From 24a0249289e2447be29f3f70f91ec2c0afb5f772 Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 5 Dec 2025 11:39:49 +0100 Subject: [PATCH 1/3] added build pipeline --- .../build_and_push_docker_images.yml | 79 +++++++++++++++++++ Dockerfile | 8 +- ric-messages | 2 +- 3 files changed, 85 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/build_and_push_docker_images.yml diff --git a/.github/workflows/build_and_push_docker_images.yml b/.github/workflows/build_and_push_docker_images.yml new file mode 100644 index 0000000..2009d56 --- /dev/null +++ b/.github/workflows/build_and_push_docker_images.yml @@ -0,0 +1,79 @@ +# source: https://docs.github.com/en/actions/tutorials/publish-packages/publish-docker-images#publishing-images-to-github-packages +name: Create and publish a Docker image + +# Configures this workflow to run every time a change is pushed to the branch called `release`. +on: + push: + branches: ['main', '2-pipeline-to-build-an-push-image'] + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + ROS_DISTRO: jazzy + +# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +jobs: + build-and-push-image: + runs-on: ubuntu-latest + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + submodules: recursive + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # as suggested here: https://github.com/docker/build-push-action + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/helloric/helloric_ui_com + tags: | + type=raw,value=${{ github.sha }} + type=raw,value=latest + labels: | + labels: | + org.opencontainers.image.title=HelloRic UI Communication Node + org.opencontainers.image.description=Docker image for HelloRic UI Communication Node + org.opencontainers.image.url=https://github.com/helloric/helloric_ui_com + org.opencontainers.image.vendor=DFKI RIC + org.opencontainers.image.licenses=3-Clause BSD License + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see [Usage](https://github.com/docker/build-push-action#usage) in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + build-args: | + ROS_DISTRO=${{ env.ROS_DISTRO }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/arm64 + + # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [Using artifact attestations to establish provenance for builds](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v3 + with: + subject-name: ${{ env.REGISTRY }}/helloric/helloric_ui_com + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + diff --git a/Dockerfile b/Dockerfile index 3a20135..1fa9974 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG ROS_DISTRO +ARG ROS_DISTRO=jazzy FROM ros:${ROS_DISTRO} RUN apt-get update -qq \ @@ -7,11 +7,13 @@ RUN apt-get update -qq \ ros-${ROS_DISTRO}-std-msgs \ ros-${ROS_DISTRO}-geometry-msgs \ ros-${ROS_DISTRO}-diagnostic-msgs \ - ament-cmake \ + # ament-cmake \ && rm -rf /var/lib/apt/lists/* +# PEP 668: https://docs.ros.org/en/independent/api/rosdep/html/pip_and_pep_668.html +ENV PIP_BREAK_SYSTEM_PACKAGES=1 # install flake and pytest-cov for testing -RUN pip3 install --upgrade flake8 pytest-cov +RUN pip3 install --upgrade flake8 pytest-cov --user EXPOSE 7000 diff --git a/ric-messages b/ric-messages index 5653cda..ca83c31 160000 --- a/ric-messages +++ b/ric-messages @@ -1 +1 @@ -Subproject commit 5653cda5a495e51a01e12eaa7ad1f88cf56365a6 +Subproject commit ca83c311789fd7f0d9448b81f7053021794de1b6 From f9d4384f235d4bfb97115e56c052651514ab509e Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 5 Dec 2025 12:06:38 +0100 Subject: [PATCH 2/3] correctly using ${{env.IMAGE_NAME}} --- .github/workflows/build_and_push_docker_images.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_and_push_docker_images.yml b/.github/workflows/build_and_push_docker_images.yml index 2009d56..64ec810 100644 --- a/.github/workflows/build_and_push_docker_images.yml +++ b/.github/workflows/build_and_push_docker_images.yml @@ -44,7 +44,7 @@ jobs: id: meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - images: ${{ env.REGISTRY }}/helloric/helloric_ui_com + images: ${{ env.REGISTRY }}/helloric/${{env.IMAGE_NAME}} tags: | type=raw,value=${{ github.sha }} type=raw,value=latest @@ -52,7 +52,7 @@ jobs: labels: | org.opencontainers.image.title=HelloRic UI Communication Node org.opencontainers.image.description=Docker image for HelloRic UI Communication Node - org.opencontainers.image.url=https://github.com/helloric/helloric_ui_com + org.opencontainers.image.url=https://github.com/helloric/${{env.IMAGE_NAME}} org.opencontainers.image.vendor=DFKI RIC org.opencontainers.image.licenses=3-Clause BSD License # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. @@ -73,7 +73,7 @@ jobs: - name: Generate artifact attestation uses: actions/attest-build-provenance@v3 with: - subject-name: ${{ env.REGISTRY }}/helloric/helloric_ui_com + subject-name: ${{ env.REGISTRY }}/helloric/${{env.IMAGE_NAME}} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true From b92466e0dd42e20b3611fb3e5f88c4bb2cbf375e Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 5 Dec 2025 12:48:00 +0100 Subject: [PATCH 3/3] hope I use ${{env.IMAGE_NAME}} correct this time --- .github/workflows/build_and_push_docker_images.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_and_push_docker_images.yml b/.github/workflows/build_and_push_docker_images.yml index 64ec810..2e54170 100644 --- a/.github/workflows/build_and_push_docker_images.yml +++ b/.github/workflows/build_and_push_docker_images.yml @@ -44,7 +44,7 @@ jobs: id: meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - images: ${{ env.REGISTRY }}/helloric/${{env.IMAGE_NAME}} + images: ${{ env.REGISTRY }}/${{env.IMAGE_NAME}} tags: | type=raw,value=${{ github.sha }} type=raw,value=latest @@ -52,7 +52,7 @@ jobs: labels: | org.opencontainers.image.title=HelloRic UI Communication Node org.opencontainers.image.description=Docker image for HelloRic UI Communication Node - org.opencontainers.image.url=https://github.com/helloric/${{env.IMAGE_NAME}} + org.opencontainers.image.url=https://github.com/${{env.IMAGE_NAME}} org.opencontainers.image.vendor=DFKI RIC org.opencontainers.image.licenses=3-Clause BSD License # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. @@ -73,7 +73,7 @@ jobs: - name: Generate artifact attestation uses: actions/attest-build-provenance@v3 with: - subject-name: ${{ env.REGISTRY }}/helloric/${{env.IMAGE_NAME}} + subject-name: ${{ env.REGISTRY }}/${{env.IMAGE_NAME}} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true