Streamline deployment of GESIS acceptance server

.editorconfig

@@ -0,0 +1,5 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true

.gitlab-ci.yml

@@ -0,0 +1,70 @@
+variables:
+  GIT_STRATEGY: clone
+  GIT_CLEAN_FLAGS: "-ffdx"
+  # Change pip's cache directory to be inside the project directory since we can only cache local items.
+  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
+  EXTRA_VALUES_ACCEPTANCE: "--values ./secrets/config/common/common.yaml --values ./secrets/config/common/cryptnono.yaml --values ./secrets/config/common/gesis.yaml --values ./secrets/config/gesis-acceptance.yaml --values ./config/gesis.yml --values ./config/gesis-acceptance.yml"
+
+# This workflow:rules are required to enable merge request pipelines!
+workflow:
+  rules:
+    - if: $CI_SERVER_FQDN == "git.gesis.org" && $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_SERVER_FQDN == "git.gesis.org" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+stages:
+  - build
+  - lint
+  - deploy-acceptance-helm
+  - test-acceptance
+  - deploy-production-helm
+  - test-production
+
+build helm chart:
+  stage: build
+  rules:
+    - if: $CI_SERVER_FQDN == "git.gesis.org" && $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_SERVER_FQDN == "git.gesis.org" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  # Python version blocked by https://github.com/jupyterhub/mybinder.org-deploy/issues/3168
+  image: python:3.11.11-bookworm
+  cache:
+    paths:
+      - .cache/pip
+  script:
+    - python -V
+    - pip install virtualenv
+    - virtualenv venv
+    - source venv/bin/activate
+    - pip install --upgrade setuptools pip
+    - pip install --upgrade -r requirements.txt
+    - |
+      chartpress \
+      --no-build
+  artifacts:
+    expire_in: 1h
+    paths:
+      - mybinder-kube-system/Chart.yaml
+      - mybinder-tigera-operator/Chart.yaml
+      - mybinder/Chart.yaml
+      - mybinder/values.yaml
+
+include:
+  - component: $CI_SERVER_FQDN/rse/docker/images/helm/[email protected]
+    inputs:
+      stage: lint
+      dir: mybinder
+      extra_values: ${EXTRA_VALUES_ACCEPTANCE}
+      git_crypt: "true"
+    rules:
+      - if: $CI_SERVER_FQDN == "git.gesis.org" && $CI_PIPELINE_SOURCE == 'merge_request_event'
+      - if: $CI_SERVER_FQDN == "git.gesis.org" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+  - component: $CI_SERVER_FQDN/rse/docker/images/helm/[email protected]
+    inputs:
+      stage: deploy-acceptance-helm
+      environment: acceptance
+      dir: mybinder
+      k8s_context: methods-hub/binder.methodshub.gesis.org:acceptance
+      extra_values: ${EXTRA_VALUES_ACCEPTANCE}
+      git_crypt: "true"
+    rules:
+      - if: $CI_SERVER_FQDN == "git.gesis.org" && $CI_PIPELINE_SOURCE == 'merge_request_event'

.gitlab/agents/acceptance/config.yaml

@@ -0,0 +1,3 @@
+ci_access:
+  projects:
+    - id: methods-hub/interactive-environment

config/gesis-acceptance.yml

@@ -0,0 +1,91 @@
+projectName: gesis-acceptance
+analyticsPublisher:
+  enabled: false
+binderhub:
+  config:
+    BinderHub:
+      hub_url: https://notebooks-test.gesis.org/binder/jupyter/
+    KubernetesBuildExecutor:
+      memory_limit: 3G
+      memory_request: 1G
+    LaunchQuota:
+      total_quota: 30
+  extraConfig:
+    01-template-variables: >
+      template_vars = {
+        "gesis_notebooks_https": 'https://notebooks-test.gesis.org/',
+        'production': False,
+      }
+
+      template_vars['gesis_notebooks_static'] =
+      template_vars['gesis_notebooks_https'] + "static/"
+
+      template_vars['gesis_web_frontend_framework'] =
+      template_vars['gesis_notebooks_static'] + "gesis-web-frontend-framework/"
+
+      template_vars['binder_static'] = template_vars['gesis_notebooks_https'] +
+      "static/"
+
+      c.BinderHub.template_variables.update(template_vars)
+  imageCleaner:
+    # size is given in bytes, i.e. 1GB = 1e9
+    imageGCThresholdHigh: 10e9
+    imageGCThresholdLow: 5e9
+    imageGCThresholdType: absolute
+  ingress:
+    hosts:
+      - notebooks-test.gesis.org
+  jupyterhub:
+    ingress:
+      hosts:
+        - notebooks-test.gesis.org
+cryptnono:
+  enabled: true
+grafana:
+  dashboardProviders:
+    dashboardproviders.yaml:
+      apiVersion: 1
+      providers:
+        - disableDeletion: true
+          editable: false
+          folder: notebooks.gesis.org
+          name: default
+          options:
+            path: /var/lib/grafana/dashboards/notebooks.gesis.org
+          orgId: 1
+          type: file
+  grafana.ini:
+    server:
+      root_url: https://notebooks.gesis.org/grafana/
+  ingress:
+    hosts:
+      - notebooks-test.gesis.org
+  nodeSelector:
+  resources:
+    limits:
+      cpu: "0.25"
+      memory: 128Mi
+    requests:
+      cpu: "0"
+      memory: 128Mi
+prometheus:
+  server:
+    ingress:
+      hosts:
+        - notebooks-test.gesis.org
+    persistentVolume:
+      size: 1Gi
+      storageClass: local-storage-prometheus
+    resources:
+      limits:
+        cpu: "1"
+        memory: 1Gi
+      requests:
+        cpu: "1"
+        memory: 1Gi
+    retention: 30d
+static:
+  ingress:
+    hosts:
+      - notebooks-test.gesis.org
+url: https://notebooks-test.gesis.org/

