@colisweb/rescript-toolkit 4.18.7 → 4.20.0

package/.secure_files/{ci-functions-v17.0.1 → ci-functions-v17.8.2}

@@ -100,17 +100,16 @@ delete_images() {
   REPO=$1
   WEEKS=${2:-16}
 
-  WEEKS_AGO=$(date -j -v-${WEEKS}w +%s)
+  WEEKS_AGO=$(date -v-${WEEKS}w +%F)
 
   #Get all ecr images
   IMAGES=$(aws ecr describe-images --repository-name $REPO --output json)
 
   #Filter unnecessary values and map `imagePushedAt` to EPOCH
-  TIMED_IMAGES=$(echo $IMAGES | jq .'[]' | jq "map({imagePushedAt: (.imagePushedAt[0:19]+\"Z\" | fromdateiso8601), imageDigest: .imageDigest}) | sort_by(.imagePushedAt) | .[:-1]")
+  NON_LATEST_IMAGES=$(echo $IMAGES | jq '[.imageDetails[] | select(.imageTags | any(endswith("latest")) | not)]')
 
   #Filter on EPOCH
-  OLD_IMAGES=$(echo $TIMED_IMAGES | jq "map(select (.imagePushedAt < $WEEKS_AGO)) | .[] " | jq -r '.imageDigest')
-
+  OLD_IMAGES=$(echo $NON_LATEST_IMAGES | jq --arg date $WEEKS_AGO '.[] | select(.imagePushedAt[0:10] < $date).imageDigest')
   while IFS= read -r IMAGE; do
     if [ "$IMAGE" != "" ]; then
       echo "Deleting $IMAGE from $REPO"
@@ -130,6 +129,27 @@ delete_images_all_repos() {
   done <<< "$REPOSITORIES"
 }
 
+delete_old_cache() {
+  DATE=${1:-$(date -v-1m +%F)}
+  CACHE_BUCKET=${2:-"s3://gitlab-colisweb-distributed-cache/project/"}
+
+  echo "deleting from cache $CACHE_BUCKET all older than $DATE"
+
+  aws_ecr_login
+
+  while read -r line; do
+    datum=$(echo $line | cut -c1-10)
+    if [[ "$datum" < "$DATE" ]] ; then
+      # Shell Parameter Expansion: ${parameter##word}
+      # Allow to return the result from "word" to the end of "parameters"
+      # Here we need the end of the string after "project/" (corresponding to the S3 gitlab project id and filename)
+      TO_DELETE="$CACHE_BUCKET${line##* project/}"
+      echo $TO_DELETE
+      aws s3 rm $TO_DELETE
+    fi
+  done < <(aws s3 ls $CACHE_BUCKET  --recursive)
+}
+
 #!/usr/bin/env bash
 
 # If gitlab is down or pipeline are stuck, hotfixes need to be available
@@ -515,28 +535,29 @@ database_k8s() {
 		HostName 127.0.0.1
 		Port 2225
 		LocalForward 24441 toutatis-testing-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
-		LocalForward 25431 testapirds.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+		LocalForward 25431 toutatis-testing-mysql-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+		LocalForward 25531 testapirds.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
 	  Host bastion_staging
 		HostName 127.0.0.1
 		Port 2226
 		LocalForward 24442 toutatis-staging-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
-		LocalForward 25432 testapirds.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+		LocalForward 25432 toutatis-staging-mysql-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
     Host bastion_recette
 		HostName 127.0.0.1
 		Port 2228
 		LocalForward 24446 toutatis-recette-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
-		LocalForward 25436 testapirds.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+		LocalForward 25436 toutatis-recette-mysql-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+		LocalForward 25536 testapirds.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
 	  Host bastion_production
 		HostName 127.0.0.1
 		Port 2227
     LocalForward 24443 toutatis-production-db-replica.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
-    LocalForward 25433 api-production-rds-read-replica.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
-    LocalForward 25435 archive-ca.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+    LocalForward 25433 toutatis-production-mysql-db-replica.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
 EOF
   if [ "$MODE" = "production_rw" ] ; then
     cat >> "$bastion_config" <<EOF
       LocalForward 24444 toutatis-production-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
-      LocalForward 25434 api-production-rds.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+      LocalForward 25434 toutatis-production-mysql-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
 EOF
   fi
 
@@ -556,7 +577,7 @@ psql_on_k8() {
   CONNECTION=$3
   shift 3
 
-  kubectl -n $NAMESPACE run ${SERVICE}-database-init \
+  kubectl -n $NAMESPACE run ${SERVICE}-postgres-init \
     --image jbergknoff/postgresql-client \
     --restart=Never \
     --attach --rm \
@@ -567,13 +588,14 @@ psql_on_k8() {
 
 mysql_on_k8() {
   local namespace=$1
-  local db_host=$2
-  local db_port=$3
-  local db_init_username=$4
-  local db_init_password=$5
-  local query=$6
-
-  kubectl -n ${namespace} run datadog-database-init \
+  local service=$2
+  local db_host=$3
+  local db_port=$4
+  local db_init_username=$5
+  local db_init_password=$6
+  local query=$7
+
+  kubectl -n ${namespace} run ${service}-mysql-init \
     --image widdpim/mysql-client \
     --restart=Never \
     --attach --rm \
@@ -657,11 +679,11 @@ kube_init_datadog_in_database() {
   echo " Initializing Datadog Agent Requiement for namespace $namespace"
   echo "======================="
 
-  set -x
-
   echo "Checking if User  '$db_datadog_username' exists"
+  local service="datadog"
+  found_db_users=$(mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'SELECT user FROM mysql.user;')
   set +e
-  mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'SELECT user FROM mysql.user;' | grep "^$db_datadog_username$"
+  echo $found_db_users | grep "^$db_datadog_username$"
   return_code=$?
   set -e
 
@@ -672,29 +694,29 @@ kube_init_datadog_in_database() {
 
     # All the query come from this docs : https://docs.datadoghq.com/fr/database_monitoring/setup_mysql/selfhosted/?tab=mysql56
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'CREATE USER '"$db_datadog_username"'@"%" IDENTIFIED BY '"'$db_datadog_password'"';'
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'CREATE USER '"$db_datadog_username"'@"%" IDENTIFIED BY '"'$db_datadog_password'"';'
     echo "USER created $db_datadog_username"
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'GRANT REPLICATION CLIENT ON *.* TO datadog@"%" WITH MAX_USER_CONNECTIONS 5;'
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT REPLICATION CLIENT ON *.* TO datadog@"%" WITH MAX_USER_CONNECTIONS 5;'
     echo "ALTER USER $db_datadog_username"
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'GRANT PROCESS ON *.* TO '"$db_datadog_username"'@"%";'
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT PROCESS ON *.* TO '"$db_datadog_username"'@"%";'
     echo "Granted PROCESS for $db_datadog_username"
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'GRANT SELECT ON performance_schema.* TO '"$db_datadog_username"'@"%";'
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT SELECT ON performance_schema.* TO '"$db_datadog_username"'@"%";'
     echo "Granted SELECT on performance_schema for $db_datadog_username"
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'CREATE SCHEMA IF NOT EXISTS datadog;'
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'CREATE SCHEMA IF NOT EXISTS datadog;'
     echo "CREATE SCHEMA datadog"
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'GRANT EXECUTE ON datadog.* to '"$db_datadog_username"'@"%";'
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT EXECUTE ON datadog.* to '"$db_datadog_username"'@"%";'
     echo "Granted 'GRANT EXECUTE for $db_datadog_username on datadog"
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'GRANT CREATE TEMPORARY TABLES ON datadog.* TO '"$db_datadog_username"'@"%";'
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT CREATE TEMPORARY TABLES ON datadog.* TO '"$db_datadog_username"'@"%";'
     echo "Granted  CREATE TEMPORARY TABLES for $db_datadog_username"
 
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS datadog.explain_statement;
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS datadog.explain_statement;
                   DELIMITER $$
                   CREATE PROCEDURE datadog.explain_statement(IN query TEXT)
                       SQL SECURITY DEFINER
@@ -707,7 +729,7 @@ kube_init_datadog_in_database() {
                   DELIMITER ;'
    echo "CREATE PROCEDURE PROCEDURE datadog.explain_statement"
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS '"$db_datadog_username"'.explain_statement;
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS '"$db_datadog_username"'.explain_statement;
                     DELIMITER $$
                     CREATE PROCEDURE '"$db_datadog_username"'.explain_statement(IN query TEXT)
                         SQL SECURITY DEFINER
@@ -721,7 +743,7 @@ kube_init_datadog_in_database() {
                     GRANT EXECUTE ON PROCEDURE '"$db_datadog_username"'.explain_statement TO datadog@"%";'
     echo "CREATE PROCEDURE on SCHEMA $db_datadog_schema for $db_datadog_username"
 
