mtba: fallback to keycloak test server pending migration

feat: migrate PSP to Authentik (#329 )
feat(dnpm): allow setting custom dnpm image tag (#326 )
2025-09-11 14:51:22 +02:00 · 2025-07-24 09:25:16 +02:00 · 2025-07-24 09:25:16 +02:00 · 2025-07-24 09:25:16 +02:00 · 2025-07-24 09:25:16 +02:00 · 2025-07-24 09:25:16 +02:00
16 changed files with 88 additions and 23 deletions
--- a/README.md
+++ b/README.md
@@ -85,8 +85,6 @@ The following URLs need to be accessible (prefix with `https://`):
    * hub.docker.com
    * registry-1.docker.io
    * production.cloudflare.docker.com
  * GitHub Container Registry - (for use of DNPM:DIP)
    * ghcr.io
 * To report bridgeheads operational status
  * healthchecks.verbis.dkfz.de
 * only for DKTK/CCP
@@ -97,7 +95,7 @@ The following URLs need to be accessible (prefix with `https://`):
 * only for German Biobank Node
  * broker.bbmri.de
-> 📝 This URL list is subject to change. Instead of the individual names, we highly recommend whitelisting wildcard domains: *.dkfz.de, github.com, *.docker.com, *.docker.io, *.ghcr.io, *.samply.de, *.bbmri.de.
+> 📝 This URL list is subject to change. Instead of the individual names, we highly recommend whitelisting wildcard domains: *.dkfz.de, github.com, *.docker.com, *.docker.io, *.samply.de, *.bbmri.de.
 > 📝 Ubuntu's pre-installed uncomplicated firewall (ufw) is known to conflict with Docker, more info [here](https://github.com/chaifeng/ufw-docker).
--- a/bbmri/modules/teiler-compose.yml
+++ b/bbmri/modules/teiler-compose.yml
@@ -19,7 +19,7 @@ services:
      HTTP_RELATIVE_PATH: "/bbmri-teiler"
  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
--- a/cce/modules/pscc-compose.yml
+++ b/cce/modules/pscc-compose.yml
@@ -0,0 +1,65 @@
 version: "3.7"
 services:
  blaze-pscc:
    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
    container_name: bridgehead-pscc-blaze
    environment:
      BASE_URL: "http://bridgehead-pscc-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data-pscc:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
      - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
      - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip"
      - "traefik.http.routers.blaze_pscc.tls=true"
  focus-pscc:
    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
    container_name: bridgehead-pscc-focus
    environment:
      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      BEAM_APP_ID_LONG: focus.${PROXY_ID_PSCC}
      PROXY_ID: ${PROXY_ID_PSCC}
      BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy-pscc:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
      EPSILON: 0.28
      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
    depends_on:
      - "beam-proxy"
      - "blaze"
  beam-proxy-pscc:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
    container_name: bridgehead-pscc-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL_PSCC}
      PROXY_ID: ${PROXY_ID_PSCC}
      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
      ROOTCERT_FILE: /conf/root.crt.pem
    secrets:
      - proxy.pem
    depends_on:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
      - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
 volumes:
  blaze-data-pscc:
 secrets:
  proxy.pem:
    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
--- a/cce/modules/pscc-setup.sh
+++ b/cce/modules/pscc-setup.sh
@@ -0,0 +1,5 @@
 #!/bin/bash
 if [ -n "$ENABLE_PSCC" ];then
  OVERRIDE+=" -f ./$PROJECT/modules/pscc-compose.yml"
 fi
--- a/cce/modules/teiler-compose.yml
+++ b/cce/modules/teiler-compose.yml
@@ -19,7 +19,7 @@ services:
      HTTP_RELATIVE_PATH: "/cce-teiler"
  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
--- a/cce/vars
+++ b/cce/vars
@@ -1,6 +1,9 @@
 BROKER_ID=test-no-real-data.broker.samply.de
 BROKER_ID_PSCC=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
 BROKER_URL_PSCC=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 PROXY_ID_PSCC=${SITE_ID}.${BROKER_ID_PSCC}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de
--- a/ccp/modules/dnpm-node-compose.yml
+++ b/ccp/modules/dnpm-node-compose.yml
@@ -43,7 +43,7 @@ services:
      - "traefik.http.routers.dnpm-auth.tls=true"
  dnpm-portal:
-    image: ghcr.io/dnpm-dip/portal:${DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/portal:{DNPM_IMAGE_TAG:-latest}
    container_name: bridgehead-dnpm-portal
    environment:
      - NUXT_API_URL=http://dnpm-backend:9000/
@@ -58,7 +58,7 @@ services:
  dnpm-backend:
    container_name: bridgehead-dnpm-backend
-    image: ghcr.io/dnpm-dip/backend:${DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/backend:{DNPM_IMAGE_TAG:-latest}
    environment:
      - LOCAL_SITE=${ZPM_SITE}:${SITE_NAME}   # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
      - RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
--- a/ccp/modules/mtba-compose.yml
+++ b/ccp/modules/mtba-compose.yml
@@ -2,7 +2,7 @@ version: "3.7"
 services:
  mtba:
-    image: docker.verbis.dkfz.de/cache/samply/mtba:${MTBA_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/mtba:develop
    container_name: bridgehead-mtba
    environment:
      BLAZE_STORE_URL: http://blaze:8080
--- a/ccp/modules/teiler-compose.yml
+++ b/ccp/modules/teiler-compose.yml
@@ -19,7 +19,7 @@ services:
      HTTP_RELATIVE_PATH: "/ccp-teiler"
  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
--- a/dhki/docker-compose.yml
+++ b/dhki/docker-compose.yml
@@ -39,7 +39,7 @@ services:
      - "blaze"
  beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
--- a/kr/docker-compose.yml
+++ b/kr/docker-compose.yml
@@ -40,7 +40,7 @@ services:
      - "blaze"
  beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
--- a/kr/modules/teiler-compose.yml
+++ b/kr/modules/teiler-compose.yml
@@ -19,7 +19,7 @@ services:
      HTTP_RELATIVE_PATH: "/kr-teiler"
  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
--- a/minimal/modules/dnpm-node-compose.yml
+++ b/minimal/modules/dnpm-node-compose.yml
@@ -43,7 +43,7 @@ services:
      - "traefik.http.routers.dnpm-auth.tls=true"
  dnpm-portal:
-    image: ghcr.io/dnpm-dip/portal:${DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/portal:{DNPM_IMAGE_TAG:-latest}
    container_name: bridgehead-dnpm-portal
    environment:
      - NUXT_API_URL=http://dnpm-backend:9000/
@@ -58,7 +58,7 @@ services:
  dnpm-backend:
    container_name: bridgehead-dnpm-backend
-    image: ghcr.io/dnpm-dip/backend:${DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/backend:{DNPM_IMAGE_TAG:-latest}
    environment:
      - LOCAL_SITE=${ZPM_SITE}:${SITE_NAME}   # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
      - RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
--- a/versions/acceptance
+++ b/versions/acceptance
@@ -2,5 +2,3 @@ FOCUS_TAG=develop
 BEAM_TAG=develop
 BLAZE_TAG=main
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
 MTBA_TAG=develop
--- a/versions/prod
+++ b/versions/prod
@@ -2,5 +2,3 @@ FOCUS_TAG=main
 BEAM_TAG=main
 BLAZE_TAG=0.32
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=main
 MTBA_TAG=main
--- a/versions/test
+++ b/versions/test
@@ -2,5 +2,3 @@ FOCUS_TAG=develop
 BEAM_TAG=develop
 BLAZE_TAG=main
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
 MTBA_TAG=develop
Author	SHA1	Message	Date
djuarezgf	90d6993877	mtba: fallback to keycloak test server pending migration	2025-07-24 09:25:16 +02:00
djuarezgf	e037d8a8bc	feat: migrate PSP to Authentik (#329 )	2025-07-24 09:25:16 +02:00
Jan	930612221d	feat(dnpm): allow setting custom dnpm image tag (#326 )	2025-07-24 09:25:16 +02:00
djuarezgf	03e3260f68	Fixed: Authentik URL for Opal (#328 ) * Fixed: Authentik URL for Opal * Removed: Unnecessary OIDC config in CCE and BBMRI * KR with basic auth instead of OIDC	2025-07-24 09:25:16 +02:00
djuarezgf	64e53f0905	feat: migrate OIDC Configuration from Keycloak to Authentik (#327 ) * Change: Authentik instead of Keycloak in CCP Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> --------- Co-authored-by: Jan <59206115+Threated@users.noreply.github.com>	2025-07-24 09:25:16 +02:00
p.delpy@dkfz-heidelberg.de	1da0a35626	fix: add pscc changes	2025-07-03 07:27:15 +02:00