Merge pull request #352 from samply/develop

Release
Merge pull request #345 from samply/develop
2025-12-12 19:17:32 +01:00 · 2025-10-22 10:09:56 +02:00 · 2025-09-30 14:58:20 +02:00 · 2025-08-20 11:10:18 +02:00 · 2025-07-25 11:27:14 +02:00 · 2025-07-24 16:15:05 +02:00
26 changed files with 25 additions and 491 deletions
--- a/README.md
+++ b/README.md
@@ -73,7 +73,7 @@ We recommend to install Docker(-compose) from its official sources as described

 A Bridgehead communicates to all central components via outgoing HTTPS connections.

-Your site might require an outgoing proxy (i.e. HTTPS forward proxy) to connect to external servers; you should discuss this with your local systems administration. In that case, you will need to note down the URL of the proxy. If the proxy requires authentication, you will also need to make a note of its username and password. This information will be used later on during the installation process. Special characters in the proxy values, e.g. in the access credentials, must be [URL-encoded](https://en.wikipedia.org/wiki/Percent-encoding), e.g. by replacing `@` with `%40`, `/` with `%2F` and so on. TLS terminating proxies are also supported, see [here](#tls-terminating-proxies). Apart from the Bridgehead itself, you may also need to configure the proxy server in [git](https://gist.github.com/evantoli/f8c23a37eb3558ab8765) and [docker](https://docs.docker.com/network/proxy/).
+Your site might require an outgoing proxy (i.e. HTTPS forward proxy) to connect to external servers; you should discuss this with your local systems administration. In that case, you will need to note down the URL of the proxy. If the proxy requires authentication, you will also need to make a note of its username and password. This information will be used later on during the installation process. TLS terminating proxies are also supported, see [here](#tls-terminating-proxies). Apart from the Bridgehead itself, you may also need to configure the proxy server in [git](https://gist.github.com/evantoli/f8c23a37eb3558ab8765) and [docker](https://docs.docker.com/network/proxy/).

 The following URLs need to be accessible (prefix with `https://`):
 * To fetch code and configuration from git repositories
@@ -318,12 +318,6 @@ To enable it, you will need to explicitly set the username and password variable
 DS_DIRECTORY_USER_NAME=your_directory_username
 DS_DIRECTORY_USER_PASS=your_directory_password
 ```
-Alternatively, if you have obtained a token from the Directory, you can insert the following into the configuration file:
-```
-DS_DIRECTORY_USER_TOKEN=your_directory_token
-```
-If you don't supply any authentification information (either login credentials or a token), Directory sync will not start.
-
 Please contact your National Node or Directory support (directory-dev@helpdesk.bbmri-eric.eu) to obtain these credentials.

 The following environment variables can be used from within your config file to control the behavior of Directory sync:
@@ -331,13 +325,12 @@ The following environment variables can be used from within your config file to
 | Variable                           | Purpose                                                                                                                                                              | Default if not specified               |
 |:-----------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------|
 | DS_DIRECTORY_URL                   | Base URL of the Directory                                                                                                                                            | https://directory-backend.molgenis.net |
-| DS_DIRECTORY_USER_NAME             | User name for logging in to Directory                                                                                                                                |                                        |
-| DS_DIRECTORY_USER_PASS             | Password for logging in to Directory                                                                                                                                 |                                        |
-| DS_DIRECTORY_USER_TOKEN            | Token for logging in to Directory                                                                                                                                    |                                        |
+| DS_DIRECTORY_USER_NAME             | User name for logging in to Directory **Mandatory**                                                                                                                  |                                        |
+| DS_DIRECTORY_USER_PASS             | Password for logging in to Directory **Mandatory**                                                                                                                   |                                        |
 | DS_DIRECTORY_DEFAULT_COLLECTION_ID | ID of collection to be used if not in samples                                                                                                                        |                                        |
 | DS_DIRECTORY_ALLOW_STAR_MODEL      | Set to 'True' to send star model info to Directory                                                                                                                   | True                                  |
 | DS_FHIR_STORE_URL                  | URL for FHIR store                                                                                                                                                   | http://bridgehead-bbmri-blaze:8080     |
-| DS_TIMER_CRON                      | Execution interval for Directory sync, [cron](https://crontab.guru) format                                                                                           | 30 22 * * *                            |
+| DS_TIMER_CRON                      | Execution interval for Directory sync, [cron](https://crontab.guru) format                                                                                           | 0 22 * * *                             |
 | DS_IMPORT_BIOBANKS                 | Set to 'True' to import biobank metadata from Directory                                                                                                              | True                                  |
 | DS_IMPORT_COLLECTIONS              | Set to 'True' to import collection metadata from Directory                                                                                                           | True                                  |

@@ -536,8 +529,6 @@ and restart the docker daemon:
 sudo systemctl restart docker
 ```

-Please note that special characters in the proxy value, such as `#?!()[]{}`, must be double escaped using `%%`.
