chore: add unit tests + ci (#13)

.github/workflows/github-actions.yml

@@ -0,0 +1,48 @@
+name: PR Continuous Integration - Pass Emploi Connect
+
+on:
+  push:
+    branches: [develop, master]
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    if: ${{ !github.event.pull_request.draft }}
+    strategy:
+      matrix:
+        node-version: [20.11.0]
+    services:
+      redis:
+        image: redis:7-alpine
+        ports:
+          - 6767:6379
+
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          yarn: cache
+      - name: Install dependencies
+        run: yarn
+      - name: Lint project
+        run: yarn lint
+      - name: Tests
+        run: yarn test:ci
+        env:
+          REDIS_URL: redis://localhost:6767
+      # - name: SonarCloud Scan
+      #   uses: SonarSource/sonarcloud-github-action@master
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/semgrep-analysis.yml

@@ -0,0 +1,32 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow file requires a free account on Semgrep.dev to
+# manage rules, file ignores, notifications, and more.
+#
+# See https://semgrep.dev/docs
+
+name: Semgrep
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+  schedule:
+    - cron: '0 8 * * 1' # Tous les lundis à 8h
+
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-20.04
+    container:
+      image: returntocorp/semgrep
+    steps:
+      - uses: actions/checkout@v4
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+

.gitignore

@@ -332,6 +332,10 @@ paket-files/
 # FAKE - F# Make
 .fake/
 
+# Tests
+/coverage
+/.nyc_output
+
 # JetBrains Rider
 .idea/
 *.sln.iml

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/bash
+. "$(dirname "$0")/_/husky.sh"
+
+yarn lint-staged

docker-compose.yml

@@ -5,14 +5,10 @@ x-service: &api-definition
     dockerfile: Dockerfile.dev
   environment:
     PORT: '5000'
-    # DATABASE_URL: postgresql://passemploi:passemploi@db/passemploidb
     LOG_LEVEL: trace
   env_file:
     - path: ./.environment
   depends_on:
-    # db:
-    #   condition: service_healthy
-    #   restart: true
     redis:
       condition: service_started
   develop:
@@ -48,30 +44,6 @@ services:
       VIRTUAL_PORT: '5000'
     command: yarn watch
 
-  # test:
-  #   <<: *api-definition
-  #   command: yarn test:e2e
-
-  # db:
-  #   image: docker.io/postgis/postgis:16-3.4-alpine
-  #   platform: linux/amd64
-  #   container_name: cej-auth-postgres
-  #   ports:
-  #     - '54322:5432'
-  #   restart: unless-stopped
-  #   healthcheck:
-  #     test: ['CMD-SHELL', 'pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}']
-  #     start_period: 20s
-  #     interval: 30s
-  #     retries: 5
-  #     timeout: 5s
-  #   environment:
-  #     POSTGRES_USER: passemploi
-  #     POSTGRES_PASSWORD: passemploi
-  #     POSTGRES_DB: passemploidb
-  #   volumes:
-  #     - db-data:/var/lib/postgresql
-
   redis:
     image: docker.io/redis/redis-stack:7.2.0-v9
     container_name: cej-auth-redis
@@ -100,5 +72,4 @@ services:
       - ./certs:/etc/nginx/certs
 
 volumes:
-  # db-data:
-  redis-data:
+  redis-data:

package.json

@@ -6,27 +6,40 @@
   "license": "MIT",
   "scripts": {
     "build": "nest build",
+    "prepare": "husky install",
     "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
     "lint": "eslint --ext \".ts\" --ignore-path .gitignore .",
     "lint:fix": "eslint --ext \".ts\" --fix --ignore-path .gitignore .",
     "start": "nest start",
     "watch": "nest start --watch | npx pino-pretty",
     "start:debug": "nest start --debug --watch",
     "start:prod": "node dist/main",
-    "test": "jest",
-    "test:watch": "jest --watch",
-    "test:cov": "jest --coverage",
-    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/jest/bin/jest --runInBand",
-    "test:e2e": "jest --config ./test/jest-e2e.json",
-    "generate-key-pair": "node scripts/generate-key-pair.mjs"
+    "start:redis:db": "docker compose up -d redis",
+    "test:local": "yarn start:redis:db && REDIS_URL=redis://:myredispassword@redis:6379/0 mocha 'test/**/*.test.ts' --exit --timeout 10000",
+    "cover": "nyc yarn test:local",
+    "cover:report": "nyc report --reporter=lcovonly",
+    "test": "yarn cover && yarn cover:report",
+    "test:ci": "nyc --reporter=lcovonly mocha 'test/**/*.test.ts' --exit --timeout 10000",
+    "generate-key-pair": "node scripts/generate-key-pair.mjs",
+    "release:patch": "scripts/release-version.sh patch",
+    "release:minor": "scripts/release-version.sh minor",
+    "release:major": "scripts/release-version.sh major"
   },
   "dependencies": {
     "@nestjs/axios": "1.0.1",
+    "@nestjs/cli": "^10.3.1",
     "@nestjs/common": "^10.3.2",
     "@nestjs/config": "^3.2.0",
     "@nestjs/core": "^10.3.8",
     "@nestjs/platform-express": "^10.3.2",
+    "@nestjs/schematics": "^10.1.0",
     "@nestjs/swagger": "^7.3.0",
+    "@types/express": "^4.17.21",
+    "@types/luxon": "^3.4.2",
+    "@types/mocha": "^10.0.6",
+    "@types/node": "^20.11.16",
+    "@types/oidc-provider": "^8.4.4",
+    "@types/sanitize-html": "^2.11.0",
     "ioredis": "^5.3.2",
     "joi": "^17.12.2",
     "jose": "^5.2.4",
@@ -40,52 +53,51 @@
     "reflect-metadata": "^0.2.1",
     "rxjs": "^7.8.1",
     "sanitize-html": "^2.13.0",
-    "swagger-ui-express": "^5.0.0"
+    "swagger-ui-express": "^5.0.0",
+    "source-map-support": "^0.5.21",
+    "supertest": "^7.0.0",
+    "ts-loader": "^9.5.1",
+    "ts-node": "^10.9.2",
+    "tsconfig-paths": "^4.2.0",
+    "typescript": "^4.9.5"
   },
   "devDependencies": {
-    "@nestjs/cli": "^10.3.1",
-    "@nestjs/schematics": "^10.1.0",
-    "@nestjs/testing": "^10.3.2",
+    "@nestjs/testing": "^10.3.8",
     "@swc/cli": "^0.3.9",
     "@swc/core": "^1.4.0",
-    "@types/express": "^4.17.21",
-    "@types/jest": "^29.5.12",
-    "@types/luxon": "^3.4.2",
-    "@types/node": "^20.11.16",
-    "@types/oidc-provider": "^8.4.4",
-    "@types/sanitize-html": "^2.11.0",
+    "@types/chai-as-promised": "^7.1.8",
+    "@types/dirty-chai": "^2.0.4",
+    "@types/sinon": "^17.0.3",
+    "@types/sinon-chai": "^3.2.12",
     "@types/supertest": "^6.0.2",
     "@typescript-eslint/eslint-plugin": "^6.21.0",
     "@typescript-eslint/parser": "^6.21.0",
+    "chai": "^4.4.1",
+    "chai-as-promised": "^7.1.2",
+    "chai-exclude": "^2.1.0",
+    "dirty-chai": "^2.0.1",
     "dotvault": "^0.0.9",
-    "eslint": "^8.56.0",
+    "eslint": "^7.32.0",
+    "prettier": "^2.8.0",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-prettier": "^5.1.3",
-    "jest": "^29.7.0",
-    "prettier": "^3.2.5",
-    "source-map-support": "^0.5.21",
-    "supertest": "^6.3.4",
-    "ts-jest": "^29.1.2",
-    "ts-loader": "^9.5.1",
-    "ts-node": "^10.9.2",
-    "tsconfig-paths": "^4.2.0",
-    "typescript": "^5.3.3"
+    "eslint-plugin-chai-friendly": "^0.7.4",
+    "eslint-plugin-mocha": "^10.4.3",
+    "eslint-plugin-prettier": "^4.2.1",
+    "husky": "^9.0.11",
+    "lint-staged": "^15.2.2",
+    "mocha": "^10.4.0",
+    "nyc": "^15.1.0",
+    "sinon": "^18.0.0",
+    "sinon-chai": "^3.7.0",
+    "supertest": "^7.0.0"
+  },
+  "lint-staged": {
+    "*.ts": "yarn lint:fix"
   },
-  "jest": {
-    "moduleFileExtensions": [
-      "js",
-      "json",
-      "ts"
-    ],
-    "rootDir": "src",
-    "testRegex": ".*\\.spec\\.ts$",
-    "transform": {
-      "^.+\\.(t|j)s$": "ts-jest"
-    },
-    "collectCoverageFrom": [
-      "**/*.(t|j)s"
-    ],
-    "coverageDirectory": "../coverage",
-    "testEnvironment": "node"
+  "mocha": {
+    "require": [
+      "ts-node/register",
+      "tsconfig-paths/register"
+    ]
   }
 }

