Merge branch 'main' into ipv6-ingress-checks

nebari-dev · Oct 24, 2024 · cb1cda8 · cb1cda8
2 parents 745377f + 215bbd6
commit cb1cda8
Show file tree

Hide file tree

Showing 166 changed files with 5,707 additions and 6,464 deletions.
diff --git a/.github/ISSUE_TEMPLATE/release-checklist.md b/.github/ISSUE_TEMPLATE/release-checklist.md
@@ -39,17 +39,17 @@ Release captain responsible - <@gh_username>
   - [Do we need to update the `dask` versions in the `nebari-dask`?](https://github.com/conda-forge/nebari-dask-feedstock/blob/main/recipe/meta.yaml#L13-L16)
   - Will there be an accompanying blog post?
 - [ ] Prepare for the release.
-  - [ ] Update the [`nebari upgrade`](https://github.com/nebari-dev/nebari/blob/develop/src/_nebari/upgrade.py) for this release
+  - [ ] Update the [`nebari upgrade`](https://github.com/nebari-dev/nebari/blob/main/src/_nebari/upgrade.py) for this release
     - [ ] Add upgrade messaging including deprecation warnings, version specific warnings and so on.
-  - [ ] Announce build freeze.
+  - [ ] Optionally, announce a merge freeze.
   - [ ] Release Candidate (RC) cycle.
     - Is this a hotfix?
       - [ ] Create a new branch off of the last version tag.
         - Use this branch to cut the pre-release and the "official" release.
       - [ ] `git cherry-pick` the commits that should be included.
+    - [ ] [Cut RC via GHA release workflow (w/ "This is a pre-release" checked).](https://github.com/nebari-dev/nebari/releases/new)
     - [ ] Perform end-to-end testing. [Use the Testing Checklist template.](https://github.com/nebari-dev/nebari/issues/new?assignees=&labels=type%3A+release+%F0%9F%8F%B7&template=testing-checklist.md&title=Testing+checklist+for+<version>)
       - For minor releases, relying on the end-to-end integration tests might suffice.
-    - [ ] [Cut RC via GHA release workflow (w/ "This is a pre-release" checked).](https://github.com/nebari-dev/nebari/releases/new)
     - [ ] End-user validation.
       - If possible, pull in volunteers to help test.
       - (Repeat steps if necessary)
@@ -65,7 +65,7 @@ _These steps must be actioned in the order they appear in this checklist._
 
 - [ ] [Tag, build and push docker images](https://github.com/nebari-dev/nebari-docker-images/releases/new)
 - [ ] [Update and cut release for `nebari-dask` meta package on Conda-Forge.](https://github.com/conda-forge/nebari-dask-feedstock)
-- [ ] Update `CURRENT_RELEASE` (and any other tags) in the [`constants.py`](https://github.com/nebari-dev/nebari/blob/develop/src/_nebari/constants.py#L1)
+- [ ] Update `CURRENT_RELEASE` (and any other tags) in the [`constants.py`](https://github.com/nebari-dev/nebari/blob/main/src/_nebari/constants.py#L1)
 - [ ] [Cut PyPI release via GHA release workflow.](https://github.com/nebari-dev/nebari/releases/new)
   - Avoid appending `v` to tag.
     - Copy release notes from `RELEASE.md`.

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -30,6 +30,14 @@ _Put a `x` in the boxes that apply_
 - [ ] Did you test the pull request locally?
 - [ ] Did you add new tests?
 
+## How to test this PR?
+
+<!--
+If relevant, please outline the steps required to test your contribution
+and the expected outcomes from the proposed changes. Providing clear
+testing instructions will help reviewers evaluate your contribution.
+-->
+
 ## Any other comments?
 
