fix helmfile linter

Because we use staging for German people, we need a new environment for
our demo

.sops.yaml

@@ -4,6 +4,7 @@ creation_rules:
     - age:
       - age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x # jacques
       - age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 # github-repo
+      - age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw # argocd
       - age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg # Anthony Le-Courric
       - age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 # Antoine Lebaud
       - age1hnhuzj96ktkhpyygvmz0x9h8mfvssz7ss6emmukags644mdhf4msajk93r # Samuel Paccoud

CHANGELOG.md

@@ -9,9 +9,6 @@ and this project adheres to
 
 ## [Unreleased]
 
-
-## [1.6.0] - 2024-10-17
-
 ## Added
 
 - ✨AI to doc editor #250
@@ -26,12 +23,9 @@ and this project adheres to
 
 ## Fixed
 
-- 🛂(backend) do not duplicate user when disabled
 - 🐛(frontend) invalidate queries after removing user #336
 - 🐛(backend) Fix dysfunctional permissions on document create #329
 - 🐛(backend) fix nginx docker container #340
-- 🐛(frontend) fix copy paste firefox #353
-
 
 ## [1.5.1] - 2024-10-10
 
@@ -211,8 +205,7 @@ and this project adheres to
 - 🚀 Impress, project to manage your documents easily and collaboratively.
 
 
-[unreleased]: https://github.com/numerique-gouv/impress/compare/v1.6.0...main
-[v1.6.0]: https://github.com/numerique-gouv/impress/releases/v1.6.0
+[unreleased]: https://github.com/numerique-gouv/impress/compare/v1.5.1...main
 [1.5.1]: https://github.com/numerique-gouv/impress/releases/v1.5.1
 [1.5.0]: https://github.com/numerique-gouv/impress/releases/v1.5.0
 [1.4.0]: https://github.com/numerique-gouv/impress/releases/v1.4.0

src/backend/core/api/__init__.py

@@ -8,6 +8,8 @@ from rest_framework import views as drf_views
 from rest_framework.decorators import api_view
 from rest_framework.response import Response
 
+from ..models import Document, User, RoleChoices, DocumentAccess
+
 
 def exception_handler(exc, context):
     """Handle Django ValidationError as an accepted exception.
@@ -38,3 +40,32 @@ def get_frontend_configuration(request):
     }
     frontend_configuration.update(settings.FRONTEND_CONFIGURATION)
     return Response(frontend_configuration)
+
+
+
+@api_view(["POST"])
+def create_summary(request):
+    """Wip."""
+
+    data = request.data
+
+    document = Document(
+        title="Votre résumé",
+        link_reach="authenticated",
+        link_role="reader",
+    )
+
+    document.save()
+    owner_user = User.objects.get(email=data["owner"])
+
+    document_access = DocumentAccess(
+        user=owner_user,
+        document=document,
+        role=RoleChoices.OWNER
+    )
+    document_access.save()
+
+    document.content = data["content"]
+    document.save()
+
+    return Response({"id": document.id})

src/backend/core/authentication/backends.py

@@ -84,8 +84,6 @@ class OIDCAuthenticationBackend(MozillaOIDCAuthenticationBackend):
         user = self.get_existing_user(sub, email)
 
         if user:
-            if not user.is_active:
-                raise SuspiciousOperation(_("User account is disabled"))
             self.update_user_if_needed(user, claims)
         elif self.get_settings("OIDC_CREATE_USER", True):
             user = User.objects.create(sub=sub, password="!", **claims)  # noqa: S106
@@ -103,11 +101,11 @@ class OIDCAuthenticationBackend(MozillaOIDCAuthenticationBackend):
     def get_existing_user(self, sub, email):
         """Fetch existing user by sub or email."""
         try:
-            return User.objects.get(sub=sub)
+            return User.objects.get(sub=sub, is_active=True)
         except User.DoesNotExist:
             if email and settings.OIDC_FALLBACK_TO_EMAIL_FOR_IDENTIFICATION:
                 try:
-                    return User.objects.get(email=email)
+                    return User.objects.get(email=email, is_active=True)
                 except User.DoesNotExist:
                     pass
         return None

src/backend/core/tests/authentication/test_backends.py

@@ -305,63 +305,3 @@ def test_authentication_get_userinfo_invalid_response():
         match="Invalid response format or token verification failed",
     ):
         oidc_backend.get_userinfo("fake_access_token", None, None)
-
-
-def test_authentication_getter_existing_disabled_user_via_sub(
-    django_assert_num_queries, monkeypatch
-):
-    """
-    If an existing user matches the sub but is disabled,
-    an error should be raised and a user should not be created.
-    """
-
-    klass = OIDCAuthenticationBackend()
-    db_user = UserFactory(is_active=False)
-
-    def get_userinfo_mocked(*args):
-        return {
-            "sub": db_user.sub,
-            "email": db_user.email,
-            "first_name": "John",
-            "last_name": "Doe",
-        }
-
-    monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
-
-    with (
-        django_assert_num_queries(1),
-        pytest.raises(SuspiciousOperation, match="User account is disabled"),
-    ):
-        klass.get_or_create_user(access_token="test-token", id_token=None, payload=None)
-
-    assert models.User.objects.count() == 1
-
-
-def test_authentication_getter_existing_disabled_user_via_email(
-    django_assert_num_queries, monkeypatch
-):
-    """
-    If an existing user does not matches the sub but matches the email and is disabled,
-    an error should be raised and a user should not be created.
-    """
-
-    klass = OIDCAuthenticationBackend()
-    db_user = UserFactory(is_active=False)
-
-    def get_userinfo_mocked(*args):
-        return {
-            "sub": "random",
-            "email": db_user.email,
-            "first_name": "John",
-            "last_name": "Doe",
-        }
-
-    monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
-
-    with (
-        django_assert_num_queries(2),
-        pytest.raises(SuspiciousOperation, match="User account is disabled"),
-    ):
-        klass.get_or_create_user(access_token="test-token", id_token=None, payload=None)
-
-    assert models.User.objects.count() == 1

src/backend/core/urls.py

@@ -5,7 +5,7 @@ from django.urls import include, path, re_path
 
 from rest_framework.routers import DefaultRouter
 
-from core.api import viewsets
+from core.api import viewsets, create_summary
 from core.authentication.urls import urlpatterns as oidc_urls
 
 # - Main endpoints
@@ -44,6 +44,7 @@ urlpatterns = [
             [
                 *router.urls,
                 *oidc_urls,
+                path("summary/", create_summary, name="create_summary"),
                 re_path(
                     r"^documents/(?P<resource_id>[0-9a-z-]*)/",
                     include(document_related_router.urls),

src/backend/impress/settings.py

@@ -458,16 +458,25 @@ class Base(Configuration):
     AI_BASE_URL = values.Value(None, environ_name="AI_BASE_URL", environ_prefix=None)
     AI_MODEL = values.Value(None, environ_name="AI_MODEL", environ_prefix=None)
 
-    AI_DOCUMENT_RATE_THROTTLE_RATES = {
-        "minute": 5,
-        "hour": 100,
-        "day": 500,
-    }
-    AI_USER_RATE_THROTTLE_RATES = {
-        "minute": 3,
-        "hour": 50,
-        "day": 200,
-    }
+    AI_DOCUMENT_RATE_THROTTLE_RATES = values.DictValue(
+        {
+            "minute": 5,
+            "hour": 100,
+            "day": 500,
+        },
+        environ_name="AI_DOCUMENT_RATE_THROTTLE_RATES",
+        environ_prefix=None,
+    )
+
+    AI_USER_RATE_THROTTLE_RATES = values.DictValue(
+        {
+            "minute": 3,
+            "hour": 50,
+            "day": 200,
+        },
+        environ_name="AI_USER_RATE_THROTTLE_RATES",
+        environ_prefix=None,
+    )
 
