opencrvs
diff --git a/‎.husky/pre-push‎
Lines changed: 4 additions & 2 deletions b/‎.husky/pre-push‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 22 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎infrastructure/docker-compose.deploy.yml‎
Lines changed: 45 additions & 1 deletion b/‎infrastructure/docker-compose.deploy.yml‎
Lines changed: 45 additions & 1 deletion
diff --git a/‎infrastructure/server-setup/files/sshd_audit_hardening.24.04.conf‎
Lines changed: 3 additions & 3 deletions b/‎infrastructure/server-setup/files/sshd_audit_hardening.24.04.conf‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎package.json‎
Lines changed: 4 additions & 6 deletions b/‎package.json‎
Lines changed: 4 additions & 6 deletions
@@ -1,8 +1,8 @@
-#!/bin/sh
-
 branch=$(git rev-parse --abbrev-ref HEAD)
 pattern='^[a-z][a-z0-9\/\-]{1,29}$'
 
+bash << EOF
+
 if [[ ! "$branch" =~ $pattern ]]; then
     echo """
   ❌ Invalid branch name: '$branch'
@@ -16,4 +16,6 @@ if [[ ! "$branch" =~ $pattern ]]; then
     exit 1
 fi
 
+EOF
+
 exit 0
@@ -1,5 +1,27 @@
 # Changelog
 
+## 2.0.0
+
+### Breaking changes
+
+- Switch to docker.io/chumaky/postgres_mongo_fdw:17.6_fdw5.5.2 image to support `mongo_fdw`. This is required for the legacy user migrations to work. It will be switched back to the official postgres image in a future release.
+- A new service `legacy-user-migration` which runs the same migration image but with the `migrate-legacy-users` flag and with the following new environment variables:
+  - EVENTS_SUPERUSER_POSTGRES_URL
+  - MONGO_HOST
+  - MONGO_PORT
+  - MONGO_USERNAME
+  - MONGO_PASSWORD
+  - MONGO_REPLICA_SET
+
+The default values for these variables have been added to the `docker-compose.deploy.yml` file. They should work out of the box for most deployments, but please ensure to set them correctly if you have a custom MongoDB setup.
+
+## 1.9.2
+
+### New features
+
+- Certificate templates now support multi-page SVGs using <g data-page="X">...</g>, allowing implementors to configure and render multi-page certificates.
+- Birth certificate PDF export now omits header, footer, and QR code; example SVG updated for security-paper templates.
+
 ## 1.9.1
 
 ### Breaking changes
 
@@ -913,6 +913,7 @@ services:
       options:
         gelf-address: 'udp://127.0.0.1:12201'
         tag: 'config'
+
   migration:
     environment:
       - USER_MGNT_MONGO_URL=mongodb://user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/user-mgnt?replicaSet=rs0
@@ -942,6 +943,49 @@ services:
       options:
         gelf-address: 'udp://127.0.0.1:12201'
         tag: 'migration'
+
+  legacy-user-migration:
+    image: ghcr.io/opencrvs/ocrvs-migration:${VERSION}
+    command: ["/bin/sh", "-c", "/app/wait && yarn start:prod --migrate-legacy-users"]
+    environment:
+      - USER_MGNT_MONGO_URL=mongodb://user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/user-mgnt?replicaSet=rs0
+      - DASHBOARD_MONGO_URL=mongodb://performance:${PERFORMANCE_MONGODB_PASSWORD}@mongo1/performance?replicaSet=rs0
+      - APPLICATION_CONFIG_MONGO_URL=mongodb://config:${CONFIG_MONGODB_PASSWORD}@mongo1/application-config?replicaSet=rs0
+      - HEARTH_MONGO_URL=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0
+      - EVENTS_MONGO_URL=mongodb://events:${EVENTS_MONGODB_PASSWORD}@mongo1/events?replicaSet=rs0
+      - OPENHIM_MONGO_URL=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0
+      - EVENTS_POSTGRES_URL=postgres://events_migrator:${EVENTS_MIGRATOR_POSTGRES_PASSWORD}@postgres/events
+      - EVENTS_SUPERUSER_POSTGRES_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/events
+      - SEARCH_URL=http://search:9090/
+      - ES_HOST=search-user:${ROTATING_SEARCH_ELASTIC_PASSWORD}@elasticsearch:9200
+      - INFLUX_HOST=influxdb
+      - INFLUX_PORT=8086
+      - INFLUX_DB=ocrvs
+      - WAIT_HOSTS=mongo1:27017,influxdb:8086,minio:9000,elasticsearch:9200
+      - MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
+      - MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
+      - MINIO_HOST=minio
+      - MINIO_PORT=9000
+      - MINIO_BUCKET=ocrvs
+      - SUPER_USER_PASSWORD=${SUPER_USER_PASSWORD}
+      - MONGO_HOST=mongo1
+      - MONGO_PORT=27017
+      - MONGO_USERNAME=${MONGODB_ADMIN_USER}
+      - MONGO_PASSWORD=${MONGODB_ADMIN_PASSWORD}
+      - MONGO_REPLICA_SET=rs0
+    deploy:
+      labels:
+        - 'traefik.enable=false'
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+    networks:
+      - overlay_net
+    logging:
+      driver: gelf
+      options:
+        gelf-address: 'udp://127.0.0.1:12201'
+        tag: 'legacy-user-migration'
   # Configure other dependencies with deployment specifc details
   hearth:
     environment:
@@ -967,7 +1011,7 @@ services:
         tag: 'hearth'
 
   postgres:
-    image: postgres:17.6
+    image: docker.io/chumaky/postgres_mongo_fdw:17.6_fdw5.5.2
     networks:
       - overlay_net
     restart: unless-stopped
 
@@ -1,11 +1,11 @@
 # Source: https://www.ssh-audit.com/hardening_guides.html#ubuntu_24_04_lts
 # Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com hardening guide.
-KexAlgorithms [email protected],gss-curve25519-sha256-,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,gss-group16-sha512-,diffie-hellman-group16-sha512
+KexAlgorithms [email protected],curve25519-sha256,[email protected],diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512
 Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,[email protected],aes128-ctr
 MACs [email protected],[email protected],[email protected]
 RequiredRSASize 3072
 HostKeyAlgorithms [email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256
 CASignatureAlgorithms [email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256
-GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-group16-sha512-
+#GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-group16-sha512-
 HostbasedAcceptedAlgorithms [email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256
-PubkeyAcceptedAlgorithms [email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256
+PubkeyAcceptedAlgorithms [email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256
@@ -1,6 +1,6 @@
 {
   "name": "@opencrvs/countryconfig",
-  "version": "1.9.1",
+  "version": "1.9.2",
   "description": "OpenCRVS country configuration for reference data",
   "os": [
     "darwin",
@@ -26,7 +26,8 @@
     "port-forward": "bash infrastructure/port-forward.sh",
     "environment:init": "ts-node infrastructure/environments/setup-environment.ts",
     "environment:upgrade": "yarn environment:init",
-    "sort-translations": "cross-env NODE_ENV=development ts-node -r tsconfig-paths/register src/sort-translations.ts"
+    "sort-translations": "cross-env NODE_ENV=development ts-node -r tsconfig-paths/register src/sort-translations.ts",
+    "prepare": "husky"
   },
   "devDependencies": {
     "@inquirer/editor": "^1.2.13",
@@ -63,7 +64,7 @@
     "@hapi/boom": "^9.1.1",
     "@hapi/hapi": "^20.0.1",
     "@hapi/inert": "^6.0.3",
-    "@opencrvs/toolkit": "1.9.0-rc.cdc3e01",
+    "@opencrvs/toolkit": "1.9.2-rc.1191623",
     "@types/chalk": "^2.2.0",
     "@types/csv2json": "^1.4.0",
     "@types/fhir": "^0.0.30",
@@ -123,8 +124,5 @@
   },
   "resolutions": {
     "acorn": "^6.4.1"
-  },
-  "husky": {
-    "hooks": {}
   }
 }