get everything running atleast

Tiltfile

@@ -8,11 +8,11 @@ allow_k8s_contexts('docker-desktop')
 
 
 # Build baseimage
-docker_build("opencrvs/ocrvs-base", ".", dockerfile="packages/Dockerfile.base", only=["packages/commons/","package.json","yarn.lock"])
+docker_build("opencrvs/ocrvs-base", ".", dockerfile="packages/Dockerfile.base", only=["packages/commons","package.json","yarn.lock"])
 
 # Build services
-docker_build("opencrvs/ocrvs-client:local", "packages", dockerfile="packages/client/Dockerfile",only=["packages/client/"])
-docker_build("opencrvs/ocrvs-login:local",  "packages", dockerfile="packages/login/Dockerfile", only=["packages/login/"])
+docker_build("opencrvs/ocrvs-client:local", "packages", dockerfile="packages/client/Dockerfile", only=["components","client"])
+docker_build("opencrvs/ocrvs-login:local", "packages", dockerfile="packages/login/Dockerfile", only=["components","login"])
 
 apps = ['auth', 
               'config',

kubernetes/opencrvs-services/templates/migration-job.yaml

@@ -7,18 +7,14 @@ metadata:
     app: migration
   name: migration
 spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: migration
   template:
     metadata:
       labels:
         app: migration
     spec:
       containers:
         - name: migration
-          image: "opencrvs/migration:{{ .Values.image.tag }}"
+          image: "opencrvs/ocrvs-migration:{{ .Values.image.tag }}"
           env:
             - name: APPLICATION_CONFIG_MONGO_URL
               value: mongodb://mongodb.opencrvs-deps-dev.svc.cluster.local/application-config
@@ -41,4 +37,5 @@ spec:
             - name: WAIT_HOSTS
               value: mongo1:27017,influxdb:8086,minio:9000,elasticsearch:9200
       completions: 1 # Run the job once
-      backoffLimit: 0 # Don't retry if the job fails
+      backoffLimit: 0 # Don't retry if the job fails
+      restartPolicy: "OnFailure"

packages/client/Dockerfile

@@ -16,10 +16,11 @@ RUN yarn install --frozen-lockfile && yarn build
 FROM nginx:1.27
 RUN apt-get update && apt-get upgrade -y
 
-COPY --from=0 /app/packages/client/build/ /usr/share/nginx/html/
-
-COPY infrastructure/nginx-deploy-config.sh /
+COPY client/nginx/nginx-deploy-config.sh /
 COPY packages/client/nginx.conf /etc/nginx/conf.d/default.conf
+RUN chmod +x /nginx-deploy-config.sh
+
+COPY --from=0 /app/packages/client/build/ /usr/share/nginx/html/
 
 RUN chmod +x /nginx-deploy-config.sh
 CMD ["bash", "-c", "'./nginx-deploy-config.sh'"]

packages/gateway/Dockerfile

@@ -9,4 +9,10 @@ RUN yarn install --frozen-lockfile
 COPY --chown=node:node . .
 RUN yarn build
 
+RUN ls -lha /app/packages/gateway/build/dist/src
+RUN ls -lha /app/packages/gateway/build/dist/src/graphql
+
+
+
+
 CMD [ "yarn", "start:prod" ]

packages/gateway/Dockerfile.dockerignore

@@ -3,7 +3,6 @@
 *.yaml
 .vscode
 **/.git
-**/test
 
 # From root
 **/node_modules
@@ -12,10 +11,4 @@
 **/.env
 **/*.log
 .secrets/*
-data
-grafana
 
-# Exclude unused packages
-packages/
-!packages/commons
-!packages/gateway

packages/login/Dockerfile

@@ -20,10 +20,10 @@ FROM nginx:1.27
 
 RUN apt-get update && apt-get upgrade -y
 
-COPY --from=0 /app/packages/login/build/ /usr/share/nginx/html/
+COPY login/nginx/nginx-deploy-config.sh /
+COPY login/nginx/nginx-default.conf /etc/nginx/conf.d/default.conf
+RUN chmod +x /nginx-deploy-config.sh
 
