merge countryconfig to farajaland (#1021)

* Code freeze 1.5.0 release * Update auth to go through gateway (#781) * fix auth api urls * add mongo url for search service * refactor: keep individual certificate endpoint only in dev * return composition id confirm registration endpoint in core (#797) * Add feature flags in application default config (#806) * chore: remove logrocket references (#811) * feature flag hotfix for client config prod * Upgrade node to 18 (#847) * Update node version in Dockerfile * Update node version in workflow yml files * Add os configuration option in package.json * Add engines configuration option in package.json * Feedback changes * Add node options NODE_OPTIONS dns-result-order `ipv4first` * Upgrade node version in workflow file * Remove matrix block * (state-transitions): remove openhim url and modify confirm registration url (#932) * Remove openhim url and modify confirm registration url * Remove openhim core and openhim console services * feat: enable gzip compression (#947) * feat: enable gzip compression * enable gzip for gateway and login * make SENTRY_DSN variable optional * fix: support node versions 18.x.x (#955) * build: use docker compose v2 in github workflow files (#956) * Merge pull request #937 from opencrvs/ocrvs-6410-mass-email-users * deps: remove openhim (#963) * Add smtp env vars in qa deploy config * Revert "Minor amend notification schema" This reverts commit b2c6e39. * fix: remove duplicate handlebars.js route * chore: update the certificate images with <image> instead of the patterns (#977) * feat: generate default address according to user's location (#978) * feat: add GATEWAY_URL env variable * feat: generate default address from user location * chore: remove initialValue from dynamicOptions * [HOTFIX] Mass email subject & content styles (#983) * Update body content styles to use linebreaks * Forward subject from variables instead of template * fix: change gateway web url to internal swarm one (#990) * docs: update CHANGELOG * set owner for backup server authorized_keys to be the backup user * minor fix to how download script cleans backup directories before applying downloaded backups * chore!: move configuration options (#1005) * Remove authentication from dashboard queries endpoint and update traefik rules * fix: remove authentication from dashboard queries endpoint and update traefik rules (#120) * Update CHANGELOG.md * Remove unintended formatting changes * Update jq images to official ones to avoid deprecation breakage (#122) * Update Docker and checkout actions to get rid of warnings (#121) * fix: add translations for different informants in print, issue & correction flow (#127) * french translation added for informants * updated changelog.md * Fix Correct item names in update modal for marriage declaration * don't require regLastLocation in Postman Event Notification (#115) * fix: simplify hierarchy now that it can be queried through graphql (#116) --------- Co-authored-by: Riku Rouvila <[email protected]> Co-authored-by: Md. Ashikul Alam <[email protected]> Co-authored-by: Tahmid Rahman <[email protected]> Co-authored-by: tahmidrahman-dsi <[email protected]> Co-authored-by: Tameem Bin Haider <[email protected]> Co-authored-by: Tameem Bin Haider <[email protected]> Co-authored-by: tahmidrahman-dsi <[email protected]> Co-authored-by: Niko Kurtti <[email protected]> Co-authored-by: Anamul Haque <[email protected]> Co-authored-by: Tareq <[email protected]>
opencrvs · Jun 5, 2024 · 83d9d9d · 83d9d9d
1 parent b00e141
commit 83d9d9d
Show file tree

Hide file tree

Showing 17 changed files with 92 additions and 197 deletions.
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
@@ -75,7 +75,7 @@ jobs:
           echo "KNOWN_HOSTS=" >> $GITHUB_ENV
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -102,7 +102,7 @@ jobs:
           echo "KNOWN_HOSTS=" >> $GITHUB_ENV
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}

diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -15,7 +15,7 @@ jobs:
   base:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           ref: '${{ github.event.inputs.branch_name }}'
 
