Merge branch 'develop' into ocrvs-7055-hide-pre-postfix-with-no-value

.github/CODEOWNERS

@@ -0,0 +1 @@
+packages/components @naftis @jpye-finch

.github/workflows/build-images-from-branch.yml

@@ -117,7 +117,6 @@ jobs:
  # Skip temporarily for non-develop branches because of
  # a TOOMANYREQUESTS error failing the check
  # https://github.com/aquasecurity/trivy/discussions/7591
- if: ${{ needs.base.outputs.branch == 'develop' }}
  uses: aquasecurity/[email protected]
  with:
  image-ref: 'opencrvs/ocrvs-${{ matrix.service }}:${{ needs.base.outputs.version }}'

.github/workflows/lint-and-test.yml

@@ -25,6 +25,9 @@ jobs:
  uses: actions/checkout@v4
 
  - uses: mskelton/changelog-reminder-action@v3
+ # forked repos cannot access secrets.GITHUB_TOKEN which causes this step
+ # to fail
+ continue-on-error: true
  with:
  message: >
  Oops! Looks like you forgot to update the changelog.

.github/workflows/trigger-e2e-environment.yml

@@ -23,9 +23,12 @@ concurrency:
  cancel-in-progress: true
 
 jobs:
- e2e:
+ trigger-e2e:
  if: ${{ !contains(github.actor, 'bot') && github.event.pull_request.head.repo.fork == false }}
  runs-on: ubuntu-22.04
+ outputs:
+ run_id: ${{ steps.dispatch_e2e.outputs.run_id }}
+ deployment_link: ${{ steps.print-links.outputs.deployment_link }}
  steps:
  - uses: actions/checkout@v3
 
@@ -76,7 +79,8 @@ jobs:
  .trim()
  .replace(/\s+/g, '-')
  .replace(/-+/g, '-')
- .substr(0, 35);
+ .substr(0, 35)
+ .replace(/[^a-zA-Z0-9]+$/g, '');
  }
  const result = await github.rest.repos.createDispatchEvent({
  owner: 'opencrvs',
@@ -107,39 +111,38 @@ jobs:
  console.log(`Captured runId: ${runId}`);
 
  // Set the runId as an output
- core.setOutput('runId', runId);
+ core.setOutput('run_id', runId);
  } else {
  throw new Error('No workflow run found.');
  }
 
  - name: Print link to E2E workflow run
+ id: print-links
  run: |
- echo "See your E2E deployment run details here: https://github.com/opencrvs/e2e/actions/runs/${{ steps.dispatch_e2e.outputs.runId }}" >> $GITHUB_STEP_SUMMARY
+ E2E_RUN_LINK="https://github.com/opencrvs/e2e/actions/runs/${{ steps.dispatch_e2e.outputs.run_id }}"
+ DEPLOYMENT_LINK="https://${{ steps.dispatch_e2e.outputs.stack }}.opencrvs.dev"
+
+ echo "See your E2E deployment run details here: $E2E_RUN_LINK" >> $GITHUB_STEP_SUMMARY
  echo "All deployments & E2E of this environment you can see here: https://github.com/opencrvs/e2e/deployments/${{ steps.dispatch_e2e.outputs.stack }}" >> $GITHUB_STEP_SUMMARY
  echo "" >> $GITHUB_STEP_SUMMARY
- echo "If everything goes alright, you should see your stack getting deployed here: https://${{ steps.dispatch_e2e.outputs.stack }}.opencrvs.dev" >> $GITHUB_STEP_SUMMARY
+ echo "If everything goes alright, you should see your stack getting deployed here: $DEPLOYMENT_LINK" >> $GITHUB_STEP_SUMMARY
+
+ echo "deployment_link=$DEPLOYMENT_LINK" >> $GITHUB_OUTPUT
 
