chore: initial commit

opengovsg · Aug 14, 2024 · 9e83674 · 9e83674
commit 9e83674
Show file tree

Hide file tree

Showing 12 changed files with 1,665 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,63 @@
+name: CI
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    types: [opened, reopened]
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    - cron:  '30 15 * * *'
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    env:
+      APP_NAME: formsg-intl
+    steps:
+      - name: Checkout opengovsg/FormSG into the same local dir
+        uses: actions/checkout@v4
+        with:
+          repository: opengovsg/FormSG
+          ref: refs/heads/release-al2
+      - name: Checkout this repo
+        uses: actions/checkout@v4
+        with:
+          path: repo
+      - name: Move repo contents into local root
+        run: mv repo/* .
+      - name: Replace files with intl-specific ones
+        run: |
+          cp -rf replacements/* .
+          rm -rf replacements
+
+      - run: ls -al frontend
+
+      - name: Substitute index.html OG params
+        run: |
+          cat frontend/public/index.html | \
+            sed 's/__OG_TITLE__/Form/' | \
+            sed 's/__OG_DESCRIPTION__/Secure forms from the government/' | \
+            sed 's/__OG_IMAGE__/og-img-metatag-publicform.png/' > frontend/public/index2.html && \
+          mv frontend/public/index2.html frontend/public/index.html
+
+      - name: Set app version
+        run: |
+          echo "APP_VERSION=$(jq -r .version package.json)-$(echo ${GITHUB_REF##*/})-$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_ENV
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASS }}
+
+      - name: Build and push docker image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          context: .
+          tags: |
+            opengovsg/${{ env.APP_NAME }}:latest
+            opengovsg/${{ env.APP_NAME }}:${{ env.APP_VERSION }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,130 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,105 @@
+# syntax=docker/dockerfile:1
+
+FROM node:hydrogen-alpine3.18 as build
+
+# node-modules-builder stage installs/compiles the node_modules folder
+# Python version must be specified starting in alpine3.12
+RUN apk update && apk upgrade && \
+    apk --no-cache add --virtual native-deps \
+    g++ gcc libgcc libstdc++ linux-headers autoconf automake make nasm python3 git curl && \
+    npm install --quiet node-gyp -g
+WORKDIR /build
+
+COPY package.json package-lock.json ./
+COPY shared/package.json shared/package-lock.json ./shared/
+COPY frontend/package.json frontend/package-lock.json ./frontend/
+COPY frontend/patches ./frontend/patches
+
+# Allow running of postinstall scripts
+# RUN npm config set unsafe-perm true
+# --legacy-peer-deps flag
+# A breaking change in the peer dependency resolution strategy was introduced in
+# npm 7. This resulted in npm throwing an error when installing packages:
+# npm ERR! code ERESOLVE
+# npm ERR! ERESOLVE unable to resolve dependency tree
+# See also:
+# * https://stackoverflow.com/questions/66239691/what-does-npm-install-legacy-peer-deps-do-exactly-when-is-it-recommended-wh
+# NOTE: This flag is used again later in the build process when calling npm prune.
+RUN npm ci --legacy-peer-deps
+
+COPY . ./
+
+# --openssl-legacy-provider flag
+# A breaking change in the SSL provider was introduced in node 17. This caused
+# webpack 4 to break. This is an interim solution; we should investigate removing
+# this flag once angular has been removed and we have upgraded to CRA5 (which uses
+# webpack 5).
+# See also:
+# * https://stackoverflow.com/questions/69692842/error-message-error0308010cdigital-envelope-routinesunsupported
+# * https://github.com/webpack/webpack/issues/14532#issuecomment-1304378535
+# These options are only used in the build stage, not the start stage.
+ENV NODE_OPTIONS="--max-old-space-size=4096 --openssl-legacy-provider"
+
+RUN npm run build
+RUN cat ./assets/demo-watermark.css >> `ls ./dist/frontend/static/css/*.css`
+
+# Move mockpass to prod dependency since we need the static certs
+RUN npm install -P @opengovsg/mockpass
+
+RUN npm prune --production --legacy-peer-deps
+
+# This stage builds the final container
+FROM node:hydrogen-alpine3.18
+LABEL maintainer="Demos at OGP<[email protected]>"
+WORKDIR /opt/formsg
+
+# Install build from backend-build
+COPY --from=build /build/node_modules /opt/formsg/node_modules
+COPY --from=build /build/package.json /opt/formsg/package.json
+COPY --from=build /build/dist /opt/formsg/dist
+
+# Grab Singpass RP jwks config from __tests__
+COPY --from=build /build/__tests__/setup/certs /opt/formsg/__tests__/setup/certs
+
+# Built backend goes back to root working directory
+RUN mv /opt/formsg/dist/backend/src /opt/formsg/
+RUN mv /opt/formsg/dist/backend/shared /opt/formsg/
+
+# Install chromium from official docs
+# https://github.com/puppeteer/puppeteer/blob/master/docs/troubleshooting.md#running-on-alpine
+# Note that each alpine version supports a specific version of chromium
+# Note that chromium and puppeteer-core are released together and it is the only version
+# that is guaranteed to work. Upgrades must be done in lockstep.
+# https://www.npmjs.com/package/puppeteer-core?activeTab=versions for corresponding versions
+
+RUN apk add --no-cache \
+# Compatible chromium versions can be found here https://pkgs.alpinelinux.org/packages?name=chromium&branch=v3.18&repo=&arch=&maintainer=
+    chromium=119.0.6045.159-r0 \
+    nss \
+    freetype \
+    freetype-dev \
+    harfbuzz \
+    ca-certificates \
+    ttf-freefont \
+    tini
+
+# Tell Puppeteer to skip installing Chrome. We'll be using the installed package.
+ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
+ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
+
+# This package is needed to render Chinese characters in autoreply PDFs
+RUN apk add font-wqy-zenhei --repository https://dl-cdn.alpinelinux.org/alpine/edge/community
+
+ENV CHROMIUM_BIN=/usr/bin/chromium-browser
+
+# Run as non-privileged user
+RUN addgroup -S formsguser && adduser -S -g formsguser formsguser
+USER formsguser
+
+ENV NODE_ENV=production
+EXPOSE 5000
+
+# tini is the init process that will adopt orphaned zombie processes
+# e.g. chromium when launched to create a new PDF
+ENTRYPOINT [ "tini", "-s", "--" ]
+CMD [ "npm", "start" ]
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Open Government Products
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,5 @@
+# FormSG International Edition
+
+Builds and publishes a Docker image to 
+opengovsg/formsg-intl
+