@@ -47,7 +47,7 @@ jobs:
           custom_tag: ${{ env.TAG }}
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}

diff --git a/.github/workflows/publish-to-dockerhub.yml b/.github/workflows/publish-to-dockerhub.yml
@@ -17,20 +17,20 @@ jobs:
   push:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         if: github.event_name == 'workflow_dispatch'
         with:
           fetch-depth: 2
           ref: '${{ github.event.inputs.branch_name }}'
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         if: github.event_name == 'push'
 
       - name: Get tags
         run: git fetch --tags origin
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_TOKEN }}

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -8,7 +8,7 @@ jobs:
 
     steps:
       - name: Checking out git repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Use Node.js 18.19
         uses: actions/setup-node@v2

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,20 +1,26 @@
 # Changelog
-## 1.5.0 (TBD)
 
+## [1.5.0]
+
+- Change auth URLs to access them via gateway
+- Add hearth URL to search service
+- Include an endpoint for serving individual certificates in development mode
+- Include compositionId in confirm registration payload
+- Move individual configuration options to feature flags
+- Remove logrocket refrences
+- Upgrade to node 18
+- Enable gzip compression in client & login
+- Make SENTRY_DSN variable optional
+- Use docker compose v2 in github workflows
+- Mass email from national system admin
 - Remove dependency on openhim. The openhim db is kept for backwards compatibility reasons and will be removed in v1.6
-- Change condition of Number of previous births 
-
-## [1.3.4](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.3...v1.3.4)
-
-## Breaking changes
-
-## New features
-
-## Bug fixes
-
-- Fix typo in certificate handlebar names
-
-See [Releases](https://github.com/opencrvs/opencrvs-farajaland/releases) for release notes of older releases.
+- Add smtp environment variables in qa compose file
+- Use image tag instead of patterns in certificate SVGs
+- Generate default address according to logged-in user's location
+- Remove authentication from dashboard queries route
+- Added french translation of informant for print certificate flow, issue certificate flow & correction flow
+- Groom's and Bride's name, printIssue translation variables updated [#124](https://github.com/opencrvs/opencrvs-countryconfig/pull/124)
+- Change condition of Number of previous births
 
 ## [1.4.1](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.4.0...v1.4.1)
 
@@ -70,76 +76,17 @@ In the next OpenCRVS release v1.5.0, there will be two significant changes:
 - The `infrastructure` directory and related pipelines will be moved to a new repository.
 - Both the new infrastructure repository and the OpenCRVS country resource package repositories will start following their own release cycles, mostly independent from the core's release cycle. From this release forward, both packages are released as "OpenCRVS minor compatible" releases, meaning that the OpenCRVS countryconfig 1.3.0-<incrementing release number> is compatible with OpenCRVS 1.3.0, 1.3.1, 1.3.2, etc. This allows for the release of new hotfix versions of the core without having to publish a new version of the infrastructure or countryconfig.
 
