From 16cbf848c99d3b9af91516b349aa44a9e4e3f28d Mon Sep 17 00:00:00 2001
From: Michael Hohn <mhhohn@gmail.com>
Date: Sun, 18 May 2025 14:13:57 -0700
Subject: [PATCH] wip: pausing docker -> chroot conversion Current state:  most
 Dockerfiles converted, chroots created via scripts todo: finish conversions,
 run assembly

---
 README.org                     |  1 -
 lima/agent-setup.m4            | 15 ++++++
 lima/common-setup.m4           | 78 ++++++++++++++++++++++++++++++++
 lima/ghmrva-setup.m4           | 19 ++++++++
 lima/mrvastore-setup.m4        | 18 ++++++++
 lima/server-setup.m4           | 15 ++++++
 lima/setup-agent-chroot.sh.gen | 83 ++++++++++++++++++++++++++++++++++
 lima/setup-common-chroot.sh    | 56 +++++++++++++++++++++++
 lima/setup-ghmrva-chroot.sh    | 69 +++++++++++++++++++++++-----
 lima/setup-mrvastore-chroot.sh | 31 +++++++++++++
 lima/setup-server-chroot.sh    | 65 ++++++++++++++++++++++----
 11 files changed, 428 insertions(+), 22 deletions(-)
 create mode 100644 lima/agent-setup.m4
 create mode 100644 lima/common-setup.m4
 create mode 100644 lima/ghmrva-setup.m4
 create mode 100644 lima/mrvastore-setup.m4
 create mode 100644 lima/server-setup.m4
 create mode 100644 lima/setup-agent-chroot.sh.gen
 create mode 100644 lima/setup-common-chroot.sh
 create mode 100644 lima/setup-mrvastore-chroot.sh

diff --git a/README.org b/README.org
index 918d054..3fa938f 100644
--- a/README.org
+++ b/README.org
@@ -594,7 +594,6 @@ grep 'docker tag' containers/*/*.org containers/*/Makefile
   view container image list on ghcr.io: https://github.com/hohn?tab=packages
 
 * Project Tools
-
   This project, mrva-docker, is the highest-level part of the project as it
   packages all others.
   So it also houses simple project tools.
diff --git a/lima/agent-setup.m4 b/lima/agent-setup.m4
new file mode 100644
index 0000000..86b0ef6
--- /dev/null
+++ b/lima/agent-setup.m4
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+dnl Configuration values for the agent chroot
+define(`CHROOT_ROOT', `/srv/mrva/agent-root')
+define(`GO_SRC_DIR', `/Users/hohn/work-gh/mrva/mrvaagent')
+define(`GO_VERSION', `1.22.0')
+define(`CODEQL_TAG', `v2.21.3')
+
+CHROOT_BOOTSTRAP(CHROOT_ROOT)
+CHROOT_INSTALL_BASE_PACKAGES(CHROOT_ROOT)
+CHROOT_INSTALL_CODEQL(CHROOT_ROOT, CODEQL_TAG)
+CHROOT_SET_CODEQL_ENV(CHROOT_ROOT)
+INSTALL_GO_TOOLCHAIN(GO_VERSION)
+BUILD_AND_COPY_GO_BINARY(CHROOT_ROOT, GO_SRC_DIR, mrvaagent)
diff --git a/lima/common-setup.m4 b/lima/common-setup.m4
new file mode 100644
index 0000000..660c1c0
--- /dev/null
+++ b/lima/common-setup.m4
@@ -0,0 +1,78 @@
+dnl $1 -- CHROOT_ROOT: root of chroot to populate
+define(`CHROOT_BOOTSTRAP', `
+if [ ! -f "$1/.bootstrapped" ]; then