 <!--

diff --git a/.github/workflows/run-precommit.yaml b/.github/workflows/run-precommit.yaml
@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - main
-      - develop
       - release/\d{4}.\d{1,2}.\d{1,2}
   pull_request:
 
@@ -19,6 +18,17 @@ jobs:
       - name: Checkout repository 🔔
         uses: actions/[email protected]
 
+      - name: Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Setup terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.5.7"
+
+
       - name: Run terraform pre-commit ⚡️
         uses: pre-commit/[email protected]
         with:

diff --git a/.github/workflows/test-provider.yaml b/.github/workflows/test-provider.yaml
@@ -16,7 +16,6 @@ on:
   push:
     branches:
       - main
-      - develop
       - release/\d{4}.\d{1,2}.\d{1,2}
     paths:
       - ".github/workflows/test-provider.yaml"
@@ -75,7 +74,7 @@ jobs:
           python-version: "3.11"
 
       - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: jwt
           url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -12,7 +12,6 @@ on:
   push:
     branches:
       - main
-      - develop
       - release/\d{4}.\d{1,2}.\d{1,2}
     paths:
       - ".github/workflows/test.yaml"

diff --git a/.github/workflows/test_aws_integration.yaml b/.github/workflows/test_aws_integration.yaml
@@ -1,4 +1,4 @@
-name: test-aws-integration
+name: AWS Deployment
 
 on:
   schedule:
@@ -8,7 +8,7 @@ on:
       branch:
         description: 'Nebari branch to deploy, test, destroy'
         required: true
-        default: develop
+        default: main
         type: string
       image-tag:
         description: 'Nebari image tag created by the nebari-docker-images repo'
@@ -30,14 +30,14 @@ on:
 
 env:
   AWS_DEFAULT_REGION: "us-west-2"
-  NEBARI_GH_BRANCH: ${{ github.event.inputs.branch || 'develop' }}
+  NEBARI_GH_BRANCH: ${{ github.event.inputs.branch || 'main' }}
   NEBARI_IMAGE_TAG: ${{ github.event.inputs.image-tag || 'main' }}
-  TF_LOG: ${{ github.event.inputs.tf-log-level || 'info' }}
-
+  TF_LOG: ${{ github.event.inputs.tf-log-level || 'info' }}∏
 
 jobs:
   test-aws-integration:
     runs-on: ubuntu-latest
+    if: ${{ vars.SKIP_AWS_INTEGRATION_TEST != 'true' }}
     permissions:
       id-token: write
       contents: read
@@ -59,7 +59,7 @@ jobs:
           playwright install
 
       - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: jwt
           url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"

