no need for this, minimal is executed

* feat: add auto archiving action

---------

Co-authored-by: p.delpy@dkfz-heidelberg.de <p.delpy@dkfz-heidelberg.de>
Co-authored-by: Martin Lablans <6804500+lablans@users.noreply.github.com>

.github/scripts/rename_inactive_branches.py

@@ -0,0 +1,39 @@
+import os
+import requests
+from datetime import datetime, timedelta
+
+# Configuration
+GITHUB_TOKEN = os.getenv('GITHUB_TOKEN')
+REPO = 'samply/bridgehead'
+HEADERS = {'Authorization': f'token {GITHUB_TOKEN}', 'Accept': 'application/vnd.github.v3+json'}
+API_URL = f'https://api.github.com/repos/{REPO}/branches'
+INACTIVE_DAYS = 365
+CUTOFF_DATE = datetime.now() - timedelta(days=INACTIVE_DAYS)
+
+# Fetch all branches
+def get_branches():
+    response = requests.get(API_URL, headers=HEADERS)
+    response.raise_for_status()
+    return response.json() if response.status_code == 200 else []
+
+# Rename inactive branches
+def rename_branch(old_name, new_name):
+    rename_url = f'https://api.github.com/repos/{REPO}/branches/{old_name}/rename'
+    response = requests.post(rename_url, json={'new_name': new_name}, headers=HEADERS)
+    response.raise_for_status()
+    print(f"Renamed branch {old_name} to {new_name}" if response.status_code == 201 else f"Failed to rename {old_name}: {response.status_code}")
+
+# Check if the branch is inactive
+def is_inactive(commit_url):
+    last_commit_date = requests.get(commit_url, headers=HEADERS).json()['commit']['committer']['date']
+    return datetime.strptime(last_commit_date, '%Y-%m-%dT%H:%M:%SZ') < CUTOFF_DATE
+
+# Rename inactive branches
+def main():
+    for branch in get_branches():
+        if is_inactive(branch['commit']['url']):
+            #rename_branch(branch['name'], f"archived/{branch['name']}")
+            print(f"[LOG] Branch '{branch['name']}' is inactive and would be renamed to 'archived/{branch['name']}'")
+
+if __name__ == "__main__":
+    main()

.github/workflows/rename-inactive-branches.yml

@@ -0,0 +1,27 @@
+name: Cleanup - Rename Inactive Branches
+
+on:
+  schedule:
+    - cron: '0 0 * * 0'  # Runs every Sunday at midnight
+
+jobs:
+  archive-stale-branches:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install Libraries
+        run: pip install requests
+
+      - name: Run Script to Rename Inactive Branches
+        run: |
+          python .github/scripts/rename_inactive_branches.py
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

bbmri/docker-compose.yml

@@ -10,7 +10,8 @@ services:
       BASE_URL: "http://bridgehead-bbmri-blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
     volumes:
       - "blaze-data:/app/data"

bbmri/vars

@@ -1,3 +1,21 @@
+BROKER_ID=broker-test.bbmri-test.samply.de
+BROKER_URL=https://${BROKER_ID}
+PROXY_ID=${SITE_ID}.${BROKER_ID}
+PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+
+BROKER_URL_FOR_PREREQ=$BROKER_URL
+
+OIDC_USER_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})"
+OIDC_ADMIN_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})_Verwalter"
+OIDC_PUBLIC_CLIENT_ID="BBMRI_${SITE_ID}-public"
+# Use "test-realm-01" for testing
+OIDC_REALM="${OIDC_REALM:-test-realm-01}"
+OIDC_URL="https://login.verbis.dkfz.de"
+OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
+OIDC_GROUP_CLAIM="groups"
+
+POSTGRES_TAG=15.6-alpine
+
 # Makes sense for all European Biobanks
 : ${ENABLE_ERIC:=true}
 
