Test docker image for bbmri teiler-dashboard

* feat: add auto archiving action

---------

Co-authored-by: p.delpy@dkfz-heidelberg.de <p.delpy@dkfz-heidelberg.de>
Co-authored-by: Martin Lablans <6804500+lablans@users.noreply.github.com>

.github/scripts/rename_inactive_branches.py

@@ -0,0 +1,39 @@
+import os
+import requests
+from datetime import datetime, timedelta
+
+# Configuration
+GITHUB_TOKEN = os.getenv('GITHUB_TOKEN')
+REPO = 'samply/bridgehead'
+HEADERS = {'Authorization': f'token {GITHUB_TOKEN}', 'Accept': 'application/vnd.github.v3+json'}
+API_URL = f'https://api.github.com/repos/{REPO}/branches'
+INACTIVE_DAYS = 365
+CUTOFF_DATE = datetime.now() - timedelta(days=INACTIVE_DAYS)
+
+# Fetch all branches
+def get_branches():
+    response = requests.get(API_URL, headers=HEADERS)
+    response.raise_for_status()
+    return response.json() if response.status_code == 200 else []
+
+# Rename inactive branches
+def rename_branch(old_name, new_name):
+    rename_url = f'https://api.github.com/repos/{REPO}/branches/{old_name}/rename'
+    response = requests.post(rename_url, json={'new_name': new_name}, headers=HEADERS)
+    response.raise_for_status()
+    print(f"Renamed branch {old_name} to {new_name}" if response.status_code == 201 else f"Failed to rename {old_name}: {response.status_code}")
+
+# Check if the branch is inactive
+def is_inactive(commit_url):
+    last_commit_date = requests.get(commit_url, headers=HEADERS).json()['commit']['committer']['date']
+    return datetime.strptime(last_commit_date, '%Y-%m-%dT%H:%M:%SZ') < CUTOFF_DATE
+
+# Rename inactive branches
+def main():
+    for branch in get_branches():
+        if is_inactive(branch['commit']['url']):
+            #rename_branch(branch['name'], f"archived/{branch['name']}")
+            print(f"[LOG] Branch '{branch['name']}' is inactive and would be renamed to 'archived/{branch['name']}'")
+
+if __name__ == "__main__":
+    main()

.github/workflows/rename-inactive-branches.yml

@@ -0,0 +1,27 @@
+name: Cleanup - Rename Inactive Branches
+
+on:
+  schedule:
+    - cron: '0 0 * * 0'  # Runs every Sunday at midnight
+
+jobs:
+  archive-stale-branches:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install Libraries
+        run: pip install requests
+
+      - name: Run Script to Rename Inactive Branches
+        run: |
+          python .github/scripts/rename_inactive_branches.py
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

bbmri/docker-compose.yml

@@ -10,7 +10,8 @@ services:
       BASE_URL: "http://bridgehead-bbmri-blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
     volumes:
       - "blaze-data:/app/data"

bbmri/vars

@@ -1,3 +1,22 @@
+BROKER_ID=broker-test.bbmri-test.samply.de
+BROKER_URL=https://${BROKER_ID}
+PROXY_ID=${SITE_ID}.${BROKER_ID}
+PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+PLATFORM=bbmri
+
+BROKER_URL_FOR_PREREQ=$BROKER_URL
+
+OIDC_USER_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})"
+OIDC_ADMIN_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})_Verwalter"
+OIDC_PUBLIC_CLIENT_ID="BBMRI_${SITE_ID}-public"
+# Use "test-realm-01" for testing
+OIDC_REALM="${OIDC_REALM:-test-realm-01}"
+OIDC_URL="https://login.verbis.dkfz.de"
+OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
+OIDC_GROUP_CLAIM="groups"
+
+POSTGRES_TAG=15.6-alpine
+
 # Makes sense for all European Biobanks
 : ${ENABLE_ERIC:=true}
 
