Merge pull request #1791 from metriport/1592-revert

1592 Revert PRs

.github/pull_request_template.md

@@ -20,9 +20,6 @@ _[Release PRs:]_
 
 _[Regular PRs:]_
 
-- [ ] E2E test updated
-- [ ] No need to update E2E tests
-
 - Local
  - [x] _[Indicate how you tested this, on local or staging]_
  - [x] ...

.github/workflows/_deploy-ihe-gw.yml

@@ -87,11 +87,6 @@ jobs:
  username: ${{ secrets.DOCKERHUB_USERNAME }}
  password: ${{ secrets.DOCKERHUB_TOKEN }}
 
- - name: Setup NodeJS
- uses: actions/setup-node@v3
- with:
- node-version: "18.14"
-
  - name: Checkout
  uses: actions/checkout@v3
  with:
@@ -152,19 +147,6 @@ jobs:
  run: docker buildx create --use
  working-directory: "./"
 
- - name: Install dependencies
- run: npm run install-deps
- working-directory: "metriport/packages/ihe-gateway"
-
- - name: Build/compile
- # build from root because of dependencies
- run: npm run build:cloud
- working-directory: "metriport/packages/ihe-gateway"
-
- - name: Run Tests
- run: npm run test
- working-directory: "metriport/packages/ihe-gateway"
-
  - name: Deploy
  run: |
  ./packages/scripts/deploy-ihe-gw.sh

packages/ihe-gateway/Dockerfile

@@ -1,5 +1,5 @@
 ARG PLATFORM=linux/amd64
-FROM --platform=$PLATFORM public.ecr.aws/docker/library/node:18-alpine
+FROM --platform=$PLATFORM alpine:3
 
 RUN apk update && apk upgrade && apk --no-cache add bash curl
 
@@ -23,15 +23,13 @@ RUN curl -SL $ARTIFACT \
  | tar -xzC /opt \
  && mv "/opt/Mirth Connect" /opt/connect
 
-RUN adduser -D -H mirth
+RUN adduser -D -H -u 1000 mirth
 RUN mkdir -p /opt/connect/appdata && chown -R mirth:mirth /opt/connect/appdata
 
 # initialization scripts and configs
 COPY scripts /opt/connect/scripts
 COPY server /opt/connect/server
 COPY config/custom-libs/aws/*.jar /opt/connect/server-lib/aws
-ADD ./metriport-ihe-gw.tar.gz /opt/connect
-
 COPY config/custom-extensions /opt/connect/custom-extensions
 VOLUME /opt/connect/appdata
 VOLUME /opt/connect/custom-lib
@@ -67,8 +65,6 @@ RUN --mount=type=secret,id=keystore_storepass \
  keytool -noprompt -trustcacerts -importcert \
  -storepass "$(grep -v '^#' /run/secrets/keystore_storepass)" -alias sequoia5 -cacerts -file /opt/connect/appdata/sequoia5.pem
 RUN (cat mcserver.vmoptions /opt/connect/docs/mcservice-java9+.vmoptions ; echo "") > mcserver_base.vmoptions
-# healthcheck
-EXPOSE 8071
 EXPOSE 8443
 EXPOSE 8080
 EXPOSE 8081

