, -fuchsia-*, -google-*, -llvm*, -modernize-use-trailing-return-type,
+  -zircon-*, -readability-else-after-return, -readability-static-accessed-through-instance,
+  -readability-avoid-const-params-in-decls, -cppcoreguidelines-non-private-member-variables-in-classes,
+  -misc-non-private-member-variables-in-classes, -cppcoreguidelines-pro-bounds-array-to-pointer-decay,
+  -hicpp-no-array-decay, -readability-identifier-length'
+WarningsAsErrors: ''
+HeaderFilterRegex: subprojects/**
+FormatStyle: file
+CheckOptions:
+  - key: readability-identifier-naming.VariableCase
+    value: camelBack
+  - key: readability-identifier-naming.GlobalConstantCase
+    value: UPPER_CASE
+  - key: readability-identifier-naming.FunctionCase
+    value: camelBack
+  - key: readability-identifier-naming.ClassCase
+    value: CamelCase
+  - key: readability-identifier-naming.MethodCase
+    value: camelBack
+  - key: readability-identifier-naming.ParameterCase
+    value: camelBack
+  - key: readability-identifier-naming.MemberCase
+    value: camelBack
+  - key: readability-identifier-naming.StructCase
+    value: CamelCase
+  - key: readability-identifier-naming.StructIgnoredRegexp
+    value: .*_t$
+  - key: readability-identifier-naming.TypedefCase
+    value: CamelCase
+  - key: readability-identifier-naming.TypedefIgnoredRegexp
+    value: .*_t$
+  - key: readability-identifier-naming.TypedefCase
+    value: CamelCase
+  - key: readability-identifier-naming.TypedefIgnoredRegexp
+    value: .*_t$

.conan/conan.lock

@@ -1,15 +1,16 @@
 {
     "version": "0.5",
     "requires": [
-        "zlib/1.3.1#cac0f6daea041b0ccf42934163defb20%1765284699.337",
+        "zlib/1.3.2#1cb806da49011867778ffb6ac7190fcb%1777558780.503",
         "openssl/3.6.1#2e0be4a996c7ca91feb31b7fe65117b9%1769599203.736",
         "nlohmann_json/3.10.2#f7dd8a726eb4ae419cab43476be84ed1%1700513007.299",
-        "metee/6.0.0#a4a1918ceb5d5b2f4d0dc8e126fbeed6%1772475347.8847659",
+        "metee/6.0.0#a4a1918ceb5d5b2f4d0dc8e126fbeed6%1779892754.9902008",
         "libcurl/8.5.0#9117c8494e898cf70bbd965658a925bc%1745508826.006",
-        "level-zero/1.27.0#168f0bc338b3f1097f4f98209af7f59a%1773056912.6524134",
-        "igsc/0.9.6#88127b6d017a24466f581aa0adc094b5%1772475350.695227",
+        "level-zero/1.27.0#168f0bc338b3f1097f4f98209af7f59a%1779892818.0372772",
+        "igsc/0.9.6#88127b6d017a24466f581aa0adc094b5%1779892761.5102684",
         "hwloc/2.9.3#11acb96cf1e611d293bf90172fadff7d%1717065022.873",
         "doctest/2.4.11#a4211dfc329a16ba9f280f9574025659%1681601797.282",
+        "cli11/2.6.2#312ccb795ff5b571d9f4b1a3637b1eee%1776949795.774",
         "boost-ext-ut/2.1.0#aec3873a3273d96f85093971c6c8b206%1749912871.352"
     ],
     "build_requires": [

