helpwave
diff --git a/‎.github/workflows/build-docker-simulator.yml‎
Lines changed: 48 additions & 0 deletions b/‎.github/workflows/build-docker-simulator.yml‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎.github/workflows/lint-dockerfiles.yml‎
Lines changed: 46 additions & 0 deletions b/‎.github/workflows/lint-dockerfiles.yml‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎.github/workflows/lint-python.yml‎
Lines changed: 38 additions & 0 deletions b/‎.github/workflows/lint-python.yml‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 44 additions & 13 deletions b/‎README.md‎
Lines changed: 44 additions & 13 deletions
diff --git a/‎backend/.env.example‎
Lines changed: 4 additions & 0 deletions b/‎backend/.env.example‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎backend/Dockerfile‎
Lines changed: 1 addition & 3 deletions b/‎backend/Dockerfile‎
Lines changed: 1 addition & 3 deletions
@@ -0,0 +1,48 @@
+name: Docker Build Simulator
+
+on:
+  push:
+    branches:
+      - 'main'
+  pull_request:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}-simulator
+
+jobs:
+  build:
+    name: Build docker image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=pr
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+
+      - name: Build and push docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: simulator
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
@@ -0,0 +1,46 @@
+name: Lint Dockerfiles
+
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '**/Dockerfile'
+      - '.github/workflows/lint-dockerfiles.yml'
+  pull_request:
+    paths:
+      - '**/Dockerfile'
+      - '.github/workflows/lint-dockerfiles.yml'
+
+jobs:
+  hadolint:
+    name: Lint Dockerfiles
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run hadolint on backend
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: backend/Dockerfile
+          failure-threshold: warning
+
+      - name: Run hadolint on proxy
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: proxy/Dockerfile
+          failure-threshold: warning
+
+      - name: Run hadolint on simulator
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: simulator/Dockerfile
+          failure-threshold: warning
+
+      - name: Run hadolint on web
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: web/Dockerfile
+          failure-threshold: warning
+
@@ -0,0 +1,38 @@
+name: Python lint
+
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - 'backend/**/*.py'
+      - 'simulator/**/*.py'
+      - '.github/workflows/lint-python.yml'
+  pull_request:
+    paths:
+      - 'backend/**/*.py'
+      - 'simulator/**/*.py'
+      - '.github/workflows/lint-python.yml'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Install flake8
+        run: pip install flake8
+
+      - name: Run flake8 on backend
+        run: flake8 backend --ignore=E501,W503 --exclude=venv,__pycache__,migrations
+
+      - name: Run flake8 on simulator
+        run: flake8 simulator --ignore=E501,W503 --exclude=venv,__pycache__
+
@@ -1,10 +1,8 @@
-# [helpwave tasks](https://helpwave.de/product/tasks)
+# helpwave tasks
 
 **helpwave tasks** is a modern, open-source task and ward-management platform tailored for healthcare - designed to bring clarity, efficiency and structure to hospitals, wards and clinical workflows.
 
----
-
-## 🚀 Quick Start
+## Quick Start
 
 If you simply want to test the application without modifying code, use the production compose file. This pulls official images and runs them behind a reverse proxy.
 
@@ -17,29 +15,31 @@ If you simply want to test the application without modifying code, use the produ
     * **App URL:** [`http://localhost:80`](http://localhost:80)
     * **User:** `test` / `test`
 
----
-
 ## Development
 
-This section covers setting up the local environment for coding. You need **PostgreSQL**, **Redis**, and **Keycloak** running to support the backend.
+This section covers setting up the local environment for coding. You need **PostgreSQL**, **Redis**, **Keycloak**, and **InfluxDB** running to support the backend.
 
 ### Environment Configuration
 
-The application relies on the following services. Ensure your environment variables are set (or use the provided `.env.example`):
+The application relies on the following services. Ensure your environment variables are set:
 
 ```bash
 DATABASE_URL="postgresql+asyncpg://postgres:password@localhost:5432/postgres"
-REDIS_URL="redis://localhost:6379"
+REDIS_URL="redis://:password@localhost:6379"
 ENV=development
+INFLUXDB_URL="http://localhost:8086"
+INFLUXDB_TOKEN="tasks-token-secret"
+INFLUXDB_ORG="tasks"
+INFLUXDB_BUCKET="audit"
 ```
 
