added new service

Author: Andrei Neagu

services/notifications/Dockerfile

@@ -0,0 +1,184 @@
+# syntax=docker/dockerfile:1
+
+# Define arguments in the global scope
+ARG PYTHON_VERSION="3.11.9"
+ARG UV_VERSION="0.5"
+
+FROM ghcr.io/astral-sh/uv:${UV_VERSION} AS uv_build
+# we docker image is built based on debian
+FROM python:${PYTHON_VERSION}-slim-bookworm AS base
+
+
+#
+#  USAGE:
+#     cd sercices/notifications
+#     docker build -f Dockerfile -t notifications:prod --target production ../../
+#     docker run notifications:prod
+#
+#  REQUIRED: context expected at ``osparc-simcore/`` folder because we need access to osparc-simcore/packages
+
+LABEL maintainer=GitHK
+
+# for docker apt caching to work this needs to be added: [https://vsupalov.com/buildkit-cache-mount-dockerfile/]
+RUN rm -f /etc/apt/apt.conf.d/docker-clean && \
+  echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+RUN --mount=type=cache,target=/var/cache/apt,sharing=private \
+  set -eux && \
+  apt-get update && \
+  apt-get install -y --no-install-recommends \
+  gosu \
+  curl \
+  && apt-get clean -y \
+  # verify that the binary works
+  && gosu nobody true
+
+# simcore-user uid=8004(scu) gid=8004(scu) groups=8004(scu)
+ENV SC_USER_ID=8004 \
+  SC_USER_NAME=scu \
+  SC_BUILD_TARGET=base \
+  SC_BOOT_MODE=default
+
+RUN adduser \
+  --uid ${SC_USER_ID} \
+  --disabled-password \
+  --gecos "" \
+  --shell /bin/sh \
+  --home /home/${SC_USER_NAME} \
+  ${SC_USER_NAME}
+
+
+# Sets utf-8 encoding for Python et al
+ENV LANG=C.UTF-8
+
+# Turns off writing .pyc files; superfluous on an ephemeral container.
+ENV PYTHONDONTWRITEBYTECODE=1 \
+  VIRTUAL_ENV=/home/scu/.venv
+
+# Ensures that the python and pip executables used in the image will be
+# those from our virtualenv.
+ENV PATH="${VIRTUAL_ENV}/bin:$PATH"
+
+# rclone installation
+ARG TARGETARCH
+ENV TARGETARCH=${TARGETARCH}
+RUN \
+  --mount=type=bind,source=scripts/install_rclone.bash,target=/tmp/install_rclone.bash \
+  ./tmp/install_rclone.bash
+
+# -------------------------- Build stage -------------------
+# Installs build/package management tools and third party dependencies
+#
+# + /build             WORKDIR
+#
+FROM base AS build
+
+ENV SC_BUILD_TARGET=build
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=private \
+  set -eux \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends \
+  build-essential
+
+# install UV https://docs.astral.sh/uv/guides/integration/docker/#installing-uv
+COPY --from=uv_build /uv /uvx /bin/
+
+# NOTE: python virtualenv is used here such that installed
+# packages may be moved to production image easily by copying the venv
+RUN uv venv "${VIRTUAL_ENV}"
+
