From 387762e57a5f04f64937e0f49265fa456b2a3247 Mon Sep 17 00:00:00 2001 From: mlongobardo-gituname Date: Tue, 17 Feb 2026 14:01:02 +0100 Subject: [PATCH 01/11] gdal 3.12.1 first push --- Dockerfile | 38 ++++++++++++++++++++++++++++++++++++-- release.yaml | 2 +- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index a6ce1bd..e93540f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,8 +24,7 @@ RUN apt-get update && apt-get install -y \ tree \ podman \ skopeo \ - && apt-get remove -y yq \ - && rm -rf /var/lib/apt/lists/* + && apt-get remove -y yq # ------------------------------------------------------------------- # Create user @@ -113,6 +112,35 @@ RUN curl -fsSL \ dpkg -i /tmp/trivy.deb && \ rm /tmp/trivy.deb +#gdal +ARG GDAL_VER=3.12.1 +# fetch, build, install +RUN apt-get install --no-install-recommends -qy \ + cmake ninja-build libproj-dev proj-data proj-binset \ + set -eux; \ + cd /tmp; \ + curl -fsSL -o gdal-${GDAL_VER}.tar.xz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.xz \ + || curl -fsSL -o gdal-${GDAL_VER}.tar.gz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.gz; \ + if [ -f gdal-${GDAL_VER}.tar.xz ]; then \ + tar -xJf gdal-${GDAL_VER}.tar.xz; \ + else \ + tar -xzf gdal-${GDAL_VER}.tar.gz; \ + fi; \ + cd gdal-${GDAL_VER}; \ + mkdir build && cd build; \ + cmake -G Ninja ../gdal-${GDAL_VER} \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX=/usr/local; \ + cmake --build . -- -j"$(nproc)"; \ + cmake --install .; \ + ldconfig; \ + gdal-config --version; \ + cd / && rm -rf /tmp/gdal-${GDAL_VER}* && \ + rm -rf /var/lib/apt/lists/* + + +##### + # ------------------------------------------------------------------- # Entrypoint # ------------------------------------------------------------------- @@ -120,6 +148,12 @@ COPY entrypoint.sh /opt/entrypoint.sh RUN chmod +x /opt/entrypoint.sh USER ${USER} + +ENV GDAL_CONFIG=/usr/local/bin/gdal-config +ENV GDAL_DATA=/usr/local/share/gdal +ENV GDAL_DRIVER_PATH=/usr/local/lib/gdalplugins +ENV GDAL_OVERWRITE=YES + WORKDIR /workspace EXPOSE 8888 diff --git a/release.yaml b/release.yaml index 26f025f..25e4f74 100644 --- a/release.yaml +++ b/release.yaml @@ -1,4 +1,4 @@ image_name: pde-code-server image_prefix: eoepca -image_version: 1.2.0 +image_version: 1.3.0 image_registry: ghcr.io \ No newline at end of file From d436fc1f98c4e81993c1dbb86db0ae1b426d6873 Mon Sep 17 00:00:00 2001 From: mlongobardo-gituname Date: Wed, 18 Feb 2026 09:56:39 +0100 Subject: [PATCH 02/11] refine Dockerfile --- Dockerfile | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index e93540f..10e9f64 100644 --- a/Dockerfile +++ b/Dockerfile @@ -115,9 +115,9 @@ RUN curl -fsSL \ #gdal ARG GDAL_VER=3.12.1 # fetch, build, install -RUN apt-get install --no-install-recommends -qy \ - cmake ninja-build libproj-dev proj-data proj-binset \ - set -eux; \ +RUN apt-get install -qy \ + cmake ninja-build libproj-dev proj-data proj-bin; \ + set -e; \ cd /tmp; \ curl -fsSL -o gdal-${GDAL_VER}.tar.xz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.xz \ || curl -fsSL -o gdal-${GDAL_VER}.tar.gz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.gz; \ @@ -128,16 +128,15 @@ RUN apt-get install --no-install-recommends -qy \ fi; \ cd gdal-${GDAL_VER}; \ mkdir build && cd build; \ - cmake -G Ninja ../gdal-${GDAL_VER} \ + cmake -G Ninja ../ \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_INSTALL_PREFIX=/usr/local; \ cmake --build . -- -j"$(nproc)"; \ cmake --install .; \ ldconfig; \ - gdal-config --version; \ - cd / && rm -rf /tmp/gdal-${GDAL_VER}* && \ - rm -rf /var/lib/apt/lists/* - + rm -rf /tmp/gdal-${GDAL_VER}*; \ + rm -rf /var/lib/apt/lists/*; \ + gdal-config --version ##### From 80e7bbb83de8b917a27b15e4fd1bfda32c055299 Mon Sep 17 00:00:00 2001 From: mlongobardo-gituname Date: Wed, 18 Feb 2026 12:12:12 +0100 Subject: [PATCH 03/11] GDAL_VER as parameter --- .github/workflows/build-image.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index f470915..6d18df5 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -5,7 +5,12 @@ on: branches: [develop, main] tags: - 'v*' - + workflow_dispatch: + inputs: + GDAL_VER: + description: "GDAL version to use for Docker build" + required: false + default: "3.12.1" jobs: # ------------------------------------------------------------ # Resolve release tag from ref @@ -77,7 +82,15 @@ jobs: } EOF fi - + - name: Resolve GDAL version + id: gdal + run: | + if [[ -n "${{ github.event.inputs.GDAL_VER }}" ]]; then + GDAL_VER="${{ github.event.inputs.GDAL_VER }}" + else + GDAL_VER="3.12.1" + fi + echo "GDAL_VER=${GDAL_VER}" >> $GITHUB_ENV - name: Build image with Kaniko (to tar) uses: docker://gcr.io/kaniko-project/executor:debug env: @@ -86,6 +99,7 @@ jobs: args: > --context . --dockerfile Dockerfile + --build-arg GDAL_VER=${{ env.GDAL_VER }} --no-push --tar-path image.tar From fa817664bc69535b6281e2a26d00dab0a815dae4 Mon Sep 17 00:00:00 2001 From: mlongobardo-gituname Date: Wed, 18 Feb 2026 12:29:43 +0100 Subject: [PATCH 04/11] apt-get tuning --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 10e9f64..c3f0963 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,8 @@ RUN apt-get update && apt-get install -y \ tree \ podman \ skopeo \ - && apt-get remove -y yq + && apt-get remove -y yq && \ + rm -rf /var/lib/apt/lists/* # ------------------------------------------------------------------- # Create user @@ -115,7 +116,7 @@ RUN curl -fsSL \ #gdal ARG GDAL_VER=3.12.1 # fetch, build, install -RUN apt-get install -qy \ +RUN apt-get update && apt-get install -qy \ cmake ninja-build libproj-dev proj-data proj-bin; \ set -e; \ cd /tmp; \ From 21b354d3faff5888e164260145bee562faeb0529 Mon Sep 17 00:00:00 2001 From: ldonnini Date: Mon, 9 Mar 2026 12:00:36 +0100 Subject: [PATCH 05/11] added nextcloud integration --- Dockerfile | 71 +++++++++++++++++++++++++-------------------------- entrypoint.sh | 4 +++ nc-sync | 39 ++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+), 36 deletions(-) create mode 100644 nc-sync diff --git a/Dockerfile b/Dockerfile index c3f0963..5fd49cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/python:3.12.11-bookworm@sha256:bea386df48d7ee07eed0a1f3e6f9d5c0292c228b8d8ed2ea738b7a57b29c4470 +FROM quay.io/jupyter/base-notebook:python-3.12 ENV DEBIAN_FRONTEND=noninteractive \ USER=jovyan \ @@ -6,6 +6,8 @@ ENV DEBIAN_FRONTEND=noninteractive \ GID=100 \ HOME=/workspace +USER root + # ------------------------------------------------------------------- # Base system packages (runtime only) # ------------------------------------------------------------------- @@ -24,15 +26,8 @@ RUN apt-get update && apt-get install -y \ tree \ podman \ skopeo \ - && apt-get remove -y yq && \ - rm -rf /var/lib/apt/lists/* - -# ------------------------------------------------------------------- -# Create user -# ------------------------------------------------------------------- -#RUN groupadd -g ${GID} ${USER} && \ -RUN useradd -m -u ${UID} -g ${GID} -s /bin/bash ${USER} && \ - echo "${USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USER} + nextcloud-desktop-cmd=3.11.0-1.1build4 \ + && rm -rf /var/lib/apt/lists/* # ------------------------------------------------------------------- # code-server @@ -46,7 +41,7 @@ RUN mkdir -p /opt/code-server && \ ENV PATH="/opt/code-server/bin:${PATH}" # ------------------------------------------------------------------- -# Kubernetes / Dev tooling (pinned, glibc-safe) +# Kubernetes / Dev tooling (pinned) # ------------------------------------------------------------------- ARG KUBECTL_VERSION=v1.29.3 RUN curl -fsSL \ @@ -68,7 +63,6 @@ RUN curl -fsSL \ https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz \ | tar -xz -C /usr/local/bin oras && chmod +x /usr/local/bin/oras - # ------------------------------------------------------------------- # Python tooling # ------------------------------------------------------------------- @@ -76,7 +70,7 @@ ARG CALRISSIAN_VERSION=0.18.1 RUN pip install --no-cache-dir \ awscli \ awscli-plugin-endpoint \ - jhsingle-native-proxy>=0.0.9 \ + "jhsingle-native-proxy>=0.0.9" \ bash_kernel \ tomlq \ uv \ @@ -86,64 +80,69 @@ RUN pip install --no-cache-dir \ python -m bash_kernel.install # ------------------------------------------------------------------- -# yq / jq (single source of truth) +# yq / jq # ------------------------------------------------------------------- ARG YQ_VERSION=v4.45.1 RUN curl -fsSL \ https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 \ -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq - ARG JQ_VERSION=jq-1.8.1 RUN curl -fsSL \ https://github.com/jqlang/jq/releases/download/${JQ_VERSION}/jq-linux-amd64 \ -o /usr/local/bin/jq && chmod +x /usr/local/bin/jq -# hatch (binary) +# ------------------------------------------------------------------- +# hatch +# ------------------------------------------------------------------- ARG HATCH_VERSION=1.16.2 RUN curl -fsSL \ https://github.com/pypa/hatch/releases/download/hatch-v${HATCH_VERSION}/hatch-x86_64-unknown-linux-gnu.tar.gz \ | tar -xz -C /usr/local/bin hatch && chmod +x /usr/local/bin/hatch -# trivy -ARG TRIVY_VERSION=0.68.2 +# ------------------------------------------------------------------- +# trivy +# ------------------------------------------------------------------- +ARG TRIVY_VERSION=0.69.3 RUN curl -fsSL \ https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb \ -o /tmp/trivy.deb && \ dpkg -i /tmp/trivy.deb && \ rm /tmp/trivy.deb -#gdal +# ------------------------------------------------------------------- +# GDAL +# ------------------------------------------------------------------- ARG GDAL_VER=3.12.1 -# fetch, build, install -RUN apt-get update && apt-get install -qy \ - cmake ninja-build libproj-dev proj-data proj-bin; \ - set -e; \ - cd /tmp; \ +RUN apt-get update && apt-get install -y \ + cmake ninja-build libproj-dev proj-data proj-bin && \ + rm -rf /var/lib/apt/lists/* && \ + set -e && \ + cd /tmp && \ curl -fsSL -o gdal-${GDAL_VER}.tar.xz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.xz \ - || curl -fsSL -o