Initial commit

.github/workflows/binder.yaml.disable

@@ -0,0 +1,30 @@
+# Reference https://mybinder.readthedocs.io/en/latest/howto/gh-actions-badges.html
+name: Test this PR on Binder Badge
+on:
+  pull_request_target:
+    types: [opened]
+
+permissions:
+  pull-requests:
+    write
+
+jobs:
+  binder:
+    runs-on: ubuntu-latest
+    steps:
+    - name: comment on PR with Binder link
+      uses: actions/github-script@v3
+      with:
+        github-token: ${{secrets.GITHUB_TOKEN}}
+        script: |
+          var PR_HEAD_USERREPO = process.env.PR_HEAD_USERREPO;
+          var PR_HEAD_REF = process.env.PR_HEAD_REF;
+          github.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: `[![Binder](https://mybinder.org/badge_logo.svg)](https://mybinder.org/v2/gh/${PR_HEAD_USERREPO}/${PR_HEAD_REF}) :point_left: Test this PR on Binder`
+          })
+      env:
+        PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
+        PR_HEAD_USERREPO: ${{ github.event.pull_request.head.repo.full_name }}

.github/workflows/build-push-image-commit.yaml

@@ -0,0 +1,117 @@
+name: Build and push container image, and push update to datahub repo if needed
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_CONFIG: $HOME/.docker
+      IMAGE: ${{ vars.IMAGE }}
+    outputs:
+      image-tag: ${{ steps.build-and-push.outputs.IMAGE_SHA_TAG }}
+
+    steps:
+      - name: Cleanup disk space
+        run: |
+          sudo rm -rf /usr/local/lib/android /usr/share/dotnet /opt/ghc
+          df -h
+
+      - name: Check out the image repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # OR "2" -> To retrieve the preceding commit.
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v44
+        with:
+          files_ignore: |
+            README.md
+            CONTRIBUTING.md
+            LICENSE
+            .github/**
+            images/**
+
+      - name: Log in to GAR
+        if: steps.changed-files.outputs.any_changed == 'true'
+        uses: docker/login-action@v3
+        with:
+          registry: us-central1-docker.pkg.dev
+          username: _json_key
+          password: ${{ secrets.GAR_SECRET_KEY }}
+
+      - name: Build the image and push to artifact registry
+        id: build-and-push
+        if: steps.changed-files.outputs.any_changed == 'true'
+        uses: jupyterhub/repo2docker-action@master
+        with:
+          DOCKER_REGISTRY: us-central1-docker.pkg.dev
+          IMAGE_NAME: ${{ env.IMAGE }}
+          # Disable pushing a 'latest' tag, as this often just causes confusion
+          LATEST_TAG_OFF: true
+          # Put repo contents in /srv/repo, rather than the default (/home/jovyan). The home directory
+          # is mounted over by persistent storage when we are using the built image in a JupyterHub, and
+          # so all contents put in /home/jovyan are lost. This particularly prevents any 'start' script from
+          # working, as it is needed in runtime.
+          REPO_DIR: /srv/repo
+
+      # Lets us monitor disks getting full as images get bigger over time
+      - name: Show how much disk space is left
+        run: df -h
+
+  update-deployment-image-tag:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    env:
+      HUB: ${{ vars.HUB }}
+      IMAGE: ${{ vars.IMAGE }}
+      IMAGE_TAG: ${{ needs.build-and-push.outputs.image-tag }}
+
+    steps:
+      - name: Checkout the datahub repo
+        if: ${{ env.IMAGE_TAG }}
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.DATAHUB_CREATE_PR }}
+          fetch-depth: 0
+          repository: 'berkeley-dsep-infra/datahub'
+          sparse-checkout: |
+            deployments/
+            hub/
+  
+      - name: Set git identity
+        if: ${{ env.IMAGE_TAG }}
+        run: |
+          git config --global user.email "${{ vars.IMAGE_BUILDER_BOT_EMAIL }}"
+          git config --global user.name "${{ vars.IMAGE_BUILDER_BOT_NAME }}"
+
+      - name: Update the tag for any deployments that use this image
+        if: ${{ env.IMAGE_TAG }}
+        run: |
+          for deployment in $(grep -lr ${IMAGE} deployments/ | grep hubploy.yaml); do
+            old_hash=$(grep ${IMAGE} ${deployment} | awk -F":" '{print $3}')
+            new_hash=${IMAGE_TAG}
+            sed -i -e "s/${old_hash}/${new_hash}/g" ${deployment}
+            echo "Updated ${deployment} with new image tag ${new_hash}"
+          done
+
+      - name: Create feature branch, add, commit and push changes
+        if: ${{ env.IMAGE_TAG }}
+        run: |
+          CHANGED_FILES=$(git status --porcelain -uno | awk '{print $2}')
+          git diff
+          git checkout -b update-${HUB}-image-tag-${IMAGE_TAG}
+          # to be safe, only add files that have changed
+          for file in $(echo -e ${CHANGED_FILES}); do
+            git add ${file}
+          done
+          git commit -m "update ${HUB} image tag to ${IMAGE_TAG}: ${CHANGED_FILES}"
+          git push origin update-${HUB}-image-tag-${IMAGE_TAG}
+
+      - name: Print out a message if no PR is created
+        if: ${{ ! env.IMAGE_TAG }}
+        run: |
+          echo "Image not updated, no push to datahub repo required"

