First version

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Problems and issues with the code in this repository
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+## Environment
+
+**Version**:
+
+**Environment**:
+- **OS**:
+- **Other**:
+
+
+## Bug
+
+### What happened
+
+### What you expected to happen
+
+### How to reproduce it
+
+### More details

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,14 @@
+---
+name: Feature request
+about: Suggest an idea for this project or its docs
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+## Description
+
+**Use Case**
+
+**Related Issue(s)**

.github/ISSUE_TEMPLATE/requirement-issue.md

@@ -0,0 +1,16 @@
+---
+name: Requirement issue
+about: Questions and issues with the legal requirements
+title: ''
+labels: requirements
+assignees: ''
+
+---
+
+## Requirement issue
+
+This concerns:
+- [ ] The OECD DPI initial requirements
+- [ ] The DGFiP DAC7 revised requirements for France
+
+**Description**

.github/pull_request_template.md

@@ -0,0 +1,15 @@
+# Description
+The description of the main changes of your pull request
+
+# Related Issue(s)
+<!---
+For example:
+
+- closes #1
+--->
+
+# Documentation
+
+<!---
+Share links to useful documentation
+--->

renovate.json5 → .github/renovate.json

@@ -24,5 +24,19 @@
       "matchPackageNames": ["psf/black-pre-commit-mirror"],
       "customChangelogUrl": "https://github.com/psf/black"
     }
+  ],
+  "regexManagers": [
+    {
+      "description": "Update poetry",
+      "fileMatch": [
+        "^.+\\.yml$",
+        "^Dockerfile$"
+      ],
+      "matchStrings": [
+        "pip install( --upgrade)? poetry==(?<currentValue>\\S+?)\\s"
+      ],
+      "depNameTemplate": "poetry",
+      "datasourceTemplate": "pypi"
+    }
   ]
 }

.github/workflows/docker.yml

@@ -0,0 +1,29 @@
+name: docker
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
+
+      - name: Install poetry
+        run: pip install poetry==1.8.3
+
+      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5
+        with:
+          python-version: '3.12'
+          cache: 'poetry'
+
+      - name: Install local project
+        run: make init
+
+      - name: Unit tests
+        run: make test-unit
+
+      - name: Run end-to-end tests
+        run: make test-e2e

.github/workflows/mlc.yaml

@@ -0,0 +1,15 @@
+name: mlc
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+  schedule:
+      - cron: "0 0 * * 1"
+jobs:
+  mlc:
+    name: Broken Links Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Markup Link Checker (mlc)
+        uses: becheran/mlc@b0cb310fda856cf4a7734bfa6bca20029ffcf89b # v0.17.1

.github/workflows/pre-commit.yml

@@ -0,0 +1,33 @@
+name: pre-commit
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+jobs:
+  style-check:
+    name: Style Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
+
+      - name: Install pre-commit
+        run: pip install poetry==1.8.3
+
+      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5
+        with:
+          python-version: '3.12'
+          cache: 'poetry'
+
+      - name: Install dependencies
+        run: poetry install
+
+      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+        env:
+          cache-name: cache-pre-commit
+        with:
+          path: ~/.cache/pre-commit
+          key: ${{ env.cache-name }}-${{ hashFiles('.pre-commit-config.yaml') }}
+
+      - name: Run pre-commit
+        run: SKIP=poetry-lock poetry run pre-commit run --show-diff-on-failure --all-files

.github/workflows/semgrep.yml

@@ -0,0 +1,15 @@
+name: semgrep
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+jobs:
+  static:
+    name: Static Check
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    steps:
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
+      - run: semgrep ci --config=p/default

.github/workflows/trufflehog.yml

@@ -0,0 +1,21 @@
+name: trufflehog
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+jobs:
+  scan:
+    name: Leaked Secrets Scan
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Secret Scanning
+        uses: trufflesecurity/trufflehog@main
+        with:
+          extra_args: --only-verified

.gitignore

@@ -0,0 +1,17 @@
+__pycache__
+.coverage
+.mypy_cache
+.pytest_cache
+.ruff_cache
+*.json
+*.xml
+*.xml.gz
+*.xml.gz.gpg
+!.github/*.json
+!schemas/**/*.json
+!examples/**/*.json
+!examples/**/*.xml
+/cli/src/dac7/schemas
+/dist
+/output
+/tests

.pre-commit-config.yaml

@@ -0,0 +1,83 @@
+default_stages: [commit]
+
+default_language_version:
+  python: python3.12
+
+repos:
+    - repo: https://github.com/pre-commit/pre-commit-hooks
+      rev: v4.6.0
+      hooks:
+          - id: trailing-whitespace
+          - id: end-of-file-fixer
+          - id: check-json
+          - id: check-toml
+          - id: check-xml
+          - id: check-yaml
+          - id: check-added-large-files
+
+    - repo: https://github.com/pre-commit/pygrep-hooks
+      rev: 'v1.10.0'
+      hooks:
+          - id: python-check-blanket-noqa
+          - id: python-check-blanket-type-ignore
+          - id: python-check-mock-methods
+          - id: python-no-eval
+          - id: python-use-type-annotations
+
+    - repo: local
+      hooks:
+          - id: python-check-blanket-nosec
+            name: check blanket nosec
+            entry: '# nosec(?!: (B[0-9]{3} ?)+( +#.*)*$)'
+            language: pygrep
+            types: [python]
+
+    - repo: https://github.com/shellcheck-py/shellcheck-py
+      rev: 'v0.10.0.1'
+      hooks:
+          - id: shellcheck
+            args: ['-x']
+
+    - repo: https://github.com/astral-sh/ruff-pre-commit
+      rev: 'v0.4.8'
+      hooks:
+          - id: ruff
+            args: ['--exit-non-zero-on-fix']
+
+    - repo: https://github.com/psf/black-pre-commit-mirror
+      rev: '24.4.2'
+      hooks:
+          - id: black
+
+    - repo: https://github.com/PyCQA/bandit
+      rev: '1.7.9'
+      hooks:
+          - id: bandit
+            additional_dependencies: ['.[toml]']
+            args: ['-c', 'pyproject.toml']
+
+    - repo: local
+      hooks:
+          - id: mypy
+            name: mypy
+            files: 'cli'
+            entry: poetry run mypy
+            language: system
+            types: [python]
+            require_serial: true
+
+    - repo: https://github.com/rubik/xenon/
+      rev: 'v0.9.1'
+      hooks:
+          - id: xenon
+            name: xenon
+            files: 'cli'
+            args: ["--max-average=A", "--max-modules=A", "--max-absolute=A"]
+
+    - repo: https://github.com/python-poetry/poetry
+      rev: '1.8.3'
+      hooks:
+          - id: poetry-check
+          - id: poetry-lock
+            args: ["--no-update"]
+          - id: poetry-install