Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release Workbench for Google Cloud Workstations and other fixes #625

Merged
merged 21 commits into from
Aug 18, 2023
Merged
Show file tree
Hide file tree
Changes from 20 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
d0bb9bb
Add openssh-client packages into base image to ensure SSH in all down…
ianpittwood Aug 7, 2023
f280e84
Merge pull request #607 from rstudio/ensure-openssh-client
ianpittwood Aug 7, 2023
6001812
Fix GPG call in Ubuntu 18.04 base
ianpittwood Aug 7, 2023
bfe25b1
Fix path in build
ianpittwood Aug 7, 2023
7e05856
Merge pull request #609 from rstudio/fix-tini-gpg-sig-verification
ianpittwood Aug 7, 2023
1b7c490
Add `ca-certificates` and explicit `gpg` install to PPM build (#608)
ianpittwood Aug 7, 2023
7935496
Remove ubuntu1804 base image (#611)
ianpittwood Aug 7, 2023
e33a771
Run `apt-get upgrade` on PPM image (#612)
ianpittwood Aug 8, 2023
9f6f8b2
Update PYTHON_VERSION_JUPYTER to match PYTHON_VERSION_ALT
bschwedler Aug 9, 2023
3350fa5
Add Workbench for Google Cloud Workstations image (#564)
ianpittwood Aug 9, 2023
15a01e5
Merge branch 'dev' into fix-python-verison-jupyter
ianpittwood Aug 9, 2023
99b918a
Merge pull request #615 from rstudio/fix-python-verison-jupyter
bschwedler Aug 9, 2023
b0263f6
remove the buildkitsandbox file that is left over from our build (#551)
colearendt Aug 10, 2023
535d336
Disable token authentication for Jupyter in WAML
ianpittwood Aug 10, 2023
927ccc7
Revert "Disable token authentication for Jupyter in WAML"
ianpittwood Aug 10, 2023
f4dd8f9
Disable token authentication for Jupyter in WAML (#620)
ianpittwood Aug 10, 2023
1c04f34
Expand default R and Python package lists for Workbench for Azure ML …
ianpittwood Aug 14, 2023
fde39b7
Add note to update all references when updating cron
ianpittwood Aug 15, 2023
9e7ff97
Revert "Add note to update all references when updating cron"
ianpittwood Aug 15, 2023
091a5c3
Push release pipeline on cron trigger (#622)
ianpittwood Aug 15, 2023
9bcc070
Use main branch for scheduled release rebuild (#627)
ianpittwood Aug 18, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions .github/actions/build-test-scan-push/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ inputs:
description: Username for authentication with DockerHub
required: true
type: string
gcp-json:
description: JSON for authenticating Google Cloud Platform
default: ""
type: string

runs:
using: "composite"
Expand All @@ -71,6 +75,19 @@ runs:
username: ${{ inputs.dockerhub-username }}
password: ${{ inputs.dockerhub-token }}

- name: Authenticate to Google Cloud
continue-on-error: true
uses: google-github-actions/auth@v1
with:
credentials_json: '${{ inputs.gcp-json }}'

- name: Authenticate GCAR
shell: bash
run: |
if [ ! -z "${{ inputs.gcp-json }}" ]; then
gcloud auth configure-docker -q us-central1-docker.pkg.dev
fi

