Releases: opencrvs/opencrvs-countryconfig
OpenCRVS Country Configuration Template - v1.6.1
Bug fixes
- We make sure that the automatic cleanup job only runs before deployment (instead of cron schedule cleanup).
- Previously it was possible MongoDB replica set and users were left randomly uninitialised after a deployment. MongoDB initialisation container now retries on failure.
- On some machines 'file' utility was not preinstalled causing provision to fail. We now install the utility if it doesn't exist.
OpenCRVS Country Configuration Template - v1.6.0
Breaking changes
-
Notification Flags The configuration of various notifications is now controlled from
countryconfig
instead of being handled in the UI, as notification settings are not something that should be changed on the fly. To simplify this process, we have moved the settings to theapplication-config.ts
file. From now on, the notifications can be managed in thenotificationForRecord
object defined in the mentioned file. Any changes will take effect after a new deployment.Country implementors must define the
notificationForRecord
object in theapplication-config.ts
file to enable the notifications they want. Not doing so will keep notifications disabled by default. -
Gateways searchEvents API updated
operationHistories
only returnsoperationType
&operatedOn
due to the other fields being unused in OpenCRVS -
Config changes to review/preview and signatures Core used to provide review/preview section by default which are now removed and need to be provided from countryconfig. The signature field definitions (e.g. informant signature, bride signature etc.) were hard coded in core which also have now been removed. The signatures can now be added through the review/preview sections defined in countryconfig just like any other field. You can use the following section definition as the default which is without any additional fields. We highly recommend checking out our reference country repository which has the signature fields in it's review/preview sections
{
id: 'preview',
viewType: 'preview',
name: {
defaultMessage: 'Preview',
description: 'Form section name for Preview',
id: 'register.form.section.preview.name'
},
title: {
defaultMessage: 'Preview',
description: 'Form section title for Preview',
id: 'register.form.section.preview.title'
},
groups: [
{
id: 'preview-view-group',
fields: []
}
]
}
- Remove
splitView
option from DOCUMENT_UPLOADER_WITH_OPTION field - New required sections preview & review added. Signature field definitions are now part of these two sections same as normal form fields.
- Remove
inputFieldWidth
from Number type form field - You can now configure the home screen application’s name and icons in your country configuration package as manifest.json and app icon files are moved from core to country config (check
src/client-static
folder) - Updated
allowedFileFormats
in signature fields to use MIME types (image/png
,image/jpg
,image/jpeg
,image/svg
) instead of simple file extensions. If you are already using theallowedFileFormats
field in your implementation, please ensure to update the format accordingly. - Remove unnecessary UI dividers that add in various sections of the declaration forms(e.g the Death, Birth and Marriage forms) #244
Bug fixes
- Protect individual certificate endpoint with token
- Kibana disk space alerts now work regardless of your disk device names. Alerts listen devices mounted both to
/
and/data
(encrypted data partition) - "Publish release" pipeline now correctly uses the "Branch to build from" value as the branch to be tagged. Previously it tried tagging "master". "Release tag" is also now used as the release version as is instead of it being read from
package.json
. - Environment creator script now requires countries to provide a Github token with no expiry date. This is to reduce effort in keeping the token up to date.
- Added the missing outputs for the clear environment workflow which was causing the seed data workflow to not run even if the reset option was checked when deploying
New features
- The select options in DOCUMENT_UPLOADER_WITH_OPTION field can now be hidden using the new
optionCondition
property. It works similarly to the same property available in SELECT_WITH_OPTIONS field
- ElasticSearch reindexing Allows reindexing ElasticSearch via a new search-service endpoint
reindex
. We're replacing the originalocrvs
index with timestamped ones. This is done automatically when upgrading and migrating, but this is an important architectural change that should be noted. More details in #7033.