-
 For more information, please consult the [official documentation](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy).

 ### Monitoring
--- a/bbmri/modules/directory-sync-compose.yml
+++ b/bbmri/modules/directory-sync-compose.yml
@@ -7,8 +7,7 @@ services:
      DS_DIRECTORY_URL: ${DS_DIRECTORY_URL:-https://directory.bbmri-eric.eu}
      DS_DIRECTORY_USER_NAME: ${DS_DIRECTORY_USER_NAME}
      DS_DIRECTORY_USER_PASS: ${DS_DIRECTORY_USER_PASS}
-      DS_DIRECTORY_USER_TOKEN: ${DS_DIRECTORY_USER_TOKEN}
-      DS_TIMER_CRON: ${DS_TIMER_CRON:-30 22 * * *}
+      DS_TIMER_CRON: ${DS_TIMER_CRON:-0 22 * * *}
      DS_DIRECTORY_ALLOW_STAR_MODEL: ${DS_DIRECTORY_ALLOW_STAR_MODEL:-true}
      DS_DIRECTORY_MOCK: ${DS_DIRECTORY_MOCK}
      DS_DIRECTORY_DEFAULT_COLLECTION_ID: ${DS_DIRECTORY_DEFAULT_COLLECTION_ID}
@@ -17,6 +16,3 @@ services:
      DS_IMPORT_COLLECTIONS: ${DS_IMPORT_COLLECTIONS:-true}
    depends_on:
      - "blaze"
-    volumes:
-      - /etc/localtime:/etc/localtime:ro # inherit host timezone
-      - /etc/timezone:/etc/timezone:ro   # inherit host timezone name
--- a/bbmri/modules/eric-compose.yml
+++ b/bbmri/modules/eric-compose.yml
@@ -11,7 +11,6 @@ services:
      BLAZE_URL: "http://blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy-eric:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
-      OBFUSCATE_BBMRI_ERIC_WAY: "true"
    depends_on:
      - "beam-proxy-eric"
      - "blaze"
--- a/6
+++ b/6
@@ -35,9 +35,6 @@ case "$PROJECT" in
 	cce)
 		#nothing extra to do
 		;;
-	pscc)
-		#nothing extra to do
-		;;
 	itcc)
 		#nothing extra to do
 		;;
@@ -47,9 +44,6 @@ case "$PROJECT" in
 	dhki)
 		#nothing extra to do
 		;;
-	nngm)
-		#nothing extra to do
-		;;
 	minimal)
 		#nothing extra to do
 		;;
--- a/cce/modules/lens-compose.yml
+++ b/cce/modules/lens-compose.yml
@@ -1,44 +1,32 @@
 version: "3.7"
 services:
-  lens:
+  landing:
    container_name: lens_federated-search
-    image: samply/cce-explorer:main
+    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
    labels:
-      - "traefik.http.services.lens.loadbalancer.server.port=3000"
      - "traefik.enable=true"
-      - "traefik.http.routers.lens.rule=Host(`${HOST}`)"
-      - "traefik.http.routers.lens.tls=true"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+      - "traefik.http.services.landing.loadbalancer.server.port=80"
+      - "traefik.http.routers.landing.tls=true"

  spot:
-    image: samply/rustyspot:latest
+    image: docker.verbis.dkfz.de/ccp-private/central-spot
    environment:
-      HTTP_PROXY: ${HTTP_PROXY_URL}
-      HTTPS_PROXY: ${HTTPS_PROXY_URL}
-      NO_PROXY: beam-proxy
      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-      BEAM_PROXY_URL: http://beam-proxy:8081
-      BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
-      CORS_ORIGIN: "https://${HOST}"
-      SITES: ${SITES}
-      TRANSFORM: LENS
-      PROJECT: cce
-      BIND_ADDR: 0.0.0.0:8055
+      BEAM_URL: http://beam-proxy:8081
+      BEAM_PROXY_ID: ${SITE_ID}
+      BEAM_BROKER_ID: ${BROKER_ID}
+      BEAM_APP_ID: "focus"
    depends_on:
      - "beam-proxy"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.services.spot.loadbalancer.server.port=8055"
+      - "traefik.http.services.spot.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
+      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
+      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
      - "traefik.http.routers.spot.tls=true"
      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
-
-  beam-proxy:
-    environment:
-      APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      
--- a/ccp/modules/dnpm-node-compose.yml
+++ b/ccp/modules/dnpm-node-compose.yml
@@ -66,7 +66,6 @@ services:
      - HATEOAS_HOST=https://${HOST}
      - CONNECTOR_TYPE=broker
      - AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000
-      - TZ=Europe/Berlin
    volumes:
      - /etc/bridgehead/dnpm/config:/dnpm_config
      - /var/cache/bridgehead/dnpm/backend-data:/dnpm_data
--- a/itcc/docker-compose.yml
+++ b/itcc/docker-compose.yml
@@ -34,7 +34,6 @@ services:
      EPSILON: 0.28
      QUERIES_TO_CACHE: '/queries_to_cache.conf'
      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
-      CQL_PROJECTS_ENABLED: "itcc"
    volumes:
      - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
    depends_on:
--- a/itcc/modules/lens-compose.yml
+++ b/itcc/modules/lens-compose.yml
@@ -17,7 +17,6 @@ services:
      BEAM_PROXY_ID: ${SITE_ID}
      BEAM_BROKER_ID: ${BROKER_ID}
      BEAM_APP_ID: "focus"
-      PROJECT_METADATA: "itcc"
    depends_on:
      - "beam-proxy"
    labels:
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -54,7 +54,7 @@ checkOwner(){

 printUsage() {
 	echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|check|install|uninstall|adduser|enroll PROJECTNAME"
-	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki|nngm"
+	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki"
 }

 checkRequirements() {
@@ -327,7 +327,7 @@ function sync_secrets() {
        -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
        -e PROXY_ID=$proxy_id \
        -e BROKER_URL=$broker_url \
-        -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
+        -e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \
        -e SECRET_DEFINITIONS=$secret_sync_args \
        docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest

@@ -337,7 +337,7 @@ function sync_secrets() {
 }

 function secret_sync_gitlab_token() {
-    if [[ "$PROJECT" != "dktk" && "$PROJECT" != "bbmri" ]]; then
+    if [ "$PROJECT" == "minimal" ]; then
        log "INFO" "Not running Secret Sync for project minimal"
        return
    fi
--- a/lib/prepare-system.sh
+++ b/lib/prepare-system.sh
@@ -55,9 +55,6 @@ case "$PROJECT" in
 	cce)
 		site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/"
 		;;
-	pscc)
-		site_configuration_repository_middle="git.verbis.dkfz.de/pscc-sites/"
-		;;
 	itcc)
 		site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/"
        ;;
@@ -70,9 +67,6 @@ case "$PROJECT" in
 	dhki)
 		site_configuration_repository_middle="git.verbis.dkfz.de/dhki/"
 		;;
-	nngm)
-		site_configuration_repository_middle="git.verbis.dkfz.de/nngm/"
-		;;
 	minimal)
 		site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/"
 		;;
--- a/minimal/modules/dnpm-node-compose.yml
+++ b/minimal/modules/dnpm-node-compose.yml
@@ -66,7 +66,6 @@ services:
      - HATEOAS_HOST=https://${HOST}
      - CONNECTOR_TYPE=broker
      - AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000
-      - TZ=Europe/Berlin
    volumes:
      - /etc/bridgehead/dnpm/config:/dnpm_config
      - /var/cache/bridgehead/dnpm/backend-data:/dnpm_data
--- a/nngm/docker-compose.yml
+++ b/nngm/docker-compose.yml
@@ -1,65 +0,0 @@
-version: "3.7"
-
-services:
-  blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
-    container_name: bridgehead-nngm-blaze
-    environment:
-      BASE_URL: "http://bridgehead-nngm-blaze:8080"
-      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
-      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
-      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
-      ENFORCE_REFERENTIAL_INTEGRITY: "false"
-    volumes:
-      - "blaze-data:/app/data"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.blaze_nngm.rule=PathPrefix(`/nngm-localdatamanagement`)"
-      - "traefik.http.middlewares.nngm_b_strip.stripprefix.prefixes=/nngm-localdatamanagement"
-      - "traefik.http.services.blaze_nngm.loadbalancer.server.port=8080"
-      - "traefik.http.routers.blaze_nngm.middlewares=nngm_b_strip,auth"
-      - "traefik.http.routers.blaze_nngm.tls=true"
-
-  focus:
-    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
-    container_name: bridgehead-focus
-    environment:
-    - API_KEY=${FOCUS_BEAM_SECRET_SHORT}
-    - BEAM_APP_ID_LONG=focus.${PROXY_ID}
-    - PROXY_ID=${PROXY_ID}
-    - BLAZE_URL=http://bridgehead-nngm-blaze:8080/fhir/
-    - BEAM_PROXY_URL=http://beam-proxy:8081
-    - RETRY_COUNT=${FOCUS_RETRY_COUNT}
-    - EPSILON=0.28
-    - ENDPOINT_TYPE=${FOCUS_ENDPOINT_TYPE:-blaze}
-    - CQL_PROJECTS_ENABLED
-    depends_on:
-      - "beam-proxy"
-      - "blaze"
-
-  beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
-    container_name: bridgehead-beam-proxy
-    environment:
-      BROKER_URL: ${BROKER_URL}
-      PROXY_ID: ${PROXY_ID}
-      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      PRIVKEY_FILE: /run/secrets/proxy.pem
-      ALL_PROXY: http://forward_proxy:3128
-      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
-      ROOTCERT_FILE: /conf/root.crt.pem
-    secrets:
-      - proxy.pem
-    depends_on:
-      - "forward_proxy"
-    volumes:
-      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/nngm/root.crt.pem:/conf/root.crt.pem:ro
-
-volumes:
-  blaze-data:
-
-secrets:
-  proxy.pem:
-    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
--- a/nngm/modules/exporter-compose.yml
+++ b/nngm/modules/exporter-compose.yml
@@ -1,72 +0,0 @@
-version: "3.7"
-
-services:
-  exporter:
-    image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
-    container_name: bridgehead-nngm-exporter
-    environment:
-      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
-      LOG_LEVEL: "INFO"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
-      CROSS_ORIGINS: "https://${HOST}"
-      EXPORTER_DB_USER: "exporter"
-      EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
-      EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
-      HTTP_RELATIVE_PATH: "/nngm-exporter"
-      SITE: "${SITE_ID}"
-      HTTP_SERVLET_REQUEST_SCHEME: "https"
-      OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.exporter_nngm.rule=PathPrefix(`/nngm-exporter`)"
-      - "traefik.http.services.exporter_nngm.loadbalancer.server.port=8092"
-      - "traefik.http.routers.exporter_nngm.tls=true"
-      - "traefik.http.middlewares.exporter_nngm_strip.stripprefix.prefixes=/nngm-exporter"
-      - "traefik.http.routers.exporter_nngm.middlewares=exporter_nngm_strip"
-    volumes:
-      - "/var/cache/bridgehead/nngm/exporter-files:/app/exporter-files/output"
-
-  exporter-db:
-    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
-    container_name: bridgehead-nngm-exporter-db
-    environment:
-      POSTGRES_USER: "exporter"
-      POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
-      POSTGRES_DB: "exporter"
-    volumes:
-      # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
-      - "/var/cache/bridgehead/nngm/exporter-db:/var/lib/postgresql/data"
-
-  reporter:
-    image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
-    container_name: bridgehead-nngm-reporter
-    environment:
-      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
-      LOG_LEVEL: "INFO"
-      CROSS_ORIGINS: "https://${HOST}"
-      HTTP_RELATIVE_PATH: "/nngm-reporter"
-      SITE: "${SITE_ID}"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
-      EXPORTER_URL: "http://exporter:8092"
-      LOG_FHIR_VALIDATION: "false"
-      HTTP_SERVLET_REQUEST_SCHEME: "https"
-
-    # In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
-    # However, in the first executions in the CCP sites, this volume seems to be very important. A report is
-    # a process that can take several hours, because it depends on the exporter.
-    # There is a risk that the bridgehead restarts, losing the already created export.
-
-    volumes:
-      - "/var/cache/bridgehead/nngm/reporter-files:/app/reports"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.reporter_nngm.rule=PathPrefix(`/nngm-reporter`)"
-      - "traefik.http.services.reporter_nngm.loadbalancer.server.port=8095"
-      - "traefik.http.routers.reporter_nngm.tls=true"
-      - "traefik.http.middlewares.reporter_nngm_strip.stripprefix.prefixes=/nngm-reporter"
-      - "traefik.http.routers.reporter_nngm.middlewares=reporter_nngm_strip"
-
-  focus:
-    environment:
-      EXPORTER_URL: "http://exporter:8092"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
--- a/nngm/modules/exporter-setup.sh
+++ b/nngm/modules/exporter-setup.sh
@@ -1,8 +0,0 @@
-#!/bin/bash -e
-
-if [ "$ENABLE_EXPORTER" == true ]; then
-  log INFO "Exporter setup detected -- will start Exporter service."
-  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
-  EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
-fi
--- a/nngm/modules/teiler-compose.yml
+++ b/nngm/modules/teiler-compose.yml
@@ -1,73 +0,0 @@
-version: "3.7"
-
-services:
-
-  teiler-orchestrator:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
-    container_name: bridgehead-teiler-orchestrator
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_orchestrator_nngm.rule=PathPrefix(`/nngm-teiler`)"
-      - "traefik.http.services.teiler_orchestrator_nngm.loadbalancer.server.port=9000"
-      - "traefik.http.routers.teiler_orchestrator_nngm.tls=true"
-      - "traefik.http.middlewares.teiler_orchestrator_nngm_strip.stripprefix.prefixes=/nngm-teiler"
-      - "traefik.http.routers.teiler_orchestrator_nngm.middlewares=teiler_orchestrator_nngm_strip"
-    environment:
-      TEILER_BACKEND_URL: "/nngm-teiler-backend"
-      TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard"
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
-      HTTP_RELATIVE_PATH: "/nngm-teiler"
-
-  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
-    container_name: bridgehead-teiler-dashboard
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_dashboard_nngm.rule=PathPrefix(`/nngm-teiler-dashboard`)"
-      - "traefik.http.services.teiler_dashboard_nngm.loadbalancer.server.port=80"
-      - "traefik.http.routers.teiler_dashboard_nngm.tls=true"
-      - "traefik.http.middlewares.teiler_dashboard_nngm_strip.stripprefix.prefixes=/nngm-teiler-dashboard"
-      - "traefik.http.routers.teiler_dashboard_nngm.middlewares=teiler_dashboard_nngm_strip"
-    environment:
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      TEILER_BACKEND_URL: "/nngm-teiler-backend"
-      TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard"
-      OIDC_URL: "${OIDC_URL}"
-      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
-      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
-      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
-      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
-      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
-      TEILER_PROJECT: "${PROJECT}"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
-      TEILER_ORCHESTRATOR_URL: "/nngm-teiler"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler"
-      TEILER_USER: "${OIDC_USER_GROUP}"
-      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
-      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
-      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
-
-
-# TODO: Replace dktk-teiler-backend with nngm-teiler-backend
