Merge branch 'main' into feat(backend)-update-mongodb-conf

.bin/commands.sh

@@ -72,10 +72,9 @@ function seed:apply() {
 }
 
 function deploy:log:encrypt() {
-  "${SCRIPT_DIR}/deploy-log-encrypt.sh" "$@"
+  (cd "$ROOT_DIR" && "${SCRIPT_DIR}/deploy-log-encrypt.sh" "$@")
 }
 
 function deploy:log:decrypt() {
-  "${SCRIPT_DIR}/deploy-log-decrypt.sh" "$@"
+  (cd "$ROOT_DIR" && "${SCRIPT_DIR}/deploy-log-decrypt.sh" "$@")
 }
-

.bin/scripts/deploy-log-decrypt.sh

@@ -9,6 +9,13 @@ else
     shift
 fi
 
+if [ -z "${1:-}" ]; then
+  read -p "Veuillez renseigner l'ID du job: " JOB_ID
+else
+    readonly JOB_ID="$1"
+    shift
+fi
+
 if [[ -z "${ANSIBLE_VAULT_PASSWORD_FILE:-}" ]]; then
   ansible_extra_opts+=("--vault-password-file" "${SCRIPT_DIR}/get-vault-password-client.sh")
 else
@@ -24,10 +31,10 @@ delete_cleartext() {
 trap delete_cleartext EXIT
 
 
-rm -f /tmp/deploy_error.log.gpg
+rm -f /tmp/deploy.log.gpg
 
-gh run download "$RUN_ID" -n error-logs -D /tmp
+gh run download "$RUN_ID" -n "logs-$JOB_ID" -D /tmp
 
 ansible-vault view "${ansible_extra_opts[@]}" "$VAULT_FILE" | yq '.vault.SEED_GPG_PASSPHRASE' > "$PASSPHRASE"
 
-gpg -d --batch --passphrase-file "$PASSPHRASE" /tmp/deploy_error.log.gpg
+gpg -d --batch --passphrase-file "$PASSPHRASE" /tmp/deploy.log.gpg

.bin/scripts/deploy-log-encrypt.sh

@@ -19,5 +19,5 @@ trap delete_cleartext EXIT
 ansible-vault view "${ansible_extra_opts[@]}" "$VAULT_FILE" | yq '.vault.SEED_GPG_PASSPHRASE' > "$PASSPHRASE"
 
 # Make sur the file exists
-touch /tmp/deploy_error.log
-gpg  -c --cipher-algo twofish --batch --passphrase-file "$PASSPHRASE" -o /tmp/deploy_error.log.gpg /tmp/deploy_error.log
+touch /tmp/deploy.log
+gpg  -c --cipher-algo twofish --batch --passphrase-file "$PASSPHRASE" -o /tmp/deploy.log.gpg /tmp/deploy.log

.bin/scripts/run-playbook.sh

@@ -6,7 +6,6 @@ readonly PLAYBOOK_NAME=${1:?"Merci de le nom du playbook"}
 shift
 readonly ENV_FILTER=${1:?"Merci de préciser un ou plusieurs environnements (ex. recette ou production)"}
 shift
-readonly PRODUCT_NAME=bal
 
 function runPlaybook() {
   echo "Lancement du playbook ${PLAYBOOK_NAME} pour l'environnement ${ENV_FILTER}..."
@@ -62,5 +61,5 @@ function runPlaybook() {
 if [[ -z "${CI:-}" ]]; then
   runPlaybook "$@"
 else
-  runPlaybook "$@" 2> /tmp/deploy_error.log
+  runPlaybook "$@" &> /tmp/deploy.log
 fi;

.github/workflows/_deploy.yml

@@ -77,26 +77,30 @@ jobs:
           ANSIBLE_REMOTE_USER: deploy
           ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }}
 
-      - name: Encrypt Error log on failure
-        run: .bin/mna-bal deploy:log:encrypt
-        if: failure()
+      - name: Encrypt logs
+        run: .bin/mna deploy:log:encrypt
+        if: always()
         env:
           ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
 
-      - name: Upload failure artifacts on failure
-        if: failure()
-        uses: actions/upload-artifact@v3
+      - name: Upload logs artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
         with:
-          name: error-logs
-          path: /tmp/deploy_error.log.gpg
+          name: logs-${{ inputs.environment }}
+          path: /tmp/deploy.log.gpg
+
+      - name: Add Job summary
+        if: always()
+        run: echo 'You can get logs using `.bin/mna deploy:log:decrypt ${{ github.run_id }} ${{ inputs.environment }}`' >> $GITHUB_STEP_SUMMARY
 
       - name: Notify failure on Slack
         uses: ravsamhq/notify-slack-action@v2
         if: always()
         with:
           status: ${{ job.status }}
           notification_title: "Le déploiement ${{ inputs.app_version }} en ${{ inputs.environment }} a échoué"
-          message_format: "{emoji} *[${{ inputs.environment }}]* *{workflow}* {status_message} in <{repo_url}|{branch}> on <{commit_url}|{commit_sha}>. You can get error logs using `.bin/mna-bal deploy:log:decrypt ${{ github.run_id }}`"
+          message_format: "{emoji} *[${{ inputs.environment }}]* *{workflow}* {status_message} in <{repo_url}|{branch}> on <{commit_url}|{commit_sha}>. You can get error logs using `.bin/mna-bal deploy:log:decrypt ${{ github.run_id }} ${{ inputs.environment }}`"
           notify_when: "failure"
           mention_groups: "!channel"
         env:

.github/workflows/ci.yml

@@ -44,6 +44,7 @@ jobs:
       - name: start mongodb service
         run: |
           docker compose up --build -d --wait mongodb
+          yarn setup:mongodb
 
       - name: test
         run: yarn test:ci

.github/workflows/deploy_preview.yml

@@ -97,21 +97,21 @@ jobs:
   #         ANSIBLE_REMOTE_USER: deploy
   #         ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }}
 
-  #     - name: Encrypt Error log on failure
+  #     - name: Encrypt log
   #       run: .bin/mna-bal deploy:log:encrypt
-  #       if: failure()
+  #       if: always()
   #       env:
   #         ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
 
-  #     - name: Upload failure artifacts on failure
-  #       if: failure()
-  #       uses: actions/upload-artifact@v3
+  #     - name: Upload log artifacts
+  #       if: always()
+  #       uses: actions/upload-artifact@v4
   #       with:
-  #         name: error-logs
+  #         name: logs-${{ inputs.environment }}
   #         path: /tmp/deploy_error.log.gpg
 
-  #     - name: Preview Summary when failed
-  #       if: failure()
+  #     - name: Add Job summary
+  #       if: always()
   #       run: echo 'You can get error logs using `.bin/mna-bal deploy:log:decrypt ${{ github.run_id }}`' >> $GITHUB_STEP_SUMMARY
 
   #     - name: Preview Summary

.infra/.env_server

@@ -18,8 +18,8 @@ MNA_BAL_USERS_DEFAULT_ADMIN_PERMISSIONS={{ vault[env_type].MNA_BAL_USERS_DEFAULT
 MNA_BAL_OVH_STORAGE_USERNAME={{ vault.MNA_BAL_OVH_STORAGE_USERNAME }}
 MNA_BAL_OVH_STORAGE_PASSWORD={{ vault.MNA_BAL_OVH_STORAGE_PASSWORD }}
 MNA_BAL_OVH_STORAGE_TENANT_ID={{ vault.MNA_BAL_OVH_STORAGE_TENANT_ID }}
-MNA_BAL_OVH_STORAGE_CONTAINER_NAME={{ vault[env_type].MNA_BAL_OVH_STORAGE_CONTAINER_NAME }}
-MNA_BAL_OVH_STORAGE_ENCRYPTION_KEY={{ vault[env_type].MNA_BAL_OVH_STORAGE_ENCRYPTION_KEY }}
+MNA_BAL_OVH_STORAGE_CONTAINER_NAME={{ vault.MNA_BAL_OVH_STORAGE_CONTAINER_NAME }}
+MNA_BAL_OVH_STORAGE_ENCRYPTION_KEY={{ vault.MNA_BAL_OVH_STORAGE_ENCRYPTION_KEY }}
 MNA_BAL_OVH_STORAGE_URI={{ vault.MNA_BAL_OVH_STORAGE_URI }}
 MNA_BAL_API_KEY={{ vault[env_type].MNA_BAL_API_KEY }}
 MNA_BAL_SMTP_HOST={{ vault[env_type].MNA_BAL_SMTP_HOST }}
@@ -48,12 +48,12 @@ MNA_BAL_API_DECA_PASSWORD_LBA={{ vault[env_type].MNA_BAL_API_DECA_PASSWORD_LBA }
 MNA_BAL_API_DECA_LOGIN_TDB={{ vault[env_type].MNA_BAL_API_DECA_LOGIN_TDB }}
 MNA_BAL_API_DECA_PASSWORD_TDB={{ vault[env_type].MNA_BAL_API_DECA_PASSWORD_TDB }}
 
-MNA_BAL_OVH_STORAGE_USERNAME_MNA={{ vault[env_type].MNA_BAL_OVH_STORAGE_USERNAME_MNA }}
-MNA_BAL_OVH_STORAGE_PASSWORD_MNA={{ vault[env_type].MNA_BAL_OVH_STORAGE_PASSWORD_MNA }}
-MNA_BAL_OVH_STORAGE_TENANT_ID_MNA={{ vault[env_type].MNA_BAL_OVH_STORAGE_TENANT_ID_MNA }}
-MNA_BAL_OVH_STORAGE_CONTAINER_NAME_MNA={{ vault[env_type].MNA_BAL_OVH_STORAGE_CONTAINER_NAME_MNA }}
-MNA_BAL_OVH_STORAGE_ENCRYPTION_KEY_MNA={{ vault[env_type].MNA_BAL_OVH_STORAGE_ENCRYPTION_KEY_MNA }}
-MNA_BAL_OVH_STORAGE_URI_MNA={{ vault[env_type].MNA_BAL_OVH_STORAGE_URI_MNA }}
+MNA_BAL_OVH_STORAGE_USERNAME_MNA={{ vault.MNA_BAL_OVH_STORAGE_USERNAME_MNA }}
+MNA_BAL_OVH_STORAGE_PASSWORD_MNA={{ vault.MNA_BAL_OVH_STORAGE_PASSWORD_MNA }}
+MNA_BAL_OVH_STORAGE_TENANT_ID_MNA={{ vault.MNA_BAL_OVH_STORAGE_TENANT_ID_MNA }}
+MNA_BAL_OVH_STORAGE_CONTAINER_NAME_MNA={{ vault.MNA_BAL_OVH_STORAGE_CONTAINER_NAME_MNA }}
+MNA_BAL_OVH_STORAGE_ENCRYPTION_KEY_MNA={{ vault.MNA_BAL_OVH_STORAGE_ENCRYPTION_KEY_MNA }}
+MNA_BAL_OVH_STORAGE_URI_MNA={{ vault.MNA_BAL_OVH_STORAGE_URI_MNA }}
 
 
 FTP_HOST={{ vault.FTP_HOST }}