fix project check in secret_sync_gitlab_token (#378 )

feat: add Data Quality Agent configuration and setup (#373 )
* feat: add Data Quality Agent configuration and setup * fix: correct environment variable name in Data Quality Agent configuration * feat: update Data Quality Agent configuration and setup instructions * feat: update Data Quality Agent setup and documentation * feat: add volume configuration for agent data in Data Quality Agent compose file * feat: update volume configuration for Data Quality Agent in compose file * Update README.md Co-authored-by: Tobias Kussel <TKussel@users.noreply.github.com> --------- Co-authored-by: Tobias Kussel <TKussel@users.noreply.github.com>
2026-04-17 17:20:15 +02:00 · 2026-04-10 11:38:28 +02:00 · 2026-04-07 12:48:29 +02:00 · 2026-03-17 15:54:25 +01:00 · 2026-02-24 12:09:39 +01:00 · 2026-02-20 09:27:47 +01:00
25 changed files with 158 additions and 150 deletions
--- a/README.md
+++ b/README.md
@@ -27,6 +27,7 @@ This repository is the starting point for any information and tools you will nee
    - [Teiler (Frontend)](#teiler-frontend)
    - [Data Exporter Service](#data-exporter-service)
      - [Data Quality Report](#data-quality-report)
+    - [Data Quality Agent](#data-quality-agent)
 4. [Things you should know](#things-you-should-know)
    - [Auto-Updates](#auto-updates)
    - [Auto-Backups](#auto-backups)
@@ -424,6 +425,32 @@ ENABLE_EXPORTER=true
 ```
 [For further information](docs/exporter.md)  

+### Data Quality Agent
+
+The Data Quality Agent is an optional module that periodically evaluates the quality of FHIR data stored in Blaze. It generates local data quality reports accessible via the Bridgehead web interface.
+
+To enable the service, set the following variable in your `<PROJECT>.conf` file:
+
+```bash
+ENABLE_DATA_QUALITY_AGENT=true
+```
+
+#### Sharing Data Quality Reports (recommended)
+
+We encourage sharing your data quality reports with the central BBMRI-ERIC quality dashboard. The reports contain only aggregated, non-patient-identifiable statistics and help the network to monitor and improve overall data quality. However, quality reporting is completely optional and opt-in.
+
+To opt in, additionally set the following variables in your `<PROJECT>.conf` file:
+
+```bash
+DATA_QUALITY_SERVER_URL=https://quality-dashboard.bbmri-eric.eu
+DATA_QUALITY_SERVER_NAME=Central Data Quality Server of BBMRI
+```
+
+If these variables are not set, the Data Quality Agent will still run and generate local reports, but no data will be shared externally.
+
+Reports are accessible at `https://<your-host>/bbmri-data-quality-agent` (default credentials are admin:admin, please change it after first login!!).
+
+[Official documentation](https://fdqf.bbmri-eric.eu/user/deployment.html)
 ## Things you should know

 ### Auto-Updates
--- a/bbmri/modules/data-quality-agent-compose.yml
+++ b/bbmri/modules/data-quality-agent-compose.yml
@@ -0,0 +1,23 @@
+version: "3.7"
+
+services:
+  data-quality-agent:
+    image: ghcr.io/bbmri-cz/data-quality-server:${DATA_QUALITY_AGENT_TAG}
+    container_name: bridgehead-bbmri-data-quality-agent
+    environment:
+      APP_SETTING_FHIR_URL: http://bridgehead-bbmri-blaze:8080/fhir
+      REPORTING_SERVER_URL: ${DATA_QUALITY_SERVER_URL}
+      REPORTING_SERVER_NAME: ${DATA_QUALITY_SERVER_NAME}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.data_quality_agent_bbmri.rule=PathPrefix(`/bbmri-data-quality-agent`)"
+      - "traefik.http.services.data_quality_agent_bbmri.loadbalancer.server.port=8082"
+      - "traefik.http.routers.data_quality_agent_bbmri.tls=true"
+      - "traefik.http.middlewares.data_quality_agent_bbmri_strip.stripprefix.prefixes=/bbmri-data-quality-agent"
+      - "traefik.http.routers.data_quality_agent_bbmri.middlewares=data_quality_agent_bbmri_strip,auth"
+    depends_on:
+      - "blaze"
+    volumes:
+      - /var/cache/bridgehead/bbmri/agent-db:/app/data
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
--- a/bbmri/modules/data-quality-agent-setup.sh
+++ b/bbmri/modules/data-quality-agent-setup.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ "$ENABLE_DATA_QUALITY_AGENT" == "true" ]; then
+    log INFO "Data Quality Agent setup detected -- will start data-quality-agent service."