config/gesis.yml

@@ -0,0 +1,119 @@
+# The Kubernetes Cluster already have Ingress NGINX Controller
+ingress-nginx:
+  enabled: false
+binderhub:
+  nodeSelector:
+    binderhub: "true"
+  ingress:
+    # Don't change the className
+    ingressClassName: nginx
+    # Don't change the annotations
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt
+    pathSuffix: binder
+  config:
+    BinderHub:
+      base_url: /binder/
+      build_node_selector:
+        binderhub: "true"
+      image_prefix: gesiscss/binder-r2d-g5b5b759-
+      template_path: /etc/binderhub/templates
+      use_registry: true
+    KubernetesBuildExecutor:
+      node_selector:
+        binderhub: "true"
+        docker_available: "true"
+  extraConfig:
+    02-badge-base-url: |
+      c.BinderHub.badge_base_url = "https://mybinder.org/"
+  extraEnv:
+    GOOGLE_APPLICATION_CREDENTIALS: /secrets/service-account.json
+  extraVolumeMounts:
+    - mountPath: /secrets
+      name: secrets
+      readOnly: true
+  extraVolumes:
+    - name: secrets
+      secret:
+        secretName: events-archiver-secrets
+  imageCleaner:
+    enabled: true
+  jupyterhub:
+    ingress:
+      # Don't change the className
+      ingressClassName: nginx
+      # Don't change the annotations
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt
+    hub:
+      baseUrl: /jupyterhub
+      db:
+        pvc:
+          storageClassName: local-storage-jupyterhub
+      nodeSelector:
+        jupyterhub: "true"
+    singleuser:
+      nodeSelector:
+        jupyterhub_single_user: "true"
+  replicas: 1
+cryptnono:
+  enabled: true
+grafana:
+  datasources:
+    datasources.yaml:
+      apiVersion: 1
+      datasources:
+        - editable: false
+          isDefault: true
+          name: GESIS Notebooks Prometheus
+          orgId: 1
+          type: prometheus
+          uid: gesis-notebooks-prometheus
+          url: http://binderhub-prometheus-server
+      prune: true
+  deploymentStrategy:
+    type: Recreate
+  enabled: true
+  grafana.ini:
+    auth.anonymous:
+      enabled: true
+      org_name: Main Org.
+      org_role: Viewer
+    auth.basic:
+      enabled: true
+    security:
+      allow_embedding: true
+    server:
+      http_port: 3000
+    smtp:
+      enabled: true
+  ingress:
+    # Don't change the className
+    className: nginx
+    # Don't change the annotations
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt
+      nginx.ingress.kubernetes.io/use-regex: "true"
+      nginx.ingress.kubernetes.io/rewrite-target: /$2
+    pathType: ImplementationSpecific
+    path: /grafana(/|$)(.*)
+  nodeSelector:
+    grafana: "true"
+  persistence:
+    enabled: false
+prometheus:
+  enabled: true
+  server:
+    prefixURL: /prometheus
+    ingress:
+      # Don't change the className
+      className: nginx
+      # Don't change the annotations
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt
+      path: /prometheus
+    livenessProbeInitialDelay: 800
+    persistentVolume:
+      storageClass: local-storage-prometheus
+static:
+  enabled: false

mybinder/files/etc/jupyter/templates/login.html

@@ -1,32 +1,27 @@
-{% extends "templates/login.html" %}
-
-{% block header_buttons %}
-{% block login_widget %}
-{% endblock %}
+{% extends "templates/login.html" %} {% block header_buttons %} {% block
+login_widget %} {% endblock %}
 <span class="flex-spacer"></span>
-{{super()}}
-{% endblock header_buttons %}
-
-{% block site %}
+{{super()}} {% endblock header_buttons %} {% block site %}
 <div id="ipython-main-app" class="container">
   <h1>Binder inaccessible</h1>
   <h2>
-    You can get a new Binder for this repo by clicking <a href="{{binder_url}}">here</a>.
+    You can get a new Binder for this repo by clicking
+    <a href="{{binder_url}}">here</a>.
   </h2>
-  <p>
-    The shareable URL for this repo is: <tt>{{binder_url}}</tt>
-  </p>
+  <p>The shareable URL for this repo is: <tt>{{binder_url}}</tt></p>
 
   <h4>Is this a Binder that you created?</h4>
   <p>
-    If so, your authentication cookie for this Binder has been deleted or expired.
-    You can launch a new Binder for this repo by clicking <a href="{{binder_url}}">here</a>.
+    If so, your authentication cookie for this Binder has been deleted or
+    expired. You can launch a new Binder for this repo by clicking
+    <a href="{{binder_url}}">here</a>.
   </p>
 
   <h4>Did someone give you this Binder link?</h4>
   <p>
-    If so, the link is outdated or incorrect.
-    Recheck the link for typos or ask the person who gave you the link for an updated link.
-    A shareable Binder link should look like <tt>{{binder_url}}</tt>.
+    If so, the link is outdated or incorrect. Recheck the link for typos or ask
+    the person who gave you the link for an updated link. A shareable Binder
+    link should look like <tt>{{binder_url}}</tt>.
+  </p>
 </div>
 {% endblock site %}