refactor(server-nestjs): migrate package managers to NestJS

apps/server-nestjs/documentation/Modularisation-de-console-server/MODULARISATION-CARTOGRAPHIE.md

@@ -195,11 +195,11 @@ Plus le score est eleve, plus le module est prioritaire.
 | 17 | service-chain | Metier | 5.9 | V3 | S8 | ✅ MIGRE |
 | 18 | repository | Metier | 5.8 | V3 | S7-S8 | |
 | 19 | cluster | Metier | 5.7 | V3 | S7 | |
-| 20 | harbor (encapsulation) | Plugin | 5.6 | V4 | S9-S10 | |
+| 20 | harbor (encapsulation) | Plugin | 5.6 | V4 | S9-S10 | ✅ MIGRE |
 | 21 | project-service | Metier | 5.6 | V3 | S8 | |
 | 22 | argocd (encapsulation) | Plugin | 5.3 | V5 | S10-S11 | |
 | 23 | project-role | Metier | 5.2 | V3 | S7-S8 | |
-| 24 | nexus (encapsulation) | Plugin | 5.1 | V4 | S10 | |
+| 24 | nexus (encapsulation) | Plugin | 5.1 | V4 | S10 | ✅ MIGRE |
 | 25 | project-member | Metier | 4.7 | V3 | S8 | |
 | 26 | project-secrets | Metier | 4.6 | V4 | S9 | |
 | 27 | project-bulk | Metier | 4.2 | V4 | S9-S10 | |
@@ -754,7 +754,7 @@ NestJS injectables.
 **Fichiers** :
 - `src/cpin-module/service-chain/service-chain.*.ts`
 - `src/cpin-module/service-chain/open-cds-client.*.ts`
-- `src/cpin-module/infrastructure/auth/` (AuthModule partage)
+- `src/modules/infrastructure/auth/` (AuthModule partage)
 
 ---
 

apps/server-nestjs/src/modules/argocd/argocd.service.spec.ts

@@ -356,7 +356,7 @@ describe('argoCDService', () => {
     gitlab.listFiles.mockResolvedValue([])
     vault.readProjectValues.mockResolvedValue({ secret: 'value' })
 
-    gitlab.generateCreateOrUpdateAction.mockResolvedValue(null as any)
+    gitlab.generateCreateOrUpdateAction.mockResolvedValue(null)
 
     await expect(service.handleCron()).resolves.not.toThrow()
 

apps/server-nestjs/src/modules/gitlab/gitlab-client.service.spec.ts

@@ -374,7 +374,9 @@ describe('gitlab-client', () => {
           name: 'Admin Auditor',
         }
         const gitlabUsersAllMock = gitlabMock.Users.all as MockedFunction<typeof gitlabMock.Users.all>
-        gitlabUsersAllMock.mockResolvedValue([makeExpandedUserSchema({ id: 1000, email: consoleUser.email, is_admin: true })])
+        gitlabUsersAllMock.mockResolvedValue([
+          makeExpandedUserSchema({ id: 1000, email: consoleUser.email, is_admin: true }),
+        ])
 
         await service.upsertUser({ ...gitlabUser, auditor: true }, { cpnUserId: consoleUser.id })
 
@@ -391,7 +393,9 @@ describe('gitlab-client', () => {
           name: 'Auditor Admin',
         }
         const gitlabUsersAllMock = gitlabMock.Users.all as MockedFunction<typeof gitlabMock.Users.all>
-        gitlabUsersAllMock.mockResolvedValue([makeExpandedUserSchema({ id: 1000, email: consoleUser.email, ...({ is_auditor: true } as any) })])
+        gitlabUsersAllMock.mockResolvedValue([
+          makeExpandedUserSchema({ id: 1000, email: consoleUser.email, is_auditor: true }),
+        ])
 
         await service.upsertUser({ ...gitlabUser, admin: true }, { cpnUserId: consoleUser.id })
 

apps/server-nestjs/src/modules/gitlab/gitlab-client.service.ts

@@ -295,7 +295,7 @@ export class GitlabClientService {
     this.logger.verbose(`GitLab commit created (repoId=${repo.id}, ref=${ref}, actions=${actions.length})`)
   }
 
-  async generateCreateOrUpdateAction(repo: CondensedProjectSchemaWith<'id'>, ref: string, filePath: string, content: string) {
+  async generateCreateOrUpdateAction(repo: CondensedProjectSchemaWith<'id'>, ref: string, filePath: string, content: string): Promise<CommitAction | null> {
     const file = await this.getFile(repo, filePath, ref)
     if (file && !hasFileContentChanged(file, content)) {
       this.logger.debug(`GitLab file is up to date; skipping commit action (repoId=${repo.id}, ref=${ref}, filePath=${filePath})`)
@@ -306,7 +306,7 @@ export class GitlabClientService {
       action: file ? 'update' : 'create',
       filePath,
       content,
-    } satisfies CommitAction
+    }
   }
 
   async listFiles(repo: CondensedProjectSchemaWith<'id'>, options: { path?: string, recursive?: boolean, ref?: string } = {}) {

apps/server-nestjs/src/modules/healthz/healthz.controller.ts

@@ -4,6 +4,8 @@ import { ArgoCDHealthService } from '../argocd/argocd-health.service'
 import { GitlabHealthService } from '../gitlab/gitlab-health.service'
 import { DatabaseHealthService } from '../infrastructure/database/database-health.service'
 import { KeycloakHealthService } from '../keycloak/keycloak-health.service'
+import { NexusHealthService } from '../nexus/nexus-health.service'
+import { RegistryHealthService } from '../registry/registry-health.service'
 import { VaultHealthService } from '../vault/vault-health.service'
 
 @Controller('api/v1/healthz')
@@ -14,6 +16,8 @@ export class HealthzController {
     @Inject(KeycloakHealthService) private readonly keycloak: KeycloakHealthService,
     @Inject(GitlabHealthService) private readonly gitlab: GitlabHealthService,
     @Inject(VaultHealthService) private readonly vault: VaultHealthService,
+    @Inject(NexusHealthService) private readonly nexus: NexusHealthService,
+    @Inject(RegistryHealthService) private readonly registry: RegistryHealthService,
     @Inject(ArgoCDHealthService) private readonly argocd: ArgoCDHealthService,
   ) {}
 
@@ -25,6 +29,8 @@ export class HealthzController {
       () => this.keycloak.check('keycloak'),
       () => this.gitlab.check('gitlab'),
       () => this.vault.check('vault'),
+      () => this.nexus.check('nexus'),
+      () => this.registry.check('registry'),
       () => this.argocd.check('argocd'),
     ])
   }

apps/server-nestjs/src/modules/healthz/healthz.module.ts

@@ -4,6 +4,8 @@ import { ArgoCDModule } from '../argocd/argocd.module'
 import { GitlabModule } from '../gitlab/gitlab.module'
 import { DatabaseModule } from '../infrastructure/database/database.module'
 import { KeycloakModule } from '../keycloak/keycloak.module'
+import { NexusModule } from '../nexus/nexus.module'
+import { RegistryModule } from '../registry/registry.module'
 import { VaultModule } from '../vault/vault.module'
 import { HealthzController } from './healthz.controller'
 
@@ -14,6 +16,8 @@ import { HealthzController } from './healthz.controller'
     KeycloakModule,
     GitlabModule,
     VaultModule,
+    NexusModule,
+    RegistryModule,
     ArgoCDModule,
   ],
   controllers: [HealthzController],

apps/server-nestjs/src/modules/infrastructure/configuration/configuration.service.ts

@@ -77,7 +77,8 @@ export class ConfigurationService {
   harborAdminPassword = process.env.HARBOR_ADMIN_PASSWORD
   harborRuleTemplate = process.env.HARBOR_RULE_TEMPLATE
   harborRuleCount = process.env.HARBOR_RULE_COUNT
-  harborRetentionCron = process.env.HARBOR_RETENTION_CRON
+  harborRetentionCron = process.env.HARBOR_RETENTION_CRON ?? '0 22 2 * * *'
+  harborRobotRotationThresholdDays = Number(process.env.HARBOR_ROBOT_ROTATION_THRESHOLD_DAYS ?? 90)
 
   // nexus
   nexusUrl = process.env.NEXUS_URL

apps/server-nestjs/src/modules/nexus/nexus-client.service.spec.ts

@@ -0,0 +1,78 @@
+import { faker } from '@faker-js/faker'
+import { Test } from '@nestjs/testing'
+import { http, HttpResponse } from 'msw'
+import { setupServer } from 'msw/node'
+import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it } from 'vitest'
+import { ConfigurationService } from '../infrastructure/configuration/configuration.service'
+import { NexusClientService } from './nexus-client.service'
+import { NexusHttpClientService } from './nexus-http-client.service'
+
+const nexusUrl = 'https://nexus.internal'
+
+const server = setupServer()
+const nexusAdminPassword = faker.internet.password()
+const basicAuth = `Basic ${Buffer.from(`admin:${nexusAdminPassword}`, 'utf8').toString('base64')}`
+
+function createNexusServiceTestingModule() {
+  return Test.createTestingModule({
+    providers: [
+      NexusClientService,
+      NexusHttpClientService,
+      {
+        provide: ConfigurationService,
+        useValue: {
+          nexusSecretExposedUrl: 'https://nexus.example',
+          nexusInternalUrl: nexusUrl,
+          nexusAdmin: 'admin',
+          nexusAdminPassword,
+          projectRootDir: 'forge',
+        } satisfies Partial<ConfigurationService>,
+      },
+    ],
+  })
+}
+
+describe('nexusClientService', () => {
+  let service: NexusClientService
+
+  beforeAll(() => server.listen({ onUnhandledRequest: 'error' }))
+
+  beforeEach(async () => {
+    const module = await createNexusServiceTestingModule().compile()
+    service = module.get(NexusClientService)
+  })
+
+  afterEach(() => server.resetHandlers())
+  afterAll(() => server.close())
+
+  it('should be defined', () => {
+    expect(service).toBeDefined()
+  })
+
+  it('should return null on 404 (getRepositoriesMavenHosted)', async () => {
+    server.use(
+      http.get(`${nexusUrl}/service/rest/v1/repositories/maven/hosted/:name`, ({ request }) => {
+        expect(request.headers.get('authorization')).toBe(basicAuth)
+        return HttpResponse.json({}, { status: 404 })
+      }),
+    )
+
+    await expect(service.getRepositoriesMavenHosted('missing')).resolves.toBeNull()
+  })
+
+  it('should send basic auth and plain text body on change-password', async () => {
+    server.use(
+      http.put(`${nexusUrl}/service/rest/v1/security/users/:userId/change-password`, async ({ request, params }) => {
+        expect(request.method).toBe('PUT')
+        expect(request.url).toBe(`${nexusUrl}/service/rest/v1/security/users/u1/change-password`)
+        expect(params.userId).toBe('u1')
+        expect(request.headers.get('authorization')).toBe(basicAuth)
+        expect(request.headers.get('content-type')).toContain('text/plain')
+        expect(await request.text()).toBe('pw123')
+        return new HttpResponse(null, { status: 204 })
+      }),
+    )
+
+    await service.updateSecurityUsersChangePassword('u1', 'pw123')
+  })
+})