+    OVERRIDE+=" -f ./$PROJECT/modules/data-quality-agent-compose.yml"
+fi
+
--- a/bbmri/modules/directory-sync.sh
+++ b/bbmri/modules/directory-sync.sh
@@ -1,6 +1,6 @@
 #!/bin/bash

-if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then
+if [ -n "${DS_DIRECTORY_USER_NAME}" ] || [ -n "${DS_DIRECTORY_USER_TOKEN}" ]; then
 	log INFO "Directory sync setup detected -- will start directory sync service."
 	OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml"
 fi
--- a/bbmri/modules/eric-compose.yml
+++ b/bbmri/modules/eric-compose.yml
@@ -11,6 +11,7 @@ services:
      BLAZE_URL: "http://blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy-eric:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
+      OBFUSCATE_BBMRI_ERIC_WAY: "true"
    depends_on:
      - "beam-proxy-eric"
      - "blaze"
--- a/cce/modules/lens-compose.yml
+++ b/cce/modules/lens-compose.yml
@@ -2,7 +2,9 @@ version: "3.7"
 services:
  lens:
    container_name: lens_federated-search
-    image: ghcr.io/samply/cce-explorer:pr-1
+    image: samply/cce-explorer:main
+    environment:
+      PUBLIC_SPOT_URL: https://${HOST}/prod
    labels:
      - "traefik.http.services.lens.loadbalancer.server.port=3000"
      - "traefik.enable=true"
@@ -36,4 +38,9 @@ services:
      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
      - "traefik.http.routers.spot.tls=true"
-      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
+      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
+
+  beam-proxy:
+    environment:
+      APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      
--- a/cce/modules/osiris2fhir-setup.sh
+++ b/cce/modules/osiris2fhir-setup.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+if [ -n "$ENABLE_OSIRIS2FHIR" ]; then
+  log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module."
+  OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml"
+  LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+fi
--- a/itcc/docker-compose.yml
+++ b/itcc/docker-compose.yml
@@ -15,7 +15,7 @@ services:
      - "blaze-data:/app/data"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.blaze_itcc.rule=PathPrefix(`/itcc-localdatamanagement`)"
+      - "traefik.http.routers.blaze_itcc.rule=Host(`${HOST}`) && PathPrefix(`/itcc-localdatamanagement`)"
      - "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement"
      - "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth"
--- a/itcc/modules/id-management-compose.yml
+++ b/itcc/modules/id-management-compose.yml
@@ -1,37 +0,0 @@
-version: "3.7"
-
-services:
-  patientlist:
-    image: docker.verbis.dkfz.de/bridgehead/mainzelliste
-    container_name: bridgehead-patientlist
-    environment:
-      - TOMCAT_REVERSEPROXY_FQDN=${HOST}
-      - TOMCAT_REVERSEPROXY_SSL=true
-      - ML_SITE=${IDMANAGEMENT_FRIENDLY_ID}
-      - ML_DB_PASS=${PATIENTLIST_POSTGRES_PASSWORD}
-      - ML_API_KEY=${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
-      - ML_UPLOAD_API_KEY=${IDMANAGER_UPLOAD_APIKEY}
-      # Add Variables from /etc/patientlist-id-generators.env
-      - PATIENTLIST_SEEDS_TRANSFORMED
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.patientlist.rule=PathPrefix(`/patientlist`)"
-      - "traefik.http.services.patientlist.loadbalancer.server.port=8080"
-      - "traefik.http.routers.patientlist.tls=true"
-    depends_on:
-      - patientlist-db
-
-  patientlist-db:
-    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
-    container_name: bridgehead-patientlist-db
-    environment:
-      POSTGRES_USER: "mainzelliste"
-      POSTGRES_DB: "mainzelliste"
-      POSTGRES_PASSWORD: ${PATIENTLIST_POSTGRES_PASSWORD}
-    volumes:
-      - "patientlist-db-data:/var/lib/postgresql/data"
-      # NOTE: Add backups here. This is only imported if /var/lib/bridgehead/data/patientlist/ is empty!!!
