create 0.11.1-aarch64

.github/workflows/my-publish.yml

@@ -0,0 +1,109 @@
+# This is a GitHub workflow defining a set of jobs with a set of steps.
+# ref: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions
+#
+name: Publish
+
+# Trigger the workflow's on pushed tags or commits to main/master branch.
+on:
+  push:
+    branches: ["sakuraiyuta/build"]
+    tags: ["[0-9]+.[0-9]+.[0-9]+*"]
+
+jobs:
+  # Builds and pushes docker images to DockerHub and package the Helm chart and
+  # pushes it to sakuraiyuta/helm-chart@gh-pages where index.yaml represents the
+  # JupyterHub organization Helm chart repository.
+  #
+  # ref: https://github.com/sakuraiyuta/helm-chart
+  # ref: https://hub.docker.com/orgs/sakuraiyuta
+  #
+  publish:
+    if: github.repository == 'sakuraiyuta/zero-to-jupyterhub-k8s'
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # chartpress requires the full history
+          fetch-depth: 0
+          path: main
+      - name: Build Images
+        uses: uraimo/run-on-arch-action@v2.0.5
+        with:
+          arch: aarch64
+          distro: ubuntu20.04
+          setup: |
+            echo -e "\u001b[32m# run-on-arch-action: Setup\u001b[0m"
+
+            echo -e "\u001b[32mQEMU Setup\u001b[0m"
+            echo 'EXTRA_OPTS="-L /usr/aarch64-linux-gnu"' | sudo tee /etc/qemu-binfmt.conf
+            sudo systemctl restart systemd-binfmt
+            sudo update-binfmts --enable
+
+          install: |
+            echo -e "\u001b[32m# run-on-arch-action: Install\u001b[0m"
+            echo -e "\u001b[34mInstall apt packages\u001b[0m"
+            apt-get update -q -y >/dev/null
+            apt-get install -q -y python-is-python3 python3-pip curl git openssh-client >/dev/null
+            ln -s /usr/bin/pip3 /usr/bin/pip
+
+            # This was setup by...
+            # 1. Generating a private/public key pair:
+            #    ssh-keygen -t ed25519 -C "sakuraiyuta/zero-to-jupyterhub-k8s" -f /tmp/id_ed25519
+            # 2. Registering the private key (/tmp/id_ed25519) as a secret for this
+            #    repo:
+            #    https://github.com/sakuraiyuta/zero-to-jupyterhub-k8s/settings/secrets/actions
+            # 3. Registering the public key (/tmp/id_ed25519.pub) as a deploy key
+            #    with push rights for the sakuraiyuta/helm chart repo:
+            #    https://github.com/sakuraiyuta/helm-chart/settings/keys
+            #
+            echo -e "\u001b[34mSetup push rights to sakuraiyuta/helm-chart\u001b[0m"
+            mkdir -p ~/.ssh
+            ssh-keyscan github.com >> ~/.ssh/known_hosts
+            echo "${{ secrets.JUPYTERHUB_HELM_CHART_DEPLOY_KEY }}" > ~/.ssh/id_ed25519
+            chmod 600 ~/.ssh/id_ed25519
+
+          run: |
+            echo -e "\u001b[32m# run-on-arch-action: Run\u001b[0m"
+
+            echo -e "\u001b[34mInstall chart publishing dependencies (docker, chartpress, helm)\u001b[0m"
+            cd main/
+            . ./ci/common
+            setup_helm
+            pip install --no-cache-dir chartpress pyyaml
+            curl -fsSL get.docker.com | CHANNEL=stable sh
+
+            # This was setup by...
+            # 1. Creating a Docker Hub service account "jupyterhubbot"
+            # 2. Making the account part of the "bots" team, and granting that team
+            #    permissions to push to the relevant images:
+            #    https://hub.docker.com/orgs/jupyterhub/teams/bots/permissions
+            # 3. Registering the username and password as a secret for this repo:
+            #    https://github.com/jupyterhub/zero-to-jupyterhub-k8s/settings/secrets/actions
+            #
+            echo -e "\u001b[34mSetup push rights to Docker Hub\u001b[0m"
+            docker login --username '${{ secrets.DOCKERHUB_USERNAME }}' --password '${{ secrets.DOCKERHUB_PASSWORD }}'
+
+            # Having a user.email and user.name configured with git is required to
+            # make commits, which is something chartpress does when publishing.
+            # While Travis CI had a dummy user by default, GitHub Actions doesn't
+            # and require this explicitly setup.
+            echo -e "\u001b[34mConfigure a git user\u001b[0m"
+            git config --global user.email "github-actions@example.local"
+            git config --global user.name "GitHub Actions user"
+
+            echo -e "\u001b[34mPublish images and chart with chartpress\u001b[0m"
+            # Create values.schema.yaml from schema.yaml.
+            ./tools/generate-json-schema.py
+
+            # Append annotations to Chart.yaml with current images so that
+            # artifacthub.io can scan and provide vulnerability reports for them.
+            chartpress --no-build
+            ./tools/set-chart-yaml-annotations.py
+
+            # Package the Helm chart and publish it to the gh-pages branch of
+            # the jupyterhub/helm-chart repo.
+            ./ci/publish
+
+          env: |
+            GITHUB_REPOSITORY: "${{ github.repository }}"
+            HELM_VERSION: "v3.5.2"

chartpress.yaml

@@ -12,10 +12,10 @@ charts:
   - name: jupyterhub
     # Dev: imagePrefix can be useful to override if you want to trial something
     #      locally developed in a remote k8s cluster.
-    imagePrefix: jupyterhub/k8s-
+    imagePrefix: sakuraiyuta/jupyterhub-k8s-
     repo:
-      git: jupyterhub/helm-chart
-      published: https://jupyterhub.github.io/helm-chart
+      git: sakuraiyuta/helm-chart
+      published: https://sakuraiyuta.github.io/helm-chart
 
     images:
       # hub, the container where JupyterHub, KubeSpawner, and the configured

images/hub/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM arm64v8/ubuntu:20.04
 
