Merge branch 'nebari-dev:develop' into bug-2599-JHUB

.github/PULL_REQUEST_TEMPLATE.md

@@ -30,6 +30,14 @@ _Put a `x` in the boxes that apply_
 - [ ] Did you test the pull request locally?
 - [ ] Did you add new tests?
 
+## How to test this PR?
+
+<!--
+If relevant, please outline the steps required to test your contribution
+and the expected outcomes from the proposed changes. Providing clear
+testing instructions will help reviewers evaluate your contribution.
+-->
+
 ## Any other comments?
 
 <!--

.github/workflows/test-provider.yaml

@@ -75,7 +75,7 @@ jobs:
           python-version: "3.11"
 
       - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: jwt
           url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"

.github/workflows/test_aws_integration.yaml

@@ -32,12 +32,12 @@ env:
   AWS_DEFAULT_REGION: "us-west-2"
   NEBARI_GH_BRANCH: ${{ github.event.inputs.branch || 'develop' }}
   NEBARI_IMAGE_TAG: ${{ github.event.inputs.image-tag || 'main' }}
-  TF_LOG: ${{ github.event.inputs.tf-log-level || 'info' }}
-
+  TF_LOG: ${{ github.event.inputs.tf-log-level || 'info' }}∏
 
 jobs:
   test-aws-integration:
     runs-on: ubuntu-latest
+    if: ${{ vars.SKIP_AWS_INTEGRATION_TEST != 'true' }}
     permissions:
       id-token: write
       contents: read
@@ -59,7 +59,7 @@ jobs:
           playwright install
 
       - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: jwt
           url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"

.github/workflows/test_azure_integration.yaml

@@ -1,4 +1,4 @@
-name: Azure Delpoyment
+name: Azure Deployment
 
 on:
   schedule:
@@ -35,6 +35,7 @@ env:
 jobs:
   test-azure-integration:
     runs-on: ubuntu-latest
+    if: ${{ vars.SKIP_AZURE_INTEGRATION_TEST != 'true' }}
     permissions:
       id-token: write
       contents: read
@@ -57,7 +58,7 @@ jobs:
           playwright install
 
       - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: jwt
           url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"

.github/workflows/test_do_integration.yaml

@@ -36,6 +36,7 @@ env:
 jobs:
   test-do-integration:
     runs-on: ubuntu-latest
+    if: ${{ vars.SKIP_DO_INTEGRATION_TEST != 'true' }}
     permissions:
       id-token: write
       contents: read
@@ -57,7 +58,7 @@ jobs:
             playwright install
 
       - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: jwt
           url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"

.github/workflows/test_gcp_integration.yaml

@@ -32,10 +32,10 @@ env:
   NEBARI_IMAGE_TAG: ${{ github.event.inputs.image-tag || 'main' }}
   TF_LOG: ${{ github.event.inputs.tf-log-level || 'info' }}
 
-
 jobs:
   test-gcp-integration:
     runs-on: ubuntu-latest
+    if: ${{ vars.SKIP_GCP_INTEGRATION_TEST != 'true' }}
     permissions:
       id-token: write
       contents: read
@@ -58,7 +58,7 @@ jobs:
           playwright install
 
       - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: jwt
           url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"

.github/workflows/test_helm_charts.yaml

@@ -1,5 +1,5 @@
 # Right now the trigger is set to run on every Monday at 13:00 UTC,
-# or when the workflow file is modified. An aditional manual trigger
+# or when the workflow file is modified. An additional manual trigger
 # is also available.
 name: "Validate Helm Charts downloads"
 

.github/workflows/test_local_integration.yaml

@@ -33,6 +33,7 @@ on:
       pr_number:
         required: true
         type: string
+  workflow_dispatch:
 
 # When the cancel-in-progress: true option is specified, any concurrent jobs or workflows using the same
 # concurrency group will cancel both the pending and currently running jobs or workflows. This allows only
@@ -48,7 +49,7 @@ jobs:
       run:
         shell: bash -l {0}
     steps:
-      - name: 'Checkout Infrastructure'
+      - name: "Checkout Infrastructure"
         uses: actions/checkout@main
         with:
           fetch-depth: 0
@@ -145,21 +146,21 @@ jobs:
           nebari keycloak adduser --user "${TEST_USERNAME}" "${TEST_PASSWORD}" --config nebari-config.yaml
           nebari keycloak listusers --config nebari-config.yaml
 
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-
       - name: Get nebari-config.yaml full path
         run: echo "NEBARI_CONFIG_PATH=`realpath ./local-deployment/nebari-config.yaml`" >> "$GITHUB_ENV"
 
