Tooling for improved local dev experience

Makefile

@@ -15,3 +15,9 @@ reqs-install:
 
 reqs-install-dev:
 	pip install -r requirements/requirements.dev.txt --no-index --find-links ./vendor/
+
+build-local:
+	cd dev-local ; make build-local ; cd ..
+
+run-local:
+	cd dev-local ; make run-local ; cd ..

dev-local/.env.container

@@ -0,0 +1,52 @@
+################################################################################
+# CONTAINER ENV FILE
+# 
+# 1. It is unclear if we need *all* of these variables in the container. Some, like the
+#    AWS values, should be double-checked.
+# 2. We ALWAYS pass ALL variables through. At no point should defaults be set here.
+#    The idea is that we do any environment configuration in our initialization scripts,
+#    where we can have conditionals, etc. By the time we get to the container, we should
+#    be pulling the values directly from the env. This also eliminates a "moving part."
+#    If the variable is wrong, it MUST be wrong in the setup process, not here.
+# 3. We should eliminate any further variable specialization in the app. That is, the app
+#    should not do any further `if/else` on these variables. It should pull them in without defaults.
+#    Or, any defaults should be of the form "BAD_VARIABLE_VALUE," or perhaps we should just exit.
+#    We want our application to fail at launch if we are missing critical variables. We do NOT want
+#    a production app to try and "figure things out" when its environment is not configured correctly.
+
+AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}"
+AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION}"
+AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}"
+AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}"
+BB2_SERVER_STD2FILE="${BB2_SERVER_STD2FILE}"
+BB20_ENABLE_REMOTE_DEBUG="${BB20_ENABLE_REMOTE_DEBUG}"
+BB20_REMOTE_DEBUG_WAIT_ATTACH="${BB20_REMOTE_DEBUG_WAIT_ATTACH}"
+DATABASES_CUSTOM="${DATABASES_CUSTOM}"
+DB_MIGRATIONS="${DB_MIGRATIONS}"
+DJANGO_FHIR_CERTSTORE="${DJANGO_FHIR_CERTSTORE}"
+DJANGO_LOG_JSON_FORMAT_PRETTY="${DJANGO_LOG_JSON_FORMAT_PRETTY}"
+DJANGO_MEDICARE_SLSX_LOGIN_URI="${DJANGO_MEDICARE_SLSX_LOGIN_URI}"
+DJANGO_MEDICARE_SLSX_REDIRECT_URI="${DJANGO_MEDICARE_SLSX_REDIRECT_URI}"
+DJANGO_PASSWORD_HASH_ITERATIONS="${DJANGO_PASSWORD_HASH_ITERATIONS}"
+DJANGO_SECRET_KEY="${DJANGO_SECRET_KEY}"
+DJANGO_SECURE_SESSION="${DJANGO_SECURE_SESSION}"
+DJANGO_SETTINGS_MODULE="${DJANGO_SETTINGS_MODULE}"
+DJANGO_SLSX_CLIENT_ID="${DJANGO_SLSX_CLIENT_ID}"
+DJANGO_SLSX_CLIENT_SECRET="${DJANGO_SLSX_CLIENT_SECRET}"
+DJANGO_SLSX_HEALTH_CHECK_ENDPOINT="${DJANGO_SLSX_HEALTH_CHECK_ENDPOINT}"
+DJANGO_SLSX_SIGNOUT_ENDPOINT="${DJANGO_SLSX_SIGNOUT_ENDPOINT}"
+DJANGO_SLSX_TOKEN_ENDPOINT="${DJANGO_SLSX_TOKEN_ENDPOINT}"
+DJANGO_SLSX_USERINFO_ENDPOINT="${DJANGO_SLSX_USERINFO_ENDPOINT}"
+DJANGO_SLSX_VERIFY_SSL_EXTERNAL="${DJANGO_SLSX_VERIFY_SSL_EXTERNAL}"
+DJANGO_USER_ID_ITERATIONS="${DJANGO_USER_ID_ITERATIONS}"
+DJANGO_USER_ID_SALT="${DJANGO_USER_ID_SALT}"
+FHIR_URL_V3="${FHIR_URL_V3}"
+FHIR_URL="${FHIR_URL}"
+OAUTHLIB_INSECURE_TRANSPORT="${OAUTHLIB_INSECURE_TRANSPORT}"
+POSTGRES_DB="${POSTGRES_DB}"
+POSTGRES_PASSWORD="${POSTGRES_PASSWORD}"
+POSTGRES_PORT="${POSTGRES_PORT}"
+RUN_ONLINE_TESTS="${RUN_ONLINE_TESTS}"
+SUPER_USER_EMAIL="${SUPER_USER_EMAIL}"
+SUPER_USER_NAME="${SUPER_USER_NAME}"
+SUPER_USER_PASSWORD="${SUPER_USER_PASSWORD}"

