Calling the Binder API in a build pipeline

Binder
1

I have a bunch of private git repos containing jupyter notebooks, and I am looking for a way to autodeploy those notebooks in Jupyter Lab.

I was thus thinking of creating a CI/CD pipeline who would call the /build endpoint of a locally hosted binder after each git commit.
With the build triggered by a CI/CD pipeline I would have the advantage of having always up to date container images + the ready to use binder badge for end users.

For this to authorize the CI/CD pipeline to call the /build endpoint, since my in-house binder instance has oauth2 authentication enabled.

        BinderSpawner:
          auth_enabled: true

I have thus two questions:
A) Does this CI/CD calling binder makes sense or should I try something elese ? At least I think I am not the only one who tried that: Problem Triggering Binder Build through API endpoint
Should I consider nbgitpuller as an alternative ?

B) For such a CI / CD pipeline to work againt a binder instance with auth enabled, I would need an API token to call the end point.
I see JupyterHub has Using JupyterHub’s REST API — JupyterHub documentation.
Would such a token work with Binder, since the binder auth is delegated to the jupyter hub auth provider ?

2

Answering myself for B)
Yes calling binder to build using a Jupyter Hub API token works, you need to define an externally service, like my_external_builder, and add an entry in loadRoles like

        builder_role: # custom service created to allow external calls to binder
          description: access to the hub binder service
          scopes: [read:hub, list:services, access:services!service=binder]
          services: [external_builder]

I am struggling now to get binder starting a jupyter server, because binder looks for an external_builder user in Jupyter before doing the spawn call and this user is not existing in the user database since it is just a service account.

3

I think you’ll need to create a JupyterHub user instead of a service role, and create an API token.

4

Indeed, with a locally created user with the same name as the service, the binder API /build API call is able to spawn the Pod in Jupyter Hub.
Thanks for the hint !

1 Like