@@ -13,6 +32,13 @@ do
     source $module
 done
 
+log DEBUG "sourcing ccp/modules/exporter-setup.sh"
+source ccp/modules/exporter-setup.sh
+
+log DEBUG "sourcing ccp/modules/teiler-setup.sh"
+source ccp/modules/teiler-setup.sh
+
+
 SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL
 BROKER_URL_FOR_PREREQ="${ERIC_BROKER_URL:-$GBN_BROKER_URL}"
 

bridgehead

@@ -106,7 +106,8 @@ case "$ACTION" in
 		loadVars
 		hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
 		checkRequirements
-		sync_secrets
+		# NOTE: for testing only, we will need to properly setup secret sync if we want to use this code
+		# sync_secrets
 		hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
 		exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
 		;;

ccp/docker-compose.yml

@@ -8,7 +8,8 @@ services:
       BASE_URL: "http://bridgehead-ccp-blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
     volumes:
       - "blaze-data:/app/data"

ccp/modules/datashield-compose.yml

@@ -121,38 +121,42 @@ services:
   oauth2-proxy:
     image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
     container_name: bridgehead-oauth2proxy
-    environment:
+    command: >-
-      - http_proxy=http://forward_proxy:3128
+      --allowed-group=DataSHIELD
-      - https_proxy=http://forward_proxy:3128
+      --oidc-groups-claim=${OIDC_GROUP_CLAIM}
-      - OAUTH2_PROXY_ALLOWED_GROUPS=DataSHIELD
+      --auth-logging=true
-      - OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
+      --whitelist-domain=${HOST}
-      - OAUTH2_PROXY_WHITELIST_DOMAIN=${HOST}
+      --http-address="0.0.0.0:4180"
-      - OAUTH2_PROXY_HTTP_ADDRESS=:4180
+      --reverse-proxy=true
-      - OAUTH2_PROXY_REVERSE_PROXY=true
+      --upstream="static://202"
-      - OAUTH2_PROXY_UPSTREAMS=static://202
+      --email-domain="*"
-      - OAUTH2_PROXY_EMAIL_DOMAINS=*
+      --cookie-name="_BRIDGEHEAD_oauth2"
-      - OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2
+      --cookie-secret="${OAUTH2_PROXY_SECRET}"
-      - OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_SECRET}
+      --cookie-expire="12h"
-      - OAUTH2_PROXY_COOKIE_EXPIRE=12h
+      --cookie-secure="true"
+      --cookie-httponly="true"
       #OIDC settings
-      - OAUTH2_PROXY_PROVIDER=keycloak-oidc
+      --provider="keycloak-oidc"
-      - OAUTH2_PROXY_PROVIDER_DISPLAY_NAME="VerbIS Login"
+      --provider-display-name="VerbIS Login"
-      - OAUTH2_PROXY_CLIENT_ID=${OIDC_PRIVATE_CLIENT_ID}
+      --client-id="${OIDC_PRIVATE_CLIENT_ID}"
-      - OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
+      --client-secret="${OIDC_CLIENT_SECRET}"
-      - OAUTH2_PROXY_REDIRECT_URL="https://${HOST}${OAUTH2_CALLBACK}"
+      --redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
-      - OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_ISSUER_URL}
+      --oidc-issuer-url="${OIDC_ISSUER_URL}"
-      - OAUTH2_PROXY_SCOPE=openid profile email
+      --scope="openid email profile"
-      - OAUTH2_PROXY_CODE_CHALLENGE_METHOD=true
+      --code-challenge-method="S256"
-      - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
+      --skip-provider-button=true
       #X-Forwarded-Header settings - true/false depending on your needs
-      - OAUTH2_PROXY_PASS_BASIC_AUTH=true
+      --pass-basic-auth=true
-      - OAUTH2_PROXY_PASS_USER_HEADERS=false
+      --pass-user-headers=false
-      - OAUTH2_PROXY_ACCESS_TOKEN=false
+      --pass-access-token=false
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.oauth2_proxy.rule=PathPrefix(`/oauth2`)"
       - "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
       - "traefik.http.routers.oauth2_proxy.tls=true"
+    environment:
+      http_proxy: "http://forward_proxy:3128"
+      https_proxy: "http://forward_proxy:3128"
     depends_on:
       forward_proxy:
         condition: service_healthy

ccp/modules/exporter-compose.yml

@@ -3,7 +3,7 @@ version: "3.7"
 services:
   exporter:
     image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
-    container_name: bridgehead-ccp-exporter
+    container_name: bridgehead-${PLATFORM}-exporter
     environment:
       JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
       LOG_LEVEL: "INFO"
@@ -12,39 +12,39 @@ services:
       EXPORTER_DB_USER: "exporter"
       EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
       EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
-      HTTP_RELATIVE_PATH: "/ccp-exporter"
+      HTTP_RELATIVE_PATH: "/${PLATFORM}-exporter"
       SITE: "${SITE_ID}"
       HTTP_SERVLET_REQUEST_SCHEME: "https"
       OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
+      - "traefik.http.routers.exporter_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-exporter`)"
-      - "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092"
+      - "traefik.http.services.exporter_${PLATFORM}.loadbalancer.server.port=8092"
-      - "traefik.http.routers.exporter_ccp.tls=true"
+      - "traefik.http.routers.exporter_${PLATFORM}.tls=true"
-      - "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
+      - "traefik.http.middlewares.exporter_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-exporter"
-      - "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
+      - "traefik.http.routers.exporter_${PLATFORM}.middlewares=exporter_${PLATFORM}_strip"
     volumes:
-      - "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output"
+      - "/var/cache/bridgehead/${PLATFORM}/exporter-files:/app/exporter-files/output"
 
