Merge pull request #6 from hl7au/feature/static-platform

Build and deploy nginx image sidecar

.env

@@ -1,5 +1,5 @@
 JS_HOST=""
-INFERNO_HOST=https://localhost
+INFERNO_HOST=https://inferno.hl7.org.au
 VALIDATOR_URL=http://validator_service:4567
 REDIS_URL=redis://redis:6379/0
 BASE_PATH=suites

.env.development

@@ -1 +1,6 @@
+JS_HOST=""
+INFERNO_HOST=https://localhost
+VALIDATOR_URL=http://validator_service:4567
 FHIR_RESOURCE_VALIDATOR_URL=http://localhost/hl7validatorapi
+REDIS_URL=redis://redis:6379/0
+BASE_PATH=suites

.github/workflows/build-and-release-package.yaml

@@ -1,8 +1,12 @@
-name: Build and Release Package
+name: Build and Release Inferno and Nginx Images
+
 on:
   push:
     branches:
       - master
+  pull_request:
+    branches:
+    - master
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
@@ -15,10 +19,23 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.1.2'
+
+      - name: Install dependencies
+        run: |
+          bundle install
+
       - name: Generate static content
-        run: make generate
+        run: |
+          bundle exec rake web:generate
+
       - name: Log in to the Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        # uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -35,3 +52,18 @@ jobs:
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
           labels: ${{ steps.meta.outputs.labels }}
+
+      # - name: Build and push Inferno Docker image
+      #   uses: docker/build-push-action@v2
+      #   with:
+      #     context: .
+      #     push: true
+      #     tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-inferno
+
+      - name: Build and push Nginx Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./nginx.Dockerfile  # Dockerfile for Nginx
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-nginx

backup/deployments.yaml

@@ -142,8 +142,8 @@ spec:
       - name: copy-ig
         image: {{ .Values.inferno.imageUrl }}
         imagePullPolicy: Always
-        # command: ["bash", "-c", "cp /opt/inferno/lib/inferno_platform_template/igs/*.tgz /home/igs"] # for dev/non core image
-        command: ["bash", "-c", "cp /opt/inferno/lib/au_core_test_kit/igs/*.tgz /home/igs"] #for prod / core image
+        command: ["bash", "-c", "cp /opt/inferno/lib/inferno_platform_template/igs/*.tgz /home/igs"] # for dev/non core image
+        # command: ["bash", "-c", "cp /opt/inferno/lib/au_core_test_kit/igs/*.tgz /home/igs"] #for prod / core image
         volumeMounts:
         - name: igs
           mountPath: /home/igs

compose.yml

@@ -11,6 +11,8 @@ services:
     depends_on:
       - validator-api
       - inferno_db
+    env_file:
+      - .env.development
     environment:
       TX_SERVER_URL: https://tx.dev.hl7.org.au/fhir
   inferno_worker:

infra/aws-impl/main.tf

@@ -47,6 +47,11 @@ resource "helm_release" "inferno" {
     value = var.imageUrl
   }
 
+  set {
+    name  = "nginx.platformImageUri"
+    value = var.platformImageUri
+  }
+
   depends_on = [
     module.rds,
   ]

infra/aws-impl/tfvars/dev.tfvars

@@ -1,4 +1,6 @@
 name                 = "inferno"
 environment          = "dev"
 external_domain_name = "dev.inferno.hl7.org.au"
-imageUrl             = "ghcr.io/hl7au/au-fhir-inferno:68270162fcc1997a9ffac63c78530921bf0f32cf"
+# imageUrl             = "ghcr.io/hl7au/au-fhir-core-inferno:3a85fb439cbdf07a94de868ec16fa84a2f4982ca" # old working core image
+imageUrl             = "ghcr.io/hl7au/au-fhir-inferno:d487ba0292c9d5224413424c76ab8a7a3172945e" # new inferno image that has core bundled in?
+platformImageUri     = "ghcr.io/hl7au/au-fhir-inferno:7a99baaf50e18e201e95f7ca91477bc41da0cda8-nginx"

infra/aws-impl/tfvars/prod.tfvars

@@ -1,4 +1,6 @@
 name                 = "inferno"
 environment          = "prod"
 external_domain_name = "inferno.hl7.org.au"
-imageUrl             = "ghcr.io/hl7au/au-fhir-core-inferno:814d5e97bdce0bfda122f433ca7d1f8380c908c9"
+# imageUrl             = "ghcr.io/hl7au/au-fhir-core-inferno:3a85fb439cbdf07a94de868ec16fa84a2f4982ca" # old working core image
+imageUrl             = "ghcr.io/hl7au/au-fhir-inferno:d487ba0292c9d5224413424c76ab8a7a3172945e" # new inferno image that has core bundled in?
+platformImageUri     = "ghcr.io/hl7au/au-fhir-inferno:7a99baaf50e18e201e95f7ca91477bc41da0cda8-nginx"

infra/aws-impl/variables.tf

@@ -35,4 +35,11 @@ variable "name" {
 variable "imageUrl" {
   description = "Image URL"
   type        = string
+}
+
+variable "platformImageUri" {
+  description = "Platform Image URI"
+  type        = string
+  default     = "ghcr.io/hl7au/au-fhir-inferno:8885d0c456d0fdfaa92a915410e54cd820adc0fc"
+
 }

