task helpFirst, add a little config to make our tasks use the right docker compose setup:
# .env.local
TASK_DOCKER_COMPOSE='itkdev-docker-compose'
TASK_COMPOSER_INSTALL_ARGS='--no-dev'Update the site by running:
task site:updateRun
task site:updateNote
Running task site:update on macOS (darwin) will pull and
patch the API Git submodule (cf. API). See Taskfile.yml for details.
Load fixtures with
task app:fixtures:loadTip
Pro tip! Run
task fixtures:load --yesto load all fixtures in succession (including the fixtures mentioned below).
See widgets/README.md.
Widgets development
If you don't have a crazy fast computer, you can try your luck with the widgets development setup outlined in this section.
Reset data:
task fixtures:load --yesStart Vite dev server:
task widgets:devOpen a new terminal window and patch Symfony asset mapper to use a static filename and disable access control:
patch --strip=1 < patches/widget-dev.patchBuild and watch for changes in the styles:
# Force Tailwind to rebuild.
rm var/tailwind/*.css
task console -- tailwind:build --watchOpen http://localhost:3000/ and enjoy. Any changes you make to the widget code should now be reflected (almost) immediately (you may have to force reload if changing the CSS).
Remove the patch when you're done:
patch --strip=1 --reverse < patches/widget-dev.patchFor convenience, you can do it all in one go:
rm var/tailwind/*.css
patch --strip=1 < patches/widget-dev.patch && \
task console -- tailwind:build --watch && \
patch --strip=1 --reverse < patches/widget-dev.patchThe icons are copied from heroicons.
For development, we run AAK-MBU/Process_Dashboard_API locally. The API is added as a Git submodule in the api folder.
task api:create:api-keysTest access to the API:
task api:test
task api:get API_PATH=/api/v1/auth/me
task api:get API_PATH='/api/v1/runs/?process_id=1'
task api:get API_PATH='/api/v1/runs/?process_id=1&meta_filter=name:Gregory%20Mendez'See docker-compose.api.yml for the docker compose setup for the API.
Run
task api:updateto update the API to the latest version (the main
branch).
task api:script:run SCRIPT_PATH=«path to seed_data.py»
task api:script:run SCRIPT_PATH=«path to seed_data_aktindsigt.py»We use NelmioCorsBundle for widget development.
curl "http://$(task --silent compose -- port nginx 8080)/group/1/overview/1/data"curl -H "Origin: http://127.0.0.1:3000/ProcessOverview?page=3" \
-H "Access-Control-Request-Method: GET" \
-X OPTIONS --verbose \
"http://$(task --silent compose -- port nginx 8080)/group/1/overview/1/data"Symfony supports OpenID Connect, but our IdP does not play well with that. Therefore, we use our own battle-tested OpenId Connect Bundle for OIDC login.
The bundle is configured with some environment variables:
# .env.local
ADMIN_OIDC_ALLOW_HTTP=false
# Get these from your IdP provider
ADMIN_OIDC_METADATA_URL=https://…/.well-known/openid-configuration
ADMIN_OIDC_CLIENT_ID=…
ADMIN_OIDC_CLIENT_SECRET=…
ADMIN_OIDC_REDIRECT_URI=https://rpa-process-overview.example.com/
# The value must be a valid JSON object mapping an OIDC `roles` claim to a list of role names.
ADMIN_OIDC_ROLE_MAP='{
"overview-editor": ["ROLE_OVERVIEW_EDITOR"],
"overview-viewer": ["ROLE_OVERVIEW_VIEWER"],
"overview-searcher": ["ROLE_OVERVIEW_SEARCHER"]
}'As hinted at in the config above, we use three main roles:
| Name | Permissions |
|---|---|
| ROLE_OVERVIEW_EDITOR | Create and edit project overviews |
| ROLE_OVERVIEW_VIEWER | View process runs, rerun failed process steps |
| ROLE_OVERVIEW_SEARCHER | Search process runs |
Internally, we use additional roles to control the actual permissions that a main role has.
For local testing of OIDC login, we use OpenID Provider Mock (cf.
docker-compose.oidc.yml) and the mock is running on
https://idp.rpa-process-overview.local.itkdev.dk/.
The following users are defined in the mock (cf. docker-compose.oidc.yml):
| Username (sub) | Roles |
|---|---|
| overview-editor | overview-editor |
| overview-viewer | overview-viewer |
| overview-searcher | overview-searcher |
| overview-all | overview-viewer, overview-searcher |
Tip
Set DOCKER_OIDC_DISABLE to a non-empty value in .env.local to disable the OIDC service, e.g.
# .env.local
DOCKER_OIDC_DISABLE=true
We use a GitHub Actions workflow, .github/workflows/create-release.yml, to
releases. The actual content of a release is built by bin/create-release.
To test building a release, run
bin/create-release test