rdkcentral · brendanobra · Jun 10, 2026 · Jun 9, 2026 · Jun 9, 2026 · Jun 9, 2026
diff --git a/.github/workflows/native_full_build.yml b/.github/workflows/native_full_build.yml
@@ -0,0 +1,62 @@
+name: Build Component in Native Environment
+
+on:
+  workflow_dispatch:
+    inputs:
+      container_image:
+        description: Container image used for native build
+        required: false
+        default: ghcr.io/rdkcentral/docker-rdk-ci:latest
+        type: string
+      skip_build_dependencies:
+        description: Skip build_dependencies.sh
+        required: false
+        default: false
+        type: boolean
+      strict_transport_bootstrap:
+        description: Force transport bootstrap and ignore host/system package paths
+        required: false
+        default: true
+        type: boolean
+      force_release_transport:
+        description: Force transport bootstrap from pinned release archive (.transport.version)
+        required: false
+        default: false
+        type: boolean
+  push:
+    branches: [ main, '*.*.x-maintenance' ]
+    paths: ['**/*.c', '**/*.cpp', '**/*.cc', '**/*.cxx', '**/*.h', '**/*.hpp', 'CMakeLists.txt', 'cmake/**', 'build_dependencies.sh', 'cov_build.sh', '.github/workflows/native_full_build.yml']
+  pull_request:
+    branches: [ main, '*.*.x-maintenance' ]
+    paths: ['**/*.c', '**/*.cpp', '**/*.cc', '**/*.cxx', '**/*.h', '**/*.hpp', 'CMakeLists.txt', 'cmake/**', 'build_dependencies.sh', 'cov_build.sh', '.github/workflows/native_full_build.yml']
+
+permissions:
+  contents: read
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  native-build:
+    name: Build firebolt-cpp-client in native environment
+    runs-on: ubuntu-latest
+    container:
+      image: ${{ github.event_name == 'workflow_dispatch' && inputs.container_image || 'ghcr.io/rdkcentral/docker-rdk-ci:latest' }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install build dependencies
+        if: ${{ github.event_name != 'workflow_dispatch' || !fromJSON(github.event.inputs.skip_build_dependencies || 'false') }}
+        run: bash -x build_dependencies.sh
+
+      - name: Build
+        run: bash -x cov_build.sh
+        env:
+          COV_DEPS_PREFIX: ${{ github.workspace }}/.cov-deps
+          COV_FORCE_BOOTSTRAP_TRANSPORT: ${{ github.event_name == 'workflow_dispatch' && inputs.strict_transport_bootstrap && '1' || '0' }}
+          COV_SKIP_SYSTEM_TRANSPORT: ${{ github.event_name == 'workflow_dispatch' && inputs.strict_transport_bootstrap && '1' || '0' }}
+          COV_FORCE_RELEASE_TRANSPORT: ${{ github.event_name == 'workflow_dispatch' && inputs.force_release_transport && '1' || '0' }}
+          GITHUB_TOKEN: ${{ secrets.RDKCM_RDKE || github.token }}
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 node_modules/
 build/
 build-*/
+.cov-deps*/
+act-*.log
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -45,6 +45,27 @@ list(APPEND CMAKE_MODULE_PATH
     "${SYSROOT_PATH}/usr/lib/cmake"
 )
 
+set(FIREBOLT_TRANSPORT_ROOT "" CACHE PATH
+    "Optional install prefix for FireboltTransport (contains lib/cmake/FireboltTransport)"
+)
+
+if(NOT FIREBOLT_TRANSPORT_ROOT AND DEFINED ENV{FIREBOLT_TRANSPORT_ROOT} AND NOT "$ENV{FIREBOLT_TRANSPORT_ROOT}" STREQUAL "")
+    set(FIREBOLT_TRANSPORT_ROOT "$ENV{FIREBOLT_TRANSPORT_ROOT}" CACHE PATH
+        "Optional install prefix for FireboltTransport (contains lib/cmake/FireboltTransport)" FORCE)
+endif()
+
+if(FIREBOLT_TRANSPORT_ROOT)
+    list(INSERT CMAKE_PREFIX_PATH 0 "${FIREBOLT_TRANSPORT_ROOT}")
+endif()
+
+if(NOT FireboltTransport_ROOT AND DEFINED ENV{FireboltTransport_ROOT})
+    set(FireboltTransport_ROOT "$ENV{FireboltTransport_ROOT}")
+endif()
+
+if(NOT FireboltTransport_ROOT AND FIREBOLT_TRANSPORT_ROOT)
+    set(FireboltTransport_ROOT "${FIREBOLT_TRANSPORT_ROOT}")
+endif()
+
 find_package(nlohmann_json CONFIG REQUIRED)
 
 file(READ "${CMAKE_CURRENT_SOURCE_DIR}/.transport.version" FIREBOLT_TRANSPORT_VERSION_RAW)

diff --git a/COVERITY.md b/COVERITY.md
@@ -0,0 +1,150 @@
+# Coverity Build Guide
+
+This document describes the Coverity-friendly build flow for firebolt-cpp-client, including fully unattended transport dependency provisioning.
