prepare 1st release for labnow

.dockerignore

@@ -0,0 +1,39 @@
+# Node dependencies
+**/node_modules
+
+# Frontend build outputs
+**/dist
+**/build
+**/.next
+**/.nuxt
+**/.output
+**/out
+
+# Tool caches
+**/.cache
+**/.vite
+**/.turbo
+**/.parcel-cache
+**/.eslintcache
+**/.stylelintcache
+
+# Test / coverage artifacts
+**/coverage
+**/.nyc_output
+
+# Logs
+**/*.log
+**/npm-debug.log*
+**/yarn-debug.log*
+**/yarn-error.log*
+**/pnpm-debug.log*
+
+# Editor / OS files
+**/.DS_Store
+**/Thumbs.db
+**/.idea
+**/.vscode
+
+# Local env files
+**/.env
+**/.env.*

.github/workflows/build-docker.yml

@@ -0,0 +1,87 @@
+name: build-docker-images  # Build Docker Image for LabNow OSS
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ "v*" ]
+    paths-ignore: ["*.md"]
+  pull_request:
+    branches: [ "main" ]
+    paths-ignore: [ "*.md" ]
+  workflow_dispatch: # Allows you to run this workflow manually from the Actions tab
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+env:
+  BUILDKIT_PROGRESS: "plain"  # Full logs for CI build.
+  REGISTRY_SRC: ${{ vars.REGISTRY_SRC || 'docker.io' }} # For BASE_NAMESPACE of images: where to pull base images from, docker.io or other source registry URL.
+  REGISTRY_DST: ${{ vars.REGISTRY_DST || 'quay.io' }} # For tags of built images: where to push images to, docker.io or other destination registry URL.
+  # DOCKER_REGISTRY_USERNAME and DOCKER_REGISTRY_PASSWORD is required for docker image push, they should be set in CI secrets.
+  DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }}
+  DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+  # used to sync image to mirror registry
+  DOCKER_MIRROR_REGISTRY_USERNAME: ${{ vars.DOCKER_MIRROR_REGISTRY_USERNAME }}
+  DOCKER_MIRROR_REGISTRY_PASSWORD: ${{ secrets.DOCKER_MIRROR_REGISTRY_PASSWORD }}
+  CI_PROJECT_NAME: ${{ vars.CI_PROJECT_NAME || 'LabNow/labnow-oss' }}
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  COMMIT_SHA: ${{ github.sha }} # COMMIT_SHA="$(git rev-parse --short HEAD)"
+
+jobs:
+  semgrep:
+    runs-on: ubuntu-latest
+    container:
+      image: semgrep/semgrep:latest
+    continue-on-error: true
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - uses: actions/checkout@v5
+      - run: |
+          semgrep ci --verbose \
+            --config p/ci \
+            --config p/security-audit \
+            --config p/python \
+            --config p/javascript \
+            --config p/react \
+            --config p/owasp-top-ten \
+            --exclude-rule=dockerfile.security.missing-user.missing-user
+
+  job-developer:
+    name: "labnow-oss-dev"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - run: |
+          source ./tool/tool.sh
+          build_image labnow-oss-dev latest ./src/labnow-oss.Dockerfile \
+            --build-arg "PROFILE_LOCALIZE=default" --build-arg "BASE_IMG=labnow/developer:latest"
+          push_image  labnow-oss-dev
+
+  job-data-science:
+    name: "labnow-oss-data-science"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - run: |
+          source ./tool/tool.sh
+          build_image labnow-oss-data-science latest ./src/labnow-oss.Dockerfile \
+            --build-arg "PROFILE_LOCALIZE=default" --build-arg "BASE_IMG=labnow/data-science-dev:latest"
+          push_image  labnow-oss-data-science
+
+
+  ## Sync all images in this build (listed by "names") to mirror registry.
+  sync_images:
+    needs: ["job-developer", "job-data-science"]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - env:
+          AUTH_FILE_CONTENT: ${{ secrets.AUTH_FILE_CONTENT }}
+          DOCKER_MIRROR_REGISTRY: ${{ vars.DOCKER_MIRROR_REGISTRY }}
+        run: |
+          source ./tool/tool.sh
+          printf '%s' "$AUTH_FILE_CONTENT" > .github/workflows/auth.json && ls -alh ./.github/workflows
+          printenv | grep -v 'PATH' > /tmp/docker.env && echo "REGISTRY_URL=${REGISTRY_DST}" >> /tmp/docker.env
+          docker run --rm --env-file /tmp/docker.env -v $(pwd):/tmp -w /tmp labnow/docker-kit \
+            python /opt/utils/image-syncer/run_jobs.py --auth-file=/tmp/.github/workflows/auth.json

.gitignore

@@ -0,0 +1,131 @@
+extension-template
+*.bundle.*
+lib/
+node_modules/
+*.log
+.eslintcache
+.stylelintcache
+*.egg-info/
+.ipynb_checkpoints
+*.tsbuildinfo
+llm_assistant/labextension
+# Version file is handled by hatchling
+llm_assistant/_version.py
+rws-fe-env
+
+*.ipynb
+
+*.env
+
+# Integration tests
+ui-tests/test-results/
+ui-tests/playwright-report/
+
+# Created by https://www.gitignore.io/api/python
+# Edit at https://www.gitignore.io/?templates=python
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage/
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# End of https://www.gitignore.io/api/python
+
+# OSX files
+.DS_Store
+
+# Yarn cache
+.yarn/

doc/README-dev.md

@@ -0,0 +1,29 @@
+# Develop with the `labnow/developer` image
+
+```bash
+docker run -d \
+    --name dev-labnow-open \
+    -p 20080:80 \
+    -v $(pwd):/root/dev \
+    quay.io/labnow/developer tail -f /dev/null
+```
+
+```bash
+docker exec -it dev-labnow-open bash
+export STATIC_DIR=/root/dev/src/labnow-oss-web/dist && start-supervisord.sh
+```
+
+http://localhost:20080/
+
+## Build the image
+
+```bash
+docker build -t quay.io/labnow-dev/labnow-oss-dev:latest \
+    -f src/labnow-oss.Dockerfile \
+    --build-arg PROFILE_LOCALIZE=aliyun-pub .
+
+docker run --rm -it \
+    --name dev-labnow-open \
+    -p 20080:80 \
+    quay.io/labnow-dev/labnow-oss-dev:latest
+```

src/labnow-oss-etc/Caddyfile

@@ -0,0 +1,53 @@
+:80 {
+    log {  # Enable access logging for all requests
+        output file /dev/null {
+            roll_size 10mb
+            roll_keep 5
+            roll_keep_for 30d
+        }
+        format json
+    }
+
+    # Add a global header to all responses
+    header {
+      -Server
+      Location-Base {$URL_PREFIX}
+    }
+
+    # Redirect the root path to the user home page
+    @root path_regexp root ^{$URL_PREFIX:}/?$
+    redir @root {$URL_PREFIX:}home 307
+
+    # Handle user home paths
+    @path_user_home path_regexp ^{$URL_PREFIX}home/.*$
+    handle @path_user_home {
+        uri strip_prefix {$URL_PREFIX}home
+        reverse_proxy localhost:9001
+    }
+    @path_user_home_no_slash path_regexp ^{$URL_PREFIX}home$
+    redir @path_user_home_no_slash {path}/ 308
+
+
+    @path_user_vscode path_regexp ^{$URL_PREFIX}vscode/.*$
+    handle @path_user_vscode {  # Proxy requests to vscode, strip prefix
+        uri strip_prefix {$URL_PREFIX}vscode
+        reverse_proxy localhost:9999
+    }
+    @path_user_vscode_no_slash path_regexp ^{$URL_PREFIX}vscode$
+    redir @path_user_vscode_no_slash {path}/ 308  # Redirect paths ending in "vscode" to "vscode/"
+
+
+    @path_user_rserver path_regexp ^{$URL_PREFIX}rserver/.*$
+    handle @path_user_rserver {  # Proxy requests to rserver, strip prefix
+        uri strip_prefix {$URL_PREFIX}rserver
+        reverse_proxy localhost:8787 {
+            header_up   -X-Forwarded-Port
+        }
+    }
+    @path_user_rserver_no_slash path_regexp ^{$URL_PREFIX}rserver$
+    redir @path_user_rserver_no_slash {path}/ 308  # Redirect paths ending in "rserver" to "rserver/"
+
+    handle /* {  # Proxy all other requests to a default backend server on port 8888 for jupyter
+        reverse_proxy localhost:8888
+    }
+}

src/labnow-oss-etc/supervisord.conf

@@ -0,0 +1,44 @@
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[unix_http_server]
+file=/var/run/supervisor.sock
+chmod=0770
+chown=root:supervisor
+
+[inet_http_server]
+port=:9001
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[supervisord]
+identifier=lab
+autostart=False
+nodaemon=false
+pidfile=/var/run/supervisord.pid
+logfile=/dev/stdout
+loglevel=warning
+logfile_maxbytes=10MB
+logfile_backups=10
+minfds=2048
+minprocs=256
+
+[program-default]
+# directory=/data
+stdout_logfile=/dev/stdout
+stderr_logfile=/dev/stderr
+autostart=false
+autorestart=true
+stdout_logfile_maxbytes=10MB
+stdout_logfile_backups=10
+redirect_stderr=true
+startretries=3
+
+[program:caddy]
+command=/usr/local/bin/start-caddy.sh
+autostart=true
+
+[program:jupyter]
+command=/usr/local/bin/start-jupyterlab.sh
+autostart=true