Migrate rshiny-open-source-base image from data platform

.devcontainer/devcontainer.json

@@ -1,5 +1,5 @@
 {
-  "name": "analytical-platform-image-build-template",
+  "name": "analytical-platform-rshiny-open-source-base",
   "image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
   "features": {
     "ghcr.io/devcontainers/features/docker-in-docker:2": {},

.github/workflows/scan-image.yml

@@ -26,13 +26,13 @@ jobs:
         with:
           push: false
           load: true
-          tags: analytical-platform-image-build-template
+          tags: analytical-platform-rshiny-open-source-base
 
       - name: Scan Image
         id: scan_image
         uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
-          image-ref: analytical-platform-image-build-template
+          image-ref: analytical-platform-rshiny-open-source-base
           exit-code: 1
           format: sarif
           output: trivy-results.sarif
@@ -51,7 +51,7 @@ jobs:
         id: scan_image_on_failure
         uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
-          image-ref: analytical-platform-image-build-template
+          image-ref: analytical-platform-rshiny-open-source-base
           exit-code: 1
           format: table
           severity: CRITICAL

Dockerfile

@@ -1,49 +1,77 @@
 # checkov:skip=CKV_DOCKER_2:Healthcheck instructions have not been added to container images
-# This image is an example base image for this template and can be replaced to fit user needs
-FROM public.ecr.aws/ubuntu/ubuntu@sha256:12fb86d81bc4504d8261a91c83c54b9e5dcdf1d833ba0fe42ec9e0ee09a2b0ba
+# checkov:skip=CKV_DOCKER_3:"Ensure that a user for the container has been created"
+# hadolint global ignore=DL3008
 
-LABEL org.opencontainers.image.vendor="Ministry of Justice" \
-      org.opencontainers.image.authors="Analytical Platform ([email protected])"\
-      org.opencontainers.image.title="{image title}" \
-      org.opencontainers.image.description="{decription}" \
-      org.opencontainers.image.url="{your repo url}"
+ARG r=4.3.2
+FROM rocker/r-ver:${r}
 
-ENV CONTAINER_USER="analyticalplatform" \
-    CONTAINER_UID="1000" \
-    CONTAINER_GROUP="analyticalplatform" \
-    CONTAINER_GID="1000" \
-    DEBIAN_FRONTEND="noninteractive"
+ARG shinyserver=1.5.20.1002
+ENV SHINY_SERVER_VERSION=${shinyserver}
+ENV PANDOC_VERSION=default
+RUN /rocker_scripts/install_shiny_server.sh
 
-SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"]
+ENV STRINGI_DISABLE_PKG_CONFIG=true \
+  AWS_DEFAULT_REGION=eu-west-1 \
+  TZ=Etc/UTC \
+  LC_ALL=C.UTF-8
 
-# User
-RUN <<EOF
-groupadd \
-  --gid ${CONTAINER_GID} \
-  ${CONTAINER_GROUP}
+WORKDIR /srv/shiny-server
 
-useradd \
-  --uid ${CONTAINER_UID} \
-  --gid ${CONTAINER_GROUP} \
-  --create-home \
-  --shell /bin/bash \
-  ${CONTAINER_USER}
-EOF
+# Cleanup shiny-server dir
+RUN rm -rf ./*
 
-# Base
-RUN <<EOF
-apt-get update --yes
+# Make sure the directory for individual app logs exists
+RUN mkdir -p /var/log/shiny-server
 
-apt-get install --yes \
-  "apt-transport-https=2.4.12" \
-  "curl=7.81.0-1ubuntu1.16"
+# Ensure Python venv is installed (used by reticulate).
+RUN apt-get update -y && \
+  apt-get install -y \
+  python3 \
+  python3-pip \
+  python3-venv \
+  python3-dev \
+  libxml2-dev \
+  libssl-dev \
+  libudunits2-dev \
+  libgdal-dev \
+  libgeos-dev \
+  libproj-dev\
+  gdal-bin \
+  git \
+  libssl-dev \
+  libsqlite3-dev \
+  python3-boto \
+  xtail
 
-apt-get clean --yes
 
-rm --force --recursive /var/lib/apt/lists/*
-EOF
+# APT Cleanup
+RUN apt-get clean && rm -rf /var/lib/apt/lists/
 
-USER ${CONTAINER_USER}
+COPY shiny-server.conf /etc/shiny-server/shiny-server.conf
+COPY shiny-server.sh /usr/bin/shiny-server.sh
+COPY gather_env_vars.py .
 
