-
Notifications
You must be signed in to change notification settings - Fork 100
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7586 from Third-Culture-Software/master
Feature: deploy BHIMA using docker and docker-compose
- Loading branch information
Showing
41 changed files
with
284 additions
and
144 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# This .env file is for use in the Docker build step, setting all the internal | ||
# variables that could be later overridden by the user. | ||
|
||
# We expect the following variables to be set by the user: | ||
# DB_HOST | ||
# DB_USER | ||
# DB_PASS | ||
# REDIS_HOST | ||
|
||
# Any other variables set by the user will override these variables. | ||
|
||
# define the port on which the HTTP server will listen. | ||
PORT=8080 | ||
|
||
# MySQL Database Configuration | ||
# The following variables should be pretty straightforward. | ||
# DB_PORT is the MySQL server port | ||
DB_PORT=3306 | ||
|
||
# Secret Session Variables | ||
# Used by express-session middleware for encryption. This is just a temporary example. | ||
# In production, use a secure generator for this: | ||
# EX: openssl rand -hex 25 | ||
SESS_SECRET=zC8YmujYRe9EoJVXUEJVzuK3pxDCJzYySJo5Vj5CefwXiiPYCVehutAJVqQ6SNwd | ||
|
||
# define logging level for the npm debug module. | ||
DEBUG=app,errors | ||
|
||
# define the directory where reports, files, and images will be uploaded. | ||
# Upload directory requirements: | ||
# - Must be writable by the application user. | ||
# - Must be a relative directory within the Bhima installation. | ||
UPLOAD_DIR='client/upload' | ||
|
||
# Report directory (Define where reports will be saved on the server) | ||
REPORT_DIR='' | ||
|
||
# SMTP Credentials | ||
SMTP_USERNAME="user@smtp.server" | ||
SMTP_PASSWORD="SomePassword" | ||
SMTP_HOST="some.host.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
# | ||
name: Create and publish a Docker image | ||
|
||
# Configures this workflow to run every time a change is pushed to the branch called `release`. | ||
on: | ||
push: | ||
branches: ['release'] | ||
workflow_dispatch: | ||
|
||
# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. | ||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
|
||
# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. | ||
jobs: | ||
build-and-push-image: | ||
runs-on: ubuntu-latest | ||
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. | ||
permissions: | ||
contents: read | ||
packages: write | ||
attestations: write | ||
# | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
# Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. | ||
- name: Log in to the Container registry | ||
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. | ||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. | ||
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. | ||
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. | ||
- name: Build and push Docker image | ||
id: push | ||
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
|
||
# This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." | ||
- name: Generate artifact attestation | ||
uses: actions/attest-build-provenance@v1 | ||
with: | ||
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | ||
subject-digest: ${{ steps.push.outputs.digest }} | ||
push-to-registry: true | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,43 +1,46 @@ | ||
# define base image | ||
FROM node:lts-slim | ||
FROM node:lts | ||
|
||
# download all the missing dependencies for chromium, plus chromium itself | ||
# Install missing dependencies for chromium | ||
# These are all needed to make sure the browser can properly render all | ||
# the requiredd page | ||
RUN apt-get update && apt-get install -y \ | ||
ca-certificates fonts-liberation gconf-service \ | ||
libappindicator1 libasound2 libatk-bridge2.0-0 libatk1.0-0 libc6 libcairo2 \ | ||
libasound2 libatk-bridge2.0-0 libatk1.0-0 libc6 libcairo2 \ | ||
libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 libgcc1 libgconf-2-4 \ | ||
libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libnss3 libpango-1.0-0 \ | ||
libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 \ | ||
libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 \ | ||
libxss1 libxtst6 lsb-release libxshmfence1 chromium -y | ||
libxss1 libxtst6 lsb-release libxshmfence1 chromium -y \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# ENV NODE_ENV=production | ||
ENV YARN_VERSION 1.22.17 | ||
#ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD 1 | ||
RUN yarn policies set-version $YARN_VERSION | ||
#ENV CHROME_BIN /usr/bin/chromium | ||
#ENV PUPPETEER_EXECUTABLE_PATH /usr/bin/chromium | ||
|
||
# define working directory inside the container | ||
# Set working directory | ||
WORKDIR /usr/src/app | ||
|
||
# Copy all the source code from host machine to the container project directory | ||
COPY . . | ||
# Copy source code | ||
COPY --chown=node:node . . | ||
|
||
