samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-06-30 23:20:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: samply:test/exporter-no-python
Branches Tags
samply:main samply:develop samply:feature/authentik samply:feature/remove-rstudio samply:feature/exporter-docu samply:transfair-cli samply:test/teiler-dashboard samply:feature/add-pscc samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:prototype/beamFile samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:ovis samply:test/airgapped-blaze samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:Threated-patch-1 samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration
..
compare: samply:8b5c47174a024c673dd688b2fc9b2da8d0c25512
Branches Tags
samply:develop samply:feature/authentik samply:feature/remove-rstudio samply:feature/exporter-docu samply:transfair-cli samply:main samply:test/teiler-dashboard samply:feature/add-pscc samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:prototype/beamFile samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:ovis samply:test/airgapped-blaze samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:Threated-patch-1 samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration

2 Commits
test/expor ... 8b5c47174a

Author SHA1 Message Date
Tim Schumacher
8b5c47174a Merge 767aa03588 into 7365be3e7b 2025-05-07 14:22:08 +02:00
Tim Schumacher
767aa03588 Use temp directory for secret sync cache 2025-05-07 14:21:14 +02:00
7 changed files with 12 additions and 19 deletions
Expand all files Collapse all files

2
ccp/modules/exporter-compose.yml
View File

@ -2,7 +2,7 @@ version: "3.7"
services: services:
exporter: exporter:
image: docker.verbis.dkfz.de/ccp/dktk-exporter:test image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
container_name: bridgehead-ccp-exporter container_name: bridgehead-ccp-exporter
environment: environment:
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"

7
ccp/modules/teiler-compose.yml
View File

@ -19,8 +19,7 @@ services:
HTTP_RELATIVE_PATH: "/ccp-teiler" HTTP_RELATIVE_PATH: "/ccp-teiler"
teiler-dashboard: teiler-dashboard:
#image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
image: samply/teiler-dashboard:develop
container_name: bridgehead-teiler-dashboard container_name: bridgehead-teiler-dashboard
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
@ -32,7 +31,6 @@ services:
environment: environment:
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
OIDC_URL: "${OIDC_URL}" OIDC_URL: "${OIDC_URL}"
OIDC_REALM: "${OIDC_REALM}" OIDC_REALM: "${OIDC_REALM}"
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
@ -43,6 +41,7 @@ services:
TEILER_PROJECT: "${PROJECT}" TEILER_PROJECT: "${PROJECT}"
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
TEILER_USER: "${OIDC_USER_GROUP}" TEILER_USER: "${OIDC_USER_GROUP}"
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
@ -70,10 +69,10 @@ services:
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de" TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en" TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
CENTRAX_URL: "${CENTRAXX_URL}"
HTTP_PROXY: "http://forward_proxy:3128" HTTP_PROXY: "http://forward_proxy:3128"
ENABLE_MTBA: "${ENABLE_MTBA}" ENABLE_MTBA: "${ENABLE_MTBA}"
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active
secrets: secrets:
- ccp.conf - ccp.conf

3
kr/modules/teiler-compose.yml
View File

@ -31,7 +31,6 @@ services:
environment: environment:
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
OIDC_URL: "${OIDC_URL}" OIDC_URL: "${OIDC_URL}"
OIDC_REALM: "${OIDC_REALM}" OIDC_REALM: "${OIDC_REALM}"
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
@ -42,6 +41,7 @@ services:
TEILER_PROJECT: "${PROJECT}" TEILER_PROJECT: "${PROJECT}"
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
TEILER_USER: "${OIDC_USER_GROUP}" TEILER_USER: "${OIDC_USER_GROUP}"
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
@ -69,6 +69,7 @@ services:
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de" TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en" TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
CENTRAX_URL: "${CENTRAXX_URL}"
HTTP_PROXY: "http://forward_proxy:3128" HTTP_PROXY: "http://forward_proxy:3128"
ENABLE_MTBA: "${ENABLE_MTBA}" ENABLE_MTBA: "${ENABLE_MTBA}"
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"

2
lib/functions.sh
View File

@ -348,7 +348,7 @@ function secret_sync_gitlab_token() {
fi fi
# Create a temporary directory for Secret Sync that is valid per boot # Create a temporary directory for Secret Sync that is valid per boot
secret_sync_tempdir="/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)" secret_sync_tempdir="/tmp/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)"
mkdir -p $secret_sync_tempdir mkdir -p $secret_sync_tempdir
# Use Secret Sync to validate the GitLab token in $secret_sync_tempdir/cache. # Use Secret Sync to validate the GitLab token in $secret_sync_tempdir/cache.