-WORKDIR /home/${CONTAINER_USER}
+# Patch the shiny server to allow custom headers
+RUN sed -i 's/createWebSocketClient(pathInfo)/createWebSocketClient(pathInfo, conn.headers)/' /opt/shiny-server/lib/proxy/sockjs.js
+RUN sed -i "s/'referer'/'referer', 'cookie', 'user_email'/" /opt/shiny-server/node_modules/sockjs/lib/transport.js
 
+# Shiny runs as 'shiny' user, adjust app directory permissions
+RUN groupmod -g 998 shiny
+RUN usermod -u 998 -g 998 shiny
+RUN chown -R 998:998 .
+RUN chown -R 998:998 /etc/shiny-server
+RUN chown -R 998:998 /var/lib/shiny-server
+
+RUN chown -R 998:998 /opt/shiny-server
+RUN chown -R 998:998 /var/log/shiny-server
+RUN chown -R 998:998 /etc/init.d/shiny-server
+RUN chown -R 998:998 /usr/local/lib/R/etc
+RUN chown -R 998:998 /usr/local/lib/R/site-library
+RUN chown 998:998 /usr/bin/shiny-server.sh
+RUN chmod +x /usr/bin/shiny-server.sh
+
+RUN chown 998:998 /etc/profile
+
+EXPOSE 9999
+
+CMD ["/usr/bin/shiny-server.sh"]

Makefile

@@ -1,18 +1,29 @@
-IMAGE_NAME = ghcr.io/ministryofjustice/analytical-platform-image-build-template:latest
+IMAGE_NAME = ghcr.io/ministryofjustice/analytical-platform-rshiny-open-source-base:latest
+ARCH = $(shell uname --machine)
 
-test: build
-	container-structure-test test --config test/container-structure-test.yml --image $(IMAGE_NAME)
+define DOCKER_BUILD
+	@echo "Building on $(ARCH) architecture";
+	@if [ "$(ARCH)" = "aarch64" ] || [ "$(ARCH)" = "arm64" ]; then \
+		docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME) .; \
+	else \
+		docker build --file Dockerfile --tag $(IMAGE_NAME) .; \
+	fi
+endef
 
-scan: build
-	trivy image --vuln-type  os,library --severity  CRITICAL --exit-code 1 $(IMAGE_NAME)
+define CONTAINER_TEST
+	@echo "Testing on $(ARCH) architecture";
+	@if [ "$(ARCH)" = "aarch64" ] || [ "$(ARCH)" = "arm64" ]; then \
+		container-structure-test test --platform linux/amd64 --config test/container-structure-test.yml --image $(IMAGE_NAME); \
+	else \
+		container-structure-test test --config test/container-structure-test.yml --image $(IMAGE_NAME); \
+	fi
+endef
 
 build:
-	@ARCH=`uname -m`; \
-	case $$ARCH in \
-	aarch64 | arm64) \
-		echo "Building on $$ARCH architecture"; \
-		docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME) . ;; \
-	*) \
-		echo "Building on $$ARCH architecture"; \
-		docker build --file Dockerfile --tag $(IMAGE_NAME) . ;; \
-	esac
+	$(DOCKER_BUILD)
+
+test: build
+	$(CONTAINER_TEST)
+
+scan: build
+	trivy image --vuln-type os,library --severity CRITICAL --exit-code 1 $(IMAGE_NAME)

README.md

@@ -1,96 +1,47 @@
-# Analytical Platform Image Build Template
+# Analytical Platform RShiny Open Source Base
 
-[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-image-build-template&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-image-build-template)
-
-This template repository equips you with the default initial files for building a container used in Analytical Platform.
+[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fanalytical-platform-rshiny-open-source-base&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/analytical-platform-rshiny-open-source-base)
 
 This repository is managed in Terraform [here](https://github.com/ministryofjustice/data-platform-github-access/blob/main/terraform/github/analytical-platform-repositories.tf).
 
-## Included Files
-
-The repository comes with the following preset files:
-
-<!-- generated with `tree -a -I '.git'` -->
-```text
-├── .devcontainer
-│   ├── devcontainer.json
-│   └── devcontainer-lock.json
-├── Dockerfile
-├── .editorconfig
-├── .github
-│   ├── CODEOWNERS
-│   ├── dependabot.yml
-│   └── workflows
-│       ├── build-and-test.yml
-│       ├── dependency-review.yml
-│       ├── release.yml
-│       ├── scan-image.yml
-│       └── super-linter.yml
-├── .gitignore
-├── LICENSE
-├── Makefile
-├── README.md
-└── test
-    └── container-structure-test.yml
-```
-
-## Setup Instructions
-
-Once you've created your repository using this template, perform the following steps:
-
-### Update README
-
-Edit this README.md file to document your project accurately. Take the time to create a clear, engaging, and informative README.md file. Include information like what your project does, how to install and run it, how to contribute, and any other pertinent details.
-
-### Update repository description
-
-After you've created your repository, GitHub provides a brief description field that appears on the top of your repository's main page. This is a summary that gives visitors quick insight into the project. Using this field to provide a succinct overview of your repository is highly recommended.
-
-This description and your README.md will be one of the first things people see when they visit your repository. It's a good place to make a strong, concise first impression. Remember, this is often visible in search results on GitHub and search engines, so it's also an opportunity to help people discover your project.
-
-### Grant Team Permissions
-
-Assign permissions to the appropriate Ministry of Justice teams. Ensure at least one team is granted Admin permissions. Whenever possible, assign permissions to teams rather than individual users.
+This repository contains the GitHub RShiny Open Source Base container image for use in the Analytical Platform.
 
-### Read about the GitHub Repository Standards
+## Running Locally
 
-Familiarise yourself with the Ministry of Justice GitHub Repository Standards. These standards ensure consistency, maintainability, and best practices across all our repositories.
+### Build
 
-You can find the standards [here](https://operations-engineering.service.justice.gov.uk/documentation/services/repository-standards.html).
-
-Please read and understand these standards thoroughly and enable them when you feel comfortable.
-
-### Modify the GitHub Repository Standards Badge
-
-Once you've ensured that all the [GitHub Repository Standards](https://operations-engineering.service.justice.gov.uk/documentation/services/repository-standards.html) have been applied to your repository, it's time to update the Ministry of Justice (MoJ) Compliance Badge located in the README file.
-
-The badge demonstrates that your repository is compliant with MoJ's standards. Please follow these [instructions](https://operations-engineering.service.justice.gov.uk/documentation/runbooks/services/add-repo-badge.html) to modify the badge URL to reflect the status of your repository correctly.
-
-**Please note** the badge will not function correctly if your repository is internal or private. In this case, you may remove the badge from your README.
-
-### Manage Outside Collaborators
-
-To add an Outside Collaborator to the repository, follow the guidelines detailed [here](https://github.com/ministryofjustice/github-collaborators).
+```bash
+docker build --platform linux/amd64 --file Dockerfile --tag analytical-platform.service.justice.gov.uk/rshiny-open-source-base:local .
+```
 
-### Update CODEOWNERS
+### Run
 
-(Optional) Modify the CODEOWNERS file to specify the teams or users authorized to approve pull requests.
+```bash
+docker run -it --rm \
+  --platform linux/amd64 \
+  --name analytical-platform-rshiny-open-source-base \
+  analytical-platform.service.justice.gov.uk/rshiny-open-source-base:local
+```
+## Versions
 
-### Configure Dependabot
+### Ubuntu
 
-Adapt the dependabot.yml file to match your project's [dependency manager](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) and to enable [automated pull requests for package updates](https://docs.github.com/en/code-security/supply-chain-security).
+Generally Dependabot does this, but the following command will return the digest:
 
-### Dependency Review
+```bash
+docker pull --platform linux/amd64 rocker/r-ver:{R_VERSION}
 
-If your repository is private with no GitHub Advanced Security license, remove the `.github/workflows/dependency-review.yml` file.
+docker image inspect --format='{{index .RepoDigests 0}}' rocker/r-ver:{R_VERSION}
+```
 
-### Dockerfile
+### APT Packages
 
-Make sure to add your own build logic to the bottom of the `Dockerfile`.
+To find latest APT package versions, you can run the following:
 
-### Tests
+```bash
+docker run -it --rm --platform linux/amd64 rocker/r-ver:{R_VERSION}
 
-> [!NOTE]
-> No application testing has been added to this template, this is to be implemented by the developer as required.
+apt-get update
 
-Please make sure to add any additional container structure tests needed to the `container-structure-test.yml`.
+apt-cache policy ${PACKAGE} # for example curl, git or gpg
+```

gather_env_vars.py

@@ -0,0 +1,29 @@
+"""Module for writing RENV files out."""
+
+import os
+
+R_ENV_FILE_NAME = "/srv/shiny-server/.Renviron"
+R_ENV_FILE_NAME1 = "/home/shiny/.Renviron"
+
+
+def gather_env_vars_to_renv_file():
+    """
+    Writes RENV files out.
+    """
+    with open(  # pylint: disable=unspecified-encoding
+        R_ENV_FILE_NAME, "a"
+    ) as file_handler:
+        for name, value in os.environ.items():
+            file_handler.write(f'{name}="{value}"')
+            file_handler.write("\n")
+
+    with open(  # pylint: disable=unspecified-encoding
+        R_ENV_FILE_NAME1, "a"
+    ) as file_handler:
+        for name, value in os.environ.items():
+            file_handler.write(f'{name}="{value}"')
+            file_handler.write("\n")
+
+
+if __name__ == "__main__":
+    gather_env_vars_to_renv_file()

shiny-server.conf

@@ -0,0 +1,23 @@
+# Instruct Shiny Server to run applications as the user "shiny"
+run_as shiny;
+
+app_init_timeout 600;
+
+# Define a server that listens on port 9999
+server {
+  listen 9999;
+
+  # Define a location at the base URL
+  location / {
+
+    # Host the directory of Shiny Apps stored in this directory
+    site_dir /srv/shiny-server;
+
+    # Log all Shiny output to files in this directory
+    log_dir /var/log/shiny-server;
+
+    # When a user visits the base URL rather than a particular application,
+    # an index of the applications available in this directory will be shown.
+    directory_index on;
+  }
+}

shiny-server.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Make sure the directory for individual app logs exists
+mkdir -p /var/log/shiny-server
+chown shiny.shiny /var/log/shiny-server
+
+if [ "$APPLICATION_LOGS_TO_STDOUT" != "false" ]; then
+  # push the "real" application logs to stdout with xtail in detached mode
+  exec xtail /var/log/shiny-server/ &
+fi
+
+python3 ./gather_env_vars.py
+
+# start shiny server
+exec shiny-server 2>&1