Merge branch 'main' into feature/oci-template

Author: aybanda

.github/workflows/deploy-registry.yaml

@@ -1,6 +1,9 @@
 name: deploy-registry
 
 on:
+  schedule:
+    # Runs at 02:30 UTC Monday through Friday
+    - cron: "30 2 * * 1-5"
   push:
     tags:
       # Matches release/<namespace>/<resource_name>/<semantic_version>

registry/coder/modules/hcp-vault-secrets/README.md

@@ -15,9 +15,9 @@ tags: [integration, vault, hashicorp, hvs]
 >
 > **Use these Coder registry modules instead:**
 >
-> - **[vault-token](https://registry.coder.com/modules/vault-token)** - Connect to Vault using access tokens
-> - **[vault-jwt](https://registry.coder.com/modules/vault-jwt)** - Connect to Vault using JWT/OIDC authentication
-> - **[vault-github](https://registry.coder.com/modules/vault-github)** - Connect to Vault using GitHub authentication
+> - **[vault-token](https://registry.coder.com/modules/coder/vault-token)** - Connect to Vault using access tokens
+> - **[vault-jwt](https://registry.coder.com/modules/coder/vault-jwt)** - Connect to Vault using JWT/OIDC authentication
+> - **[vault-github](https://registry.coder.com/modules/coder/vault-github)** - Connect to Vault using GitHub authentication
 >
 > These modules work with both self-hosted Vault and HCP Vault Dedicated. For migration help, see the [official HashiCorp announcement](https://developer.hashicorp.com/hcp/docs/vault-secrets/end-of-sale-announcement).
 
@@ -26,7 +26,7 @@ This module lets you fetch all or selective secrets from a [HCP Vault Secrets](h
 ```tf
 module "vault" {
   source     = "registry.coder.com/coder/hcp-vault-secrets/coder"
-  version    = "1.0.33"
+  version    = "1.0.34"
   agent_id   = coder_agent.example.id
   app_name   = "demo-app"
   project_id = "aaa-bbb-ccc"
@@ -52,7 +52,7 @@ To fetch all secrets from the HCP Vault Secrets app, skip the `secrets` input.
 ```tf
 module "vault" {
   source     = "registry.coder.com/coder/hcp-vault-secrets/coder"
-  version    = "1.0.33"
+  version    = "1.0.34"
   agent_id   = coder_agent.example.id
   app_name   = "demo-app"
   project_id = "aaa-bbb-ccc"
@@ -66,7 +66,7 @@ To fetch selective secrets from the HCP Vault Secrets app, set the `secrets` inp
 ```tf
 module "vault" {
   source     = "registry.coder.com/coder/hcp-vault-secrets/coder"
-  version    = "1.0.33"
+  version    = "1.0.34"
   agent_id   = coder_agent.example.id
   app_name   = "demo-app"
   project_id = "aaa-bbb-ccc"
@@ -81,7 +81,7 @@ Set `client_id` and `client_secret` as module inputs.
 ```tf
 module "vault" {
   source        = "registry.coder.com/coder/hcp-vault-secrets/coder"
-  version       = "1.0.33"
+  version       = "1.0.34"
   agent_id      = coder_agent.example.id
   app_name      = "demo-app"
   project_id    = "aaa-bbb-ccc"

