Feature: deploy BHIMA using docker and docker-compose

.dockerignore

@@ -2,16 +2,24 @@
 node_modules
 .git
 
-# ignore loggin utilities
+# ignore the .env file, we will use .env.docker
+.env
+
+
+# ignore logging utilities
 npm-debug.log
 yarn-error.log
 
+
 # ignore documentation
 *.md
+CNAME
 
 # ignore unnecessary folders
 docs
 temp
-test
+test*
+results
 sh
 bin
+

.env.docker

@@ -0,0 +1,41 @@
+# This .env file is for use in the Docker build step, setting all the internal
+# variables that could be later overridden by the user.
+
+# We expect the following variables to be set by the user:
+# DB_HOST
+# DB_USER
+# DB_PASS
+# REDIS_HOST
+
+# Any other variables set by the user will override these variables.
+
+# define the port on which the HTTP server will listen.
+PORT=8080
+
+# MySQL Database Configuration
+# The following variables should be pretty straightforward.
+# DB_PORT is the MySQL server port
+DB_PORT=3306
+
+# Secret Session Variables
+# Used by express-session middleware for encryption.  This is just a temporary example.
+# In production, use a secure generator for this:
+# EX: openssl rand -hex 25
+SESS_SECRET=zC8YmujYRe9EoJVXUEJVzuK3pxDCJzYySJo5Vj5CefwXiiPYCVehutAJVqQ6SNwd
+
+# define logging level for the npm debug module.
+DEBUG=app,errors
+
+# define the directory where reports, files, and images will be uploaded.
+# Upload directory requirements:
+#   - Must be writable by the application user.
+#   - Must be a relative directory within the Bhima installation.
+UPLOAD_DIR='client/upload'
+
+# Report directory (Define where reports will be saved on the server)
+REPORT_DIR=''
+
+# SMTP Credentials
+SMTP_USERNAME="user@smtp.server"
+SMTP_PASSWORD="SomePassword"
+SMTP_HOST="some.host.com"

.github/workflows/docker-image.yml

@@ -0,0 +1,60 @@
+#
+name: Create and publish a Docker image
+
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
+on:
+  push:
+    branches: ['release']
+  workflow_dispatch:
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      #
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+

Dockerfile

@@ -1,43 +1,46 @@
-# define base image
-FROM node:lts-slim
+FROM node:lts
 
-# download all the missing dependencies for chromium, plus chromium itself
+# Install missing dependencies for chromium
+# These are all needed to make sure the browser can properly render all
+# the requiredd page
 RUN apt-get update && apt-get install -y \
   ca-certificates fonts-liberation gconf-service \
-  libappindicator1 libasound2 libatk-bridge2.0-0 libatk1.0-0 libc6 libcairo2  \
+  libasound2 libatk-bridge2.0-0 libatk1.0-0 libc6 libcairo2  \
   libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 libgcc1 libgconf-2-4 \
   libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libnss3 libpango-1.0-0 \
   libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 \
   libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 \
-  libxss1 libxtst6 lsb-release libxshmfence1 chromium -y
+  libxss1 libxtst6 lsb-release libxshmfence1 chromium -y \
+  && rm -rf /var/lib/apt/lists/*
 
-# ENV NODE_ENV=production
-ENV YARN_VERSION 1.22.17
-#ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD 1
-RUN yarn policies set-version $YARN_VERSION
-#ENV CHROME_BIN /usr/bin/chromium
-#ENV PUPPETEER_EXECUTABLE_PATH /usr/bin/chromium
-
-# define working directory inside the container
+# Set working directory
 WORKDIR /usr/src/app
 
-# Copy all the source code from host machine to the container project directory
-COPY . .
+# Copy source code
+COPY --chown=node:node . .
 
-# install all the dependencies
-RUN yarn --frozen-lockfile && yarn build
+# Copy environment file to bin folder
+COPY --chown=node:node .env.docker /usr/src/app/.env
 
-# yarn build creates the bin/ folder
-COPY .env bin/
+# Install dependencies
+RUN npm install && \
+   NODE_ENV=production npm run build && \
+   npm install --omit=dev
 
-# change directory to the bin diretory
+# Change directory to bin
 WORKDIR /usr/src/app/bin/
 
-# make sure the node user is the owner of all the underlying files.
+# Set ownership
 RUN chown -R node:node *
 
-# ensure this container runs as the user "node"
+# Switch to non-root user
 USER node
 
