add QA_ENV flag

opencrvs · Sep 11, 2024 · d78ab37 · d78ab37
1 parent b87e484
commit d78ab37
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 45 deletions.
diff --git a/.github/workflows/clear-environment.yml b/.github/workflows/clear-environment.yml
@@ -28,7 +28,7 @@ on:
 
 jobs:
   reset-data:
-    name: 'Reset data'
+    name: 'Reset data from stack ${{ inputs.stack }} in ${{ inputs.environment }}'
     environment: ${{ inputs.environment }}
     runs-on: ubuntu-22.04
     outputs:
@@ -74,7 +74,6 @@ jobs:
           MINIO_ROOT_USER: ${{ secrets.MINIO_ROOT_USER }}
           MINIO_ROOT_PASSWORD: ${{ secrets.MINIO_ROOT_PASSWORD }}
           SSH_ARGS: ${{ vars.SSH_ARGS }}
-          STACK: ${{ inputs.stack }}
         run: |
           ssh -p $SSH_PORT $SSH_USER@$SSH_HOST $SSH_ARGS "
             ELASTICSEARCH_ADMIN_USER=elastic \
@@ -83,11 +82,9 @@ jobs:
             MONGODB_ADMIN_PASSWORD=$MONGODB_ADMIN_PASSWORD \
             MINIO_ROOT_USER=$MINIO_ROOT_USER \
             MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD \
-            /opt/opencrvs/infrastructure/clear-all-data.sh $REPLICAS $STACK"
+            /opt/opencrvs/infrastructure/clear-all-data.sh $REPLICAS ${{ inputs.stack }}"
 
           echo "Running migrations..."
           echo
           ssh -p $SSH_PORT $SSH_USER@$SSH_HOST $SSH_ARGS "
-              ELASTICSEARCH_ADMIN_USER=elastic \
-              ELASTICSEARCH_ADMIN_PASSWORD=$ELASTICSEARCH_SUPERUSER_PASSWORD \
-              /opt/opencrvs/infrastructure/run-migrations.sh"
+              /opt/opencrvs/infrastructure/run-migrations.sh ${{ inputs.stack }}"
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -1,18 +1,12 @@
 name: E2E
-run-name: Deploy to ${{ github.event.inputs.environment }} and E2E
+run-name: Deploy to ${{ github.event.inputs.stack }} and E2E
 on:
-  push:
-    branches:
-      - e2e/*
   workflow_dispatch:
     inputs:
-      environment:
-        type: choice
-        description: Environment to deploy to
+      stack:
+        type: string
+        description: Stack name
         required: true
-        default: 'development'
-        options:
-          - development
 
 jobs:
   discover-tests:
@@ -50,7 +44,7 @@ jobs:
   test:
     needs: [discover-tests]
     runs-on: ubuntu-22.04
-    environment: ${{ github.event.inputs.environment || 'development' }}
+    environment: qa
     strategy:
       fail-fast: false
       matrix:
@@ -92,7 +86,7 @@ jobs:
         if: steps.check-specs.outputs.has_spec_files == 'true'
         run: npx playwright test ./e2e/testcases/${{ matrix.test_dir }}
         env:
-          DOMAIN: '${{ vars.DOMAIN }}'
+          DOMAIN: '${{inputs.stack}}.${{ vars.DOMAIN }}'
 
       - uses: actions/upload-artifact@v4
         if: steps.check-specs.outputs.has_spec_files == 'true'

diff --git a/infrastructure/clear-all-data.sh b/infrastructure/clear-all-data.sh
@@ -102,11 +102,7 @@ docker run --rm --network=$NETWORK appropriate/curl curl -X POST "http://influxd
 #-----------------------------
 docker run --rm --network=$NETWORK --entrypoint=/bin/sh minio/mc -c "\
   mc alias set myminio http://minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD && \
-  mc rm --recursive --force myminio/${STACK}__ocrvs && \
-  mc rb myminio/${STACK}__ocrvs && \
-  mc mb myminio/${STACK}__ocrvs"
-
-# Delete all data from metabase
-#-----------------------------
-docker exec $(docker ps | grep opencrvs_dashboards | awk '{print $1}' | head -n 1) /bin/sh -c "rm -rf /data/metabase/*"
+  mc rm --recursive --force myminio/${STACK}--ocrvs && \
+  mc rb myminio/${STACK}--ocrvs && \
+  mc mb myminio/${STACK}--ocrvs"
 