+    echo "[1/6] Bootstrapping Debian into $1"
+    sudo debootstrap --variant=minbase bookworm "$1" http://deb.debian.org/debian
+    sudo touch "$1/.bootstrapped"
+fi
+')
+
+dnl $1 -- CHROOT_ROOT: root of chroot to install into
+define(`CHROOT_INSTALL_BASE_PACKAGES', `
+if [ ! -f "$1/.packages_installed" ]; then
+    echo "[2/6] Installing base packages"
+    sudo mount -t proc none "$1/proc"
+    sudo chroot "$1" bash -c "
+    apt-get update &&
+    apt-get install -y --no-install-recommends \
+      ca-certificates \
+      curl \
+      unzip \
+      default-jdk
+    "
+    sudo umount "$1/proc"
+    sudo touch "$1/.packages_installed"
+fi
+')
+
+dnl $1 -- CHROOT_ROOT: chroot to install into
+dnl $2 -- CODEQL_TAG: release tag like v2.21.3
+define(`CHROOT_INSTALL_CODEQL', `
+if [ ! -f "$1/opt/codeql/codeql" ]; then
+    echo "[3/6] Installing CodeQL CLI"
+    echo "  -> Using CodeQL version: $2"
+    mkdir -p "$1/opt"
+    curl -L "https://github.com/github/codeql-cli-binaries/releases/download/$2/codeql-linux64.zip" -o /tmp/codeql.zip
+    sudo unzip -q /tmp/codeql.zip -d "$1/opt"
+    # optional: rm /tmp/codeql.zip
+fi
+')
+
+dnl $1 -- CHROOT_ROOT: chroot where env vars are added
+define(`CHROOT_SET_CODEQL_ENV', `
+if [ ! -f "$1/etc/profile.d/codeql.sh" ]; then
+    echo "[4/6] Adding CodeQL environment to chroot"
+    sudo tee "$1/etc/profile.d/codeql.sh" > /dev/null <<EOF
+export CODEQL_CLI_PATH=/opt/codeql/codeql
+export CODEQL_JAVA_HOME=/usr
+EOF
+fi
+')
+
+dnl $1 -- GO_VERSION: version string like 1.22.0
+define(`INSTALL_GO_TOOLCHAIN', `
+if ! /usr/local/go/bin/go version | grep -q "$1"; then
+    echo "[5/6] Installing Go $1"
+    cd /usr/local
+    sudo curl -LO "https://go.dev/dl/go$1.linux-arm64.tar.gz"
+    sudo rm -rf /usr/local/go
+    sudo tar -xzf "go$1.linux-arm64.tar.gz"
+    sudo ln -sf /usr/local/go/bin/go /usr/local/bin/go
+    sudo apt remove -y golang || true
+fi
+')
+
+dnl $1 -- CHROOT_ROOT: chroot to install binary into
+dnl $2 -- GO_SRC_DIR: host Go project path
+dnl $3 -- BIN_NAME: output binary name (e.g. mrvaagent)
+define(`BUILD_AND_COPY_GO_BINARY', `
+echo "[6/6] Building $3 Go binary"
+export PATH=/usr/local/go/bin:$PATH
+cd "$2"
+export GO111MODULE=on
+export CGO_ENABLED=0
+go build -o $3-binary
+echo "  -> Installing binary to chroot"
+sudo cp $3-binary "$1/usr/local/bin/$3"
+ls -la "$1/usr/local/bin/$3"
+')
diff --git a/lima/ghmrva-setup.m4 b/lima/ghmrva-setup.m4
new file mode 100644
index 0000000..27084b5
--- /dev/null
+++ b/lima/ghmrva-setup.m4
@@ -0,0 +1,19 @@
+dnl === ghmrva-setup.m4 ===
+dnl $1 -- CHROOT_ROOT: chroot target directory
+dnl $2 -- GO_SRC_DIR: Go project source dir on host
+dnl $3 -- CODEQL_TAG: codeql release tag
+dnl $4 -- GO_VERSION: Go toolchain version
