generated from ministryofjustice/analytical-platform-image-build-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Migrate rshiny-open-source-base image from data platform (#2)
* migrate-image-build * fixed linting pt.1 * fixed linting pt.2 * fixed linting pt.3 * Update Makefile * Update Makefile Co-authored-by: Jacob Woffenden <[email protected]> * update README * Update README.md Co-authored-by: Jacob Woffenden <[email protected]> --------- Co-authored-by: Gary H <[email protected]> Co-authored-by: Jacob Woffenden <[email protected]> Co-authored-by: Emterry <[email protected]>
- Loading branch information
1 parent
ebef6b6
commit c47634b
Showing
9 changed files
with
195 additions
and
138 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,49 +1,77 @@ | ||
# checkov:skip=CKV_DOCKER_2:Healthcheck instructions have not been added to container images | ||
# This image is an example base image for this template and can be replaced to fit user needs | ||
FROM public.ecr.aws/ubuntu/ubuntu@sha256:12fb86d81bc4504d8261a91c83c54b9e5dcdf1d833ba0fe42ec9e0ee09a2b0ba | ||
# checkov:skip=CKV_DOCKER_3:"Ensure that a user for the container has been created" | ||
# hadolint global ignore=DL3008 | ||
|
||
LABEL org.opencontainers.image.vendor="Ministry of Justice" \ | ||
org.opencontainers.image.authors="Analytical Platform ([email protected])"\ | ||
org.opencontainers.image.title="{image title}" \ | ||
org.opencontainers.image.description="{decription}" \ | ||
org.opencontainers.image.url="{your repo url}" | ||
ARG r=4.3.2 | ||
FROM rocker/r-ver:${r} | ||
|
||
ENV CONTAINER_USER="analyticalplatform" \ | ||
CONTAINER_UID="1000" \ | ||
CONTAINER_GROUP="analyticalplatform" \ | ||
CONTAINER_GID="1000" \ | ||
DEBIAN_FRONTEND="noninteractive" | ||
ARG shinyserver=1.5.20.1002 | ||
ENV SHINY_SERVER_VERSION=${shinyserver} | ||
ENV PANDOC_VERSION=default | ||
RUN /rocker_scripts/install_shiny_server.sh | ||
|
||
SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"] | ||
ENV STRINGI_DISABLE_PKG_CONFIG=true \ | ||
AWS_DEFAULT_REGION=eu-west-1 \ | ||
TZ=Etc/UTC \ | ||
LC_ALL=C.UTF-8 | ||
|
||
# User | ||
RUN <<EOF | ||
groupadd \ | ||
--gid ${CONTAINER_GID} \ | ||
${CONTAINER_GROUP} | ||
WORKDIR /srv/shiny-server | ||
|
||
useradd \ | ||
--uid ${CONTAINER_UID} \ | ||
--gid ${CONTAINER_GROUP} \ | ||
--create-home \ | ||
--shell /bin/bash \ | ||
${CONTAINER_USER} | ||
EOF | ||
# Cleanup shiny-server dir | ||
RUN rm -rf ./* | ||
|
||
# Base | ||
RUN <<EOF | ||
apt-get update --yes | ||
# Make sure the directory for individual app logs exists | ||
RUN mkdir -p /var/log/shiny-server | ||
|
||
apt-get install --yes \ | ||
"apt-transport-https=2.4.12" \ | ||
"curl=7.81.0-1ubuntu1.16" | ||
# Ensure Python venv is installed (used by reticulate). | ||
RUN apt-get update -y && \ | ||
apt-get install -y \ | ||
python3 \ | ||
python3-pip \ | ||
python3-venv \ | ||
python3-dev \ | ||
libxml2-dev \ | ||
libssl-dev \ | ||
libudunits2-dev \ | ||
libgdal-dev \ | ||
libgeos-dev \ | ||
libproj-dev\ | ||
gdal-bin \ | ||
git \ | ||
libssl-dev \ | ||
libsqlite3-dev \ | ||
python3-boto \ | ||
xtail | ||
|
||
apt-get clean --yes | ||
|
||
rm --force --recursive /var/lib/apt/lists/* | ||
EOF | ||
# APT Cleanup | ||
RUN apt-get clean && rm -rf /var/lib/apt/lists/ | ||
|
||
USER ${CONTAINER_USER} | ||
COPY shiny-server.conf /etc/shiny-server/shiny-server.conf | ||
COPY shiny-server.sh /usr/bin/shiny-server.sh | ||
COPY gather_env_vars.py . | ||
|
||
WORKDIR /home/${CONTAINER_USER} | ||
# Patch the shiny server to allow custom headers | ||
RUN sed -i 's/createWebSocketClient(pathInfo)/createWebSocketClient(pathInfo, conn.headers)/' /opt/shiny-server/lib/proxy/sockjs.js | ||
