From 1da0a35626f11be6b26500700c70fdc77d85b08f Mon Sep 17 00:00:00 2001
From: "p.delpy@dkfz-heidelberg.de" <p.delpy@dkfz-heidelberg.de>
Date: Thu, 3 Jul 2025 07:27:15 +0200
Subject: [PATCH] fix: add pscc changes

---
 bridgehead                    |  3 ++
 cce/modules/pscc-compose.yml  | 65 +++++++++++++++++++++++++++++++++++
 cce/modules/pscc-setup.sh     |  5 +++
 cce/vars                      |  3 ++
 lib/prepare-system.sh         |  3 ++
 minimal/docker-compose.yml    |  1 +
 pscc/docker-compose.yml       | 65 +++++++++++++++++++++++++++++++++++
 pscc/modules/lens-compose.yml | 34 ++++++++++++++++++
 pscc/modules/lens-setup.sh    |  5 +++
 pscc/root.crt.pem             | 20 +++++++++++
 pscc/vars                     | 14 ++++++++
 11 files changed, 218 insertions(+)
 create mode 100644 cce/modules/pscc-compose.yml
 create mode 100644 cce/modules/pscc-setup.sh
 create mode 100644 pscc/docker-compose.yml
 create mode 100644 pscc/modules/lens-compose.yml
 create mode 100644 pscc/modules/lens-setup.sh
 create mode 100644 pscc/root.crt.pem
 create mode 100644 pscc/vars

diff --git a/bridgehead b/bridgehead
index 1951a7f..1cb1e30 100755
--- a/bridgehead
+++ b/bridgehead
@@ -35,6 +35,9 @@ case "$PROJECT" in
 	cce)
 		#nothing extra to do
 		;;
+	pscc)
+		#nothing extra to do
+		;;
 	itcc)
 		#nothing extra to do
 		;;
diff --git a/cce/modules/pscc-compose.yml b/cce/modules/pscc-compose.yml
new file mode 100644
index 0000000..7c7bb17
--- /dev/null
+++ b/cce/modules/pscc-compose.yml
@@ -0,0 +1,65 @@
+version: "3.7"
+
+services:
+  blaze-pscc:
+    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    container_name: bridgehead-pscc-blaze
+    environment:
+      BASE_URL: "http://bridgehead-pscc-blaze:8080"
+      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
+      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
+      ENFORCE_REFERENTIAL_INTEGRITY: "false"
+    volumes:
+      - "blaze-data-pscc:/app/data"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
+      - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
+      - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
+      - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip"
+      - "traefik.http.routers.blaze_pscc.tls=true"
+
+  focus-pscc:
+    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
+    container_name: bridgehead-pscc-focus
+    environment:
+      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      BEAM_APP_ID_LONG: focus.${PROXY_ID_PSCC}
+      PROXY_ID: ${PROXY_ID_PSCC}
+      BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
+      BEAM_PROXY_URL: http://beam-proxy-pscc:8081
+      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
+      EPSILON: 0.28
+      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
+    depends_on:
+      - "beam-proxy"
+      - "blaze"
+
+  beam-proxy-pscc:
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
+    container_name: bridgehead-pscc-beam-proxy
+    environment:
+      BROKER_URL: ${BROKER_URL_PSCC}
+      PROXY_ID: ${PROXY_ID_PSCC}
+      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+      ROOTCERT_FILE: /conf/root.crt.pem
+    secrets:
+      - proxy.pem
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+      - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
+
+
+volumes:
+  blaze-data-pscc:
+
+secrets:
+  proxy.pem:
+    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
diff --git a/cce/modules/pscc-setup.sh b/cce/modules/pscc-setup.sh
new file mode 100644
index 0000000..5dafbfd
--- /dev/null
+++ b/cce/modules/pscc-setup.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -n "$ENABLE_PSCC" ];then
+  OVERRIDE+=" -f ./$PROJECT/modules/pscc-compose.yml"
+fi
\ No newline at end of file
diff --git a/cce/vars b/cce/vars
index 7d0c1a3..5e2b3fc 100644
--- a/cce/vars
+++ b/cce/vars
@@ -1,6 +1,9 @@
 BROKER_ID=test-no-real-data.broker.samply.de
+BROKER_ID_PSCC=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
+BROKER_URL_PSCC=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
+PROXY_ID_PSCC=${SITE_ID}.${BROKER_ID_PSCC}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de
diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh
index b6aba52..a4f68d2 100755
--- a/lib/prepare-system.sh
+++ b/lib/prepare-system.sh
@@ -55,6 +55,9 @@ case "$PROJECT" in
 	cce)
 		site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/"
 		;;
+	pscc)
+		site_configuration_repository_middle="git.verbis.dkfz.de/pscc-sites/"
+		;;
 	itcc)
 		site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/"
         ;;
diff --git a/minimal/docker-compose.yml b/minimal/docker-compose.yml
index 159276a..5c78ed6 100644
--- a/minimal/docker-compose.yml
+++ b/minimal/docker-compose.yml
@@ -59,3 +59,4 @@ services:
       PROJECT: ${PROJECT}
       SITE_NAME: ${SITE_NAME}
       ENVIRONMENT: ${ENVIRONMENT}
+    profiles: [deactivated]
diff --git a/pscc/docker-compose.yml b/pscc/docker-compose.yml
new file mode 100644
index 0000000..19fcf39
--- /dev/null
+++ b/pscc/docker-compose.yml
@@ -0,0 +1,65 @@
+version: "3.7"
+
+services:
+  blaze:
+    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    container_name: bridgehead-pscc-blaze
+    environment:
+      BASE_URL: "http://bridgehead-pscc-blaze:8080"
+      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
+      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
+      ENFORCE_REFERENTIAL_INTEGRITY: "false"
+    volumes:
+      - "blaze-data:/app/data"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
+      - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
+      - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
+      - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip,auth"
+      - "traefik.http.routers.blaze_pscc.tls=true"
+
+  focus:
+    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
+    container_name: bridgehead-focus
+    environment:
+      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      BEAM_APP_ID_LONG: focus.${PROXY_ID}
+      PROXY_ID: ${PROXY_ID}
+      BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
+      BEAM_PROXY_URL: http://beam-proxy:8081
+      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
+      EPSILON: 0.28
+      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
+    depends_on:
+      - "beam-proxy"
+      - "blaze"
+
+  beam-proxy:
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
+    container_name: bridgehead-beam-proxy
+    environment:
+      BROKER_URL: ${BROKER_URL}
+      PROXY_ID: ${PROXY_ID}
+      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+      ROOTCERT_FILE: /conf/root.crt.pem
+    secrets:
+      - proxy.pem
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+      - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
+
+
+volumes:
+  blaze-data:
+
+secrets:
+  proxy.pem:
+    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
diff --git a/pscc/modules/lens-compose.yml b/pscc/modules/lens-compose.yml
new file mode 100644
index 0000000..79559ae
--- /dev/null
+++ b/pscc/modules/lens-compose.yml
@@ -0,0 +1,34 @@
+version: "3.7"
+services:
+  landing:
+    container_name: lens_federated-search
+    image: docker.verbis.dkfz.de/dashboard/pscc-explorer
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+      - "traefik.http.services.landing.loadbalancer.server.port=5173"
+      - "traefik.http.routers.landing.middlewares=auth"
+      - "traefik.http.routers.landing.tls=true"
+
+#  spot:
+#    image: docker.verbis.dkfz.de/ccp-private/central-spot
+#    environment:
+#      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
+#      BEAM_URL: http://beam-proxy:8081
+#      BEAM_PROXY_ID: ${SITE_ID}
+#      BEAM_BROKER_ID: ${BROKER_ID}
+#      BEAM_APP_ID: "focus"
+#      PROJECT_METADATA: "cce_supervisors"
+#    depends_on:
+#      - "beam-proxy"
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.services.spot.loadbalancer.server.port=8080"
+#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
+#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
+#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
+#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
+#      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
+#      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
+#      - "traefik.http.routers.spot.tls=true"
+#      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
diff --git a/pscc/modules/lens-setup.sh b/pscc/modules/lens-setup.sh
new file mode 100644
index 0000000..c19dc4b
--- /dev/null
+++ b/pscc/modules/lens-setup.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -n "$ENABLE_LENS" ];then
+  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
+fi
\ No newline at end of file
diff --git a/pscc/root.crt.pem b/pscc/root.crt.pem
new file mode 100644
index 0000000..1f1265a
--- /dev/null
+++ b/pscc/root.crt.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
+MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
+TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
+OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
+XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
+pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
+K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
+poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
+AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
+fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
+3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
+n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
+7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
+Rtup0MTxSJtN
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/pscc/vars b/pscc/vars
new file mode 100644
index 0000000..7849cbe
--- /dev/null
+++ b/pscc/vars
@@ -0,0 +1,14 @@
+BROKER_ID=test-no-real-data.broker.samply.de
+BROKER_URL=https://${BROKER_ID}
+PROXY_ID=${SITE_ID}.${BROKER_ID}
+FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
+SUPPORT_EMAIL=denis.koether@dkfz-heidelberg.de
+PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+BROKER_URL_FOR_PREREQ=$BROKER_URL
+
+for module in $PROJECT/modules/*.sh
+do
+    log DEBUG "sourcing $module"
+    source $module
+done