- name: Build
id: image-build
uses: docker/build-push-action@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-prerelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ jobs:
if: steps.build1.outcome == 'failure'
uses: ./.github/actions/build-test-scan-push
with:
context: .${{ matrix.config.product }}
context: ./${{ matrix.config.product }}
os: ${{ matrix.config.os }}
product: product-base
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
Expand Down
101 changes: 90 additions & 11 deletions .github/workflows/build-release.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
on:
schedule:
- cron: '0 12 * * 1'
- cron: '0 12 * * 1' # If updating this value, be sure to update logic for all `push-image` arguments!
push:
branches:
- main
Expand All @@ -22,8 +22,6 @@ jobs:
config:
- {os: 'centos7', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"}
- {os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"}
- {os: 'ubuntu1804', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"}
- {os: 'ubuntu1804', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"}
- {os: 'ubuntu2204', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"}
- {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"}
- {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"}
Expand Down Expand Up @@ -76,7 +74,7 @@ jobs:
product: product-base
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }}
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.BUILD_PAT }}
Expand All @@ -99,7 +97,7 @@ jobs:
product: product-base
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }}
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.BUILD_PAT }}
Expand All @@ -119,8 +117,6 @@ jobs:
config:
- {os: 'centos7', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"}
- {os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"}
- {os: 'ubuntu1804', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"}
- {os: 'ubuntu1804', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"}
- {os: 'ubuntu2204', r-primary: "4.2.0", r-alternate: "3.6.2", py-primary: "3.9.5", py-alternate: "3.8.10"}
- {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"}
- {os: 'ubuntu2204', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"}
Expand Down Expand Up @@ -177,7 +173,7 @@ jobs:
product: product-base-pro
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }}
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.BUILD_PAT }}
Expand All @@ -200,7 +196,7 @@ jobs:
product: product-base-pro
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }}
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.event.schedule == '0 12 * * 1' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.BUILD_PAT }}
Expand Down Expand Up @@ -291,7 +287,7 @@ jobs:
product: ${{ matrix.config.product }}
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ github.ref == 'refs/heads/main' }}
push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.BUILD_PAT }}
Expand All @@ -314,11 +310,94 @@ jobs:
product: ${{ matrix.config.product }}
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ github.ref == 'refs/heads/main' }}
push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.BUILD_PAT }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

# End retry logic

build-workbench-for-google-cloud-workstations:
needs: [ build-base, build-base-pro ]
runs-on: ubuntu-latest
name: build-workbench-for-google-cloud-workstations

concurrency:
group: build-products-${{ matrix.config.product }}-${{ matrix.config.os }}-${{ github.ref }}
cancel-in-progress: true

steps:
- name: Check Out Repo
uses: actions/checkout@v3

- name: Set up Just
uses: extractions/setup-just@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Get Version
id: get-version
run: |
VERSION=$(just workbench-for-google-cloud-workstations/get-version)
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT

- name: Get build args
id: get-build-args
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
BUILD_ARGS=$(just workbench-for-google-cloud-workstations/get-build-args)
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT
echo "$EOF" >> $GITHUB_OUTPUT

- name: Get tags
id: get-tags
run: |
IMAGE_TAGS=$(just workbench-for-google-cloud-workstations/get-build-tags)
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT

- name: Build/Test/Scan/Push base pro image
id: build1
uses: ./.github/actions/build-test-scan-push
continue-on-error: true
with:
context: ./workbench-for-google-cloud-workstations
os: ubuntu2004
product: workbench-for-google-cloud-workstations
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.BUILD_PAT }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'

# Begin retry logic

- name: Wait 60s on failure before retrying
if: steps.build1.outcome == 'failure'
run: sleep 60

- name: Retry - Build/Test/Scan/Push base pro image
id: build2
if: steps.build1.outcome == 'failure'
uses: ./.github/actions/build-test-scan-push
with:
context: ./workbench-for-google-cloud-workstations
os: ubuntu2004
product: workbench-for-google-cloud-workstations
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ github.ref == 'refs/heads/main' || github.event.schedule == '0 12 * * 1' }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.BUILD_PAT }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'

# End retry logic
2 changes: 0 additions & 2 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,8 @@ jobs:
fail-fast: false
matrix:
config:
- {product: 'product/base', os: 'ubuntu1804'}
- {product: 'product/base', os: 'ubuntu2204'}
- {product: 'product/base', os: 'centos7'}
- {product: 'product/pro', os: 'ubuntu1804'}
- {product: 'product/pro', os: 'ubuntu2204'}
- {product: 'product/pro', os: 'centos7'}
- {product: 'workbench', os: 'ubuntu2204'}
Expand Down
6 changes: 3 additions & 3 deletions Justfile
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ _get-clean-version $VERSION:
#!/usr/bin/env bash
echo -n "$VERSION" | sed 's/[+|-].*//g'

