chore: add DB_CA_CERT option to postgres db connections for SSL

[coodos]

Description of change

adds additional config for SSL connection in postgres

Issue Number

Type of change

• Chore (refactoring, build scripts or anything else that isn't user-facing)

How the change has been tested

Change checklist

• I have ensured that the CI Checks pass locally
• I have removed any unnecessary logic
• My code is well documented
• I have signed my commits
• My code follows the pattern of the application
• I have self reviewed my code

Summary by CodeRabbit

• New Features
  • Added optional SSL/TLS encryption for database connections across all platform services. When a CA certificate is provided via environment configuration, database connections automatically use secure TLS. Without configuration, connections operate in standard mode.

[coderabbitai]

Walkthrough

Adds conditional SSL/TLS configuration to database connections across 8 TypeORM DataSource configurations. Each now conditionally enables SSL with CA certificate verification when DB_CA_CERT environment variable is set, otherwise disables SSL.

Changes

Cohort / File(s)

Summary

Conditional SSL configuration for database connections infrastructure/evault-core/src/config/database.ts, infrastructure/evault-core/src/core/provisioning/config/database.ts, platforms/cerberus/src/database/data-source.ts, platforms/dreamsync-api/src/database/data-source.ts, platforms/evoting-api/src/database/data-source.ts, platforms/group-charter-manager-api/src/database/data-source.ts, platforms/pictique-api/src/database/data-source.ts, platforms/registry/src/config/database.ts

Added conditional ssl option to TypeORM DataSource configuration: when DB_CA_CERT is defined, sets { rejectUnauthorized: false, ca: DB_CA_CERT }; otherwise sets ssl: false.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify the same pattern is correctly applied across all 8 files
• Confirm environment variable naming (DB_CA_CERT) is consistent
• Check that SSL configuration object structure matches in each file

Poem

🐰 Eight paths to safer databases we've paved,
With certificates and caution, connections well-behaved.
When DB_CA_CERT appears, security's in place,
Otherwise we simply embrace false—
A unified dance of TLS, swiftly braved! 🔐

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description is incomplete. It provides the type of change (Chore) and a basic description, but lacks critical details such as testing specifics, issue number, and complete implementation context.	Add more specific details: what testing was performed, which issue this addresses, and any deployment or configuration considerations for the SSL changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding DB_CA_CERT option to PostgreSQL database connections for SSL configuration across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/add-db-ca-cert

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

🧹 Nitpick comments (1)

infrastructure/evault-core/src/config/database.ts (1)

18-23: Consider extracting SSL configuration to a shared utility.

The same SSL configuration pattern is duplicated across 8 files in this PR. Consider creating a shared utility function in the infrastructure layer to reduce duplication and ensure consistency.

Example implementation in a shared file (e.g., infrastructure/evault-core/src/config/ssl-config.ts):

import type { DataSourceOptions } from "typeorm";

export function getDatabaseSslConfig(): DataSourceOptions["ssl"] {
    return process.env.DB_CA_CERT
        ? {
              ca: process.env.DB_CA_CERT,
          }
        : false;
}

Then import and use in each DataSource configuration:

import { getDatabaseSslConfig } from "path/to/ssl-config";

export const AppDataSource = new DataSource({
    // ... other options
    ssl: getDatabaseSslConfig(),
});

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e4d2d47 and 23669cd.

📒 Files selected for processing (8)

• infrastructure/evault-core/src/config/database.ts (1 hunks)
• infrastructure/evault-core/src/core/provisioning/config/database.ts (1 hunks)
• platforms/cerberus/src/database/data-source.ts (1 hunks)
• platforms/dreamsync-api/src/database/data-source.ts (1 hunks)
• platforms/evoting-api/src/database/data-source.ts (1 hunks)
• platforms/group-charter-manager-api/src/database/data-source.ts (1 hunks)
• platforms/pictique-api/src/database/data-source.ts (1 hunks)
• platforms/registry/src/config/database.ts (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: lint
• GitHub Check: test
• GitHub Check: test-web3-adapter-integration
• GitHub Check: test