From bff06a6bb0c2820b81d34f58948cbc20c19881d5 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Tue, 10 Feb 2026 11:21:36 +0100 Subject: [PATCH 1/7] fix kr deployment (#370) --- kr/docker-compose.yml | 3 +- kr/modules/export-and-qb.curl-templates | 6 ---- kr/modules/lens-compose.yml | 37 +++++++++++++++---------- kr/modules/obds2fhir-rest-compose.yml | 2 +- kr/vars | 2 +- 5 files changed, 27 insertions(+), 23 deletions(-) delete mode 100644 kr/modules/export-and-qb.curl-templates diff --git a/kr/docker-compose.yml b/kr/docker-compose.yml index 98632bde..3da9e53a 100644 --- a/kr/docker-compose.yml +++ b/kr/docker-compose.yml @@ -12,7 +12,8 @@ services: BASE_URL: "http://bridgehead-kr-blaze:8080" JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} - DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} ENFORCE_REFERENTIAL_INTEGRITY: "false" volumes: - "blaze-data:/app/data" diff --git a/kr/modules/export-and-qb.curl-templates b/kr/modules/export-and-qb.curl-templates deleted file mode 100644 index 739c5af6..00000000 --- a/kr/modules/export-and-qb.curl-templates +++ /dev/null @@ -1,6 +0,0 @@ -# Full Excel Export -curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \ ---header 'x-api-key: ${EXPORT_API_KEY}' - -# QB -curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp' diff --git a/kr/modules/lens-compose.yml b/kr/modules/lens-compose.yml index b0b4573d..ea2b98d7 100644 --- a/kr/modules/lens-compose.yml +++ b/kr/modules/lens-compose.yml @@ -4,32 +4,41 @@ services: deploy: replicas: 1 #reactivate if lens is in use container_name: lens_federated-search - image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + image: docker.verbis.dkfz.de/ccp/kr-explorer:main + environment: + PUBLIC_SPOT_URL: https://${HOST}/prod labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" spot: - image: docker.verbis.dkfz.de/ccp-private/central-spot + image: samply/rustyspot:latest environment: BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" - BEAM_URL: http://beam-proxy:8081 - BEAM_PROXY_ID: ${SITE_ID} - BEAM_BROKER_ID: ${BROKER_ID} - BEAM_APP_ID: "focus" - PROJECT_METADATA: "kr_supervisors" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: kr + BIND_ADDR: 0.0.0.0:8055 depends_on: - "beam-proxy" labels: - "traefik.enable=true" - - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.services.spot.loadbalancer.server.port=8055" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + + beam-proxy: + environment: + APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT} diff --git a/kr/modules/obds2fhir-rest-compose.yml b/kr/modules/obds2fhir-rest-compose.yml index 833580d1..ec1737c8 100644 --- a/kr/modules/obds2fhir-rest-compose.yml +++ b/kr/modules/obds2fhir-rest-compose.yml @@ -3,7 +3,7 @@ version: "3.7" services: obds2fhir-rest: container_name: bridgehead-obds2fhir-rest - image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main + image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main environment: IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY} diff --git a/kr/vars b/kr/vars index d4e5a27a..f5c1e65e 100644 --- a/kr/vars +++ b/kr/vars @@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID} FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} -SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de +SUPPORT_EMAIL=p.delpy@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL From 7a9f80537b6fe5cb93713211cd27cc4ed9ca6ed3 Mon Sep 17 00:00:00 2001 From: Martin Jurk <96107909+Martin1088@users.noreply.github.com> Date: Tue, 10 Feb 2026 16:04:33 +0100 Subject: [PATCH 2/7] sites moved to etc itcc.comf (#369) --- itcc/vars | 1 - 1 file changed, 1 deletion(-) diff --git a/itcc/vars b/itcc/vars index 662703ed..3eee6525 100644 --- a/itcc/vars +++ b/itcc/vars @@ -7,7 +7,6 @@ SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL PUBLIC_ENVIRONMENT=prod -SITES=itcc-inform,itcc-ither,itcc-mappyacts,itcc-profyle,itcc-smpaeds,itcc-zero for module in $PROJECT/modules/*.sh do From 9d3ec957a2020484848bf919c1487cbd8483e06e Mon Sep 17 00:00:00 2001 From: DavidCroftDKFZ <46788708+DavidCroftDKFZ@users.noreply.github.com> Date: Fri, 20 Feb 2026 09:27:47 +0100 Subject: [PATCH 3/7] Activate Directory token login (#371) Right now, Directory sync will only be activated if a username has been specified. It also needs to run if a login token has been specified, hence the change in this commit. --- bbmri/modules/directory-sync.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbmri/modules/directory-sync.sh b/bbmri/modules/directory-sync.sh index 2765dfbb..01ce7df7 100755 --- a/bbmri/modules/directory-sync.sh +++ b/bbmri/modules/directory-sync.sh @@ -1,6 +1,6 @@ #!/bin/bash -if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then +if [ -n "${DS_DIRECTORY_USER_NAME}" ] || [ -n "${DS_DIRECTORY_USER_TOKEN}" ]; then log INFO "Directory sync setup detected -- will start directory sync service." OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml" fi From c1de9b8314d5b3b2e159be95ce22e48f873a0c76 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Tue, 24 Feb 2026 12:09:39 +0100 Subject: [PATCH 4/7] WIP: enable osiris2fhir in PSCC for GR (#372) enable osiris2fhir in PSCC for GR --- pscc/modules/osiris2fhir-compose.yml | 13 +++++++++++++ pscc/modules/osiris2fhir-setup.sh | 6 ++++++ 2 files changed, 19 insertions(+) create mode 100644 pscc/modules/osiris2fhir-compose.yml create mode 100644 pscc/modules/osiris2fhir-setup.sh diff --git a/pscc/modules/osiris2fhir-compose.yml b/pscc/modules/osiris2fhir-compose.yml new file mode 100644 index 00000000..a5fbffbe --- /dev/null +++ b/pscc/modules/osiris2fhir-compose.yml @@ -0,0 +1,13 @@ +services: + osiris2fhir: + container_name: bridgehead-osiris2fhir + image: docker.verbis.dkfz.de/ccp/osiris2fhir:${SITE_ID} + environment: + SALT: ${LOCAL_SALT} + labels: + - "traefik.enable=true" + - "traefik.http.routers.osiris2fhir.rule=PathPrefix(`/osiris2fhir`)" + - "traefik.http.middlewares.osiris2fhir_strip.stripprefix.prefixes=/osiris2fhir" + - "traefik.http.services.osiris2fhir.loadbalancer.server.port=8080" + - "traefik.http.routers.osiris2fhir.tls=true" + - "traefik.http.routers.osiris2fhir.middlewares=osiris2fhir_strip,auth" diff --git a/pscc/modules/osiris2fhir-setup.sh b/pscc/modules/osiris2fhir-setup.sh new file mode 100644 index 00000000..852a3a85 --- /dev/null +++ b/pscc/modules/osiris2fhir-setup.sh @@ -0,0 +1,6 @@ +#!/bin/bash +if [ -n "$ENABLE_OSIRIS2FHIR" ]; then + log INFO "oBDS2FHIR-REST setup detected -- will start osiris2fhir module." + OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml" + LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" +fi \ No newline at end of file From bbda99254fadc62040628a7efe5b9e84e7d11137 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Tue, 17 Mar 2026 15:54:25 +0100 Subject: [PATCH 5/7] feature: add osiris2fhir in cce and minor fixes (#374) --- cce/modules/osiris2fhir-setup.sh | 6 ++++++ pscc/modules/osiris2fhir-compose.yml | 4 +++- pscc/modules/osiris2fhir-setup.sh | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 cce/modules/osiris2fhir-setup.sh diff --git a/cce/modules/osiris2fhir-setup.sh b/cce/modules/osiris2fhir-setup.sh new file mode 100644 index 00000000..ce1d6d73 --- /dev/null +++ b/cce/modules/osiris2fhir-setup.sh @@ -0,0 +1,6 @@ +#!