From 7b0743495f4dcecff283afa2c01c1c45611ad965 Mon Sep 17 00:00:00 2001 From: Russell McCreath <33964310+rmccreath@users.noreply.github.com> Date: Mon, 7 Aug 2023 16:14:51 +0100 Subject: [PATCH 01/13] Draft Publish a Shiny App.md --- Shiny/Publish a Shiny App.md | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 Shiny/Publish a Shiny App.md diff --git a/Shiny/Publish a Shiny App.md b/Shiny/Publish a Shiny App.md new file mode 100644 index 0000000..9f3eff5 --- /dev/null +++ b/Shiny/Publish a Shiny App.md @@ -0,0 +1,42 @@ +# How to Publish (Deploy) a Shiny App + +At PHS, we currently use a server hosted on [shinyapps.io](http://shinyapps.io) to host Shiny apps. The server is located outside of the UK and hosted by Posit, which means that we can only host public-facing apps with no confidential data. If you have doubts about this for your app, you should contact the PHS Stats Gov (phs.statsgov@phs.scot) team to assess. + +> [!NOTE] +> There is work underway to provide a platform to host Shiny apps that use confidential data and allow for greater control over who and what can be viewed. This will use the Posit Connect software. + +## Deploying an App + +Once you have an app that you want to deploy, you will need to get in touch with one of [PHS’ Shiny server administrators](#shiny-server-administrators). and they will send you the details needed to deploy on the server. The details shared should never be shared more widely, this includes committing to git. + +The process to upload an app is very straightforward and requires only to: + +1. Fill in this form for each app instance. As this is a shared service, we need to know which apps belong to PHS, so we can contact app authors if there are any changes on the shiny.io server, and to allow for organisational oversight of our published content. + - As the shiny.io server is used by different public sector organisations we follow a naming convention to make things clearer, so your app will need to be named following this format: "phs-descriptive-name". +2. Run the “deploying_app” script you can find in the files section of this channel. + +### Adding Authentication to Apps + +It is possible to password-protect Shiny apps. To align with governance and data protection, the current agreement is that any protection should only be done only for a limited amount of time before publication for _testing_, _quality assurance_ and _pre-release access_ purposes. Password protection is set up by the app author using the package `{shinymanager}`. The steps are: + +1. Add the package `{shinymanager}` to your global script. +2. Add a function called “secure_app” at the beginning of the ui script. +3. Add lines 2 and 8-14 of this script to your server script. +4. Use the create credentials script from the files section of this channel to create the credentials used to login the app. +5. On publication day you then need to upload the app without the password protection. + +> [!NOTE] +> Before deploying an app, check that it works locally and that everything the app needs is in the app folder as through the upload process you basically upload your app folder to the server. +> All file paths need to be relative rather than absolute as well, as the app in the server won’t have access to PHS’ file structure. + +If something doesn’t work when your app is already in the server (but works locally) you can check the app logs using the command: + +`rsconnect::showLogs(appName=”... use app name here ...”)` + +It is sometimes tricky to spot the issue but the admins or other Shiny users would be happy to help. + +When you have uploaded an app to the server you will have a stand-alone website, but if you want to embed it in the PHS site then you will need to speak with the publications team (phs.statspublications@phs.scot) to arrange it. + +### Shiny Server Administrators + +[REDACTED] From 537e66f6019bba90222ea6a0e8ba6ae699cb6492 Mon Sep 17 00:00:00 2001 From: Russell McCreath <33964310+rmccreath@users.noreply.github.com> Date: Thu, 5 Sep 2024 11:50:46 +0100 Subject: [PATCH 02/13] Apply character format changes Co-authored-by: James McMahon --- Shiny/Publish a Shiny App.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Shiny/Publish a Shiny App.md b/Shiny/Publish a Shiny App.md index 9f3eff5..26066f0 100644 --- a/Shiny/Publish a Shiny App.md +++ b/Shiny/Publish a Shiny App.md @@ -13,25 +13,25 @@ The process to upload an app is very straightforward and requires only to: 1. Fill in this form for each app instance. As this is a shared service, we need to know which apps belong to PHS, so we can contact app authors if there are any changes on the shiny.io server, and to allow for organisational oversight of our published content. - As the shiny.io server is used by different public sector organisations we follow a naming convention to make things clearer, so your app will need to be named following this format: "phs-descriptive-name". -2. Run the “deploying_app” script you can find in the files section of this channel. +2. Run the "deploying_app" script you can find in the files section of this channel. ### Adding Authentication to Apps It is possible to password-protect Shiny apps. To align with governance and data protection, the current agreement is that any protection should only be done only for a limited amount of time before publication for _testing_, _quality assurance_ and _pre-release access_ purposes. Password protection is set up by the app author using the package `{shinymanager}`. The steps are: 1. Add the package `{shinymanager}` to your global script. -2. Add a function called “secure_app” at the beginning of the ui script. +2. Add a function called "secure_app" at the beginning of the ui script. 3. Add lines 2 and 8-14 of this script to your server script. 4. Use the create credentials script from the files section of this channel to create the credentials used to login the app. 5. On publication day you then need to upload the app without the password protection. > [!NOTE] > Before deploying an app, check that it works locally and that everything the app needs is in the app folder as through the upload process you basically upload your app folder to the server. -> All file paths need to be relative rather than absolute as well, as the app in the server won’t have access to PHS’ file structure. +> All file paths need to be relative rather than absolute as well, as the app in the server won't have access to PHS' file structure. If something doesn’t work when your app is already in the server (but works locally) you can check the app logs using the command: -`rsconnect::showLogs(appName=”... use app name here ...”)` +`rsconnect::showLogs(appName = "")` It is sometimes tricky to spot the issue but the admins or other Shiny users would be happy to help. From 9451e4fe728161507c34683a971cb3ab8fd745be Mon Sep 17 00:00:00 2001 From: Russell McCreath <33964310+rmccreath@users.noreply.github.com> Date: Thu, 5 Sep 2024 12:07:55 +0100 Subject: [PATCH 03/13] Add authentication process --- Shiny/Publish a Shiny App.md | 39 +++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/Shiny/Publish a Shiny App.md b/Shiny/Publish a Shiny App.md index 26066f0..fd1a934 100644 --- a/Shiny/Publish a Shiny App.md +++ b/Shiny/Publish a Shiny App.md @@ -3,7 +3,7 @@ At PHS, we currently use a server hosted on [shinyapps.io](http://shinyapps.io) to host Shiny apps. The server is located outside of the UK and hosted by Posit, which means that we can only host public-facing apps with no confidential data. If you have doubts about this for your app, you should contact the PHS Stats Gov (phs.statsgov@phs.scot) team to assess. > [!NOTE] -> There is work underway to provide a platform to host Shiny apps that use confidential data and allow for greater control over who and what can be viewed. This will use the Posit Connect software. +> There is work underway to provide a platform to host Shiny apps that use confidential data and allow for greater control over who and what can be viewed. This will use the Posit Connect software and is being managed by the Posit Programme. ## Deploying an App @@ -17,19 +17,40 @@ The process to upload an app is very straightforward and requires only to: ### Adding Authentication to Apps -It is possible to password-protect Shiny apps. To align with governance and data protection, the current agreement is that any protection should only be done only for a limited amount of time before publication for _testing_, _quality assurance_ and _pre-release access_ purposes. Password protection is set up by the app author using the package `{shinymanager}`. The steps are: - -1. Add the package `{shinymanager}` to your global script. -2. Add a function called "secure_app" at the beginning of the ui script. -3. Add lines 2 and 8-14 of this script to your server script. -4. Use the create credentials script from the files section of this channel to create the credentials used to login the app. +It is possible to password-protect Shiny apps. To align with governance and data protection, the current agreement is that any protection should only be done only for a limited amount of time before publication for _testing_, _quality assurance_ and _pre-release access_ purposes. Password protection can be set up by the app author using the package `{shinymanager}`. The steps are: + +1. Add the package `{shinymanager}` to your global script. + - e.g. `library(shinymanager)` +2. Add a function called [`secure_app()`](https://search.r-project.org/CRAN/refmans/shinymanager/html/secure-app.html) at the beginning of the ui script, this must encapsulate the UI. + - e.g. `ui <- secure_app(...)` +3. Create a credentials dataframe and save as an RDS file. + - e.g. + ``` + dir.create("shiny_app/admin/") + + credentials_df <- data.frame( + user = c("user1"), + password = c("password1"), + stringsAsFactors = FALSE) + + saveRDS(credentials_df, "shiny_app/admin/credentials.rds") + ``` +4. Add code to the server code to set up authentication. + - e.g. + ``` + # Import authentication credentials + credentials <- readRDS("admin/credentials.rds") + + # Apply shinymanager authentication + res_auth <- secure_server(check_credentials = check_credentials(credentials)) + ``` 5. On publication day you then need to upload the app without the password protection. > [!NOTE] -> Before deploying an app, check that it works locally and that everything the app needs is in the app folder as through the upload process you basically upload your app folder to the server. +> Before deploying an app, check that it works locally and that everything the app needs is in the app folder as through the upload process this is all that is uploaded to the server and therefore accessible to the deployed version. > All file paths need to be relative rather than absolute as well, as the app in the server won't have access to PHS' file structure. -If something doesn’t work when your app is already in the server (but works locally) you can check the app logs using the command: +If something doesn’t work when your app is already on the server (but works locally) you can check the app logs using the command: `rsconnect::showLogs(appName = "")` From 007afc85c64eeb7a9ec6251d5112f85d9106c510 Mon Sep 17 00:00:00 2001 From: rmccreath Date: Tue, 1 Oct 2024 14:47:56 +0100 Subject: [PATCH 04/13] Move to info sharing space and rename --- .../Deploying a Shiny App.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename Shiny/Publish a Shiny App.md => Information Sharing/Deploying a Shiny App.md (99%) diff --git a/Shiny/Publish a Shiny App.md b/Information Sharing/Deploying a Shiny App.md similarity index 99% rename from Shiny/Publish a Shiny App.md rename to Information Sharing/Deploying a Shiny App.md index fd1a934..906f074 100644 --- a/Shiny/Publish a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -1,4 +1,4 @@ -# How to Publish (Deploy) a Shiny App +# Deploying (Publishing) a Shiny App At PHS, we currently use a server hosted on [shinyapps.io](http://shinyapps.io) to host Shiny apps. The server is located outside of the UK and hosted by Posit, which means that we can only host public-facing apps with no confidential data. If you have doubts about this for your app, you should contact the PHS Stats Gov (phs.statsgov@phs.scot) team to assess. From 086834f777f896811431de95996755a3862cbe2f Mon Sep 17 00:00:00 2001 From: rmccreath Date: Tue, 1 Oct 2024 16:31:22 +0100 Subject: [PATCH 05/13] Update for new process and added context --- Information Sharing/Deploying a Shiny App.md | 117 ++++++++++++------- 1 file changed, 76 insertions(+), 41 deletions(-) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index 906f074..816cebf 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -1,63 +1,98 @@ # Deploying (Publishing) a Shiny App -At PHS, we currently use a server hosted on [shinyapps.io](http://shinyapps.io) to host Shiny apps. The server is located outside of the UK and hosted by Posit, which means that we can only host public-facing apps with no confidential data. If you have doubts about this for your app, you should contact the PHS Stats Gov (phs.statsgov@phs.scot) team to assess. +At PHS, we currently use [shinyapps.io](http://shinyapps.io) to host Shiny apps. The server is located outside of the UK and hosted by Posit, which means that we can only host public-facing apps with no confidential data. If you have doubts about this for your app, you should contact the PHS Stats Gov [phs.statsgov@phs.scot](mailto:phs.statsgov@phs.scot) team to assess. General [dashboard development guidance](https://public-health-scotland.github.io/knowledge-base/docs/Information%20Sharing?doc=Dashboard%20development%20guidance.md) is available and should be followed when developing apps, prior to deployment. > [!NOTE] -> There is work underway to provide a platform to host Shiny apps that use confidential data and allow for greater control over who and what can be viewed. This will use the Posit Connect software and is being managed by the Posit Programme. - -## Deploying an App - -Once you have an app that you want to deploy, you will need to get in touch with one of [PHS’ Shiny server administrators](#shiny-server-administrators). and they will send you the details needed to deploy on the server. The details shared should never be shared more widely, this includes committing to git. - -The process to upload an app is very straightforward and requires only to: - -1. Fill in this form for each app instance. As this is a shared service, we need to know which apps belong to PHS, so we can contact app authors if there are any changes on the shiny.io server, and to allow for organisational oversight of our published content. - - As the shiny.io server is used by different public sector organisations we follow a naming convention to make things clearer, so your app will need to be named following this format: "phs-descriptive-name". -2. Run the "deploying_app" script you can find in the files section of this channel. +> There is work underway to provide a platform to host Shiny apps and another information products that may use confidential data and allow for greater control over who and what can be viewed. This will use the Posit Connect software and is being managed by the Posit Programme. + +## General Guidance + +There are some key points to consider before deploying an app: + +* **Data**: Ensure that the data used in the app is not confidential and can be shared publicly. If you are unsure, contact the [PHS Stats Gov team](mailto:phs.statsgov@phs.scot). +* **Accessibility**: Ensure that the app is accessible to all users. +* **Testing**: Test the app locally before deploying it to the server, considering user experience and functionality, performance, and security. + +Shiny apps should also be deployed with the following considerations in mind: + +* Each app should have a specific purpose and be updated over time. This means that deployments should be minimised, with most apps requiring only 1 or 2 versions: a live version and a PRA version where required (some using a test version for limited periods). +* Follow naming conventions for apps, which should be named following the format `phs-descriptive-name`, noting the `phs-` prefix. + * PRA versions should have a `-pra` suffix added, e.g. `phs-descriptive-name-pra`. + * Test versions should have a `-test` suffix added, e.g. `phs-descriptive-name-test`. + * This name is what will be noted in the URL for the app, e.g. `scotland.shinyapps.io/phs-descriptive-name`, it doesn't need to be the same as the app title, directory or .RProj file. +* PRA deployments should: + * Be password-protected using `{shinymanager}`. + * Have a disclaimer on the app with details of the purpose. + * Have limited access to only those who need to see the app. +* Test deployments should include all restrictions as with PRA versions, but also: + * Use only dummy or anonymised data. +* Live deployments should never have password protection and be updated (not deploying a separate app) as per the publication timetable or as required. + +## Deploying a Shiny App + +The process to deploy an app uses the `{rsconnect}` package, with the process outlined below: + +1. Complete [this form](https://forms.office.com/e/shBeTxkvBD) for each new app to be deployed. + _As shinyapps.io is a shared service, we need to know which apps belong to PHS. This allows organisational oversight of published content and clear contacts with app authors if there are any changes on the server._ + This will also send an automated message containing the deployment authentication details. These are general purpose and can be used for multiple deployments. + > [!WARNING] + > The details should be kept secure and not shared more widely, this includes committing to git. +2. Connect to the shinyapps.io server using the credentials from the previous step (this should only need to be done once): + ``` + rsconnect::setAccountInfo( + name = "scotland", + token = "REDACTED", + secret = "REDACTED" + ) + ``` +3. Deploy the app: + ``` + rsconnect::deployApp( + appDir = "path/to/app", + appName = "phs-descriptive-name" + ) + ``` ### Adding Authentication to Apps -It is possible to password-protect Shiny apps. To align with governance and data protection, the current agreement is that any protection should only be done only for a limited amount of time before publication for _testing_, _quality assurance_ and _pre-release access_ purposes. Password protection can be set up by the app author using the package `{shinymanager}`. The steps are: +It is possible to password-protect Shiny apps. To align with governance and data protection, the current agreement is that any protection should only be done only for a limited amount of time before publication for _testing_, _quality assurance_ and _pre-release access_ purposes. Password protection can be set up by the app author using the package `{shinymanager}`. The steps are: 1. Add the package `{shinymanager}` to your global script. - - e.g. `library(shinymanager)` + * e.g. `library(shinymanager)` 2. Add a function called [`secure_app()`](https://search.r-project.org/CRAN/refmans/shinymanager/html/secure-app.html) at the beginning of the ui script, this must encapsulate the UI. - - e.g. `ui <- secure_app(...)` + * e.g. `ui <- secure_app(...)