-# define the start up command of the container to run the server
-CMD ["node", "server/app.js"]
+ENV NODE_ENV production
+
+LABEL org.opencontainers.image.source=https://github.com/third-Culture-Software/bhima
+LABEL org.opencontainers.image.description="A hospital information management application for rural Congolese hospitals"
+LABEL org.opencontainers.image.licenses=GPL
+
+# Define startup command
+CMD ["node", "server/app.js"]

docker-compose.yml

@@ -1,37 +1,48 @@
-version: '3'
-
 services:
   bhima:
     build: .
-    image: imaworldhealth/bhima
+    #image: ghcr.io/third-culture-software/bhima
+    image: thirdculturesoftware/bhima
     restart: unless-stopped
     ports:
-      - $PORT:$PORT
+      - "8080:${PORT:-8080}"
     environment:
       - REDIS_HOST=redis
       - DB_HOST=mysql
+      - DB_USER=${DB_USER:-bhima}
+      - DB_NAME=${DB_NAME:-bhima}
+      - DB_PASS=${DB_PASS:-cbeec29bac2f7726e1355c5a5bf10f35963cac8e77ed763bf2}
     depends_on:
       - mysql
       - redis
+    networks:
+      - backend
+
   mysql:
-    image: mysql:8
-    restart: always
+    image: mysql:8.3 # pin 8.3 ; https://github.com/appsignal/appsignal-nodejs/commit/0586d603c75aa12f8e99f4a5716fd8445f10d79c
+    restart: unless-stopped
     command:
-      - --default-authentication-plugin=mysql_native_password
       - --sql-mode=STRICT_ALL_TABLES,NO_UNSIGNED_SUBTRACTION
-      - --character-set-server=utf8mb4
-      - --collation-server=utf8mb4_unicode_ci
+      - --default-authentication-plugin=mysql_native_password
     volumes:
       - mysqldata:/var/lib/mysql/
-      - "./temp/docker-build.sql:/docker-entrypoint-initdb.d/bhima.sql"
+      - ./server/models:/docker-entrypoint-initdb.d
     environment:
-      - MYSQL_RANDOM_ROOT_PASSWORD=1
-      - MYSQL_USER=$DB_USER
-      - MYSQL_PASSWORD=$DB_PASS
-      - MYSQL_DATABASE=$DB_NAME
+      - MYSQL_RANDOM_ROOT_PASSWORD=yes
+      - MYSQL_USER=${DB_USER:-bhima}
+      - MYSQL_DATABASE=${DB_NAME:-bhima}
+      - MYSQL_PASSWORD=${DB_PASS:-cbeec29bac2f7726e1355c5a5bf10f35963cac8e77ed763bf2}
+    networks:
+      - backend
+
   redis:
     image: redis:latest
-    restart: always
+    restart: unless-stopped
+    networks:
+      - backend
+
+networks:
+  backend:
 
 volumes:
   mysqldata:

docs/en/for-developers/installing-bhima-with-docker.md

@@ -0,0 +1,43 @@
+# Installing BHIMA with Docker
+
+Using Docker and Docker Compose provides a simpler alternative to the traditional [Linux installation method](./installing-bhima.md).  To install Docker and Docker Compose, follow the instructions on [the official Docker website](https://docs.docker.com/engine/install/).  You will need to have installed docker to follow this guide.
+
+### System Requirements
+
+Currently, BHIMA is compatible only with the x64 architecture. If you are using other architectures (such as ARM64 or x86), please refer to alternative installation instructions.
+
+### Installation Steps
+
+1. Clone the BHIMA repository
+
+Retrieve the latest Docker Compose file by cloning the repository:
+
+```bash
+git clone --depth 1 https://github.com/Third-Culture-Software/bhima.git
+cd bhima
+```
+
+2. Configure Environment Variables
+
+Open the downloaded docker-compose.yml file and modify the following environment variables according to your setup:
+
+ - `PORT`: The port number where the application will be accessible.
+ - `MYSQL_USERNAME`, `DB_USER`: The username for database access.
+ - `DB_NAME`, `MYSQL_DATABASE`: The name of the database.
+ - `MYSQL_PASSWORD`, `DB_PASS`: The password for the database.
+
+Launch the Application
+
+Start the application by running:
+
+```bash
+docker compose up
+```
+
+This command builds the application and starts the services defined in the Docker Compose file. Wait for the download and setup to complete.
+
+4. Verify the installation
+
+Open a web browser and go to `http://localhost:<PORT>` to check if the application is running properly. Replace `<PORT>` with the port number you configured earlier.
+
+Enjoy using BHIMA!

docs/en/for-developers/installing-bhima.md

@@ -4,6 +4,8 @@ _Note: these are the instructions for installing the BHIMA development environme
 
 The BHIMA software can be complex to install.  We only officially support Linux, so the following guide assumes you are setting up BHIMA on Debian-based Linux environment.
 
+Note: if you are running on the x64 architecture, you may consider [installing BHIMA using docker](./installing-bhima-with-docker.md).
+
 This guide will get you up and running with bhima locally. Please note that bhima is under active development and tends to move fast and break things. If you are interested in development progress, shoot us a line at [developers@imaworldhealth.org](mailto:developers@imaworldhealth.org).
 
