README Updates

[Matt5981]

Adds additional information to README.md

Summary by Sourcery

Update project documentation and add standard GitHub issue templates.

Documentation:

• Expand README with an architectural overview, deployment prerequisites, setup steps, access details, and analysis guidance.
• Document licensing and support contact information in the README.

Chores:

• Add GitHub issue templates for bug reports and feature requests to standardize incoming issues.

[sourcery-ai]

Reviewer's Guide

Updates project documentation by expanding the README with a full product overview and deployment/usage guide for PA-Cloud, and adds standard GitHub issue templates for bugs and feature requests.

Sequence diagram for PA-Cloud user authentication and analysis workflow

sequenceDiagram
    actor User
    participant Browser
    participant PublicDNS as Route53DNS
    participant JupyterHub as JupyterHubEC2
    participant Keycloak
    participant InternalDNS
    participant DataSHIELD as DataSHIELDServer

    User ->> Browser: Enter analytics domain URL
    Browser ->> PublicDNS: Resolve analytics hostname
    PublicDNS -->> Browser: JupyterHub IP
    Browser ->> JupyterHub: HTTPS request to JupyterHub
    JupyterHub ->> User: Redirect to identity domain

    User ->> Browser: Follow redirect to identity domain
    Browser ->> PublicDNS: Resolve identity hostname
    PublicDNS -->> Browser: Keycloak IP
    Browser ->> Keycloak: HTTPS request to Keycloak login
    User ->> Keycloak: Submit credentials via Browser
    Keycloak -->> Browser: Authentication success and token
    Browser ->> JupyterHub: Return to JupyterHub with token
    JupyterHub ->> Keycloak: Validate token
    Keycloak -->> JupyterHub: Token valid
    JupyterHub -->> User: JupyterHub interface and spawn notebook server

    User ->> Browser: Open notebook and run DataSHIELD code
    Browser ->> JupyterHub: Execute notebook cell
    JupyterHub ->> InternalDNS: Resolve cohortname.pacloud.internal
    InternalDNS -->> JupyterHub: DataSHIELD server IP
    JupyterHub ->> DataSHIELD: Establish secure connection over VPN
    JupyterHub ->> DataSHIELD: Send federated analysis commands
    DataSHIELD -->> JupyterHub: Return non-disclosive aggregate results
    JupyterHub -->> Browser: Display analysis results to user

Loading

File-Level Changes

Change	Details	Files
Expand README with product, architecture, deployment, and usage documentation for PA-Cloud.	Replace brief Terraform-focused description with a high-level overview of PA-Cloud and its purpose. Add an architectural overview describing AWS resources, DataSHIELD cohorts, VPN topology, JupyterHub, and Keycloak-based authentication. Document prerequisites for deploying PA-Cloud, including AWS, Terraform, and cohort server requirements. Provide step-by-step Terraform deployment workflow, including SSH key setup, cohort configuration, planning and applying changes, and plan review warnings. Add access instructions for the deployed environment, including expected domains, Keycloak realm usage, and JupyterHub access. Describe the basic DataSHIELD analysis workflow and cohort naming/connection conventions. Add licensing section (Apache 2.0) and contact/support information.	README.md
Introduce GitHub issue templates for bug reports and feature requests.	Add a bug report issue template capturing reproduction steps, environment details, and additional context. Add a feature request template prompting for problem description, desired solution, alternatives, and context.	.github/ISSUE_TEMPLATE/bug_report.md .github/ISSUE_TEMPLATE/feature_request.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[uniqueg]

Nice, thanks a lot! Just a few easy suggestions

[uniqueg]

Maybe invite people to contribute back their experiences.

[uniqueg]

I forgot about this. I think it's good to go.

[sourcery-ai]

Hey - I've found 5 issues

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `README.md:24` </location>
<code_context>
+- An AWS account.
+- The AWS CLI installed and logged into the above account (if `aws sts get-caller-identity` succeeds when run, this is met).
+- Sufficient permissions to deploy all resources.
+- Hashicorp's Terraform installed.
+- Access to at least one cohort server, for which:
+    - A server is required, which has:
</code_context>

<issue_to_address>
**suggestion (typo):** Use the correct capitalization for "HashiCorp".

Update this bullet to "HashiCorp's Terraform" to use the correct brand spelling.

```suggestion
- HashiCorp's Terraform installed.
```
</issue_to_address>

### Comment 2
<location> `README.md:44` </location>
<code_context>
+
+2. Add all cohort servers. This can be done in `cohort.tf` by adding further instances of the `cohort` module, ensuring that required additional networking resources are added in `network.tf` as well.
+
+3. Initialise terraform.
 ```hcl
 terraform init
</code_context>

<issue_to_address>
**nitpick (typo):** Capitalize "Terraform" consistently as a proper product name.

To stay consistent with the rest of the document, update this step to "Initialise Terraform."