-  teiler-backend:
-    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
-    container_name: bridgehead-teiler-backend
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_backend_nngm.rule=PathPrefix(`/nngm-teiler-backend`)"
-      - "traefik.http.services.teiler_backend_nngm.loadbalancer.server.port=8085"
-      - "traefik.http.routers.teiler_backend_nngm.tls=true"
-      - "traefik.http.middlewares.teiler_backend_nngm_strip.stripprefix.prefixes=/nngm-teiler-backend"
-      - "traefik.http.routers.teiler_backend_nngm.middlewares=teiler_backend_nngm_strip"
-    environment:
-      LOG_LEVEL: "INFO"
-      APPLICATION_PORT: "8085"
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler"
-      TEILER_ORCHESTRATOR_URL: "/nngm-teiler"
-      TEILER_DASHBOARD_DE_URL: "/nngm-teiler-dashboard/de"
-      TEILER_DASHBOARD_EN_URL: "/nngm-teiler-dashboard/en"
-      HTTP_PROXY: "http://forward_proxy:3128"
-      ENABLE_MTBA: "${ENABLE_MTBA}"
-      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
-      IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active
--- a/nngm/modules/teiler-setup.sh
+++ b/nngm/modules/teiler-setup.sh
@@ -1,8 +0,0 @@
-#!/bin/bash -e
-
-if [ "$ENABLE_TEILER" == true ];then
-  log INFO "Teiler setup detected -- will start Teiler services."
-  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
-  TEILER_DEFAULT_LANGUAGE=DE
-  TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
-fi
--- a/nngm/root.crt.pem
+++ b/nngm/root.crt.pem
@@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIUWHMDQFPJR5y8RKZ5FC72iOOla4kwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMDI3MTQwMjU1WhcNMzUx
-MDI1MTQwMzI1WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKoghRqAo6s9xjDao+ZC9HpZDBgzOgRMRHrl352k
-Y0Gti1p3m8ldwVQV+nlBE6g/Dowo+iaOwUBiHMHOI2BK7vqkGNp0tZ63ZKR4cyOD
-hCDOl71lWxjYD5XmF7l/SbrLFfET0EEorhLDDOMuWrNpxKFfKdvhld6K5BZ3oSfH
-/5W5y5jWRFWEYRzddzil2GOiU2vzAygA0I1nr5oHCgZoteDDXztAYHJ5vnPA9RNQ
-YFoe/5fVOiJo869zYyBwMuY/dV5ff7eIe/HRKzFLZ6iJEOJcBFWx/aWEvj5gSWxS
-x4OzkwoHsZOkRN9wSTXvdO5kPFzmPq8Nq7Hmw4tLVzP1eRECAwEAAaN7MHkwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP9BHa86rz94
-nvMj2JhM5V3L3TWCMB8GA1UdIwQYMBaAFP9BHa86rz94nvMj2JhM5V3L3TWCMBYG
-A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCkWBXRUGx5
-XFWEEAVbAMcEuXAr6+HtSs+NTORQ01LhNST8Z9HhOaAjfH/dJiLvOjHvOuiOK9y9
-ZGkIIwqkkbhlv1ZcfQBWXh+xDNbq9Q2MaIWY3ZzPTKFgNkxFcEF43MMB+o5pK1Bf
-jJIiSxuEfM0yHg9o+jc3V3XRhU9leXNPkfJezTGfVuWr/B/kTmnQ8zrOCapB+NnX
-vuu1ayNyXflDkj8Gg0X4TarxGhSP6Dpxd9ViEQD9DFG8q42bH0mYveHcAIUN0FJX
-4F2NChiL7dCSFFe6xKdRFDtNe12JrHRjU1rMAcxhYjBRbqt2o2HfDPajSJrhRheY
-T35rRWxDupkP
-----END CERTIFICATE-----
--- a/nngm/vars
+++ b/nngm/vars
@@ -1,32 +0,0 @@
-BROKER_ID=broker.nngm.dkfz.de
-BROKER_URL=https://${BROKER_ID}
-PROXY_ID=${SITE_ID}.${BROKER_ID}
-FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
-# TODO: Add real nNGM-Support email
-SUPPORT_EMAIL=support-nngm@dkfz-heidelberg.de
-PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
-
-BROKER_URL_FOR_PREREQ=$BROKER_URL
-
-# TODO: Replace with nNGM OIDC Server
-OIDC_USER_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})"
-OIDC_ADMIN_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_Verwalter"
-OIDC_PSP_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_PSP"
-OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
-OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
-OIDC_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PUBLIC_CLIENT_ID}/"
-OIDC_PRIVATE_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PRIVATE_CLIENT_ID}/"
-OIDC_GROUP_CLAIM="groups"
-
-for module in $PROJECT/modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done
-
-for module in modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done
--- a/pscc/docker-compose.yml
+++ b/pscc/docker-compose.yml
@@ -1,67 +0,0 @@
-version: "3.7"
-
-services:
-  blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
-    container_name: bridgehead-pscc-blaze
-    environment:
-      BASE_URL: "http://bridgehead-pscc-blaze:8080"
-      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
-      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
-      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
-      ENFORCE_REFERENTIAL_INTEGRITY: "false"
-    volumes:
-      - "blaze-data:/app/data"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
-      - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
-      - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
-      - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip,auth"
-      - "traefik.http.routers.blaze_pscc.tls=true"
-
-  focus:
-    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
-    container_name: bridgehead-focus
-    environment:
-      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      BEAM_APP_ID_LONG: focus.${PROXY_ID}
-      PROXY_ID: ${PROXY_ID}
-      BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
-      BEAM_PROXY_URL: http://beam-proxy:8081
-      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
-      EPSILON: 0.28
-      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
-    depends_on:
-      - "beam-proxy"
-      - "blaze"
-
-  beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
-    container_name: bridgehead-beam-proxy
-    environment:
-      BROKER_URL: ${BROKER_URL}
-      PROXY_ID: ${PROXY_ID}
-      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      PRIVKEY_FILE: /run/secrets/proxy.pem
-      ALL_PROXY: http://forward_proxy:3128
-      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
-      ROOTCERT_FILE: /conf/root.crt.pem
-    secrets:
-      - proxy.pem
-    depends_on:
-      - "forward_proxy"
-    volumes:
-      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
-
-  landing:
-    profiles: [deactivated]
-
-volumes:
-  blaze-data:
-
-secrets:
-  proxy.pem:
-    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
--- a/pscc/modules/lens-compose.yml
+++ b/pscc/modules/lens-compose.yml
@@ -1,40 +0,0 @@
-version: "3.7"
-services:
-  lens:
-    container_name: lens-federated-search
-    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
-    labels:
-      - "traefik.http.services.lens.loadbalancer.server.port=3000"
-      - "traefik.enable=true"
-      - "traefik.http.routers.lens.rule=Host(`${HOST}`)"
-      - "traefik.http.routers.lens.tls=true"
-
-  spot:
-    image: samply/rustyspot:latest
-    platform: linux/amd64
-    environment:
-      HTTP_PROXY: ${HTTP_PROXY_URL}
-      HTTPS_PROXY: ${HTTPS_PROXY_URL}
-      NO_PROXY: beam-proxy
-      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-      BEAM_PROXY_URL: http://beam-proxy:8081
-      BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
-      CORS_ORIGIN: "https://${HOST}"
-      SITES: ${SITES}
-      TRANSFORM: LENS
-      PROJECT: pscc
-      BIND_ADDR: 0.0.0.0:8055
-    depends_on:
-      - "beam-proxy"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.spot.loadbalancer.server.port=8055"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
-      - "traefik.http.routers.spot.tls=true"
