Develop

.dockerignore

@@ -1,3 +1,6 @@
 jupyterhub
 values.yaml
 config.yml
+config-generator
+skaffold.yaml
+files/*

.github/workflows/.github-ci.yaml

@@ -0,0 +1,171 @@
+name: Build, Test, and Deploy Docker Image
+
+on:
+  push:
+    branches: 
+    - develop
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    # Step 1: Checkout repository
+    - uses: actions/checkout@v4
+
+    # Step 2: Install Trivy
+    - name: Install Trivy
+      run: |
+        sudo apt-get update -y
+        sudo apt-get install -y wget apt-transport-https gnupg lsb-release
+        wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+        echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+        sudo apt-get update -y
+        sudo apt-get install -y trivy
+
+    # Step 3: Read image name
+    - name: Read docker name
+      id: yaml-docker-name
+      uses: jbutcher5/read-yaml@main
+      with:
+        file: 'build.yml'
+        key-path: '["docker_image_name"]'
+
+    # Step 4: Read image version
+    - name: Read docker version
+      id: yaml-docker-version
+      uses: jbutcher5/read-yaml@main
+      with:
+        file: 'build.yml'
+        key-path: '["docker_image_version"]'  
+
+    # Step 5: Generate Docker tag
+    - name: Generate docker tag
+      env:
+        GITHUB_BRANCH: ${{ github.ref }}
+        docker_image_name: ${{ steps.yaml-docker-name.outputs.data }}
+        docker_image_version: ${{ steps.yaml-docker-version.outputs.data }}
+      run: |
+        branch_name=${GITHUB_BRANCH#refs/heads/}
+        echo "branch_name=${GITHUB_BRANCH#refs/heads/}" >> $GITHUB_ENV
+        if [[ "$branch_name" = "main" ]]
+        then
+          mType=""
+        else
+          mType="dev"
+        fi
+        echo "docker_tag=$docker_image_name:$docker_image_version" >> $GITHUB_ENV
+        echo "docker_tag_latest=$docker_image_name:latest" >> $GITHUB_ENV 
+        docker_image_application=(${docker_image_name#*/})
+        echo "docker_image_application=$docker_image_application" >> $GITHUB_ENV
+        echo "docker_image_version=$docker_image_version" >> $GITHUB_ENV
+
+    # Step 6: Build Docker image to inspect it with Trivy
+    - name: Build Docker image  
+      run: |
+        tag="${docker_image_application}:${docker_image_version}"
+        echo "${{ secrets.CR_PASSWORD }}" | docker login -u "${{ secrets.CR_USERNAME }}" --password-stdin "${{ secrets.CR_REGISTRY }}"
+        docker build -t "${tag}" --file Dockerfile .          
+
+    # Step 7: Save Docker image as tar.gz
+    - name: Save Docker Image as tar.gz
+      run: |
+        tag="${docker_image_application}:${docker_image_version}"
+        docker save "${tag}" -o "${docker_image_application}_${docker_image_version}.tar"
+        tar -czf "${docker_image_application}_${docker_image_version}.tar.gz" "${docker_image_application}_${docker_image_version}.tar"
+
+    # Step 8: Upload Docker Image tar.gz as an artifact
+    - name: Upload Docker Image Artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-image-tar
+        path: ${{ env.docker_image_application }}_${{ env.docker_image_version }}.tar.gz
+
+
+    # Step 9: Scan Docker Image with Trivy
+    - name: Scan Docker Image with Trivy
+      run: |
+        tag="${docker_image_application}:${docker_image_version}"
+        trivy image --no-progress --exit-code 1 --severity HIGH,CRITICAL,UNKNOWN --format table "${tag}"
+
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+    # Step 1: Checkout repository
+    - uses: actions/checkout@v4
+
+    # Step 2: Read image name
+    - name: Read docker name
+      id: yaml-docker-name
+      uses: jbutcher5/read-yaml@main
+      with:
+        file: 'build.yml'
+        key-path: '["docker_image_name"]'
+
+    # Step 3: Read image version
+    - name: Read docker version
+      id: yaml-docker-version
+      uses: jbutcher5/read-yaml@main
+      with:
+        file: 'build.yml'
+        key-path: '["docker_image_version"]'  
+
+    # Step 4: Generate Docker tag
+    - name: Generate docker tag
+      env:
+        GITHUB_BRANCH: ${{ github.ref }}
+        docker_image_name: ${{ steps.yaml-docker-name.outputs.data }}
+        docker_image_version: ${{ steps.yaml-docker-version.outputs.data }}
+      run: |
+        branch_name=${GITHUB_BRANCH#refs/heads/}
+        echo "branch_name=${GITHUB_BRANCH#refs/heads/}" >> $GITHUB_ENV
+        echo "docker_tag=$docker_image_name:$docker_image_version" >> $GITHUB_ENV
+        echo "docker_tag_latest=$docker_image_name:latest" >> $GITHUB_ENV 
+        docker_image_application=(${docker_image_name#*/})
+        echo "docker_image_application=$docker_image_application" >> $GITHUB_ENV
+        echo "docker_image_version=$docker_image_version" >> $GITHUB_ENV
+
+    # Step 5: Download Docker Image tar.gz Artifact
+    - name: Download Docker Image Artifact
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-image-tar
+
+    # Step 6: Extract the Docker Image tar.gz
+    - name: Extract Docker Image tar.gz
+      run: |
+        tar -xzf "${docker_image_application}_${docker_image_version}.tar.gz"
+
+    # Step 7: Load Docker Image
+    - name: Load Docker Image
+      run: |
+        docker load -i "${docker_image_application}_${docker_image_version}.tar"
+
+    # Step 8: Log in to Docker Registry (use GitHub secrets for security)
+    - name: Login to Docker Registry
+      run: |
+        echo "${{ secrets.CR_PASSWORD }}" | docker login -u "${{ secrets.CR_USERNAME }}" --password-stdin "${{ secrets.CR_REGISTRY }}"
+
+    # Step 9: Push Docker Image to Registry
+    - name: Push Docker Image to Registry
+      run: |
+        tag="${docker_image_application}:${docker_image_version}"
+        docker tag "${tag}" "${{ secrets.CR_REGISTRY }}"/"${{ secrets.CR_REPO }}"/"${tag}"
+        docker push "${{ secrets.CR_REGISTRY }}"/"${{ secrets.CR_REPO }}"/"${tag}"
+
+    # Step 10: Login Docker Hub
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    # Step 11: Push to Docker Hub
+    - name: push to Docker Hub
+      run: |
+        tag="${docker_image_application}:${docker_image_version}"
+        docker tag "${tag}" "docker.io/${{ env.docker_tag }}"
+        docker tag "${tag}" "docker.io/${{ env.docker_tag_latest }}"
+        docker push "docker.io/${{ env.docker_tag }}"
+        docker push "docker.io/${{ env.docker_tag_latest }}"