-    mysql_on_k8 $namespace $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS datadog.enable_events_statements_consumers;
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS datadog.enable_events_statements_consumers;
                   DELIMITER $$
                   CREATE PROCEDURE datadog.enable_events_statements_consumers()
                       SQL SECURITY DEFINER
@@ -739,6 +761,82 @@ kube_init_datadog_in_database() {
   echo "======================="
 }
 
+kube_init_datadog_in_postgres_database() {
+  extract_args 7 namespace db_host db_port db_init_username db_init_password db_datadog_username db_datadog_password $*
+
+  local service="datadog"
+  local db_connection="$db_init_username:$db_init_password@$db_host:$db_port"
+
+  echo "======================="
+  echo " Initializing $service Agent On PostgresSQL Database Requirement for namespace $namespace"
+  echo "======================="
+
+  echo "Checking if User  '$db_datadog_username' exists"
+
+  set +e
+  if psql_on_k8 $namespace $service $db_connection -qtAc 'SELECT usename FROM pg_catalog.pg_user;' | grep "^$db_datadog_username$";
+  then
+    echo "User $db_datadog_username already exists - nothing to do"
+  else
+    echo "User $db_datadog_username does not exist - initializing"
+
+    set -e
+    psql_on_k8 $namespace $service $db_connection -qc 'CREATE USER '"$db_datadog_username"' WITH password '"'$db_datadog_password'"';'
+    echo "User created $db_datadog_username"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'CREATE SCHEMA datadog;'
+    echo "Schema datadog created"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'GRANT USAGE ON SCHEMA datadog TO datadog;'
+    echo "Granted usage for datadog schema to datadog"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'GRANT USAGE ON SCHEMA public TO datadog;'
+    echo "Granted usage for public schema to datadog"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'GRANT pg_monitor TO datadog;'
+    echo "Granted pg_monitor to datadog"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'CREATE EXTENSION IF NOT EXISTS pg_stat_statements schema public;'
+    echo "Extension pg_stat_statements created"
+
+    local datadog_function_path="/tmp/datatog-explain-statement-function.sql"
+    local datadog_function="CREATE OR REPLACE FUNCTION datadog.explain_statement(
+         l_query TEXT,
+         OUT explain JSON
+      )
+      RETURNS SETOF JSON AS
+      \\$\\$
+      DECLARE
+      curs REFCURSOR;
+      plan JSON;
+
+      BEGIN
+         OPEN curs FOR EXECUTE pg_catalog.concat('EXPLAIN (FORMAT JSON) ', l_query);
+         FETCH curs INTO plan;
+         CLOSE curs;
+         RETURN QUERY SELECT plan;
+      END;
+      \\$\\$
+      LANGUAGE 'plpgsql'
+      RETURNS NULL ON NULL INPUT
+      SECURITY DEFINER;"
+
+    kubectl -n $namespace run $service-postgres-init \
+      --image jbergknoff/postgresql-client \
+      --restart=Never \
+      --attach --rm \
+      --command \
+      -- \
+      /bin/sh -c "echo -e \"$datadog_function\" > $datadog_function_path; psql postgresql://$db_connection -qf $datadog_function_path"
+
+    echo "Function datadog.explain_statement created"
+  fi
+
+  echo "======================="
+  echo " Database $service Initialization complete for namespace $namespace"
+  echo "======================="
+}
+
 kube_init_service_database() {
 
   extract_args 9 namespace service db_host db_port db_init_username db_init_password db_database db_username db_password $*
@@ -761,17 +859,18 @@ kube_init_service_database() {
     psql_on_k8 $namespace $service $db_connection -c 'CREATE DATABASE '"$db_database"';'
     echo "DB created $db_database"
 
-    psql_on_k8 $namespace $service $db_connection -c 'CREATE USER '"$db_datadog_username"' WITH ENCRYPTED PASSWORD '"'$db_password'"';'
-    echo "USER created $db_datadog_username"
+    psql_on_k8 $namespace $service $db_connection -c 'CREATE USER '"$db_username"' WITH ENCRYPTED PASSWORD '"'$db_password'"';'
+    echo "USER created $db_username"
 