gdal-${GDAL_VER}.tar.gz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.gz; \ + || curl -fsSL -o gdal-${GDAL_VER}.tar.gz https://download.osgeo.org/gdal/${GDAL_VER}/gdal-${GDAL_VER}.tar.gz && \ if [ -f gdal-${GDAL_VER}.tar.xz ]; then \ tar -xJf gdal-${GDAL_VER}.tar.xz; \ else \ tar -xzf gdal-${GDAL_VER}.tar.gz; \ - fi; \ - cd gdal-${GDAL_VER}; \ - mkdir build && cd build; \ + fi && \ + cd gdal-${GDAL_VER} && \ + mkdir build && cd build && \ cmake -G Ninja ../ \ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_INSTALL_PREFIX=/usr/local; \ - cmake --build . -- -j"$(nproc)"; \ - cmake --install .; \ - ldconfig; \ - rm -rf /tmp/gdal-${GDAL_VER}*; \ - rm -rf /var/lib/apt/lists/*; \ + -DCMAKE_INSTALL_PREFIX=/usr/local && \ + cmake --build . -- -j"$(nproc)" && \ + cmake --install . && \ + ldconfig && \ + rm -rf /tmp/gdal-${GDAL_VER}* && \ gdal-config --version -##### - # ------------------------------------------------------------------- # Entrypoint # ------------------------------------------------------------------- +COPY nc-sync /usr/local/bin/nc-sync +RUN chmod 755 /usr/local/bin/nc-sync + COPY entrypoint.sh /opt/entrypoint.sh RUN chmod +x /opt/entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index 2fff70d..6d87921 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,5 +1,9 @@ #!/bin/bash +if [ -x /usr/local/bin/nc-sync ]; then + /usr/local/bin/nc-sync & +fi + collect_port=0 port="8888" delim='=' diff --git a/nc-sync b/nc-sync new file mode 100644 index 0000000..e3a6d78 --- /dev/null +++ b/nc-sync @@ -0,0 +1,39 @@ +#!/bin/bash +rmdir --ignore-fail-on-non-empty /home/jovyan/work +workdir='/workspace' +mkdir -p ${workdir} +server="http://${NEXTCLOUD_HOST:-localhost:8081}" +json_file="${workdir}/.access_token.json" + +function refresh_token { + json="$(curl --header "Authorization: token ${JUPYTERHUB_API_TOKEN}" http://${JUPYTER_HOST}/services/refresh-token/tokens)" + if [[ -z "${json}" ]]; then + token="${NEXTCLOUD_ACCESS_TOKEN}" + json="{ \"access_token\": \"${token}\", \"token_expires\": $(date -d "10 min" +%s).0000000 }" + fi + echo "${json}" > "${json_file}" + token=$(jq -r '.access_token' "${json_file}") + echo "${token}" +} + +function get_token { + if [[ -f "${json_file}" ]]; then + now=$(date +%s) + token=$(jq -r '.access_token' "${json_file}") + expires_at=$(jq -r '.token_expires' "${json_file}"| sed 's/\..*//') + if [[ "${expires_at}" -lt ${now} ]]; then + token=$(refresh_token) + fi + else + token=$(refresh_token) + fi + echo "${token}" +} + +function ncsync { + while true; do + nextcloudcmd -s --user ${JUPYTERHUB_USER} --password $(get_token) --path / "${workdir}" "${server}" + sleep 5s + done +} +ncsync & \ No newline at end of file From dba5623318f74e9e9013dd38a8888468a09f0f7e Mon Sep 17 00:00:00 2001 From: ldonnini Date: Tue, 17 Mar 2026 12:11:31 +0100 Subject: [PATCH 06/11] updated sync file with symbolic link --- nc-sync | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nc-sync b/nc-sync index e3a6d78..06d148f 100644 --- a/nc-sync +++ b/nc-sync @@ -1,7 +1,14 @@ #!/bin/bash rmdir --ignore-fail-on-non-empty /home/jovyan/work -workdir='/workspace' + +workdir='/home/jovyan/drive' mkdir -p ${workdir} + +cd /workspace +if [ ! -L drive ]; then + ln -s /home/jovyan/drive/ +fi + server="http://${NEXTCLOUD_HOST:-localhost:8081}" json_file="${workdir}/.access_token.json" From 371b2b28cb517d9ca49104c9eedf89869c28fd7d Mon Sep 17 00:00:00 2001 From: ldonnini Date: Tue, 17 Mar 2026 12:18:26 +0100 Subject: [PATCH 07/11] updated sync file with symbolic link --- nc-sync | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/nc-sync b/nc-sync index 06d148f..883ccdc 100644 --- a/nc-sync +++ b/nc-sync @@ -1,11 +1,10 @@ #!/bin/bash rmdir --ignore-fail-on-non-empty /home/jovyan/work -workdir='/home/jovyan/drive' -mkdir -p ${workdir} - cd /workspace -if [ ! -L drive ]; then +if [ -e drive ] && [ ! -L drive ]; then + echo "WARNING: 'drive' exists but is not a symlink, skipping" +elif [ ! -L drive ]; then ln -s /home/jovyan/drive/ fi From 26206ecc581096fc2adc305da3242915dbc66176 Mon Sep 17 00:00:00 2001 From: ldonnini Date: Tue, 17 Mar 2026 12:19:43 +0100 Subject: [PATCH 08/11] updated sync file with symbolic link --- nc-sync | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nc-sync b/nc-sync index 883ccdc..c9b9f70 100644 --- a/nc-sync +++ b/nc-sync @@ -1,6 +1,9 @@ #!/bin/bash rmdir --ignore-fail-on-non-empty /home/jovyan/work +workdir='/home/jovyan/drive' +mkdir -p ${workdir} + cd /workspace if [ -e drive ] && [ ! -L drive ]; then echo "WARNING: 'drive' exists but is not a symlink, skipping" From ffbbe5795e5cf7bf452aef4792453b7abda80a41 Mon Sep 17 00:00:00 2001 From: ldonnini Date: Tue, 17 Mar 2026 12:43:15 +0100 Subject: [PATCH 09/11] updated check in sync file --- nc-sync | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/nc-sync b/nc-sync index c9b9f70..06d148f 100644 --- a/nc-sync +++ b/nc-sync @@ -5,9 +5,7 @@ workdir='/home/jovyan/drive' mkdir -p ${workdir} cd /workspace -if [ -e drive ] && [ ! -L drive ]; then - echo "WARNING: 'drive' exists but is not a symlink, skipping" -elif [ ! -L drive ]; then +if [ ! -L drive ]; then ln -s /home/jovyan/drive/ fi From 0e1c99b89e993c0e0ec23fc0aea31a7e6b6be7d9 Mon Sep 17 00:00:00 2001 From: ldonnini Date: Mon, 30 Mar 2026 14:21:17 +0200 Subject: [PATCH 10/11] updated to work with sso and oauth2 auth method --- nc-sync | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/nc-sync b/nc-sync index 06d148f..80e5076 100644 --- a/nc-sync +++ b/nc-sync @@ -39,8 +39,21 @@ function get_token { function ncsync { while true; do - nextcloudcmd -s --user ${JUPYTERHUB_USER} --password $(get_token) --path / "${workdir}" "${server}" + token="$(get_token)" + + if [[ -n "${token}" && "${token}" != "null" && -n "${JUPYTERHUB_USER}" ]]; then + nextcloudcmd -n -s \ + --user "${JUPYTERHUB_USER}" \ + --password "${token}" \ + --path / \ + "${workdir}" \ + "${server}" || true + else + echo "[nc-sync] missing token or user, skipping sync" + fi + sleep 5s done } + ncsync & \ No newline at end of file From 1a9c35b0eafb6351b02d33391abb084f434eb082 Mon Sep 17 00:00:00 2001 From: ldonnini Date: Fri, 10 Apr 2026 10:24:35 +0200 Subject: [PATCH 11/11] fixed uid issue --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 5fd49cb..adb21d0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,9 @@ RUN apt-get update && apt-get install -y \ nextcloud-desktop-cmd=3.11.0-1.1build4 \ && rm -rf /var/lib/apt/lists/* +RUN usermod -u 1001 ${USER} && \ + echo "${USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USER} + # ------------------------------------------------------------------- # code-server # -------------------------------------------------------------------