-
Introduce a new certificate handlebar "preview" which can be used to conditionally render some svg element when previewing the certificate e.g. background image similar to security paper
-
Notification flags: Added notification flags for
BIRTH
,DEATH
, andMARRIAGE
events, including:sent-notification
sent-notification-for-review
sent-for-approval
registered
sent-for-updates
-
/record-notification
API: Endpoint to check enabled notifications for records. The API returns thenotificationForRecord
object forBIRTH
andDEATH
events, listing their respective flags. Route configuration includes description and tags for API documentation.
Bug fixes
- Github pipeline dedicated for reading secrets and variables from other environments now checks if GH_TOKEN is still valid before attempting other operations
- Remove unnecessary UI dividers that add in various sections of the declaration forms(e.g the Death, Birth and Marriage forms) #244
- Update template transformer for fields
informantType
andotherInformantType
that fixes the bug of unavailability of these template fields #5952
Localisation
New content keys requiring translation
search.placeholder,Placeholder text of search input,Name of query,Nom de la requête
Deleted keys
config.application.applicationNameChangeNotification,Message for application name change notification,Name of application updated,Nom de l'application mise à jour
config.application.applicationNameLabel,Application name config label,Name of application,Nom de l'application
config.application.backgroundImageChangeNotification,Message for background image change notification,Background image updated,Mise à jour de l'image de fond
config.application.backgroundImageError,Error message for background image change,Unable to change image. Please try again.,Impossible de modifier l'image. Veuillez réessayer.
config.application.backgroundImageFileLimitError,Error message for large Background file,Background image file must be less than 2mb,Le fichier de l'image d'arrière-plan doit être inférieur à 2 Mo
config.application.birthDelayedDialogTitle,Delayed dialog title for brith,Delayed registration time period for birth registration,Délai d'enregistrement retardé pour l'enregistrement des naissances
config.application.birthDelayedFeeChangeNotification,Message for application birth delayed fee change notification,Birth delayed fee updated,Mise à jour de la pénalité de déclaration tardive des naissances
config.application.birthLateFeeChangeNotification,Message for application birth late fee change notification,Birth late fee updated,Mise à jour de la pénalité de déclaration tardive des naissances
config.application.birthLateRegTargetChangeNotification,Message for application birth late registration target change notification,Birth late registration target days updated,Mise à jour des jours cibles d'enregistrement tardif des naissances
config.application.birthLegallySpecifiedDialogTitle,Legally specified dialog title for brith,Legally specified time period for birth registration,Délai légal pour déclaration des naissances
config.application.birthOnTimeFeeChangeNotification,Message for application birth on time fee change notification,Birth on time fee updated,Mise à jour des frais de naissance à temps
config.application.birthRegTargetChangeNotification,Message for application birth registration target change notification,Birth registration target days updated,Mise à jour des jours cibles pour l'enregistrement des naissances
config.application.colourTabText,The title for colour tab text,Hex code,Code hexadécimal
config.application.colourTabTitle,The title for colour tab,Colour,Couleur
config.application.configChangeError,Error message for application config change,Unable to make change. Please try again,Impossible d'effectuer la modification. Veuillez réessayer
config.application.currencyChangeMessage,Message for application currency change modal,Select your currency for your CRVS system,Selectionnez la devise
config.application.currencyChangeNotification,Message for application currency change notification,Currency updated,Devise mise à jour
config.application.currencyLabel,Currency config label,Currency,Devise
config.application.deathDelayedFeeChangeNotification,Message for application death delayed fee change notification,Death delayed fee updated,Mise à jour de la pénalité de retard déclaration du décès
config.application.deathLegallySpecifiedDialogTitle,Legally specified dialog title for death,Legally specified time period for death registration,Délais légal de déclaration du décès
config.application.deathOnTimeFeeChangeNotification,Message for application death on time fee change notification,Death on time fee updated,Mise à jour des frais de déclaration de décès dans le délais legal
config.application.deathRegTargetChangeNotification,Message for application death registration target change notification,Death registration target days updated,Mise à jour des jours cibles de déclaration des décès
config.application.delayedFeeDialogTitle,Delayed fee dialog title,Registration fees for delayed registrations,Frais pour les declarations tardives
config.application.delayedRegistrationLabel,Delayed registration config label,Delayed registration,Enregistrement retardé
config.application.delayedRegistrationValue,Delayed registration config value,After {lateTime} days,Après {l...