+
+## Purpose
+
+`cov_build.sh` is designed to run in clean/off nodes where FireboltTransport may not already be installed.
+
+The script configures and builds a Debug test-enabled build so Coverity can capture both library and test compilation units.
+
+## Quick Start
+
+Run from repo root:
+
+```bash
+./cov_build.sh
+```
+
+Strict no-host-dependency mode:
+
+```bash
+COV_FORCE_BOOTSTRAP_TRANSPORT=1 \
+COV_SKIP_SYSTEM_TRANSPORT=1 \
+COV_FORCE_RELEASE_TRANSPORT=1 \
+./cov_build.sh
+```
+
+Local ad-hoc workflow test via act:
+
+```bash
+make -f Makefile.act act-native
+```
+
+Faster local loop when dependencies are already present in the container image:
+
+```bash
+make -f Makefile.act act-native-fast
+```
+
+## Dependency Resolution Order
+
+`cov_build.sh` resolves FireboltTransport in this order.
+
+1. Explicit `FireboltTransport_DIR` if provided.
+2. Local bootstrap prefix (`COV_DEPS_PREFIX`, default `.cov-deps`).
+3. System CMake package paths (`/usr/local/...`, `/usr/...`) unless disabled.
+4. Sibling repo bootstrap from `../firebolt-cpp-transport`.
+5. Release tarball bootstrap using pinned version from `.transport.version`.
+
+After bootstrap, the script passes `-DFireboltTransport_DIR=<resolved-config-dir>` to CMake for deterministic package selection.
+
+## Hands-Off Bootstrap Paths
+
+### Sibling repo bootstrap
+
+If `../firebolt-cpp-transport` exists, the script builds and installs it into `COV_DEPS_PREFIX`.
+
+### Release tarball bootstrap
+
+If sibling repo is unavailable or `COV_FORCE_RELEASE_TRANSPORT=1` is set:
+
+1. Read pinned version from `.transport.version`.
+2. Download release archive from GitHub releases.
+3. Extract source into `.cov-deps/src/`.
+4. Build/install into `COV_DEPS_PREFIX`.
+5. Re-run client configure/build against the installed package config.
+
+The transport bootstrap passes:
+
+```bash
+-DFIREBOLT_TRANSPORT_VERSION=<value from .transport.version>
+```
+
+This keeps package version compatibility aligned with client `find_package(FireboltTransport <major> CONFIG REQUIRED)`.
+
+## Environment Variables
+
+### `COV_DEPS_PREFIX`
+
+Install/bootstrap prefix for local dependencies.
+
+Default:
+
+```bash
+<repo>/.cov-deps
+```
+
+### `COV_SKIP_SYSTEM_TRANSPORT`
+
+When set to `1`, skip system package search paths for FireboltTransport.
+
+Use this to guarantee host-independent behavior.
