From 8ff558be8c85d452788602c83992459c3b485470 Mon Sep 17 00:00:00 2001 From: nszczygl9 <118973656+nszczygl9@users.noreply.github.com> Date: Wed, 8 Apr 2026 14:12:03 +0200 Subject: [PATCH 1/6] Add f41 image building and modify weekly cache workflow. --- .../workflows/dls-build-fedora41-images.yaml | 61 ++++ .github/workflows/dls-pr-workflow.yaml | 7 + .../workflows/dls-weekly-cached-images.yaml | 326 ++---------------- 3 files changed, 96 insertions(+), 298 deletions(-) create mode 100644 .github/workflows/dls-build-fedora41-images.yaml diff --git a/.github/workflows/dls-build-fedora41-images.yaml b/.github/workflows/dls-build-fedora41-images.yaml new file mode 100644 index 000000000..b3ee2de78 --- /dev/null +++ b/.github/workflows/dls-build-fedora41-images.yaml @@ -0,0 +1,61 @@ +name: "[DLS] [F41] Build F41 image" +run-name: "[DLS] [F41] Build F41 image (by ${{ github.actor }})" +on: + workflow_call: + workflow_dispatch: +permissions: {} + +env: + DLS_REL_PATH: "./dlstreamer" + +jobs: + build: + name: "Build f41 img" + runs-on: dlstreamer + container: + image: fedora:41 + permissions: + contents: read + packages: read + steps: + - name: Check out dlstreamer repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 + with: + persist-credentials: false + path: dlstreamer + + - name: Init submodules + run: | + cd dlstreamer + git submodule update --init thirdparty/spdlog + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #4.0.0 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #4.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: 🚢 Build f41 img with cache from GHCR + env: + f41_img: ghcr.io/${{ github.repository }}/f41-img:${{ github.sha }} + f41_img_cached: ghcr.io/${{ github.repository }}/f41-img:buildcache + run: | + docker buildx build \ + --load \ + --target dlstreamer \ + --tag "${f41_img}" \ + --cache-from="${f41_img_cached}" \ + -f ./dlstreamer/docker/fedora41/fedora41.Dockerfile \ + ${{ env.DLS_REL_PATH }} + + - name: Clean up + if: always() + env: + f41_img: ghcr.io/${{ github.repository }}/f41-img:${{ github.sha }} + run: | + rm -rf dlstreamer + docker rmi ${f41_img} || true diff --git a/.github/workflows/dls-pr-workflow.yaml b/.github/workflows/dls-pr-workflow.yaml index ce08550f1..81012b032 100644 --- a/.github/workflows/dls-pr-workflow.yaml +++ b/.github/workflows/dls-pr-workflow.yaml @@ -398,6 +398,13 @@ jobs: with: test-repo-branch: ${{ inputs.test-repo-branch }} # -------------------------------------------------------- BUILDS & TESTS --------------------------------------------------------- + dls-build-fedora-img: + permissions: + contents: read + packages: read + name: "DLS BUILD: fedora41 img" + uses: ./.github/workflows/dls-build-fedora41-images.yaml + dls-build-sources-make-build: permissions: contents: read diff --git a/.github/workflows/dls-weekly-cached-images.yaml b/.github/workflows/dls-weekly-cached-images.yaml index 943d4c411..8b2f1e9c3 100644 --- a/.github/workflows/dls-weekly-cached-images.yaml +++ b/.github/workflows/dls-weekly-cached-images.yaml @@ -5,10 +5,6 @@ on: - cron: '0 5 * * MON' # 5:00 UTC each Monday workflow_dispatch: inputs: - image-tag: - description: 'Image tag' - required: false - type: string action-type: description: 'Choose if this run is weekly build or cache update' required: true @@ -37,23 +33,7 @@ jobs: ubuntu_version: ubuntu22 - path_dockerfile: ./dlstreamer-repo/docker/ubuntu/ubuntu24.Dockerfile ubuntu_version: ubuntu24 - outputs: - ubuntu22_image: ${{ steps.save-image-ubuntu22.outputs.image }} - ubuntu24_image: ${{ steps.save-image-ubuntu24.outputs.image }} steps: - - name: Determine image tag (input or default) - id: set-tag - env: - USER_IMAGE_TAG: ${{ github.event.inputs['image-tag'] }} - run: | - if [ -z "$USER_IMAGE_TAG" ]; then - echo "No image-tag provided — using default value with commit sha" - VALUE="${{ github.sha }}" - else - echo "Using provided image-tag: $USER_IMAGE_TAG" - VALUE="$USER_IMAGE_TAG" - fi - echo "IMAGE_TAG=$VALUE" >> $GITHUB_ENV - name: Check out dlstreamer repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 with: @@ -64,6 +44,7 @@ jobs: run: | cd dlstreamer-repo git submodule update --init thirdparty/spdlog + - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #4.0.0 @@ -76,96 +57,22 @@ jobs: - name: Build deb final img with cache from GHCR env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} deb_final_img_cached: ghcr.io/${{ github.repository }}/deb-final-img-${{ matrix.ubuntu_version }}:buildcache run: | docker buildx build \ - --load \ --target dlstreamer \ - --tag "ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-${{ matrix.ubuntu_version }}" \ --cache-to=type=registry,ref=${deb_final_img_cached},mode=max \ --cache-from="${deb_final_img_cached}" \ --build-arg DLSTREAMER_VERSION=${{ env.dlstreamer-version }} \ --build-arg DLSTREAMER_BUILD_NUMBER=deb-pkg-${{ matrix.ubuntu_version }} \ -f ${{ matrix.path_dockerfile }} \ ${{ env.DLS_REL_PATH }} - # ======================================================== SCANNING PART ======================================================== - # - name: 🔍 Scan Docker image with Trivy - # uses: open-edge-platform/orch-ci/.github/actions/security/trivy@76700c2fb6d547733b9218d9638dca43f5296399 # 0.1.52 - # with: - # scan_target: "ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${{ env.IMAGE_TAG }}-${{ matrix.ubuntu_version }}" - # severity: "HIGH" - # scan_type: image - # format: table - # report_suffix: "-${{ matrix.ubuntu_version }}-deb-img" - # scan-scope: all - # timeout: 20m - # ignore_unfixed: true - - # - name: Fail if vulnerabilities > 0 in Trivy results - # run: | - # file=$(ls security-results/trivy/trivy-results-* | head -n 1) - # cat $file - # vuln_count=$(awk '/│/ && /Vulnerabilities/ {next} /│/ {gsub(/ /, "", $0); split($0, cols, "│"); print cols[4]}' "$file" | grep -v '-' | head -n 1) - # echo "Found vulnerability count: $vuln_count" - # if [[ "$vuln_count" != "0" ]]; then - # echo "❌ Vulnerabilities found: $vuln_count" - # exit 1 - # else - # echo "✅ No vulnerabilities found." - # fi - # shell: bash - - - name: Push deb final img to GHCR - if: ${{ inputs.action-type == 'weekly' }} - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} - run: | - docker push "ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-${{ matrix.ubuntu_version }}" - - name: Install Cosign - if: ${{ inputs.action-type == 'weekly' }} - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1 - - - name: Install skopeo - if: ${{ inputs.action-type == 'weekly' }} - run: sudo apt update && sudo apt install -y skopeo jq - - - name: Get image digest - if: ${{ inputs.action-type == 'weekly' }} - id: digest - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} - run: | - IMAGE=ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-${{ matrix.ubuntu_version }} - DIGEST=$(skopeo inspect docker://$IMAGE | jq -r '.Digest') - echo "digest=${DIGEST}" >> $GITHUB_OUTPUT - - name: Sign Docker image using Cosign (keyless) - if: ${{ inputs.action-type == 'weekly' }} - env: - deb_final_img: ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer@${{ steps.digest.outputs.digest }} - run: | - cosign sign --yes ${deb_final_img} - - name: Save Ubuntu 22 image info - id: save-image-ubuntu22 - if: ${{ matrix.ubuntu_version == 'ubuntu22' }} - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} - run: echo "image=ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-${{ matrix.ubuntu_version }}" >> "$GITHUB_OUTPUT" - - - name: Save Ubuntu 24 image info - id: save-image-ubuntu24 - if: ${{ matrix.ubuntu_version == 'ubuntu24' }} - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} - run: echo "image=ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-${{ matrix.ubuntu_version }}" >> "$GITHUB_OUTPUT" - name: Clean up if: always() - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} run: | rm -rf dlstreamer-repo - docker rmi ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-${{ matrix.ubuntu_version }} || true + build-dls-dev-img: name: Build DLS ${{ matrix.ubuntu_version }} dev debug img runs-on: [dls, ubuntu] @@ -184,19 +91,6 @@ jobs: ubuntu_version: ubuntu24 build_arg: Debug steps: - - name: Determine image tag (input or default) - id: set-tag - env: - USER_IMAGE_TAG: ${{ github.event.inputs['image-tag'] }} - run: | - if [ -z "$USER_IMAGE_TAG" ]; then - echo "No image-tag provided — using default value with commit sha" - VALUE="${{ github.sha }}" - else - echo "Using provided image-tag: $USER_IMAGE_TAG" - VALUE="$USER_IMAGE_TAG" - fi - echo "IMAGE_TAG=$VALUE" >> $GITHUB_ENV - name: Check out dlstreamer repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 with: @@ -207,6 +101,7 @@ jobs: run: | cd dlstreamer-repo git submodule update --init thirdparty/spdlog + - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #4.0.0 @@ -219,114 +114,46 @@ jobs: - name: Build dev debug img with cache from GHCR env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} dev_debug_img_cached: ghcr.io/${{ github.repository }}/dev-debug-img-${{ matrix.ubuntu_version }}:buildcache run: | docker buildx build \ - --load \ --target dlstreamer-dev \ - --tag "ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-dev-${{ matrix.ubuntu_version }}" \ --cache-from=type=registry,ref=${dev_debug_img_cached} \ --cache-to=type=registry,ref=${dev_debug_img_cached},mode=max \ --build-arg BUILD_ARG=${{ matrix.build_arg }} \ -f ${{ matrix.path_dockerfile }} \ ${{ env.DLS_REL_PATH }} - # ======================================================== SCANNING PART ======================================================== - # - name: Scan Docker image with Trivy - # uses: open-edge-platform/orch-ci/.github/actions/security/trivy@76700c2fb6d547733b9218d9638dca43f5296399 # 0.1.52 - # with: - # scan_target: "ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${{ env.IMAGE_TAG }}-dev-${{ matrix.ubuntu_version }}" - # severity: "HIGH" - # scan_type: image - # format: table - # report_suffix: ${{ matrix.ubuntu_version }}-dev-img - # scan-scope: all - # timeout: 20m - # ignore_unfixed: true - - # - name: Fail if vulnerabilities > 0 in Trivy results - # run: | - # file=$(ls security-results/trivy/trivy-results-* | head -n 1) - # cat $file - # vuln_count=$(awk '/│/ && /Vulnerabilities/ {next} /│/ {gsub(/ /, "", $0); split($0, cols, "│"); print cols[4]}' "$file" | grep -v '-' | head -n 1) - # echo "Found vulnerability count: $vuln_count" - # if [[ "$vuln_count" != "0" ]]; then - # echo "❌ Vulnerabilities found: $vuln_count" - # exit 1 - # else - # echo "✅ No vulnerabilities found." - # fi - # shell: bash - - - name: Push dev-debug final img to GHCR - if: ${{ inputs.action-type == 'weekly' }} - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} - run: | - docker push "ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-dev-${{ matrix.ubuntu_version }}" - - name: Install Cosign - if: ${{ inputs.action-type == 'weekly' }} - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1 - - - name: Install skopeo - if: ${{ inputs.action-type == 'weekly' }} - run: sudo apt update && sudo apt install -y skopeo jq - - name: Get image digest - if: ${{ inputs.action-type == 'weekly' }} - id: digest - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} - run: | - IMAGE=ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-dev-${{ matrix.ubuntu_version }} - DIGEST=$(skopeo inspect docker://$IMAGE | jq -r '.Digest') - echo "digest=${DIGEST}" >> $GITHUB_OUTPUT - - name: Sign Docker image using Cosign (keyless) - if: ${{ inputs.action-type == 'weekly' }} - env: - dev_debug_img: ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer@${{ steps.digest.outputs.digest }} - run: | - cosign sign --yes ${dev_debug_img} - name: Clean up if: always() - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} run: | rm -rf dlstreamer-repo - docker rmi ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer:${IMAGE_TAG}-dev-${{ matrix.ubuntu_version }} || true - build-dls-pipeline-server-image: - if: ${{ inputs.action-type == 'weekly' }} - needs: build-dls-deb-img - name: Build DLS Pipeline Server ${{ matrix.ubuntu_version }} img + + build-dls-fedora41-img: + name: Build DLS Fedora 41 img runs-on: dlstreamer permissions: contents: read packages: write id-token: write - strategy: - fail-fast: false - matrix: - ubuntu_version: [ubuntu22, ubuntu24] steps: - - name: Determine image tag (input or default) - id: set-tag - env: - USER_IMAGE_TAG: ${{ github.event.inputs['image-tag'] }} + - name: Initial environment clean run: | - if [ -z "$USER_IMAGE_TAG" ]; then - echo "No image-tag provided — using default value with commit sha" - VALUE="${{ github.sha }}" - else - echo "Using provided image-tag: $USER_IMAGE_TAG" - VALUE="$USER_IMAGE_TAG" - fi - echo "IMAGE_TAG=$VALUE" >> $GITHUB_ENV - - name: Check out edge-ai-libraries repository + sudo rm -rf dlstreamer-repo + + - name: Check out dlstreamer repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 with: - repository: open-edge-platform/edge-ai-libraries persist-credentials: false - path: edge-ai-libraries-repo + path: dlstreamer-repo + + - name: Init submodules + run: | + cd dlstreamer-repo + git submodule update --init thirdparty/spdlog + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #4.0.0 - name: Log in to GitHub Container Registry uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #4.0.0 @@ -335,115 +162,18 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Set BASE_IMAGE - env: - BASE_IMAGE22: ${{ needs.build-dls-deb-img.outputs.ubuntu22_image }} - BASE_IMAGE24: ${{ needs.build-dls-deb-img.outputs.ubuntu24_image }} - run: | - if [ "${{ matrix.ubuntu_version }}" == "ubuntu22" ]; then - echo "BASE_IMAGE=${BASE_IMAGE22}" >> $GITHUB_ENV - elif [ "${{ matrix.ubuntu_version }}" == "ubuntu24" ]; then - echo "BASE_IMAGE=${BASE_IMAGE24}" >> $GITHUB_ENV - fi - - name: Build dls-pipeline-server-img - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} - run: | - cd edge-ai-libraries-repo/microservices/dlstreamer-pipeline-server/docker - export DLSTREAMER_PIPELINE_SERVER_IMAGE=ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-${{ matrix.ubuntu_version }} - export DLSTREAMER_PIPELINE_SERVER_DOCKERFILE=Dockerfile - docker compose build --no-cache --pull - export DLSTREAMER_PIPELINE_SERVER_IMAGE=ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-extended-${{ matrix.ubuntu_version }} - export BUILD_TARGET=dlstreamer-pipeline-server-extended - docker compose build --no-cache --pull - # ======================================================== SCANNING PART ======================================================== - - name: Scan Docker image with Trivy - uses: open-edge-platform/orch-ci/.github/actions/security/trivy@76700c2fb6d547733b9218d9638dca43f5296399 # 0.1.52 - with: - scan_target: "ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${{ env.IMAGE_TAG }}}-${{ matrix.ubuntu_version }}" - severity: "HIGH" - scan_type: image - format: table - report_suffix: ${{ matrix.ubuntu_version }}-edge-ai-dlstreamer-pipeline-server - scan-scope: all - timeout: 20m - ignore_unfixed: true - - name: Scan Docker Extended image with Trivy - uses: open-edge-platform/orch-ci/.github/actions/security/trivy@76700c2fb6d547733b9218d9638dca43f5296399 # 0.1.52 - with: - scan_target: "ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${{ env.IMAGE_TAG }}-extended-${{ matrix.ubuntu_version }}" - severity: "HIGH" - scan_type: image - format: table - report_suffix: ${{ matrix.ubuntu_version }}-edge-ai-dlstreamer-pipeline-server-extended - scan-scope: all - timeout: 20m - ignore_unfixed: true - - - name: Fail if vulnerabilities > 0 in Trivy results - run: | - for file in security-results/trivy/trivy-results-*; do - echo "📄 Checking $file" - cat "$file" - vuln_count=$(awk '/│/ && /Vulnerabilities/ {next} /│/ {gsub(/ /, "", $0); split($0, cols, "│"); print cols[4]}' "$file" | grep -v '-' | head -n 1) - echo "Found vulnerability count in $file: $vuln_count" - if [[ "$vuln_count" != "0" ]]; then - echo "❌ Vulnerabilities found in $file: $vuln_count" - exit 1 - fi - done - echo "✅ No vulnerabilities found in any image." - shell: bash - - - name: Push Docker img + - name: Build f41 img with cache from GHCR env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} + f41_img_cached: ghcr.io/${{ github.repository }}/f41-img:buildcache run: | - if [ "${{ matrix.ubuntu_version }}" == "ubuntu24" ]; then - docker tag ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-${{ matrix.ubuntu_version }} ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:latest - docker push ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:latest - fi - docker push ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-${{ matrix.ubuntu_version }} - docker push ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-extended-${{ matrix.ubuntu_version }} - - name: Install Cosign - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1 - - - name: Install skopeo - run: sudo apt update && sudo apt install -y skopeo jq + docker buildx build \ + --target dlstreamer \ + --cache-from="${f41_img_cached}" \ + --cache-to=type=registry,ref=${f41_img_cached},mode=max \ + -f ./dlstreamer-repo/docker/fedora41/fedora41.Dockerfile \ + ${{ env.DLS_REL_PATH }} - - name: Get image digest - id: digest - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} - run: | - IMAGE=ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-${{ matrix.ubuntu_version }} - DIGEST=$(skopeo inspect docker://$IMAGE | jq -r '.Digest') - echo "digest=$DIGEST" >> $GITHUB_OUTPUT - IMAGE=ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-extended-${{ matrix.ubuntu_version }} - DIGEST=$(skopeo inspect docker://$IMAGE | jq -r '.Digest') - echo "digest_extended=$DIGEST" >> $GITHUB_OUTPUT - if [ "${{ matrix.ubuntu_version }}" == "ubuntu24" ]; then - DIGEST_LATEST=$(skopeo inspect docker://ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:latest | jq -r '.Digest') - echo "digest_latest=$DIGEST_LATEST" >> $GITHUB_OUTPUT - fi - - name: Sign Docker image using Cosign (keyless) - env: - dlsps_img: ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server@${{ steps.digest.outputs.digest }} - dlsps_img_ext: ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server@${{ steps.digest.outputs.digest_extended }} - run: | - cosign sign --yes ${dlsps_img} - cosign sign --yes ${dlsps_img_ext} - - name: Sign Docker image using Cosign (keyless) (latest) - if: ${{ matrix.ubuntu_version == 'ubuntu24' }} - env: - dlsps_img: ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server@${{ steps.digest.outputs.digest_latest }} - run: | - cosign sign --yes ${dlsps_img} - name: Clean up if: always() - env: - IMAGE_TAG: ${{ env.IMAGE_TAG }} run: | - rm -rf edge-ai-libraries-repo - docker rmi ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-${{ matrix.ubuntu_version }} ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:latest || true - docker rmi ghcr.io/${{ github.repository }}/intel/edge-ai-dlstreamer-pipeline-server:${IMAGE_TAG}-extended-${{ matrix.ubuntu_version }} || true + rm -rf dlstreamer-repo From d1f067f93cccbb0a46c7bdbd4d9bf396401d5d80 Mon Sep 17 00:00:00 2001 From: nszczygl9 <118973656+nszczygl9@users.noreply.github.com> Date: Wed, 8 Apr 2026 14:29:47 +0200 Subject: [PATCH 2/6] install additional libraries --- .github/workflows/dls-build-fedora41-images.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/dls-build-fedora41-images.yaml b/.github/workflows/dls-build-fedora41-images.yaml index b3ee2de78..d18265328 100644 --- a/.github/workflows/dls-build-fedora41-images.yaml +++ b/.github/workflows/dls-build-fedora41-images.yaml @@ -18,6 +18,11 @@ jobs: contents: read packages: read steps: + - name: Install dependencies + run: | + dnf update -y + dnf install -y git docker + - name: Check out dlstreamer repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 with: From 2e3bfb7d626f086ccc092b67a4219a7ca2c614d2 Mon Sep 17 00:00:00 2001 From: nszczygl9 