[Feature] Custom Extra Environment Variables in TEE instance (#35)

This PR resolves #26 

## Changes

* Dockerfile is now dynamically constructed at the Job creation in
memory. File system no longer used. (Resolves #3)
* Dockerfile is stored in the DB
* The Dockerfile has fields to specify dynamic environment variables
* The Jupyterhub Spawner can set custom environment variables with
prefix `MANATEE_EXTRA_ENV_`.

## Caveats

* Currently, the dockerfile is specifically for Google Confidential
Space backend. We need to make it support different backends (comment
added)
* I find it impossible to test the API with injecting DB dependency. So
I could only do manual testing.

## Testing

* Manual end-to-end testing
* Added unit test for a new function `generateDockerfile`

Author: dayeol

app/dcr_api/BUILD.bazel

@@ -32,28 +32,12 @@ pkg_tar(
     srcs = [":api"],
 )
 
-# TODO: remove app_data and dockerfile when we stop using file system for building kaniko context
-# See https://github.com/manatee-project/manatee/issues/3
-pkg_tar(
-    name = "app_data",
-    empty_dirs = ["data"],
-    package_dir = "/app",
-)
-
-pkg_tar(
-    name = "dockerfile",
-    srcs = ["Dockerfile"],
-    package_dir = "/usr/local/dcr_conf/",
-)
-
 oci_image(
     name = "image",
     base = "@distroless_base_linux_amd64",
     entrypoint = ["/api"],
     tars = [
         ":tar",
-        ":app_data",
-        ":dockerfile",
     ],
     visibility = ["//visibility:public"],
 )

app/dcr_api/Dockerfile

@@ -23,16 +23,18 @@ import (
 
 type Job struct {
 	gorm.Model
-	ID                uint64 `gorm:"id" json:"id""`
-	UUID              string `gorm:"uuid" json:"uuid"`
-	Creator           string `gorm:"creator" json:"creator"`
-	JupyterFileName   string `gorm:"jupyter_file_name" json:"jupyter_file_name"`
-	BuildContextPath  string `gorm:"build_context_path" json:"build_context_path"`
-	DockerImage       string `gorm:"docker_image" json:"docker_image"`
-	DockerImageDigest string `gorm:"docker_image_digest" json:"docker_image_digest"`
-	AttestationReport string `gorm:"attestation_report" json:"attestation_report"`
-	JobStatus         int    `gorm:"job_status" json:"job_status"`
-	InstanceName      string `gorm:"instance_name" json:"instance_name"`
+	ID                uint64            `gorm:"id" json:"id""`
+	UUID              string            `gorm:"uuid" json:"uuid"`
+	Creator           string            `gorm:"creator" json:"creator"`
+	JupyterFileName   string            `gorm:"jupyter_file_name" json:"jupyter_file_name"`
+	BuildContextPath  string            `gorm:"build_context_path" json:"build_context_path"`
+	Dockerfile        string            `gorm:"dockerfile" json:"dockerfile"`
+	DockerImage       string            `gorm:"docker_image" json:"docker_image"`
+	DockerImageDigest string            `gorm:"docker_image_digest" json:"docker_image_digest"`
+	AttestationReport string            `gorm:"attestation_report" json:"attestation_report"`
+	JobStatus         int               `gorm:"job_status" json:"job_status"`
+	InstanceName      string            `gorm:"instance_name" json:"instance_name"`
+	ExtraEnvs         map[string]string `gorm:"serializer:json"`
 }
 
 func (Job) TableName() string {
@@ -51,7 +53,16 @@ func CreateJob(job *Job) error {
 }
 
 func UpdateJob(j *Job) error {
-	result := DB.Model(j).Updates(Job{JobStatus: j.JobStatus, BuildContextPath: j.BuildContextPath, DockerImageDigest: j.DockerImageDigest, DockerImage: j.DockerImage, AttestationReport: j.AttestationReport, InstanceName: j.InstanceName})
+	result := DB.Model(j).Updates(
+		Job{
+			JobStatus:         j.JobStatus,
+			BuildContextPath:  j.BuildContextPath,
+			DockerImageDigest: j.DockerImageDigest,
+			DockerImage:       j.DockerImage,
+			AttestationReport: j.AttestationReport,
+			InstanceName:      j.InstanceName,
+			ExtraEnvs:         j.ExtraEnvs,
+		})
 	if result.Error != nil {
 		return errors.Wrap(result.Error, "failed to update job %v")
 	}