Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/actions/setup-workbench-docker/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@ runs:
shell: bash
run: |
# Create connect directory if it doesn't exist
mkdir -p docker/environments/workbench-dev/connect
mkdir -p docker/environments/pwb-local/connect
# Copy Connect license to the location expected by docker-compose volume mount
if [ -f "${{ inputs.connect-license-path }}" ]; then
cp "${{ inputs.connect-license-path }}" docker/environments/workbench-dev/connect/connect.lic
echo "Connect license copied to docker/environments/workbench-dev/connect/connect.lic"
cp "${{ inputs.connect-license-path }}" docker/environments/pwb-local/connect/connect.lic
echo "Connect license copied to docker/environments/pwb-local/connect/connect.lic"
else
echo "Warning: Connect license not found at ${{ inputs.connect-license-path }}"
fi
Expand All @@ -53,7 +53,7 @@ runs:
run: |
docker compose \
-p "${{ inputs.run-id }}" \
-f docker/environments/workbench-dev/docker-compose.workbench.yml \
-f docker/environments/pwb-local/docker-compose.workbench.yml \
up -d

- name: Setup workbench scripts
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test-e2e-workbench-ubuntu.yml
Original file line number Diff line number Diff line change
Expand Up @@ -225,4 +225,4 @@ jobs:
- name: Stop Docker containers
if: always()
run: |
docker compose -p ${{ github.run_id }} -f docker/environments/workbench-dev/docker-compose.workbench.yml down || true
docker compose -p ${{ github.run_id }} -f docker/environments/pwb-local/docker-compose.workbench.yml down || true
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copy to docker/environments/workbench-dev/.env and fill in. Required values are prompted if missing.
# Copy to docker/environments/pwb-local/.env and fill in. Required values are prompted if missing.
E2E_POSTGRES_USER=testuser
E2E_POSTGRES_PASSWORD=testpassword
WB_PASSWORD=testpassword
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ pick, in one command.
## Prerequisites

- Docker Desktop with 8+ CPUs and 16 GB RAM.
- `workbench.lic` and `connect.lic` in `docker/environments/workbench-dev/`.
- `workbench.lic` and `connect.lic` in `docker/environments/pwb-local/`.
- `.env` is created from `.env.example` on first run; you are prompted for
`WB_PASSWORD` if it is unset.
- Optional: `fzf` for arrow-key pickers (without it you get a numbered prompt).
Expand All @@ -15,15 +15,18 @@ pick, in one command.

## Quick start

1. `gh auth login` once (or export a `GITHUB_TOKEN` PAT, which takes
precedence). Pulling the container images needs the `read:packages` scope,
but you don't have to figure that out up front: if the token you're using is
missing it, `npm run pwb` tells you exactly how to add it.
2. Drop `workbench.lic` and `connect.lic` into `docker/environments/workbench-dev/`.
3. `npm run pwb`.
1. Login once, when prompted for a password, enter your **GitHub Personal Access Token**, not your GitHub password. The token needs `read:packages` scope.

```bash
docker login ghcr.io -u <your_github_username>
```

2. Drop `workbench.lic` and `connect.lic` into `docker/environments/pwb-local/`.
3. Create `.env` from `.env.example`. Secrets are in 1Password.
4. `npm run pwb`.

First run asks which Positron and Workbench you want, installs them, and brings
the stack up. Open http://localhost:8787 and log in as `user1`.
the stack up. Open http://localhost:8787 and log in as `user1` and password as set in `WB_PASSWORD`.

## Commands

Expand Down Expand Up @@ -68,7 +71,7 @@ install; re-run with `--reinstall --credentials=<type>` to switch.
| `snowflake` | `/etc/rstudio/snowflake.conf` + `allow-refresh-snowflake-roles` | `SNOWFLAKE_ACCOUNT_`, `SNOWFLAKE_CLIENT_ID_`, `SNOWFLAKE_CLIENT_SECRET_` |
| `azure` | OpenID auth in `rserver.conf` + `openid-client-secret` + JIT home dirs | `AZURE_SERVICE_PRINCIPAL_CLIENT_SECRET_` |

