feat: add few structure base

.github/ISSUE_TEMPLATE/bug.md

@@ -0,0 +1,32 @@
+---
+name: Bug
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Utilisateur**
+ _non connecté/Réseau CMA/DREETS Normandie/..._
+
+**OS**
+_Windows 10/Windows 7/..._
+
+**Navigateur**
+_Firefox 96.0/Chrome 32/..._
+
+**Environnement**
+_production/recette/dev_
+
+**Description du problème**
+_L'utilisateur CMA n'arrive pas à chercher un organisme dans le filtre CFA_
+
+**Etapes pour reproduire :**
+_1. Se connecter au tableau de bord en tant qu'utilisateur réseau_
+_2. Cliquer sur le filtre CFA_
+_3. La liste de résultats ne s'affiche pas_
+
+* **Screenshot/enregistrement écran** *
+
+** Informations supplémentaires **

.github/ISSUE_TEMPLATE/carte-par-d-faut.md

@@ -0,0 +1,17 @@
+---
+name: Carte par défaut
+about: Template par défaut d'une carte
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Objectif**
+
+_Décrire ici l'objectif de la carte_
+
+**Definition of done**
+
+- [ ] _Cette étape est terminée_
+- [ ] _Cette autre étape est terminée_

.github/ISSUE_TEMPLATE/creation_user_tdb

@@ -0,0 +1,9 @@
+**Objectif**
+
+_Donner l'accès à la BAL à : _
+
+**Definition of done**
+
+- [x] _Vérifier si user et droits_
+- [x] _Créer user_
+- [x] _Envoyer mail new user_

.github/ISSUE_TEMPLATE/feedback.md

@@ -0,0 +1,16 @@
+---
+name: Feedback utilisateurice
+about: Template par défaut d'une carte
+title: ''
+labels: feedback
+assignees: ''
+
+---
+
+**Feedback**
+_Décrire ici le feedback utilisateur_
+
+**Occurences**
+| Profil | Verbatim | Nb de fois |
+| -------- | -------- | -------- |
+Ex: DREETS | "verbatim" | 1 

.github/pull_request_template.md

@@ -0,0 +1,14 @@
+<!--
+    - Garder la PR en DRAFT mode jusqu'à ce qu'elle soit prête.
+    - L'associer à l'issue GH (avec les mots clés fix, resolve, close... suivi de #<issue_nb> )
+    - Merci de nommer les commits / PRs en français (ils seront ajoutés au CHANGELOG.md)
+    - Merci de fixer la CI avant review
+    - Une fois prête, merci de rebaser avant
+    - Pas de merge commit, stp. Faire plutôt "git rebase master"
+    - Une fois la PR validée, merger avec "Squash and merge" ou "Rebase and merge" si cela a du sens.
+-->
+
+fix #...
+
+<!-- Une description  -->
+<!-- Si changements visuels, merci d'ajouter des screenshots ou videos -->

.github/workflows/release-production.yml

@@ -1,7 +1,7 @@
 name: Release version production
 on:
   push:
-    branches: [ main ]
+    branches: [main]
 
 jobs:
   release:
@@ -32,122 +32,3 @@ jobs:
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.G_TOKEN }}
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
-  back-merge:
-    needs: release
-    if: "startsWith(github.event.head_commit.message, 'chore(release')"
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Merge main -> develop
-        uses: devmasx/merge-branch@v1.3.1
-        with:
-          type: now
-          from_branch: main
-          target_branch: develop
-          github_token: ${{ secrets.GH_TOKEN }}
-  ciserver:
-    needs: release
-    if: "!startsWith(github.event.head_commit.message, 'chore(release')"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@v2
-
-      - uses: actions/setup-node@v1
-        with:
-          node-version: 14
-      - uses: actions/cache@v2
-        with:
-          path: "**/node_modules"
-          key: ${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-
-
-      # Install dependencies
-      - name: Run yarn Install
-        run: yarn install
-
-      # Install ui dependencies
-      - name: Run yarn Install ui
-        run: yarn --cwd ui install --frozen-lockfile
-
-      # Install yarn dependencies
-      - name: Run yarn Install server
-        run: yarn --cwd server install --frozen-lockfile
-
-      # Lint
-      - name: Run Lint
-        run: yarn lint
-
-      # Run mocha tests
-      - name: Run Tests
-        run: |
-          yarn --cwd server test:coverage
-        env:
-          PILOTAGE_API_KEY: ${{ secrets.PILOTAGE_API_KEY }}
-          PILOTAGE_AUTH_PASSWORD_HASH_ROUNDS: ${{ secrets.PILOTAGE_AUTH_PASSWORD_HASH_ROUNDS }}
-          PILOTAGE_AUTH_USER_JWT_SECRET: ${{ secrets.PILOTAGE_AUTH_USER_JWT_SECRET }}
-          PILOTAGE_AUTH_ACTIVATION_JWT_SECRET: ${{ secrets.PILOTAGE_AUTH_ACTIVATION_JWT_SECRET }}
-          PILOTAGE_AUTH_PASSWORD_JWT_SECRET: ${{ secrets.PILOTAGE_AUTH_PASSWORD_JWT_SECRET }}
-
-      # codecov
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          directory: ./server/coverage
-          name: codecov-server
-          verbose: true
-
-  ciui:
-    needs: release
-    if: "!startsWith(github.event.head_commit.message, 'chore(release')"
-    runs-on: ubuntu-latest
-    steps:
-      # Checks-out the repository
-      - uses: actions/checkout@v2
-
-      # Install dependencies
-      - name: Run Yarn Install
-        run: |
-          yarn --cwd ui install
-
-      # Run tests
-      - name: Run Tests
-        run: |
-          yarn --cwd ui test:coverage
-
-      # codecov
-      # - name: Upload coverage to Codecov
-      #   uses: codecov/codecov-action@v2
-      #   with:
-      #     token: ${{ secrets.CODECOV_TOKEN }}
-      #     directory: ./ui/coverage
-      #     name: codecov-ui
-      #     verbose: true
-  # deploy:
-  #   needs: release
-  #   if: "!startsWith(github.event.head_commit.message, 'chore(release')"
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout project
-  #       uses: actions/checkout@v2
-
-  #     - shell: bash
-  #       run: echo 'PILOTAGE_HEAD_REF=${{ github.head_ref }}' >> $GITHUB_ENV
-
-  #     - shell: bash
-  #       run: echo 'PILOTAGE_REF=${{ github.ref }}' >> $GITHUB_ENV
-
-  #     - name: Check output
-  #       run: echo ${PILOTAGE_REF:-${PILOTAGE_REF##*/}}
-
-  #     - name: Request deployment production
-  #       uses: peter-evans/repository-dispatch@v1
-  #       with:
-  #         repository: mission-apprentissage/PILOTAGE-infra
-  #         token: ${{ secrets.DEVOPS_ACCESS_TOKEN }}
-  #         event-type: deploy
-  #         client-payload: '{"envName": "production", "branchName":"main"}'
-  #       if: github.ref == 'refs/heads/main'