-      - "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/"
-
-volumes:
-  patientlist-db-data:
--- a/itcc/modules/id-management-setup.sh
+++ b/itcc/modules/id-management-setup.sh
@@ -1,54 +0,0 @@
-#!/bin/bash -e
-
-function idManagementSetup() {
-	if [ -n "$IDMANAGER_UPLOAD_APIKEY" ]; then
-		log INFO "id-management setup detected -- will start id-management (mainzelliste)."
-		OVERRIDE+=" -f ./itcc/modules/id-management-compose.yml"
-
-		# Auto Generate local Passwords
-		PATIENTLIST_POSTGRES_PASSWORD="$(echo \"id-management-module-db-password-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-		IDMANAGER_LOCAL_PATIENTLIST_APIKEY="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-
-		# Transform Seeds Configuration to pass it to the Mainzelliste Container
-		PATIENTLIST_SEEDS_TRANSFORMED="$(declare -p PATIENTLIST_SEEDS | tr -d '\"' | sed 's/\[/\[\"/g' | sed 's/\]/\"\]/g')"
-
-		# Ensure old ids are working !!!
-		export IDMANAGEMENT_FRIENDLY_ID=$(legacyIdMapping "$SITE_ID")
-
-	fi
-}
-
-# Transform into single string array, e.g. 'dktk-test' to 'dktk test'
-# Usage: transformToSingleStringArray 'dktk-test' -> 'dktk test'
-function transformToSingleStringArray() {
-	echo "${1//-/ }";
-}
-
-# Ensure all Words are Uppercase
-# Usage: transformToUppercase 'dktk test' -> 'Dktk Test'
-function transformToUppercase() {
-	result="";
-	for word in $1; do
-		result+=" ${word^}";
-	done
-	echo "$result";
-}
-
-# Handle all execeptions from the norm (e.g LMU, TUM)
-# Usage: applySpecialCases 'Muenchen Lmu Test' -> 'Muenchen LMU Test'
-function applySpecialCases() {
-	result="$1";
-	result="${result/Lmu/LMU}";
-	result="${result/Tum/TUM}";
-	result="${result/Dktk Test/Teststandort}";
-	echo "$result";
-}
-
-# Transform current siteids to legacy version
-# Usage: legacyIdMapping "dktk-test" -> "DktkTest"
-function legacyIdMapping() {
-	single_string_array=$(transformToSingleStringArray "$1");
-	uppercase_string=$(transformToUppercase "$single_string_array");
-	normalized_string=$(applySpecialCases "$uppercase_string");
-	echo "$normalized_string" | tr -d ' '
-}
--- a/itcc/modules/lens-compose.yml
+++ b/itcc/modules/lens-compose.yml
@@ -1,17 +1,18 @@
 version: "3.7"
 services:
-  landing:
+  itcc-explorer:
    container_name: lens_itcc_explorer
-    image: ghcr.io/samply/itcc-explorer:fix-setup
+    image: samply/itcc-explorer:main
    environment:
      HOST: "0.0.0.0"
      BIND_ADDR: "0.0.0.0:3000"
      PUBLIC_ENVIRONMENT: ${PUBLIC_ENVIRONMENT}
    labels:
-      - "traefik.http.routers.lens.rule=Host(`${HOST}`)"
      - "traefik.enable=true"
-      - "traefik.http.services.landing.loadbalancer.server.port=3000"
-      - "traefik.http.routers.landing.tls=true"
+      - "traefik.http.routers.itcc.rule=Host(`${HOST}`) && PathPrefix(`/`)"
+      - "traefik.http.routers.itcc.entrypoints=websecure"
+      - "traefik.http.services.itcc.loadbalancer.server.port=3000"
+      - "traefik.http.routers.itcc.tls=true"

  spot:
    image: samply/rustyspot:latest
--- a/itcc/vars
+++ b/itcc/vars
@@ -7,7 +7,6 @@ SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 PUBLIC_ENVIRONMENT=prod
-SITES=itcc-inform,itcc-ither,itcc-mappyacts,itcc-profyle,itcc-smpaeds,itcc-zero

 for module in $PROJECT/modules/*.sh
 do
--- a/kr/docker-compose.yml
+++ b/kr/docker-compose.yml
@@ -12,7 +12,8 @@ services:
      BASE_URL: "http://bridgehead-kr-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data:/app/data"
