From 10c50e5ac071aec1dc714de8c743a03dab7c6e2c Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Thu, 19 Mar 2026 15:13:42 +0100 Subject: [PATCH 01/12] client configuration and cors for ingress for credentials --- .../accounts/deploy/resources/realm.json | 28 +++++++++++++++++++ .../values-template-dev.yaml | 12 +++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/applications/accounts/deploy/resources/realm.json b/applications/accounts/deploy/resources/realm.json index 80888301c..7da4dde55 100644 --- a/applications/accounts/deploy/resources/realm.json +++ b/applications/accounts/deploy/resources/realm.json @@ -322,6 +322,34 @@ "offline_access", "microprofile-jwt" ] + }, + { + "clientId": "idp-arc", + "name": "idp-arc", + "enabled": true, + "publicClient": true, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "protocol": "openid-connect", + "rootUrl": "{{ .Values.idpArc.rootUrl }}", + "redirectUris": [ + "{{ .Values.idpArc.rootUrl }}/*" + ], + "webOrigins": [ + "{{ .Values.idpArc.rootUrl }}" + ], + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "fullScopeAllowed": true, + "defaultClientScopes": [ + "web-origins", "profile", "roles", "email" + ], + "optionalClientScopes": [ + "offline_access" + ] } ], "clientScopes": [ diff --git a/deployment-configuration/values-template-dev.yaml b/deployment-configuration/values-template-dev.yaml index 6b178e827..2a11a72d1 100644 --- a/deployment-configuration/values-template-dev.yaml +++ b/deployment-configuration/values-template-dev.yaml @@ -1,2 +1,12 @@ backup: - active: false \ No newline at end of file + active: false + +idpArc: + rootUrl: "https://idp-arc.idp-arc.dev.metacell.us" + +ingress: + annotations: + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-origin: "https://idp-arc.idp-arc.dev.metacell.us" + nginx.ingress.kubernetes.io/cors-allow-credentials: "true" + nginx.ingress.kubernetes.io/cors-allow-headers: "Authorization, Content-Type" From 3a2e5bf5a4ebe6c9ad6d280b70584736a44938fe Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Tue, 24 Mar 2026 18:22:14 +0100 Subject: [PATCH 02/12] netpyne revision --- deployment/codefresh-dev.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/codefresh-dev.yaml b/deployment/codefresh-dev.yaml index 78433979b..64e8e1aa9 100644 --- a/deployment/codefresh-dev.yaml +++ b/deployment/codefresh-dev.yaml @@ -31,7 +31,7 @@ steps: title: Cloning NetPyNE-UI.git repository... type: git-clone repo: https://github.com/MetaCell/NetPyNE-UI.git - revision: dev_netpyne_updates + revision: osb2-dev working_directory: applications/netpyne/dependencies/ git: github clone_nwb-explorer_git_nwb-explorer: From 053f9edc6fd0e6bd1d456acdc9f71ed5fd626e01 Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Wed, 25 Mar 2026 17:46:23 +0100 Subject: [PATCH 03/12] fixing permission issue --- applications/jupyterlab/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/applications/jupyterlab/Dockerfile b/applications/jupyterlab/Dockerfile index 9799c8b93..3b142019c 100644 --- a/applications/jupyterlab/Dockerfile +++ b/applications/jupyterlab/Dockerfile @@ -77,15 +77,15 @@ USER root RUN conda install conda-forge::nest-simulator ENV NEST_HOME=/opt/conda -USER jovyan - -#### Install Python packages +#### Install Python packages (as root to avoid permission issues with conda-managed packages) RUN --mount=type=cache,target=/root/.cache python -m pip install --upgrade pip && \ pip install backports.tarfile>=1.2 # temp fix for error: ImportError: cannot import name 'tarfile' from 'backports' RUN --mount=type=cache,target=/root/.cache python -m pip install --upgrade pip &&\ pip install -r requirements.txt --upgrade --no-cache-dir +USER jovyan + # Compile NEURON mod files for PyNN RUN cd /opt/conda/lib/python3.12/site-packages/pyNN/neuron/nmodl && nrnivmodl From ca4072732ac87da5ce34be73885124f4e5a50422 Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Wed, 25 Mar 2026 18:10:50 +0100 Subject: [PATCH 04/12] lower neuron version below 9 --- applications/jupyterlab/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/jupyterlab/requirements.txt b/applications/jupyterlab/requirements.txt index cce0760db..cd64d940d 100644 --- a/applications/jupyterlab/requirements.txt +++ b/applications/jupyterlab/requirements.txt @@ -3,7 +3,7 @@ pyelectro neurotune #### NEURON & NetPyNE -neuron +neuron<9 # Install specific version of NetPyNE git+https://github.com/Neurosim-lab/netpyne.git@osbv2#egg=netpyne From 0cb8717eaee74b36deb21679595d4044fa977553 Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Wed, 25 Mar 2026 18:19:12 +0100 Subject: [PATCH 05/12] fixing netpyne build --- applications/netpyne/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/applications/netpyne/Dockerfile b/applications/netpyne/Dockerfile index eca06eea7..f2345e822 100644 --- a/applications/netpyne/Dockerfile +++ b/applications/netpyne/Dockerfile @@ -1,8 +1,9 @@ -FROM node:18 AS jsbuild +FROM node:16-bullseye AS jsbuild ARG APP_DIR=dependencies/NetPyNE-UI ENV FOLDER=netpyne +ENV NODE_OPTIONS=--openssl-legacy-provider WORKDIR $FOLDER/webapp COPY $APP_DIR/webapp/package.json . From 7234db96319acdb5a42607ee94c5686b984aefc1 Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Wed, 25 Mar 2026 18:29:49 +0100 Subject: [PATCH 06/12] node option removed --- applications/netpyne/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/applications/netpyne/Dockerfile b/applications/netpyne/Dockerfile index f2345e822..f5788e99a 100644 --- a/applications/netpyne/Dockerfile +++ b/applications/netpyne/Dockerfile @@ -3,7 +3,6 @@ FROM node:16-bullseye AS jsbuild ARG APP_DIR=dependencies/NetPyNE-UI ENV FOLDER=netpyne -ENV NODE_OPTIONS=--openssl-legacy-provider WORKDIR $FOLDER/webapp COPY $APP_DIR/webapp/package.json . From 07dc7c015cb53710c8717dc059c6f5a215b09d5b Mon Sep 17 00:00:00 2001 From: Filippo Ledda Date: Thu, 26 Mar 2026 10:43:42 +0100 Subject: [PATCH 07/12] Accounts-api update connexion --- .../accounts-api/backend/requirements.txt | 20 +++++++++---------- applications/accounts-api/backend/setup.py | 8 ++++---- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/applications/accounts-api/backend/requirements.txt b/applications/accounts-api/backend/requirements.txt index f9289e172..68760177c 100644 --- a/applications/accounts-api/backend/requirements.txt +++ b/applications/accounts-api/backend/requirements.txt @@ -1,11 +1,9 @@ -connexion[swagger-ui] >= 2.6.0; python_version>="3.6" -# 2.3 is the last version that supports python 3.4-3.5 -connexion[swagger-ui] <= 2.3.0; python_version=="3.5" or python_version=="3.4" -# connexion requires werkzeug but connexion < 2.4.0 does not install werkzeug -# we must peg werkzeug versions below to fix connexion -# https://github.com/zalando/connexion/pull/1044 -werkzeug == 2.2.3; python_version=="3.5" or python_version=="3.4" -swagger-ui-bundle >= 0.0.2 -python_dateutil >= 2.6.0 -setuptools >= 21.0.0 -cloudharness +connexion[swagger-ui,flask,uvicorn]>=3.0.0,<4.0.0 +swagger-ui-bundle>=1.1.0 +python_dateutil>=2.9.0 +setuptools>=21.0.0 +uvicorn +# Following some unnecessary requirements to make sure they can be installed +psycopg2-binary +sqlalchemy<2.0.0 +scipy \ No newline at end of file diff --git a/applications/accounts-api/backend/setup.py b/applications/accounts-api/backend/setup.py index e16a0a2e5..705dcf730 100644 --- a/applications/accounts-api/backend/setup.py +++ b/applications/accounts-api/backend/setup.py @@ -14,10 +14,10 @@ # http://pypi.python.org/pypi/setuptools REQUIRES = [ - "connexion>=2.0.2", - "swagger-ui-bundle>=0.0.2", - "python_dateutil>=2.6.0", - "cloudharness" + "connexion[swagger-ui,flask,uvicorn]>=3.0.0,<4.0.0", + "Flask", + "swagger-ui-bundle", + "cloudharness", ] setup( From ebfdde0eadab6dbe16fc172e2e840185d6450da1 Mon Sep 17 00:00:00 2001 From: Filippo Ledda Date: Thu, 26 Mar 2026 10:59:00 +0100 Subject: [PATCH 08/12] Accounts-api update entrypoint --- applications/accounts-api/Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/applications/accounts-api/Dockerfile b/applications/accounts-api/Dockerfile index 0d8f6e645..c3f9ea104 100644 --- a/applications/accounts-api/Dockerfile +++ b/applications/accounts-api/Dockerfile @@ -13,5 +13,3 @@ RUN pip3 install --no-cache-dir -r requirements.txt COPY backend /usr/src/app RUN pip3 install -e . - -ENTRYPOINT gunicorn --workers=$WORKERS --bind=0.0.0.0:$PORT $MODULE_NAME.__main__:app From 6d1e25f846aaed81e1aaa25d88417033015594f2 Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Thu, 26 Mar 2026 18:43:16 +0100 Subject: [PATCH 09/12] adding required scopes for idp arc --- applications/accounts/deploy/resources/realm.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/accounts/deploy/resources/realm.json b/applications/accounts/deploy/resources/realm.json index 7da4dde55..c9d38951e 100644 --- a/applications/accounts/deploy/resources/realm.json +++ b/applications/accounts/deploy/resources/realm.json @@ -348,7 +348,7 @@ "web-origins", "profile", "roles", "email" ], "optionalClientScopes": [ - "offline_access" + "offline_access", "{{ .Values.apps.accounts.admin.role }}-scope" ] } ], From c85806bda33da80871c0124b5dae1fd80fcd7ca2 Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Sat, 28 Mar 2026 02:24:18 +0100 Subject: [PATCH 10/12] purge immutable changes due to CH changes --- deployment/codefresh-dev.