MIDRC-425 OCC-69 Jupyter-covid19 restricted download (#146)

.github/workflows/build_jupyter_covid19_image.yml

@@ -0,0 +1,22 @@
+name: Build and Push jupyter-covid19
+
+on:
+  push:
+    paths:
+    - jupyter-covid19/**
+    - .github/workflows/build_jupyter_covid19_image.yml
+
+jobs:
+  jupyter-covid19:
+    name: Build and Push jupyter-covid19
+    uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@master
+    with:
+      DOCKERFILE_LOCATION: "./jupyter-covid19/Dockerfile"
+      DOCKERFILE_BUILD_CONTEXT: "./jupyter-covid19"
+      OVERRIDE_REPO_NAME: "jupyter-notebook"
+      OVERRIDE_TAG_NAME: "covid19-$(echo ${GITHUB_REF#refs/*/} | tr / _)"
+    secrets:
+      ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+      ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+      QUAY_ROBOT_TOKEN: ${{ secrets.QUAY_ROBOT_TOKEN }}

jupyter-covid19/Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/cdis/jupyter-notebook:1.1.0
+FROM quay.io/cdis/jupyter-notebook:restricted-download-master
 
 USER $NB_USER
 WORKDIR /home/$NB_USER
@@ -96,5 +96,11 @@ ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools
 RUN touch /home/$NB_USER/covid19-notebook/peregrine.py
 
 # premade notebooks dependencies
-RUN pip install --upgrade 'pip<20.3' # pip 20.3 causes dependency resolution issues
-RUN pip install -r /home/$NB_USER/covid19-notebook/requirements.txt
+RUN pip install -U -r /home/$NB_USER/covid19-notebook/requirements.txt
+
+# The image can't function (see error below) with `jsonschema` version 3.2.0. Some dependencies are
+# preventing `jsonschema` from being upgraded to a more recent version. Updating it here as a quick fix.
+#   File "/usr/local/lib/python3.9/dist-packages/jupyter_events/validators.py", line 44, in <module>
+#     JUPYTER_EVENTS_SCHEMA_VALIDATOR = Draft7Validator(
+# TypeError: __init__() got an unexpected keyword argument 'registry'
+RUN pip install jsonschema==4.20.0 --upgrade

jupyter-restricted-download/Dockerfile

@@ -62,11 +62,12 @@ RUN pip install jupyter --upgrade
 
 RUN pip uninstall nbconvert --yes
 # Create a non-root user for Jupyter without copying /bin or /bin/bash
-ARG NB_USER=jupyter
+ARG NB_USER=jovyan
 ARG NB_UID=1000
-RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER
-RUN chown -R $NB_USER:users /home/$NB_USER
-RUN chmod -R u+rwx /home/$NB_USER
+RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
+    chown -R $NB_USER:users /home/$NB_USER && \
+    chmod -R u+rwx /home/$NB_USER && \
+    mkdir -p /home/$NB_USER/pd
 
 # Expose port 8888 for JupyterLab
 EXPOSE 8888
@@ -85,11 +86,8 @@ COPY resources/custom.js /home/$NB_USER/.jupyter/custom/
 COPY resources/jupyter_notebook_config.py /home/$NB_USER/.jupyter/tmp.py
 RUN cat /home/$NB_USER/.jupyter/tmp.py >> /home/$NB_USER/.jupyter/jupyter_notebook_config.py && rm /home/$NB_USER/.jupyter/tmp.py
 
-# Putting this all the way down here, to make sure its the last thing done
-# The image can't function with jsonschema version 3.20.0, which some dependency installs
-RUN pip install jsonschema==4.20.0
+USER $NB_USER
 
 # Set the default command to start JupyterLab
-USER $NB_USER
 WORKDIR /home/$NB_USER
 ENTRYPOINT ["jupyter", "lab", "--allow-root", "--ip=0.0.0.0", "--port=8888", "--no-browser"]