 ### Dependencies
@@ -167,7 +169,7 @@ To start a MySQL server using docker you can use:
 docker run --name mysql -p 3306:3306 \
   -e MYSQL_ROOT_PASSWORD=MyPassword \
   -e MYSQL_ROOT_HOST=% \
-  -d mysql/mysql-server:8.0 \
+  -d mysql:8.3 \
   --sql-mode='STRICT_ALL_TABLES,NO_UNSIGNED_SUBTRACTION' \
   --default-authentication-plugin=mysql_native_password
 
@@ -176,21 +178,27 @@ docker run --name mysql -p 3306:3306 \
 
 This will start a MySQL server that listens on port 3306 (the default MySQL port) on your localhost.  Additionally, you have to set `DB_HOST` in the `.env` file to `127.0.0.1`, leaving it to `localhost` will make the `mysql` command trying to connect via socket, what is not possible when using docker.
 
-If you have already a MySQL server running on port 3306 of your localhost, start docker without the port-forwarding (`-p 3306:3306`), use `docker inspect mysql5.7` to find the IP of the container and use that IP in the `.env` file as `DB_HOST`.
+Note that you can also run redis using docker if you prefer:
+
+```bash
+docker run --name redis -p 6379:6379 -d redis
+```
+
+If you have already a MySQL server running on port 3306 of your localhost, start docker without the port-forwarding (`-p 3306:3306`), use `docker inspect mysql` to find the IP of the container and use that IP in the `.env` file as `DB_HOST`.
 
 The database structure is contained in the `server/models/*.sql` files. You can execute these one by one in the order below, or simply run `yarn build:db`.
 
-1. `server/models/schema.sql`
-2. `server/models/functions.sql`
-3. `server/models/procedures.sql`
-4. `server/models/admin.sql`
-5. `server/models/triggers.sql`
+1. `server/models/01-schema.sql`
+2. `server/models/02-functions.sql`
+3. `server/models/03-procedures.sql`
+4. `server/models/98-admin.sql`
+5. `server/models/04-triggers.sql`
 
 
 This sets up the basic schema, routines, and triggers. The following scripts will build a basic dataset to begin playing around with:
 
-1. `server/models/icd10.sql`
-2. `server/models/bhima.sql`
+1. `server/models/05-icd10.sql`
+2. `server/models/06-bhima.sql`
 3. `test/data.sql`
 
 You can run all this by using the following command: `yarn build:db` Alternatively, you might use the `./sh/build-database.sh` script, customized with your environmental variables as shown below:

docs/fr/for-developers/installing-bhima.md

@@ -132,7 +132,7 @@ Tu peux aussi utiliser docker avec mysql.  Le command pour le lancer est:
 docker run --name mysql -p 3306:3306 \
   -e MYSQL_ROOT_PASSWORD=MyPassword \
   -e MYSQL_ROOT_HOST=% \
-  -d mysql/mysql-server:8.0 \
+  -d mysql:8.3 \
   --sql-mode='STRICT_ALL_TABLES,NO_UNSIGNED_SUBTRACTION' \
   --default-authentication-plugin=mysql_native_password
 
@@ -141,18 +141,18 @@ docker run --name mysql -p 3306:3306 \
 Il faut changer le fichier `.env` pour mettre `DB_HOST` a `127.0.0.1`.
 
 
-La structure de la base de données est contenue dans les fichiers `server/models/*. Sql`. Vous pouvez les exécuter un par un dans l'ordre ci-dessous ou simplement lancer `yarn build: db`.
+La structure de la base de données est contenue dans les fichiers `server/models/*.sql`. Vous pouvez les exécuter un par un dans l'ordre ci-dessous ou simplement lancer `yarn build: db`.
 
-1. `server/models/schema.sql`
-2. `server/models/triggers.sql`
-3. `server/models/functions.sql`
-4. `server/models/procedures.sql`
-5. `server/models/admin.sql`
+1. `server/models/01-schema.sql`
+2. `server/models/04-triggers.sql`
+3. `server/models/02-functions.sql`
+4. `server/models/03-procedures.sql`
+5. `server/models/98-admin.sql`
 
 Ceci configure le schéma de base, les déclencheurs et les routines. Les scripts suivants créeront un ensemble de données de base avec lequel commencer à jouer:
 
-1. `server/models/icd10.sql`
-2. `server/models/bhima.sql`
+1. `server/models/05-icd10.sql`
+2. `server/models/06-bhima.sql`
 3. `test/data.sql`
 
 Vous pouvez exécuter tout cela en utilisant la commande suivante: `yarn build:db` Vous pouvez également utiliser le script`./sh/build-database.sh`, personnalisé à l'aide de vos variables d'environnement, comme indiqué ci-dessous: