From b3853ff364818472d8289cae61524da9e93256ef Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 28 Nov 2025 12:01:39 +0100 Subject: [PATCH 1/7] first try to build&push the teleop with new pipeline --- .../build_and_push_docker_images.yml | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 .github/workflows/build_and_push_docker_images.yml diff --git a/.github/workflows/build_and_push_docker_images.yml b/.github/workflows/build_and_push_docker_images.yml new file mode 100644 index 0000000..ac40541 --- /dev/null +++ b/.github/workflows/build_and_push_docker_images.yml @@ -0,0 +1,87 @@ +# source: https://docs.github.com/en/actions/tutorials/publish-packages/publish-docker-images#publishing-images-to-github-packages +name: Create and publish a Docker image + +# Configures this workflow to run every time a change is pushed to the branch called `release`. +on: + push: + branches: ['main', '3-build-pipeline-to-push-images-into-gh-container-registry'] + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +jobs: + build-and-push-image: + runs-on: ubuntu-latest + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + attestations: write + id-token: write + # + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + submodules: recursive + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/helloric/teleop + tags: | + type=raw,value=${{ github.sha }} + labels: | + labels: | + org.opencontainers.image.title=HelloRic Teleop + org.opencontainers.image.description=Docker image for HelloRic teleop node + org.opencontainers.image.url=https://github.com/helloric/robot-nodes + org.opencontainers.image.vendor=DFKI RIC + org.opencontainers.image.licenses=3-Clause BSD License + + + + + # as suggested here: https://github.com/docker/build-push-action + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see [Usage](https://github.com/docker/build-push-action#usage) in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push TELEOP Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + file: ./docker/Dockerfile-teleop + build-args: | + ROS_DISTRO=jazzy + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/arm64 + + # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [Using artifact attestations to establish provenance for builds](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v3 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + From b9096301b86589aa4d91f629e05f43547b909ecf Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 28 Nov 2025 12:06:38 +0100 Subject: [PATCH 2/7] small adjustments on tags and attestation --- .github/workflows/build_and_push_docker_images.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_and_push_docker_images.yml b/.github/workflows/build_and_push_docker_images.yml index ac40541..d90bc9f 100644 --- a/.github/workflows/build_and_push_docker_images.yml +++ b/.github/workflows/build_and_push_docker_images.yml @@ -43,6 +43,7 @@ jobs: images: ${{ env.REGISTRY }}/helloric/teleop tags: | type=raw,value=${{ github.sha }} + type=raw,value=latest labels: | labels: | org.opencontainers.image.title=HelloRic Teleop @@ -81,7 +82,7 @@ jobs: - name: Generate artifact attestation uses: actions/attest-build-provenance@v3 with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-name: ${{ env.REGISTRY }}/helloric/teleop subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true From f11e4948bc9d29d25524831555e471e463d76ffb Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 28 Nov 2025 12:30:02 +0100 Subject: [PATCH 3/7] now build all images --- .../build_and_push_docker_images.yml | 62 ++++++++++++------- 1 file changed, 39 insertions(+), 23 deletions(-) diff --git a/.github/workflows/build_and_push_docker_images.yml b/.github/workflows/build_and_push_docker_images.yml index d90bc9f..9d193f5 100644 --- a/.github/workflows/build_and_push_docker_images.yml +++ b/.github/workflows/build_and_push_docker_images.yml @@ -10,6 +10,7 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} + ROS_DISTRO: jazzy # There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. jobs: @@ -20,8 +21,30 @@ jobs: contents: read packages: write attestations: write - id-token: write - # + id-token: write + strategy: + matrix: + variant: + - name: teleop + platforms: linux/arm64 + context: . + file: ./docker/Dockerfile-teleop + - name: ricbot + platforms: linux/arm64 + context: . + file: ./docker/Dockerfile-robot + - name: ui + platforms: linux/arm64 + context: ./svelte-ui/ + file: ./docker/Dockerfile + - name: ui_com + platforms: linux/arm64 + context: ./helloric_ui_com/ + file: ./Dockerfile + - name: ds4 + platforms: linux/arm64 + context: . + file: ./docker/Dockerfile-ds4 steps: - name: Checkout repository uses: actions/checkout@v5 @@ -34,34 +57,27 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + # as suggested here: https://github.com/docker/build-push-action + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - images: ${{ env.REGISTRY }}/helloric/teleop + images: ${{ env.REGISTRY }}/helloric/${{ matrix.variant.name }} tags: | type=raw,value=${{ github.sha }} type=raw,value=latest labels: | labels: | - org.opencontainers.image.title=HelloRic Teleop - org.opencontainers.image.description=Docker image for HelloRic teleop node + org.opencontainers.image.title=HelloRic ${{ matrix.variant.name }} + org.opencontainers.image.description=Docker image for HelloRic ${{ matrix.variant.name }} node org.opencontainers.image.url=https://github.com/helloric/robot-nodes org.opencontainers.image.vendor=DFKI RIC org.opencontainers.image.licenses=3-Clause BSD License - - - - - # as suggested here: https://github.com/docker/build-push-action - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see [Usage](https://github.com/docker/build-push-action#usage) in the README of the `docker/build-push-action` repository. # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. @@ -69,20 +85,20 @@ jobs: id: push uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 with: - context: . - file: ./docker/Dockerfile-teleop + context: ${{ matrix.variant.context }} + file: ${{ matrix.variant.file }} build-args: | - ROS_DISTRO=jazzy + ROS_DISTRO=${{ env.ROS_DISTRO }} push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - platforms: linux/arm64 + platforms: ${{ matrix.variant.platforms }} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [Using artifact attestations to establish provenance for builds](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). - name: Generate artifact attestation uses: actions/attest-build-provenance@v3 with: - subject-name: ${{ env.REGISTRY }}/helloric/teleop + subject-name: ${{ env.REGISTRY }}/helloric/${{ matrix.variant.name }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true From dbf2000bc0d304d6a3889ffaeb6ed97860fba42e Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 28 Nov 2025 12:35:32 +0100 Subject: [PATCH 4/7] adjusted path to Dockerfile --- .github/workflows/build_and_push_docker_images.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_push_docker_images.yml b/.github/workflows/build_and_push_docker_images.yml index 9d193f5..b00f107 100644 --- a/.github/workflows/build_and_push_docker_images.yml +++ b/.github/workflows/build_and_push_docker_images.yml @@ -36,11 +36,11 @@ jobs: - name: ui platforms: linux/arm64 context: ./svelte-ui/ - file: ./docker/Dockerfile + file: ./svelte-ui/docker/Dockerfile - name: ui_com platforms: linux/arm64 context: ./helloric_ui_com/ - file: ./Dockerfile + file: ./helloric_ui_com/Dockerfile - name: ds4 platforms: linux/arm64 context: . From 6523cd6c5397ff69887f8b30766d01e1739b28f4 Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 28 Nov 2025 13:03:12 +0100 Subject: [PATCH 5/7] only building the images that do not have their own repo --- .../workflows/build_and_push_docker_images.yml | 18 +++++++++--------- docker/Dockerfile-ds4 | 3 ++- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build_and_push_docker_images.yml b/.github/workflows/build_and_push_docker_images.yml index b00f107..1ca41b0 100644 --- a/.github/workflows/build_and_push_docker_images.yml +++ b/.github/workflows/build_and_push_docker_images.yml @@ -33,14 +33,14 @@ jobs: platforms: linux/arm64 context: . file: ./docker/Dockerfile-robot - - name: ui - platforms: linux/arm64 - context: ./svelte-ui/ - file: ./svelte-ui/docker/Dockerfile - - name: ui_com - platforms: linux/arm64 - context: ./helloric_ui_com/ - file: ./helloric_ui_com/Dockerfile + # - name: ui + # platforms: linux/arm64 + # context: ./svelte-ui/ + # file: ./svelte-ui/docker/Dockerfile + # - name: ui_com + # platforms: linux/arm64 + # context: ./helloric_ui_com/ + # file: ./helloric_ui_com/Dockerfile - name: ds4 platforms: linux/arm64 context: . @@ -81,7 +81,7 @@ jobs: # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see [Usage](https://github.com/docker/build-push-action#usage) in the README of the `docker/build-push-action` repository. # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - - name: Build and push TELEOP Docker image + - name: Build and push ALL Docker images id: push uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 with: diff --git a/docker/Dockerfile-ds4 b/docker/Dockerfile-ds4 index 1a0bedb..dae3411 100644 --- a/docker/Dockerfile-ds4 +++ b/docker/Dockerfile-ds4 @@ -25,7 +25,8 @@ WORKDIR /opt/underlay_ws RUN mkdir src \ && cd src \ && git clone https://github.com/naoki-mizuno/ds4_driver \ - --branch ${ROS_DISTRO}-devel + --branch humble-devel + # TODO: switch to jazzy-devel when available or better use the ROS_DISTRO arg RUN bash -c "source /opt/ros/${ROS_DISTRO}/setup.bash && colcon build" COPY ./docker/entrypoint-ds4.bash /entrypoint.bash From ee36a864453e816ef2feb8c53ee738b5d5c612b9 Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 5 Dec 2025 12:41:35 +0100 Subject: [PATCH 6/7] changing images in compose to latest --- compose.yml | 10 +++++----- helloric_ui_com | 2 +- svelte-ui | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/compose.yml b/compose.yml index 2eda948..c445013 100644 --- a/compose.yml +++ b/compose.yml @@ -10,7 +10,7 @@ services: - "linux/arm64" args: ROS_DISTRO: jazzy - image: harbor.hb.dfki.de/helloric/ricbot:jazzy_arm64_001 + image: ghcr.io/helloric/ricbot:latest environment: - PYTHONUNBUFFERED=1 # important to show error messages if a ros service crashes! volumes: @@ -27,7 +27,7 @@ services: platform: "linux/arm64" depends_on: - ui_com - image: harbor.hb.dfki.de/helloric/ui:arm64_001 + image: ghcr.io/helloric/helloric/svelte-ui:latest build: context: ./svelte-ui/ dockerfile: ./docker/Dockerfile @@ -37,7 +37,7 @@ services: ui_com: restart: always platform: "linux/arm64" - image: harbor.hb.dfki.de/helloric/ui_com:jazzy_arm64_001 + image: ghcr.io/helloric/helloric/helloric_ui_com:latest build: context: ./helloric_ui_com/ dockerfile: ./Dockerfile @@ -57,7 +57,7 @@ services: ROS_DISTRO: jazzy stdin_open: true tty: true - image: harbor.hb.dfki.de/helloric/teleop:jazzy_arm64_001 + image: ghcr.io/helloric/teleop:latest ds4: platform: "linux/arm64" @@ -69,4 +69,4 @@ services: devices: - /dev:/dev privileged: true - image: harbor.hb.dfki.de/helloric/ds4:jazzy_arm64_001 + image: ghcr.io/helloric/ds4:latest diff --git a/helloric_ui_com b/helloric_ui_com index 4824503..362efdd 160000 --- a/helloric_ui_com +++ b/helloric_ui_com @@ -1 +1 @@ -Subproject commit 4824503e57aebb085c8cc77e9a7a2a437331ca16 +Subproject commit 362efdd417a657671a48917526eb58ef6c056727 diff --git a/svelte-ui b/svelte-ui index 70a50eb..b3f1396 160000 --- a/svelte-ui +++ b/svelte-ui @@ -1 +1 @@ -Subproject commit 70a50eb04567abd45d6bf1c546cee142ec386738 +Subproject commit b3f1396482a646275b696752b2cd0f8f0154347c From fa8079aa0ec3b0746858dc6ea155b0606d445a70 Mon Sep 17 00:00:00 2001 From: Adrian Auer Date: Fri, 5 Dec 2025 12:50:36 +0100 Subject: [PATCH 7/7] corrected path for packages --- compose.yml | 4 ++-- helloric_ui_com | 2 +- svelte-ui | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/compose.yml b/compose.yml index c445013..4effc24 100644 --- a/compose.yml +++ b/compose.yml @@ -27,7 +27,7 @@ services: platform: "linux/arm64" depends_on: - ui_com - image: ghcr.io/helloric/helloric/svelte-ui:latest + image: ghcr.io/helloric/svelte-ui:latest build: context: ./svelte-ui/ dockerfile: ./docker/Dockerfile @@ -37,7 +37,7 @@ services: ui_com: restart: always platform: "linux/arm64" - image: ghcr.io/helloric/helloric/helloric_ui_com:latest + image: ghcr.io/helloric/helloric_ui_com:latest build: context: ./helloric_ui_com/ dockerfile: ./Dockerfile diff --git a/helloric_ui_com b/helloric_ui_com index 362efdd..b92466e 160000 --- a/helloric_ui_com +++ b/helloric_ui_com @@ -1 +1 @@ -Subproject commit 362efdd417a657671a48917526eb58ef6c056727 +Subproject commit b92466e0dd42e20b3611fb3e5f88c4bb2cbf375e diff --git a/svelte-ui b/svelte-ui index b3f1396..0ddda18 160000 --- a/svelte-ui +++ b/svelte-ui @@ -1 +1 @@ -Subproject commit b3f1396482a646275b696752b2cd0f8f0154347c +Subproject commit 0ddda18d4ddbe262f997ec9310cf0ba2a98de05e