Merge branch 'master' into feat/zigbee-multistate

Author: P-R-O-C-H-Y

.github/CODEOWNERS

@@ -11,6 +11,8 @@
 
 # CI
 /.github/ @lucasssvaz @me-no-dev @P-R-O-C-H-Y
+/.github/codeql/ @lucasssvaz
+/.gitlab/ @lucasssvaz
 /tests/ @lucasssvaz @P-R-O-C-H-Y
 
 # Tools

.github/ISSUE_TEMPLATE/Issue-report.yml

@@ -43,6 +43,7 @@ body:
         - latest stable Release (if not listed below)
         - latest development Release Candidate (RC-X)
         - latest master (checkout manually)
+        - v3.3.0
         - v3.2.1
         - v3.2.0
         - v3.1.3
@@ -79,6 +80,17 @@ body:
         - other
     validations:
       required: true
+  - type: dropdown
+    id: type
+    attributes:
+      label: Type
+      description: How would you define the type of the issue? Please select from the types below.
+      options:
+        - "Task"
+        - "Bug"
+        - "Question"
+    validations:
+      required: true
   - type: input
     id: IDE
     attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -3,6 +3,3 @@ contact_links:
   - name: Arduino Core for Espressif Discord Server
     url: https://discord.gg/8xY6e9crwv
     about: Community Discord server for questions and help
-  - name: ESP32 Forum - Arduino
-    url: https://esp32.com/viewforum.php?f=19
-    about: Official Forum for questions

.github/PULL_REQUEST_TEMPLATE.md

@@ -13,7 +13,7 @@
 ## Description of Change
 Please describe your proposed Pull Request and it's impact.
 
-## Tests scenarios
+## Test Scenarios
 Please describe on what Hardware and Software combinations you have tested this Pull Request and how.
 
 (*eg. I have tested my Pull Request on Arduino-esp32 core v2.0.2 with ESP32 and ESP32-S2 Board with this scenario*)

.github/codeql/codeql-config.yml

@@ -0,0 +1,28 @@
+name: "CodeQL config"
+
+packs:
+  - trailofbits/cpp-queries
+  - githubsecuritylab/codeql-cpp-queries
+  - githubsecuritylab/codeql-python-queries
+
+queries:
+  - uses: security-extended
+  - uses: security-and-quality
+
+query-filters:
+  - exclude:
+      query path:
+        - /^experimental\/.*/
+  - exclude:
+      tags contain:
+        - experimental
+  - exclude:
+      problem.severity:
+        - recommendation
+  - exclude:
+      id: tob/cpp/use-of-legacy-algorithm # We use legacy algorithms in many places for integrity checks
+  - exclude:
+      id: cpp/dead-code-goto # Too many false positives in no-build mode
+
+paths-ignore:
+  - tests/**

.github/scripts/merge_packages.py

@@ -4,6 +4,7 @@
 # Usage:
 #   python merge_packages.py package_esp8266com_index.json version/new/package_esp8266com_index.json
 # Written by Ivan Grokhotkov, 2015
+# Updated by lucasssvaz to handle Chinese version sorting, 2025
 #
 
 from __future__ import print_function
@@ -36,20 +37,19 @@ def merge_objects(versions, obj):
 
 
 # Normalize ESP release version string (x.x.x) by adding '-rc<MAXINT>' (x.x.x-rc9223372036854775807)
-# to ensure having REL above any RC
+# to ensure having REL above any RC. CN version will be sorted after the official version if they happen
+# to be mixed (normally, CN and non-CN versions should not be mixed)
 # Dummy approach, functional anyway for current ESP package versioning
 # (unlike NormalizedVersion/LooseVersion/StrictVersion & similar crap)
 def pkgVersionNormalized(versionString):
-
-    verStr = str(versionString)
+    verStr = str(versionString).replace("-cn", "")
     verParts = re.split(r"\.|-rc|-alpha", verStr, flags=re.IGNORECASE)
 
     if len(verParts) == 3:
-        if sys.version_info > (3, 0):  # Python 3
-            verStr = str(versionString) + "-rc" + str(sys.maxsize)
-        else:  # Python 2
-            verStr = str(versionString) + "-rc" + str(sys.maxint)
-
+        if "-cn" in str(versionString):
+            verStr = verStr + "-rc" + str(sys.maxsize // 2)
+        else:
+            verStr = verStr + "-rc" + str(sys.maxsize)
     elif len(verParts) != 4:
         print("pkgVersionNormalized WARNING: unexpected version format: {0})".format(verStr), file=sys.stderr)
 

.github/scripts/on-push.sh

@@ -90,6 +90,7 @@ if [ "$BUILD_LOG" -eq 1 ]; then
 fi
 
 #build sketches for different targets
+build "esp32c5" "$CHUNK_INDEX" "$CHUNKS_CNT" "$BUILD_LOG" "$LOG_LEVEL" "$SKETCHES_FILE" "${SKETCHES_ESP32[@]}"
 build "esp32p4" "$CHUNK_INDEX" "$CHUNKS_CNT" "$BUILD_LOG" "$LOG_LEVEL" "$SKETCHES_FILE" "${SKETCHES_ESP32[@]}"
 build "esp32s3" "$CHUNK_INDEX" "$CHUNKS_CNT" "$BUILD_LOG" "$LOG_LEVEL" "$SKETCHES_FILE" "${SKETCHES_ESP32[@]}"
 build "esp32s2" "$CHUNK_INDEX" "$CHUNKS_CNT" "$BUILD_LOG" "$LOG_LEVEL" "$SKETCHES_FILE" "${SKETCHES_ESP32[@]}"

