@colisweb/rescript-toolkit 5.46.4 → 5.47.0

package/.secure_files/ci-functions-v20.4.3

@@ -0,0 +1,3255 @@
+#!/usr/bin/env bash
+
+#VARIABLES
+export SCRIPT_FULL_PATH=$(dirname "$0")
+
+##FUNCTIONS
+# https://stackoverflow.com/questions/1527049/how-can-i-join-elements-of-an-array-in-bash
+join_by() {
+  local d=${1-} f=${2-}
+  if shift 2; then
+    printf %s "$f" "${@/#/$d}"
+  fi
+}
+
+mkstring() {
+	local start=$1
+	local separator=$2
+	local end=$3
+	shift 3
+
+	if [ $# -gt 0 ]; then
+    printf $start
+    join_by $separator $*
+    printf $end
+  fi
+}
+
+md5all() {
+    all_hash=$(mktemp)
+    for name in $*; do
+        find $name -type f -exec cat {} \; | md5sum | cut -f1 -d ' ' >> $all_hash
+    done;
+    cat $all_hash | md5sum | cut -f1 -d ' '
+}
+
+log() {
+  echo "$*" >&2
+}
+#!/usr/bin/env bash
+
+check_args() {
+  if [ -z $2 ] || [ "$1" != "$2" ]; then
+    echo >&2 "missing argument $1"
+    return 1
+  fi
+}
+
+check_env_vars() {
+  ArgsCount=$1 && shift
+  for ((i = 0; i < $ArgsCount; i++)); do
+    if [[ -z "${!1}" ]]; then
+      echo >&2 "missing ENV $1"
+      return 1
+    fi
+    shift
+  done
+}
+
+extract_arg() {
+  name=$1
+  passed=$2
+  value=$3
+  if [ "--$name" != "$passed" ]; then
+    echo "missing argument $name"
+    return 1
+  fi
+  eval $name='$value'
+}
+
+extract_args() {
+  declare -a Array_Args
+  ArgsCount=$1 && shift
+  for ((i = 0; i < $ArgsCount; i++)); do
+    Array_Args[i]=$1 && shift
+  done
+  for ArgName in "${Array_Args[@]}"; do
+    extract_arg "$ArgName" $* && shift 2
+  done
+}
+
+#!/usr/bin/env bash
+
+aws_ecr_login() {
+  PATH=/root/.local/bin:$PATH
+
+  aws ecr get-login-password \
+    | docker login --username AWS --password-stdin 949316342391.dkr.ecr.eu-west-1.amazonaws.com \
+    || (echo "you should update to AWS CLI version 2 https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html " $(aws ecr get-login --region=eu-west-1 --no-include-email) )
+}
+
+aws_ecr_token() {
+  aws ecr get-authorization-token --region=eu-west-1 --output text --query 'authorizationData[].authorizationToken'
+}
+
+
+#!/usr/bin/env bash
+
+# If gitlab is down or pipeline are stuck, hotfixes need to be available
+# This script will publish docker images to ECR using your current git HEAD, then deploy them to a given environment.
+# Some local files (git-commit.conf and sentry.properties) will be updated, take caution.
+# No trace of this will appear on Gitlab (no releases, no pipelines, no tags).
+# create_hotfix_scala $ENVIRONMENT $CHART_NAME [ $MODULE_NAME $MODULE_PATH $DEPLOYMENT ]
+# create_hotfix_scala testing crm main modules/3-executables/main crm
+# create_hotfix_scala testing notification \
+#   main-http modules/3-executables/main-http notification-http \
+#   main-consumer modules/3-executables/main-consumer notification-consumer
+
+create_hotfix_scala() {
+
+  ENVIRONMENT=$1
+  CHART_NAME=$2
+  shift 2
+
+  SHORT_SHA=$(git rev-parse --short HEAD)
+  HOTFIX_TAG="hotfix-$SHORT_SHA"
+
+  gum confirm "Preparing $HOTFIX_TAG for $CHART_NAME ?" || exit
+  prepare_hotfix_scala $HOTFIX_TAG
+
+  gum confirm "Building $HOTFIX_TAG for $CHART_NAME ?" || exit
+  while [[ $# -gt 2 ]] ; do
+    build_hotfix_scala $HOTFIX_TAG "$1" "$2" "$3"
+    shift 3
+  done
+
+  gum confirm "Deploying $HOTFIX_TAG for $CHART_NAME ?" || exit
+  deploy_hotfix $CHART_NAME $ENVIRONMENT $HOTFIX_TAG
+}
+
+# Update local git-commit.conf and sentry.properties files using git short sha
+prepare_hotfix_scala() {
+  HOTFIX_TAG=$1
+
+  git secret reveal -f
+  aws_ecr_login
+
+  COMMIT_CONF_FILES=$(find . -name "git-commit.conf")
+  SENTRY_PROPERTIES_FILES=$(find . -name "sentry.properties")
+
+  for file in $(echo "$COMMIT_CONF_FILES\n$SENTRY_PROPERTIES_FILES"); do
+      sed -i '' -e 's&GIT_COMMIT&'"$HOTFIX_TAG&" $file
+  done
+
+}
+
+# Build docker images locally and publish them to AWS ECR.
+build_hotfix_scala() {
+
+  HOTFIX_TAG=$1
+  SBT_MODULE=$2
+  DOCKER_PATH=$3
+  DEPLOYMENT=$4
+
+  DOCKER_REGISTRY_ID="949316342391"
+  DOCKER_REGISTRY="$DOCKER_REGISTRY_ID.dkr.ecr.eu-west-1.amazonaws.com"
+  DOCKER_IMAGE=$DOCKER_REGISTRY/$DEPLOYMENT
+  HOTFIX_IMAGE=$DOCKER_IMAGE:$HOTFIX_TAG
+
+  #Build
+  sbt "project $SBT_MODULE" "Docker / stage"
+
+  #Publish
+  docker build --platform "linux/amd64" -t $HOTFIX_IMAGE --cache-from $DOCKER_IMAGE "$DOCKER_PATH/target/docker/stage"
+  docker push $HOTFIX_IMAGE
+
+  echo "Created hotfix $HOTFIX_IMAGE"
+}
+
+# Deploy the project in the given environment
+deploy_hotfix() {
+  source $colisweb_scripts/ci/helm.sh
+
+  CHART_NAME=$1
+  ENVIRONMENT=$2
+  HOTFIX_TAG=$3
+
+  CONFIG_PATH=deploy
+  CHART_PATH=$CONFIG_PATH/$CHART_NAME
+  ROOT_PATH=$(pwd)
+
+  # Unset Kubectl configuration made via the KUBECONFIG env variable
+  #  it would override the config made by configure_kubectl_for
+  #  for example, using Gitlab runners in Kubernetes sets this variable and causes conflict
+  unset KUBECONFIG
+
+  # Configure Kubectl
+  configure_kubectl_for $ENVIRONMENT
+
+  # Avoiding "no local-index.yaml" or "empty local-index.yaml" error
+  cat > $HOME/Library/Caches/helm/repository/local-index.yaml <<EOT
+apiVersion: v1
+entries:
+  cronjob:
+EOT
+
+  # helm stable repo have changed and must be updated manually, in versions < v2.17.0
+  helm repo add colisweb s3://colisweb-helm-charts/colisweb  --force-update
+  helm repo add stable https://charts.helm.sh/stable --force-update
+  helm repo update
+  helm dependency update ${ROOT_PATH}/${CHART_PATH}
+
+  # Gather values/*.yaml files
+  VALUES_PATH="${ROOT_PATH}/${CHART_NAME}/values"
+  VALUES_FILES=''
+  [ -d $VALUES_PATH ] && VALUES_FILES=$(find $VALUES_PATH -type f -maxdepth 1 -name "*.yaml" | sed 's/^/ -f /' | tr -d \\n | sed 's/%//')
+
+  # Deploy
+  helm upgrade --install \
+    --namespace ${ENVIRONMENT} \
+    ${VALUES_FILES} \
+    -f ${ROOT_PATH}/${CONFIG_PATH}/common.yaml \
+    -f ${ROOT_PATH}/${CONFIG_PATH}/${ENVIRONMENT}.yaml \
+    -f ${ROOT_PATH}/${CONFIG_PATH}/${ENVIRONMENT}-secrets.yaml \
+    --set global.version=$HOTFIX_TAG \
+    ${CHART_NAME} ${ROOT_PATH}/${CHART_PATH}
+
+
+  verify_deployments -t 10m $ENVIRONMENT $CHART_NAME
+
+}
+
+#!/usr/bin/env bash
+
+image_exists() {
+  set -e
+
+  REGISTRY=$1
+  REPOSITORY=$2
+  IMAGE=$3
+
+  TAGGED_IMAGE="$REGISTRY/$REPOSITORY:$IMAGE"
+
+  aws ecr describe-images --registry-id $REGISTRY --repository-name $REPOSITORY --image-ids "imageTag=$IMAGE"
+
+  if [ $? -eq 0 ]
+  then
+    echo "Image $TAGGED_IMAGE already present in distant repo"
+    return 0
+  else
+    echo "Image $TAGGED_IMAGE NOT present in distant repo"
+    return 1
+  fi
+}
+#!/usr/bin/env bash
+
+gmm() {
+  git checkout $1
+  git pull
+  git checkout $2
+  git pull
+  git merge $1
+  git push
+}
+
+git_damn_merge() {
+  git checkout $1
+  git pull
+  git checkout $2
+  git dammit
+  git merge $1
+  git push
+}
+
+git_prune_local_branches() {
+  git branch -r |
+    awk '{print $1}' |
+    egrep -v -f /dev/fd/0 <(git branch -vv | grep origin) |
+    awk '{print $1}' |
+    xargs git branch -d
+}
+
+gum_checkout() {
+  git branch -a | cut -f3- -d "/" | gum filter | xargs git checkout
+}
+
+# useful option :
+#  export GIT_SUBLINE_MERGE_NON_INTERACTIVE_MODE=TRUE
+# see https://github.com/paulaltin/git-subline-merge
+setup_subline_merge() {
+  location=${1:-"--local"}
+
+  case $location in
+  --local)
+    if [ -d ".git" ]; then
+      echo "* merge=subline" >>.git/info/attributes
+    else
+      echo "Cannot use local option, not in a git repository"
+      return 1
+    fi
+    ;;
+  --global)
+    echo "* merge=subline" >>~/.gitattributes
+    ;;
+  *)
+    echo "unknown argument $location"
+    return 2
+    ;;
+  esac
+
+  git config $location merge.conflictStyle diff3
+  git config $location merge.subline.driver "$colisweb_scripts/shell-session/shell/dev/git-subline-merge %O %A %B %L %P"
+  git config $location merge.subline.recursive binary
+}
+
+rebase_from_ancestor() {
+  set -x
+  branch=$1
+  tip=$(git rev-parse HEAD)
+  ancestor=$(git merge-base $branch $tip)
+  commits=$(git log $ancestor..$tip)
+  git reset --hard $ancestor
+  git merge --squash $tip
+  git commit -m "squashed commmits $commits" || echo "nothing committed"
+  git rebase $branch -Xtheirs
+}
+
+#!/usr/bin/env bash
+
+import_all_pgp_keys() {
+  echo "importing all PGP keys"
+  gpg --import $SCRIPT_FULL_PATH/pgp_keys/*.key
+}
+
+remove_all_persons_from_secrets() {
+    echo "cleanup git secret"
+    WHO_KNOWS=($(git secret whoknows))
+    git secret removeperson $WHO_KNOWS
+    echo "Removed secrets access for $WHO_KNOWS"
+}
+
+all_pgp_emails() {
+  gpg --show-key $SCRIPT_FULL_PATH/pgp_keys/*.key | sed -rn "s/.*<(.*)>/\1/p"
+}
+
+set_all_secret_keys() {
+
+  import_all_pgp_keys
+
+  git secret reveal -f
+
+  remove_all_persons_from_secrets
+
+  if [ $# -eq 0 ]; then
+    echo "No emails supplied, using dev-tools pgp keys as source"
+    IN_THE_KNOW=($(gum choose --no-limit $(all_pgp_emails)))
+  else
+    IN_THE_KNOW=($*)
+  fi
+
+  git secret tell $IN_THE_KNOW
+  git secret hide
+  git secret whoknows
+
+  echo "all secrets updated, you'll need to commit the changes"
+}
+
+#!/usr/bin/env bash
+
+start_ssh_bastion() {
+  ENV=$1
+  SSH_LOCAL_PORT=$2
+  POD_NAME=ssh-bastion-$USERNAME
+  CONFIG_MAP_NAME=ssh-bastion-$USERNAME
+  configure_kubectl_for $ENV
+  kubectl get pods -o name | grep pod/$POD_NAME
+  if [ $? -eq 0 ]; then
+    echo "$POD_NAME is already running"
+  else
+  	#configmap
+    kubectl get configmap $CONFIG_MAP_NAME && kubectl delete configmap $CONFIG_MAP_NAME
+    tempdir=$(mktemp -d)
+    cat <<EOF  > $tempdir/sshd_config
+AllowTcpForwarding yes
+Port 2222
+PermitRootLogin yes
+AuthorizedKeysFile /etc/ssh/authorized_keys
+EOF
+	cp ~/.ssh/id_rsa.pub $tempdir/authorized_keys
+    kubectl create configmap $CONFIG_MAP_NAME --from-file=$tempdir
+
+	#pod
+    kubectl get pod  $POD_NAME && kubectl delete pod $POD_NAME
+    cat <<EOF | kubectl create -f -
+
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      name: $POD_NAME
+    spec:
+      containers:
+      - name: $POD_NAME
+        image: sickp/alpine-sshd:7.4
+        ports:
+        - containerPort: 2222
+        volumeMounts:
+        - mountPath: /etc/ssh/sshd_config
+          name: ssh-config
+          subPath: sshd_config
+        - mountPath: /etc/ssh/authorized_keys
+          name: ssh-config
+          subPath: authorized_keys
+      volumes:
+      - name: ssh-config
+        configMap:
+          name: $CONFIG_MAP_NAME
+EOF
+
+  fi
+
+  # You need a recent kubectl for wait to work (1.15 works), install or upgrade
+  # with brew :
+  # brew install kubernetes-cli
+  # brew upgrade kubernetes-cli
+  kubectl wait --for=condition=Ready pod/$POD_NAME
+
+  # kube port-forward
+  lsof -ti  tcp:$SSH_LOCAL_PORT | xargs kill
+  kubectl port-forward $POD_NAME $SSH_LOCAL_PORT:2222 &
+  while ! nc -z 127.0.0.1 $SSH_LOCAL_PORT; do
+    sleep 1
+  done
+  echo "forwarding ssh via local port $SSH_LOCAL_PORT"
+  echo "remember to terminate the bastion with 'stop_ssh_bastion'"
+}
+
+stop_ssh_bastion() {
+  POD_NAME=ssh-bastion-$USERNAME
+  kubectl delete pod $POD_NAME
+}
+
+#!/usr/bin/env bash
+
+configure_kubectl_for() {
+  local infra_env="$1"
+  local valid_envs="[testing][staging][production][performance][tests][recette]"
+  echo "$valid_envs" | grep -q "\[$infra_env\]"
+
+  if [ $? -ne 0 ]; then
+    echo "Cannot configure kubectl for invalid env : $infra_env"
+    echo "choose one of $valid_envs"
+    return 1
+  fi
+
+  aws eks update-kubeconfig --name "toutatis-$infra_env-eks" >&2
+}
+
+#!/usr/bin/env bash
+
+# WARNING : never try to do a dump directly from the database_production_ca
+# this could cause lot of lock database issues.
