Continuous Integration, Github Packaging and Deployment - ashBabu/Utilities GitHub Wiki

# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions

name: Deploy to GHCR
on:
  push:
    branches: ['release']
env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
jobs:
  build:
    runs-on: ubuntu-20.04 # ubuntu-latest (22.04)
    steps:
      - name: Checkout repository with submodules
        uses: actions/checkout@v3
        with:
          submodules: recursive
      - name: Checkout private repositories
        uses: actions/checkout@v3
        with:
          repository: ashbabu/continuum_robot
          path: catkin_ws/src/continuum_robot
          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
          ref: "release"
      - name: Log in to the Container registry
        uses: docker/login-action@v2
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: ghcr.io/ashbabu/continuum_robot:latest
          secrets: |
            GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
#        run: |
#          docker build . --tag ghcr.io/ashbabu/continuum_robot:latest
#          docker push ghcr.io/ashbabu/continuum_robot:latest

Some explanations

1.

      - name: Checkout private repositories
        uses: actions/checkout@v3
        with:
          repository: ashbabu/continuum_robot
          path: catkin_ws/src/continuum_robot
          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
          ref: "release"

Here continuum_robot is a private repository owned by ashbabu. The best way to checkout (or git clone) such a repository is as follows.

  • Create a new SSH key pair (example_ssh_key and example_ssh_key.pub) on your computer as in here.

  • Put the public key (example_ssh_key.pub) in the private dependency repo's Deploy keys here

  • Put the private key (example_ssh_key) in the app repo's Actions secrets under the name SSH_PRIVATE_KEY here

  • ref is for the branch name to checkout

2.

      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: ghcr.io/ashbabu/continuum_robot:latest
          secrets: |
            GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}

In the Dockerfile, there is a line COPY catkin_ws/src/continuum_robot /root/catkin_ws/src/. Here, catkin_ws/src/continuum_robot is where our private repository is checked out. To have this available for docker to see it, the line context: . is provided.

3.

  • Follow this to link your repository to the package that you have created

Method 2: clone a private repo

In this Dockerfile, the github workflow sets the ARG for the Dockerfile. The most important thing here is the GH_TOKEN which set by

  • Adding a New repository secret under the corresponding repository with the name GH_TOKEN or anything and value as your Personal Access Token image

Deployment

  • Install Docker and run sudo usermod -aG docker $USER, reboot.

  • create a new branch release

  • This on push will ensure that any update to the release branch would trigger a workflow run

  • In general, deployment requires the most updated version of the codes. These will be available in main only after a PR is merged. So running github actions on main does not make sense or only after the PR is merged. But when we make a release, make sure a significant change is done to the code by merging a few PRs. This is the reason why a release branch is created.

  • Make sure that the above steps in Method 2 are followed that it clones the most updated version of the code inside docker.

  • Another important file is the docker_startup.sh

    1. Here, the idea is to start a ros2 launch in the docker terminal only when the lidar is switched on. This is ensured by pinging the lidar's static IP.
    2. Use auto_deploy.sh and run it on the host for deployment. This changes permission of the host saved_data directory so that the container can write to it. Some of the argument are
    • -d will run in detached mode
    • --restart unless-stopped ensures that the docker run is automatically started even after a reboot of host.
    • --net=host ensures that the lidar ip is detected inside the docker same as host
    • -v /home/$USER/Downloads/saved_data:/home/headlightai/saved_data/, Here headlightai is the username created in the Dockerfile by the action. In this particular case, the host's Downloads folder will have files saved by the docker container
    • If USB devices are to be passed on to the container from host, then create udev

  • To stop the docker container, run docker stop container_name

  • To get logs from the container, run docker logs container_name

To update the docker container

  • docker stop hai-slam-container
  • docker rm hai-slam-container
  • docker pull ghcr.io/headlightai/slam-ros2-deploy:latest
  • /usr/bin/docker run -dit --restart unless-stopped --name hai-slam-container --net=host -v /home/$USER/Documents:/home/headlightai/saved_pcds/ ghcr.io/headlightai/slam-ros2-deploy:latest

Getting USB devices to be detected on Docker

  • ls -l /dev | grep USB just check if USB is detected inside docker
  • sudo usermod -aG dialout $USER
  • sudo chmod 666 /dev/ttyUSB0 Running docker with --device=/dev/ttyUSB0:/dev/ttyUSB0 will remove the error "Unable to open port". To permanently add udev rules, follow Add Udev