@@ -13,6 +31,7 @@ do
     source $module
 done
 
+
 SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL
 BROKER_URL_FOR_PREREQ="${ERIC_BROKER_URL:-$GBN_BROKER_URL}"
 

bridgehead

@@ -106,7 +106,8 @@ case "$ACTION" in
 		loadVars
 		hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
 		checkRequirements
-		sync_secrets
+		# NOTE: for testing only, we will need to properly setup secret sync if we want to use this code
+		# sync_secrets
 		hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
 		exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
 		;;

ccp/docker-compose.yml

@@ -8,7 +8,8 @@ services:
       BASE_URL: "http://bridgehead-ccp-blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
     volumes:
       - "blaze-data:/app/data"

ccp/modules/datashield-compose.yml

@@ -151,7 +151,7 @@ services:
       --pass-access-token=false
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.oauth2_proxy.rule=Host(`${HOST}`) && PathPrefix(`/oauth2`)"
+      - "traefik.http.routers.oauth2_proxy.rule=PathPrefix(`/oauth2`)"
       - "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
       - "traefik.http.routers.oauth2_proxy.tls=true"
     environment:

ccp/modules/export-and-qb.curl-templates

@@ -1,6 +0,0 @@
-# Full Excel Export
-curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \
---header 'x-api-key: ${EXPORT_API_KEY}'
-
-# QB
-curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp'

ccp/modules/id-management-compose.yml

@@ -19,10 +19,18 @@ services:
       - traefik-forward-auth
     labels:
       - "traefik.enable=true"
+      # Router with Authentication
       - "traefik.http.routers.id-manager.rule=PathPrefix(`/id-manager`)"
-      - "traefik.http.services.id-manager.loadbalancer.server.port=8080"
       - "traefik.http.routers.id-manager.tls=true"
       - "traefik.http.routers.id-manager.middlewares=traefik-forward-auth-idm"
+      - "traefik.http.routers.id-manager.service=id-manager-service"
+      # Router without Authentication
+      - "traefik.http.routers.id-manager-compatibility.rule=PathPrefix(`/id-manager/paths/translator/getIds`)"
+      - "traefik.http.routers.id-manager-compatibility.tls=true"
+      - "traefik.http.routers.id-manager-compatibility.service=id-manager-service"
+      # Definition of Service
+      - "traefik.http.services.id-manager-service.loadbalancer.server.port=8080"
+      - "traefik.http.services.id-manager-service.loadbalancer.server.scheme=http"
 
   patientlist:
     image: docker.verbis.dkfz.de/bridgehead/mainzelliste
@@ -57,7 +65,7 @@ services:
       - "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/"
 
   traefik-forward-auth:
-    image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:v7.6.0
+    image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
     environment:
       - http_proxy=http://forward_proxy:3128
       - https_proxy=http://forward_proxy:3128
@@ -67,6 +75,7 @@ services:
       - OAUTH2_PROXY_CLIENT_ID=bridgehead-${SITE_ID}
       - OAUTH2_PROXY_CLIENT_SECRET=${IDMANAGER_AUTH_CLIENT_SECRET}
       - OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
+      - OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
       - OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
       - OAUTH2_PROXY_HTTP_ADDRESS=:4180
       - OAUTH2_PROXY_REVERSE_PROXY=true

ccp/modules/teiler-compose.yml

@@ -1,81 +0,0 @@
-version: "3.7"
-
-services:
-
-  teiler-orchestrator:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
-    container_name: bridgehead-teiler-orchestrator
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)"
-      - "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000"
-      - "traefik.http.routers.teiler_orchestrator_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler"
-      - "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip"
-    environment:
-      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
-      TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
-      HTTP_RELATIVE_PATH: "/ccp-teiler"
-
-  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
-    container_name: bridgehead-teiler-dashboard
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)"
-      - "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80"
-      - "traefik.http.routers.teiler_dashboard_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
-      - "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
-    environment:
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
-      OIDC_URL: "${OIDC_URL}"
-      OIDC_REALM: "${OIDC_REALM}"
-      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
-      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
-      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
-      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
-      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
-      TEILER_PROJECT: "${PROJECT}"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
-      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
-      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
-      TEILER_USER: "${OIDC_USER_GROUP}"
-      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
-      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
-      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
-
-
-  teiler-backend:
-    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
-    container_name: bridgehead-teiler-backend
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)"
-      - "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085"
-      - "traefik.http.routers.teiler_backend_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
-      - "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
-    environment:
-      LOG_LEVEL: "INFO"
-      APPLICATION_PORT: "8085"
-      APPLICATION_ADDRESS: "${HOST}"
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
-      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
-      TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
-      TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
-      CENTRAX_URL: "${CENTRAXX_URL}"
-      HTTP_PROXY: "http://forward_proxy:3128"
-      ENABLE_MTBA: "${ENABLE_MTBA}"
-      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
-    secrets:
-      - ccp.conf
-
-secrets:
-  ccp.conf:
-    file: /etc/bridgehead/ccp.conf

