add rusty spot

* added: Teiler Dashboard Version

* added: MTBA Version

* added: beam proxy tag version

README.md

@@ -85,6 +85,8 @@ The following URLs need to be accessible (prefix with `https://`):
     * hub.docker.com
     * registry-1.docker.io
     * production.cloudflare.docker.com
+  * GitHub Container Registry - (for use of DNPM:DIP)
+    * ghcr.io
 * To report bridgeheads operational status
   * healthchecks.verbis.dkfz.de
 * only for DKTK/CCP
@@ -95,7 +97,7 @@ The following URLs need to be accessible (prefix with `https://`):
 * only for German Biobank Node
   * broker.bbmri.de
 
-> 📝 This URL list is subject to change. Instead of the individual names, we highly recommend whitelisting wildcard domains: *.dkfz.de, github.com, *.docker.com, *.docker.io, *.samply.de, *.bbmri.de.
+> 📝 This URL list is subject to change. Instead of the individual names, we highly recommend whitelisting wildcard domains: *.dkfz.de, github.com, *.docker.com, *.docker.io, *.ghcr.io, *.samply.de, *.bbmri.de.
 
 > 📝 Ubuntu's pre-installed uncomplicated firewall (ufw) is known to conflict with Docker, more info [here](https://github.com/chaifeng/ufw-docker).
 

bbmri/modules/teiler-compose.yml

@@ -19,7 +19,7 @@ services:
       HTTP_RELATIVE_PATH: "/bbmri-teiler"
 
   teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
     container_name: bridgehead-teiler-dashboard
     labels:
       - "traefik.enable=true"

cce/modules/pscc-compose.yml

@@ -1,65 +0,0 @@
-version: "3.7"
-
-services:
-  blaze-pscc:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
-    container_name: bridgehead-pscc-blaze
-    environment:
-      BASE_URL: "http://bridgehead-pscc-blaze:8080"
-      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
-      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
-      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
-      ENFORCE_REFERENTIAL_INTEGRITY: "false"
-    volumes:
-      - "blaze-data-pscc:/app/data"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
-      - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
-      - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
-      - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip"
-      - "traefik.http.routers.blaze_pscc.tls=true"
-
-  focus-pscc:
-    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
-    container_name: bridgehead-pscc-focus
-    environment:
-      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      BEAM_APP_ID_LONG: focus.${PROXY_ID_PSCC}
-      PROXY_ID: ${PROXY_ID_PSCC}
-      BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
-      BEAM_PROXY_URL: http://beam-proxy-pscc:8081
-      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
-      EPSILON: 0.28
-      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
-    depends_on:
-      - "beam-proxy"
-      - "blaze"
-
-  beam-proxy-pscc:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
-    container_name: bridgehead-pscc-beam-proxy
-    environment:
-      BROKER_URL: ${BROKER_URL_PSCC}
-      PROXY_ID: ${PROXY_ID_PSCC}
-      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      PRIVKEY_FILE: /run/secrets/proxy.pem
-      ALL_PROXY: http://forward_proxy:3128
-      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
-      ROOTCERT_FILE: /conf/root.crt.pem
-    secrets:
-      - proxy.pem
-    depends_on:
-      - "forward_proxy"
-    volumes:
-      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
-
-
-volumes:
-  blaze-data-pscc:
-
-secrets:
-  proxy.pem:
-    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem

cce/modules/pscc-setup.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_PSCC" ];then
-  OVERRIDE+=" -f ./$PROJECT/modules/pscc-compose.yml"
-fi

cce/modules/teiler-compose.yml

@@ -19,7 +19,7 @@ services:
       HTTP_RELATIVE_PATH: "/cce-teiler"
 
   teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
     container_name: bridgehead-teiler-dashboard
     labels:
       - "traefik.enable=true"

cce/vars

@@ -1,9 +1,6 @@
 BROKER_ID=test-no-real-data.broker.samply.de
-BROKER_ID_PSCC=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
-BROKER_URL_PSCC=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
-PROXY_ID_PSCC=${SITE_ID}.${BROKER_ID_PSCC}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de

ccp/modules/dnpm-node-compose.yml

@@ -43,7 +43,7 @@ services:
       - "traefik.http.routers.dnpm-auth.tls=true"
 
