samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-06-16 20:40:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: samply:test/exporter-no-python
Branches Tags
samply:main samply:transfair-cli samply:develop samply:feature/exporter-docu samply:test/teiler-dashboard samply:feature/add-pscc samply:feature/authentik samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:prototype/beamFile samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:ovis samply:test/airgapped-blaze samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:Threated-patch-1 samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:feat/central-rstudio samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration
..
compare: samply:test/obds2fhir-batch-import
Branches Tags
samply:transfair-cli samply:develop samply:feature/exporter-docu samply:main samply:test/teiler-dashboard samply:feature/add-pscc samply:feature/authentik samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:prototype/beamFile samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:ovis samply:test/airgapped-blaze samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:Threated-patch-1 samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:feat/central-rstudio samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration

1 Commits
test/expor ... test/obds2

Author SHA1 Message Date
p.delpy@dkfz-heidelberg.de
d9921568fc test: use batch import branch of oBDS2FHIR-REST 2025-05-02 14:41:09 +02:00
13 changed files with 18 additions and 59 deletions
Expand all files Collapse all files

4
bbmri/modules/eric-setup.sh
View File

@ -10,10 +10,6 @@ if [ "${ENABLE_ERIC}" == "true" ]; then
export ERIC_BROKER_ID=broker.bbmri.samply.de export ERIC_BROKER_ID=broker.bbmri.samply.de
export ERIC_ROOT_CERT=eric export ERIC_ROOT_CERT=eric
;; ;;
"acceptance")
export ERIC_BROKER_ID=broker-acc.bbmri-acc.samply.de
export ERIC_ROOT_CERT=eric.acc
;;
"test") "test")
export ERIC_BROKER_ID=broker-test.bbmri-test.samply.de export ERIC_BROKER_ID=broker-test.bbmri-test.samply.de
export ERIC_ROOT_CERT=eric.test export ERIC_ROOT_CERT=eric.test

20
bbmri/modules/eric.acc.root.crt.pem
View File

@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDNTCCAh2gAwIBAgIUE/wu6FmI+KSMOalI65b+lI3HI4cwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwOTE2MTUyMzU0WhcNMzQw
OTE0MTUyNDI0WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAOt1I1FQt2bI4Nnjtg8JBYid29cBIkDT4MMb45Jr
ays24y4R3WO7VJK9UjNduSq/A1jlA0W0A/szDf8Ojq6bBtg+uL92PTDjYH1QXwX0
c7eMo2tvvyyrs/cb2/ovDBQ1lpibcxVmVAv042ASmil3SdqKKXpv3ATnF9I7V4cv
fwB56FChaGIov5EK+9JOMjTx6oMlBEgUFR6qq/lSqM9my0HYwUFbX2W+nT9EKEIP
9UP1eyfRZR3E/+oticnm/cS20BGCbjoYrNgLthXKyaASuhGoElKs8EZ3h9MiI+u0
DpR0KpePhAkMLugBrgYWqkMwwD1684LfC4YVQrsLwzo5OW8CAwEAAaN7MHkwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPbXs3g3lMjH
1JMe0a5aVbN7lB92MB8GA1UdIwQYMBaAFPbXs3g3lMjH1JMe0a5aVbN7lB92MBYG
A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQBM5RsXb2HN
FpC1mYfocXAn20Zu4d603qmc/IqkiOWbp36pWo+jk1AxejyRS9hEpQalgSnvcRPQ
1hPEhGU+wvI0WWVi/01iNjVbXmJNPQEouXQWAT17dyp9vqQkPw8LNzpSV/qdPgbT
Z9o3sZrjUsSLsK7A7Q5ky4ePkiJBaMsHeAD+wqGwpiJ4D2Xhp8e1v36TWM0qt2EA
gySx9isx/jeGGPBmDqYB9BCal5lrihPN56jd+5pCkyXeZqKWiiXFJKXwcwxctYZc
ADHIiTLLPXE8LHTUJAO51it1NAZ1S24aMzax4eWDXcWO7/ybbx5pkYkMd6EqlKHd
8riQJIhY4huX
-----END CERTIFICATE-----