.github/workflows/build-test-image.yaml

@@ -0,0 +1,48 @@
+name: Build and test container image
+
+on:
+  pull_request:
+
+jobs:
+  test-build:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_CONFIG: $HOME/.docker
+    steps:
+      - name: cleanup disk space
+        run: |
+          sudo rm -rf /usr/local/lib/android /usr/share/dotnet /opt/ghc
+          df -h
+
+      - name: Checkout files in repo
+        uses: actions/checkout@v4
+
+      - name: See if the image config changed
+        id: changed-files
+        uses: tj-actions/changed-files@v44
+        with:
+          files_ignore: |
+            README.md
+            CONTRIBUTING.md
+            LICENSE
+            .github/**
+            images/**
+
+      - name: What files changed?
+        if: steps.changed-files.outputs.any_changed == 'true'
+        env:
+            CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
+        run: |
+            echo "One or more image file(s) has changed:"
+            echo "$CHANGED_FILES"
+
+      - name: Build and test the image if any image file(s) changed
+        if: steps.changed-files.outputs.any_changed == 'true'
+        uses: jupyterhub/repo2docker-action@master
+        with:
+          REPO_DIR: /srv/repo
+          NO_PUSH: true
+
+      # Lets us monitor disks getting full as images get bigger over time
+      - name: Show how much disk space is left
+        run: df -h

.github/workflows/yaml-lint.yaml

@@ -0,0 +1,15 @@
+name: "Yaml lint"
+on:
+  - pull_request  # yamllint disable-line rule:truthy
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install yamllint
+        run: pip install yamllint==1.35.1
+
+      - name: Lint YAML files
+        run: yamllint --no-warnings .

.gitignore

@@ -0,0 +1,129 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/

.yamllint.yaml

@@ -0,0 +1,46 @@
+# This config represents running the command `yamllint -d relaxed .` with the
+# following extra rules:
+#
+# new-line-at-end-of-file:
+#   level: warning
+# trailing-spaces:
+#   level: warning
+#
+# We also ignore the cookiecutter directories as these often contain
+# jinja-style templating functions that yamllint doesn't play nicely with
+#
+# cribbed from https://github.com/2i2c-org/infrastructure/blob/main/.yamllint.yaml
+---
+extends: default
+
+ignore: |
+  **/template/**
+  **/templates/**
+
+rules:
+  braces:
+    level: warning
+    max-spaces-inside: 1
+  brackets:
+    level: warning
+    max-spaces-inside: 1
+  colons:
+    level: warning
+  commas:
+    level: warning
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    level: warning
+  hyphens:
+    level: warning
+  indentation:
+    level: warning
+    indent-sequences: consistent
+  line-length: disable
+  new-line-at-end-of-file:
+    level: warning
+  trailing-spaces:
+    level: warning
+  truthy: disable