Merge branch 'main' into dependabot/docker/python-3.12.2-slim-bullseye

lsst-sqre · Nov 7, 2024 · b0b5c3c · b0b5c3c
2 parents 7fd1249 + d14a754
commit b0b5c3c
Show file tree

Hide file tree

Showing 45 changed files with 3,416 additions and 3,281 deletions.
diff --git a/.flake8 b/.flake8
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,5 +1,12 @@
 name: CI
 
+env:
+  # Current supported Python version. For applications, there is generally no
+  # reason to support multiple Python versions, so all actions are run with
+  # this version. Quote the version to avoid interpretation as a floating
+  # point number.
+  PYTHON_VERSION: "3.12"
+
 "on":
   merge_group: {}
   pull_request: {}
@@ -23,33 +30,29 @@ jobs:
     timeout-minutes: 5
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.12"
+          python-version: ${{ env.PYTHON_VERSION }}
 
       - name: Run pre-commit
-        uses: pre-commit/[email protected].0
+        uses: pre-commit/[email protected].1
 
   test:
     runs-on: ubuntu-latest
     timeout-minutes: 10
 
-    strategy:
-      matrix:
-        python:
-          - "3.12"
-
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Run tox
         uses: lsst-sqre/run-tox@v1
         with:
-          python-version: ${{ matrix.python }}
+          python-version: ${{ env.PYTHON_VERSION }}
           tox-envs: "py,coverage-report,typing"
+          tox-requirements: requirements/tox.txt
 
   build:
     runs-on: ubuntu-latest
@@ -67,7 +70,7 @@ jobs:
           || startsWith(github.head_ref, 'tickets/'))
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

diff --git a/.github/workflows/dependencies.yaml b/.github/workflows/dependencies.yaml
diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml
@@ -1,5 +1,12 @@
 name: Docs
 
+env:
+  # Current supported Python version. For applications, there is generally no
+  # reason to support multiple Python versions, so all actions are run with
+  # this version. Quote the version to avoid interpretation as a floating
+  # point number.
+  PYTHON_VERSION: "3.12"
+
 "on":
   push:
     branches:
@@ -18,21 +25,22 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.12"
+          python-version: ${{ env.PYTHON_VERSION }}
 
       - name: Install graphviz and ImageMagick
         run: sudo apt-get install graphviz imagemagick
 
       - name: Run tox
         uses: lsst-sqre/run-tox@v1
         with:
-          python-version: "3.12"
+          python-version: ${{ env.PYTHON_VERSION }}
           tox-envs: "docs"
+          tox-requirements: requirements/tox.txt
 
       - name: Upload documentation
         uses: lsst-sqre/ltd-upload@v1

diff --git a/.github/workflows/periodic-ci.yaml b/.github/workflows/periodic-ci.yaml
@@ -5,6 +5,13 @@
 
 name: Periodic CI
 
+env:
+  # Current supported Python version. For applications, there is generally no
+  # reason to support multiple Python versions, so all actions are run with
+  # this version. Quote the version to avoid interpretation as a floating
+  # point number.
+  PYTHON_VERSION: "3.12"
+
 "on":
   schedule:
     - cron: "0 12 * * 1"
@@ -15,32 +22,32 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 10
 
-    strategy:
-      matrix:
-        python:
-          - "3.12"
-
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      # Use the oldest supported version of Python to update dependencies,
-      # not the matrixed Python version, since this accurately reflects
-      # how dependencies should later be updated.
-      - name: Run neophile
-        uses: lsst-sqre/run-neophile@v1
+      - name: Set up Python
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.12"
-          mode: update
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Update dependencies
+        run: |
+          pip install --upgrade uv
+          uv venv
+          source .venv/bin/activate
+          make update-deps
+        shell: bash
 
       - name: Run tests in tox
         uses: lsst-sqre/run-tox@v1
         with:
-          python-version: ${{ matrix.python }}
+          python-version: ${{ env.PYTHON_VERSION }}
           tox-envs: "lint,typing,py"
+          tox-requirements: requirements/tox.txt
           use-cache: false
 
       - name: Report status
-        if: always()
+        if: failure()
         uses: ravsamhq/notify-slack-action@v2
         with:
           status: ${{ job.status }}

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,23 +1,14 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v5.0.0
     hooks:
       - id: check-yaml
       - id: check-toml
+      - id: trailing-whitespace
 
-  - repo: https://github.com/pycqa/isort
-    rev: 5.13.2
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.7.2
     hooks:
-      - id: isort
-        additional_dependencies:
-          - toml
-
-  - repo: https://github.com/psf/black
-    rev: 24.1.1
-    hooks:
-      - id: black
-
-  - repo: https://github.com/pycqa/flake8
-    rev: 7.0.0
-    hooks:
-      - id: flake8
+      - id: ruff
+        args: [--fix, --exit-non-zero-on-fix]
+      - id: ruff-format
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,24 +2,100 @@
 
