Merge pull request #287 from tm16-medma/patch-1

Update ovis-compose.yml

.github/CODEOWNERS

@@ -1 +0,0 @@
-*  @samply/bridgehead-developers

bbmri/docker-compose.yml

@@ -4,7 +4,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-bbmri-blaze
     environment:
       BASE_URL: "http://bridgehead-bbmri-blaze:8080"

cce/docker-compose.yml

@@ -2,14 +2,13 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-cce-blaze
     environment:
       BASE_URL: "http://bridgehead-cce-blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
-      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
     volumes:
       - "blaze-data:/app/data"
@@ -32,10 +31,6 @@ services:
       BEAM_PROXY_URL: http://beam-proxy:8081
       RETRY_COUNT: ${FOCUS_RETRY_COUNT}
       EPSILON: 0.28
-      QUERIES_TO_CACHE: '/queries_to_cache.conf'
-      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
-    volumes:
-      - /srv/docker/bridgehead/cce/queries_to_cache.conf:/queries_to_cache.conf:ro
     depends_on:
       - "beam-proxy"
       - "blaze"

cce/queries_to_cache.conf

@@ -1,2 +0,0 @@
-bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwoKY29udGV4dCBQYXRpZW50CgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0FHRV9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OCnRydWU=
-bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwpjb2Rlc3lzdGVtIGljZDEwOiAnaHR0cDovL2ZoaXIuZGUvQ29kZVN5c3RlbS9iZmFybS9pY2QtMTAtZ20nCmNvZGVzeXN0ZW0gbW9ycGg6ICd1cm46b2lkOjIuMTYuODQwLjEuMTEzODgzLjYuNDMuMScKCmNvbnRleHQgUGF0aWVudAoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9BR0VfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCkRLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTgooKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDNjEnIGZyb20gaWNkMTBdKSBhbmQKKChleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODE0MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQ3LzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0ODAvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODUwMC8zJykpKQ==

ccp/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-ccp-blaze
     environment:
       BASE_URL: "http://bridgehead-ccp-blaze:8080"
@@ -35,7 +35,7 @@ services:
       QUERIES_TO_CACHE: '/queries_to_cache.conf'
       ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
     volumes:
-      - /srv/docker/bridgehead/ccp/queries_to_cache.conf:/queries_to_cache.conf:ro
+      - /srv/docker/bridgehead/ccp/queries_to_cache.conf:/queries_to_cache.conf
     depends_on:
       - "beam-proxy"
       - "blaze"

ccp/modules/blaze-secondary-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze-secondary:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-ccp-blaze-secondary
     environment:
       BASE_URL: "http://bridgehead-ccp-blaze-secondary:8080"

ccp/modules/obds2fhir-rest-compose.yml

@@ -3,7 +3,7 @@ version: "3.7"
 services:
   obds2fhir-rest:
     container_name: bridgehead-obds2fhir-rest
-    image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
+    image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main
     environment:
       IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
       MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