-      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
--- a/pscc/modules/lens-setup.sh
+++ b/pscc/modules/lens-setup.sh
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_LENS" ];then
-  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
-fi
--- a/pscc/root.crt.pem
+++ b/pscc/root.crt.pem
@@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIUVC1Y1tx0q5PNR33gArAyyBm8PMQwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMTAzMTQxODQ5WhcNMzUx
-MTAxMTQxOTE5WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMB1yd7zkh7Io/ReQYindBcAdA1b4ogdVnrdSLRN
-N3zLSh6jN5KIXgs34BdRXx0so0m96q+9xlgacTXGRBn1Tu5SKMRyXdxnCLMzHAYU
-rNKhqF5HeZCYkVyh/tsAyFfDwZDVzsdX64V+0r5+raev2X0gJnlgmF83DIKjkVUS
-2+c+3BnXa9LOdXks0qygJjvaFyi+5MA3DinLnmMLCQ3yAvaZYWyP3xCnGIoVrZFq
-a+YioMCmHrbByuXPoZsXcFY7Z85LQkCtSVt1dH4kkN2/JehXG099nqwMqO8FpLZZ
-xG7/U3P/slX1MMLs97nqRCRoW7Cha2ci1NBYLll+34ekhxMCAwEAAaN7MHkwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJHTpnuyIGHw
-yvC/mmh+S/JKYVrAMB8GA1UdIwQYMBaAFJHTpnuyIGHwyvC/mmh+S/JKYVrAMBYG
-A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAeDc/k28yb
-I5MLC/LdaA+MKsW2FWF9HT+tsbtltTaQIRnnkwfU/40Ius3gzUU5z+kPqq5+kxhy
-3T646Rbau85Zw24gdNmiVKAAG5ntKoQ7XnyR/06PYyXNGLqnb6aKvbcIPoWtU/+2
-8f5hHdQ/4271aHws7dKcBNWu9V5WmxMZ3YTfnBR5lEda+DhVwHqtmun8EpSbwthD
-aLLIOHJpetr+KWUVFHQdGbO23Qg1Else0Akcn5Gzf/sKkVCVxjHE6jeo4ZwHtstG
-KMoff+ETC+DL5kMZ4CV5VaQ4HxVK7N0qiUxmijWe+EyRZseum1c0s2OEi2L52Q9K
-P4N3yD4ed4p/
-----END CERTIFICATE-----
--- a/pscc/vars
+++ b/pscc/vars
@@ -1,14 +0,0 @@
-BROKER_ID=broker.pscc.org
-BROKER_URL=https://${BROKER_ID}
-PROXY_ID=${SITE_ID}.${BROKER_ID}
-FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
-SUPPORT_EMAIL=denis.koether@dkfz-heidelberg.de
-PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
-BROKER_URL_FOR_PREREQ=$BROKER_URL
-
-for module in $PROJECT/modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done
--- a/versions/acceptance
+++ b/versions/acceptance
@@ -1,6 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
-BLAZE_TAG=0.32
+BLAZE_TAG=main
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
 MTBA_TAG=develop
--- a/versions/test
+++ b/versions/test
@@ -1,6 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
-BLAZE_TAG=0.32
+BLAZE_TAG=main
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
 MTBA_TAG=develop
Author	SHA1	Message	Date
Jan	f50b4237d4	Merge pull request #352 from samply/develop Release	2025-10-22 10:09:56 +02:00
Jan	0838851993	Merge pull request #345 from samply/develop Develop main	2025-09-30 14:58:20 +02:00
Jan	af3b7cc3a2	Merge pull request #338 from samply/develop Develop Main	2025-08-20 11:10:18 +02:00
Jan	fad2283e6d	Merge pull request #334 from samply/develop Develop Main	2025-07-25 11:27:14 +02:00
Jan	ecbef2cd0c	Merge pull request #331 from samply/develop Develop to Main	2025-07-24 16:15:05 +02:00
Jan	66fe90ff98	Merge pull request #314 from samply/develop	2025-06-11 11:29:09 +02:00
Jan	03b520bfcc	Merge pull request #308 from samply/develop	2025-05-21 15:45:39 +02:00
Jan	4082292f99	Merge pull request #306 from samply/develop	2025-05-20 11:52:02 +02:00
Martin Lablans	e22ac4b066	Merge pull request #300 from samply/develop Merge develop into main	2025-05-09 09:31:47 +02:00
Jan	cd38957dd7	Merge pull request #289 from samply/develop Merge develop into main	2025-04-15 10:17:11 +02:00
Jan	4ef585bfc5	Merge pull request #281 from samply/develop Merge develop into main	2025-03-17 10:02:58 +01:00
Torben Brenner	6ca67ca082	Merge pull request #270 from samply/develop	2025-02-20 15:46:40 +01:00