Merge branch 'dev' into ms-add_host

Author: tompollard

.env.example

@@ -14,6 +14,7 @@ SITE_ID=4
 DB_USER=physionet
 DB_PASSWORD=password
 DB_HOST=localhost
+DB_PORT=5432
 DB_NAME=physionet
 
 # Emails
@@ -53,6 +54,9 @@ PAUSE_CREDENTIALING_MESSAGE='PhysioNet will not be taking new applications for c
 # GOOGLE_APPLICATION_CREDENTIALS=json
 GCP_DELEGATION_EMAIL=email
 
+# AWS user authentication bucket (see deploy/README.md)
+#AWS_VERIFICATION_BUCKET_NAME=example-bucket
+
 # AWS
 # Used to provide MIMIC through AWS, this will include S3, Redshift, Spark
 # Key and key2 are predefined by AWS, can be changed but IT WILL BREAK ALL
@@ -75,6 +79,8 @@ AWS_SHARED_CREDENTIALS_FILE=
 S3_OPEN_ACCESS_BUCKET=
 # The default bucket name to store logs and metrics related to project usage.
 S3_SERVER_ACCESS_LOG_BUCKET=
+# The default bucket name to store projects with a 'RESTRICTED/CREDENTIALED' access policy.
+S3_CONTROLLED_ACCESS_BUCKET=
 
 # Datacite
 # Used to assign the DOIs
@@ -99,6 +105,14 @@ ORCID_REDIRECT_URI=http://localhost:8000/authorcid
 ORCID_CLIENT_ID=SECRET
 ORCID_CLIENT_SECRET=SECRET
 ORCID_SCOPE='/read-limited,/activities/update'
+ORCID_DOMAIN=https://sandbox.orcid.org
+ORCID_LOGIN_REDIRECT_URI=http://localhost:8000/authorcid_login
+ORCID_AUTH_URL=https://sandbox.orcid.org/oauth/authorize
+ORCID_TOKEN_URL=https://sandbox.orcid.org/oauth/token
+ORCID_LOGIN_ENABLED=False
+ORCID_LOGIN_BUTTON_TEXT="Log in using ORCID iD"
+# JWKS is used to get public key from orcid and validate access token using this public key
+ORCID_OPEN_ID_JWKS_URL=https://sandbox.orcid.org/oauth/jwks
 
 STORAGE_TYPE=LOCAL
 
@@ -137,6 +151,10 @@ SSO_LOGIN_BUTTON_TEXT="Single Sign-On"
 ENABLE_FILE_DOWNLOADS_OPTION=true
 COPY_FILES_TO_NEW_VERSION=true
 
+# Allowed Access Policies [Optional] - This is a list of access policies that can be assigned to a newly submitted project on the 'Project Access' page.
+# The environment variable is a stringified list of access policies separated by commas
+ALLOWED_ACCESS_POLICIES="OPEN,RESTRICTED,CREDENTIALED,CONTRIBUTOR_REVIEW"
+
 # Used for bucket creation
 GCP_DOMAIN=
 
@@ -214,3 +232,14 @@ CITI_SOAP_URL="https://webservices.citiprogram.org/SOAP/CITISOAPService.asmx"
 # See https://docs.djangoproject.com/en/4.2/ref/settings/
 DATA_UPLOAD_MAX_NUMBER_FILES=1000
 DATA_UPLOAD_MAX_MEMORY_SIZE=2621440
+
+# OAUTH_CLIENT_APP_NAME is the name of the default OAuth application used
+# when programmatically generating access tokens (e.g., via the /settings/tokens
+# interface or other internal APIs).
+#
+# This should match the 'name' field of a registered OAuth Application in the
+# django-oauth-toolkit Application model.
+#
+# It is used to associate new access tokens with a known, trusted client
+# (typically representing the main web interface or API client).
+OAUTH_CLIENT_APP_NAME=local_web_client

.github/workflows/docker-build-test.yml

@@ -4,9 +4,9 @@
 # All published images are also tagged with corresponding git commit sha.
 #
 # To run the tests locally in a similar environment to GitHub Actions you can use:
-# $ docker-compose -f docker/docker-compose.test.yml build
-# $ docker-compose -f docker/docker-compose.test.yml run --rm test
-# $ docker-compose -f docker/docker-compose.test.yml down
+# $ docker compose -f docker/docker-compose.test.yml build
+# $ docker compose -f docker/docker-compose.test.yml run --rm test
+# $ docker compose -f docker/docker-compose.test.yml down
 
 name: Docker / Build, Test and Publish
 
@@ -17,6 +17,9 @@ on:
   pull_request:
     branches:
       - dev
+  merge_group:
+    types:
+      - checks_requested
   workflow_dispatch:
     inputs:
       publish_tag:
@@ -42,18 +45,18 @@ jobs:
           load: true
 
       - name: Run tests
-        run: docker-compose -f docker/docker-compose.test.yml run --rm test
+        run: docker compose -f docker/docker-compose.test.yml run --rm test
 
       - name: Stop and remove containers
-        run: docker-compose -f docker/docker-compose.test.yml down
+        run: docker compose -f docker/docker-compose.test.yml down
 
       - name: Save physionet image
         if: github.ref == 'refs/heads/dev' || github.event.inputs.publish_tag
         run: docker save physionet:latest | gzip > /tmp/physionet.tar.gz
 
       - name: Upload physionet image
         if: github.ref == 'refs/heads/dev' || github.event.inputs.publish_tag
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: physionet
           path: /tmp/physionet.tar.gz
@@ -66,7 +69,7 @@ jobs:
     needs: build
     steps:
       - name: Download physionet image
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4.1.7
         with:
           name: physionet
           path: /tmp

.github/workflows/physionet-build-test.yml

@@ -9,6 +9,9 @@ on:
   pull_request:
     branches:
       - dev
+  merge_group:
+    types:
+      - checks_requested
 
 jobs:
   test:

.github/workflows/physionet-upgrade-test.yml

@@ -7,6 +7,9 @@ on:
   pull_request:
     branches:
       - dev
+  merge_group:
+    types:
+      - checks_requested
 
 jobs:
   testupgrade:

.gitignore

@@ -8,8 +8,10 @@ db.sqlite3
 media/active-projects/*
 media/archived-projects/*
 media/published-projects/*
+media/ethics/*
 media/users/*
 media/credential-applications/*
+media/training/*
 physionet-django/static/published-projects/*
 physionet-django/static/wfdbcal
 physionet-django/test.log

GuideForNewDevelopers.md

@@ -0,0 +1,6 @@
+To whom it may concern:
+
+The study described here has been approved and poses no ethical
+concerns.
+
+The Authorities