/bin/bash +if [ -n "$ENABLE_OSIRIS2FHIR" ]; then + log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module." + OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml" + LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" +fi \ No newline at end of file diff --git a/pscc/modules/osiris2fhir-compose.yml b/pscc/modules/osiris2fhir-compose.yml index a5fbffbe..6b346d93 100644 --- a/pscc/modules/osiris2fhir-compose.yml +++ b/pscc/modules/osiris2fhir-compose.yml @@ -1,8 +1,10 @@ services: osiris2fhir: container_name: bridgehead-osiris2fhir - image: docker.verbis.dkfz.de/ccp/osiris2fhir:${SITE_ID} + image: docker.verbis.dkfz.de/ccp/osiris2fhir environment: + FHIR_PROFILE: ${PROJECT:-pscc} + LOG_LEVEL: ${LOG_LEVEL:-INFO} SALT: ${LOCAL_SALT} labels: - "traefik.enable=true" diff --git a/pscc/modules/osiris2fhir-setup.sh b/pscc/modules/osiris2fhir-setup.sh index 852a3a85..ce1d6d73 100644 --- a/pscc/modules/osiris2fhir-setup.sh +++ b/pscc/modules/osiris2fhir-setup.sh @@ -1,6 +1,6 @@ #!/bin/bash if [ -n "$ENABLE_OSIRIS2FHIR" ]; then - log INFO "oBDS2FHIR-REST setup detected -- will start osiris2fhir module." + log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module." OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml" LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" fi \ No newline at end of file From 71b25fe49041c97fb38bc172538228668a218860 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radovan=20Tom=C3=A1=C5=A1ik?= Date: Tue, 7 Apr 2026 12:48:29 +0200 Subject: [PATCH 6/7] feat: add Data Quality Agent configuration and setup (#373) * feat: add Data Quality Agent configuration and setup * fix: correct environment variable name in Data Quality Agent configuration * feat: update Data Quality Agent configuration and setup instructions * feat: update Data Quality Agent setup and documentation * feat: add volume configuration for agent data in Data Quality Agent compose file * feat: update volume configuration for Data Quality Agent in compose file * Update README.md Co-authored-by: Tobias Kussel --------- Co-authored-by: Tobias Kussel --- README.md | 27 ++++++++++++++++++++ bbmri/modules/data-quality-agent-compose.yml | 23 +++++++++++++++++ bbmri/modules/data-quality-agent-setup.sh | 7 +++++ versions/acceptance | 3 ++- versions/prod | 3 ++- versions/test | 1 + 6 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 bbmri/modules/data-quality-agent-compose.yml create mode 100644 bbmri/modules/data-quality-agent-setup.sh diff --git a/README.md b/README.md index d0e462a7..0574acc1 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ This repository is the starting point for any information and tools you will nee - [Teiler (Frontend)](#teiler-frontend) - [Data Exporter Service](#data-exporter-service) - [Data Quality Report](#data-quality-report) + - [Data Quality Agent](#data-quality-agent) 4. [Things you should know](#things-you-should-know) - [Auto-Updates](#auto-updates) - [Auto-Backups](#auto-backups) @@ -424,6 +425,32 @@ ENABLE_EXPORTER=true ``` [For further information](docs/exporter.md) +### Data Quality Agent + +The Data Quality Agent is an optional module that periodically evaluates the quality of FHIR data stored in Blaze. It generates local data quality reports accessible via the Bridgehead web interface. + +To enable the service, set the following variable in your `.conf` file: + +```bash +ENABLE_DATA_QUALITY_AGENT=true +``` + +#### Sharing Data Quality Reports (recommended) + +We encourage sharing your data quality reports with the central BBMRI-ERIC quality dashboard. The reports contain only aggregated, non-patient-identifiable statistics and help the network to monitor and improve overall data quality. However, quality reporting is completely optional and opt-in. + +To opt in, additionally set the following variables in your `.conf` file: + +```bash +DATA_QUALITY_SERVER_URL=https://quality-dashboard.bbmri-eric.eu +DATA_QUALITY_SERVER_NAME=Central Data Quality Server of BBMRI +``` + +If these variables are not set, the Data Quality Agent will still run and generate local reports, but no data will be shared externally. + +Reports are accessible at `https:///bbmri-data-quality-agent` (default credentials are admin:admin, please change it after first login!!). + +[Official documentation](https://fdqf.bbmri-eric.eu/user/deployment.html) ## Things you should know ### Auto-Updates diff --git a/bbmri/modules/data-quality-agent-compose.yml b/bbmri/modules/data-quality-agent-compose.yml new file mode 100644 index 00000000..443bec8f --- /dev/null +++ b/bbmri/modules/data-quality-agent-compose.yml @@ -0,0 +1,23 @@ +version: "3.7" + +services: + data-quality-agent: + image: ghcr.io/bbmri-cz/data-quality-server:${DATA_QUALITY_AGENT_TAG} + container_name: bridgehead-bbmri-data-quality-agent + environment: + APP_SETTING_FHIR_URL: http://bridgehead-bbmri-blaze:8080/fhir + REPORTING_SERVER_URL: ${DATA_QUALITY_SERVER_URL} + REPORTING_SERVER_NAME: ${DATA_QUALITY_SERVER_NAME} + labels: + - "traefik.enable=true" + - "traefik.http.routers.data_quality_agent_bbmri.rule=PathPrefix(`/bbmri-data-quality-agent`)" + - "traefik.http.services.data_quality_agent_bbmri.loadbalancer.server.port=8082" + - "traefik.http.routers.data_quality_agent_bbmri.tls=true" + - "traefik.http.middlewares.data_quality_agent_bbmri_strip.stripprefix.prefixes=/bbmri-data-quality-agent" + - "traefik.http.routers.data_quality_agent_bbmri.middlewares=data_quality_agent_bbmri_strip,auth" + depends_on: + - "blaze" + volumes: + - /var/cache/bridgehead/bbmri/agent-db:/app/data + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro diff --git a/bbmri/modules/data-quality-agent-setup.sh b/bbmri/modules/data-quality-agent-setup.sh new file mode 100644 index 00000000..f0a0e840 --- /dev/null +++ b/bbmri/modules/data-quality-agent-setup.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ "$ENABLE_DATA_QUALITY_AGENT" == "true" ]; then + log INFO "Data Quality Agent setup detected -- will start data-quality-agent service." + OVERRIDE+=" -f ./$PROJECT/modules/data-quality-agent-compose.yml" +fi + diff --git a/versions/acceptance b/versions/acceptance index 89d509ec..10fb37e1 100644 --- a/versions/acceptance +++ b/versions/acceptance @@ -3,4 +3,5 @@ BEAM_TAG=develop BLAZE_TAG=0.32 POSTGRES_TAG=15.13-alpine TEILER_DASHBOARD_TAG=develop -MTBA_TAG=develop \ No newline at end of file +MTBA_TAG=develop +DATA_QUALITY_AGENT_TAG=latest diff --git a/versions/prod b/versions/prod index 7f6642df..29e7c5bc 100644 --- a/versions/prod +++ b/versions/prod @@ -3,4 +3,5 @@ BEAM_TAG=main BLAZE_TAG=0.32 POSTGRES_TAG=15.13-alpine TEILER_DASHBOARD_TAG=main -MTBA_TAG=main \ No newline at end of file +MTBA_TAG=main +DATA_QUALITY_AGENT_TAG=0.1 diff --git a/versions/test b/versions/test index b1a3a402..10fb37e1 100644 --- a/versions/test +++ b/versions/test @@ -4,3 +4,4 @@ BLAZE_TAG=0.32 POSTGRES_TAG=15.13-alpine TEILER_DASHBOARD_TAG=develop MTBA_TAG=develop +DATA_QUALITY_AGENT_TAG=latest From 7a8664a636ea5d6c0b5a6ec4faf771cd902fdd47 Mon Sep 17 00:00:00 2001 From: Jan <59206115+Threated@users.noreply.github.com> Date: Fri, 10 Apr 2026 11:38:28 +0200 Subject: [PATCH 7/7] fix project check in secret_sync_gitlab_token (#378) --- lib/functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions.sh b/lib/functions.sh index 520d86aa..3a5cfe4a 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -337,7 +337,7 @@ function sync_secrets() { } function secret_sync_gitlab_token() { - if [[ "$PROJECT" != "dktk" && "$PROJECT" != "bbmri" ]]; then + if [[ "$PROJECT" != "ccp" && "$PROJECT" != "bbmri" ]]; then log "INFO" "Not running Secret Sync for project minimal" return fi