 # VULN_SCAN_TIME=2021-02-26_00:07:23
 
@@ -20,6 +20,7 @@ RUN apt-get update && \
       sqlite3 \
       curl \
       dnsutils \
+      libpq-dev \
       && \
     rm -rf /var/lib/apt/lists/*
 

images/image-awaiter/Dockerfile

@@ -1,16 +1,16 @@
 # compile the code to an executable using an intermediary image
-FROM golang:1.15
+FROM golang:1.15-alpine@sha256:d491730a043b10ac51ac7437dc1716a2082349addbf0c6510dc8ad4b8a5ce7c7
 
 # VULN_SCAN_TIME=
 
 RUN mkdir -p /build/
 COPY *.mod *.go *.sum /build/
 WORKDIR /build
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags '-w -s' -installsuffix cgo -a -o out/image-awaiter
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags '-w -s' -installsuffix cgo -a -o out/image-awaiter
 
 
 # present the result within a slimmed image
-FROM scratch
+FROM arm64v8/alpine:3
 
 COPY --from=0 /build/out/image-awaiter /image-awaiter
 

images/network-tools/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3
+FROM arm64v8/alpine:3
 
 # VULN_SCAN_TIME=1fad1460fc
 

images/secret-sync/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.8-alpine
+FROM arm64v8/python:3.8-alpine
 
 # VULN_SCAN_TIME=
 

images/singleuser-sample/Dockerfile

@@ -1,4 +1,4 @@
-FROM jupyter/base-notebook:016833b15ceb
+FROM sakuraiyuta/base-notebook:latest
 # Built from... https://hub.docker.com/r/jupyter/base-notebook/
 #               https://github.com/jupyter/docker-stacks/blob/master/base-notebook/Dockerfile
 # Built from... Ubuntu 18.04

jupyterhub/Chart.yaml

@@ -1,7 +1,7 @@
 # Chart.yaml v2 reference: https://helm.sh/docs/topics/charts/#the-chartyaml-file
 apiVersion: v2
 name: jupyterhub
-version: 0.0.1-set.by.chartpress
+version: 0.11.1-aarch64
 appVersion: 1.3.0
 description: Multi-user Jupyter installation
 keywords: [jupyter, jupyterhub, z2jh]

jupyterhub/values.yaml

@@ -78,8 +78,8 @@ hub:
   extraVolumes: []
   extraVolumeMounts: []
   image:
-    name: jupyterhub/k8s-hub
-    tag: "set-by-chartpress"
+    name: sakuraiyuta/jupyterhub-k8s-hub
+    tag: "0.11.1-aarch64"
     pullPolicy:
     pullSecrets: []
   resources:
@@ -191,7 +191,7 @@ proxy:
       runAsGroup: 65534 # nobody group
       allowPrivilegeEscalation: false
     image:
-      name: jupyterhub/configurable-http-proxy
+      name: sakuraiyuta/jupyterhub-configurable-http-proxy
       tag: 4.2.3
       pullPolicy:
       pullSecrets: []
@@ -270,8 +270,8 @@ proxy:
       runAsGroup: 65534 # nobody group
       allowPrivilegeEscalation: false
     image:
-      name: jupyterhub/k8s-secret-sync
-      tag: "set-by-chartpress"
+      name: sakuraiyuta/jupyterhub-k8s-secret-sync
+      tag: "0.11.1-aarch64"
       pullPolicy:
       pullSecrets: []
     resources: {}
@@ -310,8 +310,8 @@ singleuser:
     preferred: []
   networkTools:
     image:
-      name: jupyterhub/k8s-network-tools
-      tag: "set-by-chartpress"
+      name: sakuraiyuta/jupyterhub-k8s-network-tools
+      tag: "0.11.1-aarch64"
       pullPolicy:
       pullSecrets: []
   cloudMetadata:
@@ -364,8 +364,8 @@ singleuser:
       volumeNameTemplate: volume-{username}{servername}
       storageAccessModes: [ReadWriteOnce]
   image:
-    name: jupyterhub/k8s-singleuser-sample
-    tag: "set-by-chartpress"
+    name: sakuraiyuta/jupyterhub-k8s-singleuser-sample
+    tag: "0.11.1-aarch64"
     pullPolicy:
     pullSecrets: []
   startTimeout: 300
@@ -474,8 +474,8 @@ prePuller:
     enabled: true
     # image and the configuration below relates to the hook-image-awaiter Job
     image:
-      name: jupyterhub/k8s-image-awaiter
-      tag: "set-by-chartpress"
+      name: sakuraiyuta/jupyterhub-k8s-image-awaiter
+      tag: "0.11.1-aarch64"
       pullPolicy:
       pullSecrets: []
     containerSecurityContext: