forked from isaac-sim/IsaacLab
-
Notifications
You must be signed in to change notification settings - Fork 0
170 lines (143 loc) · 6.33 KB
/
postmerge-ci.yml
File metadata and controls
170 lines (143 loc) · 6.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# Copyright (c) 2022-2026, The Isaac Lab Project Developers (https://github.com/isaac-sim/IsaacLab/blob/main/CONTRIBUTORS.md).
# All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
name: Post-Merge CI
on:
push:
branches:
- main
- devel
- release/**
# Concurrency control to prevent parallel runs
concurrency:
group: postmerge-ci-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
env:
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
ISAACSIM_BASE_IMAGE: ${{ vars.ISAACSIM_BASE_IMAGE || 'nvcr.io/nvidia/isaac-sim' }}
ISAACSIM_BASE_VERSIONS_STRING: ${{ vars.ISAACSIM_BASE_VERSIONS_STRING || '5.1.0' }}
ISAACLAB_IMAGE_NAME: ${{ vars.ISAACLAB_IMAGE_NAME || 'isaac-lab-base' }}
jobs:
build-and-push-images:
runs-on: [self-hosted, gpu]
timeout-minutes: 180
environment:
name: postmerge-production
url: https://github.com/${{ github.repository }}
env:
DOCKER_HOST: unix:///var/run/docker.sock
DOCKER_TLS_CERTDIR: ""
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
lfs: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64,linux/arm64
driver-opts: |
image=moby/buildkit:buildx-stable-1
- name: Login to NGC
run: |
# Only attempt NGC login if API key is available
if [ -n "${{ env.NGC_API_KEY }}" ]; then
echo "Logging into NGC registry..."
docker login -u \$oauthtoken -p ${{ env.NGC_API_KEY }} nvcr.io
echo "✅ Successfully logged into NGC registry"
else
echo "⚠️ NGC_API_KEY not available - skipping NGC login"
echo "This is normal when secrets are not configured"
fi
- name: Build and Push Docker Images
run: |
# Determine branch name
BRANCH_NAME="${{ github.ref_name }}"
# Replace '/' with '-' and remove any invalid characters for Docker tag
SAFE_BRANCH_NAME=$(echo $BRANCH_NAME | sed 's/[^a-zA-Z0-9._-]/-/g')
# Use "latest" if branch name is empty or only contains invalid characters
if [ -z "$SAFE_BRANCH_NAME" ]; then
SAFE_BRANCH_NAME="latest"
fi
# Get the git repository short name
REPO_SHORT_NAME="${{ github.event.repository.name }}"
if [ -z "$REPO_SHORT_NAME" ]; then
REPO_SHORT_NAME="verification"
fi
echo "Building images for branch: $BRANCH_NAME"
echo "Safe branch name: $SAFE_BRANCH_NAME"
echo "Repository name: $REPO_SHORT_NAME"
echo "IsaacSim versions: ${{ env.ISAACSIM_BASE_VERSIONS_STRING }}"
# Parse the env variable string into an array
IMAGE_BASE_VERSIONS_STRING="${{ env.ISAACSIM_BASE_VERSIONS_STRING }}"
# Use set to split the string into positional parameters, then convert to array
set -- $IMAGE_BASE_VERSIONS_STRING
IMAGE_BASE_VERSIONS=("$@")
for IMAGE_BASE_VERSION in "${IMAGE_BASE_VERSIONS[@]}"; do
IMAGE_BASE_VERSION=$(echo "$IMAGE_BASE_VERSION" | tr -d '[:space:]')
# Skip empty versions
if [ -z "$IMAGE_BASE_VERSION" ]; then
continue
fi
# Combine repo short name and branch name for the tag
COMBINED_TAG="${REPO_SHORT_NAME}-${SAFE_BRANCH_NAME}-${IMAGE_BASE_VERSION}"
BUILD_TAG="${COMBINED_TAG}-b${{ github.run_number }}"
# Determine if multiarch is supported by inspecting the base image manifest
echo "Checking if base image supports multiarch..."
BASE_IMAGE_FULL="${{ env.ISAACSIM_BASE_IMAGE }}:${IMAGE_BASE_VERSION}"
# Get architectures from the base image manifest
ARCHITECTURES=$(docker manifest inspect "$BASE_IMAGE_FULL" 2>/dev/null | grep -o '"architecture": "[^"]*"' | cut -d'"' -f4 | sort -u)
if [ -z "$ARCHITECTURES" ]; then
echo "Could not inspect base image manifest: $BASE_IMAGE_FULL"
echo "Defaulting to AMD64 only for safety"
BUILD_PLATFORMS="linux/amd64"
else
echo "Base image architectures found:"
echo "$ARCHITECTURES" | sed 's/^/ - /'
# Check if both amd64 and arm64 are present
HAS_AMD64=$(echo "$ARCHITECTURES" | grep -c "amd64" || true)
HAS_ARM64=$(echo "$ARCHITECTURES" | grep -c "arm64" || true)
if [ "$HAS_AMD64" -gt 0 ] && [ "$HAS_ARM64" -gt 0 ]; then
echo "Base image supports multiarch (amd64 + arm64)"
BUILD_PLATFORMS="linux/amd64,linux/arm64"
elif [ "$HAS_AMD64" -gt 0 ]; then
echo "Base image only supports amd64"
BUILD_PLATFORMS="linux/amd64"
elif [ "$HAS_ARM64" -gt 0 ]; then
echo "Base image only supports arm64"
BUILD_PLATFORMS="linux/arm64"
else
echo "Unknown architecture support, defaulting to amd64"
BUILD_PLATFORMS="linux/amd64"
fi
fi
echo "Building image: ${{ env.ISAACLAB_IMAGE_NAME }}:$COMBINED_TAG"
echo "IsaacSim version: $IMAGE_BASE_VERSION"
echo "Base image: $BASE_IMAGE_FULL"
echo "Target platforms: $BUILD_PLATFORMS"
# Build Docker image once with both tags for multiple architectures
docker buildx build \
--platform $BUILD_PLATFORMS \
--progress=plain \
-t ${{ env.ISAACLAB_IMAGE_NAME }}:$COMBINED_TAG \
-t ${{ env.ISAACLAB_IMAGE_NAME }}:$BUILD_TAG \
--build-arg ISAACSIM_BASE_IMAGE_ARG=${{ env.ISAACSIM_BASE_IMAGE }} \
--build-arg ISAACSIM_VERSION_ARG=$IMAGE_BASE_VERSION \
--build-arg ISAACSIM_ROOT_PATH_ARG=/isaac-sim \
--build-arg ISAACLAB_PATH_ARG=/workspace/isaaclab \
--build-arg DOCKER_USER_HOME_ARG=/root \
--cache-from type=gha \
--cache-to type=gha,mode=max \
-f docker/Dockerfile.base \
--push .
echo "✅ Successfully built and pushed: ${{ env.ISAACLAB_IMAGE_NAME }}:$COMBINED_TAG (platforms: $BUILD_PLATFORMS)"
echo "✅ Successfully built and pushed: ${{ env.ISAACLAB_IMAGE_NAME }}:$BUILD_TAG (platforms: $BUILD_PLATFORMS)"
done