+RUN --mount=type=cache,target=/root/.cache/uv \
+  uv pip install --upgrade  \
+  wheel \
+  setuptools
+
+WORKDIR /build
+
+# install base 3rd party dependencies
+
+
+
+# --------------------------Prod-depends-only stage -------------------
+# This stage is for production only dependencies that get partially wiped out afterwards (final docker image concerns)
+#
+#  + /build
+#    + services/notifications [scu:scu] WORKDIR
+#
+FROM build AS prod-only-deps
+
+ENV SC_BUILD_TARGET prod-only-deps
+
+WORKDIR /build/services/notifications
+
+RUN \
+  --mount=type=bind,source=packages,target=/build/packages,rw \
+  --mount=type=bind,source=services/notifications,target=/build/services/notifications,rw \
+  --mount=type=cache,target=/root/.cache/uv \
+  uv pip sync \
+  requirements/prod.txt \
+  && uv pip list
+
+
+# --------------------------Production stage -------------------
+# Final cleanup up to reduce image size and startup setup
+# Runs as scu (non-root user)
+#
+#  + /home/scu     $HOME = WORKDIR
+#    + services/notifications [scu:scu]
+#
+FROM base AS production
+
+ENV SC_BUILD_TARGET=production \
+  SC_BOOT_MODE=production
+
+ENV PYTHONOPTIMIZE=TRUE
+# https://docs.astral.sh/uv/guides/integration/docker/#compiling-bytecode
+ENV UV_COMPILE_BYTECODE=1
+
+WORKDIR /home/scu
+
+# ensure home folder is read/writable for user scu
+RUN chown -R scu /home/scu
+
+# Starting from clean base image, copies pre-installed virtualenv from prod-only-deps
+COPY --chown=scu:scu --from=prod-only-deps  ${VIRTUAL_ENV} ${VIRTUAL_ENV}
+
+# Copies booting scripts
+COPY --chown=scu:scu services/notifications/docker services/notifications/docker
+RUN chmod +x services/notifications/docker/*.sh
+
+
+HEALTHCHECK --interval=30s \
+  --timeout=20s \
+  --start-period=30s \
+  --retries=3 \
+  CMD ["python3", "services/notifications/docker/healthcheck.py", "http://localhost:8000/health"]
+
+EXPOSE 8000
+
+ENTRYPOINT [ "/bin/sh", "services/notifications/docker/entrypoint.sh" ]
+CMD ["/bin/sh", "services/notifications/docker/boot.sh"]
+
+
+# --------------------------Development stage -------------------
+# Source code accessible in host but runs in container
+# Runs as myu with same gid/uid as host
+# Placed at the end to speed-up the build if images targeting production
+#
+#  + /devel         WORKDIR
+#    + services  (mounted volume)
+#
+FROM build AS development
+
+ENV SC_BUILD_TARGET=development \
+  SC_DEVEL_MOUNT=/devel/services/notifications
+
+WORKDIR /devel
+
+RUN chown -R scu:scu "${VIRTUAL_ENV}"
+
+EXPOSE 8000
+EXPOSE 3000
+
+ENTRYPOINT ["/bin/sh", "services/notifications/docker/entrypoint.sh"]
+CMD ["/bin/sh", "services/notifications/docker/boot.sh"]