ccp/vars

@@ -5,6 +5,7 @@ FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | h
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+PLATFORM=ccp
 
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 

kr/docker-compose.yml

@@ -1,6 +1,10 @@
 version: "3.7"
 
 services:
+  landing:
+    deploy:
+      replicas: 0 #deactivate landing page
+
   blaze:
     image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-kr-blaze

kr/modules/lens-compose.yml

@@ -1,6 +1,8 @@
 version: "3.7"
 services:
   landing:
+    deploy:
+      replicas: 1 #reactivate if lens is in use
     container_name: lens_federated-search
     image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
     labels:

lib/functions.sh

@@ -171,8 +171,10 @@ optimizeBlazeMemoryUsage() {
 		if [ $available_system_memory_chunks -eq 0 ]; then
 			log WARN "Only ${BLAZE_MEMORY_CAP} system memory available for Blaze. If your Blaze stores more than 128000 fhir ressources it will run significally slower."
 			export BLAZE_RESOURCE_CACHE_CAP=128000;
+			export BLAZE_CQL_CACHE_CAP=32;
 		else
 			export BLAZE_RESOURCE_CACHE_CAP=$((available_system_memory_chunks * 312500))
+			export BLAZE_CQL_CACHE_CAP=$((($system_memory_in_mb/4)/16));
 		fi
 	fi
 }

lib/install-bridgehead.sh

@@ -35,6 +35,12 @@ if [ -z "$LDM_AUTH" ]; then
   add_basic_auth_user $PROJECT $generated_passwd "LDM_AUTH" $PROJECT
 fi
 
+if [ "$ENABLE_EXPORTER" == true ]; then
+  log "INFO" "Now generating basic auth for the quality reports. "
+  generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
+  add_basic_auth_user $PROJECT $generated_passwd "QR_AUTH" $PROJECT
+fi
+
 if [ ! -z "$NNGM_CTS_APIKEY" ] && [ -z "$NNGM_AUTH" ]; then
   log "INFO" "Now generating basic auth for nNGM upload API (see adduser in bridgehead for more information). "
   generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"

lib/prerequisites.sh

@@ -3,14 +3,16 @@
 source lib/functions.sh
 
 detectCompose
+CONFIG_DIR="/etc/bridgehead/"
+COMPONENT_DIR="/srv/docker/bridgehead/"
 
 if ! id "bridgehead" &>/dev/null; then
   log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT"
   exit 1
 fi
 
-checkOwner /srv/docker/bridgehead bridgehead || exit 1
+checkOwner "${CONFIG_DIR}" bridgehead || exit 1
-checkOwner /etc/bridgehead bridgehead || exit 1
+checkOwner "${COMPONENT_DIR}" bridgehead || exit 1
 
 ## Check if user is a su
 log INFO "Checking if all prerequisites are met ..."
@@ -32,31 +34,31 @@ fi
 log INFO "Checking configuration ..."
 
 ## Download submodule
-if [ ! -d "/etc/bridgehead/" ]; then
+if [ ! -d "${CONFIG_DIR}" ]; then
-  fail_and_report 1 "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
+  fail_and_report 1 "Please set up the config folder at ${CONFIG_DIR}. Instruction are in the readme."
 fi
 
 # TODO: Check all required variables here in a generic loop
 
 #check if project env is present
-if [ -d "/etc/bridgehead/${PROJECT}.conf" ]; then
+if [ -d "${CONFIG_DIR}${PROJECT}.conf" ]; then
-   fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under /etc/bridgehead-config/${PROJECT}.conf."
+   fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under ${CONFIG_DIR}${PROJECT}.conf."
 fi
 
 # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
 
 log INFO "Checking ssl cert for accessing bridgehead via https"
 
-if [ ! -d "/etc/bridgehead/traefik-tls" ]; then
+if [ ! -d "${CONFIG_DIR}traefik-tls" ]; then
   log WARN "TLS certs for accessing bridgehead via https missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...) and put into /etc/bridgehead/traefik-tls"
   mkdir -p /etc/bridgehead/traefik-tls
 fi
 
-if [ ! -e "/etc/bridgehead/traefik-tls/fullchain.pem" ]; then
+if [ ! -e "${CONFIG_DIR}traefik-tls/fullchain.pem" ]; then
   openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/traefik-tls/privkey.pem -out /etc/bridgehead/traefik-tls/fullchain.pem -days 3650 -subj "/CN=$HOST"
 fi
 
-if [ -e /etc/bridgehead/vault.conf ]; then
+if [ -e "${CONFIG_DIR}"vault.conf ]; then
   if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
     fail_and_report 1 "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."
   fi
@@ -64,7 +66,7 @@ fi
 
 log INFO "Checking network access ($BROKER_URL_FOR_PREREQ) ..."
 
-source /etc/bridgehead/${PROJECT}.conf
+source "${CONFIG_DIR}${PROJECT}".conf
 source ${PROJECT}/vars
 
 if [ "${PROJECT}" != "minimal" ]; then
@@ -92,10 +94,10 @@ if [ "${PROJECT}" != "minimal" ]; then
   fi
 fi
 checkPrivKey() {
-  if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
+  if [ -e "${CONFIG_DIR}pki/${SITE_ID}.priv.pem" ]; then
     log INFO "Success - private key found."
   else
-    log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n  bridgehead enroll ${PROJECT}\nand follow the instructions."
+    log ERROR "Unable to find private key at ${CONFIG_DIR}pki/${SITE_ID}.priv.pem. To fix, please run\n  bridgehead enroll ${PROJECT}\nand follow the instructions."
     return 1
   fi
   return 0
@@ -107,6 +109,11 @@ else
   checkPrivKey || exit 1
 fi
 
+for dir in  "${CONFIG_DIR}" "${COMPONENT_DIR}"; do
+  log INFO "Checking branch: $(cd $dir && echo "$dir $(git branch --show-current)")"
+  hc_send log "Checking branch: $(cd $dir && echo "$dir $(git branch --show-current)")"
+done
+
 log INFO "Success - all prerequisites are met!"
 hc_send log "Success - all prerequisites are met!"
 

minimal/docker-compose.yml

@@ -10,18 +10,17 @@ services:
       - --providers.docker=true
       - --providers.docker.exposedbydefault=false
       - --providers.file.directory=/configuration/
-      - --api.dashboard=true
+      - --api.dashboard=false
       - --accesslog=true
       - --entrypoints.web.http.redirections.entrypoint.to=websecure
       - --entrypoints.web.http.redirections.entrypoint.scheme=https
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
+      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard/`)"
       - "traefik.http.routers.dashboard.entrypoints=websecure"
       - "traefik.http.routers.dashboard.service=api@internal"
       - "traefik.http.routers.dashboard.tls=true"
       - "traefik.http.routers.dashboard.middlewares=auth"
-      - "traefik.http.middlewares.auth.basicauth.users=${LDM_AUTH}"
     ports:
       - 80:80
       - 443:443

minimal/modules/export-and-qb.curl-templates

@@ -0,0 +1,6 @@
+# Full Excel Export
+curl --location --request POST 'https://${HOST}/${PROJECT}-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=${PROJECT}&output-format=EXCEL' \
+--header 'x-api-key: ${EXPORT_API_KEY}'
+
+# QB
+curl --location --request POST 'https://${HOST}/${PROJECT}-reporter/generate?template-id=${PROJECT}'

minimal/modules/exporter-compose.yml

@@ -3,7 +3,7 @@ version: "3.7"
 services:
   exporter:
     image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
-    container_name: bridgehead-ccp-exporter
+    container_name: bridgehead-${PROJECT}-exporter
     environment:
       JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
       LOG_LEVEL: "INFO"
@@ -12,39 +12,41 @@ services:
       EXPORTER_DB_USER: "exporter"
       EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
       EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
-      HTTP_RELATIVE_PATH: "/ccp-exporter"
+      HTTP_RELATIVE_PATH: "/${PROJECT}-exporter"
       SITE: "${SITE_ID}"
       HTTP_SERVLET_REQUEST_SCHEME: "https"
       OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
+      - "traefik.http.routers.exporter_${PROJECT}.rule=PathPrefix(`/${PROJECT}-exporter`)"
-      - "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092"
+      - "traefik.http.services.exporter_${PROJECT}.loadbalancer.server.port=8092"
-      - "traefik.http.routers.exporter_ccp.tls=true"
+      - "traefik.http.routers.exporter_${PROJECT}.tls=true"
-      - "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
+      - "traefik.http.middlewares.exporter_${PROJECT}_strip.stripprefix.prefixes=/${PROJECT}-exporter"
-      - "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
+      - "traefik.http.routers.exporter_${PROJECT}.middlewares=exporter_${PROJECT}_strip"
+      - "traefik.http.routers.connector.middlewares=connector_strip,auth-qr"
     volumes:
-      - "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output"
+      - "/var/cache/bridgehead/${PROJECT}/exporter-files:/app/exporter-files/output"
+
 
   exporter-db:
     image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
-    container_name: bridgehead-ccp-exporter-db
+    container_name: bridgehead-${PROJECT}-exporter-db
     environment:
       POSTGRES_USER: "exporter"
       POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
       POSTGRES_DB: "exporter"
     volumes:
       # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
-      - "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data"
+      - "/var/cache/bridgehead/${PROJECT}/exporter-db:/var/lib/postgresql/data"
 
   reporter:
     image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
-    container_name: bridgehead-ccp-reporter
+    container_name: bridgehead-${PROJECT}-reporter
     environment:
       JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
       LOG_LEVEL: "INFO"
       CROSS_ORIGINS: "https://${HOST}"
-      HTTP_RELATIVE_PATH: "/ccp-reporter"
+      HTTP_RELATIVE_PATH: "/${PROJECT}-reporter"
       SITE: "${SITE_ID}"
       EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
       EXPORTER_URL: "http://exporter:8092"
@@ -57,11 +59,15 @@ services:
     # There is a risk that the bridgehead restarts, losing the already created export.
 
     volumes:
-      - "/var/cache/bridgehead/ccp/reporter-files:/app/reports"
+      - "/var/cache/bridgehead/${PROJECT}/reporter-files:/app/reports"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
+      - "traefik.http.routers.reporter_${PROJECT}.rule=PathPrefix(`/${PROJECT}-reporter`)"
-      - "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095"
+      - "traefik.http.services.reporter_${PROJECT}.loadbalancer.server.port=8095"
-      - "traefik.http.routers.reporter_ccp.tls=true"
+      - "traefik.http.routers.reporter_${PROJECT}.tls=true"
-      - "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter"
+      - "traefik.http.middlewares.reporter_${PROJECT}_strip.stripprefix.prefixes=/${PROJECT}-reporter"
-      - "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip"
+      - "traefik.http.routers.reporter_${PROJECT}.middlewares=reporter_${PROJECT}_strip"
+
+  traefik:
+    labels:
+      - "traefik.http.middlewares.auth-qr.basicauth.users=${QR_AUTH}"