 ### Option A: Manual Setup (Docker Compose)
 Use this if you prefer managing your own Python and Node versions.
 
 1.  **Start Infrastructure**
-    Start Postgres, Redis, and Keycloak:
+    Start Postgres, Redis, Keycloak, and InfluxDB:
     ```bash
-    docker-compose -f docker-compose.dev.yml up -d postgres redis keycloak
+    docker-compose -f docker-compose.dev.yml up -d postgres redis keycloak influxdb
     ```
 
 2.  **Run Backend**
@@ -49,7 +49,6 @@ Use this if you prefer managing your own Python and Node versions.
     source venv/bin/activate
     pip install -r requirements.txt
     
-    # Run migrations and start server
     alembic upgrade head
     uvicorn main:app --reload
     ```
@@ -62,6 +61,16 @@ Use this if you prefer managing your own Python and Node versions.
     npm run dev
     ```
 
+4.  **Run Simulator** (Optional)
+    In a new terminal:
+    ```bash
+    cd simulator
+    python -m venv venv
+    source venv/bin/activate
+    pip install -r requirements.txt
+    python -m simulator
+    ```
+
 ### Option B: Automated Setup (Nix)
 Use this to let Nix handle dependencies, environment variables, and helper commands automatically.
 
@@ -73,7 +82,11 @@ Use this to let Nix handle dependencies, environment variables, and helper comma
 2.  **Start Everything**
     ```bash
     run-dev-all
-    # Starts Docker infra, migrates DB, and runs both Backend & Frontend
+    ```
+
+3.  **Run Simulator** (Optional)
+    ```bash
+    run-simulator
     ```
 
 ### Access & Credentials
@@ -85,6 +98,7 @@ Once the development environment is running:
 | **Web Frontend** | [`http://localhost:3000`](http://localhost:3000) | The user interface (Next.js/React). |
 | **Backend API** | [`http://localhost:8000/graphql`](http://localhost:8000/graphql) | The GraphQL Playground (Strawberry). |
 | **Keycloak** | [`http://localhost:8080`](http://localhost:8080) | Identity Provider. |
+| **InfluxDB** | [`http://localhost:8086`](http://localhost:8086) | Time-series database for audit logs. |
 
 **Keycloak Realms & Users:**
 * **tasks Realm:** `http://localhost:8080/realms/tasks` (Redirects automatically from app login)
@@ -93,3 +107,20 @@ Once the development environment is running:
 * **master Realm (Admin Console):** [`http://localhost:8080/admin`](http://localhost:8080/admin)
     * User: `admin`
     * Password: `admin`
+
+## Project Structure
+
+- **backend/** - FastAPI backend with GraphQL API (Strawberry)
+- **web/** - Next.js frontend application
+- **simulator/** - Development tool for simulating clinic traffic
+- **proxy/** - Nginx reverse proxy for production deployments
+- **keycloak/** - Keycloak realm configuration
+- **scaffold/** - Initial data for hospital structure
+
+## Docker Images
+
+All components are containerized and available on GitHub Container Registry:
+- `ghcr.io/helpwave/tasks-backend:latest`
+- `ghcr.io/helpwave/tasks-web:latest`
+- `ghcr.io/helpwave/tasks-simulator:latest`
+- `ghcr.io/helpwave/tasks-proxy:latest`
@@ -16,3 +16,7 @@ CLIENT_SECRET=tasks-secret
 FRONTEND_CLIENT_ID=tasks-web
 LOGGER=uvicorn
 SCAFFOLD_DIRECTORY=../scaffold
+INFLUXDB_URL=http://influxdb:8086
+INFLUXDB_TOKEN=tasks-token-secret
+INFLUXDB_ORG=tasks
+INFLUXDB_BUCKET=audit
@@ -6,7 +6,7 @@ ENV PIP_NO_WARN_ABOUT_ROOT_USER=1
 
 WORKDIR /build
 
-RUN apk update && apk upgrade --no-cache && apk add gcc musl-dev libffi-dev libressl-dev && apk add gcc musl-dev libffi-dev libressl-dev
+RUN apk add --no-cache gcc=15.2.0-r2 musl-dev=1.2.5-r21 libffi-dev=3.5.2-r0 libressl-dev=4.2.1-r0
 
 COPY requirements.txt /build
 
@@ -21,8 +21,6 @@ ENV PYTHONUNBUFFERED=1
 ENV PORT=80
 ENV HOST="0.0.0.0"
 
-RUN apk update && apk upgrade --no-cache
-
 COPY --from=builder /build/venv /usr/local/
 COPY . /app