Skip to content

Commit

Permalink
Migrate rshiny-open-source-base image from data platform (#2)
Browse files Browse the repository at this point in the history
* migrate-image-build

* fixed linting pt.1

* fixed linting pt.2

* fixed linting pt.3

* Update Makefile

* Update Makefile

Co-authored-by: Jacob Woffenden <[email protected]>

* update README

* Update README.md

Co-authored-by: Jacob Woffenden <[email protected]>

---------

Co-authored-by: Gary H <[email protected]>
Co-authored-by: Jacob Woffenden <[email protected]>
Co-authored-by: Emterry <[email protected]>
  • Loading branch information
4 people authored Apr 18, 2024
1 parent ebef6b6 commit c47634b
Show file tree
Hide file tree
Showing 9 changed files with 195 additions and 138 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"name": "analytical-platform-image-build-template",
"name": "analytical-platform-rshiny-open-source-base",
"image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
"features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {},
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/scan-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,13 @@ jobs:
with:
push: false
load: true
tags: analytical-platform-image-build-template
tags: analytical-platform-rshiny-open-source-base

- name: Scan Image
id: scan_image
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
with:
image-ref: analytical-platform-image-build-template
image-ref: analytical-platform-rshiny-open-source-base
exit-code: 1
format: sarif
output: trivy-results.sarif
Expand All @@ -51,7 +51,7 @@ jobs:
id: scan_image_on_failure
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
with:
image-ref: analytical-platform-image-build-template
image-ref: analytical-platform-rshiny-open-source-base
exit-code: 1
format: table
severity: CRITICAL
100 changes: 64 additions & 36 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,49 +1,77 @@
# checkov:skip=CKV_DOCKER_2:Healthcheck instructions have not been added to container images
# This image is an example base image for this template and can be replaced to fit user needs
FROM public.ecr.aws/ubuntu/ubuntu@sha256:12fb86d81bc4504d8261a91c83c54b9e5dcdf1d833ba0fe42ec9e0ee09a2b0ba
# checkov:skip=CKV_DOCKER_3:"Ensure that a user for the container has been created"
# hadolint global ignore=DL3008

LABEL org.opencontainers.image.vendor="Ministry of Justice" \
org.opencontainers.image.authors="Analytical Platform ([email protected])"\
org.opencontainers.image.title="{image title}" \
org.opencontainers.image.description="{decription}" \
org.opencontainers.image.url="{your repo url}"
ARG r=4.3.2
FROM rocker/r-ver:${r}

ENV CONTAINER_USER="analyticalplatform" \
CONTAINER_UID="1000" \
CONTAINER_GROUP="analyticalplatform" \
CONTAINER_GID="1000" \
DEBIAN_FRONTEND="noninteractive"
ARG shinyserver=1.5.20.1002
ENV SHINY_SERVER_VERSION=${shinyserver}
ENV PANDOC_VERSION=default
RUN /rocker_scripts/install_shiny_server.sh

SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"]
ENV STRINGI_DISABLE_PKG_CONFIG=true \
AWS_DEFAULT_REGION=eu-west-1 \
TZ=Etc/UTC \
LC_ALL=C.UTF-8

# User
RUN <<EOF
groupadd \
--gid ${CONTAINER_GID} \
${CONTAINER_GROUP}
WORKDIR /srv/shiny-server

useradd \
--uid ${CONTAINER_UID} \
--gid ${CONTAINER_GROUP} \
--create-home \
--shell /bin/bash \
${CONTAINER_USER}
EOF
# Cleanup shiny-server dir
RUN rm -rf ./*

# Base
RUN <<EOF
apt-get update --yes
# Make sure the directory for individual app logs exists
RUN mkdir -p /var/log/shiny-server

apt-get install --yes \
"apt-transport-https=2.4.12" \
"curl=7.81.0-1ubuntu1.16"
# Ensure Python venv is installed (used by reticulate).
RUN apt-get update -y && \
apt-get install -y \
python3 \
python3-pip \
python3-venv \
python3-dev \
libxml2-dev \
libssl-dev \
libudunits2-dev \
libgdal-dev \
libgeos-dev \
libproj-dev\
gdal-bin \
git \
libssl-dev \
libsqlite3-dev \
python3-boto \
xtail

apt-get clean --yes

rm --force --recursive /var/lib/apt/lists/*
EOF
# APT Cleanup
RUN apt-get clean && rm -rf /var/lib/apt/lists/

USER ${CONTAINER_USER}
COPY shiny-server.conf /etc/shiny-server/shiny-server.conf
COPY shiny-server.sh /usr/bin/shiny-server.sh
COPY gather_env_vars.py .

WORKDIR /home/${CONTAINER_USER}
# Patch the shiny server to allow custom headers
RUN sed -i 's/createWebSocketClient(pathInfo)/createWebSocketClient(pathInfo, conn.headers)/' /opt/shiny-server/lib/proxy/sockjs.js
RUN sed -i "s/'referer'/'referer', 'cookie', 'user_email'/" /opt/shiny-server/node_modules/sockjs/lib/transport.js

# Shiny runs as 'shiny' user, adjust app directory permissions
RUN groupmod -g 998 shiny
RUN usermod -u 998 -g 998 shiny
RUN chown -R 998:998 .
RUN chown -R 998:998 /etc/shiny-server
RUN chown -R 998:998 /var/lib/shiny-server

RUN chown -R 998:998 /opt/shiny-server
RUN chown -R 998:998 /var/log/shiny-server
RUN chown -R 998:998 /etc/init.d/shiny-server
RUN chown -R 998:998 /usr/local/lib/R/etc
RUN chown -R 998:998 /usr/local/lib/R/site-library
RUN chown 998:998 /usr/bin/shiny-server.sh
RUN chmod +x /usr/bin/shiny-server.sh

RUN chown 998:998 /etc/profile

EXPOSE 9999

CMD ["/usr/bin/shiny-server.sh"]
39 changes: 25 additions & 14 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,18 +1,29 @@
IMAGE_NAME = ghcr.io/ministryofjustice/analytical-platform-image-build-template:latest
IMAGE_NAME = ghcr.io/ministryofjustice/analytical-platform-rshiny-open-source-base:latest
ARCH = $(shell uname --machine)

test: build
container-structure-test test --config test/container-structure-test.yml --image $(IMAGE_NAME)
define DOCKER_BUILD
@echo "Building on $(ARCH) architecture";
@if [ "$(ARCH)" = "aarch64" ] || [ "$(ARCH)" = "arm64" ]; then \
docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME) .; \
else \
docker build --file Dockerfile --tag $(IMAGE_NAME) .; \
fi
endef

scan: build
trivy image --vuln-type os,library --severity CRITICAL --exit-code 1 $(IMAGE_NAME)
define CONTAINER_TEST
@echo "Testing on $(ARCH) architecture";
@if [ "$(ARCH)" = "aarch64" ] || [ "$(ARCH)" = "arm64" ]; then \
container-structure-test test --platform linux/amd64 --config test/container-structure-test.yml --image $(IMAGE_NAME); \
else \
container-structure-test test --config test/container-structure-test.yml --image $(IMAGE_NAME); \
fi
endef

build:
@ARCH=`uname -m`; \
case $$ARCH in \
aarch64 | arm64) \
echo "Building on $$ARCH architecture"; \
docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME) . ;; \
*) \
echo "Building on $$ARCH architecture"; \
docker build --file Dockerfile --tag $(IMAGE_NAME) . ;; \
esac
$(DOCKER_BUILD)

test: build
$(CONTAINER_TEST)

scan: build
trivy image --vuln-type os,library --severity CRITICAL --exit-code 1 $(IMAGE_NAME)
107 changes: 29 additions & 78 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,96 +1,47 @@
# Analytical Platform Image Build Template
# Analytical Platform RShiny Open Source Base

[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-image-build-template&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-image-build-template)

This template repository equips you with the default initial files for building a container used in Analytical Platform.
[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-rshiny-open-source-base&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-rshiny-open-source-base)

This repository is managed in Terraform [here](https://github.com/ministryofjustice/data-platform-github-access/blob/main/terraform/github/analytical-platform-repositories.tf).

## Included Files

The repository comes with the following preset files:

<!-- generated with `tree -a -I '.git'` -->
```text
├── .devcontainer
│ ├── devcontainer.json
│ └── devcontainer-lock.json
├── Dockerfile
├── .editorconfig
├── .github
│ ├── CODEOWNERS
│ ├── dependabot.yml
│ └── workflows
│ ├── build-and-test.yml
│ ├── dependency-review.yml
│ ├── release.yml
│ ├── scan-image.yml
│ └── super-linter.yml
├── .gitignore
├── LICENSE
├── Makefile
├── README.md
└── test
└── container-structure-test.yml
```

## Setup Instructions

Once you've created your repository using this template, perform the following steps:

### Update README

Edit this README.md file to document your project accurately. Take the time to create a clear, engaging, and informative README.md file. Include information like what your project does, how to install and run it, how to contribute, and any other pertinent details.

### Update repository description

After you've created your repository, GitHub provides a brief description field that appears on the top of your repository's main page. This is a summary that gives visitors quick insight into the project. Using this field to provide a succinct overview of your repository is highly recommended.

This description and your README.md will be one of the first things people see when they visit your repository. It's a good place to make a strong, concise first impression. Remember, this is often visible in search results on GitHub and search engines, so it's also an opportunity to help people discover your project.

### Grant Team Permissions

Assign permissions to the appropriate Ministry of Justice teams. Ensure at least one team is granted Admin permissions. Whenever possible, assign permissions to teams rather than individual users.
This repository contains the GitHub RShiny Open Source Base container image for use in the Analytical Platform.

### Read about the GitHub Repository Standards
## Running Locally

Familiarise yourself with the Ministry of Justice GitHub Repository Standards. These standards ensure consistency, maintainability, and best practices across all our repositories.
### Build

You can find the standards [here](https://operations-engineering.service.justice.gov.uk/documentation/services/repository-standards.html).

Please read and understand these standards thoroughly and enable them when you feel comfortable.

### Modify the GitHub Repository Standards Badge

Once you've ensured that all the [GitHub Repository Standards](https://operations-engineering.service.justice.gov.uk/documentation/services/repository-standards.html) have been applied to your repository, it's time to update the Ministry of Justice (MoJ) Compliance Badge located in the README file.

The badge demonstrates that your repository is compliant with MoJ's standards. Please follow these [instructions](https://operations-engineering.service.justice.gov.uk/documentation/runbooks/services/add-repo-badge.html) to modify the badge URL to reflect the status of your repository correctly.

**Please note** the badge will not function correctly if your repository is internal or private. In this case, you may remove the badge from your README.

### Manage Outside Collaborators

To add an Outside Collaborator to the repository, follow the guidelines detailed [here](https://github.com/ministryofjustice/github-collaborators).
```bash
docker build --platform linux/amd64 --file Dockerfile --tag analytical-platform.service.justice.gov.uk/rshiny-open-source-base:local .
```

### Update CODEOWNERS
### Run

(Optional) Modify the CODEOWNERS file to specify the teams or users authorized to approve pull requests.
```bash
docker run -it --rm \
--platform linux/amd64 \
--name analytical-platform-rshiny-open-source-base \
analytical-platform.service.justice.gov.uk/rshiny-open-source-base:local
```
## Versions

### Configure Dependabot
### Ubuntu

Adapt the dependabot.yml file to match your project's [dependency manager](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) and to enable [automated pull requests for package updates](https://docs.github.com/en/code-security/supply-chain-security).
Generally Dependabot does this, but the following command will return the digest:

### Dependency Review
```bash
docker pull --platform linux/amd64 rocker/r-ver:{R_VERSION}

If your repository is private with no GitHub Advanced Security license, remove the `.github/workflows/dependency-review.yml` file.
docker image inspect --format='{{index .RepoDigests 0}}' rocker/r-ver:{R_VERSION}
```

### Dockerfile
### APT Packages

Make sure to add your own build logic to the bottom of the `Dockerfile`.
To find latest APT package versions, you can run the following:

### Tests
```bash
docker run -it --rm --platform linux/amd64 rocker/r-ver:{R_VERSION}

> [!NOTE]
> No application testing has been added to this template, this is to be implemented by the developer as required.
apt-get update

Please make sure to add any additional container structure tests needed to the `container-structure-test.yml`.
apt-cache policy ${PACKAGE} # for example curl, git or gpg
```
29 changes: 29 additions & 0 deletions gather_env_vars.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
"""Module for writing RENV files out."""

import os

R_ENV_FILE_NAME = "/srv/shiny-server/.Renviron"
R_ENV_FILE_NAME1 = "/home/shiny/.Renviron"


def gather_env_vars_to_renv_file():
"""
Writes RENV files out.
"""
with open( # pylint: disable=unspecified-encoding
R_ENV_FILE_NAME, "a"
) as file_handler:
for name, value in os.environ.items():
file_handler.write(f'{name}="{value}"')
file_handler.write("\n")

with open( # pylint: disable=unspecified-encoding
R_ENV_FILE_NAME1, "a"
) as file_handler:
for name, value in os.environ.items():
file_handler.write(f'{name}="{value}"')
file_handler.write("\n")


if __name__ == "__main__":
gather_env_vars_to_renv_file()
23 changes: 23 additions & 0 deletions shiny-server.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Instruct Shiny Server to run applications as the user "shiny"
run_as shiny;

app_init_timeout 600;

# Define a server that listens on port 9999
server {
listen 9999;

# Define a location at the base URL
location / {

# Host the directory of Shiny Apps stored in this directory
site_dir /srv/shiny-server;

# Log all Shiny output to files in this directory
log_dir /var/log/shiny-server;

# When a user visits the base URL rather than a particular application,
# an index of the applications available in this directory will be shown.
directory_index on;
}
}
15 changes: 15 additions & 0 deletions shiny-server.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/sh

# Make sure the directory for individual app logs exists
mkdir -p /var/log/shiny-server
chown shiny.shiny /var/log/shiny-server

if [ "$APPLICATION_LOGS_TO_STDOUT" != "false" ]; then
# push the "real" application logs to stdout with xtail in detached mode
exec xtail /var/log/shiny-server/ &
fi

python3 ./gather_env_vars.py

# start shiny server
exec shiny-server 2>&1
Loading

0 comments on commit c47634b

Please sign in to comment.