-    psql_on_k8 $namespace $service $db_connection -c 'GRANT ALL PRIVILEGES ON DATABASE '"$db_database"' TO '"$db_datadog_username"';'
-    echo "Granted all privileges for $db_datadog_username on $db_database"
+    psql_on_k8 $namespace $service $db_connection -c 'GRANT ALL PRIVILEGES ON DATABASE '"$db_database"' TO '"$db_username"';'
+    echo "Granted all privileges for $db_username on $db_database"
   fi
 
   echo "======================="
-  echo " Database '$db_database' Initialization complete for namespace $namespace"
+  echo " Database '$db_database' Initialization complete for  namespace $namespace"
   echo "======================="
 }
+
 #!/usr/bin/env bash
 
 # Port forward on the first matching pod
@@ -851,12 +950,58 @@ pick_pod() {
 
 #!/usr/bin/env bash
 
+bastion_config_for_redis_ca() {
+  ssh_config xufte6.0001.euw1.cache.amazonaws.com redis 2223 63789 tests testing recette-001 sandbox prod > $1
+}
+
+bastion_config_for_redis_toutatis() {
+  ssh_config xufte6.0001.euw1.cache.amazonaws.com toutatis 2223 63789 tests testing recette staging production > $1
+}
+
+ssh_config() {
+  host=$1
+  host_prefix=$2
+  port0=$3
+  forward0=$4
+  shift 4
+  instance_names=("$@") # /!\ indices start at 1 with zsh
+  ssh_header
+
+  environments=(tests testing recette staging production)
+
+  length=${#environments[@]}
+  for (( i=1; i<=${length}; i++ ));
+  do
+    bastion_block bastion_${environments[$i]} $(($port0 + $i)) $(($forward0 + $i)) ${host_prefix}-${instance_names[$i]}.$host
+  done
+}
+
+ssh_header() {
+  cat  <<EOF
+    UserKnownHostsFile /dev/null
+    StrictHostKeyChecking no
+    User root
+EOF
+}
+
+bastion_block() {
+  cat <<EOF
+    Host $1
+      HostName 127.0.0.1
+      Port $2
+      LocalForward $3 $4:6379
+EOF
+}
+
 redis_k8s() {
   MODE=$1
+  REDIS_INSTANCE=${2:-ca}
   case $MODE in
+	   "tests") SSH_LOCAL_PORT=2224;REDIS_LOCAL_PORT=63790;ENV="tests";;
 	   "testing") SSH_LOCAL_PORT=2225;REDIS_LOCAL_PORT=63791;ENV="testing";;
-	   "staging") SSH_LOCAL_PORT=2226;REDIS_LOCAL_PORT=63792;ENV="staging";;
-	   "production") SSH_LOCAL_PORT=2227;REDIS_LOCAL_PORT=63793;ENV="production";;
+	   "recette") SSH_LOCAL_PORT=2226;REDIS_LOCAL_PORT=63792;ENV="recette";;
+	   "staging") SSH_LOCAL_PORT=2227;REDIS_LOCAL_PORT=63793;ENV="staging";;
+	   "production") SSH_LOCAL_PORT=2228;REDIS_LOCAL_PORT=63794;ENV="production";;
 	   *) echo "Unsupported ENV : $MODE"; return 1 ;;
   esac
 
@@ -865,23 +1010,11 @@ redis_k8s() {
   lsof -ti  tcp:$REDIS_LOCAL_PORT | xargs kill
 
   bastion_config=$(mktemp)
-  cat > "$bastion_config" <<EOF
-	  UserKnownHostsFile /dev/null
-	  StrictHostKeyChecking no
-	  User root
-	  Host bastion_testing
-		HostName 127.0.0.1
-		Port 2225
-		LocalForward 63791 redis-testing.xufte6.0001.euw1.cache.amazonaws.com:6379
-	  Host bastion_staging
-		HostName 127.0.0.1
-		Port 2226
-		LocalForward 63792 redis-sandbox.xufte6.0001.euw1.cache.amazonaws.com:6379
-	  Host bastion_production
-		HostName 127.0.0.1
-		Port 2227
-    LocalForward 63793 redis-prod.xufte6.0001.euw1.cache.amazonaws.com:6379
-EOF
+  case $REDIS_INSTANCE in
+    "ca") bastion_config_for_redis_ca "$bastion_config";;
+    "toutatis") bastion_config_for_redis_toutatis "$bastion_config";;
+    *) echo "Unsupported redis instance (ca or toutatis available) : $REDIS_INSTANCE"; return 1;;
+  esac
 
   ssh -f -N \
   	-F "$bastion_config" \
@@ -1289,6 +1422,36 @@ search_business() {
   curl $URL
 }
 
