Add reverse proxy for bioconductor (R)

reverse_proxy/defaults/main.yml

@@ -6,6 +6,14 @@ zone: tre.example.org
 cran_mirror: https://cran.ma.imperial.ac.uk/
 cran_regex: ^/(bin/windows|src)/contrib/(4\.1|4\.3|4\.4|3\.6)*/*[a-zA-Z0-9_\-\.]*(\.tar\.gz|\.zip|PACKAGES)$
 
+# bioconductor
+# examples:
+# https://bioconductor.posit.co/packages/3.20/bioc/src/contrib/BiocVersion_3.20.0.tar.gz
+# https://bioconductor.posit.co/packages/3.20/bioc/bin/windows/contrib/4.4/BiocVersion_3.20.0.zip
+# https://bioconductor.posit.co/packages/json/3.20/bioc/packages.json
+bioconductor_mirror: https://bioconductor.statistik.tu-dortmund.de/
+bioconductor_regex: ^\/packages\/(json\/)*[0-9\.]+\/bioc\/([a-zA-Z]+.js(on)*|(src|bin\/windows)\/contrib(\/[0-9\.]*)*\/[a-zA-Z0-9_\-\.]*(\.tar\.gz|\.zip|PACKAGES))$
+
 # conda-forge
 conda_repo_regex: ^/(conda-forge|bioconda)/(linux-64|linux-aarch64|win-64|noarch)/(current_)?repodata.json$
 conda_pkg_regex: ^/(conda-forge|bioconda)/(linux-64|linux-aarch64|win-64|noarch)/[a-zA-Z0-9\-\._!]*(\.tar\.bz2|\.conda)$
@@ -24,3 +32,5 @@ cran_cert: ""
 cran_cert_key: ""
 conda_cert: ""
 conda_cert_key: ""
+bioconductor_cert: ""
+bioconductor_cert_key: ""

reverse_proxy/molecule/default/converge.yml

@@ -31,6 +31,13 @@
         line: 127.0.0.1 conda.{{zone}}
         unsafe_writes: true # issue with testing inside a container
 
+    - name: add testing endpoint to /etc/hosts
+      become: true
+      lineinfile:
+        path: /etc/hosts
+        line: 127.0.0.1 bioconductor.{{zone}}
+        unsafe_writes: true # issue with testing inside a container
+
     - name: install R for testing package installation
       become: true
       apt:

reverse_proxy/molecule/default/verify.yml

@@ -155,6 +155,38 @@
       fail_msg: "GET queries should fail"
       success_msg: "GET query was sucessfully blocked"
 
+
+######################################################################
+# bioconductor tests
+
+  - name: test connection to /
+    uri:
+      url: http://bioconductor.{{zone}}/
+      force: true # avoid hitting cache
+    failed_when: false
+    changed_when: false
+    register: bioconductor_curl_root
+
+  - name: test connection to /
+    assert:
+      that: bioconductor_curl_root.status == 403
+      fail_msg: "bioconductor mirror requests without file extensions should fail"
+      success_msg: "bioconductor request without file extension was successfully blocked"
+
+  - name: test connection to packages/3.20/bioc/src/contrib/PACKAGES
+    uri:
+      url: http://bioconductor.{{zone}}/packages/3.20/bioc/src/contrib/PACKAGES
+      force: true  # avoid hitting cache
+    failed_when: false
+    changed_when: false
+    register: bioconductor_curl_packages
+
+  - name: test connection to /packages/3.20/bioc/src/contrib/PACKAGES
+    assert:
+      that: bioconductor_curl_packages.status == 200
+      fail_msg: "Request to valid file extension was blocked."
+      success_msg: "Request to valid file extension was not blocked."
+
 ######################################################################
 # conda-forge tests
 

reverse_proxy/tasks/bioconductor.yml

@@ -0,0 +1,15 @@
+---
+
+- name: add our bioconductor reverse proxy config
+  become: true
+  template:
+    dest: /etc/nginx/sites-enabled/bioconductor.conf
+    src: generic.conf.j2
+  vars:
+    generic_name: bioconductor
+    upstream_endpoint: "{{ bioconductor_mirror }}"
+    eicar_path: packages/src/contrib/eicar.tar.gz
+    endpoint_regex: "{{ bioconductor_regex }}"
+    certificate_file: "{{ bioconductor_cert }}"
+    certificate_key_file: "{{ bioconductor_cert_key }}"
+  notify: restart nginx

reverse_proxy/tasks/main.yml

@@ -13,4 +13,5 @@
     state: absent
 
 - include_tasks: cran.yml
+- include_tasks: bioconductor.yml
 - include_tasks: conda.yml