+dnl $5 -- BIN_NAME: name of resulting binary
+
+define(`CHROOT_ROOT',   `/srv/mrva/ghmrva-root')dnl
+define(`GO_SRC_DIR',    `/Users/hohn/work-gh/mrva/gh-mrva')dnl
+define(`CODEQL_TAG',    `v2.21.3')dnl
+define(`GO_VERSION',    `1.22.0')dnl
+define(`BIN_NAME',      `gh-mrva')dnl
+
+CHROOT_BOOTSTRAP(CHROOT_ROOT)
+CHROOT_INSTALL_BASE_PACKAGES(CHROOT_ROOT)
+CHROOT_INSTALL_CODEQL(CHROOT_ROOT, CODEQL_TAG)
+CHROOT_SET_CODEQL_ENV(CHROOT_ROOT)
+INSTALL_GO_TOOLCHAIN(GO_VERSION)
+BUILD_AND_COPY_GO_BINARY(CHROOT_ROOT, GO_SRC_DIR, BIN_NAME)
diff --git a/lima/mrvastore-setup.m4 b/lima/mrvastore-setup.m4
new file mode 100644
index 0000000..a6d78f5
--- /dev/null
+++ b/lima/mrvastore-setup.m4
@@ -0,0 +1,18 @@
+dnl === mrvastore-setup.m4 ===
+dnl $1 -- CHROOT_ROOT: chroot install location
+dnl $2 -- MINIO_VERSION: MinIO binary release version (e.g. 2024-06-11T03-13-30Z)
+
+define(`CHROOT_ROOT', `/srv/mrva/mrvastore-root')dnl
+define(`MINIO_VERSION', `RELEASE.2024-06-11T03-13-30Z')dnl
+
+CHROOT_BOOTSTRAP(CHROOT_ROOT)
+CHROOT_INSTALL_BASE_PACKAGES(CHROOT_ROOT)
+
+dnl Install MinIO server binary
+if [ ! -f "CHROOT_ROOT/usr/local/bin/minio" ]; then
+    echo "[3/3] Installing MinIO version MINIO_VERSION"
+    curl -L "https://dl.min.io/server/minio/release/linux-arm64/archive/minio.MINIO_VERSION" \
+        -o /tmp/minio
+    sudo install -m 755 /tmp/minio CHROOT_ROOT/usr/local/bin/minio
+    sudo rm /tmp/minio
+fi
diff --git a/lima/server-setup.m4 b/lima/server-setup.m4
new file mode 100644
index 0000000..e510c4d
--- /dev/null
+++ b/lima/server-setup.m4
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+dnl Configuration values for the server chroot
+define(`CHROOT_ROOT', `/srv/mrva/server-root')
+define(`GO_SRC_DIR', `/Users/hohn/work-gh/mrva/mrvaserver')
+define(`GO_VERSION', `1.22.0')
+define(`CODEQL_TAG', `v2.21.3')
+
+CHROOT_BOOTSTRAP(CHROOT_ROOT)
+CHROOT_INSTALL_BASE_PACKAGES(CHROOT_ROOT)
+CHROOT_INSTALL_CODEQL(CHROOT_ROOT, CODEQL_TAG)
+CHROOT_SET_CODEQL_ENV(CHROOT_ROOT)
+INSTALL_GO_TOOLCHAIN(GO_VERSION)
+BUILD_AND_COPY_GO_BINARY(CHROOT_ROOT, GO_SRC_DIR, mrvaserver)
diff --git a/lima/setup-agent-chroot.sh.gen b/lima/setup-agent-chroot.sh.gen
new file mode 100644
index 0000000..1c423bb
--- /dev/null
+++ b/lima/setup-agent-chroot.sh.gen
@@ -0,0 +1,83 @@
+
+
+
+
+
+
+
+
+
+
+
+#!/bin/bash
+set -e
+
+
+
+
+
+
+
+if [ ! -f "/srv/mrva/agent-root/.bootstrapped" ]; then
+    echo "[1/6] Bootstrapping Debian into /srv/mrva/agent-root"
+    sudo debootstrap --variant=minbase bookworm "/srv/mrva/agent-root" http://deb.debian.org/debian
+    sudo touch "/srv/mrva/agent-root/.bootstrapped"
+fi
+
+
+if [ ! -f "/srv/mrva/agent-root/.packages_installed" ]; then
+    echo "[2/6] Installing base packages"
+    sudo mount -t proc none "/srv/mrva/agent-root/proc"
+    sudo chroot "/srv/mrva/agent-root" bash -c "
+    apt-get update &&
+    apt-get install -y --no-install-recommends \
+      ca-certificates \
+      curl \
+      unzip \
+      default-jdk
+    "
+    sudo umount "/srv/mrva/agent-root/proc"
+    sudo touch "/srv/mrva/agent-root/.packages_installed"
+fi
+
+
+if [ ! -f "/srv/mrva/agent-root/opt/codeql/codeql" ]; then
+    echo "[3/6] Installing CodeQL CLI"
+    echo "  -> Using CodeQL version: v2.21.3"
+    mkdir -p "/srv/mrva/agent-root/opt"
+    curl -L "https://github.com/github/codeql-cli-binaries/releases/download/v2.21.3/codeql-linux64.zip" -o /tmp/codeql.zip
+    sudo unzip -q /tmp/codeql.zip -d "/srv/mrva/agent-root/opt"
+    # optional: rm /tmp/codeql.zip
+fi
+
+
+if [ ! -f "/srv/mrva/agent-root/etc/profile.d/codeql.sh" ]; then
+    echo "[4/6] Adding CodeQL environment to chroot"
+    sudo tee "/srv/mrva/agent-root/etc/profile.d/codeql.sh" > /dev/null <<EOF
+export CODEQL_CLI_PATH=/opt/codeql/codeql
+export CODEQL_JAVA_HOME=/usr
+EOF
+fi
+
+
+if ! /usr/local/go/bin/go version | grep -q "1.22.0"; then
+    echo "[5/6] Installing Go 1.22.0"
+    cd /usr/local
+    sudo curl -LO "https://go.dev/dl/go1.22.0.linux-arm64.tar.gz"
+    sudo rm -rf /usr/local/go
+    sudo tar -xzf "go1.22.0.linux-arm64.tar.gz"
+    sudo ln -sf /usr/local/go/bin/go /usr/local/bin/go
+    sudo apt remove -y golang || true
+fi
+
+
+echo "[6/6] Building mrvaagent Go binary"
+export PATH=/usr/local/go/bin:$PATH
+cd "/Users/hohn/work-gh/mrva/mrvaagent"
+export GO111MODULE=on
+export CGO_ENABLED=0
+go build -o mrvaagent-binary
+echo "  -> Installing binary to chroot"
+sudo cp mrvaagent-binary "/srv/mrva/agent-root/usr/local/bin/mrvaagent"
+ls -la "/srv/mrva/agent-root/usr/local/bin/mrvaagent"
+
diff --git a/lima/setup-common-chroot.sh b/lima/setup-common-chroot.sh
new file mode 100644
index 0000000..fd54854
--- /dev/null
+++ b/lima/setup-common-chroot.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+#* === Step 1: Bootstrap base system ===
+if [ ! -f "$CHROOT_ROOT/.bootstrapped" ]; then
+    echo "[1/6] Bootstrapping Debian into $CHROOT_ROOT"
+    sudo debootstrap --variant=minbase bookworm "$CHROOT_ROOT" http://deb.debian.org/debian
+    sudo touch "$CHROOT_ROOT/.bootstrapped"
+fi
+
+#* === Step 2: Install base packages ===
+if [ ! -f "$CHROOT_ROOT/.packages_installed" ]; then
+    echo "[2/6] Installing base packages"
+    sudo mount -t proc none "$CHROOT_ROOT/proc"
+    sudo chroot "$CHROOT_ROOT" bash -c "
+    apt-get update &&
+    apt-get install -y --no-install-recommends \
+      ca-certificates \
+      bash \
+      curl \
+      unzip \
+      default-jdk