ccp/modules/ovis-compose.yml

@@ -0,0 +1,112 @@
+version: '3.7'
+
+services:
+
+  ovis-traefik-forward-auth:
+      image: quay.io/oauth2-proxy/oauth2-proxy:latest
+      environment:
+        - http_proxy=${http_proxy:-http://forward_proxy:3128}
+        - https_proxy=${https_proxy:-http://forward_proxy:3128}
+        - OAUTH2_PROXY_PROVIDER=oidc
+        - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
+        - OAUTH2_PROXY_OIDC_ISSUER_URL=${OAUTH_ISSUER_URL}
+        - OAUTH2_PROXY_CLIENT_ID=${OAUTH_CLIENT_ID}
+        - OAUTH2_PROXY_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
+        - OAUTH2_PROXY_COOKIE_SECRET=${AUTHENTICATION_SECRET}
+        - OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST:-localhost}
+        - OAUTH2_PROXY_COOKIE_REFRESH=4m
+        - OAUTH2_PROXY_COOKIE_EXPIRE=24h
+        - OAUTH2_PROXY_HTTP_ADDRESS=:4180
+        - OAUTH2_PROXY_REVERSE_PROXY=true
+        - OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST:-localhost}
+        - OAUTH2_PROXY_UPSTREAMS=static://202
+        - OAUTH2_PROXY_EMAIL_DOMAINS=*
+        #- OAUTH2_PROXY_ALLOWED_GROUPS=app-ovis
+        #- OAUTH2_PROXY_ERRORS_TO_INFO_LOG=true
+        - OAUTH2_PROXY_CODE_CHALLENGE_METHOD=S256
+        # For some reason, login.verbis.dkfz.de does not have a "groups" scope but this comes automatically through a
+        # scope called microprofile-jwt. Remove the following line once we have a "groups" scope.
+        - OAUTH2_PROXY_SCOPE=openid profile email
+        # Pass Authorization Header and some user information to spot
+        - OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
+        - OAUTH2_PROXY_SET_XAUTHREQUEST=true
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.middlewares.ovis-traefik-forward-auth.forwardauth.address=http://ovis-traefik-forward-auth:4180"
+        - "traefik.http.middlewares.ovis-traefik-forward-auth.forwardauth.authResponseHeaders=Authorization, X-Forwarded-User, X-Auth-Request-User, X-Auth-Request-Email"
+        - "traefik.http.services.ovis-traefik-forward-auth.loadbalancer.server.port=4180"
+        - "traefik.http.routers.oauth2.rule=Host(`${HOST:-localhost}`) && PathPrefix(`/oauth2-ovis/`)"
+        - "traefik.http.routers.oauth2.tls=true"
+
+  fhir-transformer:
+    image: docker.verbis.dkfz.de/ovis/adt-mon-gql-fhir-transformer:latest
+    restart: on-failure
+    environment:
+      - FHIR_SERVER_URL=${FHIR_SERVER_URL:-http://bridgehead-ccp-blaze:8080/fhir}
+      - FHIR_USERNAME=${FHIR_USERNAME}
+      - FHIR_PASSWORD=${FHIR_PASSWORD}
+    volumes:
+      - /var/cache/bridgehead/ccp/ovis/shared_data:/app/output
+
+  mongo:
+    image: mongo:${MONGO_VER:-latest}
+    restart: always
+    command: mongod
+      - /var/cache/bridgehead/ccp/ovis/mongo/init/init.js:/docker-entrypoint-initdb.d/init.js
+
+  backend:
+    image: docker.verbis.dkfz.de/ovis/adt-mon-gql-backend:latest
+    restart: always
+    user: root
+    working_dir: /app
+    environment:
+      - APOLLO_PORT=${APOLLO_PORT:-4001}
+      - CREDOS_PORT=${CREDOS_PORT:-4000}
+      - MONGO_VER=latest
+      - CORS_ORIGIN=*
+      - DB=${DB:-onc_test}
+      - ADRESS=${ADRESS:-mongodb://mongo:27017}
+    depends_on:
+      - mongo
+      - fhir-transformer
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:${APOLLO_PORT:-4001}/health"]
+      interval: 5s
+      timeout: 3s
+      retries: 5
+      start_period: 10s
+    entrypoint: >
+      sh -c "
+        # First run the initialization process
+        while [ ! -f /shared/omock.json ]; do
+          echo 'Waiting for omock.json...'
+          sleep 5
+        done;
+        mkdir -p ./prep &&
+        cp /shared/omock.json ./prep/omock.json &&
+        node ./mgDB/prep/preprocessor.mjs &&
+        echo 'Processing complete' &&
+        exec node --watch index.js"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.ovis-backend.rule=Host(`${HOST:-localhost}`) && PathPrefix(`/graphql`)"
+      - "traefik.http.routers.ovis-backend.tls=true"
+      - "traefik.http.services.ovis-backend.loadbalancer.server.port=${APOLLO_PORT:-4001}"
+    volumes:
+      - /var/cache/bridgehead/ccp/ovis/shared_data:/shared
+
+  frontend:
+    image: docker.verbis.dkfz.de/ovis/adt-mon-gql-frontend:latest
+    restart: always
+    environment:
+      - PUBLIC_GRAPHQL_URL=https://${HOST:-localhost}/graphql
+    depends_on:
+      backend:
+        condition: service_healthy
+    working_dir: /app
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.ovis-frontend.tls=true"
+      - "traefik.http.routers.ovis-frontend.rule=Host(`${HOST:-localhost}`)"
+      - "traefik.http.routers.ovis-frontend.middlewares=traefik-forward-auth"
+      - "traefik.http.services.ovis-frontend.loadbalancer.server.port=5173"

