| > ChromiumOS's [sommelier also crosses] container/vm boundaries IIRC. chromiumos/docs/+/HEAD/containers_and_vms.md > Can I run Wayland programs? with Sommelier:
https://chromium.googlesource.com/chromiumos/docs/+/HEAD/con... But that doesn't solve because containers and vms aren't on and aren't supported for their accounts. A school chromebook's access to containers could be controlled by setting the containers.conf repo URL to a Container Image Repository controlled by the school. GitHub, Gitea, and GitLab all support storing (OCI) container images. An instructor would import a container image with an associated Pull Request that causes an Action to run to (1) scan the container and its SBOM Software Bill of Materials; before (2) hosting the container image for the students and (3) regularly (along with e.g. Dependabot, which for security regularly checks for references to outdated versions of software in GitHub repos) . It looks like GitHub supports 3rd party code scanning tools, too; so Instructors and Students could auto-scan for security vulnerabilities and get reports back in the Pull Request
https://docs.github.com/en/code-security/code-scanning/intro... GitHub Project Templates are designed to be forked; e.g. like an assignment handout to be filled out (that already has an /.github/workflows/actions.yml and README.md headings). Cookiecutter is another way to create a project/assignment/handout/directory/git_repo skeleton; with jinja2 templates to generate file names like `/{{name}}/README.md` and file contents like {% if name %}<h1>Hello World, {{name}}{% endif %} . jinja2 is a useful skill also for ansible [collections of roles of] playbooks of tasks. chromebook-ansible installs a number of apps by default (including docker and vscode (instead of podman and vscodium or similar)), but because there are variables in the playbook, you can change which parts of the playbook runs by specifying different parameters with ansible inventory: https://github.com/seangreathouse/chromebook-ansible#include... https://github.com/seangreathouse/chromebook-ansible/blob/c8... It would be helpful to be able to provision [Android and Chromebook] devices with [Ansible] like it is possible with Mac, Windows, and Linux devices (without a domain controller; decentralizedly and for bootstrapping). It appears that there happens to be no way to `adb install play-store://url` with Ansible, but there is news about Ansible support for Enterprise Chromebooks. There are [vscode] IDE mentions in the chromebook git repos IIRC. The [vscode] [docker/podman extension] could work with aforementioned functionality to limit which containers can be pulled or are running at a given time. USE CASE (for a "STEM workstations for learning" spec): Create a minimal git repo project from a project template with cookiecutter-pypackage or similar. A minimal project [template] would have at least: /README.md # h1, badges, {{schema:description}}, #install, #usage, #license, #citation
/LICENSE || /COPYING # software/content license terms
/devcontainers.json # for vscode and other IDEs
/environment.yml # which packages to install (conda, pip, repo2podman)
[/src]/example/__init__.py
[/src]/example/main.py
/tests/
/tests/__init__.py
/tests/test_main.py
/example/tests/ # this dir would ship with the package, so that that tests Could run in production
/example/data/ # will be installed in site-packages
/data/ # will not be installed in site-packages without a special setup.py
/docs/
/docs/conf.py # sphinx
/docs/index.rst # .. include('../README.md') .. toctree:: # sphinx
/docs/_toc.yml # jupyter-book
/docs/_quarto.yml # quarto
/docs/_metadata.yml # quarto
# When we need to vendor _other projects in
# we then need src/ (and/or lib/) for _those (and maybe ours_ 2)
[/src][/example]/tests/
[/src][/example]/tests/__init__.py
[/src][/example]/tests/test_main.py
[/src][/libexample2]/COPYING
This is a very common workflow for STEM (PyData) software; how is it done with Win/Mac/Lin (and bash and git) and how do we do this with our Chromebook with no Terminal or Containers? |