+    "
+    sudo umount "$CHROOT_ROOT/proc"
+    sudo touch "$CHROOT_ROOT/.packages_installed"
+fi
+
+#* === Step 3: Install CodeQL CLI ===
+if [ ! -f "$CHROOT_ROOT/opt/codeql/codeql" ]; then
+    echo "[3/6] Installing CodeQL CLI"
+    echo "  -> Using CodeQL version: $CODEQL_TAG"
+    mkdir -p "$CHROOT_ROOT/opt"
+    curl -L "https://github.com/github/codeql-cli-binaries/releases/download/$CODEQL_TAG/codeql-linux64.zip" -o /tmp/codeql.zip
+    sudo unzip -q /tmp/codeql.zip -d "$CHROOT_ROOT/opt"
+    # optional: rm /tmp/codeql.zip
+fi
+
+#* === Step 4: Set CodeQL env vars ===
+if [ ! -f "$CHROOT_ROOT/etc/profile.d/codeql.sh" ]; then
+    echo "[4/6] Adding CodeQL environment to chroot"
+    sudo tee "$CHROOT_ROOT/etc/profile.d/codeql.sh" > /dev/null <<EOF
+export CODEQL_CLI_PATH=/opt/codeql/codeql
+export CODEQL_JAVA_HOME=/usr
+EOF
+fi
+
+#* === Step 5: Install Go toolchain ===
+if ! /usr/local/go/bin/go version | grep -q "$GO_VERSION"; then
+    echo "[5/6] Installing Go $GO_VERSION"
+    cd /usr/local
+    sudo curl -LO "https://go.dev/dl/go${GO_VERSION}.linux-arm64.tar.gz"
+    sudo rm -rf /usr/local/go
+    sudo tar -xzf "go${GO_VERSION}.linux-arm64.tar.gz"
+    sudo ln -sf /usr/local/go/bin/go /usr/local/bin/go
+    sudo apt remove -y golang || true
+fi
+
diff --git a/lima/setup-ghmrva-chroot.sh b/lima/setup-ghmrva-chroot.sh
index 68fc17d..48a437c 100644
--- a/lima/setup-ghmrva-chroot.sh
+++ b/lima/setup-ghmrva-chroot.sh
@@ -1,19 +1,64 @@
-#!/bin/bash
-set -e
 
-# === Config ===
-CHROOT_ROOT=/srv/mrva/ghmrva-root
-GO_SRC_DIR=/Users/hohn/work-gh/mrva/gh-mrva
-GO_VERSION=1.22.0
+if [ ! -f "/srv/mrva/ghmrva-root/.bootstrapped" ]; then
+    echo "[1/6] Bootstrapping Debian into /srv/mrva/ghmrva-root"
+    sudo debootstrap --variant=minbase bookworm "/srv/mrva/ghmrva-root" http://deb.debian.org/debian
+    sudo touch "/srv/mrva/ghmrva-root/.bootstrapped"
+fi
+
+
+if [ ! -f "/srv/mrva/ghmrva-root/.packages_installed" ]; then
+    echo "[2/6] Installing base packages"
+    sudo mount -t proc none "/srv/mrva/ghmrva-root/proc"
+    sudo chroot "/srv/mrva/ghmrva-root" bash -c "
+    apt-get update &&
+    apt-get install -y --no-install-recommends \
+      ca-certificates \
+      curl \
+      unzip \
+      default-jdk
+    "
+    sudo umount "/srv/mrva/ghmrva-root/proc"
+    sudo touch "/srv/mrva/ghmrva-root/.packages_installed"
+fi
+
+
+if [ ! -f "/srv/mrva/ghmrva-root/opt/codeql/codeql" ]; then
+    echo "[3/6] Installing CodeQL CLI"
+    echo "  -> Using CodeQL version: v2.21.3"
+    mkdir -p "/srv/mrva/ghmrva-root/opt"
+    curl -L "https://github.com/github/codeql-cli-binaries/releases/download/v2.21.3/codeql-linux64.zip" -o /tmp/codeql.zip
+    sudo unzip -q /tmp/codeql.zip -d "/srv/mrva/ghmrva-root/opt"
+    # optional: rm /tmp/codeql.zip
+fi
+
+
+if [ ! -f "/srv/mrva/ghmrva-root/etc/profile.d/codeql.sh" ]; then
+    echo "[4/6] Adding CodeQL environment to chroot"
+    sudo tee "/srv/mrva/ghmrva-root/etc/profile.d/codeql.sh" > /dev/null <<EOF
+export CODEQL_CLI_PATH=/opt/codeql/codeql
+export CODEQL_JAVA_HOME=/usr
+EOF
+fi
+
+
+if ! /usr/local/go/bin/go version | grep -q "1.22.0"; then
+    echo "[5/6] Installing Go 1.22.0"
+    cd /usr/local
+    sudo curl -LO "https://go.dev/dl/go1.22.0.linux-arm64.tar.gz"
+    sudo rm -rf /usr/local/go
+    sudo tar -xzf "go1.22.0.linux-arm64.tar.gz"
+    sudo ln -sf /usr/local/go/bin/go /usr/local/bin/go
+    sudo apt remove -y golang || true
+fi
+
 
-# === Step 6: Build Go binary (gh-mrva) ===
 echo "[6/6] Building gh-mrva Go binary"
 export PATH=/usr/local/go/bin:$PATH
-cd "$GO_SRC_DIR"
+cd "/Users/hohn/work-gh/mrva/gh-mrva"
 export GO111MODULE=on
 export CGO_ENABLED=0
-go build -o gh-mrva
+go build -o gh-mrva-binary
 echo "  -> Installing binary to chroot"
-sudo mkdir -p "$CHROOT_ROOT/usr/local/bin"
-sudo cp gh-mrva "$CHROOT_ROOT/usr/local/bin/gh-mrva"
-ls -la "$CHROOT_ROOT/usr/local/bin/gh-mrva"
+sudo cp gh-mrva-binary "/srv/mrva/ghmrva-root/usr/local/bin/gh-mrva"
+ls -la "/srv/mrva/ghmrva-root/usr/local/bin/gh-mrva"
+
diff --git a/lima/setup-mrvastore-chroot.sh b/lima/setup-mrvastore-chroot.sh
new file mode 100644
index 0000000..b990a45
--- /dev/null
+++ b/lima/setup-mrvastore-chroot.sh
@@ -0,0 +1,31 @@
+
+if [ ! -f "/srv/mrva/mrvastore-root/.bootstrapped" ]; then
+    echo "[1/6] Bootstrapping Debian into /srv/mrva/mrvastore-root"
+    sudo debootstrap --variant=minbase bookworm "/srv/mrva/mrvastore-root" http://deb.debian.org/debian
+    sudo touch "/srv/mrva/mrvastore-root/.bootstrapped"
+fi
+
+
+if [ ! -f "/srv/mrva/mrvastore-root/.packages_installed" ]; then
+    echo "[2/6] Installing base packages"
+    sudo mount -t proc none "/srv/mrva/mrvastore-root/proc"
+    sudo chroot "/srv/mrva/mrvastore-root" bash -c "
+    apt-get update &&
+    apt-get install -y --no-install-recommends \
+      ca-certificates \
+      curl \
+      unzip \
+      default-jdk
+    "
+    sudo umount "/srv/mrva/mrvastore-root/proc"
+    sudo touch "/srv/mrva/mrvastore-root/.packages_installed"
+fi
+
+
+if [ ! -f "/srv/mrva/mrvastore-root/usr/local/bin/minio" ]; then
+    echo "[3/3] Installing MinIO version RELEASE.2024-06-11T03-13-30Z"
+    curl -L "https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2024-06-11T03-13-30Z" \
+        -o /tmp/minio
+    sudo install -m 755 /tmp/minio /srv/mrva/mrvastore-root/usr/local/bin/minio
+    sudo rm /tmp/minio
+fi
diff --git a/lima/setup-server-chroot.sh b/lima/setup-server-chroot.sh
index 4b6cdf9..2c11264 100644
--- a/lima/setup-server-chroot.sh
+++ b/lima/setup-server-chroot.sh
@@ -1,19 +1,66 @@
 #!/bin/bash
 set -e
 
-# === Config ===
-CHROOT_ROOT=/srv/mrva/server-root
-GO_SRC_DIR=/Users/hohn/work-gh/mrva/mrvaserver
-GO_VERSION=1.22.0
+if [ ! -f "/srv/mrva/server-root/.bootstrapped" ]; then
+    echo "[1/6] Bootstrapping Debian into /srv/mrva/server-root"
+    sudo debootstrap --variant=minbase bookworm "/srv/mrva/server-root" http://deb.debian.org/debian
+    sudo touch "/srv/mrva/server-root/.bootstrapped"
+fi
+
+
+if [ ! -f "/srv/mrva/server-root/.packages_installed" ]; then
+    echo "[2/6] Installing base packages"
+    sudo mount -t proc none "/srv/mrva/server-root/proc"
+    sudo chroot "/srv/mrva/server-root" bash -c "
+    apt-get update &&
+    apt-get install -y --no-install-recommends \
+      ca-certificates \
+      curl \
+      unzip \
+      default-jdk
+    "
+    sudo umount "/srv/mrva/server-root/proc"
+    sudo touch "/srv/mrva/server-root/.packages_installed"
+fi
+
+
+if [ ! -f "/srv/mrva/server-root/opt/codeql/codeql" ]; then
+    echo "[3/6] Installing CodeQL CLI"
+    echo "  -> Using CodeQL version: v2.21.3"
+    mkdir -p "/srv/mrva/server-root/opt"
+    curl -L "https://github.com/github/codeql-cli-binaries/releases/download/v2.21.3/codeql-linux64.zip" -o /tmp/codeql.zip
+    sudo unzip -q /tmp/codeql.zip -d "/srv/mrva/server-root/opt"
+    # optional: rm /tmp/codeql.zip
+fi
+
+
+if [ ! -f "/srv/mrva/server-root/etc/profile.d/codeql.sh" ]; then
+    echo "[4/6] Adding CodeQL environment to chroot"
+    sudo tee "/srv/mrva/server-root/etc/profile.d/codeql.sh" > /dev/null <<EOF
+export CODEQL_CLI_PATH=/opt/codeql/codeql
+export CODEQL_JAVA_HOME=/usr
+EOF
+fi
+
+
+if ! /usr/local/go/bin/go version | grep -q "1.22.0"; then
+    echo "[5/6] Installing Go 1.22.0"
+    cd /usr/local
+    sudo curl -LO "https://go.dev/dl/go1.22.0.linux-arm64.tar.gz"
+    sudo rm -rf /usr/local/go
+    sudo tar -xzf "go1.22.0.linux-arm64.tar.gz"
+    sudo ln -sf /usr/local/go/bin/go /usr/local/bin/go
+    sudo apt remove -y golang || true
+fi
+
 
-# === Step 6: Build Go binary (server) ===
 echo "[6/6] Building mrvaserver Go binary"
 export PATH=/usr/local/go/bin:$PATH
-cd "$GO_SRC_DIR"
+cd "/Users/hohn/work-gh/mrva/mrvaserver"
 export GO111MODULE=on
 export CGO_ENABLED=0
 go build -o mrvaserver-binary
 echo "  -> Installing binary to chroot"
-sudo mkdir -p "$CHROOT_ROOT/usr/local/bin"
-sudo cp mrvaserver-binary "$CHROOT_ROOT/usr/local/bin/mrvaserver"
-ls -la "$CHROOT_ROOT/usr/local/bin/mrvaserver"
+sudo cp mrvaserver-binary "/srv/mrva/server-root/usr/local/bin/mrvaserver"
+ls -la "/srv/mrva/server-root/usr/local/bin/mrvaserver"
+