OpenCRVS Country Configuration - v1.5.1
This release is a reference implementation compatible with OpenCRVS version 1.5.1
Bug fixes
- Kibana disk space alerts now work regardless of your disk device names. Alerts listen devices mounted both to
/
and/data
(encrypted data partition)
Full Changelog: v1.5.0...v1.5.1
OpenCRVS Country Configuration - v1.5.0
An example OpenCRVS country configuration. To be used in conjunction with opencrvs-core release v1.5.0
Read the release notes!
Read the v1.4.* to v1.5.* migration notes!
Breaking changes
-
Removed dependency on OpenHIM.
The performance of OpenHIM added an unexpected burden of 200 m/s to every interaction. Cumulatively, this was negatively affecting user experience and therefore we decided to deprecate it.
Interested implementers are free to re-introduce OpenHIM should they wish to use it as an interoperability layer without affecting the performance of OpenCRVS now that our architecture no longer depends on it.
The OpenHIM database is kept for backwards compatibility reasons and will be removed in v1.6. OpenHIM is an Open Source middleware component designed for managing FHIR interoperability between disparate systems as part of the OpenHIE architectural specification. We had been using this component in a much more fundamental way to monitor microservice comms in a similar fashion to Amazon SQS.
-
Upgrade node version to 18
This version enforces environment to have Node 18 installed (supported until April 2025) and removes support for Node 16
- Use nvm to upgrade your local development environment to use node version
18.19.x.
- Specified operating systems in js modules as
darwin, linux
- Dev scripts and Vite run with an environment variable
NODE_OPTIONS=--dns-result-order=ipv4first
to resolve ipv4 addresses forlocalhost
to support systems that resolves ipv6 addresses by default in Node versions >=17
- Use nvm to upgrade your local development environment to use node version
-
Update the certificate preview mechanism In effort of minimizing JavaScript-bundle size, we have streamlined the way how review certificate -page renders certificates. In case the images in your certificates are previewing blurry, you need to update your SVG-certificates to print QR-codes and other images directly with
<image width="36" height="36" xlink:href="{{qrCode}}" x="500" y="770"></image>
instead of the more complicated<rect fill="url(#pattern)"></rect>
-paradigm. This doesn't affect printed certificates as they are still created as previously. -
Generate default address according to logged-in user's location We have dropped support for the 'agentDefault' prop which was used as initial value for SELECT_WITH_DYNAMIC_OPTIONS fields. If you have not made any changes to address generation, then this should not affect you. If you have, you can refer to this PR to see how agentDefault has been deprecated in an example country: opencrvs#978
-
Remove system admin UI items: Application, Certificates, User roles, Informant notifications We have now moved to configuring these items away from the UI in favour of directly editing these from country configuration repository in code - specifically in application-config-default.ts.
-
Set Metabase default credentials. These must be configured via countryconfig repository environment variables and secrets otherwise the dashboard service won't start
-
Check your Metabase map file. For Metabase configuration, we renamed
farajaland-map.geojson
tomap.geojson
to not tie implementations into example country naming conventions. -
Feature flags In order to make application config settings more readable, we re-organised
src/api/application/application-config-default.ts
with a clear feature flag block like so. These are then used across the front and back end of the application to control configurable functionality. New feature flags DEATH_REGISTRATION allow you to optionally run off death registration if your country doesnt want to run its first pilot including death and PRINT_DECLARATION (see New Features) have been added.
