From 2bbdc8474deb56d4a4db97892e078bfe1e2ee30a Mon Sep 17 00:00:00 2001
From: Ivan Chvets <ivan.chvets@canonical.com>
Date: Thu, 17 Aug 2023 18:04:55 -0400
Subject: [PATCH] fix: update jupyter web app rock
 https://github.com/canonical/kubeflow-rocks/issues/41

Summary of changes:
- Added run-user non-root user setup
- Remove old non-user setup.
- Update sequrity team requirements.
- Re-implemented as multi-part rock.
---
 jupyter-web-app/rockcraft.yaml | 132 +++++++++++++++++++--------------
 volumes-web-app/rockcraft.yaml |   2 +-
 2 files changed, 78 insertions(+), 56 deletions(-)

diff --git a/jupyter-web-app/rockcraft.yaml b/jupyter-web-app/rockcraft.yaml
index b7a67a5..42dd2db 100644
--- a/jupyter-web-app/rockcraft.yaml
+++ b/jupyter-web-app/rockcraft.yaml
@@ -1,88 +1,110 @@
+# Based on https://github.com/kubeflow/kubeflow/blob/master/components/crud-web-apps/jupyter/Dockerfile
 name: jupyter-web-app
 summary: An image for Jupyter UI
 description: |
   This image is used as part of Charmed Kubeflow product. Jupyter UI web application provides
   users with web UI to access and manipulate Jupyter Notebooks in Charmed Kubeflow.
-version: v1.7.0_22.04_1 # version format: <KF-upstream-version>_<base-version>_<Charmed-KF-version>
+version: v1.7.0_20.04_1 # version format: <KF-upstream-version>_<base-version>_<Charmed-KF-version>
 license: Apache-2.0
-base: ubuntu:22.04
+base: ubuntu:20.04
+run-user: _daemon_
 services:
-  jupyter:
+  jupyter-ui:
     override: replace
     summary: "jupyter-ui service"
     startup: enabled
-    user: ubuntu
     command: "/bin/bash -c gunicorn -w 3 --bind 0.0.0.0:5000 --access-logfile - entrypoint:app"
 platforms:
   amd64:
 
 parts:
-  jupyter-ui:
+  backend:
     plugin: nil
     source: https://github.com/kubeflow/kubeflow
     source-type: git
-    source-tag: v1.7-branch # upstream branch
+    source-tag: v1.7-branch  # upstream branch
+    source-depth: 1
     build-packages:
-      - bash
-    build-environment:
-      - KF_REPO: "/root/parts/kubeflow-repo"
-      - NG_CLI_ANALYTICS: "ci"
+      - python3-venv
+      - python3-setuptools
+      - python3-pip
     override-build: |
-      set -xe
-
-      # install dependencies
-      curl --output get-pip.py https://bootstrap.pypa.io/get-pip.py && \
-      python3 get-pip.py
-
-      # build backend kubeflow wheel
-      cd $CRAFT_PART_BUILD
-      cp $KF_REPO/src/components/crud-web-apps/common/backend/* ./ -r
+      python3 -m pip install wheel
+      cd components/crud-web-apps/common/backend
       python3 setup.py bdist_wheel
+      cp dist/kubeflow-1.1-py3-none-any.whl $CRAFT_STAGE
 
-      # build backend kubeflow library
-      cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/package.json ./
-      cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/package-lock.json ./
+  frontend-lib:
+    plugin: nil
+    source: https://github.com/kubeflow/kubeflow
+    source-type: git
+    source-tag: v1.7-branch  # upstream branch
+    source-depth: 1
+    build-snaps:
+      - node/12/stable
+    build-environment:
+      - NG_CLI_ANALYTICS: "ci"
+    override-build: |
+      cd components/crud-web-apps/common/frontend/kubeflow-common-lib
       npm ci
-
-      cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/projects ./ -r
-      cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/angular.json .
-      cp $KF_REPO/src/components/crud-web-apps/common/frontend/kubeflow-common-lib/tsconfig.json .
       npm run build
+      cp -r dist/kubeflow/ $CRAFT_STAGE
 