-COPY infrastructure/nginx-deploy-config.sh /
-COPY infrastructure/nginx-default.conf /etc/nginx/conf.d/default.conf
+COPY --from=0 /app/packages/login/build/ /usr/share/nginx/html/
 
-RUN chmod +x /nginx-deploy-config.sh
 CMD ["bash", "-c", "'./nginx-deploy-config.sh'"]

packages/login/nginx/nginx-default.conf

@@ -0,0 +1,66 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# OpenCRVS is also distributed under the terms of the Civil Registration
+# & Healthcare Disclaimer located at http://opencrvs.org/license.
+#
+# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+
+
+# config to don't allow the browser to render the page inside an frame or iframe
+# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
+# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
+# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
+add_header X-Frame-Options SAMEORIGIN;
+
+# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
+# to disable content-type sniffing on some browsers.
+# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
+# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
+# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
+# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
+add_header X-Content-Type-Options nosniff;
+
+# The 'HTTP Strict Transport Security' (Strict-Transport-Security) HTTP header
+# is used to control if the browser is allowed to only access a site over a
+# secure connection and how long to remember the server response for thus forcing
+# continued usage.Secure configuration: Return the 'Strict-Transport-Security' header
+# with an appropriate timeout over a secure connection.
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+
+# A cross-domain policy file is an XML document that grants a web client,
+# such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these),
+# permission to handle data across domains. When clients request content hosted on
+# a particular source domain and that content make requests directed towards a domain
+# other than its own, the remote domain needs to host a cross-domain policy file
+# that grants access to the source domain, allowing the client to continue the transaction.
+add_header X-Permitted-Cross-Domain-Policies master-only;
+
+# with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
+# you can tell the browser that it can only download content from the domains you explicitly allow
+# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+# https://www.owasp.org/index.php/Content_Security_Policy
+# I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
+# directives for css and js(if you have inline css or js, you will need to keep it too).
+# more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
+add_header Content-Security-Policy "default-src 'self' {{CONTENT_SECURITY_POLICY_WILDCARD}} *.sentry.io/ sentry.io/; font-src fonts.gstatic.com {{CONTENT_SECURITY_POLICY_WILDCARD}}; object-src 'none'; script-src 'self' 'unsafe-eval' blob: https: http: storage.googleapis.com/workbox-cdn/ sentry.io/api/embed/error-page/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: http: https: ";
+
+server {
+    listen       80;
+    server_name  localhost;
+    server_tokens off;
+
+    location / {
+        root   /usr/share/nginx/html;
+        # allows fallback to /index.html so SPAs work
+        try_files $uri $uri/ /index.html;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

packages/login/nginx/nginx-deploy-config.sh

@@ -0,0 +1,13 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# OpenCRVS is also distributed under the terms of the Civil Registration
+# & Healthcare Disclaimer located at http://opencrvs.org/license.
+#
+# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+set -e
+
+sed -i s~THIS_WILL_BE_REPLACED_BY_RUNTIME_ENV_VARIABLE~$COUNTRY_CONFIG_URL~g /usr/share/nginx/html/index.html
+sed -i s~{{CONTENT_SECURITY_POLICY_WILDCARD}}~$CONTENT_SECURITY_POLICY_WILDCARD~g /etc/nginx/conf.d/default.conf
+nginx -g 'daemon off;'

packages/search/Dockerfile.dockerignore

@@ -3,7 +3,6 @@
 *.yaml
 .vscode
 **/.git
-**/test
 
 # From root
 **/node_modules
@@ -12,10 +11,3 @@
 **/.env
 **/*.log
 .secrets/*
-data
-grafana
-
-# Exclude unused packages
-packages/*
-!packages/search
-!packages/commons

packages/workflow/Dockerfile

@@ -5,6 +5,9 @@ USER node
 
 WORKDIR /app/packages/workflow
 COPY --chown=node:node . .
+RUN ls -lha
+RUN ls -lha test
+
 RUN yarn install --frozen-lockfile && yarn build
 
 CMD [ "yarn", "start:prod" ]

packages/workflow/Dockerfile.dockerignore

@@ -3,7 +3,6 @@
 *.yaml
 .vscode
 **/.git
-**/test
 
 # From root
 **/node_modules