fasten-onprem VS cli

Interestingly your [1] citation may no longer be the case. The 21st Century Cures Act was signed 8 years ago (but compliance was only required as of 2023). It states that Healthcare Institutions (& EHR developers) must provide a mechanism for patients to access their health records electronically in a standardized format (FHIR).

It's what allowed my open-source startup Fasten Health to even exist. I was diagnosed with a chronic condition, and wanted a way to store my health records privately on my own devices. A bit of luck and a POC later, I was able to confirm that patients can access their own records with little-to-no barriers.

https://github.com/fastenhealth/fasten-onprem

Is anyone running fasten with postgres? Is it faster? If so, could you share your docker-compose and config.yaml? Thanks!

I'm actually working on an open-source Personal Health Record (PHR) app called Fasten Health - https://github.com/fastenhealth/fasten-onprem

It allows patients to pull their complete medical history from their various healthcare institutions, and store it locally without having to worry about some corporation monetizing and data-mining their health record

So 1yr ago, I decided to build it myself, and posted about it on reddit

So I finally took the plunge and decided to commit to working on my project full-time - Fasten Health, an Open-source Personal Health Record aggregator

I've been working on my own Open-Source Personal Health Record (PHR) that leverages FHIR & Smart-on-FHIR https://github.com/fastenhealth/fasten-onprem

Hopefully with the Cures Act Final Rule, interoperability will become the norm

Fasten Health v0.1.2 has been released!

Basically my application Fasten Health is designed to allow patients to pull their medical records from healthcare institutions — of with there are 10,000 currently supported, and 100,000s of thousands in the US.

Fasten - Fasten is an open-source, self-hosted, personal/family electronic medical record aggregator, designed to integrate with 1000's of insurances/hospitals/clinics.

Hey HN! I'm Jacob, one of the founders of Depot (https://depot.dev), a build service for Docker images, and I'm excited to show what we’ve been working on for the past few months: run GitHub Actions jobs in AWS, orchestrated by Depot!

Here's a video demo: https://www.youtube.com/watch?v=VX5Z-k1mGc8, and here’s our blog post: https://depot.dev/blog/depot-github-actions-runners.

While GitHub Actions is one of the most prevalent CI providers, Actions is slow, for a few reasons: GitHub uses underpowered CPUs, network throughput for cache and the internet at large is capped at 1 Gbps, and total cache storage is limited to 10GB per repo. It is also rather expensive for runners with more than 2 CPUs, and larger runners frequently take a long time to start running jobs.

Depot-managed runners solve this! Rather than your CI jobs running on GitHub's slow compute, Depot routes those same jobs to fast EC2 instances. And not only is this faster, it’s also 1/2 the cost of GitHub Actions!

We do this by launching a dedicated instance for each job, registering that instance as a self-hosted Actions runner in your GitHub organization, then terminating the instance when the job is finished. Using AWS as the compute provider has a few advantages:

- CPUs are typically 30%+ more performant than alternatives (the m7a instance type).

- Each instance has high-throughput networking of up to 12.5 Gbps, hosted in us-east-1, so interacting with artifacts, cache, container registries, or the internet at large is quick.

- Each instance has a public IPv4 address, so it does not share rate limits with anyone else.

We integrated the runners with the distributed cache system (backed by S3 and Ceph) that we use for Docker build cache, so jobs automatically save / restore cache from this cache system, with speeds of up to 1 GB/s, and without the default 10 GB per repo limit.

Building this was a fun challenge; some matrix workflows start 40+ jobs at once, then requiring 40 EC2 instances to launch at once.

We’ve effectively gotten very good at starting EC2 instances with a "warm pool" system which allows us to prepare many EC2 instances to run a job, stop them, then resize and start them when an actual job request arrives, to keep job queue times around 5 seconds. We're using a homegrown orchestration system, as alternatives like autoscaling groups or Kubernetes weren't fast or secure enough.

There are three alternatives to our managed runners currently:

1. GitHub offers larger runners: these have more CPUs, but still have slow network and cache. Depot runners are also 1/2 the cost per minute of GitHub's runners.

2. You can self-host the Actions runner on your own compute: this requires ongoing maintenance, and it can be difficult to ensure that the runner image or container matches GitHub's.

