studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️(ci) add feature app environment

Browse Source 
Add a special environment to prepare feature app deployment
This commit is contained in:
rouja
2025-10-07 11:42:34 +02:00
committed by GitHub
parent e3b2fdbdf5
commit b3980e7bf1
5 changed files with 318 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/docker-hub.yml vendored
View File

@@ -31,7 +31,7 @@ jobs:
images: lasuite/impress-backend
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview')
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USER }}
@@ -49,7 +49,7 @@ jobs:
context: .
target: backend-production
build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
push: ${{ github.event_name != 'pull_request' }}
push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
@@ -67,7 +67,7 @@ jobs:
images: lasuite/impress-frontend
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview')
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USER }}
@@ -88,7 +88,7 @@ jobs:
build-args: |
DOCKER_USER=${{ env.DOCKER_USER }}:-1000
PUBLISH_AS_MIT=false
push: ${{ github.event_name != 'pull_request' }}
push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
@@ -106,7 +106,7 @@ jobs:
images: lasuite/impress-y-provider
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview')
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
-
name: Run trivy scan
@@ -122,7 +122,7 @@ jobs:
file: ./src/frontend/servers/y-provider/Dockerfile
target: y-provider
build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
push: ${{ github.event_name != 'pull_request' }}
push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
@@ -131,7 +131,7 @@ jobs:
- build-and-push-frontend
- build-and-push-backend
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview')
steps:
- uses: numerique-gouv/action-argocd-webhook-notification@main
id: notify

59
src/helm/env.d/dev/values.dev-backend.yaml.gotmpl Normal file
View File

@@ -0,0 +1,59 @@
postgres:
enabled: true
name: postgres
#serviceNameOverride: postgres
image: postgres:16-alpine
username: dinum
password: pass
database: docs
size: 1Gi
redis:
enabled: true
name: redis
image: redis:8.2-alpine
username: user
password: pass
minio:
enabled: true
image: minio/minio
name: minio
ingress:
enabled: true
hostname: docs-minio.127.0.0.1.nip.io
tls:
enabled: true
secretName: docs-tls
consoleIngress:
enabled: true
hostname: docs-minio-console.127.0.0.1.nip.io
tls:
enabled: true
secretName: docs-tls
username: dinum
password: password
bucket: docs-media-storage
versioning: true
size: 1Gi
keycloak:
enabled: true
image: quay.io/keycloak/keycloak:20.0.1
name: keycloak
#serviceNameOverride: keycloak
hostname: docs-keycloak.127.0.0.1.nip.io
username: admin
password: pass
tls:
enabled: true
secretName: docs-tls
db:
username: dinum
password: pass
database: keycloak
size: 1Gi
image: postgres:16-alpine
realm:
name: docs
username: docs
password: docs
email: docs@example.com

61
src/helm/env.d/feature/values.dev-backend.yaml.gotmpl Normal file
View File

@@ -0,0 +1,61 @@
postgres:
enabled: true
name: postgres
#serviceNameOverride: postgres
image: postgres:16-alpine
username: dinum
password: pass
database: docs
size: 5Gi
redis:
enabled: true
name: redis
image: redis:8.2-alpine
username: user
password: pass
minio:
enabled: true
image: minio/minio
name: minio
ingress:
enabled: true
hostname: {{ .Values.feature }}-minio.{{ .Values.domain }}
tls:
enabled: true
secretName: docs-tls
consoleIngress:
enabled: true
hostname: {{ .Values.feature }}-minio-console.{{ .Values.domain }}
tls:
enabled: true
secretName: docs-tls
username: dinum
password: password
bucket: docs-media-storage
versioning: true
size: 5Gi
keycloak:
enabled: true
image: quay.io/keycloak/keycloak:20.0.1
name: keycloak
annotations:
cert-manager.io/cluster-issuer: letsencrypt
#serviceNameOverride: keycloak
hostname: {{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}
username: admin
password: pass
tls:
enabled: true
secretName: docs-tls
db:
username: dinum
password: pass
database: keycloak
size: 5Gi
image: postgres:16-alpine
realm:
name: docs
username: docs
password: docs
email: docs@example.com