+# always use database_production_read_replica_ca instead
+database_k8s() {
+  MODE=$1
+  case $MODE in
+  	 "tests") SSH_LOCAL_PORT=2224;COMP_LOCAL_PORT=25550;PG_LOCAL_PORT=24440;CA_LOCAL_PORT=25430;ENV="tests";;
+	   "testing") SSH_LOCAL_PORT=2225;COMP_LOCAL_PORT=25551;PG_LOCAL_PORT=24441;CA_LOCAL_PORT=25431;ENV="testing";;
+	   "staging") SSH_LOCAL_PORT=2226;COMP_LOCAL_PORT=25552;PG_LOCAL_PORT=24442;CA_LOCAL_PORT=25432;ENV="staging";;
+	   "production") SSH_LOCAL_PORT=2227;COMP_LOCAL_PORT=25553;PG_LOCAL_PORT=24443;CA_LOCAL_PORT=25433;ENV="production";;
+	   "production_rw") SSH_LOCAL_PORT=2227;COMP_LOCAL_PORT=25554;PG_LOCAL_PORT=24444;CA_LOCAL_PORT=25434;ENV="production";;
+	   "recette") SSH_LOCAL_PORT=2228;COMP_LOCAL_PORT=25556; PG_LOCAL_PORT=24446;CA_LOCAL_PORT=25436;ENV="recette";;
+	   *) echo "Unsupported ENV : $MODE"; return 1 ;;
+  esac
+
+  start_ssh_bastion $ENV $SSH_LOCAL_PORT
+
+  lsof -ti  tcp:$PG_LOCAL_PORT | xargs kill
+
+  bastion_config=$(mktemp)
+  cat > "$bastion_config" <<EOF
+	  UserKnownHostsFile /dev/null
+	  StrictHostKeyChecking no
+	  User root
+	  Host bastion_tests
+    HostName 127.0.0.1
+    Port 2224
+    LocalForward 24440 toutatis-tests-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+	  Host bastion_testing
+		HostName 127.0.0.1
+		Port 2225
+		LocalForward 24441 toutatis-testing-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+    LocalForward 25551 toutatis-testing-composite-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+		LocalForward 25431 toutatis-testing-mysql-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+		LocalForward 25531 testapirds.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+		LocalForward 25561 toutatis-testing-oracle-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:1521
+	  Host bastion_staging
+		HostName 127.0.0.1
+		Port 2226
+		LocalForward 24442 toutatis-staging-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+		LocalForward 25552 toutatis-staging-composite-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+		LocalForward 25432 toutatis-staging-mysql-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+    Host bastion_recette
+		HostName 127.0.0.1
+		Port 2228
+		LocalForward 24446 toutatis-recette-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+		LocalForward 25556 toutatis-recette-composite-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+		LocalForward 25436 toutatis-recette-mysql-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+		LocalForward 25536 testapirds.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+	  Host bastion_production
+		HostName 127.0.0.1
+		Port 2227
+    LocalForward 24443 toutatis-production-db-replica.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+    LocalForward 25553 toutatis-production-composite-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+    LocalForward 25433 toutatis-production-mysql-db-replica.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+EOF
+  if [ "$MODE" = "production_rw" ] ; then
+    cat >> "$bastion_config" <<EOF
+      LocalForward 24444 toutatis-production-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:5432
+      LocalForward 25434 toutatis-production-mysql-db.ca0rjdmnxf1x.eu-west-1.rds.amazonaws.com:3306
+EOF
+  fi
+
+  ssh -f -N \
+  	-F "$bastion_config" \
+  	"bastion_$ENV"
+
+  echo "sample command (composite) : 'psql postgres://postgres@127.0.0.1:$COMP_LOCAL_PORT'"
+  echo "sample command : 'psql postgres://postgres@127.0.0.1:$PG_LOCAL_PORT'"
+  echo "sample command : 'mysql -u colisweb -h 127.0.0.1 -P $CA_LOCAL_PORT -p db_name'"
+
+  echo "run 'kubectl delete pod $POD_NAME' when you have finished"
+}
+
+psql_on_k8() {
+  NAMESPACE=$1
+  SERVICE=$2
+  CONNECTION=$3
+  shift 3
+
+  kubectl -n $NAMESPACE run ${SERVICE}-postgres-init \
+    --image jbergknoff/postgresql-client \
+    --restart=Never \
+    --attach --rm \
+    -- \
+    postgresql://${CONNECTION} \
+    "$*"
+}
+
+mysql_on_k8() {
+  local namespace=$1
+  local service=$2
+  local db_host=$3
+  local db_port=$4
+  local db_init_username=$5
+  local db_init_password=$6
+  local query=$7
+
+  kubectl -n ${namespace} run ${service}-mysql-init \
+    --image arey/mysql-client \
+    --restart=Never \
+    --attach --rm \
+    -- \
+    mysql --host=$db_host --user=$db_init_username --password=$db_init_password --port=$db_port --execute="$query"
+}
+#!/usr/bin/env bash
+
+kube_init_database_once() {
+
+  extract_args 8 namespace db_host db_port db_init_username db_init_password db_database db_username db_password $*
+
+  echo "======================="
+  echo " Initializing Database '$db_database' for namespace $namespace"
+  echo "======================="
+
+  echo "Checking if Database '$db_database' exists"
+  set +e
+  psql_on_k8 $namespace once "$db_init_username:$db_init_password@$db_host:$db_port" -lqtA | cut -d\| -f1 | grep "^$db_database$"
+  return_code=$?
+  set -e
+
+  if [ ${return_code} -eq 0 ]; then
+    echo "Database $db_database already exists - nothing to do"
+  else
+    echo "Database $db_database does not exist - initializing"
+
+    psql_on_k8 $namespace once "$db_init_username:$db_init_password@$db_host:$db_port" -c 'CREATE DATABASE '"$db_database"';'
+    echo "DB created $db_database"
+
+    psql_on_k8 $namespace once "$db_init_username:$db_init_password@$db_host:$db_port" -c 'CREATE USER '"$db_username"' WITH ENCRYPTED PASSWORD '"'$db_password'"';'
+    echo "USER created $db_username"
+
+    psql_on_k8 $namespace once "$db_init_username:$db_init_password@$db_host:$db_port" -c 'GRANT ALL PRIVILEGES ON DATABASE '"$db_database"' TO '"$db_username"';'
+    echo "Granted all privileges for $db_username on $db_database"
+  fi
+
+  echo "======================="
+  echo " Database '$db_database' Initialization complete for namespace $namespace"
+  echo "======================="
+}
+
+kube_init_database_readonly_account() {
+
+  extract_args 6 namespace service db_connection db_database db_readonly_username db_readonly_password $*
+
+  echo "======================="
+  echo " Initializing Readonly Account '$db_readonly_username' for '$db_database' for namespace $namespace"
+  echo "======================="
+
+  # Print commands before execution, except echo
+  trap '[[ $BASH_COMMAND != echo* ]] && echo $BASH_COMMAND' DEBUG
+
+  echo "Checking if Readonly account '$db_readonly_username' for '$db_database' exists"
+  set +e
+  psql_on_k8 $namespace $service $db_connection -qtAc 'SELECT rolname FROM pg_roles;' | grep "^$db_readonly_username$"
+  return_code=$?
+  set -e
+
+  if [ ${return_code} -eq 0 ]; then
+    echo "Account $db_readonly_username already exists - nothing to do"
+  else
+    echo "Account $db_readonly_username does not exist - creating"
+
+    psql_on_k8 $namespace $service $db_connection -c 'CREATE USER '"$db_readonly_username"' WITH ENCRYPTED PASSWORD '"'$db_readonly_password'"';'
+    psql_on_k8 $namespace $service $db_connection -c 'GRANT CONNECT ON DATABASE '"$db_database"' TO '"$db_readonly_username"';'
+    psql_on_k8 $namespace $service $db_connection -c 'GRANT USAGE ON SCHEMA public TO '"$db_readonly_username"';'
+    psql_on_k8 $namespace $service $db_connection -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO '"$db_readonly_username"';'
+    psql_on_k8 $namespace $service $db_connection -c 'ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO '"$db_readonly_username"';'
+
+    echo "Created user with read-only permissions for $db_readonly_username on $db_database (schema public)"
+  fi
+}
+
+kube_init_datadog_in_database() {
+  extract_args 8 namespace db_host db_port db_init_username db_init_password db_datadog_username db_datadog_password db_datadog_schema $*
+
+  echo "======================="
+  echo " Initializing Datadog Agent Requirement for namespace $namespace"
+  echo "======================="
+
+  echo "Checking if User  '$db_datadog_username' exists"
+  local service="datadog"
+  found_db_users=$(mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'SELECT user FROM mysql.user;')
+  set +e
+  echo "$found_db_users" | grep "^$db_datadog_username$"
+  return_code=$?
+  set -e
+
+  if [ ${return_code} -eq 0 ]; then
+    echo "User $db_datadog_username already exists - nothing to do"
+  else
+    echo "User $db_datadog_username does not exist - initializing"
+
+    # All the query come from this docs : https://docs.datadoghq.com/fr/database_monitoring/setup_mysql/selfhosted/?tab=mysql56
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'CREATE USER '"$db_datadog_username"'@"%" IDENTIFIED BY '"'$db_datadog_password'"';'
+    echo "USER created $db_datadog_username"
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT REPLICATION CLIENT ON *.* TO datadog@"%" WITH MAX_USER_CONNECTIONS 5;'
+    echo "ALTER USER $db_datadog_username"
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT PROCESS ON *.* TO '"$db_datadog_username"'@"%";'
+    echo "Granted PROCESS for $db_datadog_username"
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT SELECT ON performance_schema.* TO '"$db_datadog_username"'@"%";'
+    echo "Granted SELECT on performance_schema for $db_datadog_username"
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'CREATE SCHEMA IF NOT EXISTS datadog;'
+    echo "CREATE SCHEMA datadog"
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT EXECUTE ON datadog.* to '"$db_datadog_username"'@"%";'
+    echo "Granted 'GRANT EXECUTE for $db_datadog_username on datadog"
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'GRANT CREATE TEMPORARY TABLES ON datadog.* TO '"$db_datadog_username"'@"%";'
+    echo "Granted  CREATE TEMPORARY TABLES for $db_datadog_username"
+
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS datadog.explain_statement;
+                  DELIMITER $$
+                  CREATE PROCEDURE datadog.explain_statement(IN query TEXT)
+                      SQL SECURITY DEFINER
+                  BEGIN
+                      SET @explain := CONCAT("EXPLAIN FORMAT=json ", query);
+                      PREPARE stmt FROM @explain;
+                      EXECUTE stmt;
+                      DEALLOCATE PREPARE stmt;
+                  END $$
+                  DELIMITER ;'
+   echo "CREATE PROCEDURE PROCEDURE datadog.explain_statement"
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS '"$db_datadog_username"'.explain_statement;
+                    DELIMITER $$
+                    CREATE PROCEDURE '"$db_datadog_username"'.explain_statement(IN query TEXT)
+                        SQL SECURITY DEFINER
+                    BEGIN
+                        SET @explain := CONCAT("EXPLAIN FORMAT=json ", query);
+                        PREPARE stmt FROM @explain;
+                        EXECUTE stmt;
+                        DEALLOCATE PREPARE stmt;
+                    END $$
+                    DELIMITER ;
+                    GRANT EXECUTE ON PROCEDURE '"$db_datadog_username"'.explain_statement TO datadog@"%";'
+    echo "CREATE PROCEDURE on SCHEMA $db_datadog_schema for $db_datadog_username"
+
+    mysql_on_k8 $namespace $service $db_host $db_port $db_init_username $db_init_password 'DROP PROCEDURE IF EXISTS datadog.enable_events_statements_consumers;
+                  DELIMITER $$
+                  CREATE PROCEDURE datadog.enable_events_statements_consumers()
+                      SQL SECURITY DEFINER
+                  BEGIN
+                      UPDATE performance_schema.setup_consumers SET enabled="YES" WHERE name LIKE "events_statements_%";
+                  END $$
+                  DELIMITER ;
+                  GRANT EXECUTE ON PROCEDURE datadog.enable_events_statements_consumers TO datadog@"%";'
+
+    echo "CREATE PROCEDURE on datadog.enable_events_statements_consumers"
+  fi
+
+  echo "======================="
+  echo " Database '$db_datadog_schema' Initialization complete for namespace $namespace"
+  echo "======================="
+}
+
+kube_init_datadog_in_postgres_database() {
+  extract_args 7 namespace db_host db_port db_init_username db_init_password db_datadog_username db_datadog_password $*
+
+  local service="datadog"
+  local db_connection="$db_init_username:$db_init_password@$db_host:$db_port"
+
+  echo "======================="
+  echo " Initializing $service Agent On PostgresSQL Database Requirement for namespace $namespace"
+  echo "======================="
+
+  echo "Checking if User  '$db_datadog_username' exists"
+
+  set +e
+  if psql_on_k8 $namespace $service $db_connection -qtAc 'SELECT usename FROM pg_catalog.pg_user;' | grep "^$db_datadog_username$";
+  then
+    echo "User $db_datadog_username already exists - nothing to do"
+  else
+    echo "User $db_datadog_username does not exist - initializing"
+
+    set -e
+    psql_on_k8 $namespace $service $db_connection -qc 'CREATE USER '"$db_datadog_username"' WITH password '"'$db_datadog_password'"';'
+    echo "User created $db_datadog_username"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'CREATE SCHEMA datadog;'
+    echo "Schema datadog created"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'GRANT USAGE ON SCHEMA datadog TO datadog;'
+    echo "Granted usage for datadog schema to datadog"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'GRANT USAGE ON SCHEMA public TO datadog;'
+    echo "Granted usage for public schema to datadog"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'GRANT pg_monitor TO datadog;'
+    echo "Granted pg_monitor to datadog"
+
+    psql_on_k8 $namespace $service $db_connection -qc 'CREATE EXTENSION IF NOT EXISTS pg_stat_statements schema public;'
+    echo "Extension pg_stat_statements created"
+
+    local datadog_function_path="/tmp/datatog-explain-statement-function.sql"
+    local datadog_function="CREATE OR REPLACE FUNCTION datadog.explain_statement(
+         l_query TEXT,
+         OUT explain JSON
+      )
+      RETURNS SETOF JSON AS
+      \\$\\$
+      DECLARE
+      curs REFCURSOR;
+      plan JSON;
+
+      BEGIN
+         OPEN curs FOR EXECUTE pg_catalog.concat('EXPLAIN (FORMAT JSON) ', l_query);
+         FETCH curs INTO plan;
+         CLOSE curs;
+         RETURN QUERY SELECT plan;
+      END;
+      \\$\\$
+      LANGUAGE 'plpgsql'
+      RETURNS NULL ON NULL INPUT
+      SECURITY DEFINER;"
+
+    kubectl -n $namespace run $service-postgres-init \
+      --image jbergknoff/postgresql-client \
+      --restart=Never \
+      --attach --rm \
+      --command \
+      -- \
+      /bin/sh -c "echo -e \"$datadog_function\" > $datadog_function_path; psql postgresql://$db_connection -qf $datadog_function_path"
+
+    echo "Function datadog.explain_statement created"
+  fi
+
+  echo "======================="
+  echo " Database $service Initialization complete for namespace $namespace"
+  echo "======================="
+}
+
+kube_init_service_database() {
+
+  extract_args 9 namespace service db_host db_port db_init_username db_init_password db_database db_username db_password $*
+
+  local db_connection="$db_init_username:$db_init_password@$db_host:$db_port"
+
+  echo "Checking if Database '$db_database' exists"
+  set +e
+  psql_on_k8 $namespace $service $db_connection -lqtA | cut -d\| -f1 | grep "^$db_database$"
+  return_code=$?