5
bridgehead
View File

@ -69,7 +69,7 @@ loadVars() {
if [ "$(git rev-parse --abbrev-ref HEAD)" == "main" ]; then if [ "$(git rev-parse --abbrev-ref HEAD)" == "main" ]; then
ENVIRONMENT="production" ENVIRONMENT="production"
else else
ENVIRONMENT="test" # we have acceptance environment in BBMRI ERIC and it would be more appropriate to default to that one in case the data they have in BH is real, but I'm gonna leave it as is for backward compatibility ENVIRONMENT="test"
fi fi
fi fi
# Source the versions of the images components # Source the versions of the images components
@ -80,9 +80,6 @@ loadVars() {
"test") "test")
source ./versions/test source ./versions/test
;; ;;
"acceptance")
source ./versions/acceptance
;;
*) *)
report_error 7 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!" report_error 7 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!"
source ./versions/prod source ./versions/prod

2
ccp/modules/exporter-compose.yml
View File

@ -2,7 +2,7 @@ version: "3.7"
services: services:
exporter: exporter:
image: docker.verbis.dkfz.de/ccp/dktk-exporter:test image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
container_name: bridgehead-ccp-exporter container_name: bridgehead-ccp-exporter
environment: environment:
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"

2
ccp/modules/obds2fhir-rest-compose.yml
View File

@ -3,7 +3,7 @@ version: "3.7"
services: services:
obds2fhir-rest: obds2fhir-rest:
container_name: bridgehead-obds2fhir-rest container_name: bridgehead-obds2fhir-rest
image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:fixSampleImport
environment: environment:
IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY} MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

7
ccp/modules/teiler-compose.yml
View File

@ -19,8 +19,7 @@ services:
HTTP_RELATIVE_PATH: "/ccp-teiler" HTTP_RELATIVE_PATH: "/ccp-teiler"
teiler-dashboard: teiler-dashboard:
#image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
image: samply/teiler-dashboard:develop
container_name: bridgehead-teiler-dashboard container_name: bridgehead-teiler-dashboard
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
@ -32,7 +31,6 @@ services:
environment: environment:
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
OIDC_URL: "${OIDC_URL}" OIDC_URL: "${OIDC_URL}"
OIDC_REALM: "${OIDC_REALM}" OIDC_REALM: "${OIDC_REALM}"
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
@ -43,6 +41,7 @@ services:
TEILER_PROJECT: "${PROJECT}" TEILER_PROJECT: "${PROJECT}"
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
TEILER_USER: "${OIDC_USER_GROUP}" TEILER_USER: "${OIDC_USER_GROUP}"
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
@ -70,10 +69,10 @@ services:
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de" TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en" TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
CENTRAX_URL: "${CENTRAXX_URL}"
HTTP_PROXY: "http://forward_proxy:3128" HTTP_PROXY: "http://forward_proxy:3128"
ENABLE_MTBA: "${ENABLE_MTBA}" ENABLE_MTBA: "${ENABLE_MTBA}"
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active
secrets: secrets:
- ccp.conf - ccp.conf

3
kr/modules/teiler-compose.yml
View File

@ -31,7 +31,6 @@ services:
environment: environment:
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
OIDC_URL: "${OIDC_URL}" OIDC_URL: "${OIDC_URL}"
OIDC_REALM: "${OIDC_REALM}" OIDC_REALM: "${OIDC_REALM}"
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
@ -42,6 +41,7 @@ services:
TEILER_PROJECT: "${PROJECT}" TEILER_PROJECT: "${PROJECT}"
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
TEILER_USER: "${OIDC_USER_GROUP}" TEILER_USER: "${OIDC_USER_GROUP}"
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
@ -69,6 +69,7 @@ services:
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de" TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en" TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
CENTRAX_URL: "${CENTRAXX_URL}"
HTTP_PROXY: "http://forward_proxy:3128" HTTP_PROXY: "http://forward_proxy:3128"
ENABLE_MTBA: "${ENABLE_MTBA}" ENABLE_MTBA: "${ENABLE_MTBA}"
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"

11
lib/functions.sh
View File

@ -347,21 +347,18 @@ function secret_sync_gitlab_token() {
root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem" root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
fi fi
# Create a temporary directory for Secret Sync that is valid per boot # Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.
secret_sync_tempdir="/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)"
mkdir -p $secret_sync_tempdir
# Use Secret Sync to validate the GitLab token in $secret_sync_tempdir/cache.
# If it is missing or expired, Secret Sync will create a new token and write it to the file. # If it is missing or expired, Secret Sync will create a new token and write it to the file.
# The git credential helper reads the token from the file during git pull. # The git credential helper reads the token from the file during git pull.
mkdir -p /var/cache/bridgehead/secrets
touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container
log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)" log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)"
docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image
docker run --rm \ docker run --rm \
-v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
-v $root_crt_file:/run/secrets/root.crt.pem:ro \ -v $root_crt_file:/run/secrets/root.crt.pem:ro \
-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
-v $secret_sync_tempdir:/secret-sync/ \
-e CACHE_PATH=/secret-sync/gitlab-token \
-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
-e NO_PROXY=localhost,127.0.0.1 \ -e NO_PROXY=localhost,127.0.0.1 \
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \

2
lib/gitlab-token-helper.sh
View File

@ -2,7 +2,7 @@
[ "$1" = "get" ] || exit [ "$1" = "get" ] || exit
source "/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)/gitlab-token" source /var/cache/bridgehead/secrets/gitlab_token
# Any non-empty username works, only the token matters # Any non-empty username works, only the token matters
cat << EOF cat << EOF

2
modules/ssh-tunnel-setup.sh
View File

@ -2,5 +2,5 @@
if [ -n "$ENABLE_SSH_TUNNEL" ]; then if [ -n "$ENABLE_SSH_TUNNEL" ]; then
log INFO "SSH Tunnel setup detected -- will start SSH Tunnel." log INFO "SSH Tunnel setup detected -- will start SSH Tunnel."
OVERRIDE+=" -f ./modules/ssh-tunnel-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/ssh-tunnel-compose.yml"
fi fi

10
modules/transfair-compose.yml
View File

@ -8,8 +8,7 @@ services:
- TTP_URL - TTP_URL
- TTP_ML_API_KEY - TTP_ML_API_KEY
- TTP_GW_SOURCE - TTP_GW_SOURCE
- TTP_GW_EPIX_DOMAIN - TTP_GW_DOMAIN
- TTP_GW_GPAS_DOMAIN
- TTP_TYPE - TTP_TYPE
- TTP_AUTH - TTP_AUTH
- PROJECT_ID_SYSTEM - PROJECT_ID_SYSTEM
@ -23,9 +22,6 @@ services:
- DATABASE_URL=sqlite://transfair/data_requests.sql?mode=rwc - DATABASE_URL=sqlite://transfair/data_requests.sql?mode=rwc
- RUST_LOG=${RUST_LOG:-info} - RUST_LOG=${RUST_LOG:-info}
- TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs - TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs
- TLS_DISABLE=${TRANSFAIR_TLS_DISABLE:-false}
- NO_PROXY=${TRANSFAIR_NO_PROXIES}
- ALL_PROXY=http://forward_proxy:3128
volumes: volumes:
- /var/cache/bridgehead/${PROJECT}/transfair:/transfair - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
@ -63,9 +59,9 @@ services:
transfair-request-blaze: transfair-request-blaze:
image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
container_name: bridgehead-transfair-request-blaze container_name: bridgehead-transfair-requests-blaze
environment: environment:
BASE_URL: "http://bridgehead-transfair-request-blaze:8080" BASE_URL: "http://bridgehead-transfair-requests-blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx1024m" JAVA_TOOL_OPTIONS: "-Xmx1024m"
DB_BLOCK_CACHE_SIZE: 1024 DB_BLOCK_CACHE_SIZE: 1024
CQL_EXPR_CACHE_SIZE: 8 CQL_EXPR_CACHE_SIZE: 8

6
modules/transfair-setup.sh
View File

@ -15,7 +15,7 @@ function transfairSetup() {
log INFO "TransFAIR request fhir store set to external $FHIR_REQUEST_URL" log INFO "TransFAIR request fhir store set to external $FHIR_REQUEST_URL"
else else
log INFO "TransFAIR request fhir store not set writing to internal blaze" log INFO "TransFAIR request fhir store not set writing to internal blaze"
FHIR_REQUEST_URL="http://transfair-request-blaze:8080" FHIR_REQUEST_URL="http://transfair-requests-blaze:8080"
OVERRIDE+=" --profile transfair-request-blaze" OVERRIDE+=" --profile transfair-request-blaze"
fi fi
if [ -n "$TTP_GW_SOURCE" ]; then if [ -n "$TTP_GW_SOURCE" ]; then
@ -27,9 +27,5 @@ function transfairSetup() {
else else
log INFO "TransFAIR configured without ttp" log INFO "TransFAIR configured without ttp"
fi fi
TRANSFAIR_NO_PROXIES="transfair-input-blaze,blaze,transfair-requests-blaze"
if [ -n "${TRANSFAIR_NO_PROXY}" ]; then
TRANSFAIR_NO_PROXIES+=",${TRANSFAIR_NO_PROXY}"
fi
fi fi
} }

3
versions/acceptance
View File

@ -1,3 +0,0 @@
FOCUS_TAG=develop
BEAM_TAG=develop
BLAZE_TAG=main