dev-local/.env.local.example

@@ -0,0 +1,71 @@
+################################################################################
+# DEVELOPER VARIABLES
+# You may want to tweak these any given day of the week.
+
+## enable debugpy remote debugging (on port 5678)
+# 20251113 MCJ This clearly works, but it does not seem to be used anywhere
+# that would actually affect application behavior. :confused:
+BB20_ENABLE_REMOTE_DEBUG=true
+BB20_REMOTE_DEBUG_WAIT_ATTACH=false
+# Setting this to `false` will disable tests that run against the live BFD server.
+# To run them locally, you need to be authenticated and on the VPN.
+RUN_ONLINE_TESTS=true
+# You probably shouldn't touch these.
+#DJANGO_FHIR_CERTSTORE_REL=docker-compose/certstore
+DJANGO_FHIR_CERTSTORE=/certstore
+
+################################################################################
+# AWS CREDENTIALS
+# These values must be loaded into the local environment at the time the 
+# stack is started. That implies (perhaps) a `kion s` or similar has 
+# been executed before the `docker compose up`.
+AWS_DEFAULT_REGION=us-east-1
+AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
+AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
+
+# Local superuser account
+SUPER_USER_NAME=root
+SUPER_USER_PASSWORD=blue123
+[email protected]
+# We run migrations *always* when running locally
+DB_MIGRATIONS=true
+# This would be cryptographically secure in production.
+DJANGO_SECRET_KEY=replace-me-with-real-secret
+
+# These need to be conditionally selected from
+# by a launcher script. Define all of them here.
+FHIR_URL_TEST="https://test.fhir.bfd.cmscloud.local"
+FHIR_URL_V3_TEST="https://test.fhirv3.bfd.cmscloud.local"
+FHIR_URL_SBX="https://prod-sbx.fhir.bfd.cmscloud.local"
+FHIR_URL_V3_SBX="https://prod-sbx.fhirv3.bfd.cmscloud.local"
+
+################################################################################
+# DATABASE
+# Shared DB ENV vars file for the "db" service containter.
+################################################################################
+POSTGRES_DB=bluebutton
+POSTGRES_PASSWORD=toor
+POSTGRES_PORT=5432
+
+################################################################################
+# BLUE BUTTON ("THE APP")
+# Configure the local containerized app for local execution.
+################################################################################
+# Top level Djano settings
+DJANGO_SETTINGS_MODULE=hhs_oauth_server.settings.dev
+DATABASES_CUSTOM=postgres://postgres:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
+# We need this so that our local `http://localhost:8000/` URLs work in the test client/local stack.
+OAUTHLIB_INSECURE_TRANSPORT=true
+# This is read via `django-getenv` in base.py
+DJANGO_SECURE_SESSION=False
+# This gets defaulted to true later. Go ahead and set the value.
+DJANGO_LOG_JSON_FORMAT_PRETTY=True
+# 20251113 MCJ This defaults to '' later, but could also be 'YES'.
+# This outputs logs to a file locally.
+BB2_SERVER_STD2FILE=''
+
+# BFD credentials/settings
+# 20251113 MCJ Using values that were defaulted in launch scripts.
+DJANGO_USER_ID_SALT="6E6F747468657265616C706570706572"
+DJANGO_USER_ID_ITERATIONS="2"