+#!/bin/bash
+
+# source tolls.sh ; tolls antoine.thomas@colisweb.com
+function tolls() {
+  USER=${1:-first.last@colisweb.com}
+  FROM_DATE=${2:-"2023-02-01"}
+  TO_DATE=${3:-"2023-02-28"}
+
+  USER=$(gum input --prompt "username : " --value $USER)
+  TOKEN=$(./tour_details.sc login --user $USER --password $(gum input --password --placeholder password))
+  [ "$TOKEN" != "" ] && echo "connected" || return 1
+
+  FROM_DATE=$(gum input --prompt "Date start : " --value $FROM_DATE)
+  TO_DATE=$(gum input --prompt "Date end : " --value $TO_DATE)
+  FILENAME="tours-${FROM_DATE}-TO-${TO_DATE}.json"
+  curl --cookie "session=$TOKEN" "https://api.production.colisweb.com/api/v6/routes-plans/external?from=${FROM_DATE}&to=${TO_DATE}" > ~/Downloads/$FILENAME
+  echo "Tournées téléchargées"
+
+  projectIds=$(./tour_details.sc allProjects --file ~/Downloads/$FILENAME | gum choose --no-limit | cut -d "," -f 2)
+  echo "projets sélectionnés : $projectIds"
+  tourIds=$(./tour_details.sc allTours --file ~/Downloads/$FILENAME --projectIds "$projectIds")
+  echo "tournées sélectionnées : $tourIds"
+
+  TARGET="${FROM_DATE}-TO-${TO_DATE}.csv"
+  echo "appels à HERE, écriture dans $TARGET"
+  ./tour_details.sc allToursDetails --token $TOKEN --hereApiKey $HERE_API_KEY --routeIds "$tourIds" > "$TARGET"
+
+  echo "terminé"
+}
+
 #!/usr/bin/env bash
 
 # possible syntax:
@@ -1393,24 +1556,13 @@ jconsole_k8s() {
 
 #!/usr/bin/env bash
 
-# Interactive console on an existing pod. See also run_ruby_k8s
-# Ex :
-# railsc_k8s_old production
-# railsc_k8s_old production "User.where(email:'toni@colisweb.com')"
-railsc_k8s_old() {
-  ENV=$1
-  COMMAND=$2
-  configure_kubectl_for $ENV
-  POD=$(kubectl -n $ENV get pods -o=name | grep colisweb-api-web | head -1 | sed -e 's/pod\///')
-  KUBERAILS="kubectl -n $ENV exec -ti $POD -- /usr/src/app/bin/rails c"
-  [ -z "$COMMAND" ] && eval $KUBERAILS || echo $COMMAND | eval $KUBERAILS
-}
-
 # Interactive console on an new pod. See also run_ruby_k8s
 # Ex :
 # railsc_k8s production
+# railsc_k8s production "User.where(email:'toni@colisweb.com')"
 railsc_k8s() {
   ENV=$1
+  COMMAND=$2
   [[ $ENV = "production" || $ENV = "staging" ]] && default_tag="master-latest" || default_tag="${ENV}-latest"
   local image_tag=${5:-$default_tag}
   local IMAGE="949316342391.dkr.ecr.eu-west-1.amazonaws.com/colisweb-api:$image_tag"
@@ -1460,7 +1612,8 @@ railsc_k8s() {
     '
 
   sleep 5
-  kubectl -n $ENV exec -it $POD_NAME -- /usr/src/app/bin/rails c
+  KUBERAILS="kubectl -n $ENV exec -ti $POD_NAME -- /usr/src/app/bin/rails c"
+  [ -z "$COMMAND" ] && eval $KUBERAILS || echo $COMMAND | eval $KUBERAILS
 
   print "End of $POD_NAME "
   kubectl -n $ENV delete pods $POD_NAME
@@ -1730,11 +1883,18 @@ docker_build_push() {
 
   if ! image_exists $DOCKER_REGISTRY_ID $APPLICATION $CI_COMMIT_SHORT_SHA ; then
     docker pull $DOCKER_IMAGE || true
-    docker build $DOCKER_BUILD_ARGS -t $DOCKER_IMAGE_SHA --cache-from $DOCKER_IMAGE $DOCKER_STAGE_PATH
+    SOURCE_URL=${CI_PROJECT_URL:8} # without "https://" protocol, like gitlab.com/colisweb-idl/colisweb/back/packing
+    docker build $DOCKER_BUILD_ARGS \
+      -t $DOCKER_IMAGE_SHA \
+      --label org.opencontainers.image.revision=$(git rev-parse HEAD) \
+      --label org.opencontainers.image.source=$SOURCE_URL \
+      --cache-from $DOCKER_IMAGE \
+      $DOCKER_STAGE_PATH
     docker push $DOCKER_IMAGE_SHA
   fi
 }
 