# just _parse-os bionic
# just _parse-os jammy
_parse-os OS:
#!/usr/bin/env bash
if [[ "{{OS}}" == "bionic" ]]; then
Expand All @@ -44,7 +44,7 @@ _parse-os OS:
echo "{{OS}}"
fi

# just _rev-parse-os ubuntu1804
# just _rev-parse-os ubuntu2204
_rev-parse-os OS:
#!/usr/bin/env bash
if [[ "{{OS}}" == "ubuntu1804" ]]; then
Expand Down Expand Up @@ -299,7 +299,7 @@ test-image $PRODUCT $VERSION +IMAGES:
PYTHON_VERSION_ALT={{PYTHON_VERSION_ALT}} \
$PRODUCT/test "${IMAGE_ARRAY[0]}" "$VERSION"

# just lint workbench ubuntu1804
# just lint workbench ubuntu2204
lint $PRODUCT $OS:
#!/usr/bin/env bash
docker run --rm -i -v $PWD/hadolint.yaml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < $PRODUCT/Dockerfile.$(just _parse-os {{OS}})
4 changes: 4 additions & 0 deletions NEWS.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ changed in each image.

This file only captures pervasive, repository-wide changes.

# 2023-08-07

- Removed base image Ubuntu 18.04 builds.

# 2023-08-01
- Overhauled the workflows for this repository to use official Github Actions over `just` targets for building, testing,
scanning, and pushing images.
Expand Down
4 changes: 2 additions & 2 deletions content/base/Justfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ BUILDX_PATH := ""

IMAGE_PREFIX := "rstudio/"
PRODUCT := "content-base"
IMAGE_OS := "ubuntu1804"
IMAGE_OS := "ubuntu2204"

R_VERSION := "3.6.3"

Expand All @@ -14,7 +14,7 @@ QUARTO_VERSION := "1.3.340"

DEFAULT_TAG := IMAGE_PREFIX + PRODUCT + ":r" + R_VERSION + "-py" + PYTHON_VERSION + "-" + IMAGE_OS

# Build content base image - just build ubuntu1804 3.6.3 3.9.5 rstudio/content-base:r3.6.3-py3.9.5-bionic
# Build content base image - just build ubuntu2204 3.6.3 3.9.5 rstudio/content-base:r3.6.3-py3.9.5-bionic
build OS=IMAGE_OS _R_VERSION=R_VERSION _PYTHON_VERSION=PYTHON_VERSION +TAGS="":
#!/usr/bin/env bash
set -euxo pipefail
Expand Down
4 changes: 2 additions & 2 deletions content/pro/Justfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ BUILDX_PATH := ""

IMAGE_PREFIX := "rstudio/"
PRODUCT := "content-pro"
IMAGE_OS := "ubuntu1804"
IMAGE_OS := "ubuntu2204"

R_VERSION := "3.6.3"

Expand All @@ -15,7 +15,7 @@ DRIVERS_VERSION_RHEL := DRIVERS_VERSION + "-1"

DEFAULT_TAG := IMAGE_PREFIX + PRODUCT + ":r" + R_VERSION + "-py" + PYTHON_VERSION + "-" + IMAGE_OS

# Build content pro image - just build ubuntu1804 3.6.3 3.9.5 rstudio/content-pro:r3.6.3-py3.9.5-bionic
# Build content pro image - just build ubuntu2204 3.6.3 3.9.5 rstudio/content-pro:r3.6.3-py3.9.5-bionic
build OS=IMAGE_OS _R_VERSION=R_VERSION _PYTHON_VERSION=PYTHON_VERSION +TAGS=DEFAULT_TAG:
#!/usr/bin/env bash
set -euxo pipefail
Expand Down
39 changes: 31 additions & 8 deletions package-manager/Dockerfile.ubuntu1804
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,34 @@ ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
ARG DEBIAN_FRONTEND=noninteractive
ARG TINI_VERSION=0.19.0

