chore: updated skaffold config for local, k8s-based dev (#109)

* chore: updated skaffold config for local, k8s-based dev

* ci: replaced superlinter with megalinter

* Update ci.yaml

.cspell.json

@@ -0,0 +1,30 @@
+{
+  "ignorePaths": [
+    "**/node_modules/**",
+    "**/vscode-extension/**",
+    "**/.git/**",
+    ".vscode",
+    "megalinter",
+    "package-lock.json",
+    "report",
+    "**/*.csproj",
+    "skaffold.yaml",
+    "kustomization.yaml",
+    "hack/**",
+    "Dockerfile",
+    ".*"
+  ],
+  "language": "en",
+  "noConfigSearch": true,
+  "words": [
+    "fhir",
+    "birthdate",
+    "xunit",
+    "hapiproject",
+    "chgl",
+    "Kubernetes",
+    "Skaffold",
+    "Kustomize"
+  ],
+  "version": "0.2"
+}

.github/workflows/ci.yaml

@@ -9,48 +9,16 @@ on:
     branches: [master]
 
 jobs:
-  lint:
-    name: Lint Code Base
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v3
-        with:
-          # Full git history is needed to get a proper list of changed files within `super-linter`
-          fetch-depth: 0
-      - uses: actions/setup-python@v3
-      - name: Run pre-commit
-        uses: pre-commit/[email protected]
-      - name: Lint code base
-        uses: github/super-linter@v4
-        env:
-          DEFAULT_BRANCH: master
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          KUBERNETES_KUBEVAL_OPTIONS: "--ignore-missing-schemas"
   build:
     name: Build
     runs-on: ubuntu-20.04
-    needs: lint
     permissions:
       id-token: write
       security-events: write
       packages: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: "fs"
-          ignore-unfixed: true
-          format: "template"
-          template: "@/contrib/sarif.tpl"
-          output: "trivy-results.sarif"
-          severity: "CRITICAL"
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: "trivy-results.sarif"
       - name: Docker meta
         id: docker_meta
         uses: docker/metadata-action@v4
@@ -120,28 +88,6 @@ jobs:
         run: |
           dotnet restore src/FhirServerExporter.Tests.E2E/
           dotnet test src/FhirServerExporter.Tests.E2E/
-      - name: Create k8s KinD Cluster
-        uses: helm/[email protected]
-      - name: Load image into KinD
-        if: ${{ github.event_name == 'pull_request' }}
-        run: |
-          kind load docker-image ${{ steps.list_images.outputs.image_name }} --name=chart-testing
-      - uses: imranismail/setup-kustomize@v1
-        with:
-          kustomize-version: "4.0.5"
-      - name: Deploy image
-        run: |
-          kustomize edit set image fhir-server-exporter="${{ steps.list_images.outputs.image_name }}"
-          kustomize build
-          kustomize build | kubectl apply -f -
-          kubectl get pods -A -o wide
-          kubectl describe pod/fhir-server-exporter
-      - name: Run fhir-server-exporter test job
-        run: |
-          kubectl apply -f hack/k8s/test-job.yaml
-          kubectl get pods -A -o wide
-          kubectl wait --for=condition=Ready --timeout=5m pod/fhir-server-exporter
-          kubectl wait --for=condition=Complete --timeout=5m job/test-fhir-server-exporter
       - name: Install Cosign
         if: ${{ github.event_name != 'pull_request' }}
         uses: sigstore/[email protected]

.github/workflows/mega-linter.yml

@@ -0,0 +1,87 @@
+---
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.github.io
+name: MegaLinter
+
+on:
+  # Trigger mega-linter at every push. Action will also be visible from Pull Requests to master
+  push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions)
+  pull_request:
+    branches: [master, main]
+
+env: # Comment env block if you do not want to apply fixes
+  # Apply linter fixes configuration
+  APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
+  APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all)
+  APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request)
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: MegaLinter
+    runs-on: ubuntu-20.04
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      # Pre-Commit
+      - uses: actions/setup-python@v3
+      - name: Run pre-commit
+        uses: pre-commit/[email protected]
+
+      # MegaLinter
+      - name: MegaLinter
+        id: ml
+        # You can override MegaLinter flavor used to have faster performances
+        # More info at https://megalinter.github.io/flavors/
+        uses: megalinter/megalinter/flavors/dotnet@v5
+        env:
+          # All available variables are described in documentation
+          # https://megalinter.github.io/configuration/
+          VALIDATE_ALL_CODEBASE: true # Set ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} to validate only diff with main branch
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        if: ${{ success() }} || ${{ failure() }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: MegaLinter reports
+          path: |
+            report
+            mega-linter.log
+
+      # Create pull request if applicable (for now works only on PR from same repository, not from forks)
+      - name: Create Pull Request with applied fixes
+        id: cpr
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          commit-message: "[MegaLinter] Apply linters automatic fixes"
+          title: "[MegaLinter] Apply linters automatic fixes"
+          labels: bot
+      - name: Create PR output
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
+        run: |
+          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
+
+      # Push new commit if applicable (for now works only on PR from same repository, not from forks)
+      - name: Prepare commit
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
+        run: sudo chown -Rc $UID .git/
+      - name: Commit and push applied linter fixes
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
+          commit_message: "[MegaLinter] Apply linters fixes"

.hadolint.yaml

@@ -0,0 +1,2 @@
+ignored:
+  - DL3059

.jscpd.json

@@ -0,0 +1,5 @@
+{
+  "threshold": 0,
+  "ignore": ["hack/**/*.json"],
+  "absolute": true
+}

.mega-linter.yml

@@ -0,0 +1,16 @@
+# Configuration file for MegaLinter
+# See all available variables at https://megalinter.github.io/configuration/ and in linters documentation
+
+APPLY_FIXES: all # all, none, or list of linter keys
+# ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default
+# ENABLE_LINTERS: # If you use ENABLE_LINTERS variable, all other linters will be disabled by default
+DISABLE:
+  - COPYPASTE # Comment to enable checks of excessive copy-pastes
+  # - SPELL # Uncomment to disable checks of spelling mistakes
+DISABLE_LINTERS:
+  - MARKDOWN_MARKDOWN_TABLE_FORMATTER
+  - MARKDOWN_MARKDOWN_LINK_CHECK
+  - DOCKERFILE_DOCKERFILELINT
+SHOW_ELAPSED_TIME: true
+FILEIO_REPORTER: false
+# DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass

README.md

@@ -12,8 +12,8 @@ FHIR server resource count exporter for Prometheus.
 ```sh
 docker run --rm -it \
     -p 9797:9797 \
-    -e FHIRSERVERURL="http://hapi.fhir.org/baseR4" \
-    -e FETCHINTERVALSECONDS=60 \
+    -e FhirServerUrl="http://hapi.fhir.org/baseR4" \
+    -e FetchIntervalSeconds=60 \
     ghcr.io/chgl/fhir-server-exporter:latest
 ```
 
@@ -41,18 +41,18 @@ instead of using `latest`.
 
 | Environment Variable          | Description                                                                                                     | Default value |
 | ----------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------- |
-| FHIRSERVERURL                 | The base URL of the FHIR server whose metrics should be exported. E.g. `http://localhost:8082/fhir`             | `""`          |
-| FHIRSERVERNAME                | A friendly name for the server. Included as a `server_name` label in the `fhir_resource_count` metric.          | `""`          |
-| FETCHINTERVALSECONDS          | The number of seconds between consecutive REST requests to the FHIR server to fetch all resource counts.        | `30`          |
-| METRICSPORT                   | The local port on which the metrics should be exposed at.                                                       | `9797`        |
-| EXCLUDEDRESOURCES             | A comma-seperated list of FHIR resource types that should be excluded from counting. E.g. `Binary,Subscription` | `""`          |
-| AUTH\_\_BASIC\_\_USERNAME     | If the FHIR server requires basic auth, this allows setting the username.                                       | `""`          |
-| AUTH\_\_BASIC\_\_PASSWORD     | Basic auth password.                                                                                            | `""`          |
-| AUTH\_\_BEARERTOKEN           | Static token to set in the `Authorization: Bearer ...` header.                                                  | `""`          |
-| AUTH\_\_OAUTH\_\_TOKENURL     | OAuth token endpoint URL.                                                                                       | `""`          |
-| AUTH\_\_OAUTH\_\_CLIENTID     | OAuth client ID.                                                                                                | `""`          |
-| AUTH\_\_OAUTH\_\_CLIENTSECRET | OAuth client secret                                                                                             | `""`          |
-| AUTH\_\_OAUTH\_\_SCOPE        | OAuth scope                                                                                                     | `""`          |
+| FhirServerUrl                 | The base URL of the FHIR server whose metrics should be exported. E.g. `http://localhost:8082/fhir`             | `""`          |
+| FhirServerName                | A friendly name for the server. Included as a `server_name` label in the `fhir_resource_count` metric.          | `""`          |
+| FetchIntervalSeconds          | The number of seconds between consecutive REST requests to the FHIR server to fetch all resource counts.        | `30`          |
+| MetricsPort                   | The local port on which the metrics should be exposed at.                                                       | `9797`        |
+| ExcludedResources             | A comma-separated list of FHIR resource types that should be excluded from counting. E.g. `Binary,Subscription` | `""`          |
+| Auth\_\_Basic\_\_Username     | If the FHIR server requires basic auth, this allows setting the username.                                       | `""`          |
+| Auth\_\_Basic\_\_Password     | Basic auth password.                                                                                            | `""`          |
+| Auth\_\_BearerToken           | Static token to set in the `Authorization: Bearer ...` header.                                                  | `""`          |
+| Auth\_\_OAuth\_\_TokenUrl     | OAuth token endpoint URL.                                                                                       | `""`          |
+| Auth\_\_OAuth\_\_ClientId     | OAuth client ID.                                                                                                | `""`          |
+| Auth\_\_OAuth\_\_ClientSecret | OAuth client secret                                                                                             | `""`          |
+| Auth\_\_OAuth\_\_Scope        | OAuth scope                                                                                                     | `""`          |
 