-      - name: Cypress run
-        uses: cypress-io/github-action@v6
+      ### DEPLOYMENT TESTS
+      - name: Deployment Pytests
         env:
-          CYPRESS_EXAMPLE_USER_NAME: ${{ env.TEST_USERNAME }}
-          CYPRESS_EXAMPLE_USER_PASSWORD: ${{ env.TEST_PASSWORD }}
-          CYPRESS_BASE_URL: https://github-actions.nebari.dev/
+          KEYCLOAK_USERNAME: ${{ env.TEST_USERNAME }}
+          KEYCLOAK_PASSWORD: ${{ env.TEST_PASSWORD }}
+        run: |
+          pytest tests/tests_deployment/ -v -s
+
+      ### USER-JOURNEY TESTS
+      - uses: actions/setup-node@v4
         with:
-          working-directory: tests/tests_e2e
+          node-version: 20
 
       - name: Playwright Tests
         env:
@@ -171,28 +172,22 @@ jobs:
           # create environment file
           envsubst < .env.tpl > .env
           # run playwright pytest tests in headed mode with the chromium browser
-          xvfb-run pytest --browser chromium
+          xvfb-run pytest --browser chromium --slowmo 300 --headed
 
-      - name: Save Cypress screenshots and videos
+      - name: Save Playwright recording artifacts
         if: always()
         uses: actions/[email protected]
         with:
-          name: e2e-cypress
+          name: e2e-playwright
           path: |
-            ./tests/tests_e2e/cypress/screenshots/
-            ./tests/tests_e2e/cypress/videos/
             ./tests/tests_e2e/playwright/videos/
 
-      - name: Deployment Pytests
-        env:
-          KEYCLOAK_USERNAME: ${{ env.TEST_USERNAME }}
-          KEYCLOAK_PASSWORD: ${{ env.TEST_PASSWORD }}
-        run: |
-          pytest tests/tests_deployment/ -v -s
-
       ### CLEANUP AFTER TESTS
       - name: Cleanup nebari deployment
-        if: always()
+        # Since this is not critical for most pull requests and takes more than half of the time
+        # in the CI, it makes sense to only run on merge to main or workflow_dispatch to speed
+        # up feedback cycle
+        if: github.ref_name == 'develop' || github.event_name == 'workflow_dispatch'
         working-directory: local-deployment
         run: |
           nebari destroy --config nebari-config.yaml --disable-prompt

.gitignore

@@ -57,3 +57,6 @@ nebari-config.yaml
 
 # Integration tests deployments
 _test_deploy
+
+# ignore downloaded helm charts
+**/template/charts

.pre-commit-config.yaml

@@ -36,28 +36,32 @@ repos:
       - id: check-executables-have-shebangs
         exclude: "^src/_nebari/template/"
 
+  - repo: https://github.com/crate-ci/typos
+    rev: typos-dict-v0.11.27
+    hooks:
+      - id: typos
+
   - repo: https://github.com/codespell-project/codespell
     rev: v2.3.0
     hooks:
       - id: codespell
         args:
           [
-            "--builtin=rare,clear,informal,names",
-            "--skip=_build,*/build/*,*/node_modules/*,nebari.egg-info,*.git,*.js,*.json,*.yaml,*.yml",
-            "--ignore-words-list=AKS,aks",
             "--write",
           ]
         language: python
+        additional_dependencies:
+        - tomli
 
   # python
   - repo: https://github.com/psf/black
-    rev: 24.4.2
+    rev: 24.8.0
     hooks:
       - id: black
         args: ["--line-length=88", "--exclude=/src/_nebari/template/"]
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.4.7
+    rev: v0.6.3
     hooks:
       - id: ruff
         args: ["--fix"]
@@ -73,7 +77,7 @@ repos:
 
   # terraform
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.90.0
+    rev: v1.94.1
     hooks:
       - id: terraform_fmt
         args:

RELEASE.md

@@ -9,6 +9,78 @@ This file is copied to nebari-dev/nebari-docs using a GitHub Action. -->
 