+
+### `COV_FORCE_BOOTSTRAP_TRANSPORT`
+
+When set to `1`, do not reuse an already-discovered transport package. Force bootstrap flow.
+
+### `COV_FORCE_RELEASE_TRANSPORT`
+
+When set to `1`, bypass sibling repo bootstrap and force release tarball bootstrap.
+
+## CMake Root Hinting
+
+In addition to script bootstrap, CMake supports explicit root hinting:
+
+- `FIREBOLT_TRANSPORT_ROOT` (project-level convenience variable)
+- `FireboltTransport_ROOT` (package-native CMake variable)
+
+Either can point to an install prefix containing `lib/cmake/FireboltTransport`.
+
+## CI Recommendations
+
+Use strict mode for reproducibility:
+
+```bash
+COV_FORCE_BOOTSTRAP_TRANSPORT=1 \
+COV_SKIP_SYSTEM_TRANSPORT=1 \
+COV_FORCE_RELEASE_TRANSPORT=1 \
+./cov_build.sh
+```
+
+This prevents accidental coupling to preinstalled host packages.
+
+## Troubleshooting
+
+### Missing `.transport.version`
+
+Symptom: bootstrap fails before download.
+
+Fix: ensure `.transport.version` exists and contains a non-empty version.
+
+### Release download failure
+
+Symptom: both release URL patterns fail.
+
+Fix: verify pinned version exists in `rdkcentral/firebolt-cpp-transport` releases and that node has outbound network access.
+
+### Version mismatch shown during configure
+
+Symptom: `installed version` differs from `expected`.
+
+Fix: use strict mode and a clean `COV_DEPS_PREFIX`, or set `COV_FORCE_RELEASE_TRANSPORT=1` to rebuild from pinned release.
+
+## Artifacts
+
+When release bootstrap is used, expected local artifacts include:
+
+- `.cov-deps/src/firebolt-cpp-transport-<version>/`
+- `.cov-deps/lib/cmake/FireboltTransport/FireboltTransportConfig.cmake`
+- `.cov-deps/lib/libFireboltTransport.so*`
diff --git a/Makefile.act b/Makefile.act
@@ -0,0 +1,26 @@
+ACT ?= act
+WORKFLOW ?= .github/workflows/native_full_build.yml
+JOB ?= native-build
+
+ACT_CONTAINER_IMAGE ?= ghcr.io/rdkcentral/docker-rdk-ci:latest
+ACT_SKIP_BUILD_DEPS ?= false
+ACT_STRICT_TRANSPORT_BOOTSTRAP ?= true
+ACT_FORCE_RELEASE_TRANSPORT ?= true
+
+.PHONY: act-list act-native act-native-fast
+
+act-list:
+	$(ACT) -l
+
+act-native:
+	$(ACT) workflow_dispatch \
+		-W $(WORKFLOW) \
+		-j $(JOB) \
+		--input skip_build_dependencies=$(ACT_SKIP_BUILD_DEPS) \
+		--input strict_transport_bootstrap=$(ACT_STRICT_TRANSPORT_BOOTSTRAP) \
+		--input force_release_transport=$(ACT_FORCE_RELEASE_TRANSPORT) \
+		--input container_image=$(ACT_CONTAINER_IMAGE)
+
+# Faster local loop if your container image already has dependencies (including FireboltTransport).
+act-native-fast:
+	$(MAKE) act-native ACT_SKIP_BUILD_DEPS=true ACT_STRICT_TRANSPORT_BOOTSTRAP=false ACT_FORCE_RELEASE_TRANSPORT=false
diff --git a/README.md b/README.md
@@ -30,3 +30,9 @@ Examples:
 - `./lint.sh --tidy-only`
 - `./lint.sh --tidy-only --fix`
 - `./lint.sh --cppcheck-only`
+
+## Coverity
+
+For Coverity build and fully unattended dependency bootstrap instructions, see:
+
+- [COVERITY.md](COVERITY.md)