 ### Custom Queries
 
@@ -61,7 +61,7 @@ Create a file called `queries.yaml` and place it in the application's main direc
 
 ```sh
 docker run --rm -it \
-   -e FHIRSERVERURL="http://hapi.fhir.org/baseR4" \
+   -e FhirServerUrl="http://hapi.fhir.org/baseR4" \
    -p 9797:9797 \
    -v $PWD/src/FhirServerExporter/queries.yaml:/opt/fhir-server-exporter/queries.yaml:ro \
    ghcr.io/chgl/fhir-server-exporter:latest
@@ -125,17 +125,17 @@ so if you've specified both a basic auth username and password and an oauth toke
    kind create cluster
    ```
 
-1. build and deploy container in development mode
+1. build and deploy container in development mode. This also bootstraps a HAPI FHIR server and loads some sample resources into it.
 
    ```sh
-   skaffold dev
+   skaffold dev --port-forward
    ```
 
 ### Build and run container image locally
 
 ```sh
 docker build -t fhir-server-exporter .
-docker run -e FHIRSERVERURL="http://host.docker.internal:8082/fhir" -p 9797:9797 fhir-server-exporter
+docker run -e FhirServerUrl="http://host.docker.internal:8082/fhir" -p 9797:9797 fhir-server-exporter
 ```
 
 ## Verify image integrity

hack/k8s/load-sample-data.yaml

@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: load-fhir-sample-data
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      initContainers:
+        - name: wait-for-fhir-server
+          image: docker.io/curlimages/curl:7.78.0
+          env:
+            - name: FHIR_URL
+              value: http://fhir-server:8080/fhir
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              until [ "$(curl -s -o /dev/null -L -w '%{http_code}' "$FHIR_URL/metadata")" == "200" ]; do
+                echo "$(date): Waiting for FHIR server to be up";
+                sleep 15;
+              done;
+      containers:
+        - name: curl
+          image: curlimages/curl:7.78.0
+          command: ["/bin/sh", "-c"]
+          env:
+            - name: FHIR_URL
+              value: http://fhir-server:8080/fhir
+          args:
+            - curl -X POST -H 'Content-Type:application/fhir+json' -d @/opt/data/chester.json $FHIR_URL
+          volumeMounts:
+            - name: fhir-sample-data-volume
+              mountPath: /opt/data
+      volumes:
+        - name: fhir-sample-data-volume
+          configMap:
+            name: synthea-fhir-sample-data

hack/k8s/pods.yaml

@@ -7,7 +7,16 @@ metadata:
 spec:
   containers:
     - name: fhir-server
-      image: docker.io/hapiproject/hapi:v5.5.1-distroless
+      image: docker.io/hapiproject/hapi:v6.0.1
+      readinessProbe:
+        failureThreshold: 5
+        initialDelaySeconds: 45
+        periodSeconds: 10
+        successThreshold: 1
+        timeoutSeconds: 5
+        httpGet:
+          path: /actuator/health/readiness
+          port: http
       resources:
         limits:
           memory: "2Gi"
@@ -34,6 +43,19 @@ metadata:
   labels:
     app.kubernetes.io/name: fhir-server-exporter
 spec:
+  initContainers:
+    - name: wait-for-fhir-server
+      image: docker.io/curlimages/curl:7.78.0
+      env:
+        - name: FHIR_URL
+          value: http://fhir-server:8080/fhir
+      command: ["/bin/sh", "-c"]
+      args:
+        - |
+          until [ "$(curl -s -o /dev/null -L -w '%{http_code}' "$FHIR_URL/metadata")" == "200" ]; do
+            echo "$(date): Waiting for FHIR server to be up";
+            sleep 15;
+          done;
   containers:
     - name: fhir-server-exporter
       image: fhir-server-exporter

hack/k8s/test-job.yaml

@@ -8,7 +8,7 @@ spec:
       automountServiceAccountToken: false
       containers:
         - name: curl
-          image: curlimages/curl:7.75.0
+          image: curlimages/curl:7.78.0
           command: ["/bin/sh", "-c"]
           args:
             - curl