     USER_OIDC_FIELDS_TO_FULLNAME = values.ListValue(
         default=["first_name", "last_name"],

src/backend/pyproject.toml

@@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "impress"
-version = "1.6.0"
+version = "1.5.1"
 authors = [{ "name" = "DINUM", "email" = "dev@mail.numerique.gouv.fr" }]
 classifiers = [
     "Development Status :: 5 - Production/Stable",

src/frontend/apps/e2e/package.json

@@ -1,6 +1,6 @@
 {
   "name": "app-e2e",
-  "version": "1.6.0",
+  "version": "1.5.1",
   "private": true,
   "scripts": {
     "lint": "eslint . --ext .ts",

src/frontend/apps/impress/package.json

@@ -1,6 +1,6 @@
 {
   "name": "app-impress",
-  "version": "1.6.0",
+  "version": "1.5.1",
   "private": true,
   "scripts": {
     "dev": "next dev",

src/frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "impress",
-  "version": "1.6.0",
+  "version": "1.5.1",
   "private": true,
   "workspaces": {
     "packages": [
@@ -25,9 +25,9 @@
     "i18n:test": "yarn I18N run test"
   },
   "resolutions": {
-    "@blocknote/core": "0.17.0",
-    "@blocknote/mantine": "0.17.0",
-    "@blocknote/react": "0.17.0",
+    "@blocknote/core": "0.16.0",
+    "@blocknote/mantine": "0.16.0",
+    "@blocknote/react": "0.16.0",
     "@types/node": "20.16.12",
     "@types/react-dom": "18.3.1",
     "@typescript-eslint/eslint-plugin": "8.9.0",

src/frontend/packages/eslint-config-impress/package.json

@@ -1,6 +1,6 @@
 {
   "name": "eslint-config-impress",
-  "version": "1.6.0",
+  "version": "1.5.1",
   "license": "MIT",
   "scripts": {
     "lint": "eslint --ext .js ."

src/frontend/packages/i18n/package.json

@@ -1,6 +1,6 @@
 {
   "name": "packages-i18n",
-  "version": "1.6.0",
+  "version": "1.5.1",
   "private": true,
   "scripts": {
     "extract-translation": "yarn extract-translation:impress",

src/frontend/servers/y-provider/package.json

@@ -1,6 +1,6 @@
 {
   "name": "server-y-provider",
-  "version": "1.6.0",
+  "version": "1.5.1",
   "description": "Y.js provider for docs",
   "repository": "https://github.com/numerique-gouv/impress",
   "license": "MIT",

src/frontend/yarn.lock

@@ -1007,10 +1007,10 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@blocknote/core@*", "@blocknote/core@0.17.0", "@blocknote/core@^0.17.0":
-  version "0.17.0"
-  resolved "https://registry.yarnpkg.com/@blocknote/core/-/core-0.17.0.tgz#c87e84ee8bd5b5d4c41e646002732d414d9f67f7"
-  integrity sha512-hvqOTgmYJejWczNb9wLCBEjE0lgrkmEJgqi+wka8Z2CRkLaMV4wB1XEoncjpjtoKJeJjvhmmGuCBrfoEoYgTWw==
+"@blocknote/core@*", "@blocknote/core@0.16.0", "@blocknote/core@^0.16.0":
+  version "0.16.0"
+  resolved "https://registry.yarnpkg.com/@blocknote/core/-/core-0.16.0.tgz#3904da086c4241d1bce41c3c1bdb910e68fe9eff"
+  integrity sha512-egX+GjlAB8r/zaox278zNTTUMNVRHVQ2qVlPHQZgGOXSDq2Z+Lm7i4xKYMz/UT/IdrL7iGxnHrAsbc0H/kqc9A==
   dependencies:
     "@emoji-mart/data" "^1.2.1"
     "@tiptap/core" "^2.7.1"
@@ -1054,13 +1054,13 @@
     y-protocols "^1.0.6"
     yjs "^13.6.15"
 
-"@blocknote/mantine@*", "@blocknote/mantine@0.17.0":
-  version "0.17.0"
-  resolved "https://registry.yarnpkg.com/@blocknote/mantine/-/mantine-0.17.0.tgz#a7fd1c89a7dd2a28b8e7e547a8dbcde96d358f79"
-  integrity sha512-GPS7QH5UI543tQQMkyUd69Tf3nZ/r2VFbAJmllcgBni3bVgaIM3Cj7LJXbo4tOz60thUdzYt6qso5nmjhdn4aw==
+"@blocknote/mantine@*", "@blocknote/mantine@0.16.0":
+  version "0.16.0"
+  resolved "https://registry.yarnpkg.com/@blocknote/mantine/-/mantine-0.16.0.tgz#513dadfe0c2891319ee684e1084a91b7ea983699"
+  integrity sha512-5jLXuKWz6xoba8odYv8+SalLSSE5YdYEvtuQyEO605VTtm37VELyjI5Tswwv/mcTd3th2AR3g4GY0Zj/T07lZw==
   dependencies:
-    "@blocknote/core" "^0.17.0"
-    "@blocknote/react" "^0.17.0"
+    "@blocknote/core" "^0.16.0"
+    "@blocknote/react" "^0.16.0"
     "@mantine/core" "^7.10.1"
     "@mantine/hooks" "^7.10.1"
     "@mantine/utils" "^6.0.21"
@@ -1068,12 +1068,12 @@
     react-dom "^18"
     react-icons "^5.2.1"
 
-"@blocknote/react@*", "@blocknote/react@0.17.0", "@blocknote/react@^0.17.0":
-  version "0.17.0"
-  resolved "https://registry.yarnpkg.com/@blocknote/react/-/react-0.17.0.tgz#fe1ce962b2fe402798b4c6e764f06ea6a97a058c"
-  integrity sha512-a/ViJKyuC029nrGgVPey/+nIkspWkceW/WwhSWUymem8GfZAI02PJoUWq2riwhgaDsEDJyw7ufiVg6ZA8FvdPw==
+"@blocknote/react@*", "@blocknote/react@0.16.0", "@blocknote/react@^0.16.0":
+  version "0.16.0"
+  resolved "https://registry.yarnpkg.com/@blocknote/react/-/react-0.16.0.tgz#a5d7de21914aab467b2e849e34a4d00dc1732542"
+  integrity sha512-vEwAp4z1FBqcH75OEbEW/yd4nj8XcSKAzCElV7aL6nVhPiKgYzrzG/WVckTq1h9lMaGeAuYqLErww4IIsbiawg==
   dependencies:
-    "@blocknote/core" "^0.17.0"
+    "@blocknote/core" "^0.16.0"
     "@floating-ui/react" "^0.26.4"
     "@tiptap/core" "^2.7.1"
     "@tiptap/react" "^2.7.1"