-See [Releases](https://github.com/opencrvs/opencrvs-farajaland/releases) for release notes of older releases.
-
-## [1.3.3](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.2...v1.3.3)
-
-### Breaking changes
-
-### New features
-
-- #### Greater customizability of location data in certificates
-
-  The various admin level handlebars e.g. **statePlaceofbirth**,
-  **districtPrimaryMother** only contained the name of that location which was
-  not able to take advantage of all the information OpenCRVS had available
-  about the various admin levels e.g. the name of that location in the
-  secondary language. So we are introducing a new set of admin level
-  handlebars that would contain the **id** of that location which we can
-  resolve into a value of the shape
-
-  ```
-  {
-    name: string
-    alias: string
-  }
-  ```
-
-  using the new **"location"** handlebar helper. Here name is the primary
-  label of the location and alias being the secondary one. Currently only
-  these 2 fields are available but we will be adding more fields depending on
-  various countries requirements. If previously the certificate svg used to
-  contain `{{districtPlaceofbirth}}` then now we can replace it with
-  `{{location districtPlaceofbirthId 'name'}}`. To access alias, the `'name'`
-  needs to be replaced with `'alias'`.
-
-  Below is a list of all the new handlebars that are meant to be used with the
-  "location" handlebar helper.
-
-  - statePrimaryInformantId
-  - districtPrimaryInformantId
-  - statePlaceofbirthId
-  - districtPlaceofbirthId
-  - statePrimaryMotherId
-  - districtPrimaryMotherId
-  - statePrimaryFatherId
-  - districtPrimaryFatherId
-  - statePrimaryDeceasedId
-  - districtPrimaryDeceasedId
-  - statePlaceofdeathId
-  - districtPlaceofdeathId
-  - statePrimaryGroomId
-  - districtPrimaryGroomId
-  - statePrimaryBrideId
-  - districtPrimaryBrideId
-  - statePlaceofmarriageId
-  - districtPlaceofmarriageId
-  - registrar.stateId
-  - registrar.districtId
-  - registrar.officeId
-  - registrationAgent.stateId
-  - registrationAgent.districtId
-  - registrationAgent.officeId
-
-  ##### We will be deprecating the counterpart of the above mentioned handlebars that contains only the label of the specified location in a future version so we highly recommend that implementers update their certificates to use these new ones.
+## [1.3.4](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.3...v1.3.4)
 
 ### Bug fixes
 
+- Fix typo in certificate handlebar names
+
 ## [1.3.3](https://github.com/opencrvs/opencrvs-farajaland/compare/v1.3.2...v1.3.3)
 
-## Breaking changes
+### Breaking changes
 
-## New features
+### New features
 
 - #### Greater customizability of location data in certificates
 
@@ -207,7 +154,9 @@ See [Releases](https://github.com/opencrvs/opencrvs-farajaland/releases) for rel
 - #### Reason for late registration field
   The birth & death forms will include another custom field, **reasonForLateRegistration**, which makes use of "LATE_REGISTRATION_TARGET" configuration option in it's visibility conditional.
 
-## Bug fixes
+### Bug fixes
 
 - Updated translations for form introduction page and sending for approval to reflect the default notification method being email.
 - Remove hard-coded conditionals from "occupation" field to make it usable in the deceased form
+
+See [Releases](https://github.com/opencrvs/opencrvs-farajaland/releases) for release notes of older releases.
diff --git a/infrastructure/backups/download.sh b/infrastructure/backups/download.sh
@@ -99,7 +99,13 @@ mkdir -p $BACKUP_RAW_FILES_DIR/extract
 tar -xvf $BACKUP_RAW_FILES_DIR/${LABEL}.tar.gz -C $BACKUP_RAW_FILES_DIR/extract
 
 # Delete previous days restore(s) and move the newly downloaded one in place
-rm -rf /data/backups/*
+for BACKUP_DIR in /data/backups/*; do
+  if [ -d "$BACKUP_DIR" ]; then
+    rm -rf $BACKUP_DIR/*
+  fi
+done
+
+
 mv $BACKUP_RAW_FILES_DIR/extract/elasticsearch /data/backups/elasticsearch
 