 ---
 
+### Release 2024.7.1 - August 8, 2024
+
+> NOTE: Support for Digital Ocean deployments using CLI commands and related Terraform modules is being deprecated. Although Digital Ocean will no longer be directly supported in future releases, you can still deploy to Digital Ocean infrastructure using the current `existing` deployment option.
+
+## What's Changed
+* Enable authentication by default in jupyter-server by @krassowski in https://github.com/nebari-dev/nebari/pull/2288
+* remove dns sleep by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2550
+* Conda-store permissions v2 + load roles from keycloak by @aktech in https://github.com/nebari-dev/nebari/pull/2531
+* Restrict public access and add bucket encryption using cmk by @dcmcand in https://github.com/nebari-dev/nebari/pull/2525
+* Add overwrite to AWS coredns addon by @dcmcand in https://github.com/nebari-dev/nebari/pull/2538
+* Add a default roles at initialisation by @aktech in https://github.com/nebari-dev/nebari/pull/2546
+* Hide gallery section if no exhibits are configured by @krassowski in https://github.com/nebari-dev/nebari/pull/2549
+* Add note about ~/.bash_profile by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2575
+* Expose jupyterlab-gallery branch and depth options by @krassowski in https://github.com/nebari-dev/nebari/pull/2556
+* #2566 Upgrade Jupyterhub ssh image by @arjxn-py in https://github.com/nebari-dev/nebari/pull/2576
+* Stop copying unnecessary files into user home directory by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2578
+* Include deprecation notes for init/deploy subcommands by @viniciusdc in https://github.com/nebari-dev/nebari/pull/2582
+* Only download jar if file doesn't exist by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2588
+* Remove unnecessary experimental flag by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2606
+* Add typos spell checker to pre-commit by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2568
+* Enh 2451 skip conditionals by @BrianCashProf in https://github.com/nebari-dev/nebari/pull/2569
+* Improve codespell support: adjust and concentrate config to pyproject.toml and fix more typos by @yarikoptic in https://github.com/nebari-dev/nebari/pull/2583
+* Move codespell config to pyproject.toml only by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2611
+* Add `depends_on` for bucket encryption by @viniciusdc in https://github.com/nebari-dev/nebari/pull/2615
+
+## New Contributors
+* @BrianCashProf made their first contribution in https://github.com/nebari-dev/nebari/pull/2569
+* @yarikoptic made their first contribution in https://github.com/nebari-dev/nebari/pull/2583
+
+
+**Full Changelog**: https://github.com/nebari-dev/nebari/compare/2024.6.1...2024.7.1
+
+
+### Release 2024.6.1 - June 26, 2024
+
+> NOTE: This release includes an upgrade to the `kube-prometheus-stack` Helm chart, resulting in a newer version of Grafana. When upgrading your Nebari cluster, you will be prompted to have Nebari update some CRDs and delete a DaemonSet on your behalf. If you prefer, you can also run the commands yourself, which will be shown to you. If you have any custom dashboards, you'll also need to back them up by [exporting them as JSON](https://grafana.com/docs/grafana/latest/dashboards/share-dashboards-panels/#export-a-dashboard-as-json), so you can [import them](https://grafana.com/docs/grafana/latest/dashboards/build-dashboards/import-dashboards/#import-a-dashboard) after upgrading.
+
+### What's Changed
+* Fetch JupyterHub roles from Keycloak by @krassowski in https://github.com/nebari-dev/nebari/pull/2447
+* Update selector for Start server button to use button tag by @krassowski in https://github.com/nebari-dev/nebari/pull/2464
+* Reduce GCP Fixed Costs by 50% by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2453
+* Restore JupyterHub updates from PR-2427 by @viniciusdc in https://github.com/nebari-dev/nebari/pull/2465
+* Workload identity by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2460
+* Fix test using a non-specific selector by @krassowski in https://github.com/nebari-dev/nebari/pull/2475
+* add verify=false since we use self signed cert in tests by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2481
+* fix forward auth when using custom cert by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2479
+* Upgrade to JupyterHub 5.0.0b2 by @krassowski in https://github.com/nebari-dev/nebari/pull/2468
+* upgrade instructions for PR 2453 by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2466
+* Use Helm Chart for JupyterHub 5.0.0 final by @krassowski in https://github.com/nebari-dev/nebari/pull/2484
+* Parse and insert keycloak roles scopes into JupyterHub by @aktech in https://github.com/nebari-dev/nebari/pull/2471
+* Add CITATION file by @pavithraes in https://github.com/nebari-dev/nebari/pull/2455
+* CI: add azure integration by @fangchenli in https://github.com/nebari-dev/nebari/pull/2061
+* Create trivy.yml by @dcmcand in https://github.com/nebari-dev/nebari/pull/2458
+* don't run azure deployment on PRs, only on schedule and manual trigger by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2498
+* add cloud provider deployment status badges to README.md by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2407
+* Upgrade kube-prometheus-stack helm chart by @marcelovilla in https://github.com/nebari-dev/nebari/pull/2472
+* upgrade note by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2502
+* Remove VSCode from jhub_apps default services by @jbouder in https://github.com/nebari-dev/nebari/pull/2503
+* Explicit config by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2294
+* fix general node scaling bug for azure by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/2517
+* Skip running cleanup on pull requests by @aktech in https://github.com/nebari-dev/nebari/pull/2488
+* 1792 Add docstrings to `upgrade.py` by @arjxn-py in https://github.com/nebari-dev/nebari/pull/2512
+* set's min TLS version for azure storage account to TLS 1.2 by @dcmcand in https://github.com/nebari-dev/nebari/pull/2522
+* Fix conda-store and Traefik Grafana Dashboards by @marcelovilla in https://github.com/nebari-dev/nebari/pull/2540
+* Implement support for jupyterlab-gallery config by @krassowski in https://github.com/nebari-dev/nebari/pull/2501
+* Add option to run CRDs updates and DaemonSet deletion on user's behalf. by @marcelovilla in https://github.com/nebari-dev/nebari/pull/2544
+
+### New Contributors
+* @arjxn-py made their first contribution in https://github.com/nebari-dev/nebari/pull/2512
+
+**Full Changelog**: https://github.com/nebari-dev/nebari/compare/2024.5.1...2024.6.1
+
 ### Release 2024.5.1 - May 13, 2024
 