+  set -e
+
+  if [ ${return_code} -eq 0 ]; then
+    echo "Database $db_database already exists - nothing to do"
+  else
+    echo "Database $db_database does not exist - initializing"
+
+    psql_on_k8 $namespace $service $db_connection -c 'CREATE DATABASE '"$db_database"';'
+    echo "DB created $db_database"
+
+    psql_on_k8 $namespace $service $db_connection -c 'CREATE USER '"$db_username"' WITH ENCRYPTED PASSWORD '"'$db_password'"';'
+    echo "USER created $db_username"
+
+    psql_on_k8 $namespace $service $db_connection -c 'GRANT ALL PRIVILEGES ON DATABASE '"$db_database"' TO '"$db_username"';'
+    echo "Granted all privileges for $db_username on $db_database"
+  fi
+
+  echo "======================="
+  echo " Database '$db_database' Initialization complete for  namespace $namespace"
+  echo "======================="
+}
+
+#!/usr/bin/env bash
+
+# Allow to use JMX connection to retrieve data and metrics from the pods within kubernetes
+# You will need visualVM to use this tool https://visualvm.github.io/
+# ex: bind_jmx testing notification
+bind_jmx() {
+
+  local ENV=$1
+  local SERVICE_NAME=$2
+  local PORT=2242
+
+  start_ssh_bastion $ENV $PORT
+
+  echo "root" | ssh -f -N -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -D 7777 root@127.0.0.1 -p 2242
+  local PODS=$(kubectl -n $ENV get pods -o wide | grep $SERVICE_NAME | grep -Eo '^[^ ]+')
+
+  echo "Choose one of the following pod to get metrics from..."
+  local POD_NAME=$(gum choose $PODS)
+  local POD_IP=$(
+    kubectl -n $ENV get pods -o jsonpath='{range .items[*]}{.metadata.name}{" "}{.status.podIP}{"\n"}{end}' |
+    grep $POD_NAME |
+    cut -d' ' -f2 |
+    head -1
+  )
+
+  jconsole -J-DsocksProxyHost=localhost \
+    -J-DsocksProxyPort=7777 \
+    service:jmx:rmi:///jndi/rmi://$POD_IP:7199/jmxrmi \
+    -J-DsocksNonProxyHosts= &
+
+  cat << EOF
+  Now start VisualVM
+  Preferences > Network > Manual Proxy Settings
+  SOCKS Proxy Line: Set 'localhost' and Port '7777'
+  File > Add JMX Connection
+  Set $POD_IP:7199, check 'do not require an SSL connection'
+  Remember to kill you bastion afterward using 'stop_ssh_bastion'
+EOF
+}
+#!/usr/bin/env bash
+
+function kstatus() {
+  if [ -z "$3" ]
+    then
+    configure_kubectl_for $1 && watch -n 1 "kubectl -n $1 get $2"
+  else
+    configure_kubectl_for $1 && watch -n 1 "kubectl -n $1 get $2 | grep $3"
+  fi
+}
+
+#!/usr/bin/env bash
+
+k8_nodes_stats() {
+  ENV=${1:-testing}
+
+  configure_kubectl_for "${ENV}"
+
+  kubectl get nodes -o name  |
+    xargs kubectl describe |
+    grep "^Name\|workType\|cpu  \|memory  "  |
+    sed -r 's/[ :=]+/\t/g' |
+    sed 's/\tworkType\t//g' |
+    sed -r 's/^Name/---\nName/g' |
+    grep --color "Name\|web\|workers\|cpu\|memory\|---"
+}
+
+#!/usr/bin/env bash
+
+# Port forward on the first matching pod
+# Ex :
+# pod_forward testing notification-http
+# pod_forward testing colisweb-api-web 3333 3000
+pod_forward() {
+  ENV=$1
+  POD_FILTER=$2
+  LOCAL_PORT=${3:-8080}
+  POD_PORT=${4:-8080}
+
+  if PID=$(lsof -ti tcp:$LOCAL_PORT); then
+    echo "killing process $PID which uses port $LOCAL_PORT"
+    kill $PID
+  fi
+
+  configure_kubectl_for $ENV
+
+  POD=`pick_pod $ENV $POD_FILTER`
+
+  echo "setting up forwarding to $POD"
+  kubectl -n $ENV port-forward $POD $LOCAL_PORT:$POD_PORT &
+  PID=$!
+
+  while ! echo exit | nc localhost $LOCAL_PORT > /dev/null; do
+    sleep 1
+    echo "waiting for port $LOCAL_PORT to be open locally"
+  done
+  echo "port $LOCAL_PORT is now available on localhost, forwarding to $ENV $POD:$POD_PORT"
+  echo 'you can terminate it with "kill '$PID'" or "kill $(lsof -ti tcp:'$LOCAL_PORT')"'
+}
+
+# prompts to pick a pod and run a command like bash inside
+# pod_exec testing
+# pod_exec testing bash
+# pod_exec testing bash colisweb-api
+pod_exec() {
+  ENV=$1
+  COMMAND=${2:-bash}
+  configure_kubectl_for $ENV
+  POD_FILTER=$3
+  POD=`pick_pod $ENV $POD_FILTER`
+  echo "running $COMMAND inside $POD"
+  kubectl -n $ENV exec -ti $POD -- $COMMAND
+}
+
+# prompts to pick a pod and copy from a local file to the pod
+# pod_copy_to testing localfile remotefile
+# pod_copy_to testing localfile remotefile colisweb-api
+pod_copy_to() {
+  ENV=$1
+  LOCAL_FILE=$2
+  REMOTE_FILE=$3
+  configure_kubectl_for $ENV
+  POD_FILTER=$4
+  POD=`pick_pod $ENV $POD_FILTER`
+  kubectl cp $LOCAL_FILE $ENV/$POD:$REMOTE_FILE
+}
+
+
+pick_pod() {
+  ENV=$1
+  POD_FILTER=$2
+  configure_kubectl_for $ENV
+
+  if [ -z "$2" ] ; then
+    kubectl -n $ENV get pods | gum filter | cut -f1 -d" "
+  else
+      if PODS=$(kubectl -n $ENV get pods | grep -m1 "$POD_FILTER" | cut -f1 -d" "); then
+        echo $PODS
+      else
+        echo "no pods found on $ENV matching $POD_FILTER" >&2
+      fi
+  fi
+}
+
+# pods_settings $ENV
+# Will output a CSV (;) of all deployments on this environment with cpu and memory request and limits
+# Errors and null outputs are ignored and won't be in the output.
+pods_resources() {
+  ENV=$1
+  configure_kubectl_for $ENV
+  DEPLOYMENTS=(
+    $(kubectl -n $ENV get deployments | grep -Eo '^[^ ]+' | grep -v 'NAME')
+  )
+  echo "deployment; request_cpu; request_memory; limits_cpu;limits_memory"
+  for D in "${DEPLOYMENTS[@]}"; do
+      info=$(kubectl -n $ENV get deployment -o yaml $D |
+        yq '.spec.template.spec.containers[].resources' |
+        yq '.L = .requests.cpu + "; " + .requests.memory + "; " + .limits.cpu + "; " + .limits.memory' |
+        yq ".L") 2&>/dev/null
+      if ! [ "$info" = "null" ]; then
+        echo "$D; $info"
+      fi
+  done
+}
+
+pods_strategies() {
+  ENV=$1
+  configure_kubectl_for $ENV
+  DEPLOYMENTS=(
+    $(kubectl -n $ENV get deployments | grep -Eo '^[^ ]+' | grep -v 'NAME')
+  )
+  echo "deployment; max_surge; max_unavailable"
+  for D in "${DEPLOYMENTS[@]}"; do
+      info=$(kubectl -n $ENV get deployment -o yaml $D |
+        yq '.spec.strategy' |
+        yq '.L = .rollingUpdate.maxSurge + "; " + .rollingUpdate.maxUnavailable' |
+        yq ".L") 2&>/dev/null
+      if ! [ "$info" = "null" ]; then
+        echo "$D; $info"
+      fi
+  done
+}
+
+#!/usr/bin/env bash
+
+bastion_config_for_redis_ca() {
+  ssh_config xufte6.0001.euw1.cache.amazonaws.com redis 2223 63789 tests testing recette-001 sandbox prod > $1
+}
+
+bastion_config_for_redis_toutatis() {
+  ssh_config xufte6.0001.euw1.cache.amazonaws.com toutatis 2223 63789 tests testing recette staging production > $1
+}
+
+ssh_config() {
+  host=$1
+  host_prefix=$2
+  port0=$3
+  forward0=$4
+  shift 4
+  instance_names=("$@") # /!\ indices start at 1 with zsh
+  ssh_header
+
+  environments=(tests testing recette staging production)
+
+  length=${#environments[@]}
+  for (( i=1; i<=${length}; i++ ));
+  do
+    bastion_block bastion_${environments[$i]} $(($port0 + $i)) $(($forward0 + $i)) ${host_prefix}-${instance_names[$i]}.$host
+  done
+}
+
+ssh_header() {
+  cat  <<EOF
+    UserKnownHostsFile /dev/null
+    StrictHostKeyChecking no
+    User root
+EOF
+}
+
+bastion_block() {
+  cat <<EOF
+    Host $1
+      HostName 127.0.0.1
+      Port $2
+      LocalForward $3 $4:6379
+EOF
+}
+
+redis_k8s() {
+  MODE=$1
+  REDIS_INSTANCE=${2:-ca}
+  case $MODE in
+	   "tests") SSH_LOCAL_PORT=2224;REDIS_LOCAL_PORT=63790;ENV="tests";;
+	   "testing") SSH_LOCAL_PORT=2225;REDIS_LOCAL_PORT=63791;ENV="testing";;
+	   "recette") SSH_LOCAL_PORT=2226;REDIS_LOCAL_PORT=63792;ENV="recette";;
+	   "staging") SSH_LOCAL_PORT=2227;REDIS_LOCAL_PORT=63793;ENV="staging";;
+	   "production") SSH_LOCAL_PORT=2228;REDIS_LOCAL_PORT=63794;ENV="production";;
+	   *) echo "Unsupported ENV : $MODE"; return 1 ;;
+  esac
+
+  start_ssh_bastion $ENV $SSH_LOCAL_PORT
+
+  lsof -ti  tcp:$REDIS_LOCAL_PORT | xargs kill
+
+  bastion_config=$(mktemp)
+  case $REDIS_INSTANCE in
+    "ca") bastion_config_for_redis_ca "$bastion_config";;
+    "toutatis") bastion_config_for_redis_toutatis "$bastion_config";;
+    *) echo "Unsupported redis instance (ca or toutatis available) : $REDIS_INSTANCE"; return 1;;
+  esac
+
+  ssh -f -N \
+  	-F "$bastion_config" \
+  	"bastion_$ENV"
+
+  echo "sample command : 'redis-cli -p $REDIS_LOCAL_PORT'"
+  echo "run 'kubectl delete pod $POD_NAME' when you have finished"
+
+  redis-cli -p $REDIS_LOCAL_PORT
+}
+
+#!/usr/bin/env bash
+
+#Create a k8s cron jobs that will be run regularly
+#See run_cron_job_k8s -h for more details
+
+run_cron_job_k8s() {
+
+  #default values
+  local namespace="testing"
+  local name="$USERNAME"
+  local SCHEDULE="00 05 * * *"
+  local secret=""
+  local amm_folder=""
+  local amm_script=""
+
+  while getopts ":e:c:p:f:s:t:h" opt; do
+    case $opt in
+      e)
+        namespace="$OPTARG" >&2
+        ;;
+      t)
+        SCHEDULE="$OPTARG" >&2
+        ;;
+      p)
+        name="$OPTARG" >&2
+        ;;
+      c)
+        secret="$OPTARG" >&2
+        ;;
+      f)
+        amm_folder="$OPTARG" >&2
+        ;;
+      s)
+        amm_script="$OPTARG" >&2
+        ;;
+      h)
+        show_help_cron_job
+        return 0
+        ;;
+      :)
+        echo "Option -$OPTARG requires an argument. Run run_cron_job_k8s -h for help" >&2
+        return 0
+        ;;
+      \?)
+        echo "Invalid option: -$OPTARG. Run run_cron_job_k8s -h for help" >&2
+        return 0
+        ;;
+    esac
+  done
+
+  if [ -z "$amm_script" ]; then
+          echo 'Missing -s. Run run_cron_job_k8s -h for help' >&2
+          return 0
+  fi
+
+  shift "$((OPTIND-1))"
+
+  local script_args=$(
+    if [ "$#" -gt 0 ] ; then
+      printf '"'
+      join_by '", "' $*
+      printf '"'
+    fi
+  )
+
+  local IMAGE="lolhens/ammonite:2.5.4"
+  local CRONJOB_NAME="cronjob-ammonite-$name"
+
+
+  configure_kubectl_for $namespace
+
+    if [[ ! -r "$amm_script" ]]; then
+      echo "ammonite script not found $amm_script"
+      return 2
+    else
+      local CONFIG_MAP="config-$CRONJOB_NAME"
+      local SECRET_MAP="secret-$CRONJOB_NAME"
+      local CONFIG_MAP_DIR="$(mktemp -d)"
+
+      if [[ ! -z $amm_folder && -d $amm_folder ]] ; then
+        cp -r "$amm_folder/" "$CONFIG_MAP_DIR"
+      fi
+      cp "$amm_script" "$CONFIG_MAP_DIR/script.sc"
+
+      kubectl -n $namespace get configmap $CONFIG_MAP && kubectl -n $namespace delete configmap $CONFIG_MAP
+      kubectl -n $namespace create configmap $CONFIG_MAP --from-file="$CONFIG_MAP_DIR"
+
+      kubectl -n $namespace get secret $SECRET_MAP && kubectl -n $namespace delete secret $SECRET_MAP
+      kubectl -n $namespace create secret generic $SECRET_MAP --from-file="$secret"
+
+      kubectl -n $namespace get cronjob $CRONJOB_NAME && kubectl -n $namespace delete cronjob $CRONJOB_NAME
+
+      echo "starting $CRONJOB_NAME with $IMAGE"
+
+JOB_DEFINITION='
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: '$CRONJOB_NAME'
+  namespace: '$namespace'
+spec:
+  schedule: "'$SCHEDULE'"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      backoffLimit: 0
+      template:
+        spec:
+          nodeSelector:
+            workType: "workers"
+          restartPolicy: Never
+          volumes:
+          - name: config
+            configMap:
+              name: '$CONFIG_MAP'
+          - name: secret
+            secret:
+              secretName: '$SECRET_MAP'
+          containers:
+             - name: '$CRONJOB_NAME'
+               command: ["amm", "/code/script.sc"]
+               image: '$IMAGE'
+               imagePullPolicy: IfNotPresent
+               args: ['$script_args']
+               env:
+                - name: POD_NAME
+                  valueFrom:
+                    fieldRef:
+                      apiVersion: v1
+                      fieldPath: metadata.name
+                - name: POD_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      apiVersion: v1
+                      fieldPath: metadata.namespace
+                - name: HOST_IP
+                  valueFrom:
+                    fieldRef:
+                      apiVersion: v1
+                      fieldPath: status.hostIP
+               volumeMounts:
+                - name: config
+                  mountPath: /code
+                - name: secret
+                  mountPath: /conf
+                  readOnly: true
+               resources:
+                 requests:
+                   cpu: 500m
+                   memory: 256Mi
+                 limits:
+                   cpu: 4000m
+                   memory: 512Mi
+               envFrom:
+                 - configMapRef:
+                     name: '$CONFIG_MAP'
+                 - secretRef:
+                     name: '$SECRET_MAP'
+'
+
+    echo $JOB_DEFINITION > /tmp/job.yaml
+
+    kubectl -n $namespace  apply -f /tmp/job.yaml
+
+  fi
+}
+
+# Usage info
+show_help_cron_job() {
+  #p:f:s
+local help="""Usage: run_cron_job_k8s -s SCRIPT [-t TIME] [-e ENV] [-c CONFIG] [-p POD] [-f FOLDER] [ARGS]
+Create a k8s cron job that will be run a script regularly
+
+    -h          display this help and exit
+    -s SCRIPT   run script SCRIPT on a pod (SCRIPT must be a .sc file)
+    -t TIME     opt. time when the job will be launched. TIME should be in CRON syntax (default to 00 05 * * *, ie 5AM UTC)
+    -e ENV      opt. set execution environment (default to testing)
+    -c CONFIG   opt. secret file needed for the script (must be a .sc file, not a .secret file)
+    -p POD      opt. name of the pod to create (default to $USERNAME)
+    -f FOLDER   opt. name of the folder containing the scripts to execute (if SCRIPT needs other files)
+    ARGS        opt. additional arguments for SCRIPT
+"""
+echo "$help"
+}
+
+#!/usr/bin/env bash
+
+# Usage info
+show_help_job() {
+  local help="""Usage: run_job_k8s -s SCRIPT [-e ENV] [-c CONFIG] [-p POD] [-f FOLDER] [ARGS]
+  Create a k8s job executing a script
+
+      -h          display this help and exit
+      -s SCRIPT   run script SCRIPT on a pod (SCRIPT must be a .sc file)
+      -e ENV      opt. set execution environment (default to testing)
+      -c CONFIG   opt. secret file needed for the script (must be a .sc file, not a .secret file)
+      -p POD      opt. name of the pod to create (default to $USERNAME)
+      -f FOLDER   opt. name of the folder containing the scripts to execute (if SCRIPT needs other files)
+      ARGS        opt. additional arguments for SCRIPT
+
+  The organisation of the files must be the same locally as on the pod :
+    - /code containing the script to execute (arg -s) and the other needed files (if the arg -f is used, it must reference this directory)
+    - /conf containing the secret file (arg -c if used)
+  E.g. in the script \"/code/script.sc\", to use a secret file \"/conf/secret.sc\", the import should look like \"import \$file.^.conf.secret.sc\"
+  """
+  echo "$help"
+}
+
+run_job_k8s() {
+
+  #default values
+  local namespace="testing"
+  local name="$USERNAME"
+  local secret=""
+  local amm_folder=""
+  local amm_script=""
+
+  while getopts ":e:c:p:f:s:h" opt; do
+    case $opt in
+      e)
+        namespace="$OPTARG" >&2
+        ;;
+      p)
+        name="$OPTARG" >&2
+        ;;
+      c)
+        secret="$OPTARG" >&2
+        ;;
+      f)
+        amm_folder="$OPTARG" >&2
+        ;;
+      s)
+        amm_script="$OPTARG" >&2
+        ;;
+      h)
+        show_help_job
+        return 0
+        ;;
+      :)
+        echo "Option -$OPTARG requires an argument. Run run_cron_job_k8s -h for help" >&2
+        return 0
+        ;;
+      \?)
+        echo "Invalid option: -$OPTARG. Run run_cron_job_k8s -h for help" >&2
+        return 0
+        ;;
+    esac
+  done
+
+  if [ -z "$amm_script" ]; then
+          echo 'Missing -s. Run run_job_k8s -h for help' >&2
+          return 0
+  fi
+
+  shift "$((OPTIND-1))"
+
+  local script_args=$(
+      if [ "$#" -gt 0 ] ; then
+        printf '"'
+        join_by '", "' $*
+        printf '"'
+      fi
+    )
+
+  local IMAGE="lolhens/ammonite:2.5.4"
+  local JOB_NAME="job-ammonite-$name"
+
+    if [[ ! -r "$amm_script" ]]; then
+      echo "ammonite script not found $amm_script"
+      return 2
+    else
+      local CONFIG_MAP="config-$JOB_NAME"
+      local CONFIG_MAP_DIR="$(mktemp -d)"
+      local SECRET_MAP="secret-$JOB_NAME"
+
+      configure_kubectl_for $namespace
+
+      if [[ ! -z $amm_folder && -d $amm_folder ]] ; then
+        cp -r "$amm_folder/" "$CONFIG_MAP_DIR"
+      fi
+      cp "$amm_script" "$CONFIG_MAP_DIR/script.sc"
+
+      kubectl -n $namespace get configmap $CONFIG_MAP && kubectl -n $namespace delete configmap $CONFIG_MAP
+      kubectl -n $namespace create configmap $CONFIG_MAP --from-file="$CONFIG_MAP_DIR"
+
+      kubectl -n $namespace get secret $SECRET_MAP && kubectl -n $namespace delete secret $SECRET_MAP
+      kubectl -n $namespace create secret generic $SECRET_MAP --from-file="$secret"
+
+      kubectl -n $namespace get job $JOB_NAME && kubectl -n $namespace delete job $JOB_NAME
+
+      echo "starting $JOB_NAME with $IMAGE"
+    fi
+
+      JOB_DEFINITION='
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: '$JOB_NAME'
+  namespace: '$namespace'
+spec:
+  template:
+    spec:
+      containers:
+      - name: '$JOB_NAME'
+        command: ["amm", "/code/script.sc"]
+        image: '$IMAGE'
+        args: ['$script_args']
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.hostIP
+        volumeMounts:
+        - name: config
+          mountPath: /code
+        - name: secret
+          mountPath: /conf
+          readOnly: true
+        resources:
+          requests:
+            cpu: 500m
+            memory: 256Mi
+          limits:
+            cpu: 4000m
+            memory: 1Gi
+      nodeSelector:
+        workType: workers
+      restartPolicy: Never
+      volumes:
+      - name: config
+        configMap:
+          name: '$CONFIG_MAP'
+      - name: secret
+        secret:
+          secretName: '$SECRET_MAP'
+     '
+
+
+     echo $JOB_DEFINITION > /tmp/job.yaml
+
+      kubectl -n $namespace  apply -f /tmp/job.yaml
+
+}
+
+
+#!/usr/bin/env bash
+
+# Usage info
+show_help_shell() {
+  local help="""Usage: run_job_k8s -s SCRIPT [-e ENV] [-c CONFIG] [-p POD] [-f FOLDER] [ARGS]
+  Create a k8s job executing a script
+
+      -h          display this help and exit
+      -s SCRIPT   run script SCRIPT on a pod (SCRIPT must be a .sc file)
+      -e ENV      opt. set execution environment (default to testing)
+      -c CONFIG   opt. secret file needed for the script (must be a .sc file, not a .secret file)
+      -p POD      opt. name of the pod to create (default to $USERNAME)
+      -f FOLDER   opt. name of the folder containing the scripts to execute (if SCRIPT needs other files)
+      ARGS        opt. additional arguments for SCRIPT
+
+  The organisation of the files must be the same locally as on the pod :
+    - /code containing the script to execute (arg -s) and the other needed files (if the arg -f is used, it must reference this directory)
+    - /conf containing the secret file (arg -c if used)
+  E.g. in the script \"/code/script.sc\", to use a secret file \"/conf/secret.sc\", the import should look like \"import \$file.^.conf.secret.sc\"
+  """
+  echo "$help"
+}
+
+run_shell_k8s() {
+
+  #default values
+  local namespace="testing"
+  local name="$USERNAME"
+  local secret=""
+  local shell_folder=""
+  local script_script=""
+
+  while getopts ":e:c:p:f:s:h" opt; do
+    case $opt in
+      e)
+        namespace="$OPTARG" >&2
+        ;;
+      p)
+        name="$OPTARG" >&2
+        ;;
+      c)
+        secret="$OPTARG" >&2
+        ;;
+      f)
+        shell_folder="$OPTARG" >&2
+        ;;
+      s)
+        shell_script="$OPTARG" >&2
+        ;;
+      h)
+        show_help_job
+        return 0
+        ;;
+      :)
+        echo "Option -$OPTARG requires an argument. Run run_cron_job_k8s -h for help" >&2
+        return 0
+        ;;
+      \?)
+        echo "Invalid option: -$OPTARG. Run run_cron_job_k8s -h for help" >&2
+        return 0
+        ;;
+    esac
+  done
+
+  if [ -z "$shell_script" ]; then
+          echo 'Missing -s. Run run_job_k8s -h for help' >&2
+          return 0
+  fi
+
+  shift "$((OPTIND-1))"
+
+  local script_args=$(
+      if [ "$#" -gt 0 ] ; then
+        printf '"'
+        join_by '", "' $*
+        printf '"'
+      fi
+    )
+
+
+
+
+  local IMAGE="949316342391.dkr.ecr.eu-west-1.amazonaws.com/docker-infra-builder:v3.1.0"
+  local JOB_NAME="job-shell-$name"
+
+    if [[ ! -r "$shell_script" ]]; then
+      echo "shell script not found $shell_script"
+      return 2
+    else
+      local CONFIG_MAP="config-$JOB_NAME"
+      local CONFIG_MAP_DIR="$(mktemp -d)"
+      local SECRET_MAP="secret-$JOB_NAME"
+
+      configure_kubectl_for $namespace
+
+      if [[ ! -z $shell_folder && -d $shell_folder ]] ; then
+        cp -r "$shell_folder/" "$CONFIG_MAP_DIR"
+      fi
+      cp "$shell_script" "$CONFIG_MAP_DIR/script.sh"
+
+      kubectl -n $namespace get configmap $CONFIG_MAP && kubectl -n $namespace delete configmap $CONFIG_MAP
+      kubectl -n $namespace create configmap $CONFIG_MAP --from-file="$CONFIG_MAP_DIR"
+
+      kubectl -n $namespace get secret $SECRET_MAP && kubectl -n $namespace delete secret $SECRET_MAP
+      kubectl -n $namespace create secret generic $SECRET_MAP --from-file="$secret"
+
+      kubectl -n $namespace get job $JOB_NAME && kubectl -n $namespace delete job $JOB_NAME
+
+      echo "starting $JOB_NAME with $IMAGE"
+    fi
+
+      JOB_DEFINITION='
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: '$JOB_NAME'
+  namespace: '$namespace'
+spec:
+  template:
+    spec:
+      containers:
+      - name: '$JOB_NAME'
+        command: ["bash", "/code/script.sh"]
+        image: '$IMAGE'
+        args: ['$script_args']
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.hostIP
+        volumeMounts:
+        - name: config
+          mountPath: /code
+        - name: secret
+          mountPath: /conf
+          readOnly: true
+        resources:
+          requests:
+            cpu: 500m
+            memory: 256Mi
+          limits:
+            cpu: 4000m
+            memory: 1Gi
+      nodeSelector:
+        workType: workers