ccp/modules/ovis-setup.sh

@@ -0,0 +1,108 @@
+#!/bin/bash -e
+
+if [ -n "$ENABLE_OVIS" ];then
+    # Setup MongoDB initialization directory if it doesn't exist
+    mkdir -p "/var/cache/bridgehead/ccp/ovis/mongo/init"
+    
+    # Generate MongoDB initialization script directly
+    cat > "/var/cache/bridgehead/ccp/ovis/mongo/init/init.js" << 'EOF'
+db = db.getSiblingDB("test_credos");
+db.createCollection("user");
+db.user.insertMany([{
+    "_id": "OVIS-Root",
+    "createdAt": new Date(),
+    "createdBy": "system",
+    "role": "super-admin",
+    "status": "active",
+    "pseudonymization": false,
+    "darkMode": false,
+    "colorTheme": "CCCMunich",
+    "language":  "de",
+}]);
+
+db = db.getSiblingDB("onc_test");
+db.createCollection("user");
+db.user.insertMany([{
+    "_id": "OVIS-Root",
+    "createdAt": new Date(),
+    "createdBy": "system",
+    "role": "super-admin",
+    "status": "active",
+    "pseudonymization": false,
+    "darkMode": false,
+    "colorTheme": "CCCMunich",
+    "language":  "de",
+}]);
+
+db.ops.insertMany([
+    {"OPSC_4":"1-40","OPS_Gruppen_Text":"Biopsie ohne Inzision an Nervensystem und endokrinen Organen "},
+    {"OPSC_4":"1-44","OPS_Gruppen_Text":"Biopsie ohne Inzision an den Verdauungsorganen"},
+    {"OPSC_4":"1-40","OPS_Gruppen_Text":"Biopsie ohne Inzision an anderen Organen und Geweben"},
+    {"OPSC_4":"1-50","OPS_Gruppen_Text":"Biopsie an Haut, Mamma, Knochen und Muskeln durch Inzision"},
+    {"OPSC_4":"1-51","OPS_Gruppen_Text":"Biopsie an Nervengewebe, Hypophyse, Corpus pineale durch Inzision und Trepanation von Schädelknochen "},
+    {"OPSC_4":"1-55","OPS_Gruppen_Text":"Biopsie an anderen Verdauungsorganen, Zwerchfell und (Retro-)Peritoneum durch Inzision "},
+    {"OPSC_4":"1-56","OPS_Gruppen_Text":"Biopsie an Harnwegen und männlichen Geschlechtsorgannen durch Inzision"},
+    {"OPSC_4":"1-58","OPS_Gruppen_Text":"Biopsie an anderen Organen durch Inzision "},
+    {"OPSC_4":"1-63","OPS_Gruppen_Text":"Diagnostische Endoskopie des oberen Verdauungstraktes"},
+    {"OPSC_4":"1-65","OPS_Gruppen_Text":"Diagnostische Endoskopie des unteren Verdauungstraktes"},
+    {"OPSC_4":"1-69","OPS_Gruppen_Text":"Diagnostische Endoskopie durch Inzision und intraoperativ "},
+    {"OPSC_4":"5-01","OPS_Gruppen_Text":"Inzision (Trepanation) und Exzision an Schädel, Gehirn und Hirnhäuten"},
+    {"OPSC_4":"5-02","OPS_Gruppen_Text":"Andere Operationen  an Schädel, Gehirn und Hirnhäuten"},
+    {"OPSC_4":"5-03","OPS_Gruppen_Text":"Operationen an Rückenmark, Rückenmarkhäuten und Spinalkanal"},
+    {"OPSC_4":"5-05","OPS_Gruppen_Text":"Andere Operationen an Nerven und Nervenganglien "},
+    {"OPSC_4":"5-06","OPS_Gruppen_Text":"Operationen an Schilddrüse und Nebenschilddrüse "},
+    {"OPSC_4":"5-07","OPS_Gruppen_Text":"Operationen an anderen endokrinen Drüsen "},
+    {"OPSC_4":"5-20","OPS_Gruppen_Text":"Andere Operationen an Mittel- und Innenohr "},
+    {"OPSC_4":"5-25","OPS_Gruppen_Text":"Operationen an der Zunge "},
+    {"OPSC_4":"5-31","OPS_Gruppen_Text":"Andere Larynxoperationen und Operationen an der Trachea "},
+    {"OPSC_4":"5-32","OPS_Gruppen_Text":"Exzision und Resektion an Lunge und Bronchus "},
+    {"OPSC_4":"5-33","OPS_Gruppen_Text":"Andere Operationen an Lunge und Bronchus"},
+    {"OPSC_4":"5-34","OPS_Gruppen_Text":"Operationen an Brustwand, Pleura, Mediastinum und Zwerchfell "},
+    {"OPSC_4":"5-37","OPS_Gruppen_Text":"Rhythmuschirurgie und andere Operationen an Herz und Perikard"},