diff --git a/.github/workflows/test_azure_integration.yaml b/.github/workflows/test_azure_integration.yaml
@@ -0,0 +1,92 @@
+name: Azure Deployment
+
+on:
+  schedule:
+    - cron: "0 0 * * MON"
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Nebari branch to deploy, test, destroy'
+        required: true
+        default: main
+        type: string
+      image-tag:
+        description: 'Nebari image tag created by the nebari-docker-images repo'
+        required: true
+        default: main
+        type: string
+      tf-log-level:
+        description: 'Change Terraform log levels'
+        required: false
+        default: info
+        type: choice
+        options:
+        - info
+        - warn
+        - debug
+        - trace
+        - error
+
+env:
+  NEBARI_GH_BRANCH: ${{ github.event.inputs.branch || 'main' }}
+  NEBARI_IMAGE_TAG: ${{ github.event.inputs.image-tag || 'main' }}
+  TF_LOG: ${{ github.event.inputs.tf-log-level || 'info' }}
+
+jobs:
+  test-azure-integration:
+    runs-on: ubuntu-latest
+    if: ${{ vars.SKIP_AZURE_INTEGRATION_TEST != 'true' }}
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ env.NEBARI_GH_BRANCH }}
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Install Nebari
+        run: |
+          pip install .[dev]
+          conda install --quiet --yes conda-build
+          playwright install
+
+      - name: Retrieve secret from Vault
+        uses: hashicorp/[email protected]
+        with:
+          method: jwt
+          url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"
+          namespace: "admin/quansight"
+          role: "repository-nebari-dev-nebari-role"
+          secrets: |
+            kv/data/repository/nebari-dev/nebari/azure/nebari-dev-ci/github-nebari-dev-repo-ci client_id | ARM_CLIENT_ID;
+            kv/data/repository/nebari-dev/nebari/azure/nebari-dev-ci/github-nebari-dev-repo-ci tenant_id | ARM_TENANT_ID;
+            kv/data/repository/nebari-dev/nebari/azure/nebari-dev-ci/github-nebari-dev-repo-ci subscription_id | ARM_SUBSCRIPTION_ID;
+            kv/data/repository/nebari-dev/nebari/cloudflare/[email protected]/nebari-dev-ci token | CLOUDFLARE_TOKEN;
+
+      - name: 'Azure login'
+        uses: azure/login@v2
+        with:
+          client-id: ${{ env.ARM_CLIENT_ID }}
+          tenant-id: ${{ env.ARM_TENANT_ID }}
+          subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
+
+      - name: Integration Tests
+        run: |
+          pytest --version
+          pytest tests/tests_integration/ -vvv -s --cloud azure
+        env:
+          NEBARI_SECRET__default_images__jupyterhub: "quay.io/nebari/nebari-jupyterhub:${{ env.NEBARI_IMAGE_TAG }}"
+          NEBARI_SECRET__default_images__jupyterlab: "quay.io/nebari/nebari-jupyterlab:${{ env.NEBARI_IMAGE_TAG }}"
+          NEBARI_SECRET__default_images__dask_worker: "quay.io/nebari/nebari-dask-worker:${{ env.NEBARI_IMAGE_TAG }}"
+          ARM_CLIENT_ID: ${{ env.ARM_CLIENT_ID }}
+          ARM_TENANT_ID: ${{ env.ARM_TENANT_ID }}
+          ARM_SUBSCRIPTION_ID: ${{ env.ARM_SUBSCRIPTION_ID }}
+          ARM_USE_OIDC: "true"
+          CLOUDFLARE_TOKEN: ${{ env.CLOUDFLARE_TOKEN }}
diff --git a/.github/workflows/test_conda_build.yaml b/.github/workflows/test_conda_build.yaml
@@ -8,7 +8,6 @@ on:
   push:
     branches:
       - main
-      - develop
       - release/\d{4}.\d{1,2}.\d{1,2}
     paths:
       - ".github/workflows/test_conda_build.yaml"

diff --git a/.github/workflows/test_do_integration.yaml b/.github/workflows/test_do_integration.yaml
diff --git a/.github/workflows/test_gcp_integration.yaml b/.github/workflows/test_gcp_integration.yaml
@@ -1,4 +1,4 @@
-name: test-gcp-integration
+name: GCP Deployment
 
 on:
   schedule:
@@ -8,7 +8,7 @@ on:
       branch:
         description: 'Nebari branch to deploy, test, destroy'
         required: true
-        default: develop
+        default: main
         type: string
       image-tag:
         description: 'Nebari image tag created by the nebari-docker-images repo'
@@ -28,14 +28,14 @@ on:
         - error
 
 env:
-  NEBARI_GH_BRANCH: ${{ github.event.inputs.branch || 'develop' }}
+  NEBARI_GH_BRANCH: ${{ github.event.inputs.branch || 'main' }}
   NEBARI_IMAGE_TAG: ${{ github.event.inputs.image-tag || 'main' }}
   TF_LOG: ${{ github.event.inputs.tf-log-level || 'info' }}
 
-
 jobs:
   test-gcp-integration:
     runs-on: ubuntu-latest
+    if: ${{ vars.SKIP_GCP_INTEGRATION_TEST != 'true' }}
     permissions:
       id-token: write
       contents: read
@@ -58,7 +58,7 @@ jobs:
           playwright install
 
       - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: jwt
           url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"
@@ -73,7 +73,6 @@ jobs:
       - name: 'Authenticate to GCP'
         uses: 'google-github-actions/auth@v1'
         with:
-            token_format: access_token
             workload_identity_provider: ${{ env.GCP_WORKFLOW_PROVIDER }}
             service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
 

diff --git a/.github/workflows/test_helm_charts.yaml b/.github/workflows/test_helm_charts.yaml
@@ -1,5 +1,5 @@
 # Right now the trigger is set to run on every Monday at 13:00 UTC,
-# or when the workflow file is modified. An aditional manual trigger
+# or when the workflow file is modified. An additional manual trigger
 # is also available.
 name: "Validate Helm Charts downloads"