Setup Git client for Jupyter

app/models/clusters/applications/jupyter.rb

@@ -61,6 +61,10 @@ module Clusters
         "http://#{hostname}/hub/oauth_callback"
       end
 
+      def oauth_scopes
+        'api read_repository write_repository'
+      end
+
       private
 
       def specification
@@ -94,7 +98,8 @@ module Clusters
           },
           "singleuser" => {
             "extraEnv" => {
-              "GITLAB_CLUSTER_ID" => cluster.id.to_s
+              "GITLAB_CLUSTER_ID" => cluster.id.to_s,
+              "GITLAB_HOST" => gitlab_host
             }
           }
         }
@@ -112,6 +117,10 @@ module Clusters
         Gitlab.config.gitlab.url
       end
 
+      def gitlab_host
+        Gitlab.config.gitlab.host
+      end
+
       def content_values
         YAML.load_file(chart_values_file).deep_merge!(specification)
       end

app/services/clusters/applications/base_service.rb

@@ -81,7 +81,7 @@ module Clusters
         oauth_application_params = {
           name: params[:application],
           redirect_uri: application.callback_url,
-          scopes: 'api read_user openid',
+          scopes: application.oauth_scopes,
           owner: current_user
         }
 

changelogs/unreleased/t1.yml

@@ -0,0 +1,5 @@
+---
+title: Set up git client in Jupyter installtion
+merge_request: 28783
+author: Amit Rathi
+type: added

spec/models/clusters/applications/jupyter_spec.rb

@@ -96,6 +96,8 @@ describe Clusters::Applications::Jupyter do
       expect(values).to match(/clientId: '?#{application.oauth_application.uid}/)
       expect(values).to match(/callbackUrl: '?#{application.callback_url}/)
       expect(values).to include("gitlabProjectIdWhitelist:\n    - #{application.cluster.project.id}")
+      expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']")
+      expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/)
     end
 
     context 'when cluster belongs to a project' do

vendor/jupyter/values.yaml

@@ -4,9 +4,9 @@ rbac:
 hub:
   extraEnv:
     JUPYTER_ENABLE_LAB: 1
-    SINGLEUSER_IMAGE: 'registry.gitlab.com/gitlab-org/jupyterhub-user-image:latest'
   extraConfig: |
     c.KubeSpawner.cmd = ['jupyter-labhub']
+    c.GitLabOAuthenticator.scope = ['api read_repository write_repository']
 
     async def add_auth_env(spawner):
       '''
@@ -23,6 +23,8 @@ hub:
       spawner.environment['GITLAB_ACCESS_TOKEN'] = auth_state['access_token']
       spawner.environment['GITLAB_USER_LOGIN'] = auth_state['gitlab_user']['username']
       spawner.environment['GITLAB_USER_ID'] = str(auth_state['gitlab_user']['id'])
+      spawner.environment['GITLAB_USER_EMAIL'] = auth_state['gitlab_user']['email']
+      spawner.environment['GITLAB_USER_NAME'] = auth_state['gitlab_user']['name']
 
     c.KubeSpawner.pre_spawn_hook = add_auth_env
 
@@ -33,10 +35,22 @@ auth:
 
 singleuser:
   defaultUrl: "/lab"
+  image:
+    name: registry.gitlab.com/gitlab-org/jupyterhub-user-image
+    tag: latest
   lifecycleHooks:
     postStart:
       exec:
-        command: ["sh", "-c", "git clone https://gitlab.com/gitlab-org/nurtch-demo.git DevOps-Runbook-Demo || true"]
+        command:
+          - "sh"
+          - "-c"
+          - >
+            git clone https://gitlab.com/gitlab-org/nurtch-demo.git DevOps-Runbook-Demo || true;
+            echo "https://${GITLAB_USER_LOGIN}:${GITLAB_ACCESS_TOKEN}@${GITLAB_HOST}" > ~/.git-credentials;
+            git config --global credential.helper store;
+            git config --global user.email "${GITLAB_USER_EMAIL}";
+            git config --global user.name "${GITLAB_USER_NAME}";
+            jupyter serverextension enable --py jupyterlab_git
 
 ingress:
  enabled: true