 mv $BACKUP_RAW_FILES_DIR/extract/influxdb /data/backups/influxdb/${LABEL}

diff --git a/infrastructure/docker-compose.deploy.yml b/infrastructure/docker-compose.deploy.yml
@@ -555,7 +555,7 @@ services:
     deploy:
       labels:
         - 'traefik.enable=true'
-        - 'traefik.http.routers.countryconfig.rule=Host(`countryconfig.{{hostname}}`) && !Path(`/email`) && !Path(`/notification`)'
+        - 'traefik.http.routers.countryconfig.rule=Host(`countryconfig.{{hostname}}`) && !Path(`/email`) && !Path(`/notification`) &!Path(`/dashboards/queries.json`)'
         - 'traefik.http.services.countryconfig.loadbalancer.server.port=3040'
         - 'traefik.http.routers.countryconfig.tls=true'
         - 'traefik.http.routers.countryconfig.tls.certresolver=certResolver'
@@ -568,13 +568,15 @@ services:
         - 'traefik.http.middlewares.countryconfig.headers.stsseconds=31536000'
         - 'traefik.http.middlewares.countryconfig.headers.stsincludesubdomains=true'
         - 'traefik.http.middlewares.countryconfig.headers.stspreload=true'
-        # This is an invalid IP range, effectively blocking all IPs from accessing /email path.
+        # This is an invalid IP range, effectively blocking all IPs from accessing below paths.
         # It's only meant to be accessed from the internal docker network.
-        - 'traefik.http.middlewares.block-email.ipwhitelist.sourcerange=255.255.255.255'
+        - 'traefik.http.middlewares.block-internal-routes.ipwhitelist.sourcerange=255.255.255.255'
         - 'traefik.http.routers.block-email.rule=Host(`countryconfig.{{hostname}}`) && Path(`/email`)'
-        - 'traefik.http.routers.block-email.middlewares=block-email'
+        - 'traefik.http.routers.block-email.middlewares=block-internal-routes'
         - 'traefik.http.routers.block-notification.rule=Host(`countryconfig.{{hostname}}`) && Path(`/notification`)'
-        - 'traefik.http.routers.block-notification.middlewares=block-email'
+        - 'traefik.http.routers.block-notification.middlewares=block-internal-routes'
+        - 'traefik.http.routers.block-dashboard-queries.rule=Host(`countryconfig.{{hostname}}`) && Path(`/dashboards/queries.json`)'
+        - 'traefik.http.routers.block-dashboard-queries.middlewares=block-internal-routes'
       replicas: 1
     environment:
       - MONGO_URL=mongodb://mongo1/user-mgnt?replicaSet=rs0
@@ -849,7 +851,7 @@ services:
     deploy:
       labels:
         - 'traefik.enable=true'
-        - 'traefik.http.routers.config.rule=Host(`config.{{hostname}}`)'
+        - 'traefik.http.routers.config.rule=Host(`config.{{hostname}}`) && !Path(`/dashboardQueries`)'
         - 'traefik.http.services.config.loadbalancer.server.port=2021'
         - 'traefik.http.routers.config.tls=true'
         - 'traefik.http.routers.config.tls.certresolver=certResolver'
@@ -861,6 +863,9 @@ services:
         - 'traefik.http.middlewares.config.headers.stsseconds=31536000'
         - 'traefik.http.middlewares.config.headers.stsincludesubdomains=true'
         - 'traefik.http.middlewares.config.headers.stspreload=true'
+        - 'traefik.http.middlewares.block-internal-routes.ipwhitelist.sourcerange=255.255.255.255'
+        - 'traefik.http.routers.block-dashboard-queries.rule=Host(`countryconfig.{{hostname}}`) && Path(`/dashboardQueries`)'
+        - 'traefik.http.routers.block-dashboard-queries.middlewares=block-internal-routes'
       replicas: 1
     networks:
       - overlay_net

diff --git a/infrastructure/docker-compose.staging-deploy.yml b/infrastructure/docker-compose.staging-deploy.yml
@@ -159,6 +159,7 @@ services:
     depends_on:
       - mongo1
 
+
   mongo-on-update:
     environment:
       - REPLICAS=1

diff --git a/infrastructure/monitoring/kibana/setup-config.sh b/infrastructure/monitoring/kibana/setup-config.sh
@@ -23,15 +23,15 @@ if [ "$status_code" -ne 200 ]; then
 fi
 