+    {"OPSC_4":"5-38","OPS_Gruppen_Text":"Inzision, Exzision und Verschluß von Blutgefäßen "},
+    {"OPSC_4":"5-39","OPS_Gruppen_Text":"Andere Operationen an Blutgefäßen "},
+    {"OPSC_4":"5-40","OPS_Gruppen_Text":"Operationen am Lymphgewebe "},
+    {"OPSC_4":"5-41","OPS_Gruppen_Text":"Operationen an Milz und Knochenmark "},
+    {"OPSC_4":"5-42","OPS_Gruppen_Text":"Operationen am Ösophagus "},
+    {"OPSC_4":"5-43","OPS_Gruppen_Text":"Inzision, Exzision und Resektion am Magen "},
+    {"OPSC_4":"5-44","OPS_Gruppen_Text":"Erweiterte Magenresektion und andere Operationen am Magen "},
+    {"OPSC_4":"5-45","OPS_Gruppen_Text":"Inzision, Exzision, Resektion und Anastomose an Dünn- und Dickdarm "},
+    {"OPSC_4":"5-46","OPS_Gruppen_Text":"Andere Operationen an Dünn- und Dickdarm "},
+    {"OPSC_4":"5-47","OPS_Gruppen_Text":"Operationen an der Appendix "},
+    {"OPSC_4":"5-48","OPS_Gruppen_Text":"Operationen am Rektum "},
+    {"OPSC_4":"5-49","OPS_Gruppen_Text":"Operationen am Anus "},
+    {"OPSC_4":"5-50","OPS_Gruppen_Text":"Operationen an der Leber "},
+    {"OPSC_4":"5-51","OPS_Gruppen_Text":"Operationen an Gallenblase und Gallenwegen "},
+    {"OPSC_4":"5-52","OPS_Gruppen_Text":"Operationen am Pankreas "},
+    {"OPSC_4":"5-53","OPS_Gruppen_Text":"Verschluß abdominaler Hernien "},
+    {"OPSC_4":"5-54","OPS_Gruppen_Text":"Andere Operationen in der Bauchregion "},
+    {"OPSC_4":"5-55","OPS_Gruppen_Text":"Operationen an der Niere "},
+    {"OPSC_4":"5-56","OPS_Gruppen_Text":"Operationen am Ureter "},
+    {"OPSC_4":"5-57","OPS_Gruppen_Text":"Operationen an der Harnblase "},
+    {"OPSC_4":"5-59","OPS_Gruppen_Text":"Andere Operationen an den Harnorganen "},
+    {"OPSC_4":"5-60","OPS_Gruppen_Text":"Operationen an Prostata und Vesiculae seminales "},
+    {"OPSC_4":"5-61","OPS_Gruppen_Text":"Operationen an Skrotum und Tunica vaginalis testis"},
+    {"OPSC_4":"5-62","OPS_Gruppen_Text":"Operationen am Hoden "},
+    {"OPSC_4":"5-65","OPS_Gruppen_Text":"Operationen am Ovar "},
+    {"OPSC_4":"5-68","OPS_Gruppen_Text":"Inzision, Exzision und Exstirpation des Uterus "},
+    {"OPSC_4":"5-70","OPS_Gruppen_Text":"Operationen an Vagina und Douglasraum "},
+    {"OPSC_4":"5-71","OPS_Gruppen_Text":"Operationen an der Vulva "},
+    {"OPSC_4":"5-85","OPS_Gruppen_Text":"Operationen an Muskeln, Sehnen, Faszien und Schleimbeuteln"},
+    {"OPSC_4":"5-87","OPS_Gruppen_Text":"Exzision und Resektion der Mamma "},
+    {"OPSC_4":"5-89","OPS_Gruppen_Text":"Operationen an Haut und Unterhaut "},
+    {"OPSC_4":"5-90","OPS_Gruppen_Text":"Operative Wiederherstellung und Rekonstruktion von Haut und Unterhaut"},
+    {"OPSC_4":"5-91","OPS_Gruppen_Text":"Andere Operationen an Haut und Unterhaut "},
+    {"OPSC_4":"5-93","OPS_Gruppen_Text":"Angaben zum Transplantat und zu verwendeten Materialien"},
+    {"OPSC_4":"5-98","OPS_Gruppen_Text":"Spezielle Operationstechniken und Operationen bei speziellen Versorgungssituationen "},
+    {"OPSC_4":"8-13","OPS_Gruppen_Text":"Manipulation am Harntrakt"},
+    {"OPSC_4":"8-14","OPS_Gruppen_Text":"Therapeutische Kathedirisierung, Aspiration, Punktion und Spülung "},
+    {"OPSC_4":"8-15","OPS_Gruppen_Text":"Therapeutische Aspiration und Entleerung durch Punktion "},
+    {"OPSC_4":"8-17","OPS_Gruppen_Text":"Spülung (Lavage) "},
+    {"OPSC_4":"8-19","OPS_Gruppen_Text":"Verbände "},
+    {"OPSC_4":"8-77","OPS_Gruppen_Text":"Maßnahmen im Rahmen der Reanimation "},
+    {"OPSC_4":"8-92","OPS_Gruppen_Text":"Neurologisches Monitoring "},
+])
+EOF
+    
+    OVERRIDE+=" -f ./$PROJECT/modules/ovis-compose.yml"
+fi