packages/ihe-gateway/README.md

@@ -94,7 +94,7 @@ To push configs and backup to the server (after you pulled from Git remote, for
 $ ./scripts/push-to-server.sh
 ```
 
-Configs are stored in the Docker image. See the script file for details on usage.
+Configs are stored in the Docker image.
 
 #### Build-time
 

packages/ihe-gateway/docker-compose.yml

@@ -54,7 +54,6 @@ services:
  HOME_COMMUNITY_NAME: "${HOME_COMMUNITY_NAME}"
  restart: on-failure
  ports:
- - "8071:8071" # Healthcheck channel
  - "8089:8080"
  - "8443:8443"
  - "8081:8081"

packages/ihe-gateway/entrypoint.sh

@@ -260,9 +260,9 @@ if ! [ -z "${DELAY+x}" ]; then
 fi
 
 # Send configs to server when it is available
-IHE_GW_URL=http:https://127.0.0.1:8080/api ./scripts/push-to-server.sh include-full-backup &
-
-# Check if the server is ready and enable the healthcheck channel
-IHE_GW_URL=http:https://127.0.0.1:8080/api node dist/check-startup.js &
+# 1. With 'strict' mode, if it fails to send configs it will kill all Java processes
+IHE_GW_URL=http:https://127.0.0.1:8080/api ./scripts/push-to-server.sh include-full-backup strict &
+# 2. Without 'strict' mode, if it fails to send configs it will just leave the script and leave Mirth running
+# IHE_GW_URL=http:https://127.0.0.1:8080/api ./scripts/push-to-server.sh include-full-backup &
 
 exec "$@"

packages/ihe-gateway/package.json

@@ -7,31 +7,24 @@
  "scripts": {
  "clean": "rimraf dist",
  "deep-clean": "npm run clean && rimraf node_modules",
- "install-deps": "npm ci --ignore-scripts --no-fund",
+ "admin": "ts-node src/admin",
  "build": "tsc -p .",
  "build:cloud": "npm run build",
  "typecheck": "tsc --noEmit",
  "lint": "npx eslint . --ext .ts",
  "lint-fix": "npm run lint --fix",
  "prettier-fix": "npx prettier '**/*.ts' --write",
- "test": "echo \"No test specified yet\"",
- "admin": "ts-node src/admin"
+ "test": "echo \"No test specified yet\""
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
- "dependencies": {
- "@aws-sdk/client-ecs": "^3.529.1",
- "axios": "^1.3.2",
- "commander": "^10.0.0",
- "dayjs": "^1.11.9",
- "dotenv": "^16.0.3"
- },
  "devDependencies": {
  "@aws-sdk/client-ecs": "^3.529.1",
- "@tsconfig/node18": "^1.0.1",
+ "@metriport/core": "file:packages/core",
+ "@metriport/shared": "file:packages/shared",
+ "@tsconfig/recommended": "^1.0.1",
  "@types/lodash": "^4.14.192",
- "@types/node": "^18.11.12",
  "@typescript-eslint/eslint-plugin": "^5.50.0",
  "@typescript-eslint/parser": "^5.50.0",
  "axios": "^1.3.2",
@@ -42,4 +35,4 @@
  "eslint-config-prettier": "^8.6.0",
  "typescript": "^4.9.5"
  }
-}
+}

packages/ihe-gateway/scripts/push-to-server.sh

@@ -5,13 +5,16 @@
 # Script to push configurations to the IHE Gateway.
 #
 # Usage:
-# ./scripts/push-to-server.sh [configurationMap|<include-full-backup>]
+# ./scripts/push-to-server.sh [configurationMap|<include-full-backup>] [strict] [no-ssl-check]
 #
 # Arguments:
 # - configurationMap: Only push the configuration map to the server. If not present, push all
 # configurations.
 # - include-full-backup: Include the full backup in the push (only when 'configurationMap' is
 # not set).
+# - no-ssl-check: Skip the SSL certificate check.
+# - strict: If the server fails to accept the configuration map or check the SLL certs, stop
+# all Java processes.
 #
 ###################################################################################################
 
@@ -20,12 +23,18 @@ set -eo pipefail
 set -eE # same as: `set -o errexit -o errtrace`
 
 cleanup() {
- echo "[config] Leaving the config script..."
+ if containsParameter "strict"; then
+ echo "[config] Strict mode: stopping all Java processes..."
+ pkill java
+ else
+ echo "[config] Non-strict mode: just leaving the config script..."
+ fi
 }
 trap cleanup ERR
 
 CONFIG_MAP_FILE=./server/ConfigurationMap.xml
 MAX_ATTEMPTS_LOGIN=20
+MAX_ATTEMPTS_VERIFY_SSL_CERT=15
 MAX_ATTEMPTS_PUSH_CONFIG_MAP=10
 
 source ./scripts/load-env.sh
@@ -114,6 +123,34 @@ setAllConfigs() {
  ./scripts/mirthsync.sh -s $IHE_GW_URL -u $ADMIN_USER -p $ADMIN_PASSWORD -i -t ./server --include-configuration-map -m code -f -d push
 }
 
+hasSSLCerts() {
+ local sslCertResp=$(curl -s --header "X-Requested-With: push-to-server" -u $ADMIN_USER:$ADMIN_PASSWORD "$IHE_GW_URL/extensions/ssl/all")
+ if [[ $sslCertResp == *"carequality"* ]]; then
+ return 0
+ fi
+ echo "[config] SSL cert response: $sslCertResp" >/dev/stderr
+ return 1
+}
+
+verifySSLCerts() {
+ if containsParameter "no-ssl-check"; then
+ echo "[config] Skipping SSL cert check"
+ return
+ fi
+ echo "[config] Checking if SSL cert is there..."
+ local counter=0
+ until hasSSLCerts; do
+ counter=$((counter + 1))
+ if [ $counter -ge $MAX_ATTEMPTS_VERIFY_SSL_CERT ]; then
+ echo "[config] SSL cert not found, gave up."
+ cleanup
+ exit 1
+ fi
+ echo "[config] SSL cert not found, trying up to $MAX_ATTEMPTS_VERIFY_SSL_CERT times..."
+ sleep 1
+ done
+}
+
 isApiAvailable() {
  local checkApiResult=$(curl -s --header "X-Requested-With: push-to-server" -u $ADMIN_USER:$ADMIN_PASSWORD -w '%{response_code}' -o /dev/null "$IHE_GW_URL/server/jvm")
  if [[ $checkApiResult -lt 100 ]]; then
@@ -162,9 +199,13 @@ waitServerOnline
 
 echo "[config] Pushing configs to the server..."
 if containsParameter "configurationMap"; then
+ # since we are only pushing the configuration map, we should first check if SSL certs are there
+ verifySSLCerts
  setConfigurationMap
 else
+ # since we are pushing all configurations - which include the SSL certs, let's check certs afterwards
  setAllConfigs
+ verifySSLCerts
 fi
 
 echo "[config] Done."