samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2026-04-17 20:50:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: samply:fix/traefik-dashboard-route
Branches Tags
samply:main samply:develop samply:ovis samply:feature/ml-itcc samply:fix/traefik-dashboard-route samply:feature/cce-enable-osiris2fhir samply:fix/alternative-proxy-handling samply:test/airgapped-blaze samply:test/airgapped-blaze-staging samply:mainzelliste-itcc samply:feat/proxy-escape-chars-readme samply:hotfix/secretsync samply:test/ast samply:feature/pscc-lens samply:feature/cce samply:feat/nngm samply:test/pscc-spot samply:hotfix/itcc samply:prototype/beamFile samply:timakro-patch-1 samply:feature/teiler-roles samply:test/opal5 samply:test/keycloak samply:feat/selinux samply:feature/remove-rstudio samply:test/teiler-dashboard samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration
..
compare: samply:feature/pscc-lens
Branches Tags
samply:main samply:develop samply:ovis samply:feature/ml-itcc samply:fix/traefik-dashboard-route samply:feature/cce-enable-osiris2fhir samply:fix/alternative-proxy-handling samply:test/airgapped-blaze samply:test/airgapped-blaze-staging samply:mainzelliste-itcc samply:feat/proxy-escape-chars-readme samply:hotfix/secretsync samply:test/ast samply:feature/pscc-lens samply:feature/cce samply:feat/nngm samply:test/pscc-spot samply:hotfix/itcc samply:prototype/beamFile samply:timakro-patch-1 samply:feature/teiler-roles samply:test/opal5 samply:test/keycloak samply:feat/selinux samply:feature/remove-rstudio samply:test/teiler-dashboard samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration

3 Commits
fix/traefi ... feature/ps

Author SHA1 Message Date
Pierre Delpy
9c77adc1e0 hotfix 2 2025-11-24 13:24:50 +01:00
Pierre Delpy
402da4a30f hotfix 2025-11-24 13:22:36 +01:00
Pierre Delpy
057c11cdb5 feat: pscc lens deployment 2025-11-24 13:13:58 +01:00
21 changed files with 52 additions and 114 deletions
Expand all files Collapse all files

2
bbmri/modules/directory-sync.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
if [ -n "${DS_DIRECTORY_USER_NAME}" ] || [ -n "${DS_DIRECTORY_USER_TOKEN}" ]; then
if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then
log INFO "Directory sync setup detected -- will start directory sync service."
OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml"
fi

1
bbmri/modules/eric-compose.yml
View File

@@ -11,7 +11,6 @@ services:
BLAZE_URL: "http://blaze:8080/fhir/"
BEAM_PROXY_URL: http://beam-proxy-eric:8081
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
OBFUSCATE_BBMRI_ERIC_WAY: "true"
depends_on:
- "beam-proxy-eric"
- "blaze"

2
cce/modules/lens-compose.yml
View File

@@ -3,8 +3,6 @@ services:
lens:
container_name: lens_federated-search
image: samply/cce-explorer:main
environment:
PUBLIC_SPOT_URL: https://${HOST}/prod
labels:
- "traefik.http.services.lens.loadbalancer.server.port=3000"
- "traefik.enable=true"

6
cce/modules/osiris2fhir-setup.sh
View File

@@ -1,6 +0,0 @@
#!/bin/bash
if [ -n "$ENABLE_OSIRIS2FHIR" ]; then
log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module."
OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml"
LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
fi

3
itcc/docker-compose.yml
View File

@@ -15,7 +15,7 @@ services:
- "blaze-data:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.routers.blaze_itcc.rule=Host(`${HOST}`) && PathPrefix(`/itcc-localdatamanagement`)"
- "traefik.http.routers.blaze_itcc.rule=PathPrefix(`/itcc-localdatamanagement`)"
- "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement"
- "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth"
@@ -34,6 +34,7 @@ services:
EPSILON: 0.28
QUERIES_TO_CACHE: '/queries_to_cache.conf'
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
CQL_PROJECTS_ENABLED: "itcc"
volumes:
- /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
depends_on:

6
itcc/modules/itcc-omics-ingest.sh
View File

@@ -1,6 +0,0 @@
#!/bin/bash
if [ -n "$ENABLE_OMICS" ];then
OVERRIDE+=" -f ./$PROJECT/modules/itcc-omics-ingest.yaml"
GENERATE_API_KEY="$(generate_simple_password 'omics')"
fi