+ listen-e2e:
+ needs: trigger-e2e
+ runs-on: ubuntu-22.04
+ steps:
  - name: Wait for Environment Deployment (Deploy Job)
  uses: actions/github-script@v7
  with:
  github-token: ${{ secrets.GH_TOKEN }}
  script: |
  const owner = 'opencrvs';
  const repo = 'e2e';
- const runId = ${{ steps.dispatch_e2e.outputs.runId }};
+ const runId = ${{ needs.trigger-e2e.outputs.run_id }};
  const prNumber = ${{ github.event.pull_request.number }};
-
- function slugify(str) {
- return str
- .toLowerCase()
- .replace(/[^\w\s-]/g, '')
- .trim()
- .replace(/\s+/g, '-')
- .replace(/-+/g, '-')
- .substr(0, 35);
- }
- const branchName = slugify('${{ env.BRANCH_NAME }}');
- const deployMessage = `Your environment is deployed to https://${branchName}.opencrvs.dev.`;
+ const deployMessage = `Your environment is deployed to ${{ needs.trigger-e2e.outputs.deployment_link }}`;
 
  let deployJobCompleted = false;
 
@@ -214,7 +217,7 @@ jobs:
  script: |
  const owner = 'opencrvs';
  const repo = 'e2e';
- const runId = ${{ steps.dispatch_e2e.outputs.runId }};
+ const runId = ${{ needs.trigger-e2e.outputs.run_id }};
  let status = 'in_progress';
 
  while (status === 'in_progress' || status === 'queued') {

CHANGELOG.md

@@ -28,13 +28,16 @@
 ## Bug fixes
 
 - Fix health facilities missing from dropdown after correcting a record address [#7528](https://github.com/opencrvs/opencrvs-core/issues/7528)
+- "Choose a new password" form now allows the user to submit the form using the "Enter/Return" key [#5502](https://github.com/opencrvs/opencrvs-core/issues/5502)
+- Dropdown options now flow to multiple rows in forms [#7653](https://github.com/opencrvs/opencrvs-core/pull/7653)
 
 ## 1.6.0 Release candidate
 
 ## Improvements
 
 - Internally we were storing the `family` name field as a required property which was limiting what how you could capture the name of a person in the forms. Now we are storing it as an optional property which would make more flexible.
 - Remove the leftover features from the application config pages, such as certificates and informant notification. [#7156](https://github.com/opencrvs/opencrvs-core/issues/7156)
+- **PDF page size** The generated PDF used to be defaulted to A4 size. Now it respects the SVG dimensions if specified
 
 ## Bug fixes
 

docker-compose.yml

@@ -57,6 +57,7 @@ services:
  depends_on:
  - base
  environment:
+ - HOST=0.0.0.0
  - REDIS_HOST=redis
  - CONFIG_SMS_CODE_EXPIRY_SECONDS=600
  - CONFIG_TOKEN_EXPIRY_SECONDS=604800

license-config.json

@@ -3,6 +3,7 @@
  "**/*.@(editorconfig|md|log|lock|patch|prettierrc|gitignore|eslintignore|stylelintrc|csv|gz|geojson|woff2|woff|xml|yarnrc|yarn-integrity|ttf|map|pdf|snap|dockerignore|jsonc|idea|env|info|key|pub|cjs|sql)",
  ".git",
  ".github/DISCUSSION_TEMPLATE/Installation.yml",
+ ".github/CODEOWNERS",
  ".idea",
  "**/patches",
  ".secrets",

package.json

@@ -38,8 +38,8 @@
  "build:image": "export VERSION=`git log -1 --pretty=format:%h` && docker build --build-arg VERSION=${VERSION} -t opencrvs-build . && unset VERSION",
  "build:clean": "lerna run build:clean",
  "check:license": "license-check-and-add check -f license-config.json",
- "seed:dev": "ACTIVATE_USERS=true lerna run seed --stream --scope @opencrvs/data-seeder",
- "seed:prod": "lerna run seed --stream --scope @opencrvs/data-seeder",
+ "seed:dev": "NODE_ENV=development lerna run seed --stream --scope @opencrvs/data-seeder",
+ "seed:prod": "NODE_ENV=production lerna run seed --stream --scope @opencrvs/data-seeder",
  "add:license": "license-check-and-add add -f license-config.json",
  "build:components": "lerna run build --scope @opencrvs/components",
  "debug": "bash debug-service-in-chrome.sh"

packages/auth/package.json

@@ -24,6 +24,7 @@
  "@opencrvs/commons": "^1.3.0",
  "app-module-path": "^2.2.0",
  "dotenv": "^6.1.0",
+ "envalid": "^8.0.0",
  "fp-ts": "^2.12.3",
  "hapi-pino": "^9.0.0",
  "hapi-sentry": "^3.1.0",

packages/auth/src/config/plugins.ts

@@ -8,7 +8,7 @@
  *
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
-import { SENTRY_DSN } from '@auth/constants'
+import { env } from '@auth/environment'
 import { ServerRegisterPluginObject } from '@hapi/hapi'
 import { logger } from '@opencrvs/commons'
 import * as Pino from 'hapi-pino'
@@ -30,13 +30,13 @@ export default function getPlugins() {
  })
  }
 
- if (SENTRY_DSN) {
+ if (env.SENTRY_DSN) {
  plugins.push({
  plugin: Sentry,
  options: {
  client: {
  environment: process.env.DOMAIN,
- dsn: SENTRY_DSN
+ dsn: env.SENTRY_DSN
  },
  catchLogErrors: true
  }

packages/auth/src/constants.ts

@@ -8,46 +8,6 @@
  *
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
-export const REDIS_HOST = process.env.REDIS_HOST || 'localhost'
-export const AUTH_HOST = process.env.AUTH_HOST || '0.0.0.0'
-export const AUTH_PORT = process.env.AUTH_PORT || 4040
-export const USER_MANAGEMENT_URL =
- process.env.USER_MANAGEMENT_URL || 'http://localhost:3030/'
-export const METRICS_URL = process.env.METRICS_URL || 'http://localhost:1050'
-export const NOTIFICATION_SERVICE_URL =
- process.env.NOTIFICATION_SERVICE_URL || 'http://localhost:2020/'
-export const HOSTNAME = process.env.DOMAIN || '*'
-export const COUNTRY_CONFIG_URL =
- process.env.COUNTRY_CONFIG_URL || 'http://localhost:3040/'
-export const LOGIN_URL = process.env.LOGIN_URL || 'http://localhost:3020/'
-export const CLIENT_APP_URL =
- process.env.CLIENT_APP_URL || 'http://localhost:3000/'
-
-export const CERT_PRIVATE_KEY_PATH =
- (process.env.CERT_PRIVATE_KEY_PATH as string) ||
- '../../.secrets/private-key.pem'
-export const CERT_PUBLIC_KEY_PATH =
- (process.env.CERT_PUBLIC_KEY_PATH as string) ||
- '../../.secrets/public-key.pem'
-export const SENTRY_DSN = process.env.SENTRY_DSN
-
-export const PRODUCTION = process.env.NODE_ENV === 'production'
-export const QA_ENV = process.env.QA_ENV || false
-
-export const CONFIG_TOKEN_EXPIRY_SECONDS = process.env
- .CONFIG_TOKEN_EXPIRY_SECONDS
- ? parseInt(process.env.CONFIG_TOKEN_EXPIRY_SECONDS, 10)
- : 604800 // 1 week
-
-export const CONFIG_SMS_CODE_EXPIRY_SECONDS = process.env
- .CONFIG_SMS_CODE_EXPIRY_SECONDS
- ? parseInt(process.env.CONFIG_SMS_CODE_EXPIRY_SECONDS, 10)
- : 600
-
-export const CONFIG_SYSTEM_TOKEN_EXPIRY_SECONDS = process.env
- .CONFIG_SYSTEM_TOKEN_EXPIRY_SECONDS
- ? parseInt(process.env.CONFIG_SYSTEM_TOKEN_EXPIRY_SECONDS, 10)
- : 600
 
 export const WEB_USER_JWT_AUDIENCES = [
  'opencrvs:auth-user',

packages/auth/src/database.ts

@@ -9,7 +9,7 @@
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
 import * as redis from 'redis'
-import { REDIS_HOST } from '@auth/constants'
+import { env } from '@auth/environment'
 import { promisify } from 'util'
 import { logger } from '@opencrvs/commons'
 
@@ -29,9 +29,9 @@ export async function stop() {
 }
 
 export async function start() {
- logger.info(`REDIS_HOST, ${JSON.stringify(REDIS_HOST)}`)
+ logger.info(`REDIS_HOST, ${JSON.stringify(env.REDIS_HOST)}`)
  redisClient = redis.createClient({
- host: REDIS_HOST,
+ host: env.REDIS_HOST,
  retry_strategy: (options) => 1000
  })
 }

packages/auth/src/environment.ts

@@ -0,0 +1,33 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * OpenCRVS is also distributed under the terms of the Civil Registration
+ * & Healthcare Disclaimer located at http://opencrvs.org/license.
+ *
+ * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+ */
+
+import { cleanEnv, str, port, url, num, bool } from 'envalid'
+
+export const env = cleanEnv(process.env, {
+ REDIS_HOST: str({ devDefault: 'localhost' }),
+ AUTH_HOST: str({ default: '0.0.0.0' }),
+ AUTH_PORT: port({ default: 4040 }),
+ USER_MANAGEMENT_URL: url({ devDefault: 'http://localhost:3030/' }),
+ METRICS_URL: url({ devDefault: 'http://localhost:1050' }),
+ NOTIFICATION_SERVICE_URL: url({ devDefault: 'http://localhost:2020/' }),
+ DOMAIN: str({ devDefault: '*' }),
+ COUNTRY_CONFIG_URL: url({ devDefault: 'http://localhost:3040/' }),
+ LOGIN_URL: url({ devDefault: 'http://localhost:3020/' }),
+ CLIENT_APP_URL: url({ devDefault: 'http://localhost:3000/' }),
+ CERT_PRIVATE_KEY_PATH: str({ devDefault: '../../.secrets/private-key.pem' }),
+ CERT_PUBLIC_KEY_PATH: str({ devDefault: '../../.secrets/public-key.pem' }),
+ SENTRY_DSN: str({ default: undefined }),
+ QA_ENV: bool({ default: false }),
+
+ CONFIG_TOKEN_EXPIRY_SECONDS: num({ default: 604800 }), // 1 week
+ CONFIG_SMS_CODE_EXPIRY_SECONDS: num({ default: 600 }), // 10 minutes
+ CONFIG_SYSTEM_TOKEN_EXPIRY_SECONDS: num({ default: 600 }) // 10 minutes
+})

packages/auth/src/features/authenticate/handler.test.ts

@@ -9,7 +9,7 @@
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
 import * as fetchAny from 'jest-fetch-mock'
-import { createServerWithEnvironment } from '@auth/tests/util'
+import { createProductionEnvironmentServer } from '@auth/tests/util'
 import { createServer } from '@auth/server'
 
 const fetch = fetchAny as fetchAny.FetchMock
@@ -71,7 +71,7 @@ describe('authenticate handler receives a request', () => {
  expect(res.statusCode).toBe(403)
  })
  it('generates a mobile verification code and sends it to notification gateway', async () => {
- server = await createServerWithEnvironment({ NODE_ENV: 'production' })
+ server = await createProductionEnvironmentServer()
 
  // eslint-disable-next-line @typescript-eslint/no-var-requires
  const reloadedCodeService = require('../verifyCode/service')
@@ -102,7 +102,7 @@ describe('authenticate handler receives a request', () => {
  expect(spy.mock.calls[0][3]).toBe('+345345343')
  })
  it('does not generate a mobile verification code for pending users', async () => {
- server = await createServerWithEnvironment({ NODE_ENV: 'production' })
+ server = await createProductionEnvironmentServer()
 
