diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
index 542bd64..2c8b422 100644
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -17,7 +17,7 @@ env:
jobs:
build:
name: Build
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Container meta for default (distroless) image
id: docker_meta
diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml
index ef83c32..f1316a3 100644
--- a/.github/workflows/chart-test.yaml
+++ b/.github/workflows/chart-test.yaml
@@ -9,7 +9,7 @@ on:
jobs:
lint:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
container: quay.io/helmpack/chart-testing:v3.11.0@sha256:f2fd21d30b64411105c7eafb1862783236a219d29f2292219a09fe94ca78ad2a
steps:
- name: Install helm-docs
@@ -38,10 +38,10 @@ jobs:
run: ct lint --config .github/ct/config.yaml
test:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
strategy:
matrix:
- k8s-version: [1.30.8, 1.31.4, 1.32.0]
+ k8s-version: [1.32.0, 1.33.0, 1.34.0, 1.35.0]
needs:
- lint
steps:
diff --git a/Dockerfile b/Dockerfile
index 542354d..a8bbd9a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
-FROM docker.io/library/maven:3.9.9-eclipse-temurin-17 AS build-hapi
+FROM docker.io/library/maven:3.9.12-eclipse-temurin-17 AS build-hapi
WORKDIR /tmp/hapi-fhir-jpaserver-starter
-ARG OPENTELEMETRY_JAVA_AGENT_VERSION=2.13.1
+ARG OPENTELEMETRY_JAVA_AGENT_VERSION=2.24.0
RUN curl -LSsO https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${OPENTELEMETRY_JAVA_AGENT_VERSION}/opentelemetry-javaagent.jar
COPY pom.xml .
@@ -16,28 +16,26 @@ RUN mvn package -DskipTests spring-boot:repackage -Pboot
RUN mkdir /app && cp /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /app/main.war
-########### bitnami tomcat version is suitable for debugging and comes with a shell
+########### Use the official Tomcat image as base image for the Tomcat variant
########### it can be built using eg. `docker build --target tomcat .`
-FROM docker.io/bitnamilegacy/tomcat:10.1.43-debian-12-r0 AS tomcat
+FROM docker.io/library/tomcat:10-jre21-temurin-noble AS tomcat
USER root
-RUN rm -rf /opt/bitnami/tomcat/webapps/ROOT && \
- mkdir -p /opt/bitnami/hapi/data/hapi/lucenefiles && \
- chown -R 1001:1001 /opt/bitnami/hapi/data/hapi/lucenefiles && \
- chmod 775 /opt/bitnami/hapi/data/hapi/lucenefiles
+RUN rm -rf /usr/local/tomcat/webapps/ROOT && \
+ mkdir -p /usr/local/tomcat/data/hapi/lucenefiles && \
+ chown -R 65532:65532 /usr/local/tomcat/data/hapi/lucenefiles && \
+ chmod 775 /usr/local/tomcat/data/hapi/lucenefiles
-RUN mkdir -p /target && chown -R 1001:1001 target
-USER 1001
+RUN mkdir -p /target && chown -R 65532:65532 /target
+USER 65532
-COPY --chown=1001:1001 catalina.properties /opt/bitnami/tomcat/conf/catalina.properties
-COPY --chown=1001:1001 server.xml /opt/bitnami/tomcat/conf/server.xml
-COPY --from=build-hapi --chown=1001:1001 /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /opt/bitnami/tomcat/webapps/ROOT.war
-COPY --from=build-hapi --chown=1001:1001 /tmp/hapi-fhir-jpaserver-starter/opentelemetry-javaagent.jar /app
-
-ENV ALLOW_EMPTY_PASSWORD=yes
+COPY --chown=65532:65532 catalina.properties /usr/local/tomcat/conf/catalina.properties
+COPY --chown=65532:65532 server.xml /usr/local/tomcat/conf/server.xml
+COPY --from=build-hapi --chown=65532:65532 /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /usr/local/tomcat/webapps/ROOT.war
+COPY --from=build-hapi --chown=65532:65532 /tmp/hapi-fhir-jpaserver-starter/opentelemetry-javaagent.jar /app
########### distroless brings focus on security and runs on plain spring boot - this is the default image
-FROM gcr.io/distroless/java17-debian12:nonroot AS default
+FROM gcr.io/distroless/java21-debian13:nonroot AS default
# 65532 is the nonroot user's uid
# used here instead of the name to allow Kubernetes to easily detect that the container
# is running as a non-root (uid != 0) user.
diff --git a/charts/hapi-fhir-jpaserver/Chart.yaml b/charts/hapi-fhir-jpaserver/Chart.yaml
index e324b40..c62394e 100644
--- a/charts/hapi-fhir-jpaserver/Chart.yaml
+++ b/charts/hapi-fhir-jpaserver/Chart.yaml
@@ -13,8 +13,8 @@ dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.31.3
-appVersion: 8.2.0
-version: 0.21.0
+appVersion: 8.6.0
+version: 0.22.0
annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/containsSecurityUpdates: "false"
diff --git a/charts/hapi-fhir-jpaserver/README.md b/charts/hapi-fhir-jpaserver/README.md
index 1f2d42a..e7c7e14 100644
--- a/charts/hapi-fhir-jpaserver/README.md
+++ b/charts/hapi-fhir-jpaserver/README.md
@@ -1,6 +1,6 @@
# HAPI FHIR JPA Server Starter Helm Chart
-  
+  
This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
@@ -39,7 +39,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
| image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use |
| image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted |
| image.repository | string | `"hapiproject/hapi"` | the path inside the repository |
-| image.tag | string | `"v8.2.0-1@sha256:e85ded02f60e25a66e6d9423ea71f3ebc9494e3a69bdd7d7dbfa31b8aa5b2fe9"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. |
+| image.tag | string | `"v8.6.0-1@sha256:7611e4d6601f35dd8c223ed2ed47a2807be06976f71b2e5990e6541bbc90c16f"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. |
| imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image |
| ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. |
| ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint |
diff --git a/charts/hapi-fhir-jpaserver/values.yaml b/charts/hapi-fhir-jpaserver/values.yaml
index a189bca..19f0e26 100644
--- a/charts/hapi-fhir-jpaserver/values.yaml
+++ b/charts/hapi-fhir-jpaserver/values.yaml
@@ -7,7 +7,7 @@ image:
# -- the path inside the repository
repository: hapiproject/hapi
# -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image.
- tag: "v8.2.0-1@sha256:e85ded02f60e25a66e6d9423ea71f3ebc9494e3a69bdd7d7dbfa31b8aa5b2fe9"
+ tag: "v8.6.0-1@sha256:7611e4d6601f35dd8c223ed2ed47a2807be06976f71b2e5990e6541bbc90c16f"
# -- image pullPolicy to use
pullPolicy: IfNotPresent
diff --git a/docker-build.bat b/docker-build.bat
index fab0cec..294ba80 100644
--- a/docker-build.bat
+++ b/docker-build.bat
@@ -1 +1 @@
-docker build --tag hapiproject/hapi:latest --tag hapiproject/hapi:4.1 -m 4g .
\ No newline at end of file
+docker build --tag hapiproject/hapi:latest --tag hapiproject/hapi:8.6.1 -m 4g .
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 9c970b4..543ef4b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,3 @@
-version: "3"
services:
hapi-fhir-jpaserver-start:
build: .