14
itcc/modules/itcc-omics-ingest.yaml
View File

@@ -1,14 +0,0 @@
services:
omics-endpoint:
image: ghcr.io/samply/itcc-omics-ingest:main
environment:
- API_KEY=${GENERATE_API_KEY}
volumes:
- /var/cache/bridgehead/omics/data:/data/uploads
labels:
- "traefik.http.routers.omics.rule=Host(`${HOST}`) && PathPrefix(`/api/omics`)"
- "traefik.enable=true"
- "traefik.http.services.omics.loadbalancer.server.port=6080"
- "traefik.http.routers.omics.tls=true"
- "traefik.http.middlewares.omics-stripprefix.stripprefix.prefixes=/api"
- "traefik.http.routers.omics.middlewares=omics-stripprefix"

40
itcc/modules/lens-compose.yml
View File

@@ -1,47 +1,33 @@
version: "3.7"
services:
itcc-explorer:
container_name: lens_itcc_explorer
image: samply/itcc-explorer:main
environment:
HOST: "0.0.0.0"
BIND_ADDR: "0.0.0.0:3000"
PUBLIC_ENVIRONMENT: ${PUBLIC_ENVIRONMENT}
landing:
container_name: lens_federated-search
image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
labels:
- "traefik.enable=true"
- "traefik.http.routers.itcc.rule=Host(`${HOST}`) && PathPrefix(`/`)"
- "traefik.http.routers.itcc.entrypoints=websecure"
- "traefik.http.services.itcc.loadbalancer.server.port=3000"
- "traefik.http.routers.itcc.tls=true"
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
- "traefik.http.services.landing.loadbalancer.server.port=80"
- "traefik.http.routers.landing.tls=true"
spot:
image: samply/rustyspot:latest
image: docker.verbis.dkfz.de/ccp-private/central-spot
environment:
BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
BEAM_PROXY_URL: http://beam-proxy:8081
BEAM_URL: http://beam-proxy:8081
BEAM_PROXY_ID: ${SITE_ID}
BEAM_BROKER_ID: ${BROKER_ID}
BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
CORS_ORIGIN: "https://${HOST}"
SITES: ${SITES}
TRANSFORM: LENS
PROJECT: "itcc"
BIND_ADDR: 0.0.0.0:8055
BEAM_APP_ID: "focus"
PROJECT_METADATA: "itcc"
depends_on:
- "beam-proxy"
labels:
- "traefik.enable=true"
- "traefik.http.services.spot.loadbalancer.server.port=8055"
- "traefik.http.services.spot.loadbalancer.server.port=8080"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
- "traefik.http.routers.spot.tls=true"
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
beam-proxy:
environment:
APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}

1
itcc/vars
View File

@@ -6,7 +6,6 @@ FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
BROKER_URL_FOR_PREREQ=$BROKER_URL
PUBLIC_ENVIRONMENT=prod
for module in $PROJECT/modules/*.sh
do

3
kr/docker-compose.yml
View File

@@ -12,8 +12,7 @@ services:
BASE_URL: "http://bridgehead-kr-blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
ENFORCE_REFERENTIAL_INTEGRITY: "false"
volumes:
- "blaze-data:/app/data"

6
kr/modules/export-and-qb.curl-templates Normal file
View File

@@ -0,0 +1,6 @@
# Full Excel Export
curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \
--header 'x-api-key: ${EXPORT_API_KEY}'
# QB
curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp'

37
kr/modules/lens-compose.yml
View File

@@ -4,41 +4,32 @@ services:
deploy:
replicas: 1 #reactivate if lens is in use
container_name: lens_federated-search
image: docker.verbis.dkfz.de/ccp/kr-explorer:main
environment:
PUBLIC_SPOT_URL: https://${HOST}/prod
image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
labels:
- "traefik.http.services.lens.loadbalancer.server.port=3000"
- "traefik.enable=true"
- "traefik.http.routers.lens.rule=Host(`${HOST}`)"
- "traefik.http.routers.lens.tls=true"
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
- "traefik.http.services.landing.loadbalancer.server.port=80"
- "traefik.http.routers.landing.tls=true"
spot:
image: samply/rustyspot:latest
image: docker.verbis.dkfz.de/ccp-private/central-spot
environment:
BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
BEAM_PROXY_URL: http://beam-proxy:8081
BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
CORS_ORIGIN: "https://${HOST}"
SITES: ${SITES}
TRANSFORM: LENS
PROJECT: kr
BIND_ADDR: 0.0.0.0:8055
BEAM_URL: http://beam-proxy:8081
BEAM_PROXY_ID: ${SITE_ID}
BEAM_BROKER_ID: ${BROKER_ID}
BEAM_APP_ID: "focus"
PROJECT_METADATA: "kr_supervisors"
depends_on:
- "beam-proxy"
labels:
- "traefik.enable=true"
- "traefik.http.services.spot.loadbalancer.server.port=8055"
- "traefik.http.services.spot.loadbalancer.server.port=8080"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
- "traefik.http.routers.spot.tls=true"
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
beam-proxy:
environment:
APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"