registry/coder/modules/jupyter-notebook/README.md

@@ -16,7 +16,7 @@ A module that adds Jupyter Notebook in your Coder template.
 module "jupyter-notebook" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/jupyter-notebook/coder"
-  version  = "1.1.1"
+  version  = "1.2.0"
   agent_id = coder_agent.example.id
 }
 ```

registry/coder/modules/jupyter-notebook/main.tf

@@ -48,13 +48,27 @@ variable "group" {
   default     = null
 }
 
+variable "requirements_path" {
+  type        = string
+  description = "The path to requirements.txt with packages to preinstall"
+  default     = ""
+}
+
+variable "pip_install_extra_packages" {
+  type        = string
+  description = "List of extra packages to preinstall (example: numpy==1.26.4 pandas matplotlib<4 scikit-learn)"
+  default     = ""
+}
+
 resource "coder_script" "jupyter-notebook" {
   agent_id     = var.agent_id
   display_name = "jupyter-notebook"
   icon         = "/icon/jupyter.svg"
   script = templatefile("${path.module}/run.sh", {
     LOG_PATH : var.log_path,
-    PORT : var.port
+    PORT : var.port,
+    REQUIREMENTS_PATH : var.requirements_path,
+    PIP_INSTALL_EXTRA_PACKAGES : var.pip_install_extra_packages
   })
   run_on_start = true
 }

registry/coder/modules/jupyter-notebook/run.sh

@@ -20,6 +20,24 @@ else
   echo "🥳 jupyter-notebook is already installed\n\n"
 fi
 
+# Install packages selected with REQUIREMENTS_PATH
+if [ -n "${REQUIREMENTS_PATH}" ]; then
+  if [ -f "${REQUIREMENTS_PATH}" ]; then
+    echo "📄 Installing packages from ${REQUIREMENTS_PATH}..."
+    pipx -q runpip notebook install -r "${REQUIREMENTS_PATH}"
+    echo "🥳 Packages from ${REQUIREMENTS_PATH} have been installed\n\n"
+  else
+    echo "⚠️  REQUIREMENTS_PATH is set to '${REQUIREMENTS_PATH}' but the file does not exist!\n\n"
+  fi
+fi
+
+# Install packages selected with PIP_INSTALL_EXTRA_PACKAGES
+if [ -n "${PIP_INSTALL_EXTRA_PACKAGES}" ]; then
+  echo "📦 Installing additional packages: ${PIP_INSTALL_EXTRA_PACKAGES}"
+  pipx -q runpip notebook install ${PIP_INSTALL_EXTRA_PACKAGES}
+  echo "🥳 Additional packages have been installed\n\n"
+fi
+
 echo "👷 Starting jupyter-notebook in background..."
 echo "check logs at ${LOG_PATH}"
 $HOME/.local/bin/jupyter-notebook --NotebookApp.ip='0.0.0.0' --ServerApp.port=${PORT} --no-browser --ServerApp.token='' --ServerApp.password='' > ${LOG_PATH} 2>&1 &

registry/ericpaulsen/.images/avatar.png

@@ -0,0 +1,16 @@
+---
+display_name: "Eric Paulsen"
+bio: "Field CTO, EMEA @ Coder"
+avatar_url: "./.images/avatar.png"
+github: "ericpaulsen"
+linkedin: "https://www.linkedin.com/in/ericpaulsen17" # Optional
+website: "https://ericpaulsen.io" # Optional
+support_email: "[email protected]" # Optional
+status: "community"
+---
+
+# Eric Paulsen
+
+I'm Eric Paulsen, Coder's EMEA Field CTO based in London, originating from Miami.
+Outside of working with our customers, I enjoy teaching myself things,
+playing volleyball, and dabbling in a bit of DJing & photography.

registry/ericpaulsen/README.md

@@ -0,0 +1,51 @@
+---
+display_name: Kubernetes (Deployment) with Dynamic Username
+description: Provision Kubernetes Deployments as Coder workspaces with your Username
+icon: ../../../../.icons/kubernetes.svg
+verified: true
+tags: [kubernetes, container, username]
+---
+
+# Remote development on Kubernetes with dynamic usernames
+
+Provision Kubernetes Pods as [Coder workspaces](https://coder.com/docs/workspaces) with this example template. This template
+will run the workspace container as a non-root UID using your Coder username.
+
+Here is the entrypoint logic in the template that enables Coder to source your username and write it to the Ubuntu operating system at start-up.
+
+> These commands may differ if you run your workspace image with a distro other than Ubuntu.
+
+```terraform
+command = ["sh", "-c", <<EOF
+    # Create user and setup home directory
+    sudo useradd ${data.coder_workspace_owner.me.name} --home=/home/${data.coder_workspace_owner.me.name} --shell=/bin/bash --uid=1001 --user-group
+    sudo chown -R ${data.coder_workspace_owner.me.name}:${data.coder_workspace_owner.me.name} /home/${data.coder_workspace_owner.me.name}
+    
+    # Switch to user and run agent
+    exec sudo --preserve-env=CODER_AGENT_TOKEN -u ${data.coder_workspace_owner.me.name} sh -c '${coder_agent.main.init_script}'
+EOF
+]
+```
+
+<!-- TODO: Add screenshot -->
+
+## Prerequisites
+
+### Infrastructure
+
+**Cluster**: This template requires an existing Kubernetes cluster
+
+**Container Image**: This template uses the [codercom/enterprise-base:ubuntu image](https://github.com/coder/enterprise-images/tree/main/images/base) with some dev tools preinstalled. To add additional tools, extend this image or build it yourself.
+
+### Authentication
+
+This template authenticates using a `~/.kube/config`, if present on the server, or via built-in authentication if the Coder provisioner is running on Kubernetes with an authorized ServiceAccount. To use another [authentication method](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs#authentication), edit the template.
+
+## Architecture
+
+This template provisions the following resources:
+
+- Kubernetes Deployment (ephemeral)
+- Kubernetes persistent volume claim (persistent on `/home/${username}`, where `${username}` is your Coder username)
+
+This means, when the workspace restarts, any tools or files outside of the home directory are not persisted. To pre-bake tools into the workspace (e.g. `python3`), modify the container image. Alternatively, individual developers can [personalize](https://coder.com/docs/dotfiles) their workspaces with dotfiles.