Date: Wed, 8 Apr 2026 22:44:58 +0200 Subject: [PATCH 3/6] Fix yamllint --- .../workflows/dls-build-fedora41-images.yaml | 132 +++++++++--------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/.github/workflows/dls-build-fedora41-images.yaml b/.github/workflows/dls-build-fedora41-images.yaml index d18265328..5029e9c9b 100644 --- a/.github/workflows/dls-build-fedora41-images.yaml +++ b/.github/workflows/dls-build-fedora41-images.yaml @@ -1,66 +1,66 @@ -name: "[DLS] [F41] Build F41 image" -run-name: "[DLS] [F41] Build F41 image (by ${{ github.actor }})" -on: - workflow_call: - workflow_dispatch: -permissions: {} - -env: - DLS_REL_PATH: "./dlstreamer" - -jobs: - build: - name: "Build f41 img" - runs-on: dlstreamer - container: - image: fedora:41 - permissions: - contents: read - packages: read - steps: - - name: Install dependencies - run: | - dnf update -y - dnf install -y git docker - - - name: Check out dlstreamer repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 - with: - persist-credentials: false - path: dlstreamer - - - name: Init submodules - run: | - cd dlstreamer - git submodule update --init thirdparty/spdlog - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #4.0.0 - - - name: Log in to GitHub Container Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #4.0.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: 🚢 Build f41 img with cache from GHCR - env: - f41_img: ghcr.io/${{ github.repository }}/f41-img:${{ github.sha }} - f41_img_cached: ghcr.io/${{ github.repository }}/f41-img:buildcache - run: | - docker buildx build \ - --load \ - --target dlstreamer \ - --tag "${f41_img}" \ - --cache-from="${f41_img_cached}" \ - -f ./dlstreamer/docker/fedora41/fedora41.Dockerfile \ - ${{ env.DLS_REL_PATH }} - - - name: Clean up - if: always() - env: - f41_img: ghcr.io/${{ github.repository }}/f41-img:${{ github.sha }} - run: | - rm -rf dlstreamer - docker rmi ${f41_img} || true +name: "[DLS] [F41] Build F41 image" +run-name: "[DLS] [F41] Build F41 image (by ${{ github.actor }})" +on: + workflow_call: + workflow_dispatch: +permissions: {} + +env: + DLS_REL_PATH: "./dlstreamer" + +jobs: + build: + name: "Build f41 img" + runs-on: dlstreamer + container: + image: fedora:41 + permissions: + contents: read + packages: read + steps: + - name: Install dependencies + run: | + dnf update -y + dnf install -y git docker + + - name: Check out dlstreamer repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 + with: + persist-credentials: false + path: dlstreamer + + - name: Init submodules + run: | + cd dlstreamer + git submodule update --init thirdparty/spdlog + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #4.0.0 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #4.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: 🚢 Build f41 img with cache from GHCR + env: + f41_img: ghcr.io/${{ github.repository }}/f41-img:${{ github.sha }} + f41_img_cached: ghcr.io/${{ github.repository }}/f41-img:buildcache + run: | + docker buildx build \ + --load \ + --target dlstreamer \ + --tag "${f41_img}" \ + --cache-from="${f41_img_cached}" \ + -f ./dlstreamer/docker/fedora41/fedora41.Dockerfile \ + ${{ env.DLS_REL_PATH }} + + - name: Clean up + if: always() + env: + f41_img: ghcr.io/${{ github.repository }}/f41-img:${{ github.sha }} + run: | + rm -rf dlstreamer + docker rmi ${f41_img} || true From 71ffb3861f4ceaa08a9b63ab8b61b2f0dcfb8076 Mon Sep 17 00:00:00 2001 From: nszczygl9 Date: Wed, 8 Apr 2026 22:53:33 +0200 Subject: [PATCH 4/6] modify weekly cache workflow --- .github/workflows/dls-build-fedora41-images.yaml | 2 +- .github/workflows/dls-weekly-cached-images.yaml | 11 ----------- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/.github/workflows/dls-build-fedora41-images.yaml b/.github/workflows/dls-build-fedora41-images.yaml index 5029e9c9b..eca800335 100644 --- a/.github/workflows/dls-build-fedora41-images.yaml +++ b/.github/workflows/dls-build-fedora41-images.yaml @@ -13,7 +13,7 @@ jobs: name: "Build