diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index ea152cd..21d0abb 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -1,6 +1,6 @@ name: Lint and Test Charts -on: workflow_dispatch +on: pull_request jobs: lint-test: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c5aa0c3..0fbeef4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,6 +1,9 @@ name: Release Charts -on: workflow_dispatch +on: + push: + branches: + - main jobs: release: diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml index 53f5aeb..5179295 100644 --- a/charts/templates/deployment.yaml +++ b/charts/templates/deployment.yaml @@ -43,8 +43,14 @@ spec: {{- end }} containers: - envFrom: + {{- if .Values.configMapRef.enabled }} - configMapRef: - name: {{ .Values.container.configMapRef }} + name: {{ .Values.configMapRef.ref }} + {{- end }} + {{- if .Values.secretRef.enabled }} + - secretRef: + name: {{ .Values.secretRef.ref }} + {{- end }} {{- if .Values.container.env }} env: {{- toYaml .Values.container.env | nindent 12 }} @@ -81,7 +87,7 @@ spec: terminationMessagePolicy: {{ .Values.terminationMessagePolicy }} # run on eks-public-cbioportal node group nodeSelector: - eks.amazonaws.com/nodegroup: {{ .Values.nodeGroup }} + {{ required ".Values.nodeSelector.key is required!" .Values.nodeSelector.key }}: {{ required ".Values.nodeSelector.value is required!" .Values.nodeSelector.value }} {{- if .Values.podTolerations }} tolerations: {{- toYaml .Values.podTolerations | nindent 8 }} diff --git a/charts/values.yaml b/charts/values.yaml index 40a4af6..b82ac28 100644 --- a/charts/values.yaml +++ b/charts/values.yaml @@ -22,18 +22,15 @@ creationTimestamp: "null" generation: 1 # Pod volumes -podVolumes: - - name: cbioportal-frontend-config-volume - configMap: - name: single-cell-frontend-config +podVolumes: {} # Pod Volume Mounts -podVolumeMounts: - - name: cbioportal-frontend-config-volume - mountPath: /cbioportal/ +podVolumeMounts: {} # Node group -nodeGroup: eks-public-cbioportal +nodeSelector: + key: + value: # Pod strategy rollingUpdate: @@ -43,9 +40,17 @@ rollingUpdate: # Pod labels podLabels: {} +# Enable/Disable and define configmaps and secrets +configMapRef: + enabled: 0 + ref: {} + +secretRef: + enabled: 0 + ref: {} + # Primary container container: - configMapRef: cbioportal-public6 image: cbioportal/cbioportal:6.0.17-web-shenandoah cmd: "java" env: @@ -86,18 +91,13 @@ containerPorts: protocol: TCP # Container resources -containerResources: - requests: - cpu: 1500m - memory: 15Gi - limits: - memory: 26Gi +containerResources: {} # Pod tolerations podTolerations: - key: "dedicated" operator: "Equal" - value: "eks-public-cbioportal" + value: "cbioportal" effect: "NoSchedule" terminationMessagePath: /dev/termination-log @@ -116,7 +116,7 @@ terminationGracePeriodSeconds: 30 status: {} # Service Name -serviceName: cbioportal-helm +serviceName: cbioportal # Service ports servicePorts: @@ -126,19 +126,12 @@ servicePorts: # Args for the java command in the container containerArgs: [ - # from https://developers.redhat.com/blog/2017/04/04/openjdk-and-containers/ "-Xms100m", "-Xmx25g", "-XX:+UnlockExperimentalVMOptions", "-XX:+UseShenandoahGC", "-XX:ShenandoahUncommitDelay=1000", "-XX:ShenandoahGuaranteedGCInterval=10000", - #"-XX:+AlwaysPreTouch", - #"-XX:+UseTransparentHugePages", - #"-XX:+UseNUMA", - #"-XX:+PrintGCDetails", - #"-XX:+UseParallelGC", - #"-XX:+PrintGCDateStamps", #"-XX:ParallelGCThreads=4", #"-XX:+UseG1GC", #"-XX:+AggressiveHeap", @@ -159,13 +152,13 @@ containerArgs: [ "-jar", "/cbioportal-webapp/app.jar", # enable remote debug - "--com.sun.management.jmxremote.rmi.port=8849", - "--com.sun.management.jmxremote=false", - "--com.sun.management.jmxremote.port=8849", - "--com.sun.management.jmxremote.ssl=false", - "--com.sun.management.jmxremote.authenticate=false", - "--com.sun.management.jmxremote.local.only=false", - "--java.rmi.server.hostname=localhost", + #"--com.sun.management.jmxremote.rmi.port=8849", + #"--com.sun.management.jmxremote=false", + #"--com.sun.management.jmxremote.port=8849", + #"--com.sun.management.jmxremote.ssl=false", + #"--com.sun.management.jmxremote.authenticate=false", + #"--com.sun.management.jmxremote.local.only=false", + #"--java.rmi.server.hostname=localhost", # /enable remote debug "--frontend.url=https://frontend.cbioportal.org/", "--enable_cross_study_expression=(studies)=>(studies.filter(s=>/pan_can_atlas/.test(s.studyId) === false).length === 0 || studies.filter(s=>/tcga_gdc/.test(s.studyId) === false).length === 0)", @@ -179,36 +172,36 @@ containerArgs: [ "--installation_map_url=https://installationmap.netlify.app/", "--app.name=public-portal", # connecting over dbcp - "--dbconnector=dbcp", + #"--dbconnector=dbcp", # Authentication settings - "--authenticate=optional_oauth2", - "--authorization=false", - "--security.method_authorization_enabled=false", - "--always_show_study_group=PUBLIC", - "--spring.security.oauth2.client.registration.google.clientId=$(GOOGLE_PLUS_CONSUMER_KEY)", - "--spring.security.oauth2.client.registration.google.clientSecret=$(GOOGLE_PLUS_CONSUMER_SECRET)", - "--spring.security.oauth2.client.provider.google.user-name-attribute=email", + #"--authenticate=optional_oauth2", + #"--authorization=false", + #"--security.method_authorization_enabled=false", + #"--always_show_study_group=PUBLIC", + #"--spring.security.oauth2.client.registration.google.clientId=$(GOOGLE_PLUS_CONSUMER_KEY)", + #"--spring.security.oauth2.client.registration.google.clientSecret=$(GOOGLE_PLUS_CONSUMER_SECRET)", + #"--spring.security.oauth2.client.provider.google.user-name-attribute=email", # "--logging.level.org.springframework.security=DEBUG", - "--spring.security.oauth2.client.registration.azure.client-id=$(MICROSOFT_LIVE_CONSUMER_KEY)", - "--spring.security.oauth2.client.registration.azure.clientSecret=$(MICROSOFT_LIVE_CONSUMER_SECRET)", - "--spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code", - "--spring.security.oauth2.client.registration.azure.redirect-uri={baseUrl}/login/oauth2/code/azure", - "--spring.security.oauth2.client.registration.azure.scope=openid,profile,email", - "--spring.security.oauth2.client.provider.azure.user-name-attribute=email", - "--spring.security.oauth2.client.provider.azure.authorization-uri=https://login.microsoftonline.com/common/oauth2/v2.0/authorize", - "--spring.security.oauth2.client.provider.azure.token-uri=https://login.microsoftonline.com/common/oauth2/v2.0/token", - "--spring.security.oauth2.client.provider.azure.jwk-set-uri=https://login.microsoftonline.com/common/discovery/v2.0/keys", + #"--spring.security.oauth2.client.registration.azure.client-id=$(MICROSOFT_LIVE_CONSUMER_KEY)", + #"--spring.security.oauth2.client.registration.azure.clientSecret=$(MICROSOFT_LIVE_CONSUMER_SECRET)", + #"--spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code", + #"--spring.security.oauth2.client.registration.azure.redirect-uri={baseUrl}/login/oauth2/code/azure", + #"--spring.security.oauth2.client.registration.azure.scope=openid,profile,email", + #"--spring.security.oauth2.client.provider.azure.user-name-attribute=email", + #"--spring.security.oauth2.client.provider.azure.authorization-uri=https://login.microsoftonline.com/common/oauth2/v2.0/authorize", + #"--spring.security.oauth2.client.provider.azure.token-uri=https://login.microsoftonline.com/common/oauth2/v2.0/token", + #"--spring.security.oauth2.client.provider.azure.jwk-set-uri=https://login.microsoftonline.com/common/discovery/v2.0/keys", "--security.cors.allowed-origins=*", # db settings "--db.user=$(DB_USER)", "--db.password=$(DB_PASSWORD)", "--spring.datasource.driver-class-name=com.mysql.jdbc.Driver", - "--spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect", - "--spring.datasource.url=jdbc:mysql://publicdb.cbioportal.org:3306/cgds_public_v5?zeroDateTimeBehavior=convertToNull&useSSL=false&allowPublicKeyRetrieval=true", + #"--spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect", + "--spring.datasource.url=$(DB_CONNECTION_STRING)", "--spring.datasource.username=$(DB_USER)", "--spring.datasource.password=$(DB_PASSWORD)", # "-Ddb.connection_string=$(DB_CONNECTION_STRING)", - "--tomcat.catalina.scope=runtime", + #"--tomcat.catalina.scope=runtime", "--show.transcript_dropdown=true", "--skin.show_tweet_button=$(SKIN_SHOW_TWEET_BUTTON)", "--skin.email_contact=cbioportal@googlegroups.com", @@ -222,60 +215,60 @@ containerArgs: [ "--priority_studies=PanCancer Studies#msk_impact_2017,metastatic_solid_tumors_mich_2017,mixed_allen_2018,summit_2018,tmb_mskcc_2018,ntrk_msk_2019,msk_ch_2020,pan_origimed_2020,pancan_pcawg_2020,msk_met_2021;Pediatric Cancer Studies#pptc_2019,all_phase2_target_2018_pub,rt_target_2018_pub,wt_target_2018_pub,aml_target_2018_pub,nbl_target_2018_pub,pediatric_dkfz_2017,mixed_pipseq_2017,all_stjude_2016,all_stjude_2015,es_dfarber_broad_2014,es_iocurie_2014,mbl_pcgp,nbl_msk_2023,pancan_mappyacts_2022;Immunogenomic Studies#gbm_columbia_2019,skcm_dfci_2015,skcm_mskcc_2014,mel_ucla_2016,nsclc_mskcc_2018,nsclc_mskcc_2015,tmb_mskcc_2018,ccrcc_dfci_2019;Cell lines#ccle_broad_2019,cellline_ccle_broad,cellline_nci60;PreCancerous Studies#crc_hta11_htan_2021", "--studyview.max_samples_selected=100000", "--study_download_url=https://cbioportal-datahub.s3.amazonaws.com/", - "--session.service.url=https://session-service.cbioportal.org/api/sessions/public_portal/", - "--session.service.origin=*", - "--session.service.user=$(SESSION_SERVICE_USER_NAME)", - "--session.service.password=$(SESSION_SERVICE_USER_PASSWORD)", - "--google_analytics_profile_id=G-5260NDGD6Z", - "--bitly.url=$(BITLY_URL)", - "--bitly.access.token=$(BITLY_ACCESS_TOKEN)", - "--sentry.dsn=$(SENTRY_DSN)", - "--sentry.factory=org.cbioportal.logging.SentryClientFactory", - "--sentry.traces-sample-rate=1.0", - "--sentry.exception-resolver-order=-2147483647", + "--session.service.url=https://cbioportal-session-service.herokuapp.com/session_service/api/sessions/heroku_portal/", + #"--session.service.origin=*", + #"--session.service.user=$(SESSION_SERVICE_USER_NAME)", + #"--session.service.password=$(SESSION_SERVICE_USER_PASSWORD)", + #"--google_analytics_profile_id=G-5260NDGD6Z", + #"--bitly.url=$(BITLY_URL)", + #"--bitly.access.token=$(BITLY_ACCESS_TOKEN)", + #"--sentry.dsn=$(SENTRY_DSN)", + #"--sentry.factory=org.cbioportal.logging.SentryClientFactory", + #"--sentry.traces