--- a/kr/modules/export-and-qb.curl-templates
+++ b/kr/modules/export-and-qb.curl-templates
@@ -1,6 +0,0 @@
-# Full Excel Export
-curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \
--header 'x-api-key: ${EXPORT_API_KEY}'
-
-# QB
-curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp'
--- a/kr/modules/lens-compose.yml
+++ b/kr/modules/lens-compose.yml
@@ -4,32 +4,41 @@ services:
    deploy:
      replicas: 1 #reactivate if lens is in use
    container_name: lens_federated-search
-    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
+    image: docker.verbis.dkfz.de/ccp/kr-explorer:main
+    environment:
+      PUBLIC_SPOT_URL: https://${HOST}/prod
    labels:
+      - "traefik.http.services.lens.loadbalancer.server.port=3000"
      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=80"
-      - "traefik.http.routers.landing.tls=true"
+      - "traefik.http.routers.lens.rule=Host(`${HOST}`)"
+      - "traefik.http.routers.lens.tls=true"

  spot:
-    image: docker.verbis.dkfz.de/ccp-private/central-spot
+    image: samply/rustyspot:latest
    environment:
      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-      BEAM_URL: http://beam-proxy:8081
-      BEAM_PROXY_ID: ${SITE_ID}
-      BEAM_BROKER_ID: ${BROKER_ID}
-      BEAM_APP_ID: "focus"
-      PROJECT_METADATA: "kr_supervisors"
+      BEAM_PROXY_URL: http://beam-proxy:8081
+      BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
+      CORS_ORIGIN: "https://${HOST}"
+      SITES: ${SITES}
+      TRANSFORM: LENS
+      PROJECT: kr
+      BIND_ADDR: 0.0.0.0:8055
    depends_on:
      - "beam-proxy"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.services.spot.loadbalancer.server.port=8080"
+      - "traefik.http.services.spot.loadbalancer.server.port=8055"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
+      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
+      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
+      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
      - "traefik.http.routers.spot.tls=true"
-      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
+      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
+
+  beam-proxy:
+    environment:
+      APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}
--- a/kr/modules/obds2fhir-rest-compose.yml
+++ b/kr/modules/obds2fhir-rest-compose.yml
@@ -3,7 +3,7 @@ version: "3.7"
 services:
  obds2fhir-rest:
    container_name: bridgehead-obds2fhir-rest
-    image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main
+    image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
    environment:
      IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
      MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
--- a/kr/vars
+++ b/kr/vars
@@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
-SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
+SUPPORT_EMAIL=p.delpy@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL

--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -327,7 +327,7 @@ function sync_secrets() {
        -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
        -e PROXY_ID=$proxy_id \
        -e BROKER_URL=$broker_url \
-        -e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \
+        -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
        -e SECRET_DEFINITIONS=$secret_sync_args \
        docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest

@@ -337,7 +337,7 @@ function sync_secrets() {
 }

 function secret_sync_gitlab_token() {
-    if [[ "$PROJECT" != "dktk" && "$PROJECT" != "bbmri" ]]; then
+    if [[ "$PROJECT" != "ccp" && "$PROJECT" != "bbmri" ]]; then
        log "INFO" "Not running Secret Sync for project minimal"
        return
    fi
--- a/pscc/modules/osiris2fhir-compose.yml
+++ b/pscc/modules/osiris2fhir-compose.yml
@@ -0,0 +1,15 @@
+services:
+  osiris2fhir:
+    container_name: bridgehead-osiris2fhir
+    image: docker.verbis.dkfz.de/ccp/osiris2fhir
+    environment:
+      FHIR_PROFILE: ${PROJECT:-pscc}
+      LOG_LEVEL: ${LOG_LEVEL:-INFO}
+      SALT: ${LOCAL_SALT}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.osiris2fhir.rule=PathPrefix(`/osiris2fhir`)"
+      - "traefik.http.middlewares.osiris2fhir_strip.stripprefix.prefixes=/osiris2fhir"
+      - "traefik.http.services.osiris2fhir.loadbalancer.server.port=8080"
+      - "traefik.http.routers.osiris2fhir.tls=true"
+      - "traefik.http.routers.osiris2fhir.middlewares=osiris2fhir_strip,auth"
--- a/pscc/modules/osiris2fhir-setup.sh
+++ b/pscc/modules/osiris2fhir-setup.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+if [ -n "$ENABLE_OSIRIS2FHIR" ]; then
+  log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module."
+  OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml"
+  LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+fi
--- a/pscc/root.crt.pem
+++ b/pscc/root.crt.pem
@@ -1,20 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
-MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
-TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
-OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
-XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
-pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
-K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
-poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
-A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
-AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
-fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
-3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
-n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
-7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
-Rtup0MTxSJtN
+MIIDNTCCAh2gAwIBAgIUVC1Y1tx0q5PNR33gArAyyBm8PMQwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMTAzMTQxODQ5WhcNMzUx
+MTAxMTQxOTE5WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMB1yd7zkh7Io/ReQYindBcAdA1b4ogdVnrdSLRN
+N3zLSh6jN5KIXgs34BdRXx0so0m96q+9xlgacTXGRBn1Tu5SKMRyXdxnCLMzHAYU
+rNKhqF5HeZCYkVyh/tsAyFfDwZDVzsdX64V+0r5+raev2X0gJnlgmF83DIKjkVUS
+2+c+3BnXa9LOdXks0qygJjvaFyi+5MA3DinLnmMLCQ3yAvaZYWyP3xCnGIoVrZFq
+a+YioMCmHrbByuXPoZsXcFY7Z85LQkCtSVt1dH4kkN2/JehXG099nqwMqO8FpLZZ
+xG7/U3P/slX1MMLs97nqRCRoW7Cha2ci1NBYLll+34ekhxMCAwEAAaN7MHkwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJHTpnuyIGHw
+yvC/mmh+S/JKYVrAMB8GA1UdIwQYMBaAFJHTpnuyIGHwyvC/mmh+S/JKYVrAMBYG
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAeDc/k28yb
+I5MLC/LdaA+MKsW2FWF9HT+tsbtltTaQIRnnkwfU/40Ius3gzUU5z+kPqq5+kxhy
+3T646Rbau85Zw24gdNmiVKAAG5ntKoQ7XnyR/06PYyXNGLqnb6aKvbcIPoWtU/+2
+8f5hHdQ/4271aHws7dKcBNWu9V5WmxMZ3YTfnBR5lEda+DhVwHqtmun8EpSbwthD
+aLLIOHJpetr+KWUVFHQdGbO23Qg1Else0Akcn5Gzf/sKkVCVxjHE6jeo4ZwHtstG
+KMoff+ETC+DL5kMZ4CV5VaQ4HxVK7N0qiUxmijWe+EyRZseum1c0s2OEi2L52Q9K
+P4N3yD4ed4p/
 -----END CERTIFICATE-----
--- a/pscc/vars
+++ b/pscc/vars
@@ -1,4 +1,4 @@