2
lib/gitlab-token-helper.sh
View File

@ -2,7 +2,7 @@
[ "$1" = "get" ] || exit [ "$1" = "get" ] || exit
source "/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)/gitlab-token" source "/tmp/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)/gitlab-token"
# Any non-empty username works, only the token matters # Any non-empty username works, only the token matters
cat << EOF cat << EOF

9
modules/transfair-compose.yml
View File

@ -8,8 +8,7 @@ services:
- TTP_URL - TTP_URL
- TTP_ML_API_KEY - TTP_ML_API_KEY
- TTP_GW_SOURCE - TTP_GW_SOURCE
- TTP_GW_EPIX_DOMAIN - TTP_GW_DOMAIN
- TTP_GW_GPAS_DOMAIN
- TTP_TYPE - TTP_TYPE
- TTP_AUTH - TTP_AUTH
- PROJECT_ID_SYSTEM - PROJECT_ID_SYSTEM
@ -24,8 +23,6 @@ services:
- RUST_LOG=${RUST_LOG:-info} - RUST_LOG=${RUST_LOG:-info}
- TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs - TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs
- TLS_DISABLE=${TRANSFAIR_TLS_DISABLE:-false} - TLS_DISABLE=${TRANSFAIR_TLS_DISABLE:-false}
- NO_PROXY=${TRANSFAIR_NO_PROXIES}
- ALL_PROXY=http://forward_proxy:3128
volumes: volumes:
- /var/cache/bridgehead/${PROJECT}/transfair:/transfair - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
@ -63,9 +60,9 @@ services:
transfair-request-blaze: transfair-request-blaze:
image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
container_name: bridgehead-transfair-request-blaze container_name: bridgehead-transfair-requests-blaze
environment: environment:
BASE_URL: "http://bridgehead-transfair-request-blaze:8080" BASE_URL: "http://bridgehead-transfair-requests-blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx1024m" JAVA_TOOL_OPTIONS: "-Xmx1024m"
DB_BLOCK_CACHE_SIZE: 1024 DB_BLOCK_CACHE_SIZE: 1024
CQL_EXPR_CACHE_SIZE: 8 CQL_EXPR_CACHE_SIZE: 8

6
modules/transfair-setup.sh
View File

@ -15,7 +15,7 @@ function transfairSetup() {
log INFO "TransFAIR request fhir store set to external $FHIR_REQUEST_URL" log INFO "TransFAIR request fhir store set to external $FHIR_REQUEST_URL"
else else
log INFO "TransFAIR request fhir store not set writing to internal blaze" log INFO "TransFAIR request fhir store not set writing to internal blaze"
FHIR_REQUEST_URL="http://transfair-request-blaze:8080" FHIR_REQUEST_URL="http://transfair-requests-blaze:8080"
OVERRIDE+=" --profile transfair-request-blaze" OVERRIDE+=" --profile transfair-request-blaze"
fi fi
if [ -n "$TTP_GW_SOURCE" ]; then if [ -n "$TTP_GW_SOURCE" ]; then
@ -27,9 +27,5 @@ function transfairSetup() {
else else
log INFO "TransFAIR configured without ttp" log INFO "TransFAIR configured without ttp"
fi fi
TRANSFAIR_NO_PROXIES="transfair-input-blaze,blaze,transfair-requests-blaze"
if [ -n "${TRANSFAIR_NO_PROXY}" ]; then
TRANSFAIR_NO_PROXIES+=",${TRANSFAIR_NO_PROXY}"
fi
fi fi
} }