From 524cf58b30a3bba373e0b311185ce4edede350b9 Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Mon, 17 May 2021 14:38:25 +0530
Subject: [PATCH 1/4] Upgrade version of otter-grader

Fixes https://github.com/2i2c-org/pilot/issues/71
---
 images/user/environment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/user/environment.yml b/images/user/environment.yml
index 72bae78c37..1c152837d6 100644
--- a/images/user/environment.yml
+++ b/images/user/environment.yml
@@ -44,7 +44,7 @@ dependencies:
     - jupyter-rsession-proxy==1.2
     - jupyter-tree-download==1.0.1
     - ipywidgets==7.5.1
-    - otter-grader==1.1.3
+    - otter-grader==2.1.7
 
     - datascience
     - geojson

From 22459c8ebb56a27d376d831601eedc532cb78cd9 Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Mon, 17 May 2021 18:41:57 +0530
Subject: [PATCH 2/4] Fix deployer build process

- Fix path to image/user
- Authenticate to docker by setting up appropriate credential
  helper. Currently supports google artifact registry only, since
  that's the only thing we use this piece of code for.

  https://docs.docker.com/engine/reference/commandline/login/#credential-helpers
  has more information
---
 deployer/build.py |  3 ++-
 deployer/hub.py   | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/deployer/build.py b/deployer/build.py
index 97e319ec2c..d7faba0665 100644
--- a/deployer/build.py
+++ b/deployer/build.py
@@ -51,11 +51,12 @@ def image_exists(image_name):
 
     return result.returncode == 0
 
+
 def build_image(image_repo):
     """
     Build & push image in images/user if needed
     """
-    tag = last_modified_commit(os.path.join(HERE, "images/user"))
+    tag = last_modified_commit(os.path.join(HERE, "../images/user"))
     image_name = f"{image_repo}:{tag}"
 
     if image_exists(image_name):
diff --git a/deployer/hub.py b/deployer/hub.py
index a74742ca6e..725b0d06c9 100644
--- a/deployer/hub.py
+++ b/deployer/hub.py
@@ -30,6 +30,7 @@ def __init__(self, spec):
         ]
 
     def build_image(self):
+        self.ensure_docker_credhelpers()
         build_image(self.spec['image_repo'])
 
     @contextmanager
@@ -41,6 +42,39 @@ def auth(self):
         else:
             raise ValueError(f'Provider {self.spec["provider"]} not supported')
 
+    def ensure_docker_credhelpers(self):
+        """
+        Setup credHelper for current hub's image registry.
+
+        Most image registries (like ECR, GCP Artifact registry, etc) use
+        a docker credHelper (https://docs.docker.com/engine/reference/commandline/login/#credential-helpers)
+        to authenticate, rather than a username & password. This requires an
+        entry per registry in ~/.docker/config.json.
+
+        This method ensures the appropriate credential helper is present
+        """
+        image_name = self.spec['image_repo']
+        registry = image_name.split('/')[0]
+
+        helper = None
+        # pkg.dev is used by Google Cloud Artifact registry
+        if registry.endswith('pkg.dev'):
+            helper = 'gcloud'
+
+        if helper is not None:
+            dockercfg_path = os.path.expanduser('~/.docker/config.json')
+            try:
+                with open(dockercfg_path) as f:
+                    config = json.load(f)
+            except FileNotFoundError:
+                config = {}
+
+            helpers = config.get('credHelpers', {})
+            helpers[registry] = helper
+            config['credHelpers'] = helpers
+            with open(dockercfg_path, 'w') as f:
+                json.dump(config, f)
+
 
     def auth_kubeconfig(self):
         """

From 807ee923005df4869603066925a9a191eab5ffb7 Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Mon, 17 May 2021 19:12:57 +0530
Subject: [PATCH 3/4] Bump value of built image

---
 hub-templates/basehub/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hub-templates/basehub/values.yaml b/hub-templates/basehub/values.yaml
index 2d5566f89e..c4ed89d6fd 100644
--- a/hub-templates/basehub/values.yaml
+++ b/hub-templates/basehub/values.yaml
@@ -106,7 +106,7 @@ jupyterhub:
       hub.jupyter.org/node-purpose: user
     image:
       name: set_automatically_by_automation
-      tag: 1b83c4f
+      tag: 524cf58
     storage:
       type: static
       static:

From 8743512fa45487319b7c7dbbd9035ca395a91167 Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Tue, 18 May 2021 21:38:23 +0530
Subject: [PATCH 4/4] Don't write to ~/.docker/config.json unnecessarily

Also pass indent=4 to pretty print ~/.docker/config.json
---
 deployer/hub.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/deployer/hub.py b/deployer/hub.py
index 725b0d06c9..096c02abd2 100644
--- a/deployer/hub.py
+++ b/deployer/hub.py
@@ -70,10 +70,11 @@ def ensure_docker_credhelpers(self):
                 config = {}
 
             helpers = config.get('credHelpers', {})
-            helpers[registry] = helper
-            config['credHelpers'] = helpers
-            with open(dockercfg_path, 'w') as f:
-                json.dump(config, f)
+            if helpers.get(registry) != helper:
+                helpers[registry] = helper
+                config['credHelpers'] = helpers
+                with open(dockercfg_path, 'w') as f:
+                    json.dump(config, f, indent=4)
 
 
     def auth_kubeconfig(self):