Skip to content

Commit

Permalink
Merge branch 'eoepca-beta01' of https://github.com/EOEPCA/application…
Browse files Browse the repository at this point in the history
…-hub-context into eoepca-beta01
  • Loading branch information
fabricebrito committed Oct 1, 2024
2 parents 002182a + 4c6255d commit 467b0c4
Show file tree
Hide file tree
Showing 4 changed files with 240 additions and 257 deletions.
94 changes: 94 additions & 0 deletions .github/workflows/.github-ci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
name: Build, Test, and Deploy Docker Image

on:
push:
branches: [eoepca-beta01]

jobs:
build:
runs-on: ubuntu-latest
steps:
# Step 1: Checkout repository
- uses: actions/checkout@v4

# Step 2: Install Trivy
- name: Install Trivy
run: |
sudo apt-get update -y
sudo apt-get install -y wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update -y
sudo apt-get install -y trivy
# Step 3: Build Docker image
- name: Build Docker image
run: |
APP_NAME="application-hub-context"
APP_VERSION="1.6.2"
tag="${APP_NAME}:${APP_VERSION}"
echo "${{ secrets.CR_PASSWORD }}" | docker login -u "${{ secrets.CR_USERNAME }}" --password-stdin "${{ secrets.CR_REGISTRY }}"
docker build -t "${{ secrets.CR_REGISTRY }}/${{ secrets.CR_REPO }}/${tag}" --file Dockerfile .
# Step 4: Save Docker image as tar.gz
- name: Save Docker Image as tar.gz
run: |
APP_NAME="application-hub-context"
APP_VERSION="1.6.2"
tag="${APP_NAME}:${APP_VERSION}"
docker save "${{ secrets.CR_REGISTRY }}/${{ secrets.CR_REPO }}/${tag}" -o "${APP_NAME}_${APP_VERSION}.tar"
tar -czf "${APP_NAME}_${APP_VERSION}.tar.gz" "${APP_NAME}_${APP_VERSION}.tar"
# Step 5: Upload Docker Image tar.gz as an artifact
- name: Upload Docker Image Artifact
uses: actions/upload-artifact@v3
with:
name: docker-image-tar
path: application-hub-context_1.6.2.tar.gz

# Step 6: Scan Docker Image with Trivy
- name: Scan Docker Image with Trivy
run: |
APP_NAME="application-hub-context"
APP_VERSION="1.6.2"
tag="${APP_NAME}:${APP_VERSION}"
echo "${{ secrets.CR_PASSWORD }}" | docker login -u "${{ secrets.CR_USERNAME }}" --password-stdin "${{ secrets.CR_REGISTRY }}"
trivy image --no-progress --exit-code 1 --severity HIGH,CRITICAL,UNKNOWN --format table "${{ secrets.CR_REGISTRY }}/${{ secrets.CR_REPO }}/${tag}"
deploy:
needs: build
runs-on: ubuntu-latest
steps:
# Step 1: Checkout repository
- uses: actions/checkout@v4

# Step 2: Download Docker Image tar.gz Artifact
- name: Download Docker Image Artifact
uses: actions/download-artifact@v3
with:
name: docker-image-tar

# Step 3: Extract the Docker Image tar.gz
- name: Extract Docker Image tar.gz
run: |
tar -xzf application-hub-context_1.6.2.tar.gz
# Step 4: Load Docker Image
- name: Load Docker Image
run: |
docker load -i application-hub-context_1.6.2.tar
# Step 5: Log in to Docker Registry (use GitHub secrets for security)
- name: Login to Docker Registry
run: |
echo "${{ secrets.CR_PASSWORD }}" | docker login -u "${{ secrets.CR_USERNAME }}" --password-stdin "${{ secrets.CR_REGISTRY }}"
# Step 6: Push Docker Image to Registry
- name: Push Docker Image to Registry
run: |
APP_NAME="application-hub-context"
APP_VERSION="1.6.2"
tag="${APP_NAME}:${APP_VERSION}"
docker push "${{ secrets.CR_REGISTRY }}"/"${{ secrets.CR_REPO }}"/${tag}
54 changes: 36 additions & 18 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,40 +1,58 @@
FROM jupyterhub/k8s-hub:2.0.0
FROM ghcr.io/eoepca/container-k8s-hub/container-k8s-hub:2.0.0

ARG NB_USER=johub
ARG NB_UID=1001
ARG HOME=/home/johub

USER root

RUN apt update && \
apt install npm git sudo -y && \
npm install -g configurable-http-proxy

RUN adduser --disabled-password \
--gecos "Default user" \
# Packages update and dependencies installation
RUN microdnf update -y && \
microdnf install -y \
npm \
git \
sudo \
python3-pip \
python3-devel \
gcc \
libcurl-devel \
openssl-devel \
&& microdnf clean all

# Installation of configurable-http-proxy via npm
RUN npm install -g configurable-http-proxy

# User creation
RUN adduser \
--uid ${NB_UID} \
--home ${HOME} \
--force-badname \
${NB_USER}
${NB_USER} \
--comment "Default user" \
--shell /bin/bash

RUN adduser jovyan sudo && \
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
# Add jovyan to the sudoers group
RUN usermod -aG wheel jovyan && \
echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# Python packages installation from requirements.txt
COPY requirements.txt /tmp/requirements.txt
RUN pip3 install --upgrade --no-cache-dir \
setuptools \
pip
RUN pip3 install --upgrade --no-cache-dir setuptools pip

# Specific Python dependencies installation
RUN PYCURL_SSL_LIBRARY=openssl \
pip install --no-cache-dir \
-r /tmp/requirements.txt
pip install --no-cache-dir -r /tmp/requirements.txt

# Check and correct requirejs version
RUN sed -i 's/"version": "[^"]*"/"version": "2.3.7"/' /usr/local/share/jupyterhub/static/components/requirejs/package.json

# So we can actually write a db file here
# Set permission on the directory /srv/jupyterhub
RUN chown ${NB_USER}:${NB_USER} /srv/jupyterhub

COPY . /tmp
RUN cd /tmp && python setup.py install
RUN cd /tmp && python3 setup.py install

# Set not root user
USER ${NB_USER}

# Command to start jupyterhub
CMD ["jupyterhub", "--config", "/etc/jupyterhub/jupyterhub_config.py"]
28 changes: 14 additions & 14 deletions requirements.in
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,17 @@

# https://github.com/jazzband/pip-tools

pyjwt
jupyterhub
pytest
pytest-asyncio
pytest-cov
requests-mock
jupyterhub-kubespawner
httplib2
oauthenticator
jupyterhub-idle-culler
kubernetes
loguru
addict
pydantic>=2
pyjwt==2.9.0
jupyterhub==5.1.0
pytest==8.3.3
pytest-asyncio==0.24.0
pytest-cov==5.0.0
requests-mock==1.12.1
jupyterhub-kubespawner==6.2.0
httplib2==0.22.0
oauthenticator==17.0.0
jupyterhub-idle-culler==1.4.0
kubernetes==31.0.0
loguru==0.7.2
addict==2.4.0
pydantic==2.9.2
Loading

0 comments on commit 467b0c4

Please sign in to comment.