 <!-- scriv-insert-here -->
 
-<a id='changelog-0.8.0'></a>
-## 0.8.0 (2024-01-04)
+<a id='changelog-0.13.0'></a>
+
+## 0.13.0 (2024-09-12)
+
+### New features
+
+- Notebook execution jobs can now set _timeouts_. In requests, set a timeout in the `timeout` request field. This can be a number of seconds, or a [human-readable duration string](https://safir.lsst.io/user-guide/datetime.html#parsing-time-intervals) (e.g. "1h30m"). The specified timeout is also repeated in the response body. This timeout applies to the notebook execution, not any time in the queue.
+
+- Errors that prevented a notebook from being executed are now reported in the notebook job response body in the `error` field. The field is an object with a `code` field and a `message` field. The `code` field is a string that can be used to identify the error. Currently the codes are `timeout`, `jupyter_error`, and `unknown`. Note that exceptions raised in the Jupyter notebook aren't considered errors, but are instead reported in the `ipynb_error` field.
+
+<a id='changelog-0.12.1'></a>
+
+## 0.12.1 (2024-08-02)
+
+### Bug fixes
+
+- When logging into JupyterHub, a Noteburst now looks for XRSF tokens from each redirect.
+
+### Other changes
+
+- Adopt `ruff-shared.toml` from https://github.com/lsst/templates
+- Adopt uv for dependency management and resolution.
+- Adopt explicit ASGITransport for setting up test HTTPX client.
 
-### Backwards-incompatible changes
+<a id='changelog-0.12.0'></a>
 
--
+## 0.12.0 (2024-05-15)
 
 ### New features
 
-- The response to `GET /notebooks/:job_id` now includes an `ipynb_error` field that contains structured information about any exception that occurred when executing the notebook. As well, if an exception occurred, the resultant notebook is still included in the response. That is, notebook failures are no longer considered failed jobs.
+- Create Gafaelfawr service tokens instead of user tokens for authenticated calls to JupyterHub and JupyterLab. Gafaelfawr is standardizing on the new service token type for all service-to-service authentication.
 
-- The `job_id` is now included in log messages when running the `nbexec` job under arq.
+- Reduced the frequency of keep alive tasks for the Noteburst workers to once every 15 minutes, from once every 5 minutes. This is intended to clean up the logging output.
 
-- The user guide includes a new tutorial for using the Noteburst web API.
+### Bug fixes
+
+- Correctly extract cookies from the middle of the redirect chain caused by initial authentication to a Nublado lab. This fixes failures seen with labs containing JupyterHub 4.1.3.
+
+<a id='changelog-0.11.0'></a>
+
+## 0.11.0 (2024-04-24)
+
+### New features
+
+- Add support for `gid` as well as `uid` fields in the worker identity configuration. Both `uid` and `gid` are now validated as integers
+
+<a id='changelog-0.10.0'></a>
+
+## 0.10.0 (2024-03-26)
+
+### New features
+
+- Add a `NOTEBURST_WORKER_MAX_CONCURRENT_JOBS` environment variable configuration to limit the number of concurrent jobs a worker can run. The default is 3. Previously this was 10. This should be set to be equal or less than the number of CPUs available to the JupyterLab pod.
+
+- The notebook execution client now waits as long as possible for the `/execution` endpoint in the JupyterLab pod to return the executed notebook. Previously the client would wait for a fixed amount of time, which could be too short for long-running notebooks. The JupyterLab server may still time-out the request, though.
+
+### Bug fixes
+
+- Improved handling of the XSRF token when authenticated to JupyterHub and JupyterLab pods. This is required in JupyterLab 4.1.
+
+<a id='changelog-0.9.1'></a>
+
+## 0.9.1 (2024-03-21)
 
 ### Bug fixes
 
--
+- Fix Slack error messaging in the `nbexec` worker function.
+- Extract and use the actual XSRF token when communicating with the Hub and Lab.
+
+<a id='changelog-0.9.0'></a>
+
+## 0.9.0 (2024-03-13)
+
+### New features
+
+- Add formatted errors when a job is not found for the `GET /v1/notebooks/:job_id` endpoint.
+
+- Errors and uncaught exceptions are now sent to Slack via a Slack webhook. The webhook URL is set via the `SLACK_WEBHOOK_URL` environment variable.
+
+### Other changes
+
+- The code base now uses Ruff for linting and formatting, replacing black, isort, and flake8. This change is part of the ongoing effort to standardize SQuaRE code bases and improve the developer experience.
+
+<a id='changelog-0.8.0'></a>
+
+## 0.8.0 (2024-01-04)
+
+### New features
+
+- The response to `GET /notebooks/:job_id` now includes an `ipynb_error` field that contains structured information about any exception that occurred when executing the notebook. As well, if an exception occurred, the resultant notebook is still included in the response. That is, notebook failures are no longer considered failed jobs.
+
+- The `job_id` is now included in log messages when running the `nbexec` job under arq.
+
+- The user guide includes a new tutorial for using the Noteburst web API.
 
 ### Other changes
 

diff --git a/Dockerfile b/Dockerfile
@@ -14,7 +14,8 @@
 #   - Runs a non-root user.
 #   - Sets up the entrypoint and port.
 
-FROM python:3.12.2-slim-bullseye as base-image
+
+FROM python:3.12.6-slim-bookworm AS base-image
 
 # Update system packages
 COPY scripts/install-base-packages.sh .