ccp/queries_to_cache.conf

@@ -1,2 +1,2 @@
-bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfUkVQTEFDRV9TUEVDSU1FTl9TVFJBVElGSUVSaWYgSW5Jbml0aWFsUG9wdWxhdGlvbiB0aGVuIFtTcGVjaW1lbl0gZWxzZSB7fSBhcyBMaXN0PFNwZWNpbWVuPgpES1RLX1NUUkFUX1BST0NFRFVSRV9TVFJBVElGSUVSCgpES1RLX1NUUkFUX01FRElDQVRJT05fU1RSQVRJRklFUgoKICBES1RLX1JFUExBQ0VfSElTVE9MT0dZX1NUUkFUSUZJRVIKIGlmIGhpc3RvLmNvZGUuY29kaW5nLndoZXJlKGNvZGUgPSAnNTk4NDctNCcpLmNvZGUuZmlyc3QoKSBpcyBudWxsIHRoZW4gMCBlbHNlIDEKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OCnRydWU=
+bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19TVFJBVF9ISVNUT0xPR1lfU1RSQVRJRklFUgpES1RLX1NUUkFUX0RFRl9JTl9JTklUSUFMX1BPUFVMQVRJT04KdHJ1ZQ==
-bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1JFUExBQ0VfU1BFQ0lNRU5fU1RSQVRJRklFUmlmIEluSW5pdGlhbFBvcHVsYXRpb24gdGhlbiBbU3BlY2ltZW5dIGVsc2Uge30gYXMgTGlzdDxTcGVjaW1lbj4KREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19SRVBMQUNFX0hJU1RPTE9HWV9TVFJBVElGSUVSCiBpZiBoaXN0by5jb2RlLmNvZGluZy53aGVyZShjb2RlID0gJzU5ODQ3LTQnKS5jb2RlLmZpcnN0KCkgaXMgbnVsbCB0aGVuIDAgZWxzZSAxCkRLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTihleGlzdHMgW0NvbmRpdGlvbjogQ29kZSAnQzYxJyBmcm9tIGljZDEwXSkgYW5kIAooKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQwLzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQ3LzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NDgwLzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NTAwLzMnKSk=
+bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCgogIERLVEtfU1RSQVRfSElTVE9MT0dZX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDNjEnIGZyb20gaWNkMTBdKSBhbmQgCigoZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDcvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0ODAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg1MDAvMycpKQ==

dhki/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-dhki-blaze
     environment:
       BASE_URL: "http://bridgehead-dhki-blaze:8080"
@@ -33,7 +33,7 @@ services:
       EPSILON: 0.28
       QUERIES_TO_CACHE: '/queries_to_cache.conf'
     volumes:
-      - /srv/docker/bridgehead/dhki/queries_to_cache.conf:/queries_to_cache.conf:ro
+      - /srv/docker/bridgehead/dhki/queries_to_cache.conf:/queries_to_cache.conf
     depends_on:
       - "beam-proxy"
       - "blaze"

