ci(packaging): add SITL container image workflow

Build and publish multi-arch Docker images (amd64 + arm64) on git
tags. Pipeline: build Noble .debs, build Docker images from them,
create multi-arch manifests on Docker Hub and GHCR.

Author: mrpollo

.github/workflows/build_deb_package.yml

@@ -1,4 +1,4 @@
-name: Build .deb Packages
+name: SITL Packages and Containers
 
 on:
   push:
@@ -11,22 +11,65 @@ on:
       - 'boards/px4/sitl/sih.px4board'
       - '.github/workflows/build_deb_package.yml'
       - '.github/actions/build-deb/**'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      deploy_containers:
+        description: 'Push container images to registry'
+        required: false
+        type: boolean
+        default: false
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 permissions:
   contents: read
+  packages: write
 
 env:
   RUNS_IN_DOCKER: true
 
 jobs:
+
+  # ---------------------------------------------------------------------------
+  # Setup: extract version and determine whether to push containers
+  # ---------------------------------------------------------------------------
+  setup:
+    name: Setup
+    runs-on: [runs-on,"runner=1cpu-linux-x64","image=ubuntu24-full-x64","run-id=${{ github.run_id }}",extras=s3-cache,spot=false]
+    outputs:
+      px4_version: ${{ steps.px4_version.outputs.px4_version }}
+      should_push: ${{ steps.push_check.outputs.should_push }}
+    steps:
+      - uses: runs-on/action@v2
+      - uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+          submodules: false
+          fetch-depth: 0
+
+      - name: Set PX4 version
+        id: px4_version
+        run: echo "px4_version=$(git describe --tags --match 'v[0-9]*')" >> $GITHUB_OUTPUT
+
+      - name: Check if we should push containers
+        id: push_check
+        run: |
+          if [[ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]] || \
+             [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ github.event.inputs.deploy_containers }}" == "true" ]]; then
+            echo "should_push=true" >> $GITHUB_OUTPUT
+          else
+            echo "should_push=false" >> $GITHUB_OUTPUT
+          fi
+
+  # ---------------------------------------------------------------------------
+  # Build .deb packages (all distros, arches, targets)
+  # ---------------------------------------------------------------------------
   build-deb:
     name: "Build .deb (${{ matrix.target }}/${{ matrix.codename }}/${{ matrix.arch }})"
-    runs-on: [runs-on,"runner=4cpu-linux-${{ matrix.runner }}","image=ubuntu24-full-${{ matrix.runner }}","run-id=${{ github.run_id }}",spot=false]
+    needs: setup
+    runs-on: [runs-on,"runner=4cpu-linux-${{ matrix.runner }}","image=ubuntu24-full-${{ matrix.runner }}","run-id=${{ github.run_id }}",extras=s3-cache,spot=false]
     container:
       image: ${{ matrix.container }}
       volumes:
@@ -35,28 +78,36 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          # Default (Gazebo) builds
+          # Gazebo builds
           - { codename: noble,  arch: amd64, runner: x64,   container: "ubuntu:24.04", target: default, setup_flags: "" }
           - { codename: noble,  arch: arm64, runner: arm64, container: "ubuntu:24.04", target: default, setup_flags: "" }
           - { codename: jammy,  arch: amd64, runner: x64,   container: "ubuntu:22.04", target: default, setup_flags: "" }
           - { codename: jammy,  arch: arm64, runner: arm64, container: "ubuntu:22.04", target: default, setup_flags: "" }
-          # SIH (no Gazebo) builds
+          # SIH builds
           - { codename: noble,  arch: amd64, runner: x64,   container: "ubuntu:24.04", target: sih, setup_flags: "--no-sim-tools" }
           - { codename: noble,  arch: arm64, runner: arm64, container: "ubuntu:24.04", target: sih, setup_flags: "--no-sim-tools" }
           - { codename: jammy,  arch: amd64, runner: x64,   container: "ubuntu:22.04", target: sih, setup_flags: "--no-sim-tools" }
           - { codename: jammy,  arch: arm64, runner: arm64, container: "ubuntu:22.04", target: sih, setup_flags: "--no-sim-tools" }
-
     steps:
+      - uses: runs-on/action@v2
+
       - name: Fix git in container
         run: |
-          apt update && apt install git -y
+          apt-get update && apt-get install -y git
           git config --global --add safe.directory $(realpath .)
 
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           fetch-tags: true
 
+      - name: Cache apt packages
+        uses: actions/cache@v4
+        with:
+          path: /var/cache/apt/archives
+          key: apt-${{ matrix.target }}-${{ matrix.codename }}-${{ matrix.arch }}-${{ hashFiles('Tools/setup/ubuntu.sh') }}
+          restore-keys: apt-${{ matrix.target }}-${{ matrix.codename }}-${{ matrix.arch }}-
+
       - name: Install dependencies
         run: ./Tools/setup/ubuntu.sh --no-nuttx ${{ matrix.setup_flags }}
 
@@ -66,3 +117,136 @@ jobs:
           target: ${{ matrix.target }}
           artifact-name: px4-sitl-debs-${{ matrix.target }}-${{ matrix.codename }}-${{ matrix.arch }}
           ccache-key-prefix: deb-ccache-${{ matrix.target }}-${{ matrix.codename }}-${{ matrix.arch }}
+
+  # ---------------------------------------------------------------------------
+  # Build Docker images from Noble .debs
+  # ---------------------------------------------------------------------------
+  build-docker:
+    name: "Build Image (${{ matrix.image }}/${{ matrix.arch }})"
+    needs: [setup, build-deb]
+    runs-on: [runs-on,"runner=4cpu-linux-${{ matrix.runner }}","image=ubuntu24-full-${{ matrix.runner }}","run-id=${{ github.run_id }}",extras=s3-cache,spot=false]
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - { image: sih,    target: sih,     arch: amd64, runner: x64,   platform: "linux/amd64", dockerfile: Dockerfile.sih }
+          - { image: sih,    target: sih,     arch: arm64, runner: arm64, platform: "linux/arm64", dockerfile: Dockerfile.sih }
+          - { image: gazebo, target: default, arch: amd64, runner: x64,   platform: "linux/amd64", dockerfile: Dockerfile.gazebo }
+          - { image: gazebo, target: default, arch: arm64, runner: arm64, platform: "linux/arm64", dockerfile: Dockerfile.gazebo }
+    steps:
+      - uses: runs-on/action@v2
+      - uses: actions/checkout@v4
+        with:
+          submodules: false
+          fetch-depth: 1
+
+      - name: Download Noble .deb artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: px4-sitl-debs-${{ matrix.target }}-noble-${{ matrix.arch }}
+          path: docker-context
+
+      - name: Prepare build context
+        run: |
+          cp Tools/packaging/px4-entrypoint.sh docker-context/
+          ls -lh docker-context/
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        if: needs.setup.outputs.should_push == 'true'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        if: needs.setup.outputs.should_push == 'true'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker-container
+          platforms: ${{ matrix.platform }}
+
+      - name: Build and push container image
+        uses: docker/build-push-action@v6
+        with:
+          context: docker-context
+          file: Tools/packaging/${{ matrix.dockerfile }}
+          tags: |
+            px4io/px4-sitl-${{ matrix.image }}:${{ needs.setup.outputs.px4_version }}-${{ matrix.arch }}
+            ghcr.io/px4/px4-sitl-${{ matrix.image }}:${{ needs.setup.outputs.px4_version }}-${{ matrix.arch }}
+          platforms: ${{ matrix.platform }}
+          load: false
+          push: ${{ needs.setup.outputs.should_push == 'true' }}
+          provenance: false
+          cache-from: type=gha,scope=sitl-${{ matrix.image }}-${{ matrix.arch }}
+          cache-to: type=gha,mode=max,scope=sitl-${{ matrix.image }}-${{ matrix.arch }}
+
+  # ---------------------------------------------------------------------------
+  # Deploy: create multi-arch manifests and push to registries
+  # ---------------------------------------------------------------------------
+  deploy:
+    name: "Deploy (${{ matrix.image }})"
+    needs: [setup, build-docker]
+    if: needs.setup.outputs.should_push == 'true'
+    runs-on: [runs-on,"runner=1cpu-linux-x64","image=ubuntu24-full-x64","run-id=${{ github.run_id }}",extras=s3-cache,spot=false]
+    strategy:
+      matrix:
+        image: [sih, gazebo]
+    steps:
+      - uses: runs-on/action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Verify per-arch images exist
+        run: |
+          for registry in px4io ghcr.io/px4; do
+            for arch in amd64 arm64; do
+              docker manifest inspect ${registry}/px4-sitl-${{ matrix.image }}:${{ needs.setup.outputs.px4_version }}-${arch} \
+                || echo "Warning: ${registry}/px4-sitl-${{ matrix.image }}:${{ needs.setup.outputs.px4_version }}-${arch} not found"
+            done
+          done
+
+      - name: Create and push multi-arch manifest (Docker Hub)
+        run: |
+          VERSION="${{ needs.setup.outputs.px4_version }}"
+          IMAGE="px4io/px4-sitl-${{ matrix.image }}"
+
+          docker manifest create ${IMAGE}:${VERSION} \
+            --amend ${IMAGE}:${VERSION}-arm64 \
+            --amend ${IMAGE}:${VERSION}-amd64
+
+          docker manifest annotate ${IMAGE}:${VERSION} ${IMAGE}:${VERSION}-arm64 --arch arm64
+          docker manifest annotate ${IMAGE}:${VERSION} ${IMAGE}:${VERSION}-amd64 --arch amd64
+
+          docker manifest push ${IMAGE}:${VERSION}
+
+      - name: Create and push multi-arch manifest (GHCR)
+        run: |
+          VERSION="${{ needs.setup.outputs.px4_version }}"
+          IMAGE="ghcr.io/px4/px4-sitl-${{ matrix.image }}"
+
+          docker manifest create ${IMAGE}:${VERSION} \
+            --amend ${IMAGE}:${VERSION}-arm64 \
+            --amend ${IMAGE}:${VERSION}-amd64
+
+          docker manifest annotate ${IMAGE}:${VERSION} ${IMAGE}:${VERSION}-arm64 --arch arm64
+          docker manifest annotate ${IMAGE}:${VERSION} ${IMAGE}:${VERSION}-amd64 --arch amd64
+
+          docker manifest push ${IMAGE}:${VERSION}

Tools/packaging/Dockerfile.gazebo

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 # PX4 SITL Gazebo Harmonic runtime image
 # Runs PX4 SITL with Gazebo Harmonic. Supports X11 forwarding for GUI.
 #
@@ -28,9 +29,11 @@ LABEL description="PX4 SITL with Gazebo Harmonic simulation"
 ENV DEBIAN_FRONTEND=noninteractive
 ENV RUNS_IN_DOCKER=true
 
-# Install Gazebo Harmonic and simulation dependencies (no NuttX toolchain)
-COPY --from=extract /staging /staging
-RUN apt-get update \
+# Install Gazebo Harmonic with buildkit cache mounts for apt
+# The --mount=type=cache persists /var/cache/apt and /var/lib/apt across builds
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update \
     && apt-get install -y --no-install-recommends \
         bc \
         ca-certificates \
@@ -43,16 +46,15 @@ RUN apt-get update \
         > /etc/apt/sources.list.d/gazebo-stable.list \
     && apt-get update \
     && apt-get install -y --no-install-recommends \
-        gz-harmonic \
-    && rm -rf /var/lib/apt/lists/*
+        gz-harmonic
 
 # Install PX4 files from .deb
-RUN cp -a /staging/opt/px4-gazebo /opt/px4-gazebo && rm -rf /staging
+COPY --from=extract /staging/opt/px4-gazebo /opt/px4-gazebo
 RUN ln -sf /opt/px4-gazebo/bin/px4-gazebo /usr/bin/px4-gazebo
 
