Skip to content

feat/ui-docker-container-builds #7262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat/ui-docker-container-builds #7262

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
12910e6
fix: cleaning up old property names and adding new redis props to doc…
gilesw Mar 26, 2025
002557d
Merge remote-tracking branch 'origin/main' into feat/ui-docker-contai…
gilesw Mar 26, 2025
a5a0857
feat: run docker builds with every registry maven build
gilesw Mar 26, 2025
4739089
fix: try a separate docker compose file rather than profiles
gilesw Mar 27, 2025
c93e3ab
Merge branch 'main' into feat/ui-docker-container-builds
gilesw Mar 27, 2025
947c35a
Merge branch 'main' into feat/ui-docker-container-builds
amontenegro May 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .github/workflows/build_test_release_tag.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,25 @@ jobs:
seed_maven_cache: false
install_maven_dependencies: false

bld_docker:
uses: ./.github/workflows/bld_docker.yml
secrets: inherit # pass all secrets for uploading assets
needs:
- lint
- test_mvn
- install_maven_dependencies
permissions:
checks: write
contents: read
issues: read
pull-requests: write
with:
version_tag: ${{ inputs.version_tag }}
bump: ${{ inputs.bump }}
ref: ${{ inputs.ref }}
seed_maven_cache: false
install_maven_dependencies: false

##############################################################################

rel_tag:
Expand Down
75 changes: 75 additions & 0 deletions docker-compose.ui.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
services:
haprouter:
image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-haprouter:${TAG:-0.0.1}
build:
context: .
dockerfile: orcid-haprouter/Dockerfile
restart: ${RESTART:-no}
env_file:
- orcid-haprouter/default.env
- orcid-haprouter/deployment.env
ports:
- 0.0.0.0:678:1936 # stats
- 0.0.0.0:7983:7983 # solr read
- 0.0.0.0:6983:6983 # solr write
- 0.0.0.0:7432:7432 # postgres read
- 0.0.0.0:6432:6432 # postgres write
networks:
app:

ui_frontend:
image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-frontend-${FRONTEND_LABEL:-qa}:${FRONTEND_TAG:-0.0.1}
build:
context: .
dockerfile: 'FIXME: must build in the orcid-angular project first Dockerfile.build'
restart: ${RESTART:-no}
ports:
- 0.0.0.0:13106:80
networks:
app:

ui_proxy:
image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-proxy:${TAG:-0.0.1}
build:
context: .
dockerfile: orcid-web-proxy/Dockerfile
restart: ${RESTART:-no}
ports:
- 0.0.0.0:13107:80
- 0.0.0.0:13108:443
volumes:
- ./certs/dhparam.pem:/etc/nginx/certs/dhparam.pem:ro
- ${SSL_CERTIFICATE:-./certs/docker_dev.pem}:/etc/nginx/certs/docker.pem:ro
- ${SSL_CERTIFICATE_KEY:-./certs/docker_dev-key.pem}:/etc/nginx/certs/docker-key.pem:ro
networks:
app:

ui:
image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web:${TAG:-0.0.1}
build:
cache_from:
- orcid/registry-dependencies:${TAG:-0.0.1}
context: .
dockerfile: orcid-web/Dockerfile
args:
tag_numeric: ${TAG:-0.0.1}
restart: ${RESTART:-no}
env_file:
- default.env
- properties/default.orcid_core.env
- properties/default.misc.env
- properties/default.frontend.env
- properties/default.persistence.env
- orcid-web/default.env
- orcid-web/deployment.env
- ${DOCKER_DEV_ENV_FILE:-empty.env}
ports:
- 0.0.0.0:13100:8080
networks:
app:
volumes:
- /opt/docker/logs/reg-ui:/usr/local/tomcat/logs

networks:
app:
driver: bridge
34 changes: 25 additions & 9 deletions orcid-web/orcid.properties.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,29 +179,31 @@ org.orcid.core.utils.cache.redis.port={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_PORT }
org.orcid.core.utils.cache.redis.password={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_PASSWORD }}
org.orcid.core.utils.cache.redis.enabled={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_ENABLED }}
org.orcid.core.utils.cache.redis.summary.enabled={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_SUMMARY_ENABLED }}
org.orcid.core.utils.cache.redis.summary.ttl={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_SUMMARY_TTL }}

# Maintenance message
org.orcid.frontend.web.maintenanceHeaderUrl={{ ORG_ORCID_FRONTEND_WEB_MAINTENANCE_HEADER_URL }}


#Enable panoply deleted items tracking
org.orcid.persistence.panoply.cleanup.production={{ ORG_ORCID_PERSISTENCE_PANOPLY_CLEANUP_PROD_ONLY }}
# Panoply redshift database
org.orcid.persistence.panoply.cleanup.production={{ ORG_ORCID_PERSISTENCE_PANOPLY_CLEANUP_PRODUCTION }}
# Panoply redshift database
org.orcid.core.utils.panoply.driver={{ ORG_ORCID_CORE_UTILS_PANOPLY_DRIVER }}
org.orcid.core.utils.panoply.maxPoolSize={{ ORG_ORCID_CORE_UTILS_PANOPLY_MAX_POOL_SIZE }}
org.orcid.core.utils.panoply.password={{ ORG_ORCID_CORE_UTILS_PANOPLY_PASSWORD }}
org.orcid.core.utils.panoply.idleConnectionTimeout={{ ORG_ORCID_CORE_UTILS_PANOPLY_IDLE_CONN_TIMEOUT }}
org.orcid.core.utils.panoply.connectionTimeout={{ ORG_ORCID_CORE_UTILS_PANOPLY_CONN_TIMEOUT }}
org.orcid.core.utils.panoply.idleConnectionTimeout={{ ORG_ORCID_CORE_UTILS_PANOPLY_IDLE_CONNECTION_TIMEOUT }}
org.orcid.core.utils.panoply.connectionTimeout={{ ORG_ORCID_CORE_UTILS_PANOPLY_CONNECTION_TIMEOUT }}
#jdbc:redshift://<host>:<port>/<database>
org.orcid.core.utils.panoply.jdbcUrl={{ ORG_ORCID_CORE_UTILS_PANOPLY_JDBC_URL }}
org.orcid.core.utils.panoply.username={{ ORG_ORCID_CORE_UTILS_PANOPLY_USERNAME }}

#Enable papi rate exceeded tracking in panoply
org.orcid.persistence.panoply.papiExceededRate.production={{ ORG_ORCID_PERSISTENCE_PANOPLY_PAPI_EXCEEDED_RATE_PROD_ONLY }}
org.orcid.persistence.panoply.papiExceededRate.production={{ ORG_ORCID_PERSISTENCE_PANOPLY_PAPI_EXCEEDED_RATE_PRODUCTION }}

# Papi limits
org.orcid.papi.rate.limit.anonymous.requests={{ ORG_ORCID_PAPI_LIMIT_ANONYMOUS_REQUESTS }}
org.orcid.papi.rate.limit.known.requests={{ ORG_ORCID_PAPI_LIMIT_KNOWN_REQUESTS }}
org.orcid.papi.rate.limit.enabled={{ ORG_ORCID_PAPI_LIMIT_ENABLED }}
# Papi limits
org.orcid.papi.rate.limit.anonymous.requests={{ ORG_ORCID_PAPI_RATE_LIMIT_ANONYMOUS_REQUESTS }}
org.orcid.papi.rate.limit.known.requests={{ ORG_ORCID_PAPI_RATE_LIMIT_KNOWN_REQUESTS }}
org.orcid.papi.rate.limit.enabled={{ ORG_ORCID_PAPI_RATE_LIMIT_ENABLED }}

# CSRF Cookie settings
org.orcid.core.csrf.domain={{ ORG_ORCID_CORE_CSRF_DOMAIN }}
Expand All @@ -211,3 +213,17 @@ org.orcid.core.utils.cache.papi.redis.host={{ ORG_ORCID_CORE_UTILS_CACHE_PAPI_RE
org.orcid.core.utils.cache.papi.redis.port={{ ORG_ORCID_CORE_UTILS_CACHE_PAPI_REDIS_PORT }}
org.orcid.core.utils.cache.papi.redis.password={{ ORG_ORCID_CORE_UTILS_CACHE_PAPI_REDIS_PASSWORD }}
org.orcid.core.utils.cache.papi.redis.enabled={{ ORG_ORCID_CORE_UTILS_CACHE_PAPI_REDIS_ENABLED }}

# This is passed to the admin registry to tell it what the /registry/ domain name is for password resets
org.orcid.admin.registry.url={{ ORG_ORCID_ADMIN_REGISTRY_URL }}

