FHIR IG – Build & Deployment

This repository contains a FHIR Implementation Guide (IG) and two GitHub Actions workflows:

Build & Push Builder Image – builds a reusable Docker image with all IG tooling
Build & Publish IG to S3 – uses that image to build and publish the IG

The design goal is deterministic, reproducible IG builds with zero toolchain setup on CI runners.

Repository layout

.
├── TASMC/                 # FHIR Implementation Guide root
│   ├── input/
│   ├── fsh/
│   ├── ig.ini
│   └── output/            # Generated IG (cleaned on every build)
├── Dockerfile             # IG Builder image
└── .github/workflows/

Workflow 1: Build & Publish IG Builder Image

Purpose

Builds a Docker image that contains:

Java
FHIR IG Publisher
SUSHI
Node / Ruby / Jekyll
All other IG build dependencies

This image is published to GitHub Container Registry (GHCR) and reused by the IG build workflow.

Trigger

Manual (workflow_dispatch)

Output

Docker image pushed to GHCR

ghcr.io/<owner>/ig-builder:latest

Notes

Tool versions are intentionally pinned
This workflow can be disabled once the image is built and validated

Workflow 2: Build & Deploy IG

Purpose

Builds the FHIR IG inside the builder Docker image and deploys the generated output to S3.

Trigger

Push to main
Manual (workflow_dispatch)

Steps

Checkout repository
Authenticate to GHCR
Pull IG Builder image
Clean TASMC/output
Build IG inside the container
Sync output to S3

Deployment target

s3://<bucket>/current

Local build (same as CI)

To build the IG locally using the same container as CI:

docker run --rm -v "$PWD:/work" ghcr.io/<owner>/ig-builder:latest -ig TASMC

Notes

Repository root is mounted to /work
TASMC is passed as the IG directory
Output is written to TASMC/output

This is 1:1 identical to the GitHub Actions build.

AWS credentials

The deployment workflow uses static AWS credentials stored as GitHub Secrets:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION
S3_BUCKET

No AWS tooling is required locally unless deploying manually.

Design principles

No tool installation in CI
Reproducible, pinned toolchain
Containerized IG builds
Clean output on every run
CI behavior identical to local builds

Notes

SUSHI version warnings are informational only
Tool upgrades are done by rebuilding the builder image
The builder workflow can be disabled after publishing the image

Name		Name	Last commit message	Last commit date
Latest commit History 75 Commits
.github/workflows		.github/workflows
TASMC		TASMC
examples to check		examples to check
webroot		webroot
.gitignore		.gitignore
Dockerfile		Dockerfile
createManifest.js		createManifest.js
downloadValidator.js		downloadValidator.js
ig.ini		ig.ini
installJava.js		installJava.js
package-lock.json		package-lock.json
package.json		package.json
readme.md		readme.md
sushi-config.yaml		sushi-config.yaml
sushi-dependencies.py		sushi-dependencies.py
updateRuleSet.js		updateRuleSet.js
utils.js		utils.js
validateExamples.js		validateExamples.js
validateIg.js		validateIg.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

FHIR IG – Build & Deployment

Repository layout

Workflow 1: Build & Publish IG Builder Image

Workflow 2: Build & Deploy IG

Local build (same as CI)

AWS credentials

Design principles

Notes

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

FHIR IG – Build & Deployment

Repository layout

Workflow 1: Build & Publish IG Builder Image

Workflow 2: Build & Deploy IG

Local build (same as CI)

AWS credentials

Design principles

Notes

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages