wip: update tmpl

.bin/scripts/docker-login.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+read -p "[ghcr.io] user ? : " u
+read -p "[ghcr.io] GH personnal token ? : " p
+
+echo "Login sur le registry ..."
+echo $p | docker login ghcr.io -u "$u" --password-stdin
+echo "Logged!"

.bin/scripts/get-vault-password-client.sh

@@ -14,7 +14,7 @@ readonly VAULT_DIR="${ROOT_DIR}/.infra/vault"
 readonly VAULT_FILE="${VAULT_DIR}/vault.yml"
 readonly PRODUCT_NAME="tmpl"
 
-DOCUMENT_CONTENT=$(op document get ".vault-password-${PRODUCT_NAME}" --vault "mna-vault-passwords-common" || echo "")
+DOCUMENT_CONTENT=$(op --account mission-apprentissage document get ".vault-password-${PRODUCT_NAME}" --vault "mna-vault-passwords-common" || echo "")
 vault_password_file="${VAULT_DIR}/.vault-password.gpg"
 previous_vault_password_file="${VAULT_DIR}/.vault-password-previous.gpg"
 

.bin/scripts/run-playbook.sh

@@ -13,7 +13,7 @@ function runPlaybook() {
   local ansible_extra_opts=()
   if [[ -z "${ANSIBLE_BECOME_PASS:-}" ]]; then
     if [[ $* != *"pass"* ]]; then
-        local become_pass=$(op read op://Private/${PRODUCT_NAME}-$ENV_FILTER/password 2> /dev/null);
+        local become_pass=$(op --account mission-apprentissage read op://Private/${PRODUCT_NAME}-$ENV_FILTER/password 2> /dev/null);
         if [ -z $become_pass ]; then
           echo "Si vous avez 1password CLI, il est possible de récupérer le password automatiquement"
           echo "Pour cela, ajouter le dans le vault "Private" l'item ${PRODUCT_NAME}-$ENV_FILTER avec le champs password"
@@ -29,7 +29,7 @@ function runPlaybook() {
 
   if [[ -z "${ANSIBLE_REMOTE_USER:-}" ]]; then
     if [[ $* != *"--user"* ]]; then
-        local username=$(op read op://Private/${PRODUCT_NAME}-$ENV_FILTER/username 2> /dev/null);
+        local username=$(op --account mission-apprentissage read op://Private/${PRODUCT_NAME}-$ENV_FILTER/username 2> /dev/null);
         if [ -z $username ]; then
           echo "Si vous avez 1password CLI, il est possible de récupérer le username automatiquement"
           echo "Pour cela, ajouter le dans le vault "Private" l'item ${PRODUCT_NAME}-$ENV_FILTER avec le champs username"
@@ -61,5 +61,5 @@ function runPlaybook() {
 if [[ -z "${CI:-}" ]]; then
   runPlaybook "$@"
 else
-  runPlaybook "$@" &> /tmp/deploy.log
+  runPlaybook "$@" &> /tmp/deploy_error.log
 fi;

.dockerignore

@@ -2,6 +2,7 @@
 
 !/server/src
 !/server/static
+!/server/types
 !/server/package.json
 !/server/tsconfig.json
 !/server/tsup.config.ts
@@ -30,3 +31,5 @@
 **/node_modules
 */tests
 **/logs
+**/*.test.ts
+!**/tsconfig.json

.eslintrc.json

@@ -10,36 +10,59 @@
       "jsx": true
     },
     "ecmaVersion": "latest",
-    "sourceType": "module"
+    "sourceType": "module",
+    "project": [
+      "tsconfig.json",
+      "server/tsconfig.json",
+      "shared/tsconfig.json",
+      "ui/tsconfig.json"
+    ]
   },
-  "plugins": ["react", "@typescript-eslint", "simple-import-sort", "import", "unused-imports"],
+  "plugins": ["react", "@typescript-eslint", "simple-import-sort", "import", "@dword-design/import-alias"],
   "rules": {
     "simple-import-sort/imports": "error",
-    "react/react-in-jsx-scope": "off",
-    "@typescript-eslint/no-empty-function": "off",
-    "react/display-name": 0,
-    "@typescript-eslint/ban-ts-comment": "off",
-    "react/prop-types": "off",
-    "@typescript-eslint/no-empty-interface": "off",
-    "react/no-unescaped-entities": "off",
-    "@typescript-eslint/no-var-requires": "warn",
-    "no-unused-vars": "off",
-    "@typescript-eslint/no-unused-vars": "off",
-    "unused-imports/no-unused-imports": "error",
-    "unused-imports/no-unused-vars": [
+    "import/no-cycle": ["error", { "ignoreExternal": true }],
+    "import/no-relative-packages": "error",
+    "import/no-useless-path-segments": ["error"],
+    "import/consistent-type-specifier-style": ["error", "prefer-top-level"],
+    "import/no-extraneous-dependencies": [
       "error",
       {
-        "vars": "all",
-        "varsIgnorePattern": "^_",
-        "args": "after-used",
-        "argsIgnorePattern": "^_"
+        "devDependencies": [
+          "**/*.test.ts",
+          "**/*.test.tsx",
+          "**/tests/**/*.ts",
+          "**/tests/*.ts",
+          "**/fixtures/**/*.ts",
+          "**/tsup.config.ts",
+          "**/vitest.workspace.ts"
+        ]
       }
     ],
-    "import/no-useless-path-segments": ["error"],
-    "no-duplicate-imports": ["error"],
-    "import/no-unassigned-import": ["off"]
+    "@typescript-eslint/consistent-type-imports": ["error", { "prefer": "type-imports" }],
+    "@typescript-eslint/ban-ts-comment": ["off"],
+    "@typescript-eslint/no-import-type-side-effects": "error",
+    "@typescript-eslint/promise-function-async": "error",
+    "@typescript-eslint/switch-exhaustiveness-check": "error",
+    "@typescript-eslint/no-unused-vars": [
+      "error",
+      {
+        "args": "all",
+        "argsIgnorePattern": "^_",
+        "caughtErrors": "all",
+        "caughtErrorsIgnorePattern": "^_",
+        "destructuredArrayIgnorePattern": "^_",
+        "varsIgnorePattern": "^_",
+        "ignoreRestSiblings": true
+      }
+    ]
   },
   "settings": {
+    "import/resolver": {
+      "typescript": {
+        "project": ["sdk/tsconfig.json", "server/tsconfig.json", "shared/tsconfig.json", "ui/tsconfig.json"]
+      }
+    },
     "react": {
       "version": "detect"
     }

.gitattributes

@@ -71,6 +71,7 @@
 *.rar       binary
 *.tar       binary
 *.zip       binary
+*.xlsx      binary
 # Fonts
 *.ttf       binary
 *.eot       binary

.github/workflows/ci.yml

@@ -13,11 +13,11 @@ jobs:
       - name: Checkout project
         uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             **/node_modules
@@ -32,12 +32,12 @@ jobs:
       - name: Make sure to use same dependencies version across all packages
         run: yarn dedupe --check
 
-      - name: lint
-        run: yarn lint
-
       - name: typecheck
         run: yarn typecheck:ci
 
+      - name: lint
+        run: yarn lint
+
       - name: start mongodb service
         run: |
           chmod 400 .infra/local/mongo_keyfile

.github/workflows/codeql.yml

@@ -44,12 +44,12 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/deploy_preview.yml

@@ -9,7 +9,7 @@ jobs:
   debug:
     runs-on: ubuntu-latest
     steps:
-      - uses: hmarr/debug-action@v2
+      - uses: hmarr/debug-action@v3
 
   deploy_preview:
     if: (startsWith(github.event.comment.body, '🚀') || startsWith(github.event.comment.body, ':rocket:')) && github.event.issue.pull_request
@@ -35,14 +35,14 @@ jobs:
           pr_number: ${{ github.event.issue.number }}
 
       - name: React to comment
-        uses: dkershner6/reaction-action@v1
+        uses: dkershner6/reaction-action@v2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commentId: ${{ github.event.comment.id }}
           reaction: "+1"
 
       - id: "get-branch"
-        run: echo "branch=$(gh pr view $PR_NO --repo $REPO --json headRefName --jq '.headRefName')" >> $GITHUB_OUTPUT
+        run: echo "branch=$(gh pr view $PR_NO --repo $REPO --json headRefName --jq '.headRefName')" >> "$GITHUB_OUTPUT"
         env:
           REPO: ${{ github.repository }}
           PR_NO: ${{ github.event.issue.number }}
@@ -57,7 +57,7 @@ jobs:
         run: git lfs ls-files --long | cut -d ' ' -f1 | sort > .lfs-assets-id
 
       - name: LFS Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: .git/lfs/objects
           key: ${{ runner.os }}-lfs-${{ hashFiles('.lfs-assets-id') }}
@@ -108,10 +108,6 @@ jobs:
         if: always()
         run: echo 'You can get logs using `.bin/mna deploy:log:decrypt ${{ github.run_id }} ${{ github.event.issue.number }}`' >> $GITHUB_STEP_SUMMARY
 
-      - name: Preview Summary when failed
-        if: failure()
-        run: echo 'You can get error logs using `.bin/mna deploy:log:decrypt ${{ github.run_id }}`' >> $GITHUB_STEP_SUMMARY
-
       - name: Preview Summary
         run: echo 'https://${{ github.event.issue.number }}.${{ vars.app_name }}-preview.apprentissage.beta.gouv.fr/ 🚀' >> $GITHUB_STEP_SUMMARY
 

.github/workflows/preview.yml

@@ -7,16 +7,3 @@ jobs:
   tests:
     if: github.event.pull_request.state == 'open'
     uses: "./.github/workflows/ci.yml"
-
-  deploy_comment:
-    name: Add deploy comment
-    runs-on: ubuntu-latest
-    steps:
-      - name: Comment PR Preview
-        if: github.event.pull_request.state != 'closed'
-        uses: thollander/actions-comment-pull-request@v2
-        with:
-          message: |
-            To deploy this PR just add a comment with a simple :rocket:
-          comment_tag: deployment_instructions
-          mode: upsert

.gitignore

@@ -165,4 +165,6 @@ seed.gz
 
 tsconfig.tsbuildinfo
 
+.yarn/versions/
+
 .infra/vault/.vault-password-previous.gpg

.infra/ansible/deploy.yml

@@ -7,16 +7,10 @@
   tasks:
     - include_tasks: ./tasks/files_copy.yml
 
-    - name: Création du docker-compose.yml {{env_type}}
-      shell:
-        chdir: /opt/app
-        cmd: 'sudo docker compose $(for file in $(ls docker-compose.*.yml); do echo -n "-f $file "; done) config -o  docker-compose.yml'
-      register: docker_deploy_output
-
     - name: Récupération des images docker
       shell:
         chdir: /opt/app
-        cmd: "sudo docker compose pull"
+        cmd: "/opt/app/scripts/docker-compose.sh pull --policy missing"
 
     - name: Récupération du status de la stack
       shell:
@@ -62,7 +56,7 @@
       when:
         - stack_status.stdout != ""
         - '"migrations-status=synced" not in migration_status_output.stdout_lines'
-      async: 1800
+      async: 18000
       poll: 10
 
     - name: Trigger de la création des indexes

.infra/ansible/tasks/preview_pr.yml

@@ -87,7 +87,7 @@
       shell:
         chdir: "/opt/app"
         cmd: "flock --verbose --close /tmp/deployment_seed.lock /opt/app/scripts/seed.sh preview_{{ pr_number | default('00') }}"
-      async: 900 # max 15 minutes
+      async: 1800 # max 30 minutes
       poll: 15 # check every 15s
 
     - name: "[{{ pr_number }}] Execute MongoDB migrations"
@@ -114,9 +114,9 @@
       when: check_stat.stat.exists
       ignore_errors: true
 
