Biomappings curation app

Prerequisites

1. Pixi

2. Application capable of building and running Docker Compose stacks, such as OrbStack

3. Configure Git hooks:

   pixi run -- pre-commit-install

4. Configure Git diff behavior for encrypted files:

   pixi run -- configure-sops-diff

   Please see SOPS: Showing diffs in cleartext in Git and .gitattributes to learn more.

5. Gain access to env/secret.sops.env:

   You'll need to create an age keypair and write the private key to a file where SOPS can find it.

   On macOS, this file is located at

   KEYS_FILE="${XDG_CONFIG_HOME:-"${HOME}/Library/Application Support"}/sops/age/keys.txt"

   On Linux, this file is located at

   KEYS_FILE="${XDG_CONFIG_HOME:-"${HOME}/.config"}/sops/age/keys.txt"

   Generate a keypair and append it to $KEYS_FILE:

   mkdir -p -- "$(dirname -- "${KEYS_FILE}")"
   touch -- "${KEYS_FILE}"
   chmod -- 600 "${KEYS_FILE}"
   age-keygen >> "${KEYS_FILE}"

   Take the public key from $KEYS_FILE that you just generated and send it to Mike, who will add it to .sops.yaml and re-encrypt env/secret.sops.env so that it may be decrypted in your environment.

6. [Non-Chrome/Firefox browsers only] Update /etc/hosts:

   printf -- '%s\n' \
       '::1 biomappings-curation-app.localhost' \
       '127.0.0.1 biomappings-curation-app.localhost' \
     | sudo -- tee -a -- /etc/hosts > /dev/null

7. Clone the Biomappings repository:

   pixi run -- clone-biomappings-repo

8. [Linux only] ORCID OAuth2 client configurations support only https URLs with the default port of 443, so the app must be accessible on port 443.

   Linux may be configured such that all ports (including 443) are unprivileged by running:

   printf -- '%s\n' 'net.ipv4.ip_unprivileged_port_start = 0' \
     | sudo -- tee -a -- /etc/sysctl.d/50-unprivileged-ports.conf > /dev/null
   sudo -- sysctl -q --system

   Despite the ipv4 suggesting otherwise, this kernel parameter also applies to IPv6.

   (Note that macOS 10.14 eliminated privileged ports.)

9. [Linux only] If SELinux is enabled and in enforcing mode, make sure that the files to be bind-mounted are correctly labeled:

   chcon -R -t container_file_t -- app.py resources

Local development

Start Compose stack

pixi run -- up

Browse local app

Biomappings curation app (local)

Stop Compose stack

pixi run -- down

Deploying changes

First, ensure you have the deployment host configured as a SSH destination named gyori-services in ~/.ssh/config. I would suggest enabling SSH connection multiplexing with ControlPersist set to a non-zero timeout, as the deployment process runs multiple SSH commands against the deployment host. For example:

Host gyori-services
  …

Host *
  ControlMaster auto
  ControlPath ~/.ssh/%C
  ControlPersist 30s

Deploy

Commit all changes you'd like to deploy, then run:

pixi run -- deploy

Browse deployed app

Biomappings curation app (deployed)