# Redis to hold session data
org.orcid.core.session.cookie.domain={{ ORG_ORCID_CORE_SESSION_COOKIE_DOMAIN }}
org.orcid.core.utils.cache.session.redis.host={{ ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_HOST }}
org.orcid.core.utils.cache.session.redis.port={{ ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_PORT }}
org.orcid.core.utils.cache.session.redis.password={{ ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_PASSWORD }}
org.orcid.core.utils.cache.session.redis.pool.idle.max={{ ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_POOL_IDLE_MAX }}
org.orcid.core.utils.cache.session.redis.pool.max={{ ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_POOL_MAX }}
org.orcid.core.utils.cache.session.redis.pool.wait.millis={{ ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_POOL_WAIT_MILLIS }}
org.orcid.core.utils.cache.session.redis.connection_timeout_millis={{ ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_CONNECTION_TIMEOUT_MILLIS }}
org.orcid.core.utils.cache.session.redis.session.timeout={{ ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_SESSION_TIMEOUT }}
2 changes: 2 additions & 0 deletions properties/default.misc.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,5 @@ ORG_ORCID_SECURITY_CORS_ALLOWED_DOMAINS=localhost,docker-dev.orcid.org
ORG_ORCID_SWAGGER_AUTHENDPOINT=https://docker-dev.orcid.org/oauth/authorize
# NOTE=this endpoint is always pub.
ORG_ORCID_SWAGGER_TOKENENDPOINT=https://pub.orcid.org/oauth/token
# this is passed to the admin registry to tell it what the /registry/ domain name is for password resets
ORG_ORCID_ADMIN_REGISTRY_URL=https://docker-dev.orcid.org
2 changes: 2 additions & 0 deletions properties/default.orcid_core.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ ORG_ORCID_CORE_UTILS_CACHE_REDIS_HOST=redis
ORG_ORCID_CORE_UTILS_CACHE_REDIS_PASSWORD=wibble
ORG_ORCID_CORE_UTILS_CACHE_REDIS_PORT=6379
ORG_ORCID_CORE_UTILS_CACHE_REDIS_SUMMARY_ENABLED=false
ORG_ORCID_CORE_UTILS_CACHE_REDIS_SUMMARY_TTL="60"

ORG_ORCID_CORE_WORKS_BULK_READ_MAX="100"
ORG_ORCID_CORE_WORKS_BULK_WRITE_MAX="100"

Expand Down
29 changes: 22 additions & 7 deletions properties/default.persistence.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,22 +67,37 @@ ORG_ORCID_SCHEDULER_WEB_PROCESS_PROFILES_PENDING_INDEXING_DELAY_SECONDS="300"
ORG_ORCID_PERSISTENCE_WEBHOOK_MAX_ATTEMPT_COUNT="15"

# Enable panoply deleted items tracking
ORG_ORCID_PERSISTENCE_PANOPLY_CLEANUP_PROD_ONLY="false"
ORG_ORCID_PERSISTENCE_PANOPLY_CLEANUP_PRODUCTION="false"

# FIXME: needs to be in CORE
# Panoply redshift database
ORG_ORCID_CORE_UTILS_PANOPLY_DRIVER=com.amazon.redshift.jdbc.Driver
ORG_ORCID_CORE_UTILS_PANOPLY_MAX_POOL_SIZE="3"
ORG_ORCID_CORE_UTILS_PANOPLY_PASSWORD="wibble"
ORG_ORCID_CORE_UTILS_PANOPLY_IDLE_CONN_TIMEOUT="60000"
ORG_ORCID_CORE_UTILS_PANOPLY_CONN_TIMEOUT="60000"
ORG_ORCID_CORE_UTILS_PANOPLY_IDLE_CONNECTION_TIMEOUT="60000"
ORG_ORCID_CORE_UTILS_PANOPLY_CONNECTION_TIMEOUT="60000"
# jdbc:redshift://<host>:<port>/<database>
ORG_ORCID_CORE_UTILS_PANOPLY_JDBC_URL=jdbc:redshift://dummy_redshift/panoply
ORG_ORCID_CORE_UTILS_PANOPLY_USERNAME=dummy_username

# Enable papi rate exceeded tracking in panoply
ORG_ORCID_PERSISTENCE_PANOPLY_PAPI_EXCEEDED_RATE_PROD_ONLY="false"
ORG_ORCID_PAPI_LIMIT_ANONYMOUS_REQUESTS="3"
ORG_ORCID_PAPI_LIMIT_KNOWN_REQUESTS="5"
ORG_ORCID_PAPI_LIMIT_ENABLED="true"
ORG_ORCID_PERSISTENCE_PANOPLY_PAPI_EXCEEDED_RATE_PRODUCTION="false"
ORG_ORCID_PAPI_RATE_LIMIT_ANONYMOUS_REQUESTS="3"
ORG_ORCID_PAPI_RATE_LIMIT_KNOWN_REQUESTS="5"
ORG_ORCID_PAPI_RATE_LIMIT_ENABLED="true"

ORG_ORCID_PAPI_RATE_LIMIT_IP_WHITE_SPACE_SEPARATED_WHITE_LIST=52.17.98.131 127.0.0.1

# CSRF cookie domain
ORG_ORCID_CORE_CSRF_DOMAIN="docker-dev.orcid.org"

# REDIS to hold session data
ORG_ORCID_CORE_SESSION_COOKIE_DOMAIN="docker-dev.orcid.org"
ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_HOST=redis
ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_PORT="6379"
ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_PASSWORD=wibble
ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_POOL_IDLE_MAX="50"
ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_POOL_MAX="300"
ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_POOL_WAIT_MILLIS="1000"
ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_CONNECTION_TIMEOUT_MILLIS="2000"
ORG_ORCID_CORE_UTILS_CACHE_SESSION_REDIS_SESSION_TIMEOUT="3600"
Loading