services/notifications/Makefile

@@ -0,0 +1,5 @@
+#
+# DEVELOPMENT recipes for notifications
+#
+include ../../scripts/common.Makefile
+include ../../scripts/common-service.Makefile

services/notifications/README.md

@@ -0,0 +1,9 @@
+# notifications
+
+
+To develop this project, just
+
+```cmd
+make help
+
+```

services/notifications/VERSION

@@ -0,0 +1 @@
+0.0.1

services/notifications/docker/boot.sh

@@ -0,0 +1,65 @@
+#!/bin/sh
+set -o errexit
+set -o nounset
+
+IFS=$(printf '\n\t')
+
+INFO="INFO: [$(basename "$0")] "
+
+echo "$INFO" "Booting in ${SC_BOOT_MODE} mode ..."
+echo "$INFO" "User :$(id "$(whoami)")"
+echo "$INFO" "Workdir : $(pwd)"
+
+#
+# DEVELOPMENT MODE
+#
+# - prints environ info
+# - installs requirements in mounted volume
+#
+if [ "${SC_BUILD_TARGET}" = "development" ]; then
+  echo "$INFO" "Environment :"
+  printenv | sed 's/=/: /' | sed 's/^/    /' | sort
+  echo "$INFO" "Python :"
+  python --version | sed 's/^/    /'
+  command -v python | sed 's/^/    /'
+
+  cd services/notifications
+  uv pip --quiet sync requirements/dev.txt
+  cd -
+  echo "$INFO" "PIP :"
+  uv pip list
+fi
+
+if [ "${SC_BOOT_MODE}" = "debug" ]; then
+  # NOTE: production does NOT pre-installs debugpy
+  uv pip install debugpy
+fi
+
+#
+# RUNNING application
+#
+APP_LOG_LEVEL=${LOGLEVEL:-${LOG_LEVEL:-${LOGLEVEL:-INFO}}}
+NOTIFICATIONS_SERVER_REMOTE_DEBUG_PORT=3000
+SERVER_LOG_LEVEL=$(echo "${APP_LOG_LEVEL}" | tr '[:upper:]' '[:lower:]')
+echo "$INFO" "Log-level app/server: $APP_LOG_LEVEL/$SERVER_LOG_LEVEL"
+
+if [ "${SC_BOOT_MODE}" = "debug" ]; then
+  reload_dir_packages=$(find /devel/packages -maxdepth 3 -type d -path "*/src/*" ! -path "*.*" -exec echo '--reload-dir {} \' \;)
+
+  exec sh -c "
+    cd services/notifications/src/simcore_service_notifications && \
+    python -m debugpy --listen 0.0.0.0:${NOTIFICATIONS_SERVER_REMOTE_DEBUG_PORT} -m uvicorn main:the_app \
+      --host 0.0.0.0 \
+      --port 8000 \
+      --reload \
+      $reload_dir_packages
+      --reload-dir . \
+      --log-level \"${SERVER_LOG_LEVEL}\"
+  "
+else
+  exec uvicorn simcore_service_notifications.main:the_app \
+    --host 0.0.0.0 \
+    --port 8000 \
+    --log-level "${SERVER_LOG_LEVEL}" \
+    --no-access-log
+fi

