From 12fe043903f7ebcbf26f88397cc6942b47fcf1cd Mon Sep 17 00:00:00 2001
From: seaerchin <jiachin@open.gov.sg>
Date: Tue, 19 Dec 2023 17:06:31 +0800
Subject: [PATCH 1/4] feat(docker): setup github stuff to be parity wtih efs

---
 .gitignore                              |  1 +
 Dockerfile                              |  8 -------
 Dockerfile.develop                      | 22 +++++++++++++++++++
 docker-compose.yml                      |  5 ++++-
 scripts/04_add_github_to_known_hosts.sh | 28 +++++++++++++++++++++++++
 5 files changed, 55 insertions(+), 9 deletions(-)
 delete mode 100644 Dockerfile
 create mode 100644 Dockerfile.develop
 create mode 100644 scripts/04_add_github_to_known_hosts.sh

diff --git a/.gitignore b/.gitignore
index c53d70f7e..dc81c9289 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ build/
 .step-functions-local/
 .serverless/
 .cache_ggshield
+.ssh/
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index e967a233f..000000000
--- a/Dockerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM node:18-alpine AS base
-WORKDIR /opt/isomercms-backend
-COPY . .
-RUN apk update
-RUN apk add git
-RUN npm ci
-EXPOSE "8081"
-CMD ["npm", "run", "dev:server"]
diff --git a/Dockerfile.develop b/Dockerfile.develop
new file mode 100644
index 000000000..8f44482d0
--- /dev/null
+++ b/Dockerfile.develop
@@ -0,0 +1,22 @@
+FROM node:18-alpine AS base
+WORKDIR /opt/isomercms-backend
+RUN mkdir /root/.ssh
+COPY . .
+COPY ./.ssh /root/.ssh
+RUN chmod 600 /root/.ssh/github.pub
+RUN chmod 600 /root/.ssh/github
+RUN apk update
+RUN apk add git
+RUN apk add openssh-client
+# RUN npm ci
+RUN cat <<EOF >/root/.ssh/config 
+Host github.com
+  IdentityFile /root/.ssh/github
+  User git
+EOF
+
+RUN chmod +x ./scripts/04_add_github_to_known_hosts.sh
+RUN sh ./scripts/04_add_github_to_known_hosts.sh
+
+EXPOSE "8081"
+CMD ["npm", "run", "dev:server"] 
diff --git a/docker-compose.yml b/docker-compose.yml
index 4c4c1a467..9197ea63c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,9 @@
 version: "3"
 services:
   web:
-    build: .
+    build:
+      context: .
+      dockerfile: Dockerfile.develop
     ports:
       - "8081:8081"
     depends_on:
@@ -15,6 +17,7 @@ services:
       - ./:/opt/isomercms-backend
       - /opt/isomercms-backend/node_modules
       - ${EFS_VOL_PATH}:${EFS_VOL_PATH}
+      - "~/.gitconfig:/etc/gitconfig"
 
   postgres:
     image: "postgres:13-alpine"
diff --git a/scripts/04_add_github_to_known_hosts.sh b/scripts/04_add_github_to_known_hosts.sh
new file mode 100644
index 000000000..8bfdd0d2d
--- /dev/null
+++ b/scripts/04_add_github_to_known_hosts.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Get the server's public key
+ssh-keyscan -t rsa github.com >github_rsa.pub
+
+# Generate the key's fingerprint
+SERVER_FINGERPRINT=$(ssh-keygen -lf github_rsa.pub | awk '{print $2}')
+echo "SERVER_FINGERPRINT: $SERVER_FINGERPRINT" >/tmp/setup-github-known-hosts.txt
+
+# The official GitHub RSA fingerprint
+# https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
+OFFICIAL_FINGERPRINT="SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s"
+
+# Check if the server's fingerprint matches the official fingerprint
+# Note: This check is important to prevent any MITM attacks
+if [ "$SERVER_FINGERPRINT" = "$OFFICIAL_FINGERPRINT" ]; then
+    # If the fingerprints match, add the public key to the known_hosts file
+    cat github_rsa.pub >/root/.ssh/known_hosts
+    echo "GitHub's public key added to known_hosts." >>/tmp/setup-github-known-hosts.txt
+else
+    # If the fingerprints don't match, output a warning and exit with an error
+    echo "WARNING: The server's SSH key fingerprint doesn't match the official GitHub fingerprint." >>/tmp/setup-github-known-hosts.txt
+    rm github_rsa.pub
+    exit 1
+fi
+
+# Remove the temporary public key file
+rm github_rsa.pub

From 522ef0970efe4b4949cfd1af5483988bf1e3e735 Mon Sep 17 00:00:00 2001
From: seaerchin <jiachin@open.gov.sg>
Date: Tue, 19 Dec 2023 17:10:00 +0800
Subject: [PATCH 2/4] fix(dockerfile): uncomment npm ci

---
 Dockerfile.develop | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile.develop b/Dockerfile.develop
index 8f44482d0..9b541658a 100644
--- a/Dockerfile.develop
+++ b/Dockerfile.develop
@@ -8,7 +8,7 @@ RUN chmod 600 /root/.ssh/github
 RUN apk update
 RUN apk add git
 RUN apk add openssh-client
-# RUN npm ci
+RUN npm ci
 RUN cat <<EOF >/root/.ssh/config 
 Host github.com
   IdentityFile /root/.ssh/github

From f821453529fdc85f305fa6c867adf0cbc309a99f Mon Sep 17 00:00:00 2001
From: seaerchin <jiachin@open.gov.sg>
Date: Tue, 19 Dec 2023 17:16:37 +0800
Subject: [PATCH 3/4] fix(ci): update ci

---
 .env.test                | 2 +-
 .github/workflows/ci.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.env.test b/.env.test
index 0fa133722..76bd840fc 100644
--- a/.env.test
+++ b/.env.test
@@ -34,7 +34,7 @@ export E2E_TEST_SECRET="test"
 export E2E_TEST_GH_TOKEN="test"
 
 # Database
-export DB_URI="postgres://isomer:password@localhost:54321/isomercms_test"
+export DB_URI="postgres://isomer:password@postgres_test:54321/isomercms_test"
 export DB_MIN_POOL="1"
 export DB_MAX_POOL="10"
 export DB_ENABLE_LOGGING="true"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1e0a985a5..e5dc83d6d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -86,7 +86,7 @@ jobs:
           path: ~/.npm
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
       - run: npm ci
-      - run: npm run dev:services
+      - run: npm run dev
       - run: . .env.test && npx jest --runInBand
       - run: docker compose down
 

From ce3e28afdfced02c81163d964ec0209937ad80fd Mon Sep 17 00:00:00 2001
From: seaerchin <jiachin@open.gov.sg>
Date: Tue, 19 Dec 2023 18:02:24 +0800
Subject: [PATCH 4/4] fix(env): separate test env from dev env

---
 .env.test                                    |  2 +-
 .github/workflows/ci.yml                     |  2 +-
 docker-compose.yml => docker-compose.dev.yml | 12 ------------
 docker-compose.test.yml                      | 13 +++++++++++++
 package.json                                 |  2 +-
 5 files changed, 16 insertions(+), 15 deletions(-)
 rename docker-compose.yml => docker-compose.dev.yml (60%)
 create mode 100644 docker-compose.test.yml

diff --git a/.env.test b/.env.test
index 76bd840fc..0fa133722 100644
--- a/.env.test
+++ b/.env.test
@@ -34,7 +34,7 @@ export E2E_TEST_SECRET="test"
 export E2E_TEST_GH_TOKEN="test"
 
 # Database
-export DB_URI="postgres://isomer:password@postgres_test:54321/isomercms_test"
+export DB_URI="postgres://isomer:password@localhost:54321/isomercms_test"
 export DB_MIN_POOL="1"
 export DB_MAX_POOL="10"
 export DB_ENABLE_LOGGING="true"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e5dc83d6d..cd39ea2f8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -86,7 +86,7 @@ jobs:
           path: ~/.npm
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
       - run: npm ci
-      - run: npm run dev
+      - run: docker compose -f docker-compose.test.yml up
       - run: . .env.test && npx jest --runInBand
       - run: docker compose down
 
diff --git a/docker-compose.yml b/docker-compose.dev.yml
similarity index 60%
rename from docker-compose.yml
rename to docker-compose.dev.yml
index 9197ea63c..2688656ca 100644
--- a/docker-compose.yml
+++ b/docker-compose.dev.yml
@@ -10,9 +10,6 @@ services:
       - postgres
     env_file:
       - .env
-    environment:
-      # postgres://user:pass@hostname:port/database
-      - DB_URI=postgres://isomer:password@postgres:5432/isomercms_dev
     volumes:
       - ./:/opt/isomercms-backend
       - /opt/isomercms-backend/node_modules
@@ -30,14 +27,5 @@ services:
     volumes:
       - isomercms_data:/var/lib/postgresql/data
 
-  postgres_test:
-    image: "postgres:13-alpine"
-    environment:
-      POSTGRES_USER: isomer
-      POSTGRES_PASSWORD: password
-      POSTGRES_DB: isomercms_test
-    ports:
-      # use a different port to avoid blocking dev environment when running tests
-      - "54321:5432"
 volumes:
   isomercms_data:
diff --git a/docker-compose.test.yml b/docker-compose.test.yml
new file mode 100644
index 000000000..d427b11a0
--- /dev/null
+++ b/docker-compose.test.yml
@@ -0,0 +1,13 @@
+version: "3"
+services:
+  postgres_test:
+    image: "postgres:13-alpine"
+    environment:
+      POSTGRES_USER: isomer
+      POSTGRES_PASSWORD: password
+      POSTGRES_DB: isomercms_test
+    ports:
+      # use a different port to avoid blocking dev environment when running tests
+      - "54321:5432"
+volumes:
+  isomercms_data:
diff --git a/package.json b/package.json
index 951017c6f..f1bd63e38 100644
--- a/package.json
+++ b/package.json
@@ -6,7 +6,7 @@
     "build": "tsc -p tsconfig.build.json",
     "start": "node --unhandled-rejections=warn -r ts-node/register/transpile-only -r tsconfig-paths/register -r dotenv/config build/server.js dotenv_config_path=/efs/isomer/.isomer.env",
     "dev:server": "source .env && ts-node-dev --unhandled-rejections=warn --respawn src/server.js",
-    "dev": "docker compose up",
+    "dev": "docker compose -f docker-compose.dev.yml up",
     "test": "source .env.test && jest --runInBand",
     "release": "npm version $npm_config_isomer_update && git push --tags",
     "lint": "npx eslint .",