🚚 Split Curious applets and REDCap projects (#25)

Author: shnizzedy

CHANGELOG.md

@@ -5,6 +5,60 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 1.12.3
+
+### Fixed
+
+- Bug fetching REDCap data introduced in v1.12.1.
+
+## 1.12.2
+
+### Fixed
+
+- Automatic deployment of services to `systemd`.
+
+## 1.12.1
+
+### Added
+
+- `redcap-track-curious`: REDCap PID 891 `{instrument}_complete` → `"Curious Track.{instrument}_received".
+
+### Deprecated
+
+- `hbnmigration.from_redcap.from_redcap` `export_fields` parameter.
+
+## 1.12.0
+
+### Changed
+
+- Copies participant information to both operations and Curious data REDCap projects from intake.
+- Moved logic for looking up REDCap indicies from this repository to `mindlogger-data-export`.
+
+### Fixes
+
+- Fixes bug where Curious-to-REDCap data were falling back on potentially incorrect values.
+
+## 1.11.1
+
+### Fixed
+
+- Only send one email per participant to Curious when creating an account.
+
+## 1.11.0
+
+### Changed
+
+- Split Curious into parent and child applets.
+- Split REDCap into Operations and Curious projects.
+
+### Removed
+
+- `._config_variables.curious_variables.curious_variables.activity_ids`
+- `._config_variables.curious_variables.curious_variables.applet_ids`
+- `._config_variables.curious_variables.curious_variables.Credentials`
+- `._config_variables.curious_variables.curious_variables.AppletCredentials.hbn_mindlogger`
+- `.from_redcap.config.Values.PID247.enrollment_complete`
+
 ## 1.10.11
 
 ### Fixed
@@ -153,6 +207,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `._config_variables.curious_variables.curious_variables.applet_ids`
 - `._config_variables.curious_variables.curious_variables.Credentials`
 - `._config_variables.curious_variables.curious_variables.AppletCredentials.hbn_mindlogger`
+- `.from_redcap.config.Values.PID247.enrollment_complete`
 
 ## 1.8.0
 

VERSION

@@ -1 +1 @@
-1.10.11
+1.12.3

infrastructure/Makefile

@@ -1,65 +1,73 @@
 .PHONY: help test init plan apply destroy fmt validate lint security clean install-tools
 
 help:
-    @echo "Available targets:"
-    @echo "  test          - Run all tests"
-    @echo "  install-tools - Install testing dependencies"
-    @echo "  init          - Initialize Terraform"
-    @echo "  plan          - Show execution plan"
-    @echo "  apply         - Apply infrastructure changes"
-    @echo "  destroy       - Destroy infrastructure"
-    @echo "  fmt           - Format Terraform files"
-    @echo "  validate      - Validate configuration"
-    @echo "  lint          - Run tflint"
-    @echo "  security      - Run security scan"
-    @echo "  clean         - Clean up generated files"
+	@echo "Available targets:"
+	@echo "  test          - Run all tests"
+	@echo "  install-tools - Install testing dependencies"
+	@echo "  init          - Initialize Terraform"
+	@echo "  install       - Install services to systemd"
+	@echo "  plan          - Show execution plan"
+	@echo "  apply         - Apply infrastructure changes"
+	@echo "  destroy       - Destroy infrastructure"
+	@echo "  fmt           - Format Terraform files"
+	@echo "  validate      - Validate configuration"
+	@echo "  lint          - Run tflint"
+	@echo "  security      - Run security scan"
+	@echo "  clean         - Clean up generated files"
 
 test:
-    @./tests/test-terraform.sh
+	@./tests/test-terraform.sh
 
 install-tools:
-    @chmod +x tests/install-tools.sh
-    @./tests/install-tools.sh
+	@chmod +x tests/install-tools.sh
+	@./tests/install-tools.sh
 
 init:
-    terraform init
+	terraform init
+
+install:
+	@echo "Installing services to /etc/systemd/system/..."
+	sudo ln -sf $(PWD)/generated/*.service /etc/systemd/system/
+	sudo ln -sf $(PWD)/generated/*.timer /etc/systemd/system/
+	sudo systemctl daemon-reload
+	@echo "Services installed. Use 'sudo systemctl start <name>' to run them."
 
 plan: init
-    terraform plan
+	terraform plan
 
 apply: test
-    ./safe-apply.sh
+	./safe-apply.sh
 
 destroy:
-    terraform destroy
+	terraform destroy
 
 fmt:
-    terraform fmt -recursive
+	terraform fmt -recursive
 
 validate: init
-    terraform validate
+	terraform validate
 
 lint:
-    @if command -v tflint >/dev/null 2>&1; then \
-        tflint --config tests/.tflint.hcl --init; \
-        tflint --config tests/.tflint.hcl; \
-    else \
-        echo "tflint not installed. Run: make install-tools"; \
-        exit 1; \
-    fi
+	@if command -v tflint >/dev/null 2>&1; then \
+	    tflint --config tests/.tflint.hcl --init; \
+	    tflint --config tests/.tflint.hcl; \
+	else \
+	    echo "tflint not installed. Run: make install-tools"; \
+	    exit 1; \
+	fi
 
 security:
-    @if command -v checkov >/dev/null 2>&1; then \
-        checkov -d . --config-file tests/.checkov.yaml; \
-    else \
-        echo "checkov not installed. Run: make install-tools"; \
-        exit 1; \
-    fi
+	@if command -v checkov >/dev/null 2>&1; then \
+	    checkov -d . --config-file tests/.checkov.yaml; \
+	else \
+	    echo "checkov not installed. Run: make install-tools"; \
+	    exit 1; \
+	fi
 
 clean:
-    rm -rf .terraform
-    rm -f .terraform.lock.hcl
-    rm -f terraform.tfstate
-    rm -f terraform.tfstate.backup
-    rm -f plan.tfplan
-    rm -rf generated/
+	rm -rf .terraform
+	rm -f .terraform.lock.hcl
+	rm -f terraform.tfstate
+	rm -f terraform.tfstate.backup
+	rm -f plan.tfplan
+	rm -rf generated/

infrastructure/main.tf

@@ -11,17 +11,28 @@ terraform {
 
 locals {
   workspace = terraform.workspace
-  template_vars = {
+  common_vars = {
     workspace      = terraform.workspace
     user_group     = var.user_group
     project_root   = var.project_root
-    venv_path      = var.venv_path
+    venv_path      = "${var.project_root}/${var.venv_path}"
     log_directory  = var.log_directory
     project_status = var.project_status
     recovery_mode  = var.recovery_mode
   }
+
+  common_service_config  = templatefile("${path.module}/services/_common_metadata.tpl", local.common_vars)
+  oneshot_timeout_config = templatefile("${path.module}/services/_oneshot_timeouts.tpl", local.common_vars)
+  async_timeout_config   = templatefile("${path.module}/services/_async_timeouts.tpl", local.common_vars)
+
+  template_vars = merge(local.common_vars, {
+    common_config    = local.common_service_config
+    oneshot_timeouts = local.oneshot_timeout_config,
+    async_timeouts   = local.async_timeout_config
+  })
 }
 
+
 # Webhook services (long-running uvicorn servers)
 resource "local_file" "redcap_to_redcap_service" {
   content  = templatefile("${path.module}/services/redcap-to-redcap.service.tpl", local.template_vars)
@@ -80,3 +91,8 @@ resource "local_file" "hbn_sync_timer" {
   })
   filename = "${path.module}/generated/hbn-sync.timer"
 }
+
+resource "local_file" "redcap_track_curious_service" {
+  content  = templatefile("${path.module}/services/redcap-track-curious.service.tpl", local.template_vars)
+  filename = "${path.module}/generated/redcap-track-curious.service"
+}

infrastructure/services/_async_timeouts.tpl

@@ -0,0 +1,5 @@
+# Timeouts
+TimeoutStartSec=60
+TimeoutStopSec=30
+Restart=always
+RestartSec=10

infrastructure/services/_common_metadata.tpl

@@ -0,0 +1,18 @@
+User=${user_group}
+Group=${user_group}
+WorkingDirectory=${project_root}
+Environment="WORKSPACE=${workspace}"
+Environment="HBNMIGRATION_PROJECT_ROOT=${project_root}"
+Environment="HBNMIGRATION_LOG_ROOT=${log_directory}"
+Environment="HBNMIGRATION_PROJECT_STATUS=${project_status}"
+Environment="HBNMIGRATION_RECOVERY_MODE=${recovery_mode ? "1" : "0"}"
+Environment="PATH=${venv_path}/bin:/usr/local/bin:/usr/bin:/bin"
+Environment="PYTHONPATH=${project_root}/python_jobs/src"
+
+# Security hardening
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ReadWritePaths=${project_root}
+ReadWritePaths=${log_directory}
+BindPaths=/data/logs/hbnmigration:/home/hbnmigration/hbnmigration/.hbnmigration_logs

infrastructure/services/_oneshot_timeouts.tpl

@@ -0,0 +1,3 @@
+# Timeouts
+TimeoutStartSec=300
+TimeoutStopSec=30

infrastructure/services/curious-accounts-to-redcap.service.tpl

@@ -5,33 +5,17 @@ PartOf=hbn-sync.service
 
 [Service]
 Type=oneshot
-User=${user_group}
-Group=${user_group}
-WorkingDirectory=${project_root}
 ExecStart=${venv_path}/bin/curious-invitations-to-redcap
-Environment="WORKSPACE=${workspace}"
-Environment="HBNMIGRATION_PROJECT_ROOT=${project_root}"
-Environment="HBNMIGRATION_LOG_ROOT=${log_directory}"
-Environment="HBNMIGRATION_PROJECT_STATUS=${project_status}"
-Environment="HBNMIGRATION_RECOVERY_MODE=${recovery_mode ? "1" : "0"}"
 
-# Timeouts
-TimeoutStartSec=300
-TimeoutStopSec=30
+# Inject SSOT common config
+${common_config}
+${oneshot_timeouts}
 
 # Logging
-BindPaths=/data/logs/hbnmigration:/home/hbnmigration/hbnmigration/.hbnmigration_logs
 StandardOutput=append:${log_directory}/curious-invitations-to-redcap.log
 StandardError=append:${log_directory}/curious-invitations-to-redcap.log
 SyslogIdentifier=curious-invitations-to-redcap-${workspace}
 
-# Security hardening
-NoNewPrivileges=true
-PrivateTmp=true
-ProtectSystem=strict
-ReadWritePaths=${project_root}
-ReadWritePaths=${log_directory}
-ReadWritePaths=${project_root}/.hbnmigration_cache
 
 [Install]
 WantedBy=hbn-sync.timer

infrastructure/services/curious-alerts-websocket.service.tpl

@@ -4,35 +4,19 @@ After=network.target
 
 [Service]
 Type=simple
-User=${user_group}
-Group=${user_group}
-WorkingDirectory=${project_root}
 ExecStart=${venv_path}/bin/curious-alerts-to-redcap --asynchronous
-Environment="WORKSPACE=${workspace}"
-Environment="HBNMIGRATION_PROJECT_ROOT=${project_root}"
-Environment="HBNMIGRATION_LOG_ROOT=${log_directory}"
-Environment="HBNMIGRATION_PROJECT_STATUS=${project_status}"
-Environment="HBNMIGRATION_RECOVERY_MODE=${recovery_mode ? "1" : "0"}"
+
+# Inject SSOT common config
+${common_config}
 
 # Timeouts
 TimeoutStartSec=60
 TimeoutStopSec=30
 
-Restart=always
-RestartSec=10
-
 # Logging
-BindPaths=/data/logs/hbnmigration:/home/hbnmigration/hbnmigration/.hbnmigration_logs
 StandardOutput=append:${log_directory}/curious-alerts-websocket.log
 StandardError=append:${log_directory}/curious-alerts-websocket-error.log
 SyslogIdentifier=curious-alerts-websocket-${workspace}
 
-# Security hardening
-NoNewPrivileges=true
-PrivateTmp=true
-ProtectSystem=strict
-ReadWritePaths=${project_root}
-ReadWritePaths=${log_directory}
-
 [Install]
 WantedBy=multi-user.target

infrastructure/services/curious-data-to-redcap.service.tpl

@@ -5,33 +5,17 @@ PartOf=hbn-sync.service
 
 [Service]
 Type=oneshot
-User=${user_group}
-Group=${user_group}
-WorkingDirectory=${project_root}
 ExecStart=${venv_path}/bin/curious-data-to-redcap
-Environment="WORKSPACE=${workspace}"
-Environment="HBNMIGRATION_PROJECT_ROOT=${project_root}"
-Environment="HBNMIGRATION_LOG_ROOT=${log_directory}"
-Environment="HBNMIGRATION_PROJECT_STATUS=${project_status}"
-Environment="HBNMIGRATION_RECOVERY_MODE=${recovery_mode ? "1" : "0"}"
 
-# Timeouts
-TimeoutStartSec=300
-TimeoutStopSec=30
+# Inject SSOT common config
+${common_config}
+${oneshot_timeouts}
 
 # Logging
-BindPaths=/data/logs/hbnmigration:/home/hbnmigration/hbnmigration/.hbnmigration_logs
+
 StandardOutput=append:${log_directory}/curious-data-to-redcap.log
 StandardError=append:${log_directory}/curious-data-to-redcap.log
 SyslogIdentifier=curious-data-to-redcap-${workspace}
 
-# Security hardening
-NoNewPrivileges=true
-PrivateTmp=true
-ProtectSystem=strict
-ReadWritePaths=${project_root}
-ReadWritePaths=${log_directory}
-ReadWritePaths=${project_root}/.hbnmigration_cache
-
 [Install]
 WantedBy=hbn-sync.timer