feat: Apply patches and add CI workflows for stable release

Author: openhands-agent

.github/workflows/build-openhands-image.yml

@@ -0,0 +1,52 @@
+
+name: Build OpenHands Image
+
+on:
+  push:
+    branches:
+      - release/stable-with-patches
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Poetry
+        run: pipx install poetry
+
+      - name: Install dependencies
+        run: poetry install --no-interaction --no-ansi
+
+
+      - name: Build and Push OpenHands Image
+        run: |
+          echo "Building openhands image with tag stable-with-patches and git sha tag..."
+          # Set DOCKER_IMAGE_TAG for build.sh to pick up
+          export DOCKER_IMAGE_TAG=stable-with-patches
+          # Set RELEVANT_SHA for build.sh to add git sha tag
+          export RELEVANT_SHA=${{ github.sha }}
+          ./containers/build.sh -i openhands --push -o remind101
+        env:
+          # Pass GITHUB_TOKEN for potential git operations within build script if needed
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

…orkflows/build-stable-patches-images.yml .github/workflows/build-runtime-image.yml.github/workflows/build-stable-patches-images.yml renamed to .github/workflows/build-runtime-image.yml .github/workflows/build-stable-patches-images.yml renamed to .github/workflows/build-runtime-image.yml

@@ -1,5 +1,5 @@
 
-name: Build Stable Patches Images
+name: Build Runtime Image
 
 on:
   push:
@@ -38,6 +38,7 @@ jobs:
       - name: Install dependencies
         run: poetry install --no-interaction --no-ansi
 
+
       - name: Prepare Runtime Build Context
         run: poetry run python openhands/runtime/utils/runtime_build.py --build_folder ./containers/runtime
         env:
@@ -46,17 +47,9 @@ jobs:
           # Ensure the script knows the target repo (though build.sh overrides org later)
           OH_RUNTIME_RUNTIME_IMAGE_REPO: ghcr.io/remind101/runtime # This might not be strictly necessary as build.sh constructs the final path
 
-      - name: Build and Push OpenHands Image
-        run: |
-          echo "Building openhands image with tag stable-with-patches and git sha tag..."
-          # Set DOCKER_IMAGE_TAG for build.sh to pick up
-          export DOCKER_IMAGE_TAG=stable-with-patches
-          # Set RELEVANT_SHA for build.sh to add git sha tag
-          export RELEVANT_SHA=${{ github.sha }}
-          ./containers/build.sh -i openhands --push -o remind101
-        env:
-          # Pass GITHUB_TOKEN for potential git operations within build script if needed
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Free up disk space by removing tool cache
+        run: sudo rm -rf /opt/hostedtoolcache
 
       - name: Build and Push Runtime Image
         run: |

containers/app/Dockerfile

@@ -5,7 +5,7 @@ WORKDIR /app
 
 COPY ./frontend/package.json frontend/package-lock.json ./
 RUN npm install -g [email protected]
-RUN npm ci
+RUN npm ci --network-timeout 600000
 
 COPY ./frontend ./
 RUN npm run build
@@ -63,14 +63,37 @@ RUN useradd -l -m -u $OPENHANDS_USER_ID -s /bin/bash openhands && \
     echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
 RUN chown -R openhands:app /app && chmod -R 770 /app
 RUN sudo chown -R openhands:app $WORKSPACE_BASE && sudo chmod -R 770 $WORKSPACE_BASE
+
+# Install Playwright Chromium dependencies as root
+USER root
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libnss3 \
+    libnspr4 \
+    libdbus-1-3 \
+    libatk1.0-0 \
+    libatk-bridge2.0-0 \
+    libcups2 \
+    libdrm2 \
+    libgbm1 \
+    libatspi2.0-0 \
+    libxcomposite1 \
+    libxdamage1 \
+    libxfixes3 \
+    libxrandr2 \
+    libxkbcommon0 \
+    libpango-1.0-0 \
+    libcairo2 \
+    libasound2 \
+    && rm -rf /var/lib/apt/lists/*
+
 USER openhands
 
 ENV VIRTUAL_ENV=/app/.venv \
     PATH="/app/.venv/bin:$PATH" \
     PYTHONPATH='/app'
 
 COPY --chown=openhands:app --chmod=770 --from=backend-builder ${VIRTUAL_ENV} ${VIRTUAL_ENV}
-RUN playwright install --with-deps chromium
+RUN playwright install chromium
 
 COPY --chown=openhands:app --chmod=770 ./microagents ./microagents
 COPY --chown=openhands:app --chmod=770 ./openhands ./openhands

containers/build.sh

@@ -125,7 +125,7 @@ done
 
 if [[ $push -eq 1 ]]; then
   args+=" --push"
-  args+=" --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max"
+  # args+=" --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max"
 fi
 
 if [[ $load -eq 1 ]]; then
@@ -168,8 +168,6 @@ echo "Building for platform(s): $platform"
 docker buildx build \
   $args \
   --build-arg OPENHANDS_BUILD_VERSION="$OPENHANDS_BUILD_VERSION" \
-  --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag \
-  --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag_base-main \
   --platform $platform \
   --provenance=false \
   -f "$dir/Dockerfile" \