FEATURES: { DEATH_REGISTRATION: true, MARRIAGE_REGISTRATION: false, ... }
-
Improve rendering of addresses in review page where addresses match When entering father's address details, some countries make use of a checkbox which says "Address is the same as the mothers. " which, when selected, makes the mother's address and fathers address the same. The checkbox has a programatic value of "Yes" or "No". As a result on the review page, the value "Yes" was displayed which didn't make grammatical sense as a response. We decided to use a custom label: "Same as mother's", which is what was asked on the form. This requires some code changes in the src/form/addresses/index.ts file to pull in the
hideInPreview
prop which will hide the value "Yes" on the review page and replace with a content managed label. Associated bug #5086
Infrastructure breaking changes
More improvements have been made to the infrastructure provisioning and Github environment creation scripts and documentation. The complexity is somewhat reduced.
- We removed the example Wireguard VPN set up as it was confusing. Our intention was to ensure that all implementers were aware that OpenCRVS should be installed behind a VPN and used Wireguard as an example. But the configuration requirements for Wireguard confused implementers who are not using it. Therefore we decided to remove Wireguard as an example.
- We now have a "backup" Github environment and the backup server is automatically provisioned. We moved the inventory file location to an explicit directory and removed parameters to scripts that can be automated. To migrate, move all inventory files (qa.yml, production.yml, staging.yml from
infrastructure/server-setup
toinfrastructure/server-setup/inventory
and configureinfrastructure/server-setup/inventory/backup.yml
. Run environment creator for your backup serveryarn environment:init --environment=backup
- You can configure the file path on the backup server where backups are stored. We can also allow using staging to both periodically restore a production backup and also give it the capability if required to backup it's own data to a different location using
backup_server_remote_target_directory
andbackup_server_remote_source_directory
Ansible variables. This use case is mostly meant for OpenCRVS team internal use. - We now automate SSH key exchange between application and backup server. For staging servers, automatically fetch production backup encryption key if periodic restore is enabled using
ansible_ssh_private_key_file
Ansible variables. Therefore documentation is simplified for a new server set-up. - In infrastructure Github workflows: SSH_PORT is new and required allowing you the ability to use a non-standard SSH port. This Github Action environment variable must be added.
- In infrastructure Github workflows: SSH_HOST should be moved from being a Github Action environment secret to a Github Action environment variable before it is deprecated in 1.7.0
- No longer an assumption made that production server Docker replicas and Mongo replica-sets are necessary. In our Docker Compose files, we had originally assumed that a production deployment would always be deployed on a cluster to enable load balancing. We applied a Mongo replica set by default on production and set replicas: 2 on each microservice. However after experience in multiple countries running small scale pilots, a production deployment usually starts off as 1 server node and then scales into a cluster over time in order to save costs and resources. Therefore these replicas are a waste of resources. So you will notice that this has been deleted. You can always manually add your desired replicas back into you Docker Compose configuration if you want. In Docker Compose files, search for REPLICAS and update accordingly as well as attending to the linked examples.
Follow the descriptions in the migration notes to re-provision all servers safely.
New features
- Introduced rate limiting to routes that could potentially be bruteforced or extracted PII from.
- The login and client application loading experience has improved. A loading bar appears before the javaScript bundle has loaded and this transitions when fetching records.
- Development time logs are now much tidier and errors easier to point out. Production logging will still remain as is.
- Masked emails and phone numbers from notification logs.
- Support for landscape certificate templates.
- Allow defining maxLength attribute for number type fields.
- A new certificate handlebar for registration fees has been added
registrationFees
- A new certificate handlebar for logged-in user details has been added
loggedInUser
- Add support for image compression configuration. Two new properties to this form field are available:
DOCUMENT_UPLOADER_WITH_OPTION
compressImagesToSizeMB
: An optional prop of number type to define a compressed size. Compression is ignored when the input file is already smaller or equal of the given value or a falsy given value.maxSizeMB
: An optional validation prop to prevent input of a file bigger than a defined value.