minimal/modules/teiler-compose.yml

@@ -0,0 +1,82 @@
+version: "3.7"
+
+services:
+
+  teiler-orchestrator:
+    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
+    container_name: bridgehead-teiler-orchestrator
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_orchestrator_${PROJECT}.rule=PathPrefix(`/${PROJECT}-teiler`)"
+      - "traefik.http.services.teiler_orchestrator_${PROJECT}.loadbalancer.server.port=9000"
+      - "traefik.http.routers.teiler_orchestrator_${PROJECT}.tls=true"
+      - "traefik.http.middlewares.teiler_orchestrator_${PROJECT}_strip.stripprefix.prefixes=/${PROJECT}-teiler"
+      - "traefik.http.routers.teiler_orchestrator_${PROJECT}.middlewares=teiler_orchestrator_${PROJECT}_strip"
+    environment:
+      TEILER_BACKEND_URL: "https://${HOST}/${PROJECT}-teiler-backend"
+      TEILER_DASHBOARD_URL: "https://${HOST}/${PROJECT}-teiler-dashboard"
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
+      HTTP_RELATIVE_PATH: "/${PROJECT}-teiler"
+
+  teiler-dashboard:
+    #image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image:  docker.verbis.dkfz.de/ccp/samply/teiler-dashboard:bbmri
+    container_name: bridgehead-teiler-dashboard
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_dashboard_${PROJECT}.rule=PathPrefix(`/${PROJECT}-teiler-dashboard`)"
+      - "traefik.http.services.teiler_dashboard_${PROJECT}.loadbalancer.server.port=80"
+      - "traefik.http.routers.teiler_dashboard_${PROJECT}.tls=true"
+      - "traefik.http.middlewares.teiler_dashboard_${PROJECT}_strip.stripprefix.prefixes=/${PROJECT}-teiler-dashboard"
+      - "traefik.http.routers.teiler_dashboard_${PROJECT}.middlewares=teiler_dashboard_${PROJECT}_strip"
+    environment:
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
+      TEILER_BACKEND_URL: "https://${HOST}/${PROJECT}-teiler-backend"
+      OIDC_URL: "${OIDC_URL}"
+      OIDC_REALM: "${OIDC_REALM}"
+      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
+      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
+      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
+      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
+      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
+      TEILER_PROJECT: "${PROJECT}"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
+      TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PROJECT}-teiler"
+      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/${PROJECT}-teiler-dashboard"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PROJECT}-teiler"
+      TEILER_USER: "${OIDC_USER_GROUP}"
+      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
+      REPORTER_DEFAULT_TEMPLATE_ID: "${PROJECT}-qb"
+      EXPORTER_DEFAULT_TEMPLATE_ID: "${PROJECT}"
+
+
+  teiler-backend:
+    image: docker.verbis.dkfz.de/ccp/${PROJECT}-teiler-backend:latest
+    container_name: bridgehead-teiler-backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_backend_${PROJECT}.rule=PathPrefix(`/${PROJECT}-teiler-backend`)"
+      - "traefik.http.services.teiler_backend_${PROJECT}.loadbalancer.server.port=8085"
+      - "traefik.http.routers.teiler_backend_${PROJECT}.tls=true"
+      - "traefik.http.middlewares.teiler_backend_${PROJECT}_strip.stripprefix.prefixes=/${PROJECT}-teiler-backend"
+      - "traefik.http.routers.teiler_backend_${PROJECT}.middlewares=teiler_backend_${PROJECT}_strip"
+    environment:
+      LOG_LEVEL: "INFO"
+      APPLICATION_PORT: "8085"
+      APPLICATION_ADDRESS: "${HOST}"
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
+      CONFIG_ENV_VAR_PATH: "/run/secrets/project-conf"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PROJECT}-teiler"
+      TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PROJECT}-teiler"
+      TEILER_DASHBOARD_DE_URL: "https://${HOST}/${PROJECT}-teiler-dashboard/de"
+      TEILER_DASHBOARD_EN_URL: "https://${HOST}/${PROJECT}-teiler-dashboard/en"
+      CENTRAX_URL: "${CENTRAXX_URL}"
+      HTTP_PROXY: "http://forward_proxy:3128"
+      ENABLE_MTBA: "${ENABLE_MTBA}"
+      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
+    secrets:
+      - project-conf
+
+secrets:
+  project-conf:
+    file: "/etc/bridgehead/${PROJECT}.conf"

minimal/modules/teiler-setup.sh

@@ -5,5 +5,5 @@ if [ "$ENABLE_TEILER" == true ];then
   OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
   TEILER_DEFAULT_LANGUAGE=DE
   TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
-  add_public_oidc_redirect_url "/ccp-teiler/*"
+  add_public_oidc_redirect_url "/${PROJECT}-teiler/*"
 fi