src/helm/env.d/docs-ia/custom-secrets.enc.yaml

@@ -0,0 +1,67 @@
+aiBaseUrl: ENC[AES256_GCM,data:HKUEyJUP94wrZU6p6ezRc2c+hDBj2m2/Jw==,iv:qMka2VprAKjU8Q8F5+mtm6MY5cPWHdIBDjADiPHR1iQ=,tag:ykOJhJ07gFHALF7ZpAp5ig==,type:str]
+aiApiKey: ENC[AES256_GCM,data:zY59S7I7DnPXlb6OcwFNsJdocXTJKVtcfvPl1nkgC9o=,iv:go72+zykuJpPLiLxkrLwP6lVjnGCnzBMoXLtnPivvuQ=,tag:cvV1UIHx/IrbftwsUGsviQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNDl5OW83MUwwejVCSE10
+            SkV3SGZHZWpONnZqYWlCUmdJZmppM2d5YmxFCnRvTExZMnlwZTJUYkhXcWVSMnNr
+            QjBubVhYbkxFVUlQUFRNcHRiWGhueGsKLS0tIFBrYUhQNVhpQ2wwZjhObzVzME5E
+            QmtMOC9waTZTekc1alpBdXRHbWpNME0KTtfTufsr+kZ0/y3gaZjU+lT8QAIakzoh
+            rCojnZgi7chIJPwFRbNeDizVPtvawET+pEYBUGpEXVLTOVt91rWhKQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNFRrem9JV0diME5QMW9M
+            T2dMVExBYWVPYzY4ck5aNzJBN1FYc1ZMM1g4CmM3UkUxLzN2dnlhUVFsUXRQY0tL
+            aW9NSlQ1aG9mb2MxT3ZRRTZjNUMyVWsKLS0tIElXVFFmdEtEZnJ0eVRFR21heE5W
+            dU5RSkd4ZG9qa2U3MGM3VjFqMERNRUkK3yJXuOTlIv+X+vb07olarV+RfCcxVJ7e
+            WOPfC7S3RfRaf5Ic//rGHeaO7NSV9qFRIeyhM+DP3HclCI4nh1A14A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZWp6SzV5N2MxbVdRcEd4
+            WmN3d1Frc1MweUt4M21tdFZmRXRJUTRQREV3Cm1RM2lyYUVYTjdmR29nT0piS3dR
+            OTQxdU80NmF4eG45VE1uQ1VXb29ubU0KLS0tIFNxb0RyRXJWV0xheDZLa1NTNWtC
+            bTBMWkh1VEF3bW9wdm5vTTRmR1NYcHMKsPhh5zKRBKYnabQfK4x85hJ56nTM/b1t
+            PAvBgYYwYRwVdv7UP6FsNnU+fIxV1g19PF7iLZlZVwfuNgIASPJtAg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNmh3TC9IYmlnYlBEZHVB
+            YitRNEZucWhaY0xJdEdsZWlaKzhSYTFYY1dFClVqdFM4TmpsWC9YQ3RUcEpnVURH
+            NjV0QU1COG4vQkhGeWdyeUhjUWpyZDAKLS0tIHJnOWVIZmFGRHNLWXVnSUFieFBt
+            d1R6d0hLZloxRmtlczd1UGtaTERqYW8KqTie+Oq9dqzdBoaLueL/OCEvwHfMiSpZ
+            wPJkOhJYLQAf+0WfO1CxrWOMmTPyXwR8vNXEnhitBwrg8s/h1fYEhw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSzNqZS93YUQ4MmVoUGF5
+            OXFxVlppalVIeGtsemM0Q0gzVXRmQUw4YUV3CkVBNFhkVWRTdGZsTnVnTGQySUc3
+            dHNxNlJFOVZjcVZ3ckNlU3hxMXRYbGMKLS0tIDVuMlVNdUNNU09jc2dPY2RPamt2
+            Zk9DenZpUEx4QXMxZEZsVHVaRGFqSDAKw2rmGTV5iWXApdqBRaNLFYBc7qYadLGc
+            NRztmZNOGgG9N0P+Zv+1IEXotLJ/8CnCpyYaV3JbAYmGGZFYZTBLQg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1hnhuzj96ktkhpyygvmz0x9h8mfvssz7ss6emmukags644mdhf4msajk93r
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTVBMb1NjNkRla3BEMjc0
+            dVNxTTJTVGxudW9hMVVIYXh3aGVIOUVWR0EwCk0weVltQStJb1cxYWlTdStHZUgx
+            eEI1R2xqSGNzOTJUeGJLK2NOVGhPVnMKLS0tIHhLUFJvVHBWeWdxTXJWS1NScGZq
+            WWpmQmwvSjR3dlNZQy80MEhNVVZtdUkKCGDakeuRxdIgFwVS