itcc/docker-compose.yml

@@ -2,14 +2,13 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-itcc-blaze
     environment:
       BASE_URL: "http://bridgehead-itcc-blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
-      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
     volumes:
       - "blaze-data:/app/data"
@@ -32,10 +31,6 @@ services:
       BEAM_PROXY_URL: http://beam-proxy:8081
       RETRY_COUNT: ${FOCUS_RETRY_COUNT}
       EPSILON: 0.28
-      QUERIES_TO_CACHE: '/queries_to_cache.conf'
-      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
-    volumes:
-      - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
     depends_on:
       - "beam-proxy"
       - "blaze"

itcc/queries_to_cache.conf

@@ -1,2 +0,0 @@
-bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwoKY29udGV4dCBQYXRpZW50CkRLVEtfU1RSQVRfR0VOREVSX1NUUkFUSUZJRVIKICBES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCiAgSVRDQ19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgogIERLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTgp0cnVl
-bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwpjb2Rlc3lzdGVtIG1vbGVjdWxhck1hcmtlcjogJ2h0dHA6Ly93d3cuZ2VuZW5hbWVzLm9yZycKCmNvbnRleHQgUGF0aWVudApES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCiAgREtUS19TVFJBVF9ESUFHTk9TSVNfU1RSQVRJRklFUgogIElUQ0NfU1RSQVRfQUdFX0NMQVNTX1NUUkFUSUZJRVIKICBES1RLX1NUUkFUX0RFRl9JTl9JTklUSUFMX1BPUFVMQVRJT04KKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNjk1NDgtNicgZnJvbSBsb2luY10gTwp3aGVyZSBPLmNvbXBvbmVudC53aGVyZShjb2RlLmNvZGluZyBjb250YWlucyBDb2RlICc0ODAxOC02JyBmcm9tIGxvaW5jKS52YWx1ZS5jb2RpbmcgY29udGFpbnMgQ29kZSAnQlJBRicgZnJvbSBtb2xlY3VsYXJNYXJrZXIp

kr/docker-compose.yml

@@ -6,7 +6,7 @@ services:
       replicas: 0 #deactivate landing page
 
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
     container_name: bridgehead-kr-blaze
     environment:
       BASE_URL: "http://bridgehead-kr-blaze:8080"

lib/functions.sh

@@ -313,7 +313,7 @@ function sync_secrets() {
         -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
         -e PROXY_ID=$PROXY_ID \
         -e BROKER_URL=$BROKER_URL \
-        -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \
+        -e OIDC_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \
         -e SECRET_DEFINITIONS=$secret_sync_args \
         docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
 
@@ -322,70 +322,6 @@ function sync_secrets() {
     set +a # Export variables in the regular way
 }
 
-function secret_sync_gitlab_token() {
-    # Map the origin of the git repository /etc/bridgehead to the prefix recognized by Secret Sync
-    local gitlab
-    case "$(git -C /etc/bridgehead remote get-url origin)" in
-        *git.verbis.dkfz.de*) gitlab=verbis;;
-        *gitlab.bbmri-eric.eu*) gitlab=bbmri;;
-        *)
-            log "WARN" "Not running Secret Sync because the git repository /etc/bridgehead has unknown origin"
-            return
-            ;;
-    esac
-
-    if [ "$PROJECT" == "bbmri" ]; then
-        # If the project is BBMRI, use the BBMRI-ERIC broker and not the GBN broker
-        proxy_id=$ERIC_PROXY_ID
-        broker_url=$ERIC_BROKER_URL
-        broker_id=$ERIC_BROKER_ID
-        root_crt_file="/srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem"
-    else
-        proxy_id=$PROXY_ID
-        broker_url=$BROKER_URL
-        broker_id=$BROKER_ID
-        root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
-    fi
-
-    # Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.
-    # If it is missing or expired, Secret Sync will create a new token and write it to the file.
-    # The git credential helper reads the token from the file during git pull.
-    mkdir -p /var/cache/bridgehead/secrets
-    touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container
-    log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)"
-    docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image
-    docker run --rm \
-        -v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
-        -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
-        -v $root_crt_file:/run/secrets/root.crt.pem:ro \
-        -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
-        -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
-        -e NO_PROXY=localhost,127.0.0.1 \
-        -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
-        -e PROXY_ID=$proxy_id \
-        -e BROKER_URL=$broker_url \
-        -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
-        -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN:$gitlab \
-        docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
-    if [ $? -eq 0 ]; then
-        log "INFO" "Secret Sync was successful"
-        # In the past we used to hardcode tokens into the repository URL. We have to remove those now for the git credential helper to become effective.
-        CLEAN_REPO="$(git -C /etc/bridgehead remote get-url origin | sed -E 's|https://[^@]+@|https://|')"
-        git -C /etc/bridgehead remote set-url origin "$CLEAN_REPO"
-        # Set the git credential helper
-        git -C /etc/bridgehead config credential.helper /srv/docker/bridgehead/lib/gitlab-token-helper.sh
-    else
-        log "WARN" "Secret Sync failed"
-        # Remove the git credential helper
-        git -C /etc/bridgehead config --unset credential.helper
-    fi
-
-    # In the past the git credential helper was also set for /srv/docker/bridgehead but never used.
-    # Let's remove it to avoid confusion. This line can be removed at some point the future when we
-    # believe that it was removed on all/most production servers.
-    git -C /srv/docker/bridgehead config --unset credential.helper
-}
-
 capitalize_first_letter() {
     input="$1"
     capitalized="$(tr '[:lower:]' '[:upper:]' <<< ${input:0:1})${input:1}"

