Merge branch 'develop' of github.com:ohcnetwork/care into develop

ohcnetwork · Jan 30, 2025 · c7a7ab7 · c7a7ab7
2 parents cdb888a + 408a6e7
commit c7a7ab7
Show file tree

Hide file tree

Showing 9 changed files with 213 additions and 100 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -28,6 +28,7 @@ env:
 
 jobs:
   test:
+    name: Test
     uses: ./.github/workflows/reusable-test.yml
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -36,30 +37,30 @@ jobs:
 
   build:
     needs: test
-    name: Build & Push to container registries
-    runs-on: ubuntu-24.04-arm
+    name: Build ${{ matrix.platform }}
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-24.04
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
     steps:
       - uses: actions/checkout@v4
 
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
       - name: Generate docker tags
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: |
             ghcr.io/${{ github.repository }}
-          tags: |
-            type=raw,value=production-latest,enable=${{ startsWith(github.event.ref, 'refs/tags/v') }}
-            type=raw,value=production-latest-${{ github.run_number }}-{{date 'YYYYMMDD'}}-{{sha}},enable=${{ startsWith(github.event.ref, 'refs/tags/v') }}
-            type=raw,value=staging-latest,enable=${{ github.ref == 'refs/heads/staging' }}
-            type=raw,value=staging-latest-${{ github.run_number }}-{{date 'YYYYMMDD'}}-{{sha}},enable=${{ github.ref == 'refs/heads/staging' }}
-            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/develop' }}
-            type=raw,value=latest-${{ github.run_number }},enable=${{ github.ref == 'refs/heads/develop' }}
-            type=semver,pattern={{version}}
-          flavor: |
-            latest=false
-
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
 
       - name: Setup Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -74,30 +75,97 @@ jobs:
       - name: Cache Docker layers
         uses: actions/cache@v4
         with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-build-${{ hashFiles('Pipfile.lock', 'docker/prod.Dockerfile') }}
+          path: ${{ runner.temp }}/.buildx-cache
+          key: ${{ runner.os }}-${{ runner.arch }}-buildx-prod-${{ hashFiles('Pipfile.lock', 'docker/prod.Dockerfile') }}
           restore-keys: |
-            ${{ runner.os }}-buildx-build-
+            ${{ runner.os }}-${{ runner.arch }}-buildx-prod-
 
       - name: Create new cache
         run: |
-          mkdir -p /tmp/.buildx-cache
-          mkdir -p /tmp/.buildx-cache-new
+          mkdir -p ${{ runner.temp }}/.buildx-cache
+          mkdir -p ${{ runner.temp }}/.buildx-cache-new
 
-      - name: Build and push image
+      - name: Build and push by digest
+        id: build
         uses: docker/build-push-action@v6
         with:
           context: .
           file: docker/prod.Dockerfile
-          push: true
-          provenance: false
-          platforms: linux/amd64,linux/arm64
-          tags: ${{ steps.meta.outputs.tags }}
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,name=ghcr.io/${{ github.repository }},push-by-digest=true,name-canonical=true,push=true
           build-args: |
             APP_VERSION=${{ github.sha }}
             ADDITIONAL_PLUGS=${{ env.ADDITIONAL_PLUGS }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+          cache-from: type=local,src=${{ runner.temp }}/.buildx-cache
+          cache-to: type=local,dest=${{ runner.temp }}/.buildx-cache-new,mode=max
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Move cache
+        run: |
+          rm -rf ${{ runner.temp }}/.buildx-cache
+          mv ${{ runner.temp }}/.buildx-cache-new ${{ runner.temp }}/.buildx-cache
+
+
+  merge-manifests:
+    needs: build
+    name: Merge & Push Manifests
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Generate docker tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=production-latest,enable=${{ startsWith(github.event.ref, 'refs/tags/v') }}
+            type=raw,value=production-latest-${{ github.run_number }}-{{date 'YYYYMMDD'}}-{{sha}},enable=${{ startsWith(github.event.ref, 'refs/tags/v') }}
+            type=raw,value=staging-latest,enable=${{ github.ref == 'refs/heads/staging' }}
+            type=raw,value=staging-latest-${{ github.run_number }}-{{date 'YYYYMMDD'}}-{{sha}},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/develop' }}
+            type=raw,value=latest-${{ github.run_number }},enable=${{ github.ref == 'refs/heads/develop' }}
+            type=semver,pattern={{version}}
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'ghcr.io/${{ github.repository }}@sha256:%s ' *)
 
