mirror of
https://github.com/samply/bridgehead.git
synced 2025-06-16 21:50:14 +02:00
Compare commits
1 Commits
cherry-pic
...
test/obds2
| Author | SHA1 | Date | |
|---|---|---|---|
| d9921568fc |
@ -3,7 +3,7 @@ version: "3.7"
|
|||||||
services:
|
services:
|
||||||
obds2fhir-rest:
|
obds2fhir-rest:
|
||||||
container_name: bridgehead-obds2fhir-rest
|
container_name: bridgehead-obds2fhir-rest
|
||||||
image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
|
image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:fixSampleImport
|
||||||
environment:
|
environment:
|
||||||
IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
|
IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
|
||||||
MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
|
MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
|
||||||
|
|||||||
@ -347,21 +347,18 @@ function secret_sync_gitlab_token() {
|
|||||||
root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
|
root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create a temporary directory for Secret Sync that is valid per boot
|
# Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.
|
||||||
secret_sync_tempdir="/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)"
|
|
||||||
mkdir -p $secret_sync_tempdir
|
|
||||||
|
|
||||||
# Use Secret Sync to validate the GitLab token in $secret_sync_tempdir/cache.
|
|
||||||
# If it is missing or expired, Secret Sync will create a new token and write it to the file.
|
# If it is missing or expired, Secret Sync will create a new token and write it to the file.
|
||||||
# The git credential helper reads the token from the file during git pull.
|
# The git credential helper reads the token from the file during git pull.
|
||||||
|
mkdir -p /var/cache/bridgehead/secrets
|
||||||
|
touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container
|
||||||
log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)"
|
log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)"
|
||||||
docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image
|
docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image
|
||||||
docker run --rm \
|
docker run --rm \
|
||||||
|
-v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
|
||||||
-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
|
-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
|
||||||
-v $root_crt_file:/run/secrets/root.crt.pem:ro \
|
-v $root_crt_file:/run/secrets/root.crt.pem:ro \
|
||||||
-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
|
-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
|
||||||
-v $secret_sync_tempdir:/secret-sync/ \
|
|
||||||
-e CACHE_PATH=/secret-sync/gitlab-token \
|
|
||||||
-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
|
-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
|
||||||
-e NO_PROXY=localhost,127.0.0.1 \
|
-e NO_PROXY=localhost,127.0.0.1 \
|
||||||
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
|
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
[ "$1" = "get" ] || exit
|
[ "$1" = "get" ] || exit
|
||||||
|
|
||||||
source "/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)/gitlab-token"
|
source /var/cache/bridgehead/secrets/gitlab_token
|
||||||
|
|
||||||
# Any non-empty username works, only the token matters
|
# Any non-empty username works, only the token matters
|
||||||
cat << EOF
|
cat << EOF
|
||||||
|
|||||||
Reference in New Issue
Block a user