1. Put the values for your provider in `docker/environments/workbench-dev/.env` (templated in
1. Put the values for your provider in `docker/environments/pwb-local/.env` (templated in
`.env.example`). They live in the team 1Password vault. Wrap each value in
single quotes -- `.env` is sourced by the shell, so a secret containing a `$`,
space, or `#` is mangled (or errors out) without them. The trailing underscore
Expand All @@ -84,7 +87,7 @@ install; re-run with `--reinstall --credentials=<type>` to switch.

| Service | URL | Login |
| --- | --- | --- |
| Workbench | http://localhost:8787 | `user1` / `WB_PASSWORD` (from `docker/environments/workbench-dev/.env`) |
| Workbench | http://localhost:8787 | `user1` / `WB_PASSWORD` (from `docker/environments/pwb-local/.env`) |
| Connect | http://localhost:3939 | bootstrapped per run |

## Troubleshooting
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -322,6 +322,12 @@ cmd_install() {
'
# Record the exact Workbench package URL so status can show the build.
docker exec -e WB_URL="${WB_URL}" test bash -c 'printf "%s\n" "$WB_URL" > /var/lib/wb-local-source' || true
# install-workbench.sh writes /var/lib/wb-local-credentials itself, only on a
# successful configure-datasources.sh run. Without --credentials there's
# nothing to configure, so clear any stale marker from a prior install here.
if [ -z "$creds" ]; then
docker exec test bash -c 'rm -f /var/lib/wb-local-credentials' || true
fi
}

cmd_up() {
Expand Down Expand Up @@ -383,7 +389,7 @@ cmd_up() {
if [ ! -f "${SCRIPT_DIR}/connect/connect.lic" ]; then
echo "WARNING: no Connect license at ${SCRIPT_DIR}/connect.lic -- the connect container" >&2
echo " will not become healthy and 'test' won't start (startup will time out)." >&2
echo " Add connect.lic (see docker/environments/workbench-dev/README-positron-workbench.md)." >&2
echo " Add connect.lic (see docker/environments/pwb-local/README.md)." >&2
fi
# --remove-orphans clears a leftover container from a prior run under a
# different service name that would otherwise hold the same ports.
Expand Down Expand Up @@ -441,16 +447,23 @@ wb_source_build() {
docker exec test bash -c 'if [ -f /var/lib/wb-local-source ]; then basename "$(cat /var/lib/wb-local-source)"; fi' 2>/dev/null || true
}

# The configured managed-credential type (databricks/snowflake/azure), recorded
# at install time. Empty if the stack was installed without --credentials.
wb_credentials_type() {
docker exec test bash -c 'if [ -f /var/lib/wb-local-credentials ]; then cat /var/lib/wb-local-credentials; fi' 2>/dev/null || true
}

# Clean post-startup summary, with the same labels install-workbench.sh prints
# so a resume reads the same as a fresh install. The header reflects real
# readiness: this image's init script has no 'status' verb, so we check for the
# running rserver process directly.
wb_print_ready() {
local v wb pos src
local v wb pos src creds
v="$(wb_versions)"
wb="$(printf '%s' "$v" | cut -f1)"
pos="$(printf '%s' "$v" | cut -f2)"
src="$(wb_source_build)"
creds="$(wb_credentials_type)"
echo ''
if docker exec test bash -c 'pgrep -x rserver >/dev/null 2>&1'; then
# allow-any-unicode-next-line
Expand All @@ -461,6 +474,7 @@ wb_print_ready() {
printf 'Positron version: %s\n' "$pos"
printf 'Workbench version: %s\n' "$wb"
[ -n "$src" ] && printf 'Workbench build: %s\n' "$src"
[ -n "$creds" ] && printf 'Credentials: %s\n' "$creds"
printf 'Workbench URL: %s (user1 / WB_PASSWORD)\n' "http://localhost:8787"
printf 'Connect URL: %s\n' "http://localhost:3939"
echo ''
Expand Down Expand Up @@ -524,11 +538,11 @@ VERSION PICKERS
specific n-1/n-2 build.