dev-local/.gitignore

@@ -0,0 +1 @@
+.env.local

dev-local/Dockerfile.local

@@ -0,0 +1,39 @@
+# FIXME: Update to most recent python.
+FROM python:3.11-trixie
+
+# FIXME: Uncertain implications
+ENV PYTHONUNBUFFERED=1
+ENV PYDEVD_DISABLE_FILE_VALIDATION=1
+
+# WARNING
+# This is installing the most recent version of Postgres tools.
+# We would rather install v16, to match the database, which matches Amazon.
+RUN apt-get update \
+    && apt-get install -y \
+        curl \ 
+        gettext \
+        gnupg \
+        ca-certificates \
+        postgresql-client
+
+# Set the local user for development
+# and mount the codebase at /code
+# Set this as the current/active path.
+RUN useradd -m -s /bin/bash DEV
+USER DEV
+ADD .. /code
+WORKDIR /code
+
+# FIXME: Is this how to use venvs 
+# reliably in a Dockerfile?
+RUN python -m venv /tmp/venv
+RUN . /tmp/venv/bin/activate
+ENV PATH="/tmp/venv/bin:${PATH}"
+RUN pip install --upgrade \
+    pip \
+    pip-tools \
+    setuptools
+RUN pip install -r requirements/requirements.dev.txt \
+    --no-index \
+    --find-links \
+    ./vendor/

dev-local/Dockerfile.selenium-ecr

@@ -0,0 +1,22 @@
+FROM python:3.11
+# For build CBC Jenkins job ECR image
+ENV PYTHONUNBUFFERED=1
+
+RUN mkdir /code
+ADD . /code/
+WORKDIR /code
+
+RUN pip install --upgrade pip
+RUN apt-get update && apt-get install -yq git unzip curl
+
+# Install Chrome for Selenium
+RUN curl https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -o /chrome.deb \
+    && dpkg -i /chrome.deb || apt-get install -yf \
+    && rm /chrome.deb
+
+# hard code the zip URL here since `curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE` still points to 114 which is out of date
+# this is the current way google publish the chrome drivers, going forward, need to make changes to keep up with the way google publish the
+# drivers.
+RUN wget -O /tmp/chromedriver.zip https://storage.googleapis.com/chrome-for-testing-public/131.0.6778.108/linux64/chromedriver-linux64.zip \
+    && unzip -p /tmp/chromedriver.zip chromedriver-linux64/chromedriver > /usr/local/bin/chromedriver \
+    && chmod +x /usr/local/bin/chromedriver

dev-local/Dockerfile.selenium-local

@@ -0,0 +1,18 @@
+FROM selenium/standalone-chromium
+
+USER root
+
+RUN apt-get update ; apt-get install -yq python3 python3-venv
+RUN ln -s /usr/bin/python3 /usr/local/bin/python
+
+# switch to existing seluser from selenium docker
+USER seluser
+
+ADD . /code
+WORKDIR /code
+RUN python -m venv /tmp/venv
+RUN . /tmp/venv/bin/activate
+ENV PATH="/tmp/venv/bin:${PATH}"
+
+RUN pip3 install --upgrade pip
+RUN pip3 install selenium pytest debugpy jsonschema python-dateutil

dev-local/Makefile

@@ -0,0 +1,24 @@
+all: build-local run-local
+
+build-local:
+	@echo "building mock sls image"
+	cd ../msls-local ; make all ; cd ../dev-local
+	@echo "building local blue button image"
+	cd ../dev-local ; docker build \
+    	--platform "linux/amd64" \
+    	-t bb-local:latest \
+    	-f Dockerfile.local ..
+# TODO: Is this necessary in a local build? Probably not.
+#	@echo "building selenium ecr image"
+# 	cd ../dev-local ; docker build \
+#     	--platform "linux/amd64" \
+#     	-t selenium-ecr:latest \
+#     	-f Dockerfile.selenium-ecr ..
+	cd ../dev-local ; docker build \
+    	--platform "linux/amd64" \
+    	-t selenium-local:latest \
+    	-f Dockerfile.selenium-local ..
+run-local:
+	@echo "Configuring for ${ENV}" ; \
+		./run-appropriate-stack.bash
+