182
src/helm/env.d/feature/values.impress.yaml.gotmpl Normal file
View File

@@ -0,0 +1,182 @@
djangoSecretKey: &djangoSecretKey "lkjsdlfkjsldkfjslkdfjslkdjfslkdjf"
tag: &tag "{{ .Values.imageTag }}"
djangoSuperUserEmail: admin@example.com
djangoSuperUserPass: admin
aiApiKey: changeme
aiBaseUrl: changeme
oidc:
clientId: impress
clientSecret: ThisIsAnExampleKeyForDevPurposeOnly
image:
repository: lasuite/impress-backend
pullPolicy: Always
tag: *tag
backend:
replicas: 1
envVars:
COLLABORATION_SERVER_SECRET: my-secret
DJANGO_CSRF_TRUSTED_ORIGINS: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
DJANGO_CONFIGURATION: Feature
DJANGO_ALLOWED_HOSTS: {{ .Values.feature }}-docs.{{ .Values.domain }}
DJANGO_SERVER_TO_SERVER_API_TOKENS: secret-api-key
DJANGO_SECRET_KEY: *djangoSecretKey
DJANGO_SETTINGS_MODULE: impress.settings
DJANGO_SUPERUSER_PASSWORD: admin
DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
DJANGO_EMAIL_HOST: "mailcatcher"
DJANGO_EMAIL_LOGO_IMG: https://{{ .Values.feature }}-docs.{{ .Values.domain }}/assets/logo-suite-numerique.png
DJANGO_EMAIL_PORT: 1025
DJANGO_EMAIL_USE_SSL: False
LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
LOGGING_LEVEL_LOGGERS_ROOT: INFO
LOGGING_LEVEL_LOGGERS_APP: INFO
OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
OIDC_OP_JWKS_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/certs
OIDC_OP_AUTHORIZATION_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/auth
OIDC_OP_TOKEN_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/token
OIDC_OP_USER_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/userinfo
OIDC_OP_LOGOUT_ENDPOINT: https://{{ .Values.feature }}-docs-keycloak.{{ .Values.domain }}/realms/docs/protocol/openid-connect/logout
OIDC_RP_CLIENT_ID: docs
OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
OIDC_RP_SIGN_ALGO: RS256
OIDC_RP_SCOPES: "openid email"
LOGIN_REDIRECT_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
LOGIN_REDIRECT_URL_FAILURE: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
LOGOUT_REDIRECT_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
DB_HOST: dev-backend-postgres
DB_NAME:
secretKeyRef:
name: dev-backend-postgres
key: database
DB_USER:
secretKeyRef:
name: dev-backend-postgres
key: username
DB_PASSWORD:
secretKeyRef:
name: dev-backend-postgres
key: password
DB_PORT: 5432
REDIS_URL: redis://user:pass@dev-backend-redis:6379/1
DJANGO_CELERY_BROKER_URL: redis://user:pass@dev-backend-redis:6379/1
AWS_S3_ENDPOINT_URL: http://dev-backend-minio.{{ .Namespace }}.svc.cluster.local:9000
AWS_S3_ACCESS_KEY_ID: dinum
AWS_S3_SECRET_ACCESS_KEY: password
AWS_STORAGE_BUCKET_NAME: docs-media-storage
STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/
Y_PROVIDER_API_KEY: my-secret
CACHES_KEY_PREFIX: "{{ now | unixEpoch }}"
migrate:
command:
- "/bin/sh"
- "-c"
- |
while ! python manage.py check --database default > /dev/null 2>&1
do
echo "Database not ready"
sleep 2
done
echo "Database is ready"
python manage.py migrate --no-input
restartPolicy: Never
command:
- "gunicorn"
- "-c"
- "/usr/local/etc/gunicorn/impress.py"
- "impress.wsgi:application"
- "--reload"
createsuperuser:
command:
- "/bin/sh"
- "-c"
- |
while ! python manage.py check --database default > /dev/null 2>&1
do
echo "Database not ready"
sleep 2
done
echo "Database is ready"
python manage.py createsuperuser --email admin@example.com --password admin
restartPolicy: Never
# Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false
extraVolumeMounts: {}
# Extra volumes to manage our local custom CA and avoid to set ssl_verify: false
extraVolumes: {}
frontend:
envVars:
PORT: 8080
NEXT_PUBLIC_API_ORIGIN: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
replicas: 1
image:
repository: lasuite/impress-frontend
pullPolicy: Always
tag: *tag
yProvider:
replicas: 1
image:
repository: lasuite/impress-y-provider
pullPolicy: Always
tag: *tag
envVars:
COLLABORATION_BACKEND_BASE_URL: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
COLLABORATION_LOGGING: true
COLLABORATION_SERVER_ORIGIN: https://{{ .Values.feature }}-docs.{{ .Values.domain }}
COLLABORATION_SERVER_SECRET: my-secret
Y_PROVIDER_API_KEY: my-secret
ingress:
enabled: true
host: {{ .Values.feature }}-docs.{{ .Values.domain }}
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 10m
cert-manager.io/cluster-issuer: letsencrypt
ingressCollaborationWS:
enabled: true
host: {{ .Values.feature }}-docs.{{ .Values.domain }}
ingressCollaborationApi:
enabled: true
host: {{ .Values.feature }}-docs.{{ .Values.domain }}
ingressAdmin:
enabled: true
host: {{ .Values.feature }}-docs.{{ .Values.domain }}
posthog:
ingress:
enabled: false
ingressAssets:
enabled: false
ingressMedia:
enabled: true
host: {{ .Values.feature }}-docs.{{ .Values.domain }}
annotations:
nginx.ingress.kubernetes.io/auth-url: https://{{ .Values.feature }}-docs.{{ .Values.domain }}/api/v1.0/documents/media-auth/
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
nginx.ingress.kubernetes.io/upstream-vhost: dev-backend-minio.{{ .Namespace }}.svc.cluster.local:9000
nginx.ingress.kubernetes.io/rewrite-target: /docs-media-storage/$1
serviceMedia:
host: dev-backend-minio.{{ .Namespace }}.svc.cluster.local
port: 9000

