diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index ebe3a64..a6daf0e 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -15,7 +15,7 @@ jobs: - name: Install helm-docs working-directory: /tmp env: - HELM_DOCS_URL: https://github.com/norwoodj/helm-docs/releases/download/v1.11.3/helm-docs_1.11.3_Linux_x86_64.tar.gz + HELM_DOCS_URL: https://github.com/norwoodj/helm-docs/releases/download/v1.13.0/helm-docs_1.13.0_Linux_x86_64.tar.gz run: | curl -LSs $HELM_DOCS_URL | tar xz && \ mv ./helm-docs /usr/local/bin/helm-docs && \ diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml new file mode 100644 index 0000000..ccf5729 --- /dev/null +++ b/.github/workflows/stale.yaml @@ -0,0 +1,19 @@ +name: 'Close stale issues and PRs' +on: + schedule: + - cron: '30 1 * * *' + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: 'This issue is stale because it has been open 730 days with no activity. Remove stale label or comment or this will be closed in 5 days.' + stale-pr-message: 'This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.' + close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.' + close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.' + days-before-issue-stale: 730 + days-before-pr-stale: 45 + days-before-issue-close: 5 + days-before-pr-close: 10 \ No newline at end of file diff --git a/README.md b/README.md index 9e617cb..71135e8 100644 --- a/README.md +++ b/README.md @@ -189,21 +189,32 @@ public class YourInterceptor ## Running locally -The easiest way to run this server entirely depends on your environment requirements. At least, the following 4 ways are supported: +The easiest way to run this server entirely depends on your environment requirements. The following ways are supported: ### Using jetty ```bash -mvn -Pjetty jetty:run +mvn -Pjetty spring-boot:run ``` +The Server will then be accessible at http://localhost:8080/fhir and the CapabilityStatement will be found at http://localhost:8080/fhir/metadata. -If you need to run this server on a different port (using Maven), you can change the port in the run command as follows: - +### Using Spring Boot ```bash -mvn -Pjetty -Djetty.port=8888 jetty:run +mvn spring-boot:run ``` -Server will then be accessible at http://localhost:8888/ and eg. http://localhost:8888/fhir/metadata. Remember to adjust you overlay configuration in the application.yaml to eg. +The Server will then be accessible at http://localhost:8080/fhir and the CapabilityStatement will be found at http://localhost:8080/fhir/metadata. + +If you want to run this server on a different port, you can change the port in the `src/main/resources/application.yaml` file as follows: + +```yaml +server: +# servlet: +# context-path: /example/path + port: 8888 +``` + +The Server will then be accessible at http://localhost:8888/fhir and the CapabilityStatement will be found at http://localhost:8888/fhir/metadata. Remember to adjust your overlay configuration in the `application.yaml` file to the following: ```yaml tester: @@ -219,7 +230,7 @@ Server will then be accessible at http://localhost:8888/ and eg. http://localhos ```bash mvn clean spring-boot:run -Pboot ``` -Server will then be accessible at http://localhost:8080/ and eg. http://localhost:8080/fhir/metadata. Remember to adjust you overlay configuration in the application.yaml to eg. +Server will then be accessible at http://localhost:8080/ and eg. http://localhost:8080/fhir/metadata. Remember to adjust you overlay configuration in the application.yaml to the following: ```yaml tester: @@ -235,7 +246,7 @@ Server will then be accessible at http://localhost:8080/ and eg. http://localhos ```bash mvn clean package spring-boot:repackage -Pboot && java -jar target/ROOT.war ``` -Server will then be accessible at http://localhost:8080/ and eg. http://localhost:8080/fhir/metadata. Remember to adjust your overlay configuration in the application.yaml to eg. +Server will then be accessible at http://localhost:8080/ and eg. http://localhost:8080/fhir/metadata. Remember to adjust your overlay configuration in the application.yaml to the following: ```yaml tester: @@ -250,7 +261,7 @@ Server will then be accessible at http://localhost:8080/ and eg. http://localhos ```bash mvn clean package com.google.cloud.tools:jib-maven-plugin:dockerBuild -Dimage=distroless-hapi && docker run -p 8080:8080 distroless-hapi ``` -Server will then be accessible at http://localhost:8080/ and eg. http://localhost:8080/fhir/metadata. Remember to adjust your overlay configuration in the application.yaml to eg. +Server will then be accessible at http://localhost:8080/ and eg. http://localhost:8080/fhir/metadata. Remember to adjust your overlay configuration in the application.yaml to the following: ```yaml tester: @@ -266,7 +277,7 @@ Server will then be accessible at http://localhost:8080/ and eg. http://localhos ```bash ./build-docker-image.sh && docker run -p 8080:8080 hapi-fhir/hapi-fhir-jpaserver-starter:latest ``` -Server will then be accessible at http://localhost:8080/ and eg. http://localhost:8080/fhir/metadata. Remember to adjust your overlay configuration in the application.yaml to eg. +Server will then be accessible at http://localhost:8080/ and eg. http://localhost:8080/fhir/metadata. Remember to adjust your overlay configuration in the application.yaml to the following: ```yaml tester: diff --git a/charts/hapi-fhir-jpaserver/Chart.lock b/charts/hapi-fhir-jpaserver/Chart.lock index fa3830b..ff1845e 100644 --- a/charts/hapi-fhir-jpaserver/Chart.lock +++ b/charts/hapi-fhir-jpaserver/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.27 -digest: sha256:6374f6f32d32adbe6763c48e2d817d85ec20a1784b2aea1fb0312c658f8e58e9 -generated: "2024-01-10T17:56:36.521957926+01:00" + version: 14.3.1 +digest: sha256:fb1d56a00b544bb2ad5691553cadf6384f499652acb9ff5ad625ef36a1b8979e +generated: "2024-03-10T14:43:22.395381351+01:00" diff --git a/charts/hapi-fhir-jpaserver/Chart.yaml b/charts/hapi-fhir-jpaserver/Chart.yaml index 0950131..c65fe30 100644 --- a/charts/hapi-fhir-jpaserver/Chart.yaml +++ b/charts/hapi-fhir-jpaserver/Chart.yaml @@ -7,11 +7,11 @@ sources: - https://github.com/hapifhir/hapi-fhir-jpaserver-starter dependencies: - name: postgresql - version: 13.2.27 + version: 14.3.1 repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql.enabled -appVersion: 6.10.1 -version: 0.15.0 +appVersion: 7.0.3 +version: 0.16.0 annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/containsSecurityUpdates: "false" @@ -24,8 +24,8 @@ annotations: # When using the list of objects option the valid supported kinds are # added, changed, deprecated, removed, fixed, and security. - kind: changed - description: updated starter image to 6.10.1 + description: updated starter image to v7.0.3 - kind: changed - description: updated curlimages/curl to 8.5.0 + description: updated curlimages/curl to 8.6.0 - kind: changed - description: "updated postgresql sub-chart to 13.2.27. ⚠️: this updates the used PostgreSQL image from v15 to v16." + description: "updated postgresql sub-chart to 14.3.1." diff --git a/charts/hapi-fhir-jpaserver/README.md b/charts/hapi-fhir-jpaserver/README.md index 87b9bb1..8b42fba 100644 --- a/charts/hapi-fhir-jpaserver/README.md +++ b/charts/hapi-fhir-jpaserver/README.md @@ -1,6 +1,6 @@ # HAPI FHIR JPA Server Starter Helm Chart -![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.10.1](https://img.shields.io/badge/AppVersion-6.10.1-informational?style=flat-square) +![Version: 0.16.0](https://img.shields.io/badge/Version-0.16.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.0.3](https://img.shields.io/badge/AppVersion-7.0.3-informational?style=flat-square) This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment. @@ -15,7 +15,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver | Repository | Name | Version | |------------|------|---------| -| oci://registry-1.docker.io/bitnamicharts | postgresql | 13.2.27 | +| oci://registry-1.docker.io/bitnamicharts | postgresql | 14.3.1 | ## Values @@ -36,7 +36,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use | | image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted | | image.repository | string | `"hapiproject/hapi"` | the path inside the repository | -| image.tag | string | `"v6.10.1@sha256:4eac1b3481180b028616d1fab7e657e368538063d75f7ed3be2032e34c657dd4"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. | +| image.tag | string | `"v7.0.3@sha256:73ff82fec42e5cbb7e66338d47af09ba91c140e98beeaee41a5459572d5ae1ce"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. | | imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image | | ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. | | ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint | @@ -57,6 +57,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver | postgresql.auth.database | string | `"fhir"` | name for a custom database to create | | postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set), and `replication-password` (which is the password for replication user). The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. The value is evaluated as a template. | | postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see for details if set to `false`, the values under `externalDatabase` are used | +| postgresql.primary.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | | | replicaCount | int | `1` | number of replicas to deploy | | resources | object | `{}` | configure the FHIR server's resource requests and limits | | securityContext.allowPrivilegeEscalation | bool | `false` | | @@ -139,4 +140,4 @@ kubectl port-forward -n observability service/simplest-query 16686:16686 and opening in your browser. ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/charts/hapi-fhir-jpaserver/templates/deployment.yaml b/charts/hapi-fhir-jpaserver/templates/deployment.yaml index fc73ae2..fac0f60 100644 --- a/charts/hapi-fhir-jpaserver/templates/deployment.yaml +++ b/charts/hapi-fhir-jpaserver/templates/deployment.yaml @@ -31,7 +31,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: wait-for-db-to-be-ready - image: docker.io/bitnami/postgresql:16.1.0-debian-11-r18@sha256:06f1f2297f6241a02bd8e8c025b31625254ca66784ac75a4a62e945fa611d045 + image: docker.io/bitnami/postgresql:16.2.0-debian-12-r6@sha256:ea55532b6f75afbc97f617d91ec5efae17609c8eb825a31845fa9cb9e4aa13e1 imagePullPolicy: IfNotPresent {{- with .Values.restrictedContainerSecurityContext }} securityContext: diff --git a/charts/hapi-fhir-jpaserver/values.yaml b/charts/hapi-fhir-jpaserver/values.yaml index 00326b8..5a67015 100644 --- a/charts/hapi-fhir-jpaserver/values.yaml +++ b/charts/hapi-fhir-jpaserver/values.yaml @@ -7,7 +7,7 @@ image: # -- the path inside the repository repository: hapiproject/hapi # -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. - tag: "v6.10.1@sha256:4eac1b3481180b028616d1fab7e657e368538063d75f7ed3be2032e34c657dd4" + tag: "v7.0.3@sha256:73ff82fec42e5cbb7e66338d47af09ba91c140e98beeaee41a5459572d5ae1ce" # -- image pullPolicy to use pullPolicy: IfNotPresent @@ -109,6 +109,9 @@ postgresql: # see for details # if set to `false`, the values under `externalDatabase` are used enabled: true + primary: + containerSecurityContext: + readOnlyRootFilesystem: true auth: # -- name for a custom database to create database: "fhir" diff --git a/pom.xml b/pom.xml index 105ce4d..955f560 100644 --- a/pom.xml +++ b/pom.xml @@ -596,9 +596,20 @@ - - - + + + + + + + + + + + + + + jetty @@ -676,5 +687,18 @@ + + + cloudsql-postgres + + + com.google.cloud.sql + postgres-socket-factory + 1.17.0 + + + diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/web/JobController.java b/src/main/java/ca/uhn/fhir/jpa/starter/web/JobController.java new file mode 100644 index 0000000..5be2049 --- /dev/null +++ b/src/main/java/ca/uhn/fhir/jpa/starter/web/JobController.java @@ -0,0 +1,42 @@ +package ca.uhn.fhir.jpa.starter.web; + +import ca.uhn.fhir.batch2.api.IJobCoordinator; +import ca.uhn.fhir.batch2.api.JobOperationResultJson; +import ca.uhn.fhir.batch2.model.JobInstance; +import ca.uhn.fhir.batch2.model.StatusEnum; +import ca.uhn.fhir.batch2.models.JobInstanceFetchRequest; +import jakarta.validation.constraints.Min; +import org.springframework.data.domain.Sort; +import org.springframework.http.MediaType; +import org.springframework.web.bind.annotation.*; + +import java.util.List; + +@RestController +@RequestMapping("control") +public class JobController { + private final IJobCoordinator theJobCoordinator; + + public JobController(IJobCoordinator theJobCoordinator) { + this.theJobCoordinator = theJobCoordinator; + } + + @RequestMapping(value = JobController.JOBS, method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) + public List getAllJobs(@RequestParam(name = "pageStart") @Min(0) int pageStart, @RequestParam(name = "batchSize") int batchSize, @RequestParam(name = "jobStatus", required = false) StatusEnum jobStatus) { + JobInstanceFetchRequest jobInstanceFetchRequest = new JobInstanceFetchRequest(); + jobInstanceFetchRequest.setPageStart(pageStart); + jobInstanceFetchRequest.setBatchSize(batchSize); + jobInstanceFetchRequest.setJobStatus(jobStatus != null ? jobStatus.toString() : ""); + jobInstanceFetchRequest.setSort(Sort.by(Sort.Direction.DESC, JobController.MY_CREATE_TIME)); + + return theJobCoordinator.fetchAllJobInstances(jobInstanceFetchRequest).getContent(); + } + + @RequestMapping(value = JobController.JOBS, method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) + public JobOperationResultJson cancelInstance(@RequestParam(name = "instanceId") String instanceId) { + return theJobCoordinator.cancelInstance(instanceId); + } + + public static final String JOBS = "jobs"; + public static final String MY_CREATE_TIME = "myCreateTime"; +} diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index e59c338..013c29e 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -1,7 +1,8 @@ -#Uncomment the following lines to enable the fhir endpoint to be available at /example/path/fhir instead of /fhir -#server: +#Uncomment the "servlet" and "context-path" lines below to make the fhir endpoint available at /example/path/fhir instead of the default value of /fhir +server: # servlet: # context-path: /example/path + port: 8080 #Adds the option to go to eg. http://localhost:8080/actuator/health for seeing the running configuration #see https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints management: