Update to copier 4.0.5. Add Ingress and GUI.

.copier-answers.yml

@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier; NEVER EDIT MANUALLY
-_commit: 0.2.9
+_commit: 4.0.5
 _src_path: gh:epics-containers/services-template-helm
 cluster_name: pollux
 cluster_namespace: p46-beamline

.github/workflows/ci_skip_checks

@@ -0,0 +1 @@
+daq-nexus

.github/workflows/ci_verify.sh

@@ -8,14 +8,46 @@
 # other future services that don't use ibek, we will need to add a standard
 # entrypoint for validating the config folder mounted at /config.
 
-ROOT=$(realpath $(dirname ${0})/../..)
+HERE=$(realpath $(dirname ${0}))
+ROOT=$(realpath ${HERE}/../..)
 set -xe
+rm -rf ${ROOT}/.ci_work/
+mkdir -p ${ROOT}/.ci_work
 
 # use docker if available else use podman
 if ! docker version &>/dev/null; then docker=podman; else docker=docker; fi
 
-for service in ${ROOT}/services/*
+# copy the services to a temporary location to avoid dirtying the repo
+cp -r ${ROOT}/services/* ${ROOT}/.ci_work/
+
+for service in ${ROOT}/.ci_work/*/  # */ to skip files
 do
+    ### Lint each service chart and validate if schema given ###
+    service_name=$(basename $service)
+
+    # skip services appearing in ci_skip_checks
+    checks=${HERE}/ci_skip_checks
+    if [[ -f ${checks} ]] && grep -q ${service_name} ${checks}; then
+        echo "Skipping ${service_name}"
+        continue
+    fi
+
+    schema=$(cat ${service}/values.yaml | sed -rn 's/^# yaml-language-server: \$schema=(.*)/\1/p')
+    if [ -n "${schema}" ]; then
+        echo "{\"\$ref\": \"$schema\"}" > ${service}/values.schema.json
+    fi
+
+    $docker run --rm --entrypoint bash \
+        -v ${ROOT}/.ci_work:/services:z \
+        -v ${ROOT}/.helm-shared:/.helm-shared:z \
+        alpine/helm:3.14.3 \
+        -c "
+           helm lint /services/$service_name --values /services/values.yaml &&
+           helm dependency update /services/$service_name &&
+           rm -rf /services/$service_name/charts
+        "
+
+    ### Valiate each ioc config ###
     # Skip if subfolder has no config to validate
     if [ ! -f "${service}/config/ioc.yaml" ]; then
         continue
@@ -30,14 +62,20 @@ do
         runtime=/tmp/ioc-runtime/$(basename ${service})
         mkdir -p ${runtime}
 
+        # avoid issues with auto-gen genicam pvi files (ioc-adaravis only)
+        sed -i s/AutoADGenICam/ADGenICam/ ${service}/config/ioc.yaml
+
         # This will fail and exit if the ioc.yaml is invalid
         $docker run --rm --entrypoint bash \
-            -v ${service}/config:/config \
-            -v ${runtime}:/epics/runtime \
+            -v ${service}/config:/config:z \
+            -v ${runtime}:/epics/runtime:z \
             ${image} \
             -c 'ibek runtime generate /config/ioc.yaml /epics/ibek-defs/*'
         # show the startup script we just generated (and verify it exists)
         cat  ${runtime}/st.cmd
 
     fi
+
 done
+
+rm -r ${ROOT}/.ci_work

.gitignore

@@ -6,3 +6,4 @@ venv*
 **/Chart.lock
 **/charts
 **/*copy
+.ci_work

services/p46-ea-test-01/Chart.yaml → .helm-shared/Chart.yaml

@@ -7,5 +7,5 @@ type: application
 
 dependencies:
   - name: ioc-instance
-    version: 4.0.0
-    repository: "oci://ghcr.io/epics-containers"
+    version: 4.1.2
+    repository: "oci://ghcr.io/epics-containers"

ingress.yaml

@@ -0,0 +1,20 @@
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: p46-opis-ingress
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - p46-opis.diamond.ac.uk
+  rules:
+    - host: p46-opis.diamond.ac.uk
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: epics-opis
+                port:
+                  number: 80

opi/phoebus-launch.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# A launcher for the phoebus container that allows X11 forwarding
+
+thisdir=$(realpath $(dirname ${BASH_SOURCE[0]}))
+workspace=$(realpath ${thisdir}/..)
+
+if module load phoebus 2>/dev/null; then
+    echo "Using phoebus module"
+
+    # settings for p46
+    settings="
+    -resource ${workspace}/opi/training-beamline.bob
+    -settings ${workspace}/opi/settings.ini
+    "
+
+    set -x
+    phoebus.sh ${settings} "${@}"
+else
+    echo "No phoebus module found, using a container"
+
+    if [[ $(docker --version 2>/dev/null) == *Docker* ]]; then
+        docker=docker
+    else
+        docker=podman
+        args="--security-opt=label=type:container_runtime_t"
+    fi
+
+    XSOCK=/tmp/.X11-unix # X11 socket (but we mount the whole of tmp)
+    XAUTH=/tmp/.container.xauth.$USER
+    touch $XAUTH
+    xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
+    chmod 777 $XAUTH
+
+    x11="
+    -e DISPLAY
+    -v $XAUTH:$XAUTH
+    -e XAUTHORITY=$XAUTH
+    --net host
+    "
+
+    args=${args}"
+    -it
+    "
+
+    export MYHOME=/home/${USER}
+    # mount in your own home dir in same folder for access to external files
+    mounts="
+    -v=/tmp:/tmp
+    -v=${MYHOME}/.ssh:/root/.ssh
+    -v=${MYHOME}:${MYHOME}
+    -v=${workspace}:/workspace
+    "
+
+    # settings for p46
+    settings="
+    -resource /workspace/opi/p46-beamline.opi
+    -settings /workspace/opi/settings.ini
+    "
+
+    set -x
+    $docker run ${mounts} ${args} ${x11} ghcr.io/epics-containers/ec-phoebus:latest ${settings} "${@}"
+
+fi
+

opi/settings.ini

@@ -0,0 +1,2 @@
+# bl46P-ea-serv-01.diamond.ac.uk
+org.phoebus.pv.ca/addr_list=172.23.242.47