Updates pre-merge and post-merge CI (#1118)

# Description - Improving CI code formatting and readability - Updated AMI: nvidia-container-toolkit vulnerability fix - Making Isaac SIM base image an argument in Dockerfile --------- Co-authored-by: Alexander Poddubny <apoddubny@apoddubny-mlt.client.nvidia.com> Co-authored-by: David Hoeller <dhoeller@nvidia.com>

Updates pre-merge and post-merge CI (#1118)
# Description - Improving CI code formatting and readability - Updated AMI: nvidia-container-toolkit vulnerability fix - Making Isaac SIM base image an argument in Dockerfile --------- Co-authored-by: Alexander Poddubny <apoddubny@apoddubny-mlt.client.nvidia.com> Co-authored-by: David Hoeller <dhoeller@nvidia.com>
225a8961 · Alexander Poddubny · GitHub · 0ef582ba · 225a8961 · 225a8961
Unverified Commit 225a8961 authored Oct 07, 2024 by Alexander Poddubny Committed by GitHub Oct 07, 2024
6 changed files
--- a/.github/workflows/postmerge-ci-buildspec.yml
+++ b/.github/workflows/postmerge-ci-buildspec.yml
@@ -3,10 +3,42 @@ version: 0.2
 phases:
  build:
    commands:
-      - echo "Building a docker image"
+      - echo "Building and pushing Docker image"
-      - docker login -u \$oauthtoken -p $NGC_TOKEN nvcr.io
+      - |
-      - docker build -t $IMAGE_NAME:latest-1.2 --build-arg ISAACSIM_VERSION_ARG=4.2.0 --build-arg ISAACSIM_ROOT_PATH_ARG=/isaac-sim --build-arg ISAACLAB_PATH_ARG=/workspace/isaaclab --build-arg DOCKER_USER_HOME_ARG=/root -f docker/Dockerfile.base .
+        # Determine branch name or use fallback
-      - echo "Pushing the docker image"
+        if [ -n "$CODEBUILD_WEBHOOK_HEAD_REF" ]; then
-      - docker push $IMAGE_NAME:latest-1.2
+          BRANCH_NAME=$(echo $CODEBUILD_WEBHOOK_HEAD_REF | sed 's/refs\/heads\///')
-      - docker tag $IMAGE_NAME:latest-1.2 $IMAGE_NAME:latest-1.2-b$CODEBUILD_BUILD_NUMBER
+        elif [ -n "$CODEBUILD_SOURCE_VERSION" ]; then
-      - docker push $IMAGE_NAME:latest-1.2-b$CODEBUILD_BUILD_NUMBER
+          BRANCH_NAME=$CODEBUILD_SOURCE_VERSION
+        else
+          BRANCH_NAME="unknown"
+        fi
+        # Replace '/' with '-' and remove any invalid characters for Docker tag
+        SAFE_BRANCH_NAME=$(echo $BRANCH_NAME | sed 's/[^a-zA-Z0-9._-]/-/g')
+        # Use "latest" if branch name is empty or only contains invalid characters
+        if [ -z "$SAFE_BRANCH_NAME" ]; then
+          SAFE_BRANCH_NAME="latest"
+        fi
+        # Get the git repository short name
+        REPO_SHORT_NAME=$(basename -s .git `git config --get remote.origin.url`)
+        if [ -z "$REPO_SHORT_NAME" ]; then
+          REPO_SHORT_NAME="verification"
+        fi
+        # Combine repo short name and branch name for the tag
+        COMBINED_TAG="${REPO_SHORT_NAME}-${SAFE_BRANCH_NAME}"
+        docker login -u \$oauthtoken -p $NGC_TOKEN nvcr.io
+        docker build -t $IMAGE_NAME:$COMBINED_TAG \
+          --build-arg ISAACSIM_BASE_IMAGE_ARG=$ISAACSIM_BASE_IMAGE \
+          --build-arg ISAACSIM_VERSION_ARG=4.2.0 \
+          --build-arg ISAACSIM_ROOT_PATH_ARG=/isaac-sim \
+          --build-arg ISAACLAB_PATH_ARG=/workspace/isaaclab \
+          --build-arg DOCKER_USER_HOME_ARG=/root \
+          -f docker/Dockerfile.base .
+        docker push $IMAGE_NAME:$COMBINED_TAG
+        docker tag $IMAGE_NAME:$COMBINED_TAG $IMAGE_NAME:$COMBINED_TAG-b$CODEBUILD_BUILD_NUMBER
+        docker push $IMAGE_NAME:$COMBINED_TAG-b$CODEBUILD_BUILD_NUMBER
--- a/.github/workflows/premerge-ci-buildspec.yml
+++ b/.github/workflows/premerge-ci-buildspec.yml
@@ -4,15 +4,39 @@ phases:
  pre_build:
    commands:
      - echo "Launching EC2 instance to run tests"