   dnpm-portal:
-    image: ghcr.io/dnpm-dip/portal:{DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/portal:${DNPM_IMAGE_TAG:-latest}
     container_name: bridgehead-dnpm-portal
     environment:
       - NUXT_API_URL=http://dnpm-backend:9000/
@@ -58,7 +58,7 @@ services:
 
   dnpm-backend:
     container_name: bridgehead-dnpm-backend
-    image: ghcr.io/dnpm-dip/backend:{DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/api-gateway:latest
     environment:
       - LOCAL_SITE=${ZPM_SITE}:${SITE_NAME}   # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
       - RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}

ccp/modules/mtba-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   mtba:
-    image: docker.verbis.dkfz.de/cache/samply/mtba:develop
+    image: docker.verbis.dkfz.de/cache/samply/mtba:${MTBA_TAG}
     container_name: bridgehead-mtba
     environment:
       BLAZE_STORE_URL: http://blaze:8080

ccp/modules/teiler-compose.yml

@@ -19,7 +19,7 @@ services:
       HTTP_RELATIVE_PATH: "/ccp-teiler"
 
   teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
     container_name: bridgehead-teiler-dashboard
     labels:
       - "traefik.enable=true"

dhki/docker-compose.yml

@@ -39,7 +39,7 @@ services:
       - "blaze"
 
   beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
     container_name: bridgehead-beam-proxy
     environment:
       BROKER_URL: ${BROKER_URL}

dhki/vars

@@ -23,4 +23,5 @@ do
     source $module
 done
 
-transfairSetup
+transfairSetup
+scoutSetup

kr/docker-compose.yml

@@ -40,7 +40,7 @@ services:
       - "blaze"
 
   beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
     container_name: bridgehead-beam-proxy
     environment:
       BROKER_URL: ${BROKER_URL}

kr/modules/teiler-compose.yml

@@ -19,7 +19,7 @@ services:
       HTTP_RELATIVE_PATH: "/kr-teiler"
 
   teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
     container_name: bridgehead-teiler-dashboard
     labels:
       - "traefik.enable=true"

minimal/modules/dnpm-node-compose.yml

@@ -43,7 +43,7 @@ services:
       - "traefik.http.routers.dnpm-auth.tls=true"
 
   dnpm-portal:
-    image: ghcr.io/dnpm-dip/portal:{DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/portal:${DNPM_IMAGE_TAG:-latest}
     container_name: bridgehead-dnpm-portal
     environment:
       - NUXT_API_URL=http://dnpm-backend:9000/
@@ -58,7 +58,7 @@ services:
 
   dnpm-backend:
     container_name: bridgehead-dnpm-backend
-    image: ghcr.io/dnpm-dip/backend:{DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/api-gateway:latest
     environment:
       - LOCAL_SITE=${ZPM_SITE}:${SITE_NAME}   # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
       - RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}

modules/scout-compose.yml

@@ -0,0 +1,40 @@
+volumes:
+  scout-blaze-data:
+
+services:
+  traefik:
+    labels:
+      - "traefik.http.middlewares.additional-users-auth.basicauth.users=${SCOUT_BASIC_AUTH_USERS}"
+
+  scout-blaze:
+    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    container_name: bridgehead-scout-blaze
+    environment:
+      BASE_URL: "http://bridgehead-scout-blaze:8080"
+      ENFORCE_REFERENTIAL_INTEGRITY: "false"
+    volumes:
+      - "scout-blaze-data:/app/data"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.scout-blaze.rule=PathPrefix(`/scout-blaze`)"
+      - "traefik.http.middlewares.scout-blaze-stripprefix.stripprefix.prefixes=/scout-blaze"
+      - "traefik.http.services.scout-blaze.loadbalancer.server.port=8080"
+      - "traefik.http.routers.scout-blaze.middlewares=scout-blaze-stripprefix,additional-users-auth"
+      - "traefik.http.routers.scout-blaze.tls=true"
+
+  scout:
+    image: samply/scout:main
+    container_name: bridgehead-scout
+    configs:
+      - scout.toml
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.scout.rule=PathPrefix(`/scout`)"
+      - "traefik.http.services.scout.loadbalancer.server.port=8080"
+      - "traefik.http.routers.scout.middlewares=additional-users-auth"
+      - "traefik.http.routers.scout.tls=true"
+
+configs:
+  scout.toml:
+    content: |
+      fhir_base_url = "http://scout-blaze:8080/fhir"

modules/scout-setup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+function scoutSetup() {
+    if [[ -n "$ENABLE_SCOUT" && -n "$SCOUT_BASIC_AUTH_USERS" ]]; then
+        echo "Starting scout."
+	    OVERRIDE+=" -f ./modules/scout-compose.yml"
+    fi
+}

modules/transfair-compose.yml

@@ -10,7 +10,7 @@ services:
       - TTP_GW_SOURCE
       - TTP_GW_EPIX_DOMAIN
       - TTP_GW_GPAS_DOMAIN
-      - TTP_TYPE
+      - TTP_GW_GPAS_URL
       - TTP_AUTH
       - PROJECT_ID_SYSTEM
       - FHIR_REQUEST_URL=${FHIR_REQUEST_URL}
@@ -26,6 +26,7 @@ services:
       - TLS_DISABLE=${TRANSFAIR_TLS_DISABLE:-false}
       - NO_PROXY=${TRANSFAIR_NO_PROXIES}
       - ALL_PROXY=http://forward_proxy:3128
+    command: dic ${TTP_TYPE}
     volumes:
       - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
       - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro

pscc/modules/lens-compose.yml

@@ -10,25 +10,36 @@ services:
       - "traefik.http.routers.landing.middlewares=auth"
       - "traefik.http.routers.landing.tls=true"
 
-#  spot:
-#    image: docker.verbis.dkfz.de/ccp-private/central-spot
-#    environment:
-#      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-#      BEAM_URL: http://beam-proxy:8081
-#      BEAM_PROXY_ID: ${SITE_ID}
-#      BEAM_BROKER_ID: ${BROKER_ID}
-#      BEAM_APP_ID: "focus"
-#      PROJECT_METADATA: "cce_supervisors"
-#    depends_on:
-#      - "beam-proxy"
-#    labels:
-#      - "traefik.enable=true"
-#      - "traefik.http.services.spot.loadbalancer.server.port=8080"
-#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
-#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
-#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-#      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
-#      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
-#      - "traefik.http.routers.spot.tls=true"
-#      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
+  spot:
+    image: samply/rustyspot:main
+    platform: linux/amd64
+    ports:
+      - "8055:8055"
+    environment:
+      HTTP_PROXY: ${http_proxy}
+      HTTPS_PROXY: ${https_proxy}
+      NO_PROXY: beam-proxy
+      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
+      BEAM_PROXY_URL: http://beam-proxy:8081
+      BEAM_APP_ID: "focus"
+      CORS_ORIGIN: "https://${GUI_HOST}"
+      SITES: "pscc-dkfz"
+      TRANSFORM: LENS
+      BIND_ADDR: 0.0.0.0:8055
+      RUST_LOG: "debug"
+      LOG_FILE: /logs/requests.log
+    volumes:
+      - ./logs:/logs
+    depends_on:
+      - "beam-proxy"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.spot.loadbalancer.server.port=8080"
+      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
+      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
+      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
+      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
+      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
+      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
+      - "traefik.http.routers.spot.tls=true"
+      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"

versions/acceptance

@@ -1,4 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
 BLAZE_TAG=main
-POSTGRES_TAG=15.13-alpine
+POSTGRES_TAG=15.13-alpine
+TEILER_DASHBOARD_TAG=develop
+MTBA_TAG=develop

versions/prod

@@ -1,4 +1,6 @@
 FOCUS_TAG=main
 BEAM_TAG=main
 BLAZE_TAG=0.32
-POSTGRES_TAG=15.13-alpine
+POSTGRES_TAG=15.13-alpine
+TEILER_DASHBOARD_TAG=main
+MTBA_TAG=main

versions/test

@@ -1,4 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
 BLAZE_TAG=main
-POSTGRES_TAG=15.13-alpine
+POSTGRES_TAG=15.13-alpine
+TEILER_DASHBOARD_TAG=develop
+MTBA_TAG=develop