+      restartPolicy: Never
+      volumes:
+      - name: config
+        configMap:
+          name: '$CONFIG_MAP'
+      - name: secret
+        secret:
+          secretName: '$SECRET_MAP'
+      - name: stockage
+
+     '
+
+
+     echo $JOB_DEFINITION > /tmp/job.yaml
+
+      kubectl -n $namespace  apply -f /tmp/job.yaml
+
+}
+
+
+#!/usr/bin/env bash
+
+run_task() {
+  set -e
+
+  check_args "--namespace" $1
+  shift
+  NAMESPACE=$1
+  shift
+  check_args "--image" $1
+  shift
+  IMAGE=$1
+  shift
+  check_args "--name" $1
+  shift
+  NAME=$1
+  shift
+
+  set -x
+
+  kubectl -n ${NAMESPACE} run ${NAME} \
+    --image ${IMAGE} \
+    --restart=Never \
+    --attach --rm \
+    $*
+}
+geocode_address() {
+  ADDRESS=$(sed -e 's: :%20:g' <(echo "$*"))
+  URL="https://maps.googleapis.com/maps/api/geocode/json?address=${ADDRESS}&key=${GOOGLE_API_KEY}"
+  curl $URL
+}
+
+search_business() {
+  SIREN=$1
+  shift
+  QUERY=$(sed -e 's: :+:g' <(echo "$*"))
+  URL="https://data.opendatasoft.com/api/records/1.0/search/?dataset=sirene_v3%40public&q=${QUERY}&sort=datederniertraitementetablissement&facet=trancheeffectifsetablissement&facet=libellecommuneetablissement&facet=departementetablissementi&refine.siren=${SIREN}"
+  curl $URL
+}
+
+#!/bin/bash
+
+# source tolls.sh ; tolls antoine.thomas@colisweb.com
+function tolls() {
+  USER=${1:-first.last@colisweb.com}
+  FROM_DATE=${2:-"2023-02-01"}
+  TO_DATE=${3:-"2023-02-28"}
+
+  USER=$(gum input --prompt "username : " --value $USER)
+  TOKEN=$(./tour_details.sc login --user $USER --password $(gum input --password --placeholder password))
+  [ "$TOKEN" != "" ] && echo "connected" || return 1
+
+  FROM_DATE=$(gum input --prompt "Date start : " --value $FROM_DATE)
+  TO_DATE=$(gum input --prompt "Date end : " --value $TO_DATE)
+  FILENAME="tours-${FROM_DATE}-TO-${TO_DATE}.json"
+  curl --cookie "session=$TOKEN" "https://api.production.colisweb.com/api/v6/routes-plans/external?from=${FROM_DATE}&to=${TO_DATE}" > ~/Downloads/$FILENAME
+  echo "Tournées téléchargées"
+
+  projectIds=$(./tour_details.sc allProjects --file ~/Downloads/$FILENAME | gum choose --no-limit | cut -d "," -f 2)
+  echo "projets sélectionnés : $projectIds"
+  tourIds=$(./tour_details.sc allTours --file ~/Downloads/$FILENAME --projectIds "$projectIds")
+  echo "tournées sélectionnées : $tourIds"
+
+  TARGET="${FROM_DATE}-TO-${TO_DATE}.csv"
+  echo "appels à HERE, écriture dans $TARGET"
+  ./tour_details.sc allToursDetails --token $TOKEN --hereApiKey $HERE_API_KEY --routeIds "$tourIds" > "$TARGET"
+
+  echo "terminé"
+}
+
+#!/usr/bin/env bash
+
+# possible syntax:
+# login
+# login testing
+# login testing userid
+login() {
+  ENV=${1:-`gum choose testing staging production recette`} && \
+  USER=${2:-`gum input --placeholder username`} && \
+  PASSWORD=`gum input --password --placeholder password` && \
+  TOKEN=`$SCRIPT_FULL_PATH/scala/auth.sc login --env $ENV --user $USER --password $PASSWORD` && \
+  export TOKEN_$ENV=$TOKEN && \
+  echo "login success for $USER on $ENV" >&2
+}
+
+# you need to call login first (see above)
+# possible syntax:
+# recompute_tour
+# recompute_tour testing
+# recompute_tour testing draft
+# recompute_tour testing draft 28bf9967-b5f3-4294-8855-cfd2fa36ec09
+# recompute_tour testing draft 28bf9967-b5f3-4294-8855-cfd2fa36ec09 TODAY
+# recompute_tour testing draft 28bf9967-b5f3-4294-8855-cfd2fa36ec09 FRIDAY
+recompute_tour() {
+  ENV=${1:-`gum choose testing staging production recette`}
+  MODE=${2:-`gum choose draft definitive`}
+  PROJECT_ID=${3:-`pick_project $ENV`}
+  DAY=${4:-`gum choose TODAY MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY SATURDAY SUNDAY`}
+  jwt_token $ENV
+  scala/tour_config.sc $MODE -t $TOKEN -p $PROJECT_ID -d $DAY
+}
+
+pick_project() {
+  ENV=${1:-`gum choose testing staging production recette`}
+  jwt_token $ENV
+  scala/tour_config.sc list -t $TOKEN -e $ENV | gum filter | cut -f1
+}
+
+jwt_token() {
+  ENV=${1:-`gum choose testing staging production recette`}
+  eval 'TOKEN=$TOKEN_'$ENV
+  if ! $SCRIPT_FULL_PATH/scala/auth.sc check -t $TOKEN -e $ENV ; then
+    login $ENV
+  fi
+}
+
+#!/usr/bin/env bash
+
+alias update_devtool="git -C ~/.oh-my-zsh/custom/dev-tools/ pull"
+
+SCRIPT_PATH=$SCRIPT_FULL_PATH/shell/run
+PATH="$PATH:$SCRIPT_PATH/script"
+
+function get_token {
+    local ENV=$1
+    local LOGIN_FILE="$HOME/scriptlogin"
+
+   if [ ! -f "$LOGIN_FILE" ]; then
+    cat > "$LOGIN_FILE" <<-'EOF'
+    #!/bin/bash
+    case $ENV in 
+        "testing")
+            local BO_USERNAME=""
+            local BO_PASSWORD=""
+        ;;
+        "recette")
+            local BO_USERNAME=""
+            local BO_PASSWORD=""
+        ;;
+        "staging")
+            local BO_USERNAME=""
+            local BO_PASSWORD=""
+        ;;
+        *)
+            local BO_USERNAME=""
+            local BO_PASSWORD=""
+            echo "ENV ${ENV} inconu"
+            return
+        ;;
+    esac
+EOF
+    fi
+
+    source "${LOGIN_FILE}"
+
+    if [ -z "$BO_PASSWORD" ] || [ -z "$BO_USERNAME" ]
+    then
+        echo éditer le ficher "$LOGIN_FILE"
+        return 1
+    fi
+
+    curl -o /dev/null -D - "https://api.$ENV.colisweb.com/api/v6/authent/external/session" \
+        --data-raw '{"username":"'"${BO_USERNAME}"'","password":"'"${BO_PASSWORD/\"/\\\"}"'"}' \
+        --compressed 2> /dev/null  | grep set-cook | sed -e 's/.*session=//g;s/;.*//g'
+}
+
+function bash_array_to_json {
+    function join { 
+        local IFS="$1"
+        shift
+        echo "$*"
+    }
+
+    echo '["'"$(join , $*| sed -e 's/,/","/g' )"'"]' | jq
+}
+
+function get_random_street {
+    local CODE_POSTAUX_ARG=${1:-59000}
+    IFS=',' read -r -a CODE_POSTAUX <<< "$CODE_POSTAUX_ARG"
+    for CODE_POSTAL in "${CODE_POSTAUX[@]}"; do
+      if [[ ! "$CODE_POSTAL" =~ ^[0-9]{5}$ ]]; then
+          echo "Chaque CODE_POSTAL doit avoir une taille de 5 chiffre : $CODE_POSTAL"
+          exit 1
+      fi
+    done
+    local CODE_POSTAL=$(echo "${CODE_POSTAUX[@]}" | tr " " "\n" | sort -u -R | head -n 1)
+
+    get_random_street_in_cp $CODE_POSTAL
+}
+
+function get_random_street_in_cp {
+    local CODE_POSTAL=$1
+
+    FILENAME="rue-$CODE_POSTAL.lst"
+    if [ ! -f "$FILENAME" ]; then
+        curl --output tmp1.gz https://adresse.data.gouv.fr/data/ban/adresses/latest/csv/adresses-"${CODE_POSTAL:0:2}".csv.gz
+        gzip -d tmp1.gz
+        cut -d\; -f3,5,6,8 tmp1 | sed "/;$CODE_POSTAL;/!d" > "$FILENAME"
+        rm tmp1
+    fi
+
+    sort -R "$FILENAME" | head -n 1
+}
+
+function rand_slot {
+
+    local SCENARIO=$2
+    if [ -f "$SCENARIO" ]; then
+        source "$SCENARIO"
+    fi
+    local ORDER_DATE="$1"
+
+     DEFAULT=(
+        "06:00+01:00[Europe/Paris]-08:00+01:00[Europe/Paris]" 
+        "08:00+01:00[Europe/Paris]-10:00+01:00[Europe/Paris]" 
+        "10:00+01:00[Europe/Paris]-12:00+01:00[Europe/Paris]" 
+        "16:00+01:00[Europe/Paris]-18:00+01:00[Europe/Paris]" 
+        "18:00+01:00[Europe/Paris]-20:00+01:00[Europe/Paris]"
+    )
+    USAGE=${DELIVERY_SLOTS:-${DEFAULT[@]}}
+    
+    IFS="-" read -r start_time end_time < <(echo "${USAGE[@]}" | tr " " "\n" |  sort -u -R | head -n 1 )
+
+    echo '{"start":"'"${ORDER_DATE}T${start_time}"'", "end":"'"${ORDER_DATE}T${end_time}"'" }'
+}
+
+function call_create_sfh_order {
+    local ENV=$1 
+    local TOKEN=$2
+    source "$3"
+    local POS=$4
+    local BARCODES="$5"
+    local CODE_POSTAUX="$6"
+    local PACKAGES=$(echo "$BARCODES" | jq '[{
+                "barcode": .[],
+                "length": 20.0,
+                "height": 15.0,
+                "width": 4.0,
+                "weight": 1.5,
+                "description": "test parcel",
+                "options": [],
+                "productTypology": "Classical",
+                "packageType": "Parcel"
+            }
+        ]')
+
+    DELIVERY_OPTIONS_P='['
+    for option in "${DELIVERY_OPTIONS[@]}"; do
+        if [ "$DELIVERY_OPTIONS_P" != '[' ]; then
+            DELIVERY_OPTIONS_P+=", "
+        fi
+        DELIVERY_OPTIONS_P+="\"$option\""
+    done
+    DELIVERY_OPTIONS_P+=']'
+
+    IFS=";" read -r nu rue code_postal ville < <(get_random_street "$CODE_POSTAUX")
+
+    if [ -n "$PICKUP_STORE_CODE" ]; then
+        PICKUP_LOCATION='{
+            "type": "store",
+            "storeCode": "'"$PICKUP_STORE_CODE"'"
+        }'
+    elif [ -n "$PICKUP_WAREHOUSE_CODE" ]; then
+        PICKUP_LOCATION='{
+            "type": "Warehouse",
+            "warehouseCode": "'"$PICKUP_WAREHOUSE_CODE"'"
+        }'
+    else
+        echo PICKUP_WAREHOUSE_CODE ou PICKUP_STORE_CODE doit être définie dans la "$3"
+        exit 1
+    fi
+    JSON='{
+        "primaryOrderReference": "'"${PRIMARY_REF}${POS}"'",
+        "secondaryOrderReference": null,
+        "stages": [
+            {
+                "type": "Pickup",
+                "packageBarcodes": '"$BARCODES"',
+                "location":  '"$PICKUP_LOCATION"'
+            },
+            {
+                "type": "Dropoff",
+                "packageBarcodes": '"$BARCODES"',
+                "location": {	
+                    "type": "Address",
+                    "address": {
+                        "address1": "'"$nu $rue"'",
+                        "postalCode": "'"$code_postal"'",
+                        "city": "'"$ville"'",
+                        "country": "France",
+                        "floor": 0,
+                        "lift": "with_lift"
+                    },
+                    "contact": {
+                        "name": "John Doe",
+                        "primaryPhone": "+33606060606"
+                    }
+                }
+            }
+        ],
+        "packages": '"$PACKAGES"',
+        "owner": {
+            "accountIdentifier": "'$ACCOUNT_IDENTIFIER'"
+        },
+        "deliveryOptions": '"$DELIVERY_OPTIONS_P"',
+        "ecommerceValidationDate": "'"${ORDER_DATE}"'"
+    }'
+
+    RESULT=$(curl -s -X POST https://api.$ENV.colisweb.com/api/v6/order/external/warehouse/orders -H 'content-type: application/json'  --cookie session="$TOKEN" --data-raw "$JSON")
+    ORDER_ID=$(jq ".orderId" -r <<< "$RESULT")
+
+    echo "nouvelle commande : https://bo.$ENV.colisweb.com/admin/orders/$ORDER_ID" >&2
+
+    echo "$RESULT"
+}
+
+
+function call_scan {
+    local ENV=$1 
+    local TOKEN=$2
+    source "$3"
+    local BARCODES="$4"
+    local SCAN=$(echo "$BARCODES" | jq '[{"barcode" :.[], "context": "shuttle"}]')
+
+    JSON='{"scans":'$SCAN'}'
+
+    curl -X POST https://api.$ENV.colisweb.com/api/v6/parcel/external/units/scans/bulk -H 'content-type: application/json'  --cookie session="$TOKEN" --data-raw "$JSON" 
+}
+
+
+function call_register_delivery {
+    local ENV=$1 
+    local TOKEN=$2
+
+    SCENARIO=$3
+    source "$SCENARIO"
+
+    local ORDER_ID=$4
+    local BARCODES="$5"
+
+    DATA='{
+            "slot": '"$(rand_slot "${DELIVERY_DATE}" "$SCENARIO")"',
+            "storeIdOwner":"'"$STORE_ID_OWNER"'",
+            "pickup":{"type":"hub","code":"'"$HUB"'"},
+            "barcodes":'"$BARCODES"',
+            "price":{"origin":"auto","amount":25.9},
+            "allowCustomerSlotUpdate":false,
+            "withForcedSlot": false
+        }'
+
+    curl -X POST https://api.$ENV.colisweb.com/api/v6/order/external/warehouse/orders/"$ORDER_ID"/deliveries \
+        --cookie session="$TOKEN" --data-raw "$DATA"
+}
+
+
+
+function _create_scenario_file_if_not_exist () {
+if [ ! -f "$SCENARIO" ] 
+    then
+        cat > "$SCENARIO" <<-'EOF'
+DELIVERY_DATE=$(date -v+7d '+%Y-%m-%d') # ici on demande de crée a date d'aujourd'hui + 7 jours 
+                                        # peu remplacer -v+7d par -v+1d pour une livrasion programmer demain
+                                        # utiliser que par create_many_sfh_order_and_delivery
+ENV="testing"                           # sur quelle enviromement lancer le scripts
+# ENV="staging"
+# ENV="recette"
+
+ACCOUNT_IDENTIFIER="102"                # pour la creation de order force utilies owner.accountIdentifier
+                                        # sur l'appel api/v6/order/external/warehouse/orders 
+                                        # (creation de la commade) 
+HUB="duck"                              # pour sur l'appel api/v6/order/external/warehouse/orders
+                                        # parametre pickup.code (type est a "hub")
+STORE_ID_OWNER="184"                    # parametre pickup.storeIdOwner
+                                        # sur l'appel api/v6/order/external/warehouse/orders
+# PICKUP_STORE_CODE="2"                 # si non commenté alors départ du magasin
+PICKUP_WAREHOUSE_CODE="422"             # pour un départ d'entrepôt
+
+BARCODES_COUNT=5                        # nombres packages 
+PREF="aaaa"                             # doit faire 4 caractères utilies pour générer les barecode 
+                                        # des packtages
+
+CODE_POSTAUX=("59000", "75001")        #  liste code postale sur lequelle une addresse aléatoire seras choisi
+                                        # (creation de la commade)
+DELIVERY_SLOTS=(                                 # liste des horraires de créneau de livraison choisi aléatoirement 
+    "06:00+01:00[Europe/Paris]-08:00+01:00[Europe/Paris]" 
+    "08:00+01:00[Europe/Paris]-10:00+01:00[Europe/Paris]" 
+    "10:00+01:00[Europe/Paris]-12:00+01:00[Europe/Paris]" 
+    "16:00+01:00[Europe/Paris]-18:00+01:00[Europe/Paris]" 
+    "18:00+01:00[Europe/Paris]-20:00+01:00[Europe/Paris]"
+)
+
+# DELIVERY_OPTIONS=("skill1" "skill2") # liste des nom skill - a décommanter
+
+# normalement pas bessoin modifer
+ORDER_DATE=$(date '+%Y-%m-%d')          # date du jour
+RAND=$(date +%y%m%d%H%M%S)              # valueur peudo aleadoire (ici basé par date) doit faire 17 caractères
+BARCODE_PART=0000$RAND                  # utiliser pour générer les bare code les barecode sont : 
+                                        # {BARECODE_PART}{00000} a {BARECODE_PART}{BARECODES_COUNT}
+PRIMARY_REF=$PREF$RAND                  # primaryOrderReference de la commande
+EOF
+echo "éditer le fichier $SCENARIO"
+return 1
+fi
+}
+
+#!/usr/bin/env bash
+
+cleanup_merged_mr() {
+  COLISWEB_IDL_GROUP=3054234
+
+  BEFORE=${1:- $(date -I -v -2y)}
+
+  for (( COUNTER=1; COUNTER<=12; COUNTER+=2 )); do
+    cleanup_grouped_merged_mr $COLISWEB_IDL_GROUP $BEFORE $COUNTER &
+  done
+
+}
+
+cleanup_grouped_merged_mr() {
+  GROUP=$1
+  BEFORE=$2
+  PAGE_COUNT=$3
+  MERGED_MRS=($(curl --header "PRIVATE-TOKEN: $GITLAB_PAT" \
+                    --url "https://gitlab.com/api/v4/groups/$GROUP/merge_requests?updated_before=${BEFORE}T08:00:00Z&status=merged&per_page=50&page=$PAGE_COUNT" |
+                     jq -r '.[] | {iid: .iid|tostring, pid:.project_id|tostring} | (.pid + "/merge_requests/" + .iid)'))
+
+  for MR in ${MERGED_MRS[@]}; do
+    echo "https://gitlab.com/api/v4/projects/$MR"
+    curl --request DELETE \
+      --header "PRIVATE-TOKEN: $GITLAB_PAT" \
+      --url "https://gitlab.com/api/v4/projects/$MR"
+  done
+}
+
+# you will need jq to use these commands. You can install it using "brew install jq"
+# cleanup_all_ecr_images 12
+# will delete images in all repositories older than 12 weeks
+# cleanup_single_ecr_repository colisweb-api 8
+# will delete images older than 8 weeks in the colisweb-api repository
+cleanup_all_ecr_images() {
+  WEEKS=$1
+
+  # OR to work on bash and zsh
+  CLEAN_BEFORE=$(date -v-${WEEKS}w +%F || date --date="-${WEEKS} weeks" +'%Y-%m-%d')
+  REPOSITORIES=$(aws ecr describe-repositories --output json | jq -r '.[] |.[].repositoryName')
+
+  while read -r REPOSITORY; do
+    echo "processing ECR repository $REPOSITORY before $CLEAN_BEFORE"
+    cleanup_single_ecr_repository "$CLEAN_BEFORE" "$REPOSITORY"
+  done <<< "$REPOSITORIES"
+}
+
+cleanup_single_ecr_repository() {
+  BEFORE=$1
+  REPOSITORY=$2
+
+  echo "gettings tags for repository $REPOSITORY before $BEFORE"
+
+  ALL_TAGS=$(aws ecr describe-images --repository-name "$REPOSITORY" --output json |
+       jq  '.imageDetails' |
+       jq  '. |= sort_by(.imagePushedAt)' |
+       jq --arg date $BEFORE '.[] | select(.imagePushedAt[0:10] < $date)' |
+       jq  'select((.imageTags != null) or (.imageTags == []))' |
+       jq  'select(.imageTags | any(endswith("latest")) | not)' |
+       jq -r '.imageTags | join(" ")' |
+       sort -u)
+
+  if [ -z "${ALL_TAGS}" ]; then
+    echo "no tag to delete for repository $REPOSITORY"
+  else
+    echo "deleting $(echo $ALL_TAGS | wc -l) tags for $REPOSITORY"
+
+    while read image_tags; do
+      SINGLE_TAG=$(echo $image_tags | grep -o '^\S*')
+
+      DIGESTS_TO_DELETE=$(docker buildx imagetools inspect \
+          949316342391.dkr.ecr.eu-west-1.amazonaws.com/$REPOSITORY:$SINGLE_TAG --raw |
+           jq -r '[.manifests | .[].digest] | join(" imageDigest=") | "imageDigest=" + .' ||
+           echo "")
+
+      TAGS_TO_DELETE=$(echo "$image_tags" | sed 's/[^ ]* */imageTag=&/g')
+
+      export AWS_PAGER=""
+
+      aws ecr batch-delete-image --repository-name "$REPOSITORY" --image-ids $(echo $TAGS_TO_DELETE) > /dev/null 2>&1
+      test -z $DIGESTS_TO_DELETE ||
+        aws ecr batch-delete-image --repository-name "$REPOSITORY" --image-ids $(echo $DIGESTS_TO_DELETE)> /dev/null 2>&1
+    done <<< $ALL_TAGS
+
+    echo "deleted $(echo $ALL_TAGS | wc -l) tags"
+  fi
+
+}
+
+
+cleanup_ci_cache() {
+  DATE=${1:-$(date -v-1m +%F)}
+  CACHE_BUCKET=${2:-"s3://gitlab-colisweb-distributed-cache/project/"}
+
+  echo "deleting from cache $CACHE_BUCKET all older than $DATE"
+
+  aws_ecr_login
+
+  while read -r line; do
+    datum=$(echo $line | cut -c1-10)
+    if [[ "$datum" < "$DATE" ]] ; then
+      # Shell Parameter Expansion: ${parameter##word}
+      # Allow to return the result from "word" to the end of "parameters"
+      # Here we need the end of the string after "project/" (corresponding to the S3 gitlab project id and filename)
+      TO_DELETE="$CACHE_BUCKET${line##* project/}"
+      echo $TO_DELETE
+      aws s3 rm $TO_DELETE
+    fi
+  done < <(aws s3 ls $CACHE_BUCKET  --recursive)
+}
+
+cleanup_batch_definitions() {
+  DEFINITION_NAME=$1
+  ARNs=($(
+    aws batch describe-job-definitions \
+    --status ACTIVE \
+    --job-definition-name "$DEFINITION_NAME" |
+      jq '.jobDefinitions | sort_by(-.revision)' |
+      jq 'del( .[0])' |
+      jq -r '.[] | .jobDefinitionArn'
+      )
+    )
+  for A in ${ARNs[@]}; do
+    echo "deregister $A"
+    aws batch deregister-job-definition --job-definition $A
+  done
+  echo "cleaned up all definitions except latest"
+}
+#!/usr/bin/env bash
+
+ftp_ikea_k8s() {
+  SSH_LOCAL_PORT=2230
+  FTP_LOCAL_PORT=25500
+  start_ssh_bastion testing $SSH_LOCAL_PORT
+
+  lsof -ti  tcp:$FTP_LOCAL_PORT | xargs kill
+
+  bastion_config=$(mktemp)
+  cat > "$bastion_config" <<EOF
+	  UserKnownHostsFile /dev/null
+	  StrictHostKeyChecking no
+	  User root
+	  Host bastion_ftp
+		HostName 127.0.0.1
+		Port 2230
+		LocalForward 25500 ft.centiro.ikea.com:22
+EOF
+
+  ssh -f -N \
+  	-F "$bastion_config" \
+  	"bastion_ftp"
+
+  sftp -P $FTP_LOCAL_PORT colisweb.fr@127.0.0.1
+}
+
+#!/usr/bin/env bash
+
+# usage:
+# jconsole_k8s testing colisweb-api-web
+
+jconsole_k8s() {
+  ENV=$1
+  NAME=$2
+
+  start_ssh_bastion $ENV 2242
+  POD_IP=$( \
+    kubectl -n $ENV get pods -o jsonpath='{range .items[*]}{.metadata.name}{" "}{.status.podIP}{"\n"}{end}' \
+    | grep "$NAME" | cut -d' ' -f2 | head -1 \
+  )
+  echo "selected POD with ip $POD_IP"
+  echo "use 'root' as password"
+  ssh -f -N -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -D 7777 root@127.0.0.1 -p 2242
+
+  jconsole \
+    -J-DsocksProxyHost=localhost \
+    -J-DsocksProxyPort=7777 \
+    -J-DsocksNonProxyHosts= \
+    service:jmx:rmi:///jndi/rmi://$POD_IP:7199/jmxrmi \
+    &
+
+  echo "remember to stop with 'stop_ssh_bastion'"
+
+}
+
+#!/usr/bin/env bash
+
+# Interactive console on an new pod. See also run_ruby_k8s
+# Ex :
+# railsc_k8s production
+# railsc_k8s production "User.where(email:'toni@colisweb.com')"
+railsc_k8s() {
+  ENV=$1
+  COMMAND=$2
+  [[ $ENV = "production" || $ENV = "staging" ]] && default_tag="master-latest" || default_tag="${ENV}-latest"
+  local image_tag=${5:-$default_tag}
+  local IMAGE="949316342391.dkr.ecr.eu-west-1.amazonaws.com/colisweb-api:$image_tag"
+  local POD_NAME="colisweb-api-rails-console-$image_tag-$USERNAME"
+
+  kubectl -n $ENV get pod $POD_NAME && kubectl -n $ENV delete pod $POD_NAME
+
+  configure_kubectl_for $ENV
+  echo "starting with $IMAGE"
+
+  kubectl -n $ENV run $POD_NAME \
+       --image $IMAGE \
+       --restart=Never \
+       --overrides='{
+       "spec":{
+          "nodeSelector":{
+            "workType": "workers"
+          },
+          "containers":[
+             {
+                "name":"'$POD_NAME'",
+                "image":"'$IMAGE'",
+                "imagePullPolicy":"Always",
+                "command":[
+                  "sleep",
+                  "infinity"
+                ],
+                "resources":{
+                  "limits":{
+                    "memory": "2048Mi"
+                  }
+                },
+                "envFrom": [ {
+                     "configMapRef": {
+                         "name": "colisweb-api"
+                     }
+                   }, {
+                     "secretRef": {
+                         "name": "colisweb-api"
+                     }
+                   }
+                ]
+             }
+          ]
+       }
+    }
+    '
+
+  sleep 5
+  KUBERAILS="kubectl -n $ENV exec -ti $POD_NAME -- /usr/src/app/bin/rails c"
+  [ -z "$COMMAND" ] && eval $KUBERAILS || echo $COMMAND | eval $KUBERAILS
+
+  print "End of $POD_NAME "
+  kubectl -n $ENV delete pods $POD_NAME
+}
+
+# Ex :
+# create_user testing claire.lien@colisweb.com super_admin clairemdp
+create_user() {
+  ENV=$1
+  EMAIL=$2
+  ROLE=$3
+  PASSWORD=$4
+  railsc_k8s $ENV "User.where(email:'$EMAIL', role:'$ROLE').first_or_create.update_attributes!(password: '$PASSWORD')"
+}
+
+# Ex :
+# delete_user testing claire.lien@colisweb.com 
+delete_user() {
+  ENV=$1
+  EMAIL=$2
+  railsc_k8s $ENV "User.find_by(email:'$EMAIL').destroy"
+}
+
+# NON Interactive console on an new pod, for long-running tasks (a few minutes)
+# See also railsc_k8s
+# file.txt will be available from /conf/data.txt in the ruby code
+# examples :
+# run_ruby_k8s testing demo <(echo "pp JSON.parse(File.read('/conf/data.txt'))")  <(echo '{ "content": 123 }')
+# run_ruby_k8s testing demo ~/.oh-my-zsh/custom/dev-tools/shell-session/ruby/demo.rb  <(echo '{ "content": 123 }')
+run_ruby_k8s() {
+  if [ $# -lt 4 ]; then
+    echo "usage : run_ruby_k8s production name-for-pod script.rb file.txt"
+    return 1
+  fi
+  local namespace=$1
+  local name=$2
+  local ruby_script=$3
+  local input_data=$4
+  [[ $namespace = "production" || $namespace = "staging" ]] && default_tag="master-latest" || default_tag="${namespace}-latest"
+  local image_tag=${5:-$default_tag}
+
+  if [ ! -r "$ruby_script" ]; then
+    echo "ruby script not found $ruby_script"
+    return 2
+  fi
+
+  if [ ! -r "$input_data" ]; then
+    echo "data not found $input_data"
+    return 3
+  fi
+
+
+  local IMAGE="949316342391.dkr.ecr.eu-west-1.amazonaws.com/colisweb-api:$image_tag"
+  local POD_NAME="colisweb-api-script-$name"
+  local CONFIG_MAP="config-$POD_NAME"
+  local CONFIG_MAP_DIR="$(mktemp -d)"
+
+
+  configure_kubectl_for $namespace
+
+
+  cp "$ruby_script" "$CONFIG_MAP_DIR/script.rb"
+  cp "$input_data" "$CONFIG_MAP_DIR/data.txt"
+
+  kubectl -n $namespace get configmap $CONFIG_MAP && kubectl -n $namespace delete configmap $CONFIG_MAP
+  kubectl -n $namespace create configmap $CONFIG_MAP --from-file="$CONFIG_MAP_DIR"
+
+  kubectl -n $namespace get pod $POD_NAME && kubectl -n $namespace delete pod $POD_NAME
+
+  echo "starting with $IMAGE"
+  kubectl -n $namespace run $POD_NAME \
+     --image $IMAGE \
+     -ti \
+     --restart=Never \
+     --attach \
+     --rm \
+     --overrides='{
+     "spec":{
+        "nodeSelector":{
+          "workType": "workers"
+        },
+        "containers":[
+           {
+              "name":"'$POD_NAME'",
+              "image":"'$IMAGE'",
+              "imagePullPolicy":"Always",
+              "command":[
+                "/usr/src/app/bin/rails",
+                "r",
+                "/conf/script.rb"
+              ],
+              "resources":{
+                "limits":{
+                  "memory": "4096Mi"
+                }
+              },
+              "volumeMounts":[
+                 {
+                    "name":"conf",
+                    "mountPath":"/conf"
+                 }
+              ],
+              "envFrom": [ {
+                   "configMapRef": {
+                       "name": "colisweb-api"
+                   }
+                 }, {
+                   "secretRef": {
+                       "name": "colisweb-api"
+                   }
+                 }
+              ]
+           }
+        ],
+          "volumes":[
+           {
+              "name":"conf",
+              "configMap":{ "name":"'$CONFIG_MAP'" }
+           }
+        ]
+     }
+  }
+  '
+
+  kubectl -n $namespace delete configmap $CONFIG_MAP
+}
+
+# example:
+# update_pickup_cp testing <( echo '{"wrong_cp": "59123", "corrected_cp": "59223", "delivery_ids": ["4192421", "4192425"]}' )
+update_pickup_cp() {
+	run_ruby_k8s $1 update-pickup-cp "$SCRIPT_FULL_PATH/ruby/update_pickup_cp.rb" $2
+}
+
+
+
+update_all_prices() {
+  local namespace=$1
+  local json_prices=$2
+
+  local json_size=$(wc -c < "$json_prices")
+
+  if ((json_size > 940000)); then
+	command -v jq || (echo "jq not found (use brew install jq)" && return 1)
+    local max_lines=3000
+    local total_lines=$(jq '. | length' $json_prices)
+    local iterations=$((total_lines / max_lines + 1))
+    echo "$json_prices is too big, I'll split it for you in blocks of $max_lines lines. It will take $iterations runs"
+    for (( i = 0 ; i < iterations ; i++ )) ; do
+      local start=$((i * max_lines))
+      local end=$(( (i + 1) * max_lines))
+      local split_file=$(mktemp)
+      jq -c ".[$start:$end]" $json_prices > $split_file
+      local split_lines=$(jq '. | length' $split_file)
+      echo "starting iteration $i from $start to $end with $split_file command -v has $split_lines lines"
+      run_ruby_k8s $namespace "update-prices-$i" "$SCRIPT_FULL_PATH/ruby/update_prices.rb" $split_file
+    done
+  else
+  	run_ruby_k8s $namespace "update-prices" "$SCRIPT_FULL_PATH/ruby/update_prices.rb" $json_prices
+  fi
+}
+
+
+update_surveys() {
+  local namespace=$1
+  local csv_surveys=$2
+
+  local csv_size=$(wc -c < "$csv_surveys")
+
+
+  if ((csv_size > 940000)); then
+    local max_lines=400
+    local total_lines=$(wc -l < $csv_surveys)
+    local iterations=$((total_lines / max_lines + 1))
+    echo "$csv_surveys is too big, I'll split it for you in blocks of $max_lines lines. It will take $iterations runs"
+    for (( i = 0 ; i < iterations ; i++ )) ; do
+      local start=$((i * max_lines + 2))
+      local end=$(( (i + 1) * max_lines + 1))
+      local split_file=$(mktemp)
+      head -1 $csv_surveys > $split_file
+      sed -n ''"$start,${end}p" $csv_surveys >> $split_file
+
+
+      local split_lines=$(wc -l < $split_file)
+      echo "starting iteration $i from $start to $end with $split_file command -v has $split_lines lines"
+      run_ruby_k8s $namespace "reimport-surveys-$i" "$SCRIPT_FULL_PATH/ruby/feedback_kpi_reuploader.rb" $split_file
+    done
+  else
+  	run_ruby_k8s $namespace "reimport-surveys" "$SCRIPT_FULL_PATH/ruby/feedback_kpi_reuploader.rb" $csv_surveys
+  fi
+}
+
+#!/usr/bin/env bash
+
+configure_gitlab_ssh() {
+  tmp_dir=$(mktemp -d)
+  ssh-keyscan gitlab.com > $tmp_dir/known_hosts
+  echo "$SSH_PRIVATE_KEY" > $tmp_dir/id_rsa
+  chmod 600 $tmp_dir/id_rsa
+  ssh -i $tmp_dir/id_rsa -T git@gitlab.com
+  rm -Rf $tmp_dir
+}
+
+
+configure_gitlab_ssh_home() {
+  mkdir ~/.ssh
+  ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
+  echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+  chmod 600 ~/.ssh/id_rsa
+  ssh -T git@gitlab.com
+}
+#!/usr/bin/env bash
+
+datadog_schedule_downtime() {
+  SERVICES=$1
+  DOWNTIME_MINUTES=${2:-30}
+
+  if [[ "$ENVIRONMENT" == "production" ]] ; then
+    log "scheduling downtime for $SERVICES in $ENVIRONMENT"
+  else
+    return 0
+  fi
+
+  for SERVICE in $SERVICES ; do
+    datadog_schedule_downtime_single $SERVICE $DOWNTIME_MINUTES
+  done
+}
+
+datadog_schedule_downtime_single() {
+  local SERVICE=$1
+  local DOWNTIME_MINUTES=$2
+
+  START=$(date +%s)
+  END=$((START + 60 * DOWNTIME_MINUTES))
+
+  log "scheduling a downtime on datadog for $SERVICE ($DOWNTIME_MINUTES minutes)"
+  curl -X POST "https://api.datadoghq.com/api/v1/downtime" \
+    -H "Content-Type: application/json" \
+    -H "DD-API-KEY: ${DD_API_KEY}" \
+    -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
+    -d '
+      {
+        "active": true,
+          "downtime_type": 0,
+          "start": '$START',
+          "end": '$END',
+          "message": "CA Deployment - performance for '$SERVICE' may be lower for next '$DOWNTIME_MINUTES' min",
+          "monitor_tags": [
+            "service:'$SERVICE'",
+            "performance"
+          ],
+          "scope": [
+            "env:production"
+          ],
+          "timezone": "Europe/Paris"
+      }
+      '
+}
+
+#!/usr/bin/env bash
+
+docker_build_push() {
+  read -r -a BUILD_ARGS <<< "$1"
+  DOCKER_BUILD_ARGS="--build-arg VCS_REF=$(git rev-parse --short HEAD)"
+
+  for ARG_NAME in "${BUILD_ARGS[@]}"
+  do
+     DOCKER_BUILD_ARGS="$DOCKER_BUILD_ARGS --build-arg $ARG_NAME=${!ARG_NAME}"
+  done
+
+  if ! image_exists $DOCKER_REGISTRY_ID $APPLICATION $CI_COMMIT_SHORT_SHA ; then
+    docker pull $DOCKER_IMAGE || true
+    SOURCE_URL=${CI_PROJECT_URL:8} # without "https://" protocol, like gitlab.com/colisweb-idl/colisweb/back/packing
+
+    docker buildx create --use
+
+    docker buildx build $DOCKER_BUILD_ARGS \
+      -t $DOCKER_IMAGE_SHA \
+      --platform "linux/arm64,linux/amd64" \
+      --label org.opencontainers.image.revision=$(git rev-parse HEAD) \
+      --label org.opencontainers.image.source=$SOURCE_URL \
+      --provenance=false \
+      --push \
+      $DOCKER_STAGE_PATH
+  fi
+}
+
+
+docker_promote() {
+   # inspired by https://dille.name/blog/2018/09/20/how-to-tag-docker-images-without-pulling-them/
+   OLD_TAG=${1//[^0-9a-zA-Z-.]/_}
+   NEW_TAG=${2//[^0-9a-zA-Z-.]/_}
+   echo "promoting from $OLD_TAG to $NEW_TAG"
+   TOKEN=$(aws_ecr_token)
+   CONTENT_TYPE="application/vnd.docker.distribution.manifest.v2+json"
+   MANIFESTS_API="https://${DOCKER_REGISTRY}/v2/${APPLICATION}/manifests"
+
+   if MANIFEST=$(curl --fail -H "Authorization: Basic $TOKEN" -H "Accept: ${CONTENT_TYPE}" "$MANIFESTS_API/${OLD_TAG}"); then
+     echo "authenticated on $MANIFESTS_API"
+   else
+     return 1
+   fi
+   if curl --fail -H "Authorization: Basic $TOKEN" -X PUT -H "Content-Type: ${CONTENT_TYPE}" -d "${MANIFEST}" "$MANIFESTS_API/$NEW_TAG" ; then
+     echo "promoted ${APPLICATION} from $OLD_TAG to $NEW_TAG"
+   else
+     return 2
+   fi
+ }
+
+ ensure_images_exists() {
+   for IMAGE_TO_CHECK in $(echo $1 | tr "," "\n"); do
+     image_exists ${DOCKER_REGISTRY_ID} ${IMAGE_TO_CHECK} ${VERSION} || return 1
+   done
+ }
+
+#!/usr/bin/env bash
+
+extract_yaml_config_variable() {
+  set +e
+  set +x
+
+  check_args "--environment" $1
+  shift
+  ENVIRONMENT=$1
+  shift
+
+  check_args "--configs-path" $1
+  shift
+  CONFIGS_PATH=$1
+  shift
+
+  check_args "--variable" $1
+  shift
+  VARIABLE=$1
+  shift
+
+  [[ "$1" == "--optional" ]] && OPTIONAL=true || OPTIONAL=false
+
+  if [ ! -f ${CONFIGS_PATH}/common.yaml ]; then
+    echo >&2 "Missing $CONFIGS_PATH/common.yaml configuration file"
+    return 1
+  fi
+  if [ ! -f ${CONFIGS_PATH}/${ENVIRONMENT}.yaml ]; then
+    echo >&2 "Missing $CONFIGS_PATH/$ENVIRONMENT.yaml configuration file"
+    return 1
+  fi
+  if [ ! -f ${CONFIGS_PATH}/${ENVIRONMENT}-secrets.yaml ]; then
+    echo >&2 "Missing $CONFIGS_PATH/$ENVIRONMENT-secrets.yaml configuration file"
+    return 1
+  fi
+
+  result=$(yq -r ${VARIABLE} "$CONFIGS_PATH/$ENVIRONMENT-secrets.yaml")
+  if [ $? -ne 0 ] || [ "$result" = "null" ]; then
+    result=$(yq -r ${VARIABLE} "$CONFIGS_PATH/$ENVIRONMENT.yaml")
+    if [ $? -ne 0 ] || [ "$result" = "null" ]; then
+      result=$(yq -r ${VARIABLE} "$CONFIGS_PATH/common.yaml")
+      if [ $? -ne 0 ] || [ "$result" = "null" ]; then
+        if [ $OPTIONAL = true ]; then
+          echo ""
+          return 0
+        else
+          echo >&2 "Missing path $VARIABLE in $CONFIGS_PATH/$ENVIRONMENT-secrets.yaml, $CONFIGS_PATH/$ENVIRONMENT.yaml or $CONFIGS_PATH/common.yaml"
+          return 1
+        fi
+      fi
+    fi
+  fi
+  echo ${result}
+}
+#!/usr/bin/env bash
+
+flyway_clean() {
+  HOST="$1"
+  PORT="$2"
+  DATABASE="$3"
+  USER="$4"
+  PASSWORD="$5"
+
+  kubectl run -it --rm flywayclean \
+  --image=flyway/flyway \
+  --restart=Never \
+  -- \
+  -cleanDisabled=false \
+  -url="jdbc:postgresql://$HOST:$PORT/$DATABASE" \
+  -user="$USER" \
+  -password="$PASSWORD" \
+  clean
+}
+
+#!/usr/bin/env bash
+
+FLYWAY_VERSION="7.4.0"
+
+
+get_yaml_variable() {
+  extract_yaml_config_variable --environment ${ENVIRONMENT} --configs-path $(pwd)/deploy --variable $@
+}
+
+init_migrate_db() {
+  set -e
+
+  check_env_vars 4 "APPLICATION" "ENVIRONMENT" "FLYWAY_VERSION" "MIGRATION_SQL_PATH"
+
+  PG_YAML_PATH=".${APPLICATION}config.postgres"
+
+  DB_PORT="5432"
+  DB_HOST=$(get_yaml_variable "${PG_YAML_PATH}.host")
+  DB_INIT_USERNAME=$(get_yaml_variable "${PG_YAML_PATH}.initUsername")
+  DB_INIT_PASSWORD=$(get_yaml_variable "${PG_YAML_PATH}.initPassword")
+  DB_DATABASE=$(get_yaml_variable "${PG_YAML_PATH}.database")
+  DB_USER=$(get_yaml_variable "${PG_YAML_PATH}.user")
+  DB_PASSWORD=$(get_yaml_variable "${PG_YAML_PATH}.password")
+  DB_URL="jdbc:postgresql://${DB_HOST}:${DB_PORT}/${DB_DATABASE}"
+
+  DB_RO_USER=$(get_yaml_variable "${PG_YAML_PATH}.readOnlyUser" --optional)
+  DB_RO_PASSWORD=$(get_yaml_variable "${PG_YAML_PATH}.readOnlyPassword" --optional)
+
+  unset KUBECONFIG
+
+  configure_kubectl_for ${ENVIRONMENT}
+
+  kube_init_service_database \
+    --namespace ${ENVIRONMENT} \
+    --service ${APPLICATION} \
+    --db_host ${DB_HOST} \
+    --db_port ${DB_PORT} \
+    --db_init_username ${DB_INIT_USERNAME} \
+    --db_init_password ${DB_INIT_PASSWORD} \
+    --db_database ${DB_DATABASE} \
+    --db_username ${DB_USER} \
+    --db_password ${DB_PASSWORD}
+
+  if [[ ! -z "$DB_RO_USER" ]] && [[ ! -z "$DB_RO_USER" ]]; then
+    kube_init_database_readonly_account \
+      --namespace ${ENVIRONMENT} \
+      --service ${APPLICATION} \
+      --db_connection "$DB_INIT_USERNAME:$DB_INIT_PASSWORD@$DB_HOST:$DB_PORT" \
+      --db_database ${DB_DATABASE} \
+      --db_readonly_username ${DB_RO_USER} \
+      --db_readonly_password ${DB_RO_PASSWORD}
+  fi
+
+  flyway_migrate \
+    --environment ${ENVIRONMENT} \
+    --namespace ${ENVIRONMENT} \
+    --service ${APPLICATION} \
+    --db_url ${DB_URL} \
+    --db_user ${DB_USER} \
+    --db_password ${DB_PASSWORD} \
+    --flyway_version ${FLYWAY_VERSION} \
+    --flyway_sql_folder $(pwd)/${MIGRATION_SQL_PATH}
+}
+
+flyway_migrate() {
+  set -e
+
+  extract_args 8 \
+    environment namespace service db_url db_user db_password flyway_version flyway_sql_folder $*
+
+  echo "running flyway migrations for service $service in environment $environment namespace $namespace for db_url $db_url with user $db_user"
+  echo "migration files expected in $flyway_sql_folder"
+
+  CONFIGMAP_NAME="$service-flyway-migration-sql"
+  POD_NAME="$service-flyway-migration"
+
+  configure_kubectl_for $environment
+
+  kubectl -n $namespace delete configmap $CONFIGMAP_NAME --ignore-not-found
+  kubectl -n $namespace delete pod $POD_NAME --ignore-not-found
+  kubectl -n $namespace create configmap $CONFIGMAP_NAME --from-file=$flyway_sql_folder
+
+  kubectl -n $namespace run $POD_NAME --image ignored -ti --restart=Never --attach --rm --overrides='
+{
+   "spec":{
+      "containers":[
+         {
+            "name":"'$POD_NAME'",
+            "image":"flyway/flyway:'$flyway_version'",
+            "command":["flyway", "-url='$db_url'", "-user='$db_user'", "-password='$db_password'", "migrate"],
+            "volumeMounts":[
+               {
+                  "name":"sql",
+                  "mountPath":"/flyway/sql"
+               }
+            ]
+         }
+      ],
+      "volumes":[
+         {
+            "name":"sql",
+            "configMap":{
+               "name":"'$CONFIGMAP_NAME'"
+            }
+         }
+      ]
+   }
+}
+'
+
+  kubectl -n $namespace delete configmap $CONFIGMAP_NAME
+}
+
+#!/usr/bin/env bash
+ flyway_repair() {
+  set -e
+  check_env_vars 4 "APPLICATION" "ENVIRONMENT" "FLYWAY_VERSION" "MIGRATION_SQL_PATH"
+
+  PG_YAML_PATH=".${APPLICATION}config.postgres"
+
+  DB_PORT="5432"
+  DB_HOST=$(get_yaml_variable "${PG_YAML_PATH}.host")
+  DB_DATABASE=$(get_yaml_variable "${PG_YAML_PATH}.database")
+  DB_USER=$(get_yaml_variable "${PG_YAML_PATH}.user")
+  DB_PASSWORD=$(get_yaml_variable "${PG_YAML_PATH}.password")
+  DB_URL="jdbc:postgresql://${DB_HOST}:${DB_PORT}/${DB_DATABASE}"
+
+  flyway_sql_folder=$(pwd)/${MIGRATION_SQL_PATH}
+
+  configure_kubectl_for "${ENVIRONMENT}"
+  POD_NAME="${APPLICATION}-flyway-repair"
+  CONFIGMAP_NAME="${APPLICATION}-flyway-repair-sql"
+
+  kubectl -n "${ENVIRONMENT}" delete configmap $CONFIGMAP_NAME --ignore-not-found
+  kubectl -n "${ENVIRONMENT}" delete pod $POD_NAME --ignore-not-found
+  kubectl -n "${ENVIRONMENT}" create configmap $CONFIGMAP_NAME --from-file="${flyway_sql_folder}"
+
+  kubectl -n "${ENVIRONMENT}" run --rm  -it "${POD_NAME}" \
+  --image=flyway/flyway \
+  --restart=Never \
+  --overrides='
+  {
+     "spec":{
+        "containers":[
+           {
+              "name":"'$POD_NAME'",
+              "image":"flyway/flyway:'${FLYWAY_VERSION}'",
+              "command":["flyway", "-url='$DB_URL'", "-user='$DB_USER'", "-password='$DB_PASSWORD'", "repair"],
+              "volumeMounts":[
+                 {
+                    "name":"sql",
+                    "mountPath":"/flyway/sql"
+                 }
+              ]
+           }
+        ],
+        "volumes":[
+           {
+              "name":"sql",
+              "configMap":{
+                 "name":"'$CONFIGMAP_NAME'"
+              }
+           }
+        ]
+     }
+  }
+  '
+  kubectl -n "${ENVIRONMENT}" delete configmap $CONFIGMAP_NAME
+}
+
+#!/usr/bin/env bash
+
+record_git_commit() {
+    for file in $GIT_COMMIT_FILES; do
+      sed -i 's&GIT_COMMIT&'"${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}&" "$file"
+    done
+}
+
+gitlab_import_pgp_key() {
+  if [ "$GITLAB_PGP_PRIVATE_KEY" != "" ]
+  then
+    KEY_FOLDER=<(echo "$GITLAB_PGP_PRIVATE_KEY")
+    gpg --import $KEY_FOLDER > /dev/null
+  else
+    echo '$GITLAB_PGP_PRIVATE_KEY is not set'
+    return 1
+  fi
+}
+
+git_reveal() {
+  gitlab_import_pgp_key
+  gpg --decrypt $1
+}
+#!/usr/bin/env bash
+
+helm_deploy() {
+  APPLICATION=$1
+  ENVIRONMENT=$2
+  VERSION=$3
+  deploy_chart \
+    --path_configs deploy \
+    --path_chart deploy/$APPLICATION \
+    --application $APPLICATION \
+    --environment $ENVIRONMENT \
+    --namespace $ENVIRONMENT \
+    --helm_extra_args --set global.version=$VERSION
+}
+
+deploy_chart() {
+  set -e
+  set -x
+
+  # Rigid parsing, but all args are mandatory (expect last) and flexible order is unnecessary
+  check_args "--path_configs" $1; shift
+  path_configs=$1; shift
+  check_args "--path_chart" $1; shift
+  path_chart=$1; shift
+  check_args "--application" $1; shift
+  application=$1; shift
+  check_args "--environment" $1; shift
+  environment=$1; shift
+  check_args "--namespace" $1; shift
+  namespace=$1; shift
+  if [ $# -ne 0 ]; then
+    check_args "--helm_extra_args" $1; shift
+    helm_extra_args=$*
+  fi
+
+  echo "================================"
+  echo " Deploying $application"
+  echo " - Environment: $environment"
+  echo " - Namespace: $namespace"
+  echo "================================"
+
+  root_path=$(pwd)
+
+  # Check the configs exists
+
+  check_config_file ${root_path}/${path_configs}/common.yaml
+  check_config_file ${root_path}/${path_configs}/${namespace}.yaml
+  check_config_file ${root_path}/${path_configs}/${namespace}-secrets.yaml
+
+  # Check the chart exists
+  if [ ! -d ${root_path}/${path_chart} ] || [ ! -f ${root_path}/${path_chart}/Chart.yaml ]; then
+      echo "Bad Chart $root_path/$path_chart : does not exists or missing Chart.yaml"
+      print_usage
+      return 1
+  fi
+
+  # Unset Kubectl configuration made via the KUBECONFIG env variable
+  #  it would override the config made by configure_kubectl_for
+  #  for example, using Gitlab runners in Kubernetes sets this variable and causes conflict
+  unset KUBECONFIG
+
+  # Configure Kubectl
+  configure_kubectl_for ${environment}
+
+  # Configure helm
+  helm version --namespace ${namespace} || true
+  # helm stable repo have changed and must be updated manually, in versions < v2.17.0
+  helm repo add colisweb s3://colisweb-helm-charts/colisweb
+  helm repo add stable https://charts.helm.sh/stable
+  helm repo update
+  helm dependency update ${root_path}/${path_chart}
+
+  # Gather values/*.yaml files
+  values_path="${root_path}/${path_chart}/values"
+  values_files=''
+  [ -d $values_path ] && values_files=$(find $values_path -type f -maxdepth 1 -name "*.yaml" | sed 's/^/ -f /' | tr -d \\n | sed 's/%//')
+
+  # Deploy
+  helm upgrade --install \
+    --namespace ${namespace} \
+    ${values_files} \
+    -f ${root_path}/${path_configs}/common.yaml \
+    -f ${root_path}/${path_configs}/${namespace}.yaml \
+    -f ${root_path}/${path_configs}/${namespace}-secrets.yaml \
+    ${helm_extra_args} \
+    ${application} ${root_path}/${path_chart}
+
+  #send event to dd
+  PUBLISHED_VERSION="$CI_COMMIT_REF_NAME-$CI_COMMIT_SHA"
+  emit_datadog_deploy_event  --environment $environment --service $application  --version $PUBLISHED_VERSION
+
+  echo "================================"
+  echo " Deployed $application"
+  echo " - Environment: $environment"
+  echo " - Namespace: $namespace"
+  echo "================================"
+
+  set +x
+}
+
+verify_deployments() {
+  set -e
+
+  # usage :
+  # verify_deployments staging price
+  # verify_deployments -t 15m testing price
+
+  if [ "$1" = "-t" ] ; then
+    TIMEOUT=$2
+    shift
+    shift
+  else
+    TIMEOUT=5m
+  fi
+
+  NAMESPACE=$1
+  RELEASE=$2
+
+  # Get all Deployments names from the deployed chart
+  DEPLOYMENTS=(
+    $(helm get manifest --namespace $NAMESPACE $RELEASE | yq --no-doc -r 'select(.kind=="Deployment").metadata.name')
+  )
+
+  echo "verifying on $NAMESPACE deployments ${DEPLOYMENTS[@]} with a timeout of $TIMEOUT"
+
+  PIDS=()
+  for D in "${DEPLOYMENTS[@]}"; do
+    kubectl -n ${NAMESPACE} rollout status deployment ${D} --timeout=${TIMEOUT} &
+    PIDS+=($!)
+  done
+
+  for P in ${PIDS[@]}; do
+    wait $P
+
+    if [ $? -ne 0 ]; then
+      echo "at least one deployment failed or timed out (after $TIMEOUT)"
+      return 1
+    fi
+  done
+
+}
+
+print_usage() {
+  echo "Usage:"
+  echo "deploy_chart \\"
+  echo "  --path_configs <path to .yaml namespaces and secret config files>"
+  echo "  --path_chart <path to Helm Chart>"
+  echo "  --application <application name used by Helm>"
+  echo "  --environment <infrastructure environment>"
+  echo "  --namespace <namespace>"
+  echo "  --helm-extra-args <extra args to pass to helm, ex: --set my.value=42 --set your.setting=on>"
+  echo ""
+}
+
+check_config_file() {
+    local filename=$1
+    if [ ! -f ${filename} ]; then
+        echo "Missing $filename configuration file"
+        print_usage
+        return 1
+    fi
+}
+
+notify_new_deployment() {
+  jq --version || (apt update && apt install -y jq)
+
+  CHAT_URL=${1:-$DEFAULT_CHAT_URL}
+
+  STATUS=$(echo $CI_JOB_STATUS | tr '[:lower:]' '[:upper:]' )
+  ENV_NAME=$(echo $ENVIRONMENT | tr '[:lower:]' '[:upper:]' )
+
+  JOB_LINK="<$CI_JOB_URL| $CI_JOB_NAME $CI_JOB_ID>"
+
+  DESCRIPTION="
+  $STATUS : Deployment for $CI_PROJECT_NAME on $ENV_NAME
+  $JOB_LINK
+  $CI_COMMIT_TITLE
+  "
+
+  JSON_MESSAGE=$(jq -n --arg text "$DESCRIPTION" '{text: $text }')
+  curl -X POST $CHAT_URL \
+  --header "Content-Type: application/json" \
+  --data "$JSON_MESSAGE"
+}
+notify_new_version() {
+
+  ! test -z $CI_COMMIT_TAG || exit 0
+
+  jq --version || (apt update && apt install -y jq)
+
+  KIND=$1
+  CHAT_URL=${2:-$DEFAULT_CHAT_URL}
+
+  STATUS=$(echo $CI_JOB_STATUS | tr '[:lower:]' '[:upper:]' )
+  ENV_NAME=$(echo $ENVIRONMENT | tr '[:lower:]' '[:upper:]' )
+  TITLE="$ENV_NAME *$STATUS* $KIND for version *$CI_COMMIT_TAG* of *$CI_PROJECT_NAME* "
+
+  RELEASE_URL="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/releases/$CI_COMMIT_TAG"
+
+  NOTES=$(curl --header "PRIVATE-TOKEN: $GITLAB_TOKEN" $RELEASE_URL |
+    jq .description |
+    sed -e 's/^"//' -e 's/"$//' |
+    sed -E 's/\[([^]]+)\]\(([^)]+)\)/<\2|\1>/g' |
+    sed -E 's/\\n/\'$'\n/g')
+
+  JOB_LINK="<$CI_JOB_URL| $CI_JOB_NAME $CI_JOB_ID>"
+
+  DESCRIPTION="
+  $TITLE
+  $JOB_LINK
+  $NOTES
+  "
+
+  JSON_MESSAGE=$(jq -n --arg text "$DESCRIPTION" '{text: $text }')
+  curl -X POST $CHAT_URL \
+    --header "Content-Type: application/json" \
+    --data "$JSON_MESSAGE"
+}
+#!/usr/bin/env bash
+
+skip_sbt_compile_cache() {
+  COMPARED_BRANCH="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:-$CI_DEFAULT_BRANCH}"
+  echo "branch to compare to: $COMPARED_BRANCH"
+  git fetch origin $COMPARED_BRANCH
+  echo "fetched $COMPARED_BRANCH"
+  [[ "$CI_COMMIT_REF_NAME" =~ ^(master|develop)$ || $(git diff origin/$COMPARED_BRANCH --exit-code -- project) ]]
+}
+#!/usr/bin/env bash
+
+# in case of trouble with functions for update history during import
+# https://stackoverflow.com/questions/56729192/pg-restore-fails-when-trying-to-create-function-referencing-table-that-does-not
+
+# example: clone_databases --source_env testing --destination_env recette --services "order,notification,parcel,ikea"
+clone_databases() {
+  export USERNAME="database-cloner"
+
+  set -e
+
+  extract_args 3 source_env destination_env services $*
+
+  dump_databases "$source_env" "$services"
+  import_databases "$destination_env" "$services"
+}
+
+dump_databases() {
+  local env="$1"
+  local services=$(echo -n "$2" | tr ',' '\n')
+
+  database_k8s_output_dump_path="/tmp/database_k8s_output_dump"
+
+  configure_kubectl_for "$env"
+  set +e
+  database_k8s "$env" > "$database_k8s_output_dump_path"
+  set -e
+
+  source_pg_local_port=$(extract_pg_local_port "$database_k8s_output_dump_path")
+
+  for service in $services
+  do
+    service_path="/tmp/$service"
+
+    set +e
+    git clone "git@gitlab.com:colisweb/back/$service.git" "$service_path"
+    set -e
+
+    if cd "$service_path"; then
+      echo "dump the database for service $service.."
+
+      git secret reveal -f
+
+      PG_YAML_PATH=".${service}config.postgres"
+
+      SOURCE_DB_DATABASE=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.database")
+      SOURCE_DB_USER=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.user")
+      SOURCE_DB_PASSWORD=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.password")
+
+      export PGPASSWORD="$SOURCE_DB_PASSWORD"
+
+      DUMP_PATH="/tmp/db_dump_${service}.sql"
+      pg_dump --no-owner -h localhost -p "$source_pg_local_port" -U "$SOURCE_DB_USER" "$SOURCE_DB_DATABASE" > "$DUMP_PATH"
+
+      cd ..
+      rm -rf "$service_path"
+    else
+      echo "WARN: failed to clone $service - skipping"
+    fi
+  done
+}
+
+import_databases() {
+  local env="$1"
+  local services=$(echo -n "$2" | tr ',' '\n')
+
+  database_k8s_output_import_path="/tmp/database_k8s_output_import"
+
+  configure_kubectl_for "$env"
+  set +e
+  database_k8s "$env" > "$database_k8s_output_import_path"
+  set -e
+
+  destination_pg_local_port=$(extract_pg_local_port "$database_k8s_output_import_path")
+
+  for service in $services
+  do
+    service_path="/tmp/$service"
+
+    set +e
+    git clone "git@gitlab.com:colisweb/back/$service.git" "$service_path"
+    set -e
+
+    if cd "$service_path"; then
+      echo "create and import database for $service.."
+
+      git secret reveal -f
+
+      PG_YAML_PATH=".${service}config.postgres"
+
+      DB_PORT="5432"
+      DB_HOST=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.host")
+      DB_INIT_USERNAME=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.initUsername")
+      DB_INIT_PASSWORD=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.initPassword")
+      DB_DATABASE=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.database")
+      DB_USER=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.user")
+      DB_PASSWORD=$(extract_yaml_config_variable --environment "$env" --configsPath ./deploy --variable "${PG_YAML_PATH}.password")
+
+      kube_init_service_database \
+        --namespace ${env} \
+        --service ${service} \
+        --db_host ${DB_HOST} \
+        --db_port ${DB_PORT} \
+        --db_init_username ${DB_INIT_USERNAME} \
+        --db_init_password ${DB_INIT_PASSWORD} \
+        --db_database ${DB_DATABASE} \
+        --db_username ${DB_USER} \
+        --db_password ${DB_PASSWORD}
+
+      echo "WARN: A complete clean of $DB_DATABASE on $DB_HOST will be operated"
+      read -rsn1 -p"Press any key to continue";echo
+      flyway_clean "$DB_HOST" "$DB_PORT" "$DB_DATABASE" "$DB_USER" "$DB_PASSWORD"
+
+      DUMP_PATH="/tmp/db_dump_${service}.sql"
+      export PGPASSWORD="$DB_PASSWORD"
+      set +e
+      psql "postgres://$DB_USER@127.0.0.1:$destination_pg_local_port" -p "$DB_DATABASE" -f "$DUMP_PATH"
+      set -e
+
+      cd ..
+      rm -rf "$service_path"
+    else
+      echo "WARN: failed to clone $service - skipping"
+    fi
+  done
+}
+
+extract_pg_local_port() {
+  cat "$1" | grep 'postgres@127.0.0.1:' | sed 's/.*postgres@127.0.0.1:\(.*[0-9]\).*/\1/g'
+}
+#!/usr/bin/env bash
+
+emit_datadog_deploy_event() {
+  extract_args 3 environment service version $*
+  check_env_vars 1 "DD_API_KEY"
+
+  response=$(
+    curl -X POST -H "Content-type: application/json" \
+      -d '{
+              "title": "deploying '"$service"' to '"$environment"'",
+              "text": "deploying '"$service"' version '"$version"' to '"$environment"'",
+              "priority": "normal",
+              "tags": ["service:'"$service"' ", "env:'"$environment"'" ,"action:'"deployment"'"] ,
+
+              "alert_type": "Info"
+        }' \
+      "https://api.datadoghq.com/api/v1/events?api_key=$DD_API_KEY"
+  )
+
+  #echo $response
+  EventID=$(echo $response | jq ".event.id")
+  url=$(echo $response | jq ".event.url")
+
+  if [[ $EventID -ne 0 ]]; then
+    echo "event successfully created check in datadog UI : $url"
+  else
+    echo " failed to create event "
+    return 1
+  fi
+}
+
+#!/usr/bin/env bash
+
+# DEPRECATED
+emit_datadog_error_events() {
+  set -e
+  extract_args 4 title text priority environment $*
+  check_env_vars 1 "DD_API_KEY"
+
+  curl -X POST -H "Content-type: application/json" \
+    -d '{
+              "title": "'"$title"'",
+              "text": "'"$text"'",
+              "priority": "'"$priority"'",
+              "tags": ["environment:'"$environment"'"],
+              "alert_type": "Error"
+        }' \
+    "https://api.datadoghq.com/api/v1/events?api_key=$DD_API_KEY"
+}
+
+#!/usr/bin/env bash
+terraform_init() {
+  SECTION=$1
+  ENV=$2
+  cd $SECTION
+  terraform init -input=false
+  terraform workspace select $ENV || terraform workspace new $ENV
+}