       - name: Create Sentry release
         uses: getsentry/action-release@v1
@@ -107,16 +175,9 @@ jobs:
           SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
         with:
           version: ${{ github.sha }}
-      - name: Update cache
-        if: always() # Run even if previous steps fail
-        run: |
-          if [ -d "/tmp/.buildx-cache-new" ]; then
-            rm -rf /tmp/.buildx-cache
-            mv /tmp/.buildx-cache-new /tmp/.buildx-cache
-          fi
 
   notify-release:
-    needs: build
+    needs: merge-manifests
     if: startsWith(github.event.ref, 'refs/tags/v')
     name: Notify release
     runs-on: ubuntu-24.04-arm
@@ -126,7 +187,7 @@ jobs:
           echo "Release ${{ github.sha }} is ready to be deployed to production"
 
   deploy-staging-egov:
-    needs: build
+    needs: merge-manifests
     if: github.ref == 'refs/heads/develop'
     name: Deploy to ECS API Egov
     runs-on: ubuntu-24.04-arm

diff --git a/.github/workflows/reusable-test.yml b/.github/workflows/reusable-test.yml
@@ -13,6 +13,7 @@ on:
 
 jobs:
   test:
+    name: Test
     runs-on: ubuntu-24.04-arm
     steps:
       - uses: actions/checkout@v4
@@ -24,27 +25,50 @@ jobs:
         id: cache-restore
         uses: actions/cache/restore@v4
         with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ hashFiles('Pipfile.lock', 'docker/dev.Dockerfile') }}
+          path: |
+            ${{ runner.temp }}/.buildx-cache
+            ${{ runner.temp }}/.buildx-mounted-cache
+          key: ${{ runner.os }}-${{ runner.arch }}-buildx-dev-${{ hashFiles('Pipfile.lock', 'docker/dev.Dockerfile') }}
           restore-keys: |
-            ${{ runner.os }}-buildx-
+            ${{ runner.os }}-${{ runner.arch }}-buildx-dev-
+
+      - name: inject cache into docker
+        uses: reproducible-containers/buildkit-cache-dance@v3.1.2
+        with:
+          cache-map: |
+            {
+              "${{ runner.temp }}/.buildx-mounted-cache": "/root/.cache/pip"
+            }
+          skip-extraction: ${{ steps.cache-restore.outputs.cache-hit }}
 
       - name: Create new cache
         run: |
-          mkdir -p /tmp/.buildx-cache
-          mkdir -p /tmp/.buildx-cache-new
+          mkdir -p ${{ runner.temp }}/.buildx-cache
+          mkdir -p ${{ runner.temp }}/.buildx-cache-new
+          mkdir -p ${{ runner.temp }}/.buildx-mounted-cache
 
       - name: Bake docker images
         uses: docker/bake-action@v5
         with:
           load: true
+          pull: true
           set: |
-            *.cache-from=type=local,src=/tmp/.buildx-cache
-            *.cache-to=type=local,dest=/tmp/.buildx-cache-new
+            *.cache-from=type=local,src=${{ runner.temp }}/.buildx-cache
+            *.cache-to=type=local,dest=${{ runner.temp }}/.buildx-cache-new,mode=max
           files: docker-compose.yaml,docker-compose.local.yaml
         env:
           DOCKER_BUILD_SUMMARY: false
 
