FI-2338: New Dockerfile for validator (#458)

* FI-2338: new dockerfile for HL7 validator wrapper

* rename to inferno-resource-validator

* Move steps from readme to separate script

docker-compose.background.yml

@@ -31,12 +31,7 @@ services:
   # To enable the HL7 Validator Wrapper, both the section below and
   # the section in nginx.background.conf need to be uncommented
   # hl7_validator_service:
-  #   image: markiantorno/validator-wrapper
-  #   # If running on the MITRE network, comment out the "image" line above
-  #   # and uncomment the "build" section below
-  #   # build:
-  #   #   context: .
-  #   #   dockerfile: Dockerfile.fhir_resource_validator
+  #   image: infernocommunity/inferno-resource-validator
   #   # Update this path to match your directory structure
   #   volumes:
   #     - ./igs:/home/igs

validator/Dockerfile

@@ -0,0 +1,36 @@
+# This Dockerfile is based on the Dockerfile for org.hl7.fhir.validator-wrapper
+# https://github.com/hapifhir/org.hl7.fhir.validator-wrapper/blob/master/Dockerfile
+# with 3 key differences:
+# 1. It fetches the built JAR from GitHub instead of locally, or building from source
+# 2. It adds MITRE certs, for ease of use by the MITRE development team
+# 3. It uses an Ubuntu-based base image instead of Alpine to support both AMD64 and ARM architectures
+#
+# The software release to use is based on the PROJECT_VERSION build argument (required)
+
+FROM eclipse-temurin:11-jre-jammy
+
+RUN wget https://gitlab.mitre.org/mitre-scripts/mitre-pki/-/raw/master/os_scripts/install_certs.sh -O - | MODE=ubuntu sh \
+ && wget https://gitlab.mitre.org/mitre-scripts/mitre-pki/-/raw/master/tool_scripts/install_certs.sh -O - | MODE=java sh
+
+ARG PROJECT_VERSION
+RUN echo "Project version set to -> ${PROJECT_VERSION}"
+
+ENV APPLICATION_USER ktor
+RUN adduser $APPLICATION_USER
+
+RUN mkdir /app
+RUN chown -R $APPLICATION_USER /app
+
+USER $APPLICATION_USER
+
+# These lines copy the packaged application into the Docker image and sets the working directory to where it was copied.
+WORKDIR /app
+RUN wget -O validator-wrapper.jar "https://github.com/hapifhir/org.hl7.fhir.validator-wrapper/releases/download/${PROJECT_VERSION}/validator_cli.jar"
+
+# Environment vars here
+ENV ENVIRONMENT prod
+
+EXPOSE 3500
+
+# The last line instructs Docker to run java with G10s GC,  assigns 79% of the system's available memory, and indicates the packaged application.
+CMD ["java", "-server", "-XX:+UnlockExperimentalVMOptions", "-XX:InitialRAMPercentage=79", "-XX:MinRAMPercentage=79", "-XX:MaxRAMPercentage=79", "-XX:+UseG1GC", "-XX:MaxGCPauseMillis=100", "-XX:+UseStringDeduplication", "-XX:+CrashOnOutOfMemoryError", "-jar", "validator-wrapper.jar", "-startServer"]

validator/README.md

@@ -0,0 +1,20 @@
+# infernocommunity/inferno-resource-validator
+
+This Dockerfile is based on the Dockerfile for org.hl7.fhir.validator-wrapper (see https://github.com/hapifhir/org.hl7.fhir.validator-wrapper/blob/master/Dockerfile ) with 3 key differences relevant to Inferno:
+1. It fetches the built JAR from GitHub instead of locally, or building from source
+2. It adds MITRE certs, for ease of use by the MITRE development team
+3. It uses an Ubuntu-based base image instead of Alpine to support both AMD64 and ARM architectures
+
+It is intended to be a drop-in replacement for the official image; i.e., if you don't need features 2 & 3 above you can use the same version of `markiantorno/validator-wrapper` with all the same settings, environment variables, etc. Version numbers of this image should match the version number of the official image.
+
+In addition to the above differences, published versions of this image have been tested by the Inferno team and are known to be compatible with Inferno test kits.
+
+
+## Publishing a new version
+A script `build_and_push.sh` is provided to assist with publishing a new version. The version of the wrapper service to use must be provided as the first command-line argument (required).
+The available versions are listed at https://github.com/hapifhir/org.hl7.fhir.validator-wrapper/releases .
+Replace `1.0.50` in the example below with the appropriate number and run the following command to build & push a multi-arch image to Docker Hub. Images will be tagged as both the provided version number and as `latest`
+
+```sh
+./build_and_push.sh 1.0.50
+```

validator/build_and_push.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+PROJECT_VERSION=$1
+if [ -z $PROJECT_VERSION ]; then
+    echo "Usage: $0 PROJECT_VERSION"
+    echo The available project versions are listed at https://github.com/hapifhir/org.hl7.fhir.validator-wrapper/releases 
+    exit 1
+fi
+
+echo Using PROJECT_VERSION $PROJECT_VERSION
+
+docker buildx build --platform linux/arm64,linux/amd64 --build-arg "PROJECT_VERSION=${PROJECT_VERSION}" --tag "infernocommunity/inferno-resource-validator:${PROJECT_VERSION}" --tag infernocommunity/inferno-resource-validator:latest --push .