- If a country doesnt wish to use Sentry for logging errors, the SENTRY_DSN variable is now optional and the LogRocket option has been deprecated due to lack of demand.
- Given ...
OpenCRVS Country Configuration - v1.3.5
This release is a reference implementation compatible with OpenCRVS version 1.3.5. Fundamentally this is equivalent to v1.3.4 and it's being released mainly for keeping the version in sync with OpenCRVS core.
OpenCRVS Country Configuration - v1.3.4
What's Changed
This release is a reference implementation compatible with OpenCRVS version 1.3.4.
Bugfixes
- Fix "Reason for delayed registration" not showing with single digit date or month in child's birthday (issue).
- Add missing French translations (issue).
Full Changelog: v1.3.3...v1.3.4
OpenCRVS Country Configuration - v1.4.1
An example OpenCRVS country configuration. To be used in conjunction with opencrvs-core release v1.4.1
What's changed?
- Improved logging for emails being sent
- Updated default Metabase init file so that it's compatible with the current Metabase version
- Deployment: Verifies Kibana is ready before setting up alert configuration
- Deployment: Removes
depends_on
configuration from docker compose files - Deployment: Removes some deprecated deployment code around Elastalert config file formatting
- Provisioning: Creates backup user on backup servers automatically
- Provisioning: Update ansible Github action task version
Breaking changes
- Copy: All application copy is now located in src/translations as CSV files. This is so that copy would be easily editable in software like Excel and Google Sheets. After this change,
AVAILABLE_LANGUAGES_SELECT
doesn't need to be defined anymore by country config.
Full Changelog: v1.3.3...v1.4.1
OpenCRVS Country Configuration - v1.3.3
This release is a reference implementation compatible with OpenCRVS version 1.3.x.
What's Changed
- ocrvs-6363 use the new id handlebars with the "location" helper by @Zangetsu101 in opencrvs#815
- Change the verbiage from sms to email in Send for approval section and in introduction page by @naftis in opencrvs#868
- update password copy to suggest a 12 character long passphrase by @naftis in opencrvs#867
- Farajaland certificates updated by @euanmillar in opencrvs#891
- Make occupation field usable for deceased by @Zangetsu101 in opencrvs#888
- Farajaland form updates by @tahmidrahman-dsi in opencrvs#805
- Reason for delayed registration custom form field by @euanmillar in opencrvs#894
- [OCRVS-6520] Fix Farajaland marriage form issue by @tahmidrahman-dsi in opencrvs#906
- add handlebar of age of deceased in death certificate by @Nil20 in opencrvs#895
- ocrvs-6517 Hide fields when informantType not selected by @Zangetsu101 in opencrvs#899
- ocrvs-6204 fix date of birth unknown checkbox conditional & update CHANGELOG by @Zangetsu101 in opencrvs#898
- Fix search copy by @tahmidrahman-dsi in opencrvs#907
- Fix death certificate birthdate field by @Nil20 in opencrvs#908
- Update handlebars by @Zangetsu101 in opencrvs#905
- Allow pip to update externally-managed packages by @Zangetsu101 in opencrvs#882
Full Changelog: opencrvs/opencrvs-farajaland@v1.3.2...v1.3.3
OpenCRVS Country Configuration - v1.4.0
An example OpenCRVS country configuration. To be used in conjunction with opencrvs-core release v1.4.0
Read the release notes!
Read the v1.3.* to v1.4.* migration notes!
Breaking changes
- 🔒 Entirely reconfigured infrastructure and provisioning scripts for new servers. Each server is now SSH secured with Google Authenticator
- 🔒 Backup server now automatically provisioned. Production environments automatically back up to backup server and they are automatically restored onto staging, thus reducing monitoring and maintenance tasks.
- Added examples for configuring HTTP-01, DNS-01, and manual HTTPS certificates. By default, development and QA environments use HTTP-01, while others use DNS-01.
- All secrets & variables defined in Github Secrets are now passed automatically to the deployment script.