 # Create the DART physics engine symlink (avoids needing the -dev package)
-RUN GZ_PHYSICS_DIR=$(echo /usr/lib/*/gz-physics-7/engine-plugins) \
-    && if [ -d "$GZ_PHYSICS_DIR" ]; then \
+RUN GZ_PHYSICS_DIR=$(find /usr/lib -maxdepth 3 -type d -name "engine-plugins" -path "*/gz-physics-7/*" 2>/dev/null | head -1) \
+    && if [ -n "$GZ_PHYSICS_DIR" ] && [ -d "$GZ_PHYSICS_DIR" ]; then \
         VERSIONED=$(ls "$GZ_PHYSICS_DIR"/libgz-physics*-dartsim-plugin.so.* 2>/dev/null | head -1) \
         && [ -n "$VERSIONED" ] \
         && ln -sf "$(basename "$VERSIONED")" "$GZ_PHYSICS_DIR/libgz-physics-dartsim-plugin.so"; \
@@ -71,7 +73,12 @@ ENV HOME=/root
 # MAVLink, MAVSDK, DDS
 EXPOSE 14550/udp 14540/udp 8888/udp
 
+# Platform-adaptive entrypoint: detects Docker Desktop (macOS/Windows) via
+# host.docker.internal and configures MAVLink + DDS to target the host.
+COPY px4-entrypoint.sh /opt/px4-gazebo/bin/px4-entrypoint.sh
+RUN chmod +x /opt/px4-gazebo/bin/px4-entrypoint.sh
+
 WORKDIR /root
 
-ENTRYPOINT ["/opt/px4-gazebo/bin/px4-gazebo"]
+ENTRYPOINT ["/opt/px4-gazebo/bin/px4-entrypoint.sh"]
 CMD []

Tools/packaging/Dockerfile.sih

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 # PX4 SITL SIH runtime image
 # Minimal container that runs PX4 with the SIH physics engine (no Gazebo).
 #
@@ -13,18 +14,20 @@
 
 FROM ubuntu:24.04 AS build
 COPY px4_*.deb /tmp/
-RUN apt-get update \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update \
     && apt-get install -y --no-install-recommends binutils \
     && dpkg -x /tmp/px4_*.deb /staging \
-    && strip /staging/opt/px4/bin/px4 \
-    && rm -rf /var/lib/apt/lists/*
+    && strip /staging/opt/px4/bin/px4
 
 FROM ubuntu:24.04
 LABEL maintainer="PX4 Development Team"
 LABEL description="PX4 SITL with SIH physics (no simulator dependencies)"
 
-RUN apt-get update && apt-get install -y --no-install-recommends bc \
-    && rm -rf /var/lib/apt/lists/* /usr/share/doc /usr/share/man /usr/share/info
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update && apt-get install -y --no-install-recommends bc
 
 COPY --from=build /staging/opt/px4 /opt/px4
 RUN ln -sf /opt/px4/bin/px4 /usr/bin/px4

Tools/packaging/px4-entrypoint.sh

@@ -10,16 +10,23 @@
 
 set -e
 
+# Detect install prefix (SIH uses /opt/px4, Gazebo uses /opt/px4-gazebo)
+if [ -d /opt/px4-gazebo ]; then
+    PX4_PREFIX=/opt/px4-gazebo
+else
+    PX4_PREFIX=/opt/px4
+fi
+
 if getent hosts host.docker.internal >/dev/null 2>&1; then
     DOCKER_HOST_IP=$(getent hosts host.docker.internal | awk '{print $1}')
 
     # MAVLink: replace default target (127.0.0.1) with the Docker host IP
     sed -i "s/mavlink start -x -u/mavlink start -x -t $DOCKER_HOST_IP -u/g" \
-        /opt/px4/etc/init.d-posix/px4-rc.mavlink
+        "$PX4_PREFIX/etc/init.d-posix/px4-rc.mavlink"
 
     # DDS: point uXRCE-DDS client at the host
     sed -i "s|uxrce_dds_client start -t udp|uxrce_dds_client start -t udp -h $DOCKER_HOST_IP|" \
-        /opt/px4/etc/init.d-posix/rcS
+        "$PX4_PREFIX/etc/init.d-posix/rcS"
 fi
 
-exec /opt/px4/bin/px4 "$@"
+exec "$PX4_PREFIX/bin/px4" "$@"