-      # build frontend
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/package.json ./
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/package-lock.json ./
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/tsconfig.json ./
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/tsconfig.app.json ./
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/tsconfig.spec.json ./
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/angular.json ./
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/frontend/src ./ -r
+  frontend:
+    after: [frontend-lib]
+    plugin: nil
+    source: https://github.com/kubeflow/kubeflow
+    source-type: git
+    source-tag: v1.7-branch  # upstream branch
+    source-depth: 1
+    build-snaps:
+      - node/12/stable
+    build-environment:
+      - NG_CLI_ANALYTICS: "ci"
+    override-build: |
+      cd components/crud-web-apps/jupyter/frontend
       npm ci
-
-      # install jupyter ui web app
-      cp -r ./dist/kubeflow/ ./node_modules/kubeflow
+      cp -r $CRAFT_STAGE/kubeflow/ ./node_modules/  # TODO confirm
       npm run build -- --output-path=./dist/default --configuration=production
-      pip3 install .
+      cp -r dist/default $CRAFT_STAGE
 
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/backend/requirements.txt .
-      pip3 install -r requirements.txt
+  webapp:
+    after: [backend, frontend]
+    plugin: nil
+    source: https://github.com/kubeflow/kubeflow
+    source-type: git
+    source-tag: v1.7-branch  # upstream branch
+    source-depth: 1
+    build-packages:
+      - python3-venv
+      - python3-setuptools
+      - python3-pip
+    override-build: |
+      pip3 install $CRAFT_STAGE/kubeflow-1.1-py3-none-any.whl
+      cd components/crud-web-apps/jupyter/backend
+      cp -r $CRAFT_STAGE/default apps/default/static/
+      cp -r apps $CRAFT_STAGE/
+      cp entrypoint.py $CRAFT_STAGE
+    override-stage: |
+      cp -r apps $CRAFT_PRIME
+      cp entrypoint.py $CRAFT_PRIME
+      cp -r /usr/local/lib/python3.8/dist-packages/* $CRAFT_PRIME
 
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/backend/apps/ ./ -r
-      cp $KF_REPO/src/components/crud-web-apps/jupyter/backend/entrypoint.py .
+  gunicorn:
+    plugin: python
+    source: https://github.com/kubeflow/kubeflow.git
+    source-tag: v1.7-branch  # upstream branch
+    source-depth: 1
+    python-requirements:
+    - components/crud-web-apps/jupyter/backend/requirements.txt
+    stage-packages:
+    - python3-venv
 
-      # security requirement
+  security-team-requirement:
+    plugin: nil
+    override-build: |
       mkdir -p ${CRAFT_PART_INSTALL}/usr/share/rocks
       (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && \
-       dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) \
-       > ${CRAFT_PART_INSTALL}/usr/share/rocks/dpkg.query
-
-    organize:
-      ./dist/default: /src/apps/default/static
+      dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) \
+      > ${CRAFT_PART_INSTALL}/usr/share/rocks/dpkg.query
 
-  non-root-user:
-    plugin: nil
-    after: [jupyter-ui]
-    overlay-script: |
-      # Create a user in the $CRAFT_OVERLAY chroot
-      groupadd -R $CRAFT_OVERLAY -g 1001 ubuntu
-      useradd -R $CRAFT_OVERLAY -M -r -u 1001 -g ubuntu ubuntu
diff --git a/volumes-web-app/rockcraft.yaml b/volumes-web-app/rockcraft.yaml
index 6888eee..077b03b 100644
--- a/volumes-web-app/rockcraft.yaml
+++ b/volumes-web-app/rockcraft.yaml
@@ -97,7 +97,7 @@ parts:
     override-stage: |
       cp -r apps $CRAFT_PRIME
       cp entrypoint.py $CRAFT_PRIME
-      cp -r /usr/local/lib/python3.8/dist-packages/* $CRAFT_PRIME
+      #cp -r /usr/local/lib/python3.8/dist-packages/* $CRAFT_PRIME
 
   gunicorn:
     plugin: python