- The VPN_HOST_ADDRESS variable is now required for staging and production installations to ensure deployments are not publicly accessible.
- Replica limits have been removed; any number can now be deployed.
- Each environment now has a dedicated docker-compose--deploy.yml. Use
environment:init
to create a new environment and generate a corresponding file for customizable configurations. - 🔒 OpenHIM console is no longer exposed via HTTP.
- Ansible playbooks are refactored into smaller task files.
New features
- We now recommend creating a new Ubuntu user
provision
with passwordless sudo rights for all automated operations on the server, instead of using the root user. New users for different operations will be created in future releases. - All human users on all servers now have their own Linux users with mandatory 2-factor authentication.
- OpenCRVS now has an interactive script
environment:init
for creating new Github environments and defining secrets. This script should also be run for existing environments to ensure all variables and secrets are defined, especially important when pulling the latest changes from the repository to your own country resource package. - The environment creator script also manages the known hosts file automatically.
- 🚰 New pipeline for automatic provisioning of Ubuntu servers (all environments).
- 🚰 New pipeline for resetting data from an environment (non-production environments).
- 🚰 New pipeline for resetting SSH 2FA for all environments.
- 🚰 Development deploy pipeline now includes a "debug" option for SSHing into the action runner (non-production environments).
- A new "staging" environment has been introduced, acting as a production environment clone that resets its data nightly to match the production environment.
- The deployment script can now verify if there are undefined environment variables referred to in your compose files. All secrets and variables defined in Github Environments are automatically passed down to the deployment script.
- 🔒 Backup archives are now secured with a passphrase.
- HTTPS setup now offers three options: HTTP challenge, DNS challenge, and using a pre-issued certificate file.
- There's now a generic purpose POST /email endpoint only available from the internal network. Elastalert2 is configured to use this endpoint instead of directly using SMTP details or the Sendgrid API key.
- 🔒 QA environment now hosts a Wireguard server and admin panel (wg-easy). After deploying, you can access the admin panel at vpn..
- Allow configuring additional SSH parameters globally using
SSH_ARGS
Github variable.
Breaking changes
- Known hosts are now defined in the
infrastructure/known-hosts
file. You can clear the file and usebash infrastructure/environments/update-known-hosts.sh <domain>
to add your own domains. - Ansible inventory files are now in .yml format. Please convert your old
production.ini
and similar files to this new format. - The
authorized_keys
file has been removed, and keys should now be defined in the inventory yaml files. - The
DOCKER_PASSWORD
secret has been replaced withDOCKER_TOKEN
.
Note
In the next OpenCRVS release v1.5.0, there will be two significant changes:
- The
infrastructure
directory and related pipelines will be moved to a new repository. - Both the new infrastructure repository and the OpenCRVS country resource package repositories will start following their own release cycles, mostly independent from the core's release cycle. From this release forward, both packages are released as "OpenCRVS minor compatible" releases, meaning that the OpenCRVS countryconfig 1.3.0- is compatible with OpenCRVS 1.3.0, 1.3.1, 1.3.2, etc. This allows for the release of new hotfix versions of the core without having to publish a new version of the infrastructure or countryconfig.
See Releases for release notes of older releases.
OpenCRVS Country Configuration - v1.3.2
An example OpenCRVS country configuration. To be used in conjunction with opencrvs-core release v1.3.2
Read the release notes!
Read the v1.3.0 to v1.3.* migration notes!
Changes - country configuration
- Added new email templates: correction approved, correction rejected
- Remove unused files and unused dependencies by @rikukissa in #14
- Remove duplicate id check of informant for bride groom by @Nil20 in opencrvs#796
- Update deceased age label & conditionals by @Zangetsu101 in opencrvs#792
- Review section message update for incomplete declaration by @Nil20 in opencrvs#791
- Remove unsupported font from marriage certificate by @Zangetsu101 in opencrvs#852
Full Changelog: v1.3.1...v1.3.2