infra/helm/inferno/templates/deployments/inferno.deployment.yaml

@@ -45,4 +45,9 @@ spec:
         - configMapRef:
             name: postgresql-configmap
         - secretRef:
-            name: postgresql-secret
+            name: postgresql-secret
+      - name: nginx
+        image: {{ .Values.nginx.platformImageUri }}
+        imagePullPolicy: Always
+        ports:
+          - containerPort: 80

infra/helm/inferno/templates/deployments/validator-api.deployment.yaml

@@ -23,8 +23,8 @@ spec:
       - name: copy-ig
         image: {{ .Values.inferno.imageUrl }}
         imagePullPolicy: Always
-        # command: ["bash", "-c", "cp /opt/inferno/lib/inferno_platform_template/igs/*.tgz /home/igs"] # for dev/non core image
-        command: ["bash", "-c", "cp /opt/inferno/lib/au_core_test_kit/igs/*.tgz /home/igs"] #for prod / core image
+        command: ["bash", "-c", "cp /opt/inferno/lib/inferno_platform_template/igs/*.tgz /home/igs"] # for dev/non core image
+        # command: ["bash", "-c", "cp /opt/inferno/lib/au_core_test_kit/igs/*.tgz /home/igs"] #for prod / core image
         volumeMounts:
         - name: igs
           mountPath: /home/igs

infra/helm/inferno/values.yaml

@@ -1,4 +1,4 @@
-externalDomain: "dev.inferno.hl7.org.au"
+externalDomain: "default.inferno.hl7.org.au"
 
 inferno:
   imageUrl: "ghcr.io/hl7au/au-fhir-inferno:68270162fcc1997a9ffac63c78530921bf0f32cf"

nginx.Dockerfile

@@ -0,0 +1,3 @@
+FROM nginx:latest
+COPY ./_site /var/www/inferno/public/
+COPY ./nginx.conf /etc/nginx/nginx.conf

nginx.conf

@@ -0,0 +1,121 @@
+user nobody nogroup;
+worker_processes  2;
+
+error_log  /dev/stdout;
+pid        /var/run/nginx.pid;
+
+events {
+  worker_connections  1024;
+  accept_mutex on;
+}
+
+http {
+  include       /etc/nginx/mime.types;
+
+  default_type application/octet-stream;
+  access_log /dev/stdout;
+
+  # Use the kernel sendfile
+  # sendfile        on;  # This causes over-caching because modified timestamps lost in VM
+  # Prepend HTTP headers before sendfile()
+  tcp_nopush     on;
+
+  keepalive_timeout  600;
+  tcp_nodelay        on;
+
+  gzip  on;
+  gzip_vary on;
+  gzip_min_length 500;
+
+  gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+  gzip_types text/plain text/xml text/css
+    text/javascript application/x-javascript
+    application/javascript application/json;
+
+  # Cache static files for a day
+  map $uri $cacheable {
+    ~\.(?:pn|sv)g$    1;
+    ~\.js$            1;
+    ~\.css$           1;
+    ~\.ico$           1;
+  }
+  map $cacheable $cache_control {
+      1        "public, max-age=86400";
+      default  "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+  }
+  map $cacheable $expire {
+      1        1d;
+      default  off;
+  }
+
+  server {
+    listen 80;
+
+    root /var/www/inferno/public;
+
+    client_max_body_size 4G;
+    keepalive_timeout 600;
+
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_redirect off;
+
+    # Set expiration based on type of file
+    add_header Cache-Control $cache_control;
+    expires    $expire;
+
+    #####################################
+    # Redirections
+    # Inferno platforms have explicit 'Test Kit Pages', which isn't
+    # yet available default in inferno core, which is completely suite-oriented.
+
+    # Redirections to use test kit landing pages instead of suite pages
+    # This is primarily for when users are in-app and navigate backwards to start new testing sessions
+    # Inferno platforms are test kit oriented, not suite-oriented
+    rewrite ^/suites/?$ /test-kits/ redirect;
+
+    # Suite landing page -> test-kit landing page mapping
+    # Be careful to not over-match and take over session URLs; this is just for suite landing pages
+    rewrite ^/suites/ipa_v\d+/?$ /test-kits/international-patient-access/ redirect;
+    rewrite ^/suites/us_core_v\d+(_ballot)?/?$ /test-kits/us-core/ redirect;
+    rewrite ^/suites/au_core_v\d+(_ballot)?/?$ /test-kits/au-core/ redirect;
+    rewrite ^/suites/au_ps_v\d+(_ballot)?/?$ /test-kits/au-ps/ redirect;
+
+    # End redirections
+    #####################################
+
+    #####################################
+    # Proxy to individual services
+
+    location /suites {
+      proxy_pass http://inferno:4567;
+    }
+
+    location /hl7validatorapi/ {
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Port $server_port;
+      proxy_redirect off;
+      proxy_set_header Connection '';
+      proxy_http_version 1.1;
+      chunked_transfer_encoding off;
+      proxy_buffering off;
+      proxy_cache off;
+      proxy_read_timeout 600s;
+
+      proxy_pass http://validator-api:3500/;
+    }
+
+    # If you enable the default reference server, uncomment this
+    # location /reference-server {
+    #   proxy_pass http://inferno_reference_server:8080;
+    # }
+
+    # End Proxy to individual Services
+    #####################################
+
+  }
+}