# install all the dependencies | ||
RUN yarn --frozen-lockfile && yarn build | ||
# Copy environment file to bin folder | ||
COPY --chown=node:node .env.docker /usr/src/app/.env | ||
|
||
# yarn build creates the bin/ folder | ||
COPY .env bin/ | ||
# Install dependencies | ||
RUN npm install && \ | ||
NODE_ENV=production npm run build && \ | ||
npm install --omit=dev | ||
|
||
# change directory to the bin diretory | ||
# Change directory to bin | ||
WORKDIR /usr/src/app/bin/ | ||
|
||
# make sure the node user is the owner of all the underlying files. | ||
# Set ownership | ||
RUN chown -R node:node * | ||
|
||
# ensure this container runs as the user "node" | ||
# Switch to non-root user | ||
USER node | ||
|
||
# define the start up command of the container to run the server | ||
CMD ["node", "server/app.js"] | ||
ENV NODE_ENV production | ||
|
||
LABEL org.opencontainers.image.source=https://github.com/third-Culture-Software/bhima | ||
LABEL org.opencontainers.image.description="A hospital information management application for rural Congolese hospitals" | ||
LABEL org.opencontainers.image.licenses=GPL | ||
|
||
# Define startup command | ||
CMD ["node", "server/app.js"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,37 +1,48 @@ | ||
version: '3' | ||
|
||
services: | ||
bhima: | ||
build: . | ||
image: imaworldhealth/bhima | ||
#image: ghcr.io/third-culture-software/bhima | ||
image: thirdculturesoftware/bhima | ||
restart: unless-stopped | ||
ports: | ||
- $PORT:$PORT | ||
- "8080:${PORT:-8080}" | ||
environment: | ||
- REDIS_HOST=redis | ||
- DB_HOST=mysql | ||
- DB_USER=${DB_USER:-bhima} | ||
- DB_NAME=${DB_NAME:-bhima} | ||
- DB_PASS=${DB_PASS:-cbeec29bac2f7726e1355c5a5bf10f35963cac8e77ed763bf2} | ||
depends_on: | ||
- mysql | ||
- redis | ||
networks: | ||
- backend | ||
|
||
mysql: | ||
image: mysql:8 | ||
restart: always | ||
image: mysql:8.3 # pin 8.3 ; https://github.com/appsignal/appsignal-nodejs/commit/0586d603c75aa12f8e99f4a5716fd8445f10d79c | ||
restart: unless-stopped | ||
command: | ||
- --default-authentication-plugin=mysql_native_password | ||
- --sql-mode=STRICT_ALL_TABLES,NO_UNSIGNED_SUBTRACTION | ||
- --character-set-server=utf8mb4 | ||
- --collation-server=utf8mb4_unicode_ci | ||
- --default-authentication-plugin=mysql_native_password | ||
volumes: | ||
- mysqldata:/var/lib/mysql/ | ||
- "./temp/docker-build.sql:/docker-entrypoint-initdb.d/bhima.sql" | ||
- ./server/models:/docker-entrypoint-initdb.d | ||
environment: | ||
- MYSQL_RANDOM_ROOT_PASSWORD=1 | ||
- MYSQL_USER=$DB_USER | ||
- MYSQL_PASSWORD=$DB_PASS | ||
- MYSQL_DATABASE=$DB_NAME | ||
- MYSQL_RANDOM_ROOT_PASSWORD=yes | ||
- MYSQL_USER=${DB_USER:-bhima} | ||
- MYSQL_DATABASE=${DB_NAME:-bhima} | ||
- MYSQL_PASSWORD=${DB_PASS:-cbeec29bac2f7726e1355c5a5bf10f35963cac8e77ed763bf2} | ||
networks: | ||
- backend | ||
|
||
redis: | ||
image: redis:latest | ||
restart: always | ||
restart: unless-stopped | ||
networks: | ||
- backend | ||
|
||
networks: | ||
backend: | ||
|
||
volumes: | ||
mysqldata: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# Installing BHIMA with Docker | ||
|
||
Using Docker and Docker Compose provides a simpler alternative to the traditional [Linux installation method](./installing-bhima.md). To install Docker and Docker Compose, follow the instructions on [the official Docker website](https://docs.docker.com/engine/install/). You will need to have installed docker to follow this guide. | ||
|
||
### System Requirements | ||
|
||
Currently, BHIMA is compatible only with the x64 architecture. If you are using other architectures (such as ARM64 or x86), please refer to alternative installation instructions. | ||
|
||
### Installation Steps | ||
|
||
1. Clone the BHIMA repository | ||
|
||
Retrieve the latest Docker Compose file by cloning the repository: | ||
|
||
```bash | ||
git clone --depth 1 https://github.com/Third-Culture-Software/bhima.git | ||
cd bhima | ||
``` | ||
|
||
2. Configure Environment Variables | ||
|
||
Open the downloaded docker-compose.yml file and modify the following environment variables according to your setup: | ||
|
||
- `PORT`: The port number where the application will be accessible. | ||
- `MYSQL_USERNAME`, `DB_USER`: The username for database access. | ||
- `DB_NAME`, `MYSQL_DATABASE`: The name of the database. | ||
- `MYSQL_PASSWORD`, `DB_PASS`: The password for the database. | ||
|
||
Launch the Application | ||
|
||
Start the application by running: | ||
|
||
```bash | ||
docker compose up | ||
``` | ||
|
||
This command builds the application and starts the services defined in the Docker Compose file. Wait for the download and setup to complete. | ||
|
||
4. Verify the installation | ||
|
||
Open a web browser and go to `http://localhost:<PORT>` to check if the application is running properly. Replace `<PORT>` with the port number you configured earlier. | ||
|
||
Enjoy using BHIMA! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.