.github/workflows/docs-deploy.yml

@@ -0,0 +1,73 @@
+name: Deploy Docs to gh-pages
+
+on:
+  push:
+    branches: [main, dev, v1.3.x]
+    paths:
+      - 'docs/sphinx/**'
+      - '.github/workflows/docs-deploy.yml'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+concurrency:
+  group: gh-pages
+  cancel-in-progress: true
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout main/dev branch (2.x docs)
+        uses: actions/checkout@v4
+        with:
+          path: src/2.x
+
+      - name: Checkout v1.3.x branch (1.x docs)
+        id: checkout_1x
+        continue-on-error: true
+        uses: actions/checkout@v4
+        with:
+          ref: v1.3.x
+          path: src/1.x
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: pip install -r src/2.x/docs/sphinx/requirements.txt
+
+      - name: Strip 1.x from version switcher (no v1.3.x branch)
+        if: steps.checkout_1x.outcome != 'success'
+        run: |
+          sed -i "/'<option value=\"1.x\">/d" \
+            src/2.x/docs/sphinx/_templates/layout.html
+
+      - name: Build 2.x docs
+        run: make -C src/2.x/docs/sphinx build
+        # Output: src/2.x/docs/sphinx/_build/html/2.0/
+
+      - name: Build 1.x docs
+        if: steps.checkout_1x.outcome == 'success'
+        run: make -C src/1.x/docs/sphinx build
+        # Output: src/1.x/docs/sphinx/_build/html/1.x/
+
+      - name: Assemble combined site
+        run: |
+          mkdir -p _site
+          cp -r src/2.x/docs/sphinx/_build/html/2.0  _site/2.0
+          if [ -d src/1.x/docs/sphinx/_build/html/1.x ]; then
+            cp -r src/1.x/docs/sphinx/_build/html/1.x  _site/1.x
+          fi
+          cp src/2.x/docs/sphinx/root_index.html      _site/index.html
+          touch _site/.nojekyll
+
+      - name: Deploy to gh-pages branch
+        uses: peaceiris/actions-gh-pages@v4
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: _site
+          publish_branch: gh-pages
+          force_orphan: true

.github/workflows/merge-simulation-checks.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: ${{ fromJson(vars.RUNS_ON) }}
     steps:
       - name: Checkout base branch (simulating post-merge state)
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.base_ref }}
           fetch-depth: 0
@@ -73,7 +73,7 @@ jobs:
       contains(github.event.pull_request.files.*.filename, 'meson.build')
     steps:
       - name: Checkout base branch
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.base_ref }}
           fetch-depth: 0
@@ -105,7 +105,7 @@ jobs:
       contains(github.event.pull_request.files.*.filename, 'go.sum')
     steps:
       - name: Checkout base branch
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.base_ref }}
           fetch-depth: 0

.github/workflows/xpumd-ci-checks-go-bindings.yml

@@ -24,11 +24,11 @@ jobs:
           - events-sysman
     steps:
     - name: Check out code
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
     - name: Build examples
-      uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
+      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
       with:
-        context: ./xpumd/receiver/internal/level-zero-go
-        file: ./xpumd/receiver/internal/level-zero-go/examples/Dockerfile
+        context: ./xpumd/level-zero-go
+        file: ./xpumd/level-zero-go/examples/Dockerfile
         build-args: APP=${{ matrix.app }}

.github/workflows/xpumd-ci-checks.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ${{ fromJson(vars.RUNS_ON) }}
     steps:
     - name: Check out code
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
     - name: Check modfiles
       run: ./xpumd/scripts/make-dockerized.sh check-modfiles
@@ -43,11 +43,11 @@ jobs:
     runs-on: ${{ fromJson(vars.RUNS_ON) }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Run Trivy Fs Scan
         continue-on-error: true
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           exit-code: 1
           scan-type: fs
@@ -58,15 +58,15 @@ jobs:
           output: trivy-report.json
 
       - name: Print Trivy report in human-readable format
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           scan-type: convert
           scanners: vuln,secret
           image-ref: trivy-report.json
           format: table
 
       - name: Convert Trivy report to CSV format
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           scan-type: convert
           image-ref: trivy-report.json
@@ -84,7 +84,7 @@ jobs:
     runs-on: ${{ fromJson(vars.RUNS_ON) }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
       - name: Set up Go
         uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
@@ -95,7 +95,7 @@ jobs:
         run: ./xpumd/scripts/trivy-warmup.sh
 
       - name: Run Trivy License Scan
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         env:
           TRIVY_IGNORED_LICENSES: MPL-2.0
         with:

.github/workflows/xpumd-image.yml

@@ -26,23 +26,19 @@ permissions:
 
 jobs:
   build-and-push:
-    runs-on: ${{ fromJson(vars.RUNS_ON) }}
+    runs-on: ${{ fromJson(vars.RUNS_ON_BUILD_AND_PUSH || vars.RUNS_ON) }}
     permissions:
       contents: read
       packages: write
       id-token: write
     steps:
     - name: Check out code
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
 
     - name: Install cosign
-      if: github.event_name == 'push'
       uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
-      with:
-        cosign-release: 'v2.6.1'
 
     - name: Setup Helm
-      if: github.event_name == 'push'
       uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
 
     - name: Docker login
@@ -71,19 +67,30 @@ jobs:
         echo "CHART_APP_VERSION=${tag}" >> $GITHUB_ENV
 
     - name: Set up Docker Buildx
-      if: vars.NO_SETUP_BUILDX != 'true'
-      uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+      if: vars.NO_SETUP_BUILDX_BUILD_AND_PUSH != 'true'
+      uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+      with:
+        driver-opts: |
+          "env.http_proxy=${{ vars.HTTP_PROXY }}"
+          "env.https_proxy=${{ vars.HTTPS_PROXY }}"
+          "env.no_proxy=${{ vars.NO_PROXY }}"
+
 
     - name: Build and push image
       id: build_and_push
-      uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
+      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
       with:
         context: ./xpumd
         file: ./xpumd/Dockerfile
         push: ${{ github.event_name == 'push' }}
+        load: ${{ github.event_name == 'pull_request' }}
         tags: ${{ env.IMAGE_TAG }}
         cache-from: type=gha
         cache-to: type=gha,mode=max
+        build-args: |
+          http_proxy=${{ vars.HTTP_PROXY }}
+          https_proxy=${{ vars.HTTPS_PROXY }}
+          no_proxy=${{ vars.NO_PROXY }}
 
     - name: Sign image
       if: ${{ github.event_name == 'push' }}
@@ -92,22 +99,22 @@ jobs:
       run: cosign sign --yes ${{ env.IMAGE_TAG }}@${{ steps.build_and_push.outputs.digest }}
 
     - name: Run Trivy image scan
-      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+      uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
       with:
         image-ref: ${{ env.IMAGE_TAG }}
         list-all-pkgs: true
         format: json
         output: trivy-report.json
 
     - name: Print Trivy report in human-readable format
-      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+      uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
       with:
         scan-type: convert
         image-ref: trivy-report.json
         format: table
 
     - name: Convert Trivy report to CSV format
-      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+      uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
       with:
         scan-type: convert
         image-ref: trivy-report.json
@@ -121,6 +128,19 @@ jobs:
         name: trivy-xpumd-image-report
         path: trivy-xpumd-image-report.csv
 
+    - name: Generate SBOM
+      uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
+      with:
+        image-ref: ${{ env.IMAGE_TAG }}
+        format: cyclonedx
+        output: sbom-xpumd-image.cdx.json
+
+    - name: Upload SBOM as artifact
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+      with:
+        name: sbom-xpumd-image
+        path: sbom-xpumd-image.cdx.json
+
     - name: Helm login
       if: github.event_name == 'push'
       run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
@@ -133,3 +153,46 @@ jobs:
     - name: Push Helm chart
       if: github.event_name == 'push'
       run: helm push xpumd-*.tgz oci://ghcr.io/${{ github.repository }}/charts/
+
+  integration-test:
+    runs-on: ${{ fromJson(vars.RUNS_ON_INTEGRATION_TEST || vars.RUNS_ON) }}
+    timeout-minutes: 20
+    steps:
+    - name: Check out code
+      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+    - name: Set up Docker Buildx
+      if: vars.NO_SETUP_BUILDX_INTEGRATION_TEST != 'true'
+      uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+      with:
+        driver-opts: |
+          "env.http_proxy=${{ vars.HTTP_PROXY }}"
+          "env.https_proxy=${{ vars.HTTPS_PROXY }}"
+          "env.no_proxy=${{ vars.NO_PROXY }}"
+
+    - name: Build image
+      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+      with:
+        context: ./xpumd
+        file: ./xpumd/Dockerfile
+        load: true
+        tags: xpumd:integration-test
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        build-args: |
+          http_proxy=${{ vars.HTTP_PROXY }}
+          https_proxy=${{ vars.HTTPS_PROXY }}
+          no_proxy=${{ vars.NO_PROXY }}
+
+    - name: Set up Go
+      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      with:
+        go-version-file: xpumd/test/integration/go.mod
+
+    - name: Run integration tests
+      working-directory: xpumd
+      run: |
+        scripts/run-integration-tests.sh \
+          --image-repository=xpumd \
+          --image-tag=integration-test \
+          --kind-load-image