+      - name: Build images
+        run: |
+          docker buildx build \
+            --file docker/dev.Dockerfile \
+            --tag care:dev \
+            --cache-from=type=local,src=${{ runner.temp }}/.buildx-cache \
+            --cache-to=type=local,dest=${{ runner.temp }}/.buildx-cache-new,mode=max \
+            --platform linux/arm64 \
+            .
+
       - name: Start services
         run: |
           docker compose \
@@ -56,7 +80,7 @@ jobs:
             -f docker-compose.local.yaml \
             logs
 
-      - name: Check migrations
+      - name: Check missing migrations
         run: make checkmigration
 
       - name: Validate integrity of fixtures
@@ -74,24 +98,30 @@ jobs:
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
-      - name: Move new cache
+      - name: Move cache
         run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          rm -rf ${{ runner.temp }}/.buildx-cache
+          mv ${{ runner.temp }}/.buildx-cache-new ${{ runner.temp }}/.buildx-cache
 
       - name: Save Docker layers cache
-        if: ${{ inputs.event_name == 'push' || github.event_name == 'push' }}
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' && steps.cache-restore.outputs.cache-hit != 'true' }}
         uses: actions/cache/save@v4
         with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ hashFiles('Pipfile.lock', 'docker/dev.Dockerfile') }}
+          path: |
+            ${{ runner.temp }}/.buildx-cache
+            ${{ runner.temp }}/.buildx-mounted-cache
+          key: ${{ runner.os }}-${{ runner.arch }}-buildx-dev-${{ hashFiles('Pipfile.lock', 'docker/dev.Dockerfile') }}
+
+      # Upload dummy db as artifact so it can be used to speed up frontend tests
+      - name: Dump db
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' }}
+        run: make dump-db
 
       - name: Upload db artifact
-        if: ${{ inputs.event_name == 'push' || github.event_name == 'push' }}
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' }}
         uses: actions/upload-artifact@v4
         with:
           name: care-db-dump
           path: care_db.dump
           retention-days: 30
           compression-level: 0 # file is already compressed
-          overwrite: true # keep only the last artifact
diff --git a/.github/workflows/test-merge-queue.yml b/.github/workflows/test-merge-queue.yml
@@ -8,5 +8,3 @@ jobs:
     uses: ./.github/workflows/reusable-test.yml
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-    with:
-      event_name: ${{ github.event_name }}
diff --git a/.github/workflows/test-pull-request.yml b/.github/workflows/test-pull-request.yml
@@ -12,5 +12,3 @@ jobs:
     uses: ./.github/workflows/reusable-test.yml
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-    with:
-      event_name: ${{ github.event_name }}
diff --git a/care/emr/api/viewsets/location.py b/care/emr/api/viewsets/location.py
@@ -1,4 +1,5 @@
 from django_filters import rest_framework as filters
+from drf_spectacular.utils import extend_schema
 from pydantic import UUID4, BaseModel
 from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied, ValidationError
@@ -149,6 +150,10 @@ def authorize_organization(self, facility, organization):
         ):
             raise PermissionDenied("You do not have permission to given organizations")
 
+    @extend_schema(
+        request=FacilityLocationOrganizationManageSpec,
+        responses={200: FacilityOrganizationReadSpec},
+    )
     @action(detail=True, methods=["POST"])
     def organizations_add(self, request, *args, **kwargs):
         instance = self.get_object()
@@ -168,6 +173,9 @@ def organizations_add(self, request, *args, **kwargs):
         )
         return Response(FacilityOrganizationReadSpec.serialize(organization).to_json())
 
+    @extend_schema(
+        request=FacilityLocationOrganizationManageSpec, responses={204: None}
+    )
     @action(detail=True, methods=["POST"])
     def organizations_remove(self, request, *args, **kwargs):
         instance = self.get_object()
@@ -192,6 +200,7 @@ def organizations_remove(self, request, *args, **kwargs):
     class FacilityLocationEncounterAssignSpec(BaseModel):
         encounter: UUID4
 
+    @extend_schema(request=FacilityLocationEncounterAssignSpec)
     @action(detail=True, methods=["POST"])
     def associate_encounter(self, request, *args, **kwargs):
         instance = self.get_object()