eclipse-pullpiri · youngtaekiim · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025
diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml
@@ -0,0 +1,72 @@
+name: Build and Push Container Images
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+permissions:
+  packages: write
+
+env:
+  ContainerRegistry: "ghcr.io"
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # -------- Build and Push: Server --------
+      - name: Build and push Server multi-arch image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: containers/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          build-args: |
+            COMPONENT=server
+            TARGETARCH
+          tags: ${{ env.ContainerRegistry }}/${{ env.IMAGE_NAME }}-server:${{ github.ref_name }}
+
+      # -------- Build and Push: Agent --------
+      - name: Build and push Agent multi-arch image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: containers/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          build-args: |
+            COMPONENT=agent
+            TARGETARCH
+          tags: ${{ env.ContainerRegistry }}/${{ env.IMAGE_NAME }}-agent:${{ github.ref_name }}
+
+      # -------- Build and Push: Player --------
+      - name: Build and push Player multi-arch image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: containers/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          build-args: |
+            COMPONENT=player
+            TARGETARCH
+          tags: ${{ env.ContainerRegistry }}/${{ env.IMAGE_NAME }}-player:${{ github.ref_name }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,85 +1,82 @@
 name: Release
 
-# Trigger the workflow only when a new tag starting with "v" is pushed (e.g., v1.0.0)
+# 🔁 Trigger this workflow only when a new Git tag starting with 'v' is pushed (e.g., v1.0.0)
 on:
   push:
     tags:
       - v*
 
-# Prevent duplicate jobs running for same tag; cancel in-progress if newer tag is pushed
+# 🚦 Cancel any in-progress runs if a new tag is pushed for the same release group
 concurrency:
   group: "release-${{ github.head_ref || github.ref }}"
   cancel-in-progress: true
 
 jobs:
-  # Run the main Rust CI checks (tests, formatting, lint, etc.)
+  # ✅ Step 1: Run full CI to validate Rust codebase (formatting, clippy, tests)
   run-rust-ci:
     uses: ./.github/workflows/run-ci.yml
 
-  # Run Rust documentation lint checks
+  # 📚 Step 2: Validate Markdown and documentation formatting
   run-doc-lint:
     uses: ./.github/workflows/run-doc.yml
 
-  # Run YAML syntax and structure validation
+  # 🧾 Step 3: Validate all YAML syntax (configs, workflows, etc.)
   run-yaml-validation:
     uses: ./.github/workflows/run-validate.yml
 
-  # Generate license reports using cargo-about
+  # 📄 Step 4: Generate open source license metadata via `cargo-about`
   run-license-report:
     uses: ./.github/workflows/run-license-check.yml
 
-  # Main job to gather reports and publish artifacts to the GitHub release
+  # 📦 Step 5: Collect all generated artifacts and publish to GitHub Release
   tag_release_artifacts:
-    # Run this job only for version tag pushes
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
     name: Collect and upload release artifacts
     runs-on: ubuntu-latest
 
-    # Ensure all upstream jobs complete successfully before running this one
+    # ✅ Only run this if triggered by a version tag push
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+
+    # 📋 Wait for all required jobs to complete successfully
     needs:
       - run-rust-ci
       - run-doc-lint
       - run-yaml-validation
       - run-license-report
 
-    # Grant full write access for upload operations
     permissions: write-all
 
     steps:
-      # Checkout code and all submodules
+      # ⬇️ Checkout code with submodules
       - uses: actions/checkout@v4
         with:
           submodules: "recursive"
 
-      # Download deny-check report generated in prior jobs
+      # 🧾 Download all reports generated in prior steps
       - name: Download deny report
         uses: actions/download-artifact@v4
         with:
           name: deny-report
           path: dist/reports/deny/
 
-      # Download formatting (cargo fmt) report
       - name: Download fmt report
         uses: actions/download-artifact@v4
         with:
           name: fmt-report
           path: dist/reports/fmt/
 
-      # Download test reports (Junit XML)
       - name: Download test report
         uses: actions/download-artifact@v4
         with:
           name: test-report
           path: dist/tests/
-
-      # Download license HTML report
+
       - name: Download license report
         uses: actions/download-artifact@v4
         with:
           name: license-report
           path: dist/licenses/
 
