Merge branch 'staging' into bioec131

.github/labeler.yml

@@ -115,6 +115,8 @@ node-placeholder-scaler:
   - 'deployments/julia/**'
 'hub: logodev':
   - 'deployments/logodev/**'
+'hub: nature':
+  - 'deployments/nature/**'
 'hub: prob140':
   - 'deployments/prob140/**'
 'hub: publichealth':

.github/scripts/determine-hub-deployments.py

@@ -0,0 +1,69 @@
+#! /usr/bin/env python
+"""
+Check the Github environment variables for hub deployments and determine if we
+will deploy all hubs or just a subset.
+
+All hubs will be deployed if the environment variable
+GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT or GITHUB_PR_LABEL_HUB_IMAGES is set.
+
+Otherwise, the environment variables GITHUB_PR_LABEL_HUB_<HUB_NAME> will be
+checked to determine which hubs to deploy.
+
+If no hubs need deploying, nothing will be emitted.
+"""
+import argparse
+import os
+
+def main(args):
+    hubs = []
+
+    # Deploy all hubs by getting deployment names from the dirs in deployments/
+    if (
+        "GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT" or
+        "GITHUB_PR_LABEL_HUB_IMAGES"
+    ) in os.environ.keys():
+        for deployment in next(os.walk(args.deployments))[1]:
+            if deployment not in args.ignore:
+                hubs.append(deployment)
+
+    # Deploy only the modified/flagged hubs by PR labels
+    else:
+        hub_labels = [
+            k.lower() for k in os.environ.keys() 
+            if k.startswith("GITHUB_PR_LABEL_HUB_")
+        ]
+        hubs = [x.split("_")[-1] for x in hub_labels]
+        hubs = [x for x in hubs if x not in args.ignore]
+
+    hubs.sort()
+    for h in hubs:
+        if args.only_deploy and h not in args.only_deploy:
+            continue
+        print(h)
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description="Get hubs that need to be deployed from environment variables."
+    )
+    parser.add_argument(
+        "--deployments",
+        "-d",
+        default="deployments",
+        help="The directory to search for deployments."
+    )
+    parser.add_argument(
+        "--ignore",
+        "-i",
+        nargs="*",
+        default=["template"],
+        help="Ignore one or more deployment targets."
+    )
+    parser.add_argument(
+        "--only-deploy",
+        "-o",
+        nargs="*",
+        help="Only deploy the specified hubs."
+    )
+    args = parser.parse_args()
+
+    main(args)

.github/workflows/deploy-hubs.yaml

@@ -0,0 +1,201 @@
+# This workflow will determine if the base hub image and/or single-user server
+# image for any or all hubs has has changed, and if so, deploy accordingly.
+#
+name: Deploy staging and prod hubs
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - staging
+      - prod
+
+jobs:
+  deploy-hubs-to-staging:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/staging'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get PR labels
+        id: pr-labels
+        uses: irby/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check for hubs that need deploying from the labels on the merge commit to staging
+        run: |
+          echo "PR labels: ${{ steps.pr-labels.outputs.labels }}"
+          # If the PR labels "hub-images" or "jupyterhub-deployment" are
+          # present, this means the base hub image has changed, and all hubs
+          # (staging or prod) need to be redeployed.
+          #
+          if [[ -n ${GITHUB_PR_LABEL_HUB_IMAGES} || -n ${GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT} ]]; then
+            echo "DEPLOY=1" >> $GITHUB_ENV
+          # Otherwise, check to see if the PR labels contain any hubs, and 
+          # deploy just those hubs to staging.
+          #
+          else
+            for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do
+              if [[ "$label" == hub-* ]]; then
+                echo "DEPLOY=1" >> $GITHUB_ENV
+              fi
+            done
+          fi
+
+      - name: Check out the image repo
+        if: ${{ env.DEPLOY }}
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # OR "2" -> To retrieve the preceding commit.
+
+      - name: Setup python
+        if: ${{ env.DEPLOY }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        if: ${{ env.DEPLOY }}
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install --force-reinstall git+https://github.com/shaneknapp/hubploy.git@major-refactor
+
+      - name: Auth to gcloud
+        if: ${{ env.DEPLOY }}
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GKE_KEY }}
+          project_id: ${{ secrets.GCP_PROJECT_ID }}
+
+      - name: Install Google Cloud SDK
+        if: ${{ env.DEPLOY }}
+        uses: google-github-actions/setup-gcloud@v2
+        with:
+          install_components: 'gke-gcloud-auth-plugin'
+
+      - name: Install SOPS
+        if: ${{ env.DEPLOY }}
+        run: |
+          mkdir -p ${HOME}/bin
+          curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops
+          chmod 755 ${HOME}/bin/sops
+          echo "${HOME}/bin" >> $GITHUB_PATH
+
+      - name: Store SOPS secret in a file
+        if: ${{ env.DEPLOY }}
+        run: |
+          cat << EOF > ${HOME}/sops.key
+          ${{ secrets.SOPS_KEY }}
+          EOF
+          echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV
+
+      - name: Install Helm
+        if: ${{ env.DEPLOY }}
+        run: |
+            curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf -
+            mv linux-amd64/helm /usr/local/bin
+            helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/
+            helm repo update
+
+      - name: Deploy hubs to staging
+        if: ${{ env.DEPLOY }}
+        run: |
+          while read deployment; do
+            echo "Deploying single-user image and hub config to ${deployment}"
+            hubploy --verbose deploy --timeout 30m ${deployment} hub staging
+            echo
+          done < <(python .github/scripts/determine-hub-deployments.py --only-deploy gradebook logodev shiny stat159 stat20 nature a11y ugr01 data101 astro biology cee dev publichealth)
+
+  deploy-hubs-to-prod:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/prod'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get PR labels
+        id: pr-labels
+        uses: irby/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check for hubs that need deploying from the labels on the merge commit to prod
+        run: |
+          echo "PR labels: ${{ steps.pr-labels.outputs.labels }}"
+          # If the PR labels "hub-images" or "jupyterhub-deployment" are
+          # present, this means the base hub image has changed, and all hubs
+          # (staging or prod) need to be redeployed.
+          #
+          if [[ -n ${GITHUB_PR_LABEL_HUB_IMAGES} || -n ${GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT} ]]; then
+            echo "DEPLOY=1" >> $GITHUB_ENV
+          # Otherwise, check to see if the PR labels contain any hubs, and 
+          # deploy just those hubs to prod.
+          #
+          else
+            for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do
+              if [[ "$label" == hub-* ]]; then
+                echo "DEPLOY=1" >> $GITHUB_ENV
+              fi
+            done
+          fi
+
+      - name: Check out the image repo
+        if: ${{ env.DEPLOY }}
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # OR "2" -> To retrieve the preceding commit.
+
+      - name: Setup python
+        if: ${{ env.DEPLOY }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        if: ${{ env.DEPLOY }}
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install --force-reinstall git+https://github.com/shaneknapp/hubploy.git@major-refactor
+
+      - name: Auth to gcloud
+        if: ${{ env.DEPLOY }}
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GKE_KEY }}
+          project_id: ${{ secrets.GCP_PROJECT_ID }}
+
+      - name: Install Google Cloud SDK
+        if: ${{ env.DEPLOY }}
+        uses: google-github-actions/setup-gcloud@v2
+        with:
+          install_components: 'gke-gcloud-auth-plugin'
+
+      - name: Install SOPS
+        if: ${{ env.DEPLOY }}
+        run: |
+          mkdir -p ${HOME}/bin
+          curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops
+          chmod 755 ${HOME}/bin/sops
+          echo "${HOME}/bin" >> $GITHUB_PATH
+
+      - name: Store SOPS secret in a file
+        if: ${{ env.DEPLOY }}
+        run: |
+          cat << EOF > ${HOME}/sops.key
+          ${{ secrets.SOPS_KEY }}
+          EOF
+          echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV
+
+      - name: Install Helm
+        if: ${{ env.DEPLOY }}
+        run: |
+            curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf -
+            mv linux-amd64/helm /usr/local/bin
+            helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/
+            helm repo update
+
+      - name: Deploy hubs to prod
+        if: ${{ env.DEPLOY }}
+        run: |
+          while read deployment; do
+            echo "Deploying single-user image and hub config to ${deployment}"
+            hubploy --verbose deploy --timeout 30m ${deployment} hub prod
+            echo
+          done < <(python .github/scripts/determine-hub-deployments.py --only-deploy gradebook logodev shiny stat159 stat20 nature a11y ugr01 data101 astro biology cee dev publichealth)

