diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index f470915..6d18df5 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -5,7 +5,12 @@ on: branches: [develop, main] tags: - 'v*' - + workflow_dispatch: + inputs: + GDAL_VER: + description: "GDAL version to use for Docker build" + required: false + default: "3.12.1" jobs: # ------------------------------------------------------------ # Resolve release tag from ref @@ -77,7 +82,15 @@ jobs: } EOF fi - + - name: Resolve GDAL version + id: gdal + run: | + if [[ -n "${{ github.event.inputs.GDAL_VER }}" ]]; then + GDAL_VER="${{ github.event.inputs.GDAL_VER }}" + else + GDAL_VER="3.12.1" + fi + echo "GDAL_VER=${GDAL_VER}" >> $GITHUB_ENV - name: Build image with Kaniko (to tar) uses: docker://gcr.io/kaniko-project/executor:debug env: @@ -86,6 +99,7 @@ jobs: args: > --context . --dockerfile Dockerfile + --build-arg GDAL_VER=${{ env.GDAL_VER }} --no-push --tar-path image.tar diff --git a/Dockerfile b/Dockerfile index a6ce1bd..5fd49cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/python:3.12.11-bookworm@sha256:bea386df48d7ee07eed0a1f3e6f9d5c0292c228b8d8ed2ea738b7a57b29c4470 +FROM quay.io/jupyter/base-notebook:python-3.12 ENV DEBIAN_FRONTEND=noninteractive \ USER=jovyan \ @@ -6,6 +6,8 @@ ENV DEBIAN_FRONTEND=noninteractive \ GID=100 \ HOME=/workspace +USER root + # ------------------------------------------------------------------- # Base system packages (runtime only) # ------------------------------------------------------------------- @@ -24,15 +26,8 @@ RUN apt-get update && apt-get install -y \ tree \ podman \ skopeo \ - && apt-get remove -y yq \ - && rm -rf /var/lib/apt/lists/* - -# ------------------------------------------------------------------- -# Create user -# ------------------------------------------------------------------- -#RUN groupadd -g ${GID} ${USER} && \ -RUN useradd -m -u ${UID} -g ${GID} -s /bin/bash ${USER} && \ - echo "${USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USER} + nextcloud-desktop-cmd=3.11.0-1.1build4 \ + && rm -rf /var/lib/apt/lists/* # ------------------------------------------------------------------- # code-server @@ -46,7 +41,7 @@ RUN mkdir -p /opt/code-server && \ ENV PATH="/opt/code-server/bin:${PATH}" # ------------------------------------------------------------------- -# Kubernetes / Dev tooling (pinned, glibc-safe) +# Kubernetes / Dev tooling (pinned) # ------------------------------------------------------------------- ARG KUBECTL_VERSION=v1.29.3 RUN curl -fsSL \ @@ -68,7 +63,6 @@ RUN curl -fsSL \ https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz \ | tar -xz -C /usr/local/bin oras && chmod +x /usr/local/bin/oras - # ------------------------------------------------------------------- # Python tooling # ------------------------------------------------------------------- @@ -76,7 +70,7 @@ ARG CALRISSIAN_VERSION=0.18.1 RUN pip install --no-cache-dir \ awscli \ awscli-plugin-endpoint \ - jhsingle-native-proxy>=0.0.9 \ + "jhsingle-native-proxy>=0.0.9" \ bash_kernel \ tomlq \ uv \ @@ -86,40 +80,79 @@ RUN pip install --no-cache-dir \ python -m bash_kernel.install # ------------------------------------------------------------------- -# yq / jq (single source of truth) +# yq / jq # ------------------------------------------------------------------- ARG YQ_VERSION=v4.45.1 RUN curl -fsSL \ https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 \ -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq - ARG JQ_VERSION=jq-1.8.1 RUN curl -fsSL \ https://github.com/jqlang/jq/releases/download/${JQ_VERSION}/jq-linux-amd64 \ -o /usr/local/bin/jq && chmod +x /usr/local/bin/jq -# hatch (binary) +# ------------------------------------------------------------------- +# hatch +# ------------------------------------------------------------------- ARG HATCH_VERSION=1.16.2 RUN curl -fsSL \ https://github.com/pypa/hatch/releases/download/hatch-v${HATCH_VERSION}/hatch-x86_64-unknown-linux-gnu.tar.gz \ | tar -xz -C /usr/local/bin hatch && chmod +x /usr/local/bin/hatch -# trivy -ARG TRIVY_VERSION=0.68.2 +# ------------------------------------------------------------------- +# trivy +# ------------------------------------------------------------------- +ARG TRIVY_VERSION=0.69.3 RUN curl -fsSL \ https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb \ -o /tmp/trivy.deb && \ dpkg -i /tmp/trivy.deb && \ rm /tmp/trivy.deb +# ------------------------------------------------------------------- +# GDAL +# ------------------------------------------------------------------- +ARG GDAL_VER=3.12.1 +RUN apt-get update && apt-get install -y \ + cmake ninja-build libproj-dev proj-data proj-bin && \ + rm -rf /var/lib/apt/lists/* && \ + set -e && \ + cd /tmp && \ + curl -fsSL -o gdal-${GDAL_VER}.tar.xz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.xz \ + || curl -fsSL -o gdal-${GDAL_VER}.tar.gz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.gz && \ + if [ -f gdal-${GDAL_VER}.tar.xz ]; then \ + tar -xJf gdal-${GDAL_VER}.tar.xz; \ + else \ + tar -xzf gdal-${GDAL_VER}.tar.gz; \ + fi && \ + cd gdal-${GDAL_VER} && \ + mkdir build && cd build && \ + cmake -G Ninja ../ \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX=/usr/local && \ + cmake --build . -- -j"$(nproc)" && \ + cmake --install . && \ + ldconfig && \ + rm -rf /tmp/gdal-${GDAL_VER}* && \ + gdal-config --version + # ------------------------------------------------------------------- # Entrypoint # ------------------------------------------------------------------- +COPY nc-sync /usr/local/bin/nc-sync +RUN chmod 755 /usr/local/bin/nc-sync + COPY entrypoint.sh /opt/entrypoint.sh RUN chmod +x /opt/entrypoint.sh USER ${USER} + +ENV GDAL_CONFIG=/usr/local/bin/gdal-config +ENV GDAL_DATA=/usr/local/share/gdal +ENV GDAL_DRIVER_PATH=/usr/local/lib/gdalplugins +ENV GDAL_OVERWRITE=YES + WORKDIR /workspace EXPOSE 8888 diff --git a/entrypoint.sh b/entrypoint.sh index 2fff70d..6d87921 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,5 +1,9 @@ #!/bin/bash +if [ -x /usr/local/bin/nc-sync ]; then + /usr/local/bin/nc-sync & +fi + collect_port=0 port="8888" delim='=' diff --git a/nc-sync b/nc-sync new file mode 100644 index 0000000..80e5076 --- /dev/null +++ b/nc-sync @@ -0,0 +1,59 @@ +#!/bin/bash +rmdir --ignore-fail-on-non-empty /home/jovyan/work + +workdir='/home/jovyan/drive' +mkdir -p ${workdir} + +cd /workspace +if [ ! -L drive ]; then + ln -s /home/jovyan/drive/ +fi + +server="http://${NEXTCLOUD_HOST:-localhost:8081}" +json_file="${workdir}/.access_token.json" + +function refresh_token { + json="$(curl --header "Authorization: token ${JUPYTERHUB_API_TOKEN}" http://${JUPYTER_HOST}/services/refresh-token/tokens)" + if [[ -z "${json}" ]]; then + token="${NEXTCLOUD_ACCESS_TOKEN}" + json="{ \"access_token\": \"${token}\", \"token_expires\": $(date -d "10 min" +%s).0000000 }" + fi + echo "${json}" > "${json_file}" + token=$(jq -r '.access_token' "${json_file}") + echo "${token}" +} + +function get_token { + if [[ -f "${json_file}" ]]; then + now=$(date +%s) + token=$(jq -r '.access_token' "${json_file}") + expires_at=$(jq -r '.token_expires' "${json_file}"| sed 's/\..*//') + if [[ "${expires_at}" -lt ${now} ]]; then + token=$(refresh_token) + fi + else + token=$(refresh_token) + fi + echo "${token}" +} + +function ncsync { + while true; do + token="$(get_token)" + + if [[ -n "${token}" && "${token}" != "null" && -n "${JUPYTERHUB_USER}" ]]; then + nextcloudcmd -n -s \ + --user "${JUPYTERHUB_USER}" \ + --password "${token}" \ + --path / \ + "${workdir}" \ + "${server}" || true + else + echo "[nc-sync] missing token or user, skipping sync" + fi + + sleep 5s + done +} + +ncsync & \ No newline at end of file diff --git a/release.yaml b/release.yaml index 26f025f..25e4f74 100644 --- a/release.yaml +++ b/release.yaml @@ -1,4 +1,4 @@ image_name: pde-code-server image_prefix: eoepca -image_version: 1.2.0 +image_version: 1.3.0 image_registry: ghcr.io \ No newline at end of file