Merge remote-tracking branch 'origin/feat/1757_actions_arbitrary_namespaces' into dev

wp99cp · wp99cp · commit 6ea42bd6aaca · 2025-10-15T14:20:21.000+02:00
diff --git a/.env b/.env
@@ -41,5 +41,6 @@ GOOGLE_ARTIFACT_UPLOADER_KEY_FILE=anymal-grand-tour-3b7a5d0c8ef4.json
 # can be left empty if you don't want to use docker hub
 DOCKER_HUB_USERNAME=
 DOCKER_HUB_PASSWORD=
+VITE_DOCKER_HUB_NAMESPACE=
 
 ARTIFACTS_UPLOADER_IMAGE=rslethz/grandtour-datasets:artifact-uploader-latest
diff --git a/backend/src/services/action.service.ts b/backend/src/services/action.service.ts
@@ -100,9 +100,14 @@ export class ActionService {
         data: CreateTemplateDto,
         auth: AuthHeader,
     ): Promise<ActionTemplateDto> {
-        if (!data.dockerImage.startsWith('rslethz/')) {
+        const dockerhub_namespace = process.env['VITE_DOCKER_HUB_NAMESPACE'];
+        // assert that we only run images from a specified namespace
+        if (
+            dockerhub_namespace !== undefined &&
+            !data.dockerImage.startsWith(dockerhub_namespace)
+        ) {
             throw new ConflictException(
-                'Only images from the rslethz namespace are allowed',
+                `Only images from the ${dockerhub_namespace} namespace are allowed`,
             );
         }
         const exists = await this.actionTemplateRepository.exists({
@@ -140,11 +145,11 @@ export class ActionService {
         data: UpdateTemplateDto,
         auth: AuthHeader,
     ): Promise<ActionTemplateDto> {
-        if (!data.dockerImage.startsWith('rslethz/')) {
-            throw new ConflictException(
-                'Only images from the rslethz namespace are allowed',
-            );
-        }
+        //if (!data.dockerImage.startsWith('rslethz/')) {
+        //    throw new ConflictException(
+        //        'Only images from the rslethz namespace are allowed',
+        //    );
+        //}
         const template = await this.actionTemplateRepository.findOneOrFail({
             where: { uuid: data.uuid },
         });
diff --git a/common/environment.ts b/common/environment.ts
@@ -190,4 +190,12 @@ export default {
     get VITE_USE_FAKE_OAUTH_FOR_DEVELOPMENT(): boolean {
         return asBoolean(process.env['VITE_USE_FAKE_OAUTH_FOR_DEVELOPMENT']);
     },
+
+    /**
+     * @returns Docker Hub namespace for image validation (optional)
+     * @example rslethz/
+     */
+    get DOCKER_HUB_NAMESPACE(): string {
+        return process.env['VITE_DOCKER_HUB_NAMESPACE'] ?? '';
+    },
 };
diff --git a/docs/usage/actions/write-custom-actions.md b/docs/usage/actions/write-custom-actions.md
@@ -69,15 +69,16 @@ The following environment variables are deprecated and will be removed in the fu
 
 ## Push Actions to Docker Hub
 
-Kleinkram actions must be pushed to Docker Hub under the rslethz/\*\*\* namespace. To publish your action:
+Kleinkram actions must be pushed to Docker Hub under a namespace defined by the `VITE_DOCKER_HUB_NAMESPACE` environment variable. 
+If this is left empty, actions are allowed to be pushed on any namespace. To publish your action:
 
 ```bash
 # login to docker hub
 docker login
 
 # build the image
-docker build -t rslethz/my-action .
+docker build -t <namespace>/my-action .
 
 # push the image
-docker push rslethz/my-action
+docker push <namespace>/my-action
 ```
diff --git a/examples/actions/Dockerfile b/examples/actions/Dockerfile
@@ -1,7 +1,7 @@
 FROM python:latest
 
 # install kleinkram as CLI
-RUN pip install kleinkram --pre --force-reinstall
+RUN pip install kleinkram --pre --force-reinstall && pip install "httpx==0.26.0"
 
 # copy entrypoint and make it executable
 COPY ./entrypoint.sh /entrypoint.sh
diff --git a/frontend/src/components/action-configuration.vue b/frontend/src/components/action-configuration.vue
@@ -515,10 +515,14 @@ async function submitAnalysis() {
         });
         return;
     }
-    if (!editingTemplate.value.imageName.startsWith('rslethz/')) {
+    const dockerhubNamespace = import.meta.env.VITE_DOCKER_HUB_NAMESPACE;
+    if (
+        dockerhubNamespace &&
+        !editingTemplate.value.imageName.startsWith(`${dockerhubNamespace}`)
+    ) {
         Notify.create({
             group: false,
-            message: 'The image name must start with "rslethz/"',
+            message: `The image name must start with "${dockerhubNamespace}/"`,
             color: 'negative',
             position: 'bottom',
             timeout: 2000,
diff --git a/queueConsumer/src/actions/services/docker-daemon.service.ts b/queueConsumer/src/actions/services/docker-daemon.service.ts
@@ -303,10 +303,14 @@ export class DockerDaemon {
 
     @tracing()
     private async getImage(dockerImage: string) {
-        // assert that we only run rslethz images
-        if (!dockerImage.startsWith('rslethz/')) {
+        const dockerhub_namespace = process.env['VITE_DOCKER_HUB_NAMESPACE'];
+        // assert that we only run images from a specified namespace
+        if (
+            dockerhub_namespace !== undefined &&
+            !dockerImage.startsWith(dockerhub_namespace)
+        ) {
             throw new Error(
-                'Only images from the rslethz organization are allowed',
+                `Only images from the ${dockerhub_namespace} namespace are allowed`,
             );
         }
 
