All client-side and server-side applications – including CDS Hooks services, FHIR resource servers and similar – MUST be built and delivered according to the HSP Marketplace specification such that they may be configured at runtime into the HL7 DaVinci Sandbox Architecture. The Service Packaging Requirements essentially boil down to using 12factor principles and eliminating local storage of any/all persistent data.

The HL7 DaVinci development team delivers images via the HSPC Docker Hub organization into a corresponding public repository. These are built by developers according to local policy for quality and testing and simply uploaded when ready. Each Docker Hub repository has an automated web hook configured to notify HSPC container management of a new build becoming available, in turn triggering automated update of HSPCs cloud environment.

Continuous Deployment Stages

1. Developer tests code and images on local machine(s) according to DaVinci policies and procedures.
2. Developer checks in code to corresponding branch of a DaVinci GitHub repository. (e.g. `git push`)
3. Developer pushes images to merges commits into master branch.
4. GitHub automatically notifies HSPC Docker Hub . (e.g. `docker push hspc/davinci-something:latest`)to trigger automated build process.
5. HSPC Docker Hub automatically notifies Hub notifies HSPC container management .HSPC container management automatically updates system to pull updated image and roll out to a swarm.

Technical Notes

No Sticky Sessions

Applications MUST NOT use sticky sessions, nor any form of 2nd-level caching requiring similar container affinity. HSPC's reverse proxy environment routes pseudo-randomly and has no mechanism for supporting these types of applications.

Swarm Updates

Auto-rollout of updates begins with container management instructing the sandbox server to download the appropriate image. Once downloaded, existing containers are killed at a 15s delay while updated containers are starting up. As services are configured in a swarm, there are generally no less than 2 containers running at any given time. During the short (usually <1m) rollout period, both old and new instances will responding to requests. 

SSL/TLS

Per the HSP Marketplace specification, all certificate management and SSL crypto is handled outside the image/container. HSPC's internal reverse proxy handles all cryptography and certificate management. Individual services are forwarded appropriate HTTP headers by the reverse proxy such that the base URL of the request in easily detectable by the application. Other than that, applications do not need to worry about SSL/TLS.