lib/update-bridgehead.sh

@@ -33,7 +33,43 @@ export SITE_ID
 checkOwner /srv/docker/bridgehead bridgehead || fail_and_report 1 "Update failed: Wrong permissions in /srv/docker/bridgehead"
 checkOwner /etc/bridgehead bridgehead || fail_and_report 1 "Update failed: Wrong permissions in /etc/bridgehead"
 
-secret_sync_gitlab_token
+# Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.
+# If it is missing or expired, Secret Sync will create a new token and write it to the file.
+# The git credential helper reads the token from the file during git pull.
+mkdir -p /var/cache/bridgehead/secrets
+touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container
+log "INFO" "Running Secret Sync for the GitLab token"
+docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image
+docker run --rm \
+  -v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
+  -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
+  -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \
+  -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
+  -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
+  -e NO_PROXY=localhost,127.0.0.1 \
+  -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
+  -e PROXY_ID=$PROXY_ID \
+  -e BROKER_URL=$BROKER_URL \
+  -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \
+  -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN: \
+  docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
+if [ $? -eq 0 ]; then
+  log "INFO" "Secret Sync was successful"
+  # In the past we used to hardcode tokens into the repository URL. We have to remove those now for the git credential helper to become effective.
+  CLEAN_REPO="$(git -C /etc/bridgehead remote get-url origin | sed -E 's|https://[^@]+@|https://|')"
+  git -C /etc/bridgehead remote set-url origin "$CLEAN_REPO"
+  # Set the git credential helper
+  git -C /etc/bridgehead config credential.helper /srv/docker/bridgehead/lib/gitlab-token-helper.sh
+else
+  log "WARN" "Secret Sync failed"
+  # Remove the git credential helper
+  git -C /etc/bridgehead config --unset credential.helper
+fi
+
+# In the past the git credential helper was also set for /srv/docker/bridgehead but never used.
+# Let's remove it to avoid confusion. This line can be removed at some point the future when we
+# believe that it was removed on all/most production servers.
+git -C /srv/docker/bridgehead config --unset credential.helper
 
 CHANGES=""
 

modules/transfair-compose.yml

@@ -17,13 +17,11 @@ services:
       - EXCHANGE_ID_SYSTEM=${EXCHANGE_ID_SYSTEM:-SESSION_ID}
       - DATABASE_URL=sqlite://transfair/data_requests.sql?mode=rwc
       - RUST_LOG=${RUST_LOG:-info}
-      - TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs
     volumes:
       - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
-      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
 
   transfair-input-blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-transfair-input-blaze
     environment:
       BASE_URL: "http://bridgehead-transfair-input-blaze:8080"
@@ -36,7 +34,7 @@ services:
     profiles: ["transfair-input-blaze"]
 
   transfair-request-blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-transfair-requests-blaze
     environment:
       BASE_URL: "http://bridgehead-transfair-requests-blaze:8080"

versions/prod

@@ -1,3 +1,2 @@
 FOCUS_TAG=main
-BEAM_TAG=main
+BEAM_TAG=main
-BLAZE_TAG=0.32

versions/test

@@ -1,3 +1,2 @@
 FOCUS_TAG=develop
-BEAM_TAG=develop
+BEAM_TAG=develop
-BLAZE_TAG=main