```suggestion
3. Initialise Terraform.
```
</issue_to_address>

### Comment 3
<location> `README.md:40` </location>
<code_context>
+
+Deployment is handled solely through Terraform.
+
+1. Generate an SSH key. This is to be used to authenticate to on prem servers, and should be added to `authorized_keys` in all cohort servers. These instructions assume this was generated as `./pacloud.key`.
+
+2. Add all cohort servers. This can be done in `cohort.tf` by adding further instances of the `cohort` module, ensuring that required additional networking resources are added in `network.tf` as well.
</code_context>

<issue_to_address>
**suggestion (typo):** Consider hyphenating "on-prem".

Specifically, consider updating "on prem servers" to "on-prem servers" for consistency with common usage.

```suggestion
1. Generate an SSH key. This is to be used to authenticate to on-prem servers, and should be added to `authorized_keys` in all cohort servers. These instructions assume this was generated as `./pacloud.key`.
```
</issue_to_address>

### Comment 4
<location> `README.md:74` </location>
<code_context>
+- `https://identity.propass.pacificanalytics.com` (Keycloak)
+- `https://analytics.propass.pacificanalytics.com` (JupyterHub)
+
+Users must be added to the created realm in Keycloak (`propass` by default) to access Jupyterhub. Keycloak's default administrator credentials can be retrieved from Terraform's state file, or AWS Secrets Manager.
+
+## Analysis
</code_context>

<issue_to_address>
**nitpick (typo):** Align "Jupyterhub" capitalization with earlier uses of "JupyterHub".

Please update "Jupyterhub" to "JupyterHub" here for consistency with earlier usage in the README.

Suggested implementation:

```
Users must be added to the created realm in Keycloak (`propass` by default) to access JupyterHub. Keycloak's default administrator credentials can be retrieved from Terraform's state file, or AWS Secrets Manager.

```

```
Once a user has been created in the `propass` realm in Keycloak, they can log in to JupyterHub and begin performing analysis using DataSHIELD.

```
</issue_to_address>

### Comment 5
<location> `README.md:78` </location>
<code_context>
+
+## Analysis
+
+Once a user has been created in the `propass` realm in Keycloak, they can log in to Jupyterhub and begin performing analysis using DataSHIELD.
+
+When using DataSHIELD, connect using the names specified in the cohort modules, suffixed with `.pacloud.internal`. For example, a cohort called 'example' would set the `name` variable to `example`, then once deployed, connect to it with DataSHIELD via `example.pacloud.internal`.
</code_context>

<issue_to_address>
**nitpick (typo):** Use consistent "JupyterHub" capitalization here as well.

This will match the capitalization used elsewhere in the docs and project.

Suggested implementation:

```
Users must be added to the created realm in Keycloak (`propass` by default) to access JupyterHub. Keycloak's default administrator credentials can be retrieved from Terraform's state file, or AWS Secrets Manager.

```

```
Once a user has been created in the `propass` realm in Keycloak, they can log in to JupyterHub and begin performing analysis using DataSHIELD.

```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (typo): Use the correct capitalization for "HashiCorp".

Update this bullet to "HashiCorp's Terraform" to use the correct brand spelling.

Suggested change

	- Hashicorp's Terraform installed.
	- HashiCorp's Terraform installed.

[sourcery-ai]

nitpick (typo): Capitalize "Terraform" consistently as a proper product name.

To stay consistent with the rest of the document, update this step to "Initialise Terraform."

Suggested change

	3. Initialise terraform.
	3. Initialise Terraform.

[sourcery-ai]

suggestion (typo): Consider hyphenating "on-prem".

Specifically, consider updating "on prem servers" to "on-prem servers" for consistency with common usage.

Suggested change

	1. Generate an SSH key. This is to be used to authenticate to on prem servers, and should be added to `authorized_keys` in all cohort servers. These instructions assume this was generated as `./pacloud.key`.
	1. Generate an SSH key. This is to be used to authenticate to on-prem servers, and should be added to `authorized_keys` in all cohort servers. These instructions assume this was generated as `./pacloud.key`.

[sourcery-ai]

nitpick (typo): Align "Jupyterhub" capitalization with earlier uses of "JupyterHub".

Please update "Jupyterhub" to "JupyterHub" here for consistency with earlier usage in the README.

Suggested implementation:

Users must be added to the created realm in Keycloak (`propass` by default) to access JupyterHub. Keycloak's default administrator credentials can be retrieved from Terraform's state file, or AWS Secrets Manager.

Once a user has been created in the `propass` realm in Keycloak, they can log in to JupyterHub and begin performing analysis using DataSHIELD.

[sourcery-ai]

nitpick (typo): Use consistent "JupyterHub" capitalization here as well.

This will match the capitalization used elsewhere in the docs and project.

Suggested implementation:

Users must be added to the created realm in Keycloak (`propass` by default) to access JupyterHub. Keycloak's default administrator credentials can be retrieved from Terraform's state file, or AWS Secrets Manager.

Once a user has been created in the `propass` realm in Keycloak, they can log in to JupyterHub and begin performing analysis using DataSHIELD.