.github/workflows/docs.yml

@@ -4,7 +4,6 @@ on:
     branches:
       - develop
       - main
-      - secrets
     paths:
       # Only rebuild website when docs have changed
       - 'README.md'
@@ -16,18 +15,13 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - name: Checkout master
+        uses: actions/checkout@v2
 
-      - name: Install Conda environment from environment.yml
-        uses: mamba-org/provision-with-micromamba@main
+      - name: Set up Python 3.x
+        uses: actions/setup-python@v2
         with:
-            environment-file: docs/environment.yml
-            environment-name: env_zoo_calrissian
-            channels: terradue,eoepca,conda-forge
-            channel-priority: flexible
-
-      - name: Install project
-        run: |
-          /home/runner/micromamba-root/envs/env_zoo_calrissian/bin/python setup.py install
-
-      - run: /home/runner/micromamba-root/envs/env_zoo_calrissian/bin/mkdocs gh-deploy --force
+          python-version: 3.x
+      - run: |
+            pip install mkdocs-material mkdocs-mermaid2-plugin mkdocs-jupyter
+            mkdocs gh-deploy --force

.gitignore

@@ -1,8 +1,8 @@
 *.pyc
 __pycache__
-jupyterhub
 values.yaml
 *.egg-info
 build
 _README.md
 dist
+.env-config-generator

.pre-commit-config.yaml

@@ -27,7 +27,7 @@ repos:
         args:
           - --max-line-length=88
           - --max-doc-length=90
-          - --ignore=E203,W503,W505
+          - --ignore=E203,W503,W505,F821,E302,E402
   - repo: https://github.com/psf/black
     rev: 22.3.0
     hooks:

Dockerfile

@@ -1,40 +1,58 @@
-FROM jupyterhub/k8s-hub:2.0.0
+FROM ghcr.io/eoepca/container-k8s-hub/container-k8s-hub:4.0.0
 
 ARG NB_USER=johub
 ARG NB_UID=1001
 ARG HOME=/home/johub
 
 USER root
 
-RUN apt update && \
-    apt install npm git sudo -y && \
-    npm install -g configurable-http-proxy
-
-RUN adduser --disabled-password \
-    --gecos "Default user" \
+#  Packages update and dependencies installation
+RUN microdnf update -y && \
+    microdnf install -y \
+    npm \
+    git \
+    sudo \
+    python3-pip \
+    python3-devel \
+    gcc \
+    libcurl-devel \
+    openssl-devel \
+    && microdnf clean all
+
+# Installation of configurable-http-proxy via npm
+RUN npm install -g configurable-http-proxy
+
+# User creation
+RUN adduser \
     --uid ${NB_UID} \
     --home ${HOME} \
-    --force-badname \
-    ${NB_USER}
+    ${NB_USER} \
+    --comment "Default user" \
+    --shell /bin/bash
 
-RUN adduser jovyan sudo && \
-    echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+# Add jovyan to the sudoers group
+RUN usermod -aG wheel jovyan && \
+    echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
 
+# Python packages installation from requirements.txt
 COPY requirements.txt /tmp/requirements.txt
-RUN pip3 install --upgrade --no-cache-dir \
-        setuptools \
-        pip
+RUN pip3 install --upgrade --no-cache-dir setuptools pip
 
+# Specific Python dependencies installation
 RUN PYCURL_SSL_LIBRARY=openssl \
-    pip install --no-cache-dir \
-        -r /tmp/requirements.txt
+    pip install --no-cache-dir -r /tmp/requirements.txt
+
+# Check and correct requirejs version
+RUN sed -i 's/"version": "[^"]*"/"version": "2.3.7"/' /usr/local/share/jupyterhub/static/components/requirejs/package.json
 
-# So we can actually write a db file here
+# Set permission on the directory /srv/jupyterhub
 RUN chown ${NB_USER}:${NB_USER} /srv/jupyterhub
 
 COPY . /tmp
-RUN cd /tmp && python setup.py install
+RUN cd /tmp && python3 setup.py install
 
+# Set not root user
 USER ${NB_USER}
 
-CMD ["jupyterhub", "--config", "/etc/jupyterhub/jupyterhub_config.py"]
+# Command to start jupyterhub
+CMD ["jupyterhub", "--config", "/etc/jupyterhub/jupyterhub_config.py"]

application_hub_context/__init__.py

@@ -0,0 +1 @@
+version = "1.3.1"