-      - INSTANCE_ID=$(aws ec2 run-instances --image-id ami-0f7f7fb14ee15d5ae --count 1 --instance-type g5.2xlarge --key-name production/ssh/isaaclab --security-group-ids sg-02617e4b8916794c4 --subnet-id subnet-0907ceaeb40fd9eac --block-device-mappings 'DeviceName=/dev/sda1,Ebs={VolumeSize=500}' --output text --query 'Instances[0].InstanceId')
+      - |
+        INSTANCE_ID=$(aws ec2 run-instances \
+          --image-id ami-0b3a9d48380433e49 \
+          --count 1 \
+          --instance-type g5.2xlarge \
+          --key-name production/ssh/isaaclab \
+          --security-group-ids sg-02617e4b8916794c4 \
+          --subnet-id subnet-0907ceaeb40fd9eac \
+          --block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs":{"VolumeSize":500}}]' \
+          --output text \
+          --query 'Instances[0].InstanceId')
      - aws ec2 wait instance-running --instance-ids $INSTANCE_ID
-      - EC2_INSTANCE_IP=$(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=instance-id,Values=$INSTANCE_ID" --query 'Reservations[*].Instances[*].[PrivateIpAddress]' --output text)
+      - |
+        EC2_INSTANCE_IP=$(aws ec2 describe-instances \
+          --filters "Name=instance-state-name,Values=running" "Name=instance-id,Values=$INSTANCE_ID" \
+          --query 'Reservations[*].Instances[*].[PrivateIpAddress]' \
+          --output text)
      - mkdir -p ~/.ssh
-      - aws ec2 describe-key-pairs --include-public-key --key-name production/ssh/isaaclab --query 'KeyPairs[0].PublicKey' --output text > ~/.ssh/id_rsa.pub
+      - |
-      - aws secretsmanager get-secret-value --secret-id production/ssh/isaaclab --query SecretString --output text > ~/.ssh/id_rsa
+        aws ec2 describe-key-pairs --include-public-key --key-name production/ssh/isaaclab \
+          --query 'KeyPairs[0].PublicKey' --output text > ~/.ssh/id_rsa.pub
+      - |
+        aws secretsmanager get-secret-value --secret-id production/ssh/isaaclab \
+          --query SecretString --output text > ~/.ssh/id_rsa
      - chmod 400 ~/.ssh/id_*
      - echo "Host $EC2_INSTANCE_IP\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
-      - aws ec2-instance-connect send-ssh-public-key --instance-id $INSTANCE_ID --availability-zone us-west-2a --ssh-public-key file://~/.ssh/id_rsa.pub --instance-os-user ubuntu
+      - |
+        aws ec2-instance-connect send-ssh-public-key \
+          --instance-id $INSTANCE_ID \
+          --availability-zone us-west-2a \
+          --ssh-public-key file://~/.ssh/id_rsa.pub \
+          --instance-os-user ubuntu
  build:
    commands:
      - echo "Running tests on EC2 instance"
@@ -40,10 +64,20 @@ phases:
        retry_scp
        '
      - ssh ubuntu@$EC2_INSTANCE_IP "docker login -u \\\$oauthtoken -p $NGC_TOKEN nvcr.io"
-      - ssh ubuntu@$EC2_INSTANCE_IP "cd $SRC_DIR;
+      - |
-          DOCKER_BUILDKIT=1 docker build -t isaac-lab-dev --build-arg ISAACSIM_VERSION_ARG=4.2.0 --build-arg ISAACSIM_ROOT_PATH_ARG=/isaac-sim --build-arg ISAACLAB_PATH_ARG=/workspace/isaaclab --build-arg DOCKER_USER_HOME_ARG=/root -f docker/Dockerfile.base . ;
+        ssh ubuntu@$EC2_INSTANCE_IP "
-          docker run --rm --entrypoint bash --gpus all --network=host --name isaac-lab-test isaac-lab-dev ./isaaclab.sh -t &&
+          cd $SRC_DIR
-          exit $?"
+          DOCKER_BUILDKIT=1 docker build -t isaac-lab-dev \
+            --build-arg ISAACSIM_BASE_IMAGE_ARG=$ISAACSIM_BASE_IMAGE \
+            --build-arg ISAACSIM_VERSION_ARG=4.2.0 \
+            --build-arg ISAACSIM_ROOT_PATH_ARG=/isaac-sim \
+            --build-arg ISAACLAB_PATH_ARG=/workspace/isaaclab \
+            --build-arg DOCKER_USER_HOME_ARG=/root \
+            -f docker/Dockerfile.base .
+          docker run --rm --entrypoint bash --gpus all --network=host \
+            --name isaac-lab-test isaac-lab-dev ./isaaclab.sh -t && exit \$?
+        "
  post_build:
    commands:
      - echo "Terminating EC2 instance"

