feat: add pentest environment (#911)

.bin/scripts/release-app.sh

@@ -11,4 +11,4 @@ fi
 readonly next_version="${1}"
 readonly mode=${2:-$defaultMode}
 
-"$ROOT_DIR/.bin/scripts/build-images.sh" $next_version $mode production recette
+"$ROOT_DIR/.bin/scripts/build-images.sh" $next_version $mode production recette pentest

.github/workflows/_deploy.yml

@@ -9,6 +9,7 @@ on:
         options:
           - production
           - recette
+          - pentest
       app_version:
         description: app version
         type: string

.github/workflows/release.yml

@@ -128,6 +128,21 @@ jobs:
       SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
       VAULT_PWD: ${{ secrets.VAULT_PWD }}
 
+  deploy-pentest:
+    concurrency:
+      group: "deploy-pentest-${{ github.workflow }}-${{ github.ref }}"
+    needs: ["release"]
+    name: Deploy ${{ needs.release.outputs.VERSION }} on pentest
+    uses: "./.github/workflows/_deploy.yml"
+    with:
+      environment: pentest
+      app_version: ${{ needs.release.outputs.VERSION }}
+    secrets:
+      DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+      DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      VAULT_PWD: ${{ secrets.VAULT_PWD }}
+
   cypress:
     needs: ["deploy"]
     uses: "./.github/workflows/cypress.yml"

.infra/env.ini

@@ -17,6 +17,14 @@ alias_dns_name=lba-recette.apprentissage.beta.gouv.fr
 host_name=lba-recette
 env_type=recette
 
+[pentest]
+51.77.156.231
+[pentest:vars]
+dns_name=labonnealternance-pentest.apprentissage.beta.gouv.fr
+alias_dns_name=lba-pentest.apprentissage.beta.gouv.fr
+host_name=lba-pentest
+env_type=pentest
+
 [preview]
 146.59.199.41
 [preview:vars]

.talismanrc

@@ -6,7 +6,9 @@ fileignoreconfig:
 - filename: .bin/scripts/setup-local-env.sh
   checksum: 47323f5183f73a794449666a816d5b797c7a5ed4c7ad219c3c885a57e2fcf1e9
 - filename: .github/workflows/release.yml
-  checksum: 694b85290832914912327d8aac141c4bccc4a18e301d7343b8a6c4471e4ad065
+  checksum: 872bbf42d5b8bd22f900fff9eb6e907abbbeec5ee70f988563c4b6bb315e3f3d
+- filename: .infra/env.ini
+  checksum: ecfc738f90046a14cf076ce52116ec4345d7613d27584c91d0b5830e98ea38f2
 - filename: .infra/files/configs/mongodb/mongod.conf
   checksum: 718bee5f44edc101636be8f11173ede5b728f2858abc3c26466ff9435f0d11de
 - filename: .infra/files/configs/mongodb/seed.gpg
@@ -16,7 +18,7 @@ fileignoreconfig:
 - filename: .infra/local/mongod.conf
   checksum: bb2ce0c27102259a5fa39da1fb4460af9ad6ad58adc715312e53dcd69c8e6be7
 - filename: .infra/vault/vault.yml
-  checksum: 136cba643cbfdfc04f35cd171fe488ad2836261ae88201b6f344b6edbb77d3ef
+  checksum: 602ec8d08c3748ef1944f85c19c7203a3c19617dd6b3bc1a9d58e159ac8504af
 - filename: docker-compose.yml
   checksum: 8cdd1da6c1155f26b417a27e26311d4f00b7d8bd6c21f1f86c1c7cb3f0599e6a
 - filename: server/.env.test

docker-bake.json

@@ -14,6 +14,9 @@
     "preview": {
       "targets": ["server", "ui-preview"]
     },
+    "pentest": {
+      "targets": ["server", "ui-pentest"]
+    },
     "local": {
       "targets": ["server", "ui-local"]
     }
@@ -43,7 +46,7 @@
     "ui": {
       "inherits": ["common"],
       "matrix": {
-        "ENV": ["production", "recette", "preview", "local"]
+        "ENV": ["production", "recette", "pentest", "preview", "local"]
       },
       "name": "ui-${ENV}",
       "args": {

server/src/config.ts

@@ -3,7 +3,7 @@ import env from "env-var"
 const config = {
   version: env.get("PUBLIC_VERSION").required().asString(),
   port: env.get("LBA_SERVER_PORT").required().asPortNumber(),
-  env: env.get("LBA_ENV").required().asEnum(["local", "recette", "production", "preview"]),
+  env: env.get("LBA_ENV").required().asEnum(["local", "recette", "pentest", "production", "preview"]),
   publicUrl: env.get("LBA_PUBLIC_URL").required().asString(),
   outputDir: env.get("LBA_OUTPUT_DIR").required().asString(),
   formationsEndPoint: "/api/v1/entity/formations",

shared/routes/core.routes.ts

@@ -4,7 +4,7 @@ import { IRoutesDef, ZResError } from "./common.routes"
 
 const zResponse = z
   .object({
-    env: z.enum(["local", "recette", "production", "preview"]),
+    env: z.enum(["local", "recette", "pentest", "production", "preview"]),
     healthcheck: z
       .object({
         mongodb: z.boolean(),

ui/config.public.ts

@@ -2,7 +2,7 @@ export interface PublicConfig {
   sentry_dsn: string
   baseUrl: string
   host: string
-  env: "local" | "recette" | "production" | "preview"
+  env: "local" | "recette" | "pentest" | "production" | "preview"
   matomo: {
     url: string
     siteId: string
@@ -56,6 +56,26 @@ function getRecettePublicConfig(): PublicConfig {
   }
 }
 
+function getPentestPublicConfig(): PublicConfig {
+  const host = "labonnealternance-pentest.apprentissage.beta.gouv.fr"
+
+  return {
+    sentry_dsn: SENTRY_DSN,
+    env: "pentest",
+    host,
+    baseUrl: `https://${host}`,
+    matomo: {
+      url: "https://stats.beta.gouv.fr",
+      siteId: "10",
+      jsTrackerFile: "js/container_6EvvnT5g.js",
+    },
+    inserJeuneApiUrl: "https://exposition-pentest.inserjeunes.beta.gouv.fr",
+    apiEndpoint: `https://${host}/api`,
+    version: getVersion(),
+    plausibleDomain: "labonnealternance-recette2.apprentissage.beta.gouv.fr",
+  }
+}
+
 function getPreviewPublicConfig(): PublicConfig {
   const version = getVersion()
   const matches = version.match(/^0\.0\.0-(\d+)$/)
@@ -120,6 +140,7 @@ function getEnv(): PublicConfig["env"] {
     case "recette":
     case "preview":
     case "local":
+    case "pentest":
       return env
     default:
       throw new Error(`Invalid NEXT_PUBLIC_ENV env-vars ${env}`)
@@ -132,6 +153,8 @@ function getPublicConfig(): PublicConfig {
       return getProductionPublicConfig()
     case "recette":
       return getRecettePublicConfig()
+    case "pentest":
+      return getPentestPublicConfig()
     case "preview":
       return getPreviewPublicConfig()
     case "local":