-      # Upload deny report to the GitHub release assets
+      # 📤 Upload all reports as GitHub Release assets
       - name: Upload deny report to release
         uses: svenstaro/upload-release-action@v2
         id: upload_deny_report
@@ -88,7 +85,6 @@ jobs:
           file: dist/reports/deny/deny_summary.md
           tag: ${{ github.ref }}
 
-      # Upload formatting (cargo fmt) report
       - name: Upload fmt report to release
         uses: svenstaro/upload-release-action@v2
         id: upload_fmt_report
@@ -97,7 +93,6 @@ jobs:
           file: dist/reports/fmt/fmt_summary.md
           tag: ${{ github.ref }}
 
-      # Upload the combined JUnit test report XML
       - name: Upload test report to release
         uses: svenstaro/upload-release-action@v2
         id: upload_test_report
@@ -106,8 +101,7 @@ jobs:
           file: dist/tests/test_summary.xml
           file_glob: true
           tag: ${{ github.ref }}
-
-      # Upload license HTML report (e.g., for apiserver)
+
       - name: Upload license report to release
         uses: svenstaro/upload-release-action@v2
         id: upload_license_report
@@ -117,14 +111,14 @@ jobs:
           file_glob: true
           tag: ${{ github.ref }}
 
-      # Fetch details of the latest release (needed for quevee)
+      # ℹ️ Fetch latest release metadata (used by quality manifest tool)
       - name: Gets latest created release info
         id: latest_release_info
         uses: joutvhu/get-release@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      
-      # Upload README file to release assets
+
+      # 📘 Upload helpful documentation and compliance files
       - name: Upload README to release
         uses: svenstaro/upload-release-action@v2
         id: upload_readme
@@ -133,7 +127,6 @@ jobs:
           file: README.md
           tag: ${{ github.ref }}
 
-      # Upload coding rules or guidelines to release assets
       - name: Upload Coding Guidelines to release
         uses: svenstaro/upload-release-action@v2
         id: upload_coding_guidelines
@@ -142,23 +135,20 @@ jobs:
           file: src/coding-rule.md
           tag: ${{ github.ref }}
 
-      # Upload release process to release assets
       - name: Upload Release Process to release
         uses: svenstaro/upload-release-action@v2
         id: upload_release_process
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           file: .github/workflows/release.yml
           tag: ${{ github.ref }}
-      
-      # Step to create a compressed archive of the entire 'doc/' folder
+
+      # 📦 Archive the entire doc folder for easy release viewing
       - name: Archive doc folder
         shell: bash
         run: |
-          # Create a tar.gz archive named 'doc-archive.tar.gz' containing everything in 'doc/'
           tar czf doc-archive.tar.gz doc/
 
-      # Step to upload the archived docs as a release asset to the current Git tag release
       - name: Upload doc archive to release
         uses: svenstaro/upload-release-action@v2
         id: upload_doc
@@ -167,7 +157,7 @@ jobs:
           file: doc-archive.tar.gz
           tag: ${{ github.ref }}
 
-      # Generate a quality manifest (quality metadata file) using Eclipse Dash QueVee
+      # 🧠 Generate quality manifest using Eclipse Dash QueVee
       - name: Collect quality artifacts with quevee
         id: quevee_manifest
         uses: eclipse-dash/quevee@v1
@@ -178,12 +168,25 @@ jobs:
           artifacts_release_process: ${{ steps.upload_release_process.outputs.browser_download_url }} 
           artifacts_documentation: ${{ steps.upload_doc.outputs.browser_download_url }}
           artifacts_requirements: ${{ steps.upload_doc.outputs.browser_download_url }}
-          artifacts_testing: ${{ steps.upload_test_report.outputs.browser_download_url }}, ${{ steps.upload_license_report.outputs.browser_download_url }}, ${{ steps.upload_fmt_report.outputs.browser_download_url }}, ${{ steps.upload_deny_report.outputs.browser_download_url }} 
+          artifacts_testing: >
+            ${{ steps.upload_test_report.outputs.browser_download_url }},
+            ${{ steps.upload_license_report.outputs.browser_download_url }},
+            ${{ steps.upload_fmt_report.outputs.browser_download_url }},
+            ${{ steps.upload_deny_report.outputs.browser_download_url }}
 
