diff --git a/docker/dicom_indexer/Dockerfile b/docker/dicom_indexer/Dockerfile index 22ec83d..e7c3e77 100644 --- a/docker/dicom_indexer/Dockerfile +++ b/docker/dicom_indexer/Dockerfile @@ -1,5 +1,5 @@ FROM python:3.12-alpine -RUN apk add --no-cache ca-certificates tzdata \ +RUN apk add --no-cache ca-certificates tzdata 7zip jq\ git openssh-client git-annex curl bzip2 bash glab\ && cp /usr/share/zoneinfo/UTC /etc/localtime \ && apk del tzdata \ @@ -12,6 +12,6 @@ RUN pip install --break-system-packages --no-cache-dir datalad ssh_agent_setup p ADD indexer /indexer COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh -CMD /entrypoint.sh +ENTRYPOINT ["bash", "/entrypoint.sh"] WORKDIR /work diff --git a/docker/dicom_indexer/entrypoint.sh b/docker/dicom_indexer/entrypoint.sh index 05d50ac..1ae1665 100644 --- a/docker/dicom_indexer/entrypoint.sh +++ b/docker/dicom_indexer/entrypoint.sh @@ -1,21 +1,24 @@ #!/bin/bash CONTAINER_ID=$(basename $(cat /proc/1/cpuset)) -GITLAB_TOKEN_SECRET=/var/run/secrets/dicom_bot_gitlab_token +GITLAB_TOKEN_SECRET=$(cat /var/run/secrets/dicom_bot_gitlab_token 2>/dev/null) +GITLAB_TOKEN=${GITLAB_TOKEN_SECRET:=$GITLAB_TOKEN} # only export keys when deploying as a service on swarm # TODO: should try using gitlab runner mechanism if not -if [ -e $GITLAB_TOKEN_SECRET ] ; then +if [ -n "${GITLAB_TOKEN}" ] ; then # generate container specific ssh-key ssh-keygen -f /root/.ssh/id_rsa -N '' # register it for dicom_bot user - curl -X POST -F "private_token=$(cat $GITLAB_TOKEN_SECRET)" \ + echo 'registering the ssh key' + ssh_key_json=$(curl -X POST -F "private_token=${GITLAB_TOKEN}" \ -F "title="$(cat /etc/hostname)${CONTAINER_ID:0:12} -F "key=$(cat ~/.ssh/id_rsa.pub)" \ - "${GITLAB_API_URL}/user/keys" + "${GITLAB_API_URL}/user/keys") fi git config --global init.defaultBranch main - +mkdir -p ~/.ssh/known_hosts +install -m 600 /dev/stdin ~/.ssh/known_hosts <<< "$SSH_KNOWN_HOSTS" # example # /usr/bin/storescp \ @@ -26,12 +29,12 @@ git config --global init.defaultBranch main # --exec-on-eostudy "python3 $DICOM_ROOT/exec_on_study_received.py #p " 2100 >> $DICOM_DATA_ROOT/storescp.log # run whatever command was passed (storescp or python index_dicoms directly) -echo $@ -bash -c "$@" +$@ -if [ -e $GITLAB_TOKEN_SECRET ] ; then +if [ -n "${GITLAB_TOKEN}" ] ; then # unregister the temporary ssh key - curl -X DELETE -F "private_token=$(cat $GITLAB_TOKEN_SECRET)" \ + ssh_key_id=$(jq .id <<< $ssh_key_json) + curl -X DELETE -F "private_token=${GITLAB_TOKEN}" \ -F "title="$(cat /etc/hostname)${CONTAINER_ID:0:12} - "${GITLAB_API_URL}/user/keys" + "${GITLAB_API_URL}/users/keys/${ssh_key_id}" fi diff --git a/docker/dicom_indexer/indexer/repo_templates/bids/.gitlab-ci.yml b/docker/dicom_indexer/indexer/repo_templates/bids/.gitlab-ci.yml index 606af35..dec518c 100644 --- a/docker/dicom_indexer/indexer/repo_templates/bids/.gitlab-ci.yml +++ b/docker/dicom_indexer/indexer/repo_templates/bids/.gitlab-ci.yml @@ -1,5 +1,6 @@ include: - local: /.ci-env.yml - project: "$NI_DATAOPS_GITLAB_ROOT/ci-pipelines" + ref: refactor file: - 'ci-pipelines/bids/bids_repo.yml' diff --git a/docker/dicom_indexer/indexer/repo_templates/dicom_study/.gitlab-ci.yml b/docker/dicom_indexer/indexer/repo_templates/dicom_study/.gitlab-ci.yml index aaa831e..e48223a 100644 --- a/docker/dicom_indexer/indexer/repo_templates/dicom_study/.gitlab-ci.yml +++ b/docker/dicom_indexer/indexer/repo_templates/dicom_study/.gitlab-ci.yml @@ -2,5 +2,6 @@ include: - local: /.ci-env.yml - project: "$NI_DATAOPS_GITLAB_ROOT/ci-pipelines" + ref: refactor file: - 'ci-pipelines/sources/dicoms_study.yml'