67
src/helm/helmfile.yaml
View File

@@ -2,6 +2,12 @@ environments:
dev:
values:
- version: 3.7.0
feature:
values:
- version: 3.7.0
feature: ci
domain: example.com
imageTag: demo
---
repositories:
- name: dev-backends
@@ -12,66 +18,9 @@ releases:
- name: dev-backend
namespace: {{ .Namespace }}
chart: dev-backends/dev-backend
version: 0.0.2
version: 0.0.4
values:
- postgres:
enabled: true
name: postgres
#serviceNameOverride: postgres
image: postgres:16-alpine
username: dinum
password: pass
database: docs
size: 1Gi
- redis:
enabled: true
name: redis
image: redis:8.2-alpine
username: user
password: pass
- minio:
enabled: true
image: minio/minio
name: minio
ingress:
enabled: true
hostname: docs-minio.127.0.0.1.nip.io
tls:
enabled: true
secretName: docs-tls
consoleIngress:
enabled: true
hostname: docs-minio-console.127.0.0.1.nip.io
tls:
enabled: true
secretName: docs-tls
username: dinum
password: password
bucket: docs-media-storage
versioning: true
size: 1Gi
- keycloak:
enabled: true
image: quay.io/keycloak/keycloak:20.0.1
name: keycloak
#serviceNameOverride: keycloak
hostname: docs-keycloak.127.0.0.1.nip.io
username: admin
password: pass
tls:
enabled: true
secretName: docs-tls
db:
username: dinum
password: pass
database: keycloak
size: 1Gi
image: postgres:16-alpine
realm:
name: docs
username: docs
password: docs
email: docs@example.com
- env.d/{{ .Environment.Name }}/values.dev-backend.yaml.gotmpl
- name: impress