-    - name: "[{{ pr_number }}] Removing {{ item }}:0.0.0-{{ pr_number }} image"
+    - name: "[{{ pr_number }}] Removing unused images"
       shell:
-        cmd: "docker image rm -f ghcr.io/mission-apprentissage/{{ item }}:0.0.0-{{ pr_number }}"
+        cmd: "docker image prune -af"
       when: check_stat.stat.exists
       loop: "{{ docker_images }}"
 

.infra/docker-compose.preview.yml

@@ -25,9 +25,9 @@ services:
       - VIRTUAL_PORT=5000
       - LETSENCRYPT_HOST={{pr_number}}.{{domain_name}}-preview.apprentissage.beta.gouv.fr
       - [email protected]
-    env_file: .env_server
     volumes:
       - server:/data
+      - ./.env_server:/app/server/.env
     stop_grace_period: 30s
     healthcheck:
       test: ["CMD", "curl", "--fail", "http://localhost:5000/api/healthcheck"]
@@ -56,10 +56,10 @@ services:
     image: "ghcr.io/mission-apprentissage/mna_{{product_name}}_server:0.0.0-{{pr_number}}"
     container_name: "{{product_name}}_{{pr_number}}_jobs_processor"
     command: ["yarn", "cli", "processor"]
-    env_file: .env_server
     stop_grace_period: 900s
     volumes:
       - server:/data
+      - ./.env_server:/app/server/.env
 
 volumes:
   server:

.infra/docker-compose.production.yml

@@ -31,10 +31,10 @@ services:
         limits:
           memory: 2g
       replicas: 2
-    env_file: .env_server
     stop_grace_period: 60s
     volumes:
       - /opt/app/data/server:/data
+      - /opt/app/.env_server:/app/server/.env
     logging:
       driver: "fluentd"
       options:
@@ -58,10 +58,10 @@ services:
           memory: 2g
       replicas: 2
     command: ["yarn", "cli", "job_processor:start"]
-    env_file: .env_server
     stop_grace_period: 2h
     volumes:
       - /opt/app/data/server:/data
+      - /opt/app/.env_server:/app/server/.env
     logging:
       driver: "fluentd"
       options:

.infra/docker-compose.recette.yml

@@ -30,6 +30,7 @@ services:
     environment:
       - MP_DATA_FILE=/data/mailpit.db
       - MP_UI_AUTH_FILE=/auth
+      - MP_WEBROOT=/smtp/
     logging:
       driver: "fluentd"
       options:

.infra/files/configs/metabase/setup-metabase.sh

@@ -18,7 +18,7 @@ curl -sS --retry 5 --retry-all-errors https://{{dns_name}}/metabase/api/setup \
     \"user\": {
         \"password_confirm\": \"{{ vault[env_type].METABASE_ADMIN_PASS }}\",
         \"password\": \"{{ vault[env_type].METABASE_ADMIN_PASS }}\",
-        \"site_name\": \"boite aux lettres\",
+        \"site_name\": \"{{product_name}}\",
         \"email\": \"{{ vault[env_type].METABASE_ADMIN_EMAIL }}\",
         \"last_name\": null,
         \"first_name\": null
@@ -43,7 +43,7 @@ curl -sS --retry 5 --retry-all-errors https://{{dns_name}}/metabase/api/setup \
     },
     \"invite\": null,
     \"prefs\": {
-        \"site_name\": \"boite aux lettres\",
+        \"site_name\": \"{{product_name}}\",
         \"site_locale\": \"fr\",
         \"allow_tracking\": false
     }

.infra/files/configs/reverse_proxy/locations/70_smtp.conf.template

@@ -1,8 +1,4 @@
-location ~ ^/smtp/(.*)$ {
+location /smtp {
     set $upstream http://smtp:8025;
-    proxy_pass $upstream/$1$is_args$args;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-Host $server_name;
-    proxy_set_header X-Forwarded-Proto $scheme;
+    include includes/proxy.conf;
 }