ACCESS
Workbench http://localhost:8787 (user1 / WB_PASSWORD from docker/environments/workbench-dev/.env)
Workbench http://localhost:8787 (user1 / WB_PASSWORD from docker/environments/pwb-local/.env)
Connect http://localhost:3939

SETUP (details: docker/environments/workbench-dev/README-positron-workbench.md)
gh auth login (once, include read:packages) workbench.lic + connect.lic in docker/environments/workbench-dev/
SETUP (details: docker/environments/pwb-local/README.md)
gh auth login (once, include read:packages) workbench.lic + connect.lic in docker/environments/pwb-local/
GITHUB_TOKEN and docker login ghcr.io are derived from gh automatically.
optional: fzf (arrow-key pickers; falls back to a numbered prompt)
EOF
Expand All @@ -539,7 +553,7 @@ main() {
case "$sub" in
up) cmd_up "$@" ;;
# Flag-style invocations (no explicit "up") route to cmd_up with the flag.
--reinstall|--ttl|--ttl=*|--no-ttl) cmd_up "$sub" "$@" ;;
--reinstall|--ttl|--ttl=*|--no-ttl|--credentials=*) cmd_up "$sub" "$@" ;;
status) cmd_status "$@" ;;
logs) cmd_logs "$@" ;;
shell) cmd_shell "$@" ;;
Expand Down
13 changes: 12 additions & 1 deletion docker/environments/wb-local/install-workbench.sh
Original file line number Diff line number Diff line change
Expand Up @@ -344,10 +344,18 @@ if ! TAG=${POSITRON_TAG} ARCH_SUFFIX=${ARCH_SUFFIX} GITHUB_TOKEN=${GITHUB_TOKEN}
fi

# Configure data sources (one credential type: databricks, snowflake, or azure)
CREDENTIALS_OK=false
if [ -n "${CREDENTIALS}" ]; then
echo "Configuring data source: ${CREDENTIALS}..."
# Clear any marker from a previous run before attempting this one, so a
# failed attempt here can never leave behind a stale success marker.
rm -f /var/lib/wb-local-credentials 2>/dev/null || true
if [ -f "/tmp/configure-datasources.sh" ]; then
if ! /tmp/configure-datasources.sh "${CREDENTIALS}"; then
if /tmp/configure-datasources.sh "${CREDENTIALS}"; then
CREDENTIALS_OK=true
# Record success so a later 'npm run pwb -- status' can show it too.
printf '%s\n' "${CREDENTIALS}" > /var/lib/wb-local-credentials 2>/dev/null || true
else
log_error "Failed to configure data source: ${CREDENTIALS}"
fi
else
Expand Down Expand Up @@ -403,6 +411,9 @@ POSITRON_FULL_VERSION="${POSITRON_VERSION}-${POSITRON_BUILD}"

echo "Positron version: ${POSITRON_FULL_VERSION}"
echo "Workbench version: ${WB_VERSION}"
if [ "${CREDENTIALS_OK}" = true ]; then
echo "Credentials: ${CREDENTIALS}"
fi
echo "Workbench URL: http://localhost:8787"

# Report any errors that occurred
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@
"build-check": "./scripts/build-check.sh",
"build-start": "./scripts/build-start.sh",
"build-stop": "./scripts/build-stop.sh",
"pwb": "bash docker/environments/workbench-dev/workbench-local.sh",
"pwb": "bash docker/environments/pwb-local/workbench-local.sh",
"arm:start": "bash -c \"cd docker/environments/arm-local && ./run-with-license.sh ubuntu24\"",
"arm:start:rocky": "bash -c \"cd docker/environments/arm-local && ./run-with-license.sh rocky8\"",
"arm:connect": "bash -c \"cd docker/environments/arm-local && ./connect.sh\"",
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ We use Playwright as the test framework for end-to-end tests in Positron. Make s

> [!TIP]
> To manually run and debug Positron against Workbench (`e2e-workbench` project), see
> [`docker/environments/workbench-dev/README-positron-workbench.md`](../../docker/environments/workbench-dev/README-positron-workbench.md) (`npm run pwb`).
> [`docker/environments/pwb-local/README.md`](../../docker/environments/pwb-local/README.md) (`npm run pwb`).

#### Running Specific Tests

Expand Down
Loading