   exporter-db:
     image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
-    container_name: bridgehead-ccp-exporter-db
+    container_name: bridgehead-${PLATFORM}-exporter-db
     environment:
       POSTGRES_USER: "exporter"
       POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
       POSTGRES_DB: "exporter"
     volumes:
       # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
-      - "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data"
+      - "/var/cache/bridgehead/${PLATFORM}/exporter-db:/var/lib/postgresql/data"
 
   reporter:
     image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
-    container_name: bridgehead-ccp-reporter
+    container_name: bridgehead-${PLATFORM}-reporter
     environment:
       JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
       LOG_LEVEL: "INFO"
       CROSS_ORIGINS: "https://${HOST}"
-      HTTP_RELATIVE_PATH: "/ccp-reporter"
+      HTTP_RELATIVE_PATH: "/${PLATFORM}-reporter"
       SITE: "${SITE_ID}"
       EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
       EXPORTER_URL: "http://exporter:8092"
@@ -57,11 +57,11 @@ services:
     # There is a risk that the bridgehead restarts, losing the already created export.
 
     volumes:
-      - "/var/cache/bridgehead/ccp/reporter-files:/app/reports"
+      - "/var/cache/bridgehead/${PLATFORM}/reporter-files:/app/reports"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
+      - "traefik.http.routers.reporter_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-reporter`)"
-      - "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095"
+      - "traefik.http.services.reporter_${PLATFORM}.loadbalancer.server.port=8095"
-      - "traefik.http.routers.reporter_ccp.tls=true"
+      - "traefik.http.routers.reporter_${PLATFORM}.tls=true"
-      - "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter"
+      - "traefik.http.middlewares.reporter_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-reporter"
-      - "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip"
+      - "traefik.http.routers.reporter_${PLATFORM}.middlewares=reporter_${PLATFORM}_strip"

ccp/modules/exporter-setup.sh

@@ -2,7 +2,7 @@
 
 if [ "$ENABLE_EXPORTER" == true ]; then
   log INFO "Exporter setup detected -- will start Exporter service."
-  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
+  OVERRIDE+=" -f ./ccp/modules/exporter-compose.yml"
   EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
   EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
 fi

ccp/modules/teiler-compose.yml

@@ -7,30 +7,31 @@ services:
     container_name: bridgehead-teiler-orchestrator
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)"
+      - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler`)"
-      - "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000"
+      - "traefik.http.services.teiler_orchestrator_${PLATFORM}.loadbalancer.server.port=9000"
-      - "traefik.http.routers.teiler_orchestrator_ccp.tls=true"
+      - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.tls=true"
-      - "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler"
+      - "traefik.http.middlewares.teiler_orchestrator_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler"
-      - "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip"
+      - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.middlewares=teiler_orchestrator_${PLATFORM}_strip"
     environment:
-      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
+      TEILER_BACKEND_URL: "https://${HOST}/${PLATFORM}-teiler-backend"
-      TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
+      TEILER_DASHBOARD_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard"
       DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
-      HTTP_RELATIVE_PATH: "/ccp-teiler"
+      HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
 
   teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    #image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image:  docker.verbis.dkfz.de/ccp/samply/teiler-dashboard:bbmri
     container_name: bridgehead-teiler-dashboard
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)"
+      - "traefik.http.routers.teiler_dashboard_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler-dashboard`)"
-      - "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80"
+      - "traefik.http.services.teiler_dashboard_${PLATFORM}.loadbalancer.server.port=80"
-      - "traefik.http.routers.teiler_dashboard_ccp.tls=true"
+      - "traefik.http.routers.teiler_dashboard_${PLATFORM}.tls=true"
-      - "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
+      - "traefik.http.middlewares.teiler_dashboard_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler-dashboard"
-      - "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
+      - "traefik.http.routers.teiler_dashboard_${PLATFORM}.middlewares=teiler_dashboard_${PLATFORM}_strip"
     environment:
       DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
+      TEILER_BACKEND_URL: "https://${HOST}/${PLATFORM}-teiler-backend"
       OIDC_URL: "${OIDC_URL}"
       OIDC_REALM: "${OIDC_REALM}"
       OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
@@ -40,42 +41,42 @@ services:
       TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
       TEILER_PROJECT: "${PROJECT}"
       EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
-      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
+      TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PLATFORM}-teiler"
-      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
+      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler-dashboard"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
       TEILER_USER: "${OIDC_USER_GROUP}"
       TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
-      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
+      REPORTER_DEFAULT_TEMPLATE_ID: "${PLATFORM}-qb"
-      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
+      EXPORTER_DEFAULT_TEMPLATE_ID: "${PLATFORM}"
 
 
   teiler-backend:
-    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
+    image: docker.verbis.dkfz.de/ccp/${PROJECT}-teiler-backend:latest
     container_name: bridgehead-teiler-backend
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)"
+      - "traefik.http.routers.teiler_backend_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler-backend`)"
-      - "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085"
+      - "traefik.http.services.teiler_backend_${PLATFORM}.loadbalancer.server.port=8085"
-      - "traefik.http.routers.teiler_backend_ccp.tls=true"
+      - "traefik.http.routers.teiler_backend_${PLATFORM}.tls=true"
-      - "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
+      - "traefik.http.middlewares.teiler_backend_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler-backend"
-      - "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
+      - "traefik.http.routers.teiler_backend_${PLATFORM}.middlewares=teiler_backend_${PLATFORM}_strip"
     environment:
       LOG_LEVEL: "INFO"
       APPLICATION_PORT: "8085"
       APPLICATION_ADDRESS: "${HOST}"
       DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
+      CONFIG_ENV_VAR_PATH: "/run/secrets/project-conf"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
-      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
+      TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PLATFORM}-teiler"
-      TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
+      TEILER_DASHBOARD_DE_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard/de"
-      TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
+      TEILER_DASHBOARD_EN_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard/en"
       CENTRAX_URL: "${CENTRAXX_URL}"
       HTTP_PROXY: "http://forward_proxy:3128"
       ENABLE_MTBA: "${ENABLE_MTBA}"
       ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
     secrets:
-      - ccp.conf
+      - project-conf
 
 secrets:
-  ccp.conf:
+  project-conf:
-    file: /etc/bridgehead/ccp.conf
+    file: "/etc/bridgehead/${PROJECT}.conf"

ccp/modules/teiler-setup.sh

@@ -2,7 +2,7 @@
 
 if [ "$ENABLE_TEILER" == true ];then
   log INFO "Teiler setup detected -- will start Teiler services."
-  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
+  OVERRIDE+=" -f ./ccp/modules/teiler-compose.yml"
   TEILER_DEFAULT_LANGUAGE=DE
   TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
   add_public_oidc_redirect_url "/ccp-teiler/*"

ccp/vars

@@ -5,6 +5,7 @@ FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | h
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+PLATFORM=ccp
 
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 
@@ -29,4 +30,4 @@ done
 idManagementSetup
 mtbaSetup
 obds2fhirRestSetup
-blazeSecondarySetup
+blazeSecondarySetup

kr/docker-compose.yml

@@ -1,6 +1,10 @@
 version: "3.7"
 
 services:
+  landing:
+    deploy:
+      replicas: 0 #deactivate landing page
+
   blaze:
     image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-kr-blaze

kr/modules/lens-compose.yml

@@ -1,6 +1,8 @@
 version: "3.7"
 services:
   landing:
+    deploy:
+      replicas: 1 #reactivate if lens is in use
     container_name: lens_federated-search
     image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
     labels:

lib/functions.sh

@@ -171,8 +171,10 @@ optimizeBlazeMemoryUsage() {
 		if [ $available_system_memory_chunks -eq 0 ]; then
 			log WARN "Only ${BLAZE_MEMORY_CAP} system memory available for Blaze. If your Blaze stores more than 128000 fhir ressources it will run significally slower."
 			export BLAZE_RESOURCE_CACHE_CAP=128000;
+			export BLAZE_CQL_CACHE_CAP=32;
 		else
 			export BLAZE_RESOURCE_CACHE_CAP=$((available_system_memory_chunks * 312500))
+			export BLAZE_CQL_CACHE_CAP=$((($system_memory_in_mb/4)/16));
 		fi
 	fi
 }