3. There are other companies offering hosted GitHub Actions runners, though they frequently use cheaper compute hosting providers that are bottlenecked on network throughput or geography.

Any feedback is very welcome! You can sign up at https://depot.dev/sign-up for a free trial if you'd like to try it out on your own workflows. We aren't able to offer a trial without a signup gate, both because using it requires installing a GitHub app, and we're offering build compute, so we need some way to keep out the cryptominers :)

Depot [0] founder here. Thanks for the mention. We're also planning on bringing a bit of a different take to GitHub Action runners that's not tied to Hetzner directly. It will be entirely open-source as well, so you can take it and run it on your own instances if you'd like. Similar to how Depot supports self-hosted builders in your own AWS account [1].

[0] https://depot.dev/

[1] https://depot.dev/docs/self-hosted/architecture

Dive is an amazing tool in the container/Docker space. It makes life so much easier to debug what is actually in your container. When we were first getting started with Depot [0], we often got asked how to reduce image size as well as make builds faster. So we wrote up a quick blog post that shows how to use Dive to help with that problem [1]. It might be a bit dated now, but in case it helps a future person.

Dive also inspired us to make it easier to surface what is actually in your build context, on every build. So we shipped that as a feature in Depot a few weeks back.

[0] https://depot.dev

If you want to learn more about how Depot can help you optimize your Docker image builds, sign up for our free trial.

We have this with https://depot.dev out of the box. You connect to a native BuildKit and run your Docker image build on native Intel and Arm CPUs with fast persistent SSD cache orchestrated across builds. It’s immediately there on the next build without having to save/load it over the network.

We use Loops to power the core of our email things for Depot [0] and it's been quite a breeze to use.

I think there are some logic things to get right at the API level, like should I use events or contact properties to trigger loops? We're working on some of that and wish the guidance was a bit better/clearer, at the moment, any properties you send with an event get added to the contact, so it seems like contact properties are the way to go.

My last request would be to support array properties on contacts as a given contact could be in multiple "things".

[0] https://depot.dev/

We encountered a specific GitHub Actions restriction at Depot[0]: for pull_request workflows that originate from open-source forks, Actions disables access to all repository secrets and to the Actions OIDC issuer, as a security mechanism to deny untrusted code access to those secrets.

But we needed a way to authenticate our CLI within those public workflows. This OIDC issuer is the result of that need, and works like so:

1. The pull_request workflow makes a "claim request" to the OIDC issuer, claiming certain details about the workflow like the ID, run ID, repository, etc.

2. The OIDC issuer responds with a "challenge code" that the workflow must periodically print to its logs

3. The OIDC issuer connects to the GitHub Actions websocket endpoint for log streaming, validates that the challenge code is being printed, then returns a new OIDC token to the workflow

This is working well for us, and lets us acquire an OIDC token similar to the GitHub Actions native OIDC token. The issuer itself runs as a Cloudflare Worker.

Happy to answer questions and I'd love any feedback you may have!

[0] https://depot.dev

To optimize build speed, cache hits, and registry storage, we're building each image reproducibly and indexing the contents with eStargz[0]. The image is stored on Cloudflare R2, and served via a Cloudflare Worker. Everything is open source[1]!

Compared to alternatives like `git lfs clone` or downloading your model at runtime, embedding it with `COPY` produces layers that are cache-stable, with identical hash digests across rebuilds. This means they can be fully cached, even if your base image or source code changes.

And for Docker builders that enable eStargz, copying single files from the image will download only the requested files. eStargz can be enabled in a variety of image builders[2], and we’ve enabled it by default on Depot[3].

Here’s an announcement post with more details: https://depot.dev/blog/depot-ai.

We’d love to hear any feedback you may have!

[0] https://github.com/containerd/stargz-snapshotter/blob/main/docs/estargz.md

[1] https://github.com/depot/depot.ai

[2] https://github.com/containerd/stargz-snapshotter/blob/main/docs/integration.md#image-builders

[3] https://depot.dev

We use Resend for our transactional email at https://depot.dev after migrating away from Postmark following their acquisition. It's been awesome so far and because our app is Remix underneath the hood, it was delightfully easy to get our emails exactly how we wanted them.

The visibility into what emails have been sent, to who, and what the content was is also incredibly helpful when we are talking about transactional emails. Double bonus for being able to share that email as well.