diff --git a/infrastructure/docker-compose.app.yml b/infrastructure/docker-compose.app.yml
@@ -3,6 +3,7 @@ services:
   hearth:
     image: opencrvs/hearth:1.1.0
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - mongodb__url=mongodb://${STACK}__hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/${STACK}__hearth-dev?replicaSet=rs0
       - logger__level=warn
@@ -31,6 +32,7 @@ services:
     secrets:
       - jwt-public-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - LANGUAGES=en,fr
@@ -84,6 +86,7 @@ services:
         - 'traefik.http.routers.${STACK}__block-dashboard-queries.middlewares=${STACK}__block-internal-routes'
       replicas: 1
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - FHIR_URL=http://hearth:3447/fhir
@@ -96,6 +99,7 @@ services:
       - COUNTRY_CONFIG_URL=https://countryconfig.${STACK}.{{hostname}}
       - LOGIN_URL=https://login.${STACK}.{{hostname}}
       - CLIENT_APP_URL=https://register.${STACK}.{{hostname}}
+      - SENDER_EMAIL_ADDRESS=${SENDER_EMAIL_ADDRESS}
       # This needs to be the internal swarm url
       # as containers cannot connect to the web
       - GATEWAY_URL=http://gateway:7070
@@ -122,6 +126,7 @@ services:
   login:
     image: opencrvs/ocrvs-login:${VERSION}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - COUNTRY_CONFIG_URL=https://countryconfig.${STACK}.{{hostname}}
       - CONTENT_SECURITY_POLICY_WILDCARD=${CONTENT_SECURITY_POLICY_WILDCARD}
@@ -154,6 +159,7 @@ services:
   client:
     image: opencrvs/ocrvs-client:${VERSION}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - DECLARED_DECLARATION_SEARCH_QUERY_COUNT=100
       - COUNTRY_CONFIG_URL=https://countryconfig.${STACK}.{{hostname}}
@@ -194,10 +200,12 @@ services:
     secrets:
       - jwt-public-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - LANGUAGES=en,fr
       - SENTRY_DSN=${SENTRY_DSN:-}
+      - DISABLE_RATE_LIMIT=true
       - APN_SERVICE_URL=http://apm-server:8200
       - CERT_PUBLIC_KEY_PATH=/run/secrets/jwt-public-key.{{STACK}}.{{ts}}
       - LOGIN_URL=https://login.${STACK}.{{hostname}}
@@ -250,6 +258,7 @@ services:
     secrets:
       - jwt-public-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - LANGUAGES=en,fr
@@ -284,6 +293,7 @@ services:
     secrets:
       - jwt-public-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - SENTRY_DSN=${SENTRY_DSN:-}
@@ -314,6 +324,7 @@ services:
     volumes:
       - /data/vsexport:/usr/src/app/packages/metrics/src/scripts
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - SENTRY_DSN=${SENTRY_DSN:-}
@@ -353,6 +364,7 @@ services:
       - jwt-public-key.{{STACK}}.{{ts}}
       - jwt-private-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - SENTRY_DSN=${SENTRY_DSN:-}
@@ -399,6 +411,7 @@ services:
     secrets:
       - jwt-public-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - SENTRY_DSN=${SENTRY_DSN:-}
@@ -429,6 +442,7 @@ services:
     secrets:
       - jwt-public-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - SENTRY_DSN=${SENTRY_DSN:-}
@@ -470,6 +484,7 @@ services:
     secrets:
       - jwt-public-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - SENTRY_DSN=${SENTRY_DSN:-}
@@ -525,6 +540,7 @@ services:
     secrets:
       - jwt-public-key.{{STACK}}.{{ts}}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - NODE_ENV=production
       - APN_SERVICE_URL=http://apm-server:8200
@@ -548,6 +564,7 @@ services:
   scheduler:
     image: opencrvs/ocrvs-scheduler:${VERSION}
     environment:
+      - QA_ENV=true
       - NODE_ENV=production
       - METRICS_URL=http://metrics:1050
     deploy:
@@ -566,6 +583,7 @@ services:
   migration:
     image: opencrvs/ocrvs-migration:${VERSION}
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - ELASTICSEARCH_INDEX_NAME=ocrvs--${STACK}
       - USER_MGNT_MONGO_URL=mongodb://${STACK}__user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/${STACK}__user-mgnt?replicaSet=rs0
@@ -614,6 +632,7 @@ services:
       restart_policy:
         condition: none
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       - REPLICAS=1
       - DATABASE_PREFIX=${STACK}
@@ -646,6 +665,7 @@ services:
       - overlay_net
       - dependencies_overlay_net
     environment:
+      - QA_ENV=true
       - HOST=0.0.0.0
       # Note that only mongo1 is used here on purpose for all environments
       # https://discourse.metabase.com/t/solved-add-mongodb-replicaset-database/7404/2

diff --git a/infrastructure/elasticsearch/roles/search_user.json b/infrastructure/elasticsearch/roles/search_user.json
@@ -2,7 +2,7 @@
   "cluster": ["manage"],
   "indices": [
     {
-      "names": ["ocrvs", "ocrvs-*"],
+      "names": ["*__ocrvs", "ocrvs", "ocrvs-*", "ocrvs--*"],
       "privileges": [
         "write",
         "create",

diff --git a/infrastructure/mongodb/on-deploy.sh b/infrastructure/mongodb/on-deploy.sh
@@ -120,7 +120,7 @@ if [[ $HEARTH_USER != "FOUND" ]]; then
   db.createUser({
     user: '${DATABASE_PREFIX}__hearth',
     pwd: '$HEARTH_MONGODB_PASSWORD',
-    roles: [{ role: 'readWrite', db: "${DATABASE_PREFIX}__hearth" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__hearth-dev" }]
+    roles: [{ role: 'readWrite', db: "${DATABASE_PREFIX}__hearth" }, { role: 'readWrite', db: "performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__hearth-dev" }]
   })
   use performance
   db.createUser({
@@ -135,7 +135,7 @@ else
   use ${DATABASE_PREFIX}__hearth-dev
   db.updateUser('${DATABASE_PREFIX}__hearth', {
     pwd: '$HEARTH_MONGODB_PASSWORD',
-    roles: [{ role: 'readWrite', db: "${DATABASE_PREFIX}__hearth" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__hearth-dev" }]
+    roles: [{ role: 'readWrite', db: "${DATABASE_PREFIX}__hearth" }, { role: 'readWrite', db: "performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__hearth-dev" }]
   })
   use performance
   db.updateUser('${DATABASE_PREFIX}__hearth', {

diff --git a/infrastructure/run-migrations.sh b/infrastructure/run-migrations.sh
@@ -8,22 +8,7 @@
 # Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
 set -e
 
-print_usage_and_exit () {
-    echo 'Usage: ./run-migrations.sh'
-    echo ""
-    echo "If your Elasticsearch is password protected, an admin user's credentials can be given as environment variables:"
-    echo "ELASTICSEARCH_ADMIN_USER=your_user ELASTICSEARCH_ADMIN_PASSWORD=your_pass"
-    exit 1
-    exit 1
-}
-
-elasticsearch_host() {
-  if [ ! -z ${ELASTICSEARCH_ADMIN_USER+x} ] || [ ! -z ${ELASTICSEARCH_ADMIN_PASSWORD+x} ]; then
-    echo "$ELASTICSEARCH_ADMIN_USER:$ELASTICSEARCH_ADMIN_PASSWORD@elasticsearch:9200";
-  else
-    echo "elasticsearch:9200";
-  fi
-}
+STACK=$1
 
 # run migration by restarting migration service
-docker service update --force --update-parallelism 1 --update-delay 30s $STACK_migration
+docker service update --force --update-parallelism 1 --update-delay 30s "${STACK}_migration"