 ## What's Changed
@@ -246,7 +318,7 @@ command and follow the instructions
 * paginator for boto3 ec2 instance types by @sblair-metrostar in https://github.com/nebari-dev/nebari/pull/1923
 * Update README.md -- fix typo. by @teoliphant in https://github.com/nebari-dev/nebari/pull/1925
 * Add more unit tests, add cleanup step for Digital Ocean integration test by @iameskild in https://github.com/nebari-dev/nebari/pull/1910
-* Add cleanup step for AWS integration test, ensure diable_prompt is passed through by @iameskild in https://github.com/nebari-dev/nebari/pull/1921
+* Add cleanup step for AWS integration test, ensure disable_prompt is passed through by @iameskild in https://github.com/nebari-dev/nebari/pull/1921
 * K8s 1.25 + More Improvements by @Adam-D-Lewis in https://github.com/nebari-dev/nebari/pull/1856
 * adding lifecycle ignore to eks node group by @sblair-metrostar in https://github.com/nebari-dev/nebari/pull/1905
 * nebari init unit tests by @sblair-metrostar in https://github.com/nebari-dev/nebari/pull/1931

pyproject.toml

@@ -60,6 +60,7 @@ dependencies = [
     "bcrypt==4.0.1",
     "boto3==1.34.63",
     "cloudflare==2.11.7",
+    "jinja2",
     "kubernetes==27.2.0",
     "pluggy==1.3.0",
     "prompt-toolkit==3.0.36",
@@ -72,6 +73,7 @@ dependencies = [
     "ruamel.yaml==0.18.6",
     "typer==0.9.0",
     "packaging==23.2",
+    "typing-extensions==4.11.0",
 ]
 
 [project.optional-dependencies]
@@ -82,7 +84,6 @@ dev = [
     "diagrams",
     "escapism",
     "importlib-metadata<5.0",
-    "jinja2",
     "mypy==1.6.1",
     "paramiko",
     "pre-commit",
@@ -176,3 +177,16 @@ exclude_also = [
     "@(abc\\.)?abstractmethod",
     ]
 ignore_errors = false
+
+[tool.typos]
+files.extend-exclude = ["_build", "*/build/*", "*/node_modules/*", "nebari.egg-info", "*.git", "*.js", "*.json", "*.yaml", "*.yml", "pre-commit-config.yaml"]
+default.extend-ignore-re = ["(?Rm)^.*(#|//)\\s*typos: ignore$"]
+default.extend-ignore-words-re = ["aks", "AKS"]
+default.check-filename = false  # Turn off initially, enable once https://github.com/nebari-dev/nebari/issues/2598 is addressed
+
+[tool.codespell]
+# Ref: https://github.com/codespell-project/codespell#using-a-config-file
+skip = '_build,*/build/*,*/node_modules/*,nebari.egg-info,*.git,package-lock.json,*.lock'
+check-hidden = true
+ignore-regex = '^\s*"image/\S+": ".*'
+ignore-words-list = 'aks'

pytest.ini

@@ -1,6 +1,6 @@
 [pytest]
 addopts =
-    # show tests that (f)ailed, (E)rror, or (X)passed in the summary
+    # show tests that (f)ailed, (E)rror, or (X)passed in the summary  # typos: ignore
     -rfEX
     # Make tracebacks shorter
     --tb=native