-sample-rate=1.0", + #"--sentry.exception-resolver-order=-2147483647", #"--sentryjs.frontend_project_endpoint=$(SENTRY_FRONTEND_DSN)", "--db.suppress_schema_version_mismatch_errors=true", "--sitemaps=true", - "--oncokb.public_api.url=https://www.oncokb.org/api/v1", - "--oncokb.token=$(ONCOKB_TOKEN)", - "--genomenexus.url=https://v1.genomenexus.org", - "--show.genomenexus.annotation_sources=mutation_assessor", - "--matchminer.url=http://ec2-54-158-52-176.compute-1.amazonaws.com:5555", - "--matchminer.token=$(MATCHMINER_TOKEN)", + "--oncokb.public_api.url=https://public.api.oncokb.org/api/v1", + #"--oncokb.token=$(ONCOKB_TOKEN)", + #"--genomenexus.url=https://v1.genomenexus.org", + #"--show.genomenexus.annotation_sources=mutation_assessor", + #"--matchminer.url=http://ec2-54-158-52-176.compute-1.amazonaws.com:5555", + #"--matchminer.token=$(MATCHMINER_TOKEN)", # redis session store settings (different from redis persistence cache) - "--spring.session.store-type=redis", + #"--spring.session.store-type=redis", # "--server.servlet.session.timeout=10s", (not sure what this should be) - "--spring.data.redis.host=$(REDIS_SESSION_HOST)", - "--spring.data.redis.port=$(REDIS_SESSION_PORT)", - "--spring.data.redis.password=$(REDIS_SESSION_PASSWORD)", + #"--spring.data.redis.host=$(REDIS_SESSION_HOST)", + #"--spring.data.redis.port=$(REDIS_SESSION_PORT)", + #"--spring.data.redis.password=$(REDIS_SESSION_PASSWORD)", # To enable redis session store, we need to set # spring.autoconfigure.exclude to a random value to override the # property in applications.properties.EXAMPLE - "--spring.autoconfigure.exclude=dontexcludeanythingplz", + #"--spring.autoconfigure.exclude=dontexcludeanythingplz", # redis cache settings (currently redis) #"--cache.statistics_endpoint_enabled=false", # "--logging.level.org.cbioportal.persistence=DEBUG", # persistence cache settings (currently redis) #"-Dcache.statistics_endpoint_enabled=false", - "--persistence.cache_type=redis", - "--redis.leader_address=redis://cbioportal-public-persistence-redis-master:6379", - "--redis.follower_address=redis://cbioportal-public-persistence-redis-replicas:6379", - "--redis.database=8", - "--redis.password=$(REDIS_PERSISTENCE_PASSWORD)", - "--redis.clear_on_startup=true", - "--cache.endpoint.enabled=true", - "--cache.endpoint.api-key=1kmfbftTb2iY", + #"--persistence.cache_type=redis", + #"--redis.leader_address=redis://cbioportal-public-persistence-redis-master:6379", + #"--redis.follower_address=redis://cbioportal-public-persistence-redis-replicas:6379", + #"--redis.database=8", + #"--redis.password=$(REDIS_PERSISTENCE_PASSWORD)", + #"--redis.clear_on_startup=true", + #"--cache.endpoint.enabled=true", + #"--cache.endpoint.api-key=1kmfbftTb2iY", # disable ehcache # ??? Are we still using ehcache? # "--ehcache.cache_type=none", # misc frontend settings (this is NOT for backend persistence layer caching) #"--enable_persistent_cache=true", # compress on client side - "--enable_request_body_gzip_compression=true", + #"--enable_request_body_gzip_compression=true", # for single cell plugin - "--frontend.config=/cbioportal/frontendConfig.json", - "--frontend_authenticate=optional_oauth2", + #"--frontend.config=/cbioportal/frontendConfig.json", + #"--frontend_authenticate=optional_oauth2", # this addresses same issue as # https://github.com/cBioPortal/cbioportal/issues/2328 one needs to # set this if one doesn't want to forward https -> http -> https