@@ -8,18 +7,29 @@ services:
SPRING_DATASOURCE_URL: "jdbc:postgresql://hapi-fhir-postgres:5432/hapi"
SPRING_DATASOURCE_USERNAME: "admin"
SPRING_DATASOURCE_PASSWORD: "admin"
- SPRING_DATASOURCE_DRIVERCLASSNAME: "org.postgresql.Driver"
+ SPRING_DATASOURCE_DRIVER_CLASS_NAME: "org.postgresql.Driver"
+ SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgresDialect
ports:
- "8080:8080"
+ depends_on:
+ hapi-fhir-postgres:
+ condition: service_healthy
hapi-fhir-postgres:
- image: postgres:15-alpine
+ image: postgres:16-alpine
container_name: hapi-fhir-postgres
restart: always
environment:
POSTGRES_DB: "hapi"
POSTGRES_USER: "admin"
POSTGRES_PASSWORD: "admin"
+ healthcheck:
+ test: ["CMD-SHELL", "sh -c 'pg_isready -U admin -d hapi' || exit 1"]
+ interval: 10s
+ timeout: 5s
+ start_period: 5s
+ retries: 5
volumes:
- hapi-fhir-postgres:/var/lib/postgresql/data
+
volumes:
hapi-fhir-postgres:
diff --git a/pom.xml b/pom.xml
index e3af415..e4f1cf7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,6 +7,20 @@
17
1
4.0.0
+
+
+ 3.5.4
+ ${maven.failsafe.version}
+ 3.9.0
+ 3.14.1
+
+
+ 1.1.2
+ 4.3.0
+ 1.16.2
+ 1.3.5
+ 3.5.9
+ 42.7.9
@@ -20,7 +34,7 @@
ca.uhn.hapi.fhir
hapi-fhir
- 8.6.0
+ 8.6.1
hapi-fhir-jpaserver-starter
@@ -73,6 +87,7 @@
org.postgresql
postgresql
+ ${postgresql.version}
com.microsoft.sqlserver
@@ -222,7 +237,7 @@
commons-logging
commons-logging
- 1.2
+ ${commons.logging.version}
provided
@@ -344,7 +359,7 @@
org.awaitility
awaitility
- 4.2.0
+ ${awaitility.version}
test
@@ -364,41 +379,41 @@
io.micrometer
micrometer-core
- 1.13.3
+ ${micrometer.version}
io.micrometer
micrometer-registry-prometheus
- 1.13.3
+ ${micrometer.version}
io.micrometer
micrometer-registry-prometheus-simpleclient
- 1.13.3
+ ${micrometer.version}
com.zaxxer
HikariCP
- 5.0.1
+ 5.1.0
org.springframework.ai
spring-ai-mcp
- 1.1.0-M2
+ ${spring.ai.version}
org.springframework.ai
spring-ai-starter-mcp-server
- 1.1.0-M2
+ ${spring.ai.version}
@@ -433,12 +448,12 @@
org.apache.maven.plugins
maven-dependency-plugin
- 3.6.0
+ ${maven.dependency.version}
org.apache.maven.plugins
- maven-surefire-plugin
- 3.4.0
+ maven-fire-plugin
+ ${maven.fire.version}
@@ -474,7 +489,7 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.13.0
+ ${maven.compiler.version}
${java.version}
@@ -505,7 +520,7 @@
org.apache.maven.plugins
maven-failsafe-plugin
- 3.4.0
+ ${maven.failsafe.version}
true
@@ -677,62 +692,6 @@
-
- ossrh-repo
-
- false
-
- deployToSonatype
-
-
-
-
- ossrh
- https://oss.sonatype.org/content/repositories/snapshots
-
-
- ossrh
- https://oss.sonatype.org/service/local/staging/deploy/maven2/
-
-
-
-
-
- org.sonatype.plugins
- nexus-staging-maven-plugin
- 1.6.13
- true
-
- ossrh
- https://oss.sonatype.org/
- true
-
-
-
- org.apache.maven.plugins
- maven-gpg-plugin
- 1.6
-
-
- sign-artifacts
- verify
-
- sign
-
-
- ${gpg.keyname}
- ${gpg.keyname}
-
- --pinentry-mode
- loopback
-
-
-
-
-
-
-
-
@@ -742,7 +701,7 @@
com.google.cloud.sql
postgres-socket-factory
- 1.17.0
+ 1.28.0