RUN sed -i "s/'referer'/'referer', 'cookie', 'user_email'/" /opt/shiny-server/node_modules/sockjs/lib/transport.js | ||
|
||
# Shiny runs as 'shiny' user, adjust app directory permissions | ||
RUN groupmod -g 998 shiny | ||
RUN usermod -u 998 -g 998 shiny | ||
RUN chown -R 998:998 . | ||
RUN chown -R 998:998 /etc/shiny-server | ||
RUN chown -R 998:998 /var/lib/shiny-server | ||
|
||
RUN chown -R 998:998 /opt/shiny-server | ||
RUN chown -R 998:998 /var/log/shiny-server | ||
RUN chown -R 998:998 /etc/init.d/shiny-server | ||
RUN chown -R 998:998 /usr/local/lib/R/etc | ||
RUN chown -R 998:998 /usr/local/lib/R/site-library | ||
RUN chown 998:998 /usr/bin/shiny-server.sh | ||
RUN chmod +x /usr/bin/shiny-server.sh | ||
|
||
RUN chown 998:998 /etc/profile | ||
|
||
EXPOSE 9999 | ||
|
||
CMD ["/usr/bin/shiny-server.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,29 @@ | ||
IMAGE_NAME = ghcr.io/ministryofjustice/analytical-platform-image-build-template:latest | ||
IMAGE_NAME = ghcr.io/ministryofjustice/analytical-platform-rshiny-open-source-base:latest | ||
ARCH = $(shell uname --machine) | ||
|
||
test: build | ||
container-structure-test test --config test/container-structure-test.yml --image $(IMAGE_NAME) | ||
define DOCKER_BUILD | ||
@echo "Building on $(ARCH) architecture"; | ||
@if [ "$(ARCH)" = "aarch64" ] || [ "$(ARCH)" = "arm64" ]; then \ | ||
docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME) .; \ | ||
else \ | ||
docker build --file Dockerfile --tag $(IMAGE_NAME) .; \ | ||
fi | ||
endef | ||
|
||
scan: build | ||
trivy image --vuln-type os,library --severity CRITICAL --exit-code 1 $(IMAGE_NAME) | ||
define CONTAINER_TEST | ||
@echo "Testing on $(ARCH) architecture"; | ||
@if [ "$(ARCH)" = "aarch64" ] || [ "$(ARCH)" = "arm64" ]; then \ | ||
container-structure-test test --platform linux/amd64 --config test/container-structure-test.yml --image $(IMAGE_NAME); \ | ||
else \ | ||
container-structure-test test --config test/container-structure-test.yml --image $(IMAGE_NAME); \ | ||
fi | ||
endef | ||
|
||
build: | ||
@ARCH=`uname -m`; \ | ||
case $$ARCH in \ | ||
aarch64 | arm64) \ | ||
echo "Building on $$ARCH architecture"; \ | ||
docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME) . ;; \ | ||
*) \ | ||
echo "Building on $$ARCH architecture"; \ | ||
docker build --file Dockerfile --tag $(IMAGE_NAME) . ;; \ | ||
esac | ||
$(DOCKER_BUILD) | ||
|
||
test: build | ||
$(CONTAINER_TEST) | ||
|
||
scan: build | ||
trivy image --vuln-type os,library --severity CRITICAL --exit-code 1 $(IMAGE_NAME) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,96 +1,47 @@ | ||
# Analytical Platform Image Build Template | ||
# Analytical Platform RShiny Open Source Base | ||
|
||
[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-image-build-template&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-image-build-template) | ||
|
||
This template repository equips you with the default initial files for building a container used in Analytical Platform. | ||
[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-rshiny-open-source-base&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-rshiny-open-source-base) | ||
|
||
This repository is managed in Terraform [here](https://github.com/ministryofjustice/data-platform-github-access/blob/main/terraform/github/analytical-platform-repositories.tf). | ||
|
||
## Included Files | ||
|
||
The repository comes with the following preset files: | ||
|
||
<!-- generated with `tree -a -I '.git'` --> | ||
```text | ||
├── .devcontainer | ||
│ ├── devcontainer.json | ||
│ └── devcontainer-lock.json | ||
├── Dockerfile | ||
├── .editorconfig | ||
├── .github | ||
│ ├── CODEOWNERS | ||
│ ├── dependabot.yml | ||
│ └── workflows | ||
│ ├── build-and-test.yml | ||
│ ├── dependency-review.yml | ||
│ ├── release.yml | ||
│ ├── scan-image.yml | ||
│ └── super-linter.yml | ||
├── .gitignore | ||
├── LICENSE | ||
├── Makefile | ||
├── README.md | ||
└── test | ||
└── container-structure-test.yml | ||
``` | ||
|
||
## Setup Instructions | ||
|
||
Once you've created your repository using this template, perform the following steps: | ||
|
||
### Update README | ||
|
||
Edit this README.md file to document your project accurately. Take the time to create a clear, engaging, and informative README.md file. Include information like what your project does, how to install and run it, how to contribute, and any other pertinent details. | ||
|
||
### Update repository description | ||
|
||
After you've created your repository, GitHub provides a brief description field that appears on the top of your repository's main page. This is a summary that gives visitors quick insight into the project. Using this field to provide a succinct overview of your repository is highly recommended. | ||
|
||
This description and your README.md will be one of the first things people see when they visit your repository. It's a good place to make a strong, concise first impression. Remember, this is often visible in search results on GitHub and search engines, so it's also an opportunity to help people discover your project. | ||
|
||
### Grant Team Permissions | ||
|
||
Assign permissions to the appropriate Ministry of Justice teams. Ensure at least one team is granted Admin permissions. Whenever possible, assign permissions to teams rather than individual users. | ||
This repository contains the GitHub RShiny Open Source Base container image for use in the Analytical Platform. | ||
|
||
### Read about the GitHub Repository Standards | ||
## Running Locally | ||
|
||
Familiarise yourself with the Ministry of Justice GitHub Repository Standards. These standards ensure consistency, maintainability, and best practices across all our repositories. | ||
### Build | ||
|
||
You can find the standards [here](https://operations-engineering.service.justice.gov.uk/documentation/services/repository-standards.html). | ||
|
||
Please read and understand these standards thoroughly and enable them when you feel comfortable. | ||
|
||
### Modify the GitHub Repository Standards Badge | ||
|
||
Once you've ensured that all the [GitHub Repository Standards](https://operations-engineering.service.justice.gov.uk/documentation/services/repository-standards.html) have been applied to your repository, it's time to update the Ministry of Justice (MoJ) Compliance Badge located in the README file. | ||
|
||
The badge demonstrates that your repository is compliant with MoJ's standards. Please follow these [instructions](https://operations-engineering.service.justice.gov.uk/documentation/runbooks/services/add-repo-badge.html) to modify the badge URL to reflect the status of your repository correctly. | ||
|
||
**Please note** the badge will not function correctly if your repository is internal or private. In this case, you may remove the badge from your README. | ||
|
||
### Manage Outside Collaborators | ||
|
||
To add an Outside Collaborator to the repository, follow the guidelines detailed [here](https://github.com/ministryofjustice/github-collaborators). | ||
```bash | ||
docker build --platform linux/amd64 --file Dockerfile --tag analytical-platform.service.justice.gov.uk/rshiny-open-source-base:local . | ||
``` | ||
|
||
### Update CODEOWNERS | ||
### Run | ||
|
||
(Optional) Modify the CODEOWNERS file to specify the teams or users authorized to approve pull requests. | ||
```bash | ||
docker run -it --rm \ | ||
--platform linux/amd64 \ | ||
--name analytical-platform-rshiny-open-source-base \ | ||
analytical-platform.service.justice.gov.uk/rshiny-open-source-base:local | ||
``` | ||
## Versions | ||
|
||
### Configure Dependabot | ||
### Ubuntu | ||
|
||
Adapt the dependabot.yml file to match your project's [dependency manager](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) and to enable [automated pull requests for package updates](https://docs.github.com/en/code-security/supply-chain-security). | ||
Generally Dependabot does this, but the following command will return the digest: | ||
|
||
### Dependency Review | ||
```bash | ||
docker pull --platform linux/amd64 rocker/r-ver:{R_VERSION} | ||
|
||
If your repository is private with no GitHub Advanced Security license, remove the `.github/workflows/dependency-review.yml` file. | ||
docker image inspect --format='{{index .RepoDigests 0}}' rocker/r-ver:{R_VERSION} | ||
``` | ||
|
||
### Dockerfile | ||
### APT Packages | ||
|
||
Make sure to add your own build logic to the bottom of the `Dockerfile`. | ||
To find latest APT package versions, you can run the following: | ||
|
||
### Tests | ||
```bash | ||
docker run -it --rm --platform linux/amd64 rocker/r-ver:{R_VERSION} | ||
|
||
> [!NOTE] | ||
> No application testing has been added to this template, this is to be implemented by the developer as required. | ||
apt-get update | ||
|
||
Please make sure to add any additional container structure tests needed to the `container-structure-test.yml`. | ||
apt-cache policy ${PACKAGE} # for example curl, git or gpg | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
"""Module for writing RENV files out.""" | ||
|
||
import os | ||
|
||
R_ENV_FILE_NAME = "/srv/shiny-server/.Renviron" | ||
R_ENV_FILE_NAME1 = "/home/shiny/.Renviron" | ||
|
||
|
||
def gather_env_vars_to_renv_file(): | ||
""" | ||
Writes RENV files out. | ||
""" | ||
with open( # pylint: disable=unspecified-encoding | ||
R_ENV_FILE_NAME, "a" | ||
) as file_handler: | ||
for name, value in os.environ.items(): | ||
file_handler.write(f'{name}="{value}"') | ||
file_handler.write("\n") | ||
|
||
with open( # pylint: disable=unspecified-encoding | ||
R_ENV_FILE_NAME1, "a" | ||
) as file_handler: | ||
for name, value in os.environ.items(): | ||
file_handler.write(f'{name}="{value}"') | ||
file_handler.write("\n") | ||
|
||
|
||
if __name__ == "__main__": | ||
gather_env_vars_to_renv_file() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Instruct Shiny Server to run applications as the user "shiny" | ||
run_as shiny; | ||
|
||
app_init_timeout 600; | ||
|
||
# Define a server that listens on port 9999 | ||
server { | ||
listen 9999; | ||
|
||
# Define a location at the base URL | ||
location / { | ||
|
||
# Host the directory of Shiny Apps stored in this directory | ||
site_dir /srv/shiny-server; | ||
|
||
# Log all Shiny output to files in this directory | ||
log_dir /var/log/shiny-server; | ||
|
||
# When a user visits the base URL rather than a particular application, | ||
# an index of the applications available in this directory will be shown. | ||
directory_index on; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/sh | ||
|
||
# Make sure the directory for individual app logs exists | ||
mkdir -p /var/log/shiny-server | ||
chown shiny.shiny /var/log/shiny-server | ||
|
||
if [ "$APPLICATION_LOGS_TO_STDOUT" != "false" ]; then | ||
# push the "real" application logs to stdout with xtail in detached mode | ||
exec xtail /var/log/shiny-server/ & | ||
fi | ||
|
||
python3 ./gather_env_vars.py | ||
|
||
# start shiny server | ||
exec shiny-server 2>&1 |
Oops, something went wrong.