2
kr/modules/obds2fhir-rest-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.7"
services:
obds2fhir-rest:
container_name: bridgehead-obds2fhir-rest
image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main
environment:
IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

2
kr/vars
View File

@@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID}
PROXY_ID=${SITE_ID}.${BROKER_ID}
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
SUPPORT_EMAIL=p.delpy@dkfz-heidelberg.de
SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
BROKER_URL_FOR_PREREQ=$BROKER_URL

2
lib/functions.sh
View File

@@ -327,7 +327,7 @@ function sync_secrets() {
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
-e PROXY_ID=$proxy_id \
-e BROKER_URL=$broker_url \
-e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
-e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \
-e SECRET_DEFINITIONS=$secret_sync_args \
docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest

2
minimal/docker-compose.yml
View File

@@ -16,7 +16,7 @@ services:
- --entrypoints.web.http.redirections.entrypoint.scheme=https
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=PathPrefix(`/dashboard/`)||PathPrefix(`/api`)"
- "traefik.http.routers.dashboard.rule=PathPrefix(`/dashboard/`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"

8
pscc/modules/lens-compose.yml
View File

@@ -2,12 +2,14 @@ version: "3.7"
services:
lens:
container_name: lens-federated-search
image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
image: docker.verbis.dkfz.de/ccp/lens:pscc
labels:
- "traefik.http.services.lens.loadbalancer.server.port=3000"
- "traefik.enable=true"
- "traefik.http.routers.lens.rule=Host(`${HOST}`)"
- "traefik.http.routers.lens.tls=true"
environment:
PUBLIC_SPOT_URL: "https://${HOST}/prod"
spot:
image: samply/rustyspot:latest
@@ -38,3 +40,7 @@ services:
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
- "traefik.http.routers.spot.tls=true"
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
beam-proxy:
environment:
APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}

15
pscc/modules/osiris2fhir-compose.yml
View File

@@ -1,15 +0,0 @@
services:
osiris2fhir:
container_name: bridgehead-osiris2fhir
image: docker.verbis.dkfz.de/ccp/osiris2fhir
environment:
FHIR_PROFILE: ${PROJECT:-pscc}
LOG_LEVEL: ${LOG_LEVEL:-INFO}
SALT: ${LOCAL_SALT}
labels:
- "traefik.enable=true"
- "traefik.http.routers.osiris2fhir.rule=PathPrefix(`/osiris2fhir`)"
- "traefik.http.middlewares.osiris2fhir_strip.stripprefix.prefixes=/osiris2fhir"
- "traefik.http.services.osiris2fhir.loadbalancer.server.port=8080"
- "traefik.http.routers.osiris2fhir.tls=true"
- "traefik.http.routers.osiris2fhir.middlewares=osiris2fhir_strip,auth"

6
pscc/modules/osiris2fhir-setup.sh
View File

@@ -1,6 +0,0 @@
#!/bin/bash
if [ -n "$ENABLE_OSIRIS2FHIR" ]; then
log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module."
OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml"
LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
fi

2
versions/acceptance
View File

@@ -1,6 +1,6 @@
FOCUS_TAG=develop
BEAM_TAG=develop
BLAZE_TAG=0.32
BLAZE_TAG=main
POSTGRES_TAG=15.13-alpine
TEILER_DASHBOARD_TAG=develop
MTBA_TAG=develop

2
versions/test
View File

@@ -1,6 +1,6 @@
FOCUS_TAG=develop
BEAM_TAG=develop
BLAZE_TAG=0.32
BLAZE_TAG=main
POSTGRES_TAG=15.13-alpine
TEILER_DASHBOARD_TAG=develop
MTBA_TAG=develop