Fix GitLab token syncing for BBMRI

Merge pull request #281 from samply/develop
Merge develop into main
2025-06-16 23:00:15 +02:00 · 2025-03-18 11:42:53 +01:00 · 2025-03-17 10:02:58 +01:00 · 2025-02-20 15:46:40 +01:00
3 changed files with 17 additions and 32 deletions
--- a/cce/modules/airgapped-blaze-compose.yml
+++ b/cce/modules/airgapped-blaze-compose.yml
@ -1,25 +0,0 @@
 version: "3.7"
 services:
  blaze-airgapped:
    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
    container_name: bridgehead-cce-blaze-airgapped
    environment:
      BASE_URL: "http://bridgehead-cce-blaze-airgapped:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-airgapped-data:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze-airgapped_cce.rule=PathPrefix(`/cce-localdatamanagement-airgapped`)"
      - "traefik.http.middlewares.cce_b-a_strip.stripprefix.prefixes=/cce-localdatamanagement-airgapped"
      - "traefik.http.services.blaze-airgapped_cce.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze-airgapped_cce.middlewares=cce_b-a_strip,auth"
      - "traefik.http.routers.blaze-airgapped_cce.tls=true"
 volumes:
  blaze-airgapped-data:
--- a/cce/modules/airgapped-blaze-setup.sh
+++ b/cce/modules/airgapped-blaze-setup.sh
@ -1,3 +0,0 @@
 #!/bin/bash
 OVERRIDE+=" -f ./$PROJECT/modules/airgapped-blaze-compose.yml"
--- a/lib/functions.sh
+++ b/lib/functions.sh
@ -334,6 +334,19 @@ function secret_sync_gitlab_token() {
            ;;
    esac
    if [ "$PROJECT" == "bbmri" ]; then
        # If the project is BBMRI, use the BBMRI-ERIC broker and not the GBN broker
        proxy_id=$ERIC_PROXY_ID
        broker_url=$ERIC_BROKER_URL
        broker_id=$ERIC_BROKER_ID
        root_crt_file="/srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem"
    else
        proxy_id=$PROXY_ID
        broker_url=$BROKER_URL
        broker_id=$BROKER_ID
        root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
    fi
    # Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.
    # If it is missing or expired, Secret Sync will create a new token and write it to the file.
    # The git credential helper reads the token from the file during git pull.
@ -344,14 +357,14 @@ function secret_sync_gitlab_token() {
    docker run --rm \
        -v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
        -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
-        -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \
+        -v $root_crt_file:/run/secrets/root.crt.pem:ro \
        -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
        -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
        -e NO_PROXY=localhost,127.0.0.1 \
        -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
-        -e PROXY_ID=$PROXY_ID \
+        -e PROXY_ID=$proxy_id \
-        -e BROKER_URL=$BROKER_URL \
+        -e BROKER_URL=$broker_url \
-        -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \
+        -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
        -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN:$gitlab \
        docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
    if [ $? -eq 0 ]; then
Author	SHA1	Message	Date
Tim Schumacher	d9d6a8acb3	Fix GitLab token syncing for BBMRI	2025-03-18 11:42:53 +01:00
Jan	4ef585bfc5	Merge pull request #281 from samply/develop Merge develop into main	2025-03-17 10:02:58 +01:00
Torben Brenner	6ca67ca082	Merge pull request #270 from samply/develop	2025-02-20 15:46:40 +01:00
		`@ -1,3 +0,0 @@`
			`#!/bin/bash`

			`OVERRIDE+=" -f ./$PROJECT/modules/airgapped-blaze-compose.yml"`