.github/workflows/deploy-node-placeholder.yaml

@@ -0,0 +1,89 @@
+name: Deploy node placeholder helm chart
+# use echo ${VAR##*: } to get the value of a variable that is a string with a colon in it
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - staging
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get PR labels
+        id: pr-labels
+        uses: irby/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check out the image repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # OR "2" -> To retrieve the preceding commit.
+
+      - name: Check if the nbde placeholder helm chart needs to be deployed
+        run: |
+          echo "PR labels: ${{ steps.pr-labels.outputs.labels }}"
+          for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do
+            if [[ "$label" == node-placeholder-* ]]; then
+              echo "Deploying node placeholder charts!"
+              echo "DEPLOY=1" >> $GITHUB_ENV
+            fi
+          done
+
+      - name: Auth to gcloud
+        if: ${{ env.DEPLOY }}
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GKE_KEY }}
+          project_id: ${{ secrets.GCP_PROJECT_ID }}
+
+      - name: Install Google Cloud SDK
+        if: ${{ env.DEPLOY }}
+        uses: google-github-actions/setup-gcloud@v2
+        with:
+          install_components: 'gke-gcloud-auth-plugin'
+
+      - name: Install SOPS
+        if: ${{ env.DEPLOY }}
+        run: |
+          mkdir -p ${HOME}/bin
+          curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops
+          chmod 755 ${HOME}/bin/sops
+          echo "${HOME}/bin" >> $GITHUB_PATH
+
+      - name: Store SOPS secret in a file
+        if: ${{ env.DEPLOY }}
+        run: |
+          cat << EOF > ${HOME}/sops.key
+          ${{ secrets.SOPS_KEY }}
+          EOF
+          echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV
+
+      - name: Install Helm
+        if: ${{ env.DEPLOY }}
+        run: |
+          curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf -
+          mv linux-amd64/helm /usr/local/bin
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+          helm repo update
+
+      - name: Activate credentials for cluster
+        if: ${{ env.DEPLOY }}
+        run: |
+          sops -d -i deployments/datahub/secrets/gke-key.json
+          gcloud auth \
+            activate-service-account \
+            --key-file deployments/datahub/secrets/gke-key.json
+          gcloud container clusters \
+            --region=us-central1 --project=ucb-datahub-2018 \
+            get-credentials spring-2024
+
+      - name: Deploy node placeholder helm chart
+        if: ${{ env.DEPLOY }}
+        run: |
+          sops -d -i node-placeholder/secrets.yaml
+          helm upgrade \
+            --install --wait \
+            --namespace=node-placeholder node-placeholder node-placeholder \
+            -f node-placeholder/secrets.yaml