  // eslint-disable-next-line
  const reloadedCodeService = require('../verifyCode/service')

packages/auth/src/features/authenticate/service.ts

@@ -9,16 +9,6 @@
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
 import fetch from 'node-fetch'
-import {
- USER_MANAGEMENT_URL,
- CERT_PRIVATE_KEY_PATH,
- CERT_PUBLIC_KEY_PATH,
- CONFIG_TOKEN_EXPIRY_SECONDS,
- CONFIG_SYSTEM_TOKEN_EXPIRY_SECONDS,
- PRODUCTION,
- QA_ENV,
- METRICS_URL
-} from '@auth/constants'
 import { resolve } from 'url'
 import { readFileSync } from 'fs'
 import { promisify } from 'util'
@@ -35,9 +25,10 @@ import { logger } from '@opencrvs/commons'
 import { unauthorized } from '@hapi/boom'
 import { chainW, tryCatch } from 'fp-ts/Either'
 import { pipe } from 'fp-ts/function'
+import { env } from '@auth/environment'
 
-const cert = readFileSync(CERT_PRIVATE_KEY_PATH)
-const publicCert = readFileSync(CERT_PUBLIC_KEY_PATH)
+const cert = readFileSync(env.CERT_PRIVATE_KEY_PATH)
+const publicCert = readFileSync(env.CERT_PUBLIC_KEY_PATH)
 
 const sign = promisify<
  Record<string, unknown>,
@@ -75,7 +66,7 @@ export async function authenticate(
  username: string,
  password: string
 ): Promise<IAuthentication> {
- const url = resolve(USER_MANAGEMENT_URL, '/verifyPassword')
+ const url = resolve(env.USER_MANAGEMENT_URL, '/verifyPassword')
 
  const res = await fetch(url, {
  method: 'POST',
@@ -101,7 +92,7 @@ export async function authenticateSystem(
  client_id: string,
  client_secret: string
 ): Promise<ISystemAuthentication> {
- const url = resolve(USER_MANAGEMENT_URL, '/verifySystem')
+ const url = resolve(env.USER_MANAGEMENT_URL, '/verifySystem')
 
  const res = await fetch(url, {
  method: 'POST',
@@ -135,8 +126,8 @@ export async function createToken(
  subject: userId,
  algorithm: 'RS256',
  expiresIn: temporary
- ? CONFIG_SYSTEM_TOKEN_EXPIRY_SECONDS
- : CONFIG_TOKEN_EXPIRY_SECONDS,
+ ? env.CONFIG_SYSTEM_TOKEN_EXPIRY_SECONDS
+ : env.CONFIG_TOKEN_EXPIRY_SECONDS,
  audience,
  issuer
  })
@@ -173,7 +164,7 @@ export async function generateAndSendVerificationCode(
  mobile?: string,
  email?: string
 ) {
- const isDemoUser = scope.indexOf('demo') > -1 || QA_ENV
+ const isDemoUser = scope.indexOf('demo') > -1 || env.QA_ENV
  logger.info(
  `isDemoUser,
  ${JSON.stringify({
@@ -187,7 +178,7 @@ export async function generateAndSendVerificationCode(
  } else {
  verificationCode = await generateVerificationCode(nonce)
  }
- if (!PRODUCTION || QA_ENV) {
+ if (!env.isProd || env.QA_ENV) {
  logger.info(
  `Sending a verification to,
  ${JSON.stringify({
@@ -247,7 +238,7 @@ export async function postUserActionToMetrics(
  userAgent: string,
  practitionerId?: string
 ) {
- const url = resolve(METRICS_URL, '/audit/events')
+ const url = resolve(env.METRICS_URL, '/audit/events')
  const body = { action: action, practitionerId }
  const authentication = 'Bearer ' + token