.github/scripts/process_sarif.py

@@ -0,0 +1,129 @@
+#!/usr/bin/env python3
+
+# This script is used to process the SARIF file generated by CodeQL and
+# to rename files back to .ino and adjust line numbers to match the original .ino files.
+
+import json
+import sys
+import os
+
+def process_artifact_location(artifact_location, renamed_files):
+    """
+    Process a single artifact location to rename .cpp files back to .ino
+    """
+    if 'uri' in artifact_location:
+        uri = artifact_location['uri']
+        if uri in renamed_files:
+            print(f"Renaming file: {uri} -> {renamed_files[uri]}")
+            artifact_location['uri'] = renamed_files[uri]
+            return True
+    return False
+
+def process_region(region):
+    """
+    Adjust line numbers in a region by decreasing them by 1
+    """
+    if 'startLine' in region:
+        region['startLine'] = max(1, region['startLine'] - 1)
+    if 'endLine' in region:
+        region['endLine'] = max(1, region['endLine'] - 1)
+
+def process_physical_location(physical_location, renamed_files):
+    """
+    Process a physical location to rename files and adjust line numbers
+    """
+    file_renamed = False
+
+    if 'artifactLocation' in physical_location:
+        if process_artifact_location(physical_location['artifactLocation'], renamed_files):
+            file_renamed = True
+
+    # Adjust line numbers if the file was renamed
+    if file_renamed and 'region' in physical_location:
+        process_region(physical_location['region'])
+
+    return file_renamed
+
+
+def process_sarif_file(sarif_file, renamed_files_file):
+    """
+    Process SARIF file to rename files back to .ino and adjust line numbers
+    """
+    # Read the renamed files mapping
+    with open(renamed_files_file, 'r') as f:
+        renamed_files = json.load(f)
+
+    print(f"Loaded {len(renamed_files)} file mappings:")
+    for cpp_file, ino_file in renamed_files.items():
+        print(f"  {cpp_file} -> {ino_file}")
+
+
+    # Read the SARIF file
+    with open(sarif_file, 'r') as f:
+        sarif_data = json.load(f)
+
+    files_processed = 0
+
+    # Process each run
+    if 'runs' in sarif_data:
+        for run in sarif_data['runs']:
+            # Process results
+            if 'results' in run:
+                for result in run['results']:
+                    # Process all locations in the result
+                    if 'locations' in result:
+                        for location in result['locations']:
+                            if 'physicalLocation' in location:
+                                if process_physical_location(location['physicalLocation'], renamed_files):
+                                    files_processed += 1
+
+                    # Process related locations if they exist
+                    if 'relatedLocations' in result:
+                        for location in result['relatedLocations']:
+                            if 'physicalLocation' in location:
+                                if process_physical_location(location['physicalLocation'], renamed_files):
+                                    files_processed += 1
+
+            # Process artifacts if they exist
+            if 'artifacts' in run:
+                for artifact in run['artifacts']:
+                    if 'location' in artifact and 'uri' in artifact['location']:
+                        uri = artifact['location']['uri']
+                        if uri in renamed_files:
+                            artifact['location']['uri'] = renamed_files[uri]
+                            files_processed += 1
+
+    print(f"Processed {files_processed} file references")
+
+    # Write the processed SARIF file
+    with open(sarif_file, 'w') as f:
+        json.dump(sarif_data, f, indent=2)
+
+def main():
+    if len(sys.argv) != 3:
+        print("Usage: python3 sarif_nobuild.py <sarif_file> <renamed_files_file>")
+        sys.exit(1)
+
+    sarif_file = sys.argv[1]
+    renamed_files_file = sys.argv[2]
+
+    # Check if files exist
+    if not os.path.exists(sarif_file):
+        print(f"SARIF file not found: {sarif_file}")
+        sys.exit(1)
+
+    if not os.path.exists(renamed_files_file):
+        print(f"Renamed files mapping not found: {renamed_files_file}")
+        sys.exit(1)
+
+    try:
+        process_sarif_file(sarif_file, renamed_files_file)
+        print("SARIF file processed successfully")
+    except Exception as e:
+        print(f"Error processing SARIF file: {e}")
+        import traceback
+        traceback.print_exc()
+        sys.exit(1)
+
+if __name__ == "__main__":
+    main()

.github/scripts/release_append_cn.py

@@ -17,8 +17,9 @@
 
 def append_cn_to_versions(obj):
     if isinstance(obj, dict):
-        # dfu-util comes from arduino.cc and not from the Chinese mirrors, so we skip it
-        if obj.get("name") == "dfu-util":
+        # Skip tools that are not from the esp32 package
+        packager = obj.get("packager")
+        if packager is not None and packager != "esp32":
             return
 
         for key, value in obj.items():

.github/scripts/set_push_chunks.sh

@@ -78,7 +78,6 @@ chunks+="]"
     echo "build_all=$build_all"
     echo "build_libraries=$BUILD_LIBRARIES"
     echo "build_static_sketches=$BUILD_STATIC_SKETCHES"
-    echo "build_idf=$BUILD_IDF"
     echo "chunk_count=$chunks_count"
     echo "chunks=$chunks"
 } >> "$GITHUB_OUTPUT"