` 3. Create a credentials dataframe and save as an RDS file. - - e.g. - ``` - dir.create("shiny_app/admin/") - - credentials_df <- data.frame( - user = c("user1"), - password = c("password1"), - stringsAsFactors = FALSE) - - saveRDS(credentials_df, "shiny_app/admin/credentials.rds") - ``` + * e.g. + ``` + dir.create("shiny_app/admin/") + + credentials_df <- data.frame( + user = c("user1"), + password = c("password1"), + stringsAsFactors = FALSE + ) + + saveRDS(credentials_df, "shiny_app/admin/credentials.rds") + ``` 4. Add code to the server code to set up authentication. - - e.g. - ``` - # Import authentication credentials - credentials <- readRDS("admin/credentials.rds") + * e.g. + ``` + # Import authentication credentials + credentials <- readRDS("admin/credentials.rds") - # Apply shinymanager authentication - res_auth <- secure_server(check_credentials = check_credentials(credentials)) - ``` -5. On publication day you then need to upload the app without the password protection. + # Apply shinymanager authentication + res_auth <- secure_server(check_credentials = check_credentials(credentials)) + ``` +5. On publication day you then need to deploy the live app version, without the password protection. > [!NOTE] -> Before deploying an app, check that it works locally and that everything the app needs is in the app folder as through the upload process this is all that is uploaded to the server and therefore accessible to the deployed version. -> All file paths need to be relative rather than absolute as well, as the app in the server won't have access to PHS' file structure. +> Before deploying an app, check that it works locally and all data and other files are stored with the app or accessible to the general internet. Once deployed the app will be a stand-alone website and won't have access to PHS' systems and file structure. +> Similarly, all file paths need to be relative rather than absolute as well, as the app in the server won't have access to PHS' file structure. If something doesn’t work when your app is already on the server (but works locally) you can check the app logs using the command: `rsconnect::showLogs(appName = "")` -It is sometimes tricky to spot the issue but the admins or other Shiny users would be happy to help. +It is sometimes tricky to spot the issue but other Shiny users across are very supportive, and there are a couple of Shiny Server Administrators who can check the server side for more details. To get help, you can post a message on the R Shiny channel on the Data & Intelligence Forum, tagging `@shinyadmin` to get the attention of the Shiny admins. When you have uploaded an app to the server you will have a stand-alone website, but if you want to embed it in the PHS site then you will need to speak with the publications team (phs.statspublications@phs.scot) to arrange it. - -### Shiny Server Administrators - -[REDACTED] From b4ab9a44cf02fb25daf23aa3fbf2b789e16821a3 Mon Sep 17 00:00:00 2001 From: rmccreath Date: Tue, 1 Oct 2024 16:38:27 +0100 Subject: [PATCH 06/13] Add troubleshooting section --- Information Sharing/Deploying a Shiny App.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index 816cebf..1a4eff8 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -85,6 +85,8 @@ It is possible to password-protect Shiny apps. To align with governance and data ``` 5. On publication day you then need to deploy the live app version, without the password protection. +### Troubleshooting + > [!NOTE] > Before deploying an app, check that it works locally and all data and other files are stored with the app or accessible to the general internet. Once deployed the app will be a stand-alone website and won't have access to PHS' systems and file structure. > Similarly, all file paths need to be relative rather than absolute as well, as the app in the server won't have access to PHS' file structure. From 683cf146d82d13d2eb2bfaa6026617c80a14beaa Mon Sep 17 00:00:00 2001 From: Russell McCreath <33964310+rmccreath@users.noreply.github.com> Date: Wed, 23 Oct 2024 11:07:53 +0100 Subject: [PATCH 07/13] Add description of deployApp --- Information Sharing/Deploying a Shiny App.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index 1a4eff8..6f6df7c 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -45,7 +45,7 @@ The process to deploy an app uses the `{rsconnect}` package, with the process ou secret = "REDACTED" ) ``` -3. Deploy the app: +3. Deploy the app (this function bundles the application and sends to the shinyapps.io service, it should be ran for deployment only and not added to the application codebase): ``` rsconnect::deployApp( appDir = "path/to/app", From 7a14883bb0b308c6b2c1f5a2b64c22799fcdd54d Mon Sep 17 00:00:00 2001 From: Russell McCreath <33964310+rmccreath@users.noreply.github.com> Date: Wed, 23 Oct 2024 11:21:30 +0100 Subject: [PATCH 08/13] Add profvis to troubleshooting --- Information Sharing/Deploying a Shiny App.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index 6f6df7c..7de9506 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -95,6 +95,8 @@ If something doesn’t work when your app is already on the server (but works lo `rsconnect::showLogs(appName = "")` +If performance is a concern, this should be notable during development but can become more of a problem after deployment with limited resources and sessions covering multiple users. The [`{profvis}`](https://profvis.r-lib.org/index.html) is an interactive tool for visualising code profiling data and can be useful for identifying where bottlenecks or performance issues are within an application. + It is sometimes tricky to spot the issue but other Shiny users across are very supportive, and there are a couple of Shiny Server Administrators who can check the server side for more details. To get help, you can post a message on the R Shiny channel on the Data & Intelligence Forum, tagging `@shinyadmin` to get the attention of the Shiny admins. When you have uploaded an app to the server you will have a stand-alone website, but if you want to embed it in the PHS site then you will need to speak with the publications team (phs.statspublications@phs.scot) to arrange it. From c7a3db4e4f14c0a70481bef4d3eca37b394ebb15 Mon Sep 17 00:00:00 2001 From: Russell McCreath <33964310+rmccreath@users.noreply.github.com> Date: Wed, 23 Oct 2024 11:26:20 +0100 Subject: [PATCH 09/13] Update tag group name --- Information Sharing/Deploying a Shiny App.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index 7de9506..0251f75 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -97,6 +97,6 @@ If something doesn’t work when your app is already on the server (but works lo If performance is a concern, this should be notable during development but can become more of a problem after deployment with limited resources and sessions covering multiple users. The [`{profvis}`](https://profvis.r-lib.org/index.html) is an interactive tool for visualising code profiling data and can be useful for identifying where bottlenecks or performance issues are within an application. -It is sometimes tricky to spot the issue but other Shiny users across are very supportive, and there are a couple of Shiny Server Administrators who can check the server side for more details. To get help, you can post a message on the R Shiny channel on the Data & Intelligence Forum, tagging `@shinyadmin` to get the attention of the Shiny admins. +It is sometimes tricky to spot the issue but other Shiny users across are very supportive, and there are a couple of Shiny Server Administrators who can check the server side for more details. To get help, you can post a message on the R Shiny channel on the Data & Intelligence Forum, tagging `@ShinyAdmins` to get the attention of the Shiny admins. When you have uploaded an app to the server you will have a stand-alone website, but if you want to embed it in the PHS site then you will need to speak with the publications team (phs.statspublications@phs.scot) to arrange it. From 1cf563e49750faf9c10095cdc8cfeb60b9729483 Mon Sep 17 00:00:00 2001 From: Russell McCreath <33964310+rmccreath@users.noreply.github.com> Date: Thu, 7 Nov 2024 10:09:39 +0000 Subject: [PATCH 10/13] Fix typo Co-authored-by: James Fixter <74598550+JFix89@users.noreply.github.com> --- Information Sharing/Deploying a Shiny App.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index 0251f75..d46e057 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -95,7 +95,7 @@ If something doesn’t work when your app is already on the server (but works lo `rsconnect::showLogs(appName = "")` -If performance is a concern, this should be notable during development but can become more of a problem after deployment with limited resources and sessions covering multiple users. The [`{profvis}`](https://profvis.r-lib.org/index.html) is an interactive tool for visualising code profiling data and can be useful for identifying where bottlenecks or performance issues are within an application. +If performance is a concern, this should be notable during development but can become more of a problem after deployment with limited resources and sessions covering multiple users. The [`{profvis}`](https://profvis.r-lib.org/index.html) package is an interactive tool for visualising code profiling data and can be useful for identifying where bottlenecks or performance issues are within an application. It is sometimes tricky to spot the issue but other Shiny users across are very supportive, and there are a couple of Shiny Server Administrators who can check the server side for more details. To get help, you can post a message on the R Shiny channel on the Data & Intelligence Forum, tagging `@ShinyAdmins` to get the attention of the Shiny admins. From c20ac97abffed245fed23fc3d4749d8d5d1d7909 Mon Sep 17 00:00:00 2001 From: rmccreath Date: Thu, 7 Nov 2024 10:22:31 +0000 Subject: [PATCH 11/13] Add app removal process --- Information Sharing/Deploying a Shiny App.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index d46e057..84b6afe 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -100,3 +100,19 @@ If performance is a concern, this should be notable during development but can b It is sometimes tricky to spot the issue but other Shiny users across are very supportive, and there are a couple of Shiny Server Administrators who can check the server side for more details. To get help, you can post a message on the R Shiny channel on the Data & Intelligence Forum, tagging `@ShinyAdmins` to get the attention of the Shiny admins. When you have uploaded an app to the server you will have a stand-alone website, but if you want to embed it in the PHS site then you will need to speak with the publications team (phs.statspublications@phs.scot) to arrange it. + +## Deleting a Shiny App + +There are a few reasons why you might want to delete a Shiny app from the server, such as if it is no longer needed or if it is being replaced by a new version. To remove an app from shinyapps.io, there is a 2-step process: + +1. The application must first be archived, this stops any currently running sessions and prevents new sessions from starting. This is done using the following command: + ``` + rsconnect::terminateApp(appName = "phs-descriptive-name") + ``` +2. The application can then be deleted using the following command: + ``` + rsconnect::purgeApp(appName = "phs-descriptive-name") + ``` + +> [!NOTE] +> Archiving an app is an essential part of the process that cannot be skipped. Where an app has been archived and not deleted, the shinyapps.io admins will periodically delete these apps as part of normal server maintenance. From 513c2abbf4ffdf0fa2aa48b71a6a9b140934ce53 Mon Sep 17 00:00:00 2001 From: rmccreath Date: Thu, 7 Nov 2024 10:29:06 +0000 Subject: [PATCH 12/13] Add contents section --- Information Sharing/Deploying a Shiny App.md | 52 ++++++++++++-------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index 84b6afe..0c3e886 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -5,28 +5,38 @@ At PHS, we currently use [shinyapps.io](http://shinyapps.io) to host Shiny apps. > [!NOTE] > There is work underway to provide a platform to host Shiny apps and another information products that may use confidential data and allow for greater control over who and what can be viewed. This will use the Posit Connect software and is being managed by the Posit Programme. +## Contents + +- [Deploying (Publishing) a Shiny App](#deploying-publishing-a-shiny-app) + - [Contents](#contents) + - [General Guidance](#general-guidance) + - [Deploying a Shiny App](#deploying-a-shiny-app) + - [Adding Authentication to Apps](#adding-authentication-to-apps) + - [Troubleshooting](#troubleshooting) + - [Deleting a Shiny App](#deleting-a-shiny-app) + ## General Guidance There are some key points to consider before deploying an app: -* **Data**: Ensure that the data used in the app is not confidential and can be shared publicly. If you are unsure, contact the [PHS Stats Gov team](mailto:phs.statsgov@phs.scot). -* **Accessibility**: Ensure that the app is accessible to all users. -* **Testing**: Test the app locally before deploying it to the server, considering user experience and functionality, performance, and security. +- **Data**: Ensure that the data used in the app is not confidential and can be shared publicly. If you are unsure, contact the [PHS Stats Gov team](mailto:phs.statsgov@phs.scot). +- **Accessibility**: Ensure that the app is accessible to all users. +- **Testing**: Test the app locally before deploying it to the server, considering user experience and functionality, performance, and security. Shiny apps should also be deployed with the following considerations in mind: -* Each app should have a specific purpose and be updated over time. This means that deployments should be minimised, with most apps requiring only 1 or 2 versions: a live version and a PRA version where required (some using a test version for limited periods). -* Follow naming conventions for apps, which should be named following the format `phs-descriptive-name`, noting the `phs-` prefix. - * PRA versions should have a `-pra` suffix added, e.g. `phs-descriptive-name-pra`. - * Test versions should have a `-test` suffix added, e.g. `phs-descriptive-name-test`. - * This name is what will be noted in the URL for the app, e.g. `scotland.shinyapps.io/phs-descriptive-name`, it doesn't need to be the same as the app title, directory or .RProj file. -* PRA deployments should: - * Be password-protected using `{shinymanager}`. - * Have a disclaimer on the app with details of the purpose. - * Have limited access to only those who need to see the app. -* Test deployments should include all restrictions as with PRA versions, but also: - * Use only dummy or anonymised data. -* Live deployments should never have password protection and be updated (not deploying a separate app) as per the publication timetable or as required. +- Each app should have a specific purpose and be updated over time. This means that deployments should be minimised, with most apps requiring only 1 or 2 versions: a live version and a PRA version where required (some using a test version for limited periods). +- Follow naming conventions for apps, which should be named following the format `phs-descriptive-name`, noting the `phs-` prefix. + - PRA versions should have a `-pra` suffix added, e.g. `phs-descriptive-name-pra`. + - Test versions should have a `-test` suffix added, e.g. `phs-descriptive-name-test`. + - This name is what will be noted in the URL for the app, e.g. `scotland.shinyapps.io/phs-descriptive-name`, it doesn't need to be the same as the app title, directory or .RProj file. +- PRA deployments should: + - Be password-protected using `{shinymanager}`. + - Have a disclaimer on the app with details of the purpose. + - Have limited access to only those who need to see the app. +- Test deployments should include all restrictions as with PRA versions, but also: + - Use only dummy or anonymised data. +- Live deployments should never have password protection and be updated (not deploying a separate app) as per the publication timetable or as required. ## Deploying a Shiny App @@ -58,11 +68,11 @@ The process to deploy an app uses the `{rsconnect}` package, with the process ou It is possible to password-protect Shiny apps. To align with governance and data protection, the current agreement is that any protection should only be done only for a limited amount of time before publication for _testing_, _quality assurance_ and _pre-release access_ purposes. Password protection can be set up by the app author using the package `{shinymanager}`. The steps are: 1. Add the package `{shinymanager}` to your global script. - * e.g. `library(shinymanager)` + - e.g. `library(shinymanager)` 2. Add a function called [`secure_app()`](https://search.r-project.org/CRAN/refmans/shinymanager/html/secure-app.html) at the beginning of the ui script, this must encapsulate the UI. - * e.g. `ui <- secure_app(...)` + - e.g. `ui <- secure_app(...)` 3. Create a credentials dataframe and save as an RDS file. - * e.g. + - e.g. ``` dir.create("shiny_app/admin/") @@ -75,7 +85,7 @@ It is possible to password-protect Shiny apps. To align with governance and data saveRDS(credentials_df, "shiny_app/admin/credentials.rds") ``` 4. Add code to the server code to set up authentication. - * e.g. + - e.g. ``` # Import authentication credentials credentials <- readRDS("admin/credentials.rds") @@ -91,7 +101,7 @@ It is possible to password-protect Shiny apps. To align with governance and data > Before deploying an app, check that it works locally and all data and other files are stored with the app or accessible to the general internet. Once deployed the app will be a stand-alone website and won't have access to PHS' systems and file structure. > Similarly, all file paths need to be relative rather than absolute as well, as the app in the server won't have access to PHS' file structure. -If something doesn’t work when your app is already on the server (but works locally) you can check the app logs using the command: +If something doesn't work when your app is already on the server (but works locally) you can check the app logs using the command: `rsconnect::showLogs(appName = "")` @@ -99,7 +109,7 @@ If performance is a concern, this should be notable during development but can b It is sometimes tricky to spot the issue but other Shiny users across are very supportive, and there are a couple of Shiny Server Administrators who can check the server side for more details. To get help, you can post a message on the R Shiny channel on the Data & Intelligence Forum, tagging `@ShinyAdmins` to get the attention of the Shiny admins. -When you have uploaded an app to the server you will have a stand-alone website, but if you want to embed it in the PHS site then you will need to speak with the publications team (phs.statspublications@phs.scot) to arrange it. +When you have uploaded an app to the server you will have a stand-alone website, but if you want to embed it in the PHS site then you will need to speak with the publications team () to arrange it. ## Deleting a Shiny App From 260e331ed0dde23a6bc44ac419e81d3b397d6ad6 Mon Sep 17 00:00:00 2001 From: Russell McCreath <33964310+rmccreath@users.noreply.github.com> Date: Thu, 7 Nov 2024 13:57:49 +0000 Subject: [PATCH 13/13] Add additional data security principles --- Information Sharing/Deploying a Shiny App.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Information Sharing/Deploying a Shiny App.md b/Information Sharing/Deploying a Shiny App.md index 0c3e886..757ea62 100644 --- a/Information Sharing/Deploying a Shiny App.md +++ b/Information Sharing/Deploying a Shiny App.md @@ -19,7 +19,7 @@ At PHS, we currently use [shinyapps.io](http://shinyapps.io) to host Shiny apps. There are some key points to consider before deploying an app: -- **Data**: Ensure that the data used in the app is not confidential and can be shared publicly. If you are unsure, contact the [PHS Stats Gov team](mailto:phs.statsgov@phs.scot). +- **Data**: Ensure that the data used in the app is not confidential and can be shared publicly. This is a requirement for all data within the app, including the data files stored alongside the codebase (backend), anything used or created as part of in-app processing, and all output on tables, visualisations, or downloadable content. If you are unsure, contact the [PHS Stats Gov team](mailto:phs.statsgov@phs.scot). - **Accessibility**: Ensure that the app is accessible to all users. - **Testing**: Test the app locally before deploying it to the server, considering user experience and functionality, performance, and security.