Jupyterhub Integration - Githubissues

jupyterlab / jupyterlab-github

GitHub integration for JupyterLab

BSD 3-Clause "New" or "Revised" License

413 stars 106 forks source link

Jupyterhub Integration #53

Open jkuruzovich opened 6 years ago

jkuruzovich commented 6 years ago

This is really a great addition to Jupyterlab. I'm wondering if anyone has devised a way of setting the token in Jupyterhub (and specificity using the Zero to Jupyterhub helm chart)? Thanks in advance.

ian-r-rose commented 6 years ago

For security and rate-limiting reasons, it is probably best for users to set up their own personal access tokens and add it to their local config files. I don't manage any JupyterHub deployments myself, so I don't really have detailed insights, but perhaps @dhirschfeld has some thoughts on best practices for setting it up?

dhirschfeld commented 6 years ago

I'm still formulating my opinions on that front! Also, different JupyterHub deployments might require different solutions.

I do think a personal access token is the right way for this extension to be accessing GitHub but AFAICS that essentially precludes the extension from working until the user first creates a token. I'm thinking of getting around that using a service account with read-only access but that's likely pretty specific to my situation.

I was thinking if an access token wasn't specified that there could be a landing page with a a big button pointing to https://github.com/settings/tokens/new and an explanation that a token needed to be created to use the extension.

jkuruzovich commented 6 years ago

Thanks! At least for the Jupyterhub on Kubernetes setup, if a user were to store their token on the local drive, then after the container is created the launch script could change that to an environment variable.

singleuser:
  image:
    name: my org/myimage
    tag: myth
  lifecycleHooks:
    postStart:
      exec:
        command: ["/bin/sh", "export $(cat /home/jovyan/my.env | grep -v ^# | xargs)"]

Could the github extension pull the user token from an environment variable? I have a setup and am glad to try and then put a pull request for the updated docs if that seems a reasonable way to do it.

ian-r-rose commented 5 years ago

Coming back to this after some work on deploying this extension in a JupyterHub environment.

It is possible to pass an access token from a JupyterHub spawner to an individual notebook server. Even better, if you are using GitHub OAuth, you can pass the token generated by user login. An example of how to do that with zero-to-jupyterhub is shown here: https://github.com/CityOfLosAngeles/citywide-jupyterhub/blob/e010e49cf02ef42c4c9a237b6e9bc33d6a344288/deploy/config.yaml#L18-L42

I think it would also be a good idea for the extension to be able to pull a token from an environment variable. If anybody wants to tackle that, I could provide guidance (I think it would be a ~5 line enhancement).