scripts/release-version.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+echo "Release new version"
+
+level=$1
+
+if [[ $level != "minor" ]] && [[ $level != "major" ]] && [[ $level != "patch" ]]; then
+  echo "error: level must be minor, major or patch"
+  exit 1
+fi
+
+git fetch
+yarn lint
+yarn version $level
+git add package.json
+new_version=v$(node -p "require('./package.json').version")
+git commit -m $new_version
+git tag $new_version
+
+echo "Released ${new_version}"
+echo "To confirm, push the new tag and the release commit"
+echo "git push --tags"
+echo "git push"
+
+exit 0

sonar-project.properties

@@ -0,0 +1,19 @@
+sonar.projectKey=SocialGouv_pass-emploi-connect
+sonar.organization=socialgouv
+
+# This is the name and version displayed in the SonarCloud UI.
+sonar.projectName=pass-emploi-connect
+#sonar.projectVersion=1.0
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+sonar.sources=src
+sonar.exclusions=test/**/*,scripts/**/*
+sonar.tests=test
+sonar.javascript.lcov.reportPaths=coverage/lcov.info
+sonar.typescript.tsconfigPath=tsconfig.json
+
+# Encoding of the source code. Default is default system encoding
+sonar.sourceEncoding=UTF-8
+
+# Ignore rule Tests should include assertions car on import expect depuis un util dans nos tests
+sonar.issue.ignore.multicriteria.e1.ruleKey=typescript:S2699

src/config/configuration.ts

@@ -66,7 +66,7 @@ export default () => {
         id: process.env.CLIENT_WEB_ID,
         secret: process.env.CLIENT_WEB_SECRET,
         callbacks: JSON.parse(process.env.CLIENT_WEB_CALLBACKS!),
-        errorCallback: JSON.parse(process.env.CLIENT_WEB_ERROR_CALLBACK!),
+        errorCallback: process.env.CLIENT_WEB_ERROR_CALLBACK!,
         logoutCallbacks: JSON.parse(process.env.CLIENT_WEB_LOGOUT_CALLBACKS!)
       },
       app: {

src/domain/account.ts

@@ -1,19 +1,25 @@
-import { User, UserAccount } from './user'
+import { User } from './user'
 
 const separator = '|'
 const typeIndex = 0
 const structureIndex = 1
 const subIndex = 2
 
+export interface Account {
+  sub: string
+  type: User.Type
+  structure: User.Structure
+}
+
 export namespace Account {
-  export function fromUserAccountToAccountId(userAccount: UserAccount): string {
+  export function fromAccountToAccountId(account: Account): string {
     const accountIdArray = []
-    accountIdArray[typeIndex] = userAccount.type
-    accountIdArray[structureIndex] = userAccount.structure
-    accountIdArray[subIndex] = userAccount.sub
+    accountIdArray[typeIndex] = account.type
+    accountIdArray[structureIndex] = account.structure
+    accountIdArray[subIndex] = account.sub
     return accountIdArray.join(separator)
   }
-  export function fromAccountIdToUserAccount(accountId: string): UserAccount {
+  export function fromAccountIdToAccount(accountId: string): Account {
     return {
       sub: getSubFromAccountId(accountId),
       type: getTypeFromAccountId(accountId),

src/domain/user.ts

@@ -11,12 +11,6 @@ export interface User {
   preferred_username?: string
 }
 
-export interface UserAccount {
-  sub: string
-  type: User.Type
-  structure: User.Structure
-}
-
 export namespace User {
   export enum Type {
     JEUNE = 'JEUNE',

src/idp/common/helpers.ts

@@ -7,7 +7,7 @@ export async function generateNewGrantId(
   accountId: string,
   clientId: string,
   grantId?: string
-) {
+): Promise<string> {
   let grant
   if (grantId) {
     // modification du grant existant dans la session