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/deployment/codefresh-dev.yaml b/deployment/codefresh-dev.yaml index 6f2f4e58f..ddaa2d2b4 100644 --- a/deployment/codefresh-dev.yaml +++ b/deployment/codefresh-dev.yaml @@ -676,6 +676,19 @@ steps: - pip install -r /usr/src/app/test-requirements.txt - pytest /usr/src/app/ image: '${{REGISTRY}}/osb/workspaces:${{WORKSPACES_TAG}}' + delete_immutable_resources: + stage: deploy + title: Delete Deployments with immutable selector changes + image: codefresh/kubectl + commands: + - kubectl config use-context ${{CLUSTER_NAME}} + - kubectl config set-context --current --namespace=${{NAMESPACE}} + - | + for dep in accounts accounts-api backoffice common notifications osb-portal volumemanager workflows workspaces workspaces-postgres-host; do + kubectl delete deployment "$dep" --ignore-not-found=true + done + - kubectl delete deployment hub proxy --ignore-not-found=true + - kubectl delete statefulset user-placeholder --ignore-not-found=true deployment: stage: deploy type: helm From 69a41da17547b8ede522d4d59a8f0afd81a41b29 Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Sat, 28 Mar 2026 02:42:48 +0100 Subject: [PATCH 11/12] purge immutable changes due to CH changes 2 --- deployment/codefresh-dev.yaml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/deployment/codefresh-dev.yaml b/deployment/codefresh-dev.yaml index ddaa2d2b4..769c107be 100644 --- a/deployment/codefresh-dev.yaml +++ b/deployment/codefresh-dev.yaml @@ -683,11 +683,18 @@ steps: commands: - kubectl config use-context ${{CLUSTER_NAME}} - kubectl config set-context --current --namespace=${{NAMESPACE}} - - | - for dep in accounts accounts-api backoffice common notifications osb-portal volumemanager workflows workspaces workspaces-postgres-host; do - kubectl delete deployment "$dep" --ignore-not-found=true - done - - kubectl delete deployment hub proxy --ignore-not-found=true + - kubectl delete deployment accounts --ignore-not-found=true + - kubectl delete deployment accounts-api --ignore-not-found=true + - kubectl delete deployment backoffice --ignore-not-found=true + - kubectl delete deployment common --ignore-not-found=true + - kubectl delete deployment notifications --ignore-not-found=true + - kubectl delete deployment osb-portal --ignore-not-found=true + - kubectl delete deployment volumemanager --ignore-not-found=true + - kubectl delete deployment workflows --ignore-not-found=true + - kubectl delete deployment workspaces --ignore-not-found=true + - kubectl delete deployment workspaces-postgres-host --ignore-not-found=true + - kubectl delete deployment hub --ignore-not-found=true + - kubectl delete deployment proxy --ignore-not-found=true - kubectl delete statefulset user-placeholder --ignore-not-found=true deployment: stage: deploy From fd499f6b6506fdbde97c8c47b0543e706766aba6 Mon Sep 17 00:00:00 2001 From: Dario Del Piano Date: Sat, 28 Mar 2026 03:22:11 +0100 Subject: [PATCH 12/12] remove unmutable cleanup step --- deployment/codefresh-dev.yaml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/deployment/codefresh-dev.yaml b/deployment/codefresh-dev.yaml index 769c107be..6f2f4e58f 100644 --- a/deployment/codefresh-dev.yaml +++ b/deployment/codefresh-dev.yaml @@ -676,26 +676,6 @@ steps: - pip install -r /usr/src/app/test-requirements.txt - pytest /usr/src/app/ image: '${{REGISTRY}}/osb/workspaces:${{WORKSPACES_TAG}}' - delete_immutable_resources: - stage: deploy - title: Delete Deployments with immutable selector changes - image: codefresh/kubectl - commands: - - kubectl config use-context ${{CLUSTER_NAME}} - - kubectl config set-context --current --namespace=${{NAMESPACE}} - - kubectl delete deployment accounts --ignore-not-found=true - - kubectl delete deployment accounts-api --ignore-not-found=true - - kubectl delete deployment backoffice --ignore-not-found=true - - kubectl delete deployment common --ignore-not-found=true - - kubectl delete deployment notifications --ignore-not-found=true - - kubectl delete deployment osb-portal --ignore-not-found=true - - kubectl delete deployment volumemanager --ignore-not-found=true - - kubectl delete deployment workflows --ignore-not-found=true - - kubectl delete deployment workspaces --ignore-not-found=true - - kubectl delete deployment workspaces-postgres-host --ignore-not-found=true - - kubectl delete deployment hub --ignore-not-found=true - - kubectl delete deployment proxy --ignore-not-found=true - - kubectl delete statefulset user-placeholder --ignore-not-found=true deployment: stage: deploy type: helm