+
 docker_promote() {
    # inspired by https://dille.name/blog/2018/09/20/how-to-tag-docker-images-without-pulling-them/
    OLD_TAG=${1//[^0-9a-zA-Z-.]/_}
@@ -1761,6 +1921,7 @@ docker_promote() {
      image_exists ${DOCKER_REGISTRY_ID} ${IMAGE_TO_CHECK} ${VERSION} || return 1
    done
  }
+
 #!/usr/bin/env bash
 
 extract_yaml_config_variable() {
@@ -1837,7 +1998,7 @@ flyway_clean() {
 
 #!/usr/bin/env bash
 
-FLYWAY_VERSION="5.2.4"
+FLYWAY_VERSION="7.4.0"
 
 
 get_yaml_variable() {
@@ -1923,7 +2084,7 @@ flyway_migrate() {
       "containers":[
          {
             "name":"'$POD_NAME'",
-            "image":"boxfuse/flyway:'$flyway_version'",
+            "image":"flyway/flyway:'$flyway_version'",
             "command":["flyway", "-url='$db_url'", "-user='$db_user'", "-password='$db_password'", "migrate"],
             "volumeMounts":[
                {
@@ -1948,6 +2109,63 @@ flyway_migrate() {
   kubectl -n $namespace delete configmap $CONFIGMAP_NAME
 }
 
+#!/usr/bin/env bash
+ flyway_repair() {
+  set -e
+  check_env_vars 4 "APPLICATION" "ENVIRONMENT" "FLYWAY_VERSION" "MIGRATION_SQL_PATH"
+
+  PG_YAML_PATH=".${APPLICATION}config.postgres"
+
+  DB_PORT="5432"
+  DB_HOST=$(get_yaml_variable "${PG_YAML_PATH}.host")
+  DB_DATABASE=$(get_yaml_variable "${PG_YAML_PATH}.database")
+  DB_USER=$(get_yaml_variable "${PG_YAML_PATH}.user")
+  DB_PASSWORD=$(get_yaml_variable "${PG_YAML_PATH}.password")
+  DB_URL="jdbc:postgresql://${DB_HOST}:${DB_PORT}/${DB_DATABASE}"
+
+  flyway_sql_folder=$(pwd)/${MIGRATION_SQL_PATH}
+
+  configure_kubectl_for_ci "${ENVIRONMENT}"
+  POD_NAME="${APPLICATION}-flyway-repair"
+  CONFIGMAP_NAME="${APPLICATION}-flyway-repair-sql"
+
+  kubectl -n "${ENVIRONMENT}" delete configmap $CONFIGMAP_NAME --ignore-not-found
+  kubectl -n "${ENVIRONMENT}" delete pod $POD_NAME --ignore-not-found
+  kubectl -n "${ENVIRONMENT}" create configmap $CONFIGMAP_NAME --from-file="${flyway_sql_folder}"
+
+  kubectl -n "${ENVIRONMENT}" run --rm  -it "${POD_NAME}" \
+  --image=flyway/flyway \
+  --restart=Never \
+  --overrides='
+  {
+     "spec":{
+        "containers":[
+           {
+              "name":"'$POD_NAME'",
+              "image":"flyway/flyway:'${FLYWAY_VERSION}'",
+              "command":["flyway", "-url='$DB_URL'", "-user='$DB_USER'", "-password='$DB_PASSWORD'", "repair"],
+              "volumeMounts":[
+                 {
+                    "name":"sql",
+                    "mountPath":"/flyway/sql"
+                 }
+              ]
+           }
+        ],
+        "volumes":[
+           {
+              "name":"sql",
+              "configMap":{
+                 "name":"'$CONFIGMAP_NAME'"
+              }
+           }
+        ]
+     }
+  }
+  '
+  kubectl -n "${ENVIRONMENT}" delete configmap $CONFIGMAP_NAME
+}
+
 #!/usr/bin/env bash
 
 record_git_commit() {