--- a/docker/.env.base
+++ b/docker/.env.base
@@ -4,6 +4,8 @@
 # Accept the NVIDIA Omniverse EULA by default
 ACCEPT_EULA=Y
+# NVIDIA Isaac Sim base image
+ISAACSIM_BASE_IMAGE=nvcr.io/nvidia/isaac-sim
 # NVIDIA Isaac Sim version to use (e.g. 4.2.0)
 ISAACSIM_VERSION=4.2.0
 # Derived from the default path in the NVIDIA provided Isaac Sim container

--- a/docker/Dockerfile.base
+++ b/docker/Dockerfile.base
@@ -7,8 +7,9 @@
 # Please check above link for license information.
 # Base image
+ARG ISAACSIM_BASE_IMAGE_ARG
 ARG ISAACSIM_VERSION_ARG
-FROM nvcr.io/nvidia/isaac-sim:${ISAACSIM_VERSION_ARG} AS base
+FROM ${ISAACSIM_BASE_IMAGE_ARG}:${ISAACSIM_VERSION_ARG} AS base
 ENV ISAACSIM_VERSION=${ISAACSIM_VERSION_ARG}
 # Set default RUN shell to bash

--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@@ -79,6 +79,7 @@ services:
      context: ../
      dockerfile: docker/Dockerfile.base
      args:
+        - ISAACSIM_BASE_IMAGE_ARG=${ISAACSIM_BASE_IMAGE}
        - ISAACSIM_VERSION_ARG=${ISAACSIM_VERSION}
        - ISAACSIM_ROOT_PATH_ARG=${DOCKER_ISAACSIM_ROOT_PATH}
        - ISAACLAB_PATH_ARG=${DOCKER_ISAACLAB_PATH}

--- a/tools/run_all_tests.py
+++ b/tools/run_all_tests.py
@@ -231,14 +231,14 @@ def test_all(
            else:
                stdout_str = stdout.decode("utf-8")
        else:
-            stdout = ""
+            stdout_str = ""
        if stderr is not None:
            if isinstance(stderr, str):
                stderr_str = stderr
            else:
                stderr_str = stderr.decode("utf-8")
        else:
-            stderr = ""
+            stderr_str = ""
        # Write to log file
        logging.info(stdout_str)