services/notifications/docker/entrypoint.sh

@@ -0,0 +1,71 @@
+#!/bin/sh
+#
+# - Executes *inside* of the container upon start as --user [default root]
+# - Notice that the container *starts* as --user [default root] but
+#   *runs* as non-root user [scu]
+#
+set -o errexit
+set -o nounset
+
+IFS=$(printf '\n\t')
+
+INFO="INFO: [$(basename "$0")] "
+WARNING="WARNING: [$(basename "$0")] "
+ERROR="ERROR: [$(basename "$0")] "
+
+echo "$INFO" "Entrypoint for stage ${SC_BUILD_TARGET} ..."
+echo "$INFO" "User :$(id "$(whoami)")"
+echo "$INFO" "Workdir : $(pwd)"
+echo "$INFO" "User : $(id scu)"
+echo "$INFO" "python : $(command -v python)"
+echo "$INFO" "pip : $(command -v pip)"
+
+#
+# DEVELOPMENT MODE
+# - expects docker run ... -v $(pwd):$SC_DEVEL_MOUNT
+# - mounts source folders
+# - deduces host's uid/gip and assigns to user within docker
+#
+if [ "${SC_BUILD_TARGET}" = "development" ]; then
+  echo "$INFO" "development mode detected..."
+  stat "${SC_DEVEL_MOUNT}" >/dev/null 2>&1 ||
+    (echo "$ERROR" "You must mount '$SC_DEVEL_MOUNT' to deduce user and group ids" && exit 1)
+
+  echo "$INFO" "setting correct user id/group id..."
+  HOST_USERID=$(stat --format=%u "${SC_DEVEL_MOUNT}")
+  HOST_GROUPID=$(stat --format=%g "${SC_DEVEL_MOUNT}")
+  CONT_GROUPNAME=$(getent group "${HOST_GROUPID}" | cut --delimiter=: --fields=1)
+  if [ "$HOST_USERID" -eq 0 ]; then
+    echo "$WARNING" "Folder mounted owned by root user... adding $SC_USER_NAME to root..."
+    adduser "$SC_USER_NAME" root
+  else
+    echo "$INFO" "Folder mounted owned by user $HOST_USERID:$HOST_GROUPID-'$CONT_GROUPNAME'..."
+    # take host's credentials in $SC_USER_NAME
+    if [ -z "$CONT_GROUPNAME" ]; then
+      echo "$WARNING" "Creating new group grp$SC_USER_NAME"
+      CONT_GROUPNAME=grp$SC_USER_NAME
+      addgroup --gid "$HOST_GROUPID" "$CONT_GROUPNAME"
+    else
+      echo "$INFO" "group already exists"
+    fi
+    echo "$INFO" "Adding $SC_USER_NAME to group $CONT_GROUPNAME..."
+    adduser "$SC_USER_NAME" "$CONT_GROUPNAME"
+
+    echo "$WARNING" "Changing ownership [this could take some time]"
+    echo "$INFO" "Changing $SC_USER_NAME:$SC_USER_NAME ($SC_USER_ID:$SC_USER_ID) to $SC_USER_NAME:$CONT_GROUPNAME ($HOST_USERID:$HOST_GROUPID)"
+    usermod --uid "$HOST_USERID" --gid "$HOST_GROUPID" "$SC_USER_NAME"
+
+    echo "$INFO" "Changing group properties of files around from $SC_USER_ID to group $CONT_GROUPNAME"
+    find / -path /proc -prune -o -group "$SC_USER_ID" -exec chgrp --no-dereference "$CONT_GROUPNAME" {} \;
+    # change user property of files already around
+    echo "$INFO" "Changing ownership properties of files around from $SC_USER_ID to group $CONT_GROUPNAME"
+    find / -path /proc -prune -o -user "$SC_USER_ID" -exec chown --no-dereference "$SC_USER_NAME" {} \;
+  fi
+fi
+
+
+echo "$INFO Starting $* ..."
+echo "  $SC_USER_NAME rights    : $(id "$SC_USER_NAME")"
+echo "  local dir : $(ls -al)"
+
+exec gosu "$SC_USER_NAME" "$@"

services/notifications/docker/healthcheck.py

@@ -0,0 +1,40 @@
+#!/bin/python
+""" Healthcheck script to run inside docker
+
+Example of usage in a Dockerfile
+```
+    COPY --chown=scu:scu docker/healthcheck.py docker/healthcheck.py
+    HEALTHCHECK --interval=30s \
+                --timeout=30s \
+                --start-period=1s \
+                --retries=3 \
+                CMD python3 docker/healthcheck.py http://localhost:8000/
+```
+
+Q&A:
+    1. why not to use curl instead of a python script?
+        - SEE https://blog.sixeyed.com/docker-healthchecks-why-not-to-use-curl-or-iwr/
+"""
+import os
+import sys
+from urllib.request import urlopen
+
+SUCCESS, UNHEALTHY = 0, 1
+
+# Disabled if boots with debugger (e.g. debug, pdb-debug, debug-ptvsd, debugpy, etc)
+ok = "debug" in os.environ.get("SC_BOOT_MODE", "").lower()
+
+# Queries host
+# pylint: disable=consider-using-with
+ok = (
+    ok
+    or urlopen(
+        "{host}{baseurl}".format(
+            host=sys.argv[1], baseurl=os.environ.get("SIMCORE_NODE_BASEPATH", "")
+        )  # adds a base-path if defined in environ
+    ).getcode()
+    == 200
+)
+
+
+sys.exit(SUCCESS if ok else UNHEALTHY)

services/notifications/requirements/Makefile

@@ -0,0 +1,10 @@
+#
+# Targets to pip-compile requirements
+#
+include ../../../requirements/base.Makefile
+
+# Add here any extra explicit dependency: e.g. _migration.txt: _base.txt
+
+_base.in: constraints.txt
+_test.in: constraints.txt
+_tools.in: constraints.txt