-      # Upload the final manifest file (produced by quevee) to the GitHub release
+      # 📤 Upload the generated quality manifest to GitHub Release
       - name: Upload quality manifest to release
         uses: svenstaro/upload-release-action@v2
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           file: ${{ steps.quevee_manifest.outputs.manifest_file }}
           tag: ${{ github.ref }}
+
+  # 🐳 Final Step: Build and push multi-arch container images to GHCR
+  build-and-push-container:
+    name: Build and Push Container Image
+    uses: ./.github/workflows/build-container.yml
+    needs:
+      - tag_release_artifacts
+    permissions:
+      packages: write
diff --git a/containers/Dockerfile b/containers/Dockerfile
@@ -0,0 +1,86 @@
+# SPDX-FileCopyrightText: Copyright 2024 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+############################
+# === Build Stage ===
+############################
+FROM rust:1.85.0-slim AS builder
+
+ARG COMPONENT
+ARG TARGETARCH
+
+ENV COMPONENT=${COMPONENT}
+ENV TARGETARCH=${TARGETARCH}
+
+WORKDIR /pullpiri
+
+# Copy shared and component-specific source code into container
+COPY ./src/common /pullpiri/common
+COPY ./src/${COMPONENT} /pullpiri/${COMPONENT}
+
+# Install necessary libraries and build component
+RUN apt update -y && \
+    apt install -y \
+      libdbus-1-dev \
+      pkg-config \
+      protobuf-compiler \
+      libssl-dev && \
+    cd /pullpiri/${COMPONENT} && \
+    cargo build --release
+
+# Prepare glibc shared libraries for static alpine runtime
+WORKDIR /dummy
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        ITEMARCH="x86_64"; \
+        mkdir -p /dummy/lib64 /dummy/${ITEMARCH}-linux-gnu/ && \
+        cp -v /lib64/ld-linux-x86-64.so.2 /dummy/lib64/ || true && \
+        cp -v /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 /dummy/${ITEMARCH}-linux-gnu/ || true; \
+    elif [ "$TARGETARCH" = "arm64" ]; then \
+        ITEMARCH="aarch64"; \
+        mkdir -p /dummy/${ITEMARCH}-linux-gnu/ && \
+        cp -v /lib/aarch64-linux-gnu/ld-linux-aarch64.so.1 /dummy/${ITEMARCH}-linux-gnu/ || true && \
+        cp -v /lib/ld-linux-aarch64.so.1 /dummy/ || true; \
+    else \
+        echo "Unsupported architecture: $TARGETARCH" && exit 1; \
+    fi && \
+    for lib in \
+        libc.so.6 libcap.so.2 libdbus-1.so.3 libgcc_s.so.1 \
+        libgcrypt.so.20 libgpg-error.so.0 liblzma.so.5 \
+        liblz4.so.1 libm.so.6 libsystemd.so.0 libzstd.so.1; do \
+        cp -v /lib/${ITEMARCH}-linux-gnu/$lib* /dummy/${ITEMARCH}-linux-gnu/ || true; \
+    done
+
+############################
+# === Runtime Stage ===
+############################
+FROM alpine:3.21.3
+
+ARG COMPONENT
+ARG TARGETARCH
+
+ENV COMPONENT=${COMPONENT}
+ENV TARGETARCH=${TARGETARCH}
+
+WORKDIR /pullpiri
+
+# Copy runtime shared libraries
+COPY --from=builder /dummy /lib
+
+# Ensure dynamic linker is in correct place for glibc-based binaries
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        mkdir -p /lib64 && \
+        cp -v /lib/lib64/ld-linux-x86-64.so.2 /lib64/ || true; \
+    elif [ "$TARGETARCH" = "arm64" ]; then \
+        echo "Using aarch64 runtime"; \
+    else \
+        echo "Unsupported architecture: $TARGETARCH" && exit 1; \
+    fi
+
+# Copy built Rust binary
+COPY --from=builder /pullpiri/${COMPONENT}/target/release/ /pullpiri/
+
+# Copy shared runtime config
+COPY ./src/settings.yaml .
+
+# Entry point
+CMD ["sh"]