-BROKER_ID=test-no-real-data.broker.samply.de
+BROKER_ID=broker.pscc.org
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
--- a/versions/acceptance
+++ b/versions/acceptance
@@ -1,6 +1,7 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
-BLAZE_TAG=main
+BLAZE_TAG=0.32
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
-MTBA_TAG=develop
+MTBA_TAG=develop
+DATA_QUALITY_AGENT_TAG=latest
--- a/versions/prod
+++ b/versions/prod
@@ -3,4 +3,5 @@ BEAM_TAG=main
 BLAZE_TAG=0.32
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=main
-MTBA_TAG=main
+MTBA_TAG=main
+DATA_QUALITY_AGENT_TAG=0.1
--- a/versions/test
+++ b/versions/test
@@ -1,6 +1,7 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
-BLAZE_TAG=main
+BLAZE_TAG=0.32
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
-MTBA_TAG=develop
+MTBA_TAG=develop
+DATA_QUALITY_AGENT_TAG=latest
Author	SHA1	Message	Date
Jan	7a8664a636	fix project check in secret_sync_gitlab_token (#378 )	2026-04-10 11:38:28 +02:00
Radovan Tomášik	71b25fe490	feat: add Data Quality Agent configuration and setup (#373 ) * feat: add Data Quality Agent configuration and setup * fix: correct environment variable name in Data Quality Agent configuration * feat: update Data Quality Agent configuration and setup instructions * feat: update Data Quality Agent setup and documentation * feat: add volume configuration for agent data in Data Quality Agent compose file * feat: update volume configuration for Data Quality Agent in compose file * Update README.md Co-authored-by: Tobias Kussel <TKussel@users.noreply.github.com> --------- Co-authored-by: Tobias Kussel <TKussel@users.noreply.github.com>	2026-04-07 12:48:29 +02:00
Pierre Delpy	bbda99254f	feature: add osiris2fhir in cce and minor fixes (#374 )	2026-03-17 15:54:25 +01:00
Pierre Delpy	c1de9b8314	WIP: enable osiris2fhir in PSCC for GR (#372 ) enable osiris2fhir in PSCC for GR	2026-02-24 12:09:39 +01:00
DavidCroftDKFZ	9d3ec957a2	Activate Directory token login (#371 ) Right now, Directory sync will only be activated if a username has been specified. It also needs to run if a login token has been specified, hence the change in this commit.	2026-02-20 09:27:47 +01:00
Martin Jurk	7a9f80537b	sites moved to etc itcc.comf (#369 )	2026-02-10 16:04:33 +01:00
Pierre Delpy	bff06a6bb0	fix kr deployment (#370 )	2026-02-10 11:21:36 +01:00
Martin Jurk	6923ead6ce	feat: itcc lens2 (#365 )	2026-01-28 14:28:09 +01:00
Manoj Waikar	7dc9e2e663	Changes to make deployed CCE explorer work properly. (#368 ) * Changes to make deployed CCE explorer work properly. In the lens environment section in services: - add PUBLIC_SPOT_URL value	2026-01-13 10:42:10 +01:00
Jan	85cfc2514d	update beam proxy server used for oauth enrollment (#366 )	2025-12-11 11:33:29 +01:00
Enola Knezevic	dd3387c2f1	test version blaze (#364 ) This is the one we need urgently	2025-12-01 12:54:57 +01:00
Enola Knezevic	a5120ba75b	obfuscate BBMRI ERIC way, test blaze version (#363 )	2025-12-01 12:50:07 +01:00
Manoj Waikar	d0c87b40a6	Use the cce-explorer:main image from docker hub (instead of ghcr). (#362 )	2025-11-21 14:52:42 +01:00
Pierre Delpy	57f49ab5fc	feat: migrate pscc to orange cloud broker (#361 )	2025-11-21 10:42:21 +01:00
Manoj Waikar	e2569f4737	Use the main image name for cce explorer. (#360 ) - instead of pr1 name	2025-11-20 14:34:33 +01:00
Manoj Waikar	56a8aac326	Add APP_spot_KEY env var under the beam-proxy section. (#358 )	2025-11-19 09:33:18 +01:00