 # Delete all alerts
-$docker_command --connect-timeout 60 -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD "$kibana_alerting_api_url" | docker run --rm -i --network=opencrvs_overlay_net stedolan/jq -r '.data[].id' | while read -r id; do
+$docker_command --connect-timeout 60 -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD "$kibana_alerting_api_url" | docker run --rm -i --network=opencrvs_overlay_net ghcr.io/jqlang/jq -r '.data[].id' | while read -r id; do
   $docker_command --connect-timeout 60 -X DELETE -H 'kbn-xsrf: true' -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD "http://kibana:5601/api/alerting/rule/$id"
 done
 
 # Import configuration
 $docker_command --connect-timeout 60 -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD -X POST "http://kibana:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' --form file=@/config.ndjson > /dev/null
 
 # Re-enable all alerts
-$docker_command --connect-timeout 60 -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD "$kibana_alerting_api_url" | docker run --rm -i --network=opencrvs_overlay_net stedolan/jq -r '.data[].id' | while read -r id; do
+$docker_command --connect-timeout 60 -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD "$kibana_alerting_api_url" | docker run --rm -i --network=opencrvs_overlay_net ghcr.io/jqlang/jq -r '.data[].id' | while read -r id; do
   $docker_command --connect-timeout 60 -X POST -H 'kbn-xsrf: true' -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD "http://kibana:5601/api/alerting/rule/$id/_disable"
   $docker_command --connect-timeout 60 -X POST -H 'kbn-xsrf: true' -u elastic:$ELASTICSEARCH_SUPERUSER_PASSWORD "http://kibana:5601/api/alerting/rule/$id/_enable"
 done
diff --git a/infrastructure/server-setup/backups.yml b/infrastructure/server-setup/backups.yml
@@ -111,6 +111,8 @@
         marker: '# {mark} ANSIBLE MANAGED BLOCK docker-manager-first {{ manager_hostname }}'
         create: yes
         mode: 0600
+        owner: '{{ external_backup_server_user }}'
+
       tags:
         - backups
 

diff --git a/postman/Event Notification.postman_collection.json b/postman/Event Notification.postman_collection.json
diff --git a/src/form/index.ts b/src/form/index.ts
@@ -14,15 +14,14 @@ import { birthForm } from './birth'
 import { deathForm } from './death'
 import { marriageForm } from './marriage'
 import { IForms, Event } from './types/types'
-import { getUserOfficeLocationHierarchy } from '@countryconfig/utils/users'
+
+import { fetchUserLocationHierarchy } from '@countryconfig/utils/users'
 
 export async function formHandler(req: Request): Promise<IForms> {
-  const addressHierarchy = (
-    await getUserOfficeLocationHierarchy(
-      req.headers.authorization,
-      req.auth.credentials.sub as string
-    )
-  ).map(({ id }) => id)
+  const addressHierarchy = await fetchUserLocationHierarchy(
+    req.headers.authorization,
+    req.auth.credentials.sub as string
+  )
   // ====================== NOTE REGARDING MIGRATING FROM OPNCRVS v1.2 OR EARLIER ======================
 
   // SIMPLY RETURN A JSON OF YOUR FULL FORM HERE, WITH THE ADDITION OF THE NEW MARRIAGE AND VERSION PROP

diff --git a/src/form/marriage/index.ts b/src/form/marriage/index.ts
@@ -84,7 +84,7 @@ export const marriageForm: ISerializedForm = {
     {
       id: 'informant',
       viewType: 'form',
-      name: formMessageDescriptors.registrationName,
+      name: formMessageDescriptors.informantName,
       title: formMessageDescriptors.informantTitle,
       groups: [
         {

diff --git a/src/index.ts b/src/index.ts
@@ -375,6 +375,7 @@ export async function createServer() {
     handler: dashboardQueriesHandler,
     options: {
       tags: ['api'],
+      auth: false,
       description: 'Serves dashboard view refresher queries'
     }
   })
@@ -474,7 +475,7 @@ export async function createServer() {
       validate: {
         payload: emailSchema
       },
-      description: 'Handles sending SMS'
+      description: 'Handles sending email using a predefined template file'
     }
   })