.infra/ansible/roles/setup/files/app/tools/blacklist-ips.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# Blacklist list of bad/dangerous IPs
+# Daily feed from : https://github.com/stamparm/ipsum
+
+set -euo pipefail
+#Needs to be run as sudo
+
+ipset -exist create ipsum hash:net
+ipset flush ipsum
+for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
+iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null || true
+iptables -I INPUT -m set --match-set ipsum src -j DROP
+
+bash /opt/bal/tools/send-to-slack.sh "[IPTABLES] IPs blacklist has been renewed."

.infra/ansible/roles/setup/files/app/tools/unblacklist-ips.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -euo pipefail
+#Needs to be run as sudo
+
+iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null || true
+
+bash /opt/bal/tools/send-to-slack.sh "[IPTABLES] IPs blacklist has been cleared."
+
+ipset destroy ipsum

.infra/ansible/roles/setup/tasks/configure-ips-blacklist.yml

@@ -0,0 +1,10 @@
+- name: Install ipset packages
+  apt:
+    name: ["ipset"]
+
+- name: Add cron to blacklist IPs from daily list
+  ansible.builtin.cron:
+    name: "blacklist_ips"
+    minute: "0"
+    hour: "4"
+    job: "bash /opt/bal/tools/blacklist-ips.sh >> /var/log/cron.log 2>&1"

.infra/ansible/roles/setup/tasks/main.yml

@@ -19,6 +19,9 @@
 # - import_tasks: create-cron.yml
 #   tags: cron
 
+- import_tasks: configure-ips-blacklist.yml
+  tags: ipsblacklist
+
 - import_tasks: install-scripts.yml
   tags: scripts
 

git-hooks/prepare-release.sh

@@ -5,4 +5,6 @@ next_version="${1}"
 cd ./ui
 npm version ${next_version}
 cd ../server
-npm version ${next_version}
+npm version ${next_version}
+cd ../shared
+npm version ${next_version}

package.json

@@ -2,7 +2,7 @@
   "name": "mna-bal",
   "description": "[MNA] BAL",
   "repository": "https://github.com/mission-apprentissage/bal.git",
-  "version": "0",
+  "version": "0.0.1",
   "author": "MNA",
   "license": "MIT",
   "private": true,

release.config.js

@@ -1,5 +1,5 @@
 const mainConfig = {
-  branches: ["main", { name: "develop", channel: "beta", prerelease: "beta" }],
+  branches: ["main"],
   repositoryUrl: "https://github.com/mission-apprentissage/bal.git",
   plugins: [
     "@semantic-release/commit-analyzer",
@@ -23,7 +23,7 @@ const mainConfig = {
         assets: [
           "ui/package.json",
           "server/package.json",
-          "ui/CHANGELOG.md",
+          "shared/package.json",
           "CHANGELOG.md",
           "package.json",
         ],
@@ -59,7 +59,6 @@ const channel = createHash("md5").update(branch).digest("hex");
 const localConfig = {
   branches: [
     "main",
-    { name: "develop", channel: "beta", prerelease: "beta" },
     {
       name: branch,
       channel,

shared/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shared",
-  "version": "1.0.0",
+  "version": "0.0.1",
   "main": "./index.ts",
   "types": "./index.ts",
   "author": "mna",

ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ui",
-  "version": "0.1.0",
+  "version": "0.0.1",
   "private": true,
   "scripts": {
     "dev": "NEXT_PUBLIC_VERSION=$npm_package_version next dev",