f41 img" runs-on: dlstreamer container: - image: fedora:41 + image: fedora:41 permissions: contents: read packages: read diff --git a/.github/workflows/dls-weekly-cached-images.yaml b/.github/workflows/dls-weekly-cached-images.yaml index 8b2f1e9c3..608232238 100644 --- a/.github/workflows/dls-weekly-cached-images.yaml +++ b/.github/workflows/dls-weekly-cached-images.yaml @@ -4,14 +4,6 @@ on: schedule: - cron: '0 5 * * MON' # 5:00 UTC each Monday workflow_dispatch: - inputs: - action-type: - description: 'Choose if this run is weekly build or cache update' - required: true - type: choice - options: - - 'weekly' - - 'cache' permissions: {} env: dlstreamer-version: "2026.0.0" @@ -24,7 +16,6 @@ jobs: permissions: contents: read packages: write - id-token: write strategy: fail-fast: false matrix: @@ -79,7 +70,6 @@ jobs: permissions: contents: read packages: write - id-token: write strategy: fail-fast: false matrix: @@ -135,7 +125,6 @@ jobs: permissions: contents: read packages: write - id-token: write steps: - name: Initial environment clean run: | From 3300b579406c82270e3fbee82ab23e65af2a1921 Mon Sep 17 00:00:00 2001 From: nszczygl9 <118973656+nszczygl9@users.noreply.github.com> Date: Thu, 9 Apr 2026 10:22:43 +0200 Subject: [PATCH 5/6] fix copilot findings --- .github/workflows/dls-build-fedora41-images.yaml | 2 +- .github/workflows/dls-weekly-cached-images.yaml | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dls-build-fedora41-images.yaml b/.github/workflows/dls-build-fedora41-images.yaml index eca800335..7535bacf0 100644 --- a/.github/workflows/dls-build-fedora41-images.yaml +++ b/.github/workflows/dls-build-fedora41-images.yaml @@ -53,7 +53,7 @@ jobs: --load \ --target dlstreamer \ --tag "${f41_img}" \ - --cache-from="${f41_img_cached}" \ + --cache-from=type=registry,ref="${f41_img_cached}" \ -f ./dlstreamer/docker/fedora41/fedora41.Dockerfile \ ${{ env.DLS_REL_PATH }} diff --git a/.github/workflows/dls-weekly-cached-images.yaml b/.github/workflows/dls-weekly-cached-images.yaml index 608232238..8fb13daeb 100644 --- a/.github/workflows/dls-weekly-cached-images.yaml +++ b/.github/workflows/dls-weekly-cached-images.yaml @@ -53,7 +53,7 @@ jobs: docker buildx build \ --target dlstreamer \ --cache-to=type=registry,ref=${deb_final_img_cached},mode=max \ - --cache-from="${deb_final_img_cached}" \ + --cache-from=type=registry,ref=${deb_final_img_cached} \ --build-arg DLSTREAMER_VERSION=${{ env.dlstreamer-version }} \ --build-arg DLSTREAMER_BUILD_NUMBER=deb-pkg-${{ matrix.ubuntu_version }} \ -f ${{ matrix.path_dockerfile }} \ @@ -157,8 +157,9 @@ jobs: run: | docker buildx build \ --target dlstreamer \ - --cache-from="${f41_img_cached}" \ - --cache-to=type=registry,ref=${f41_img_cached},mode=max \ + --cache-from=type=registry,ref=${f41_img_cached} \ + --cache-to=type=registry,ref=${f41_img_cached},mode=max \ + --build-arg DLSTREAMER_BUILD_NUMBER=${{ github.run_number }} \ -f ./dlstreamer-repo/docker/fedora41/fedora41.Dockerfile \ ${{ env.DLS_REL_PATH }} From 25d44739c0da76fd82705fa03bf48b6f6c827c17 Mon Sep 17 00:00:00 2001 From: nszczygl9 <118973656+nszczygl9@users.noreply.github.com> Date: Thu, 9 Apr 2026 10:29:12 +0200 Subject: [PATCH 6/6] fix yamllint --- .github/workflows/dls-weekly-cached-images.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dls-weekly-cached-images.yaml b/.github/workflows/dls-weekly-cached-images.yaml index 8fb13daeb..c9c33d0e0 100644 --- a/.github/workflows/dls-weekly-cached-images.yaml +++ b/.github/workflows/dls-weekly-cached-images.yaml @@ -158,8 +158,8 @@ jobs: docker buildx build \ --target dlstreamer \ --cache-from=type=registry,ref=${f41_img_cached} \ - --cache-to=type=registry,ref=${f41_img_cached},mode=max \ - --build-arg DLSTREAMER_BUILD_NUMBER=${{ github.run_number }} \ + --cache-to=type=registry,ref=${f41_img_cached},mode=max \ + --build-arg DLSTREAMER_BUILD_NUMBER=${{ github.run_number }} \ -f ./dlstreamer-repo/docker/fedora41/fedora41.Dockerfile \ ${{ env.DLS_REL_PATH }}