ENV PATH /opt/rstudio-pm/bin:$PATH

# Upgrade/install packages ----------------------------------------------------#
RUN apt-get update --fix-missing \
&& apt-get upgrade -yq \
&& apt-get install -yq --no-install-recommends \
ca-certificates \
curl \
dirmngr \
gpg \
gpg-agent \
&& rm -rf /var/lib/apt/lists/*

# Runtime settings ------------------------------------------------------------#
ARG TINI_VERSION=0.18.0
RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini && \
chmod +x /usr/local/bin/tini
ADD https://cdn.rstudio.com/platform/tini/v${TINI_VERSION}/tini-amd64 /tini
ADD https://cdn.rstudio.com/platform/tini/v${TINI_VERSION}/tini-amd64.asc /tini.asc
# Keys must be pulled using curl, gpg calls intermittently fail on 18.04 with "gpg: keyserver receive failed: Cannot assign requested address"
RUN gpg --update-trustdb \
&& curl -sL -o /tmp/tini-key.asc "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6380dc428747f6c393feaca59a84159d7001a4e5" \
&& gpg --import /tmp/tini-key.asc \
&& rm /tmp/tini-key.asc \
&& gpg --batch --verify /tini.asc /tini \
&& chmod +x /tini \
&& ln -s /tini /usr/local/bin/tini

# Add another R version -------------------------------------------------------#

ARG R_VERSION_ALT=3.6.2
RUN apt-get update -qq && \
curl -O https://cdn.rstudio.com/r/ubuntu-1804/pkgs/r-${R_VERSION_ALT}_1_amd64.deb && \
Expand All @@ -31,17 +49,22 @@ RUN apt-get update -qq && \
# Download RStudio Package Manager ---------------------------------------------#
ARG RSPM_VERSION=2023.04.0-6
ARG RSPM_DOWNLOAD_URL=https://cdn.rstudio.com/package-manager/ubuntu/amd64
# Keys must be pulled using curl, gpg calls intermittently fail on 18.04 with "gpg: keyserver receive failed: Cannot assign requested address"
RUN apt-get update --fix-missing \
&& apt-get install -y --no-install-recommends gdebi-core dpkg-sig \
&& apt-get install -y --no-install-recommends gdebi-core gpg dpkg-sig \
&& curl -O ${RSPM_DOWNLOAD_URL}/rstudio-pm_${RSPM_VERSION}_amd64.deb \
# Pre 7/25/23 packages
&& gpg --keyserver keyserver.ubuntu.com --recv-keys 3F32EE77E331692F \
&& curl -sL -o /tmp/rstudio-key.asc "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xfe8564cff1ab93f1728645193f32ee77e331692f" \
&& gpg --import /tmp/rstudio-key.asc \
&& rm /tmp/rstudio-key.asc \
# Post 7/25 packages
&& gpg --keyserver keys.openpgp.org --recv-keys 51C0B5BB19F92D60 \
&& curl -sL -o /tmp/posit-key.asc "https://keys.openpgp.org/vks/v1/by-fingerprint/8B65E5A107BBEFE3BA99C59751C0B5BB19F92D60" \
&& gpg --import /tmp/posit-key.asc \
&& rm /tmp/posit-key.asc \
&& dpkg-sig --verify rstudio-pm_${RSPM_VERSION}_amd64.deb \
&& RSTUDIO_INSTALL_NO_LICENSE_INITIALIZATION=1 gdebi -n rstudio-pm_${RSPM_VERSION}_amd64.deb \
&& rm rstudio-pm_${RSPM_VERSION}_amd64.deb \
&& apt-get purge -y gdebi-core dpkg-sig \
&& apt-get purge -y gdebi-core dpkg-sig gpg gpg-agent \
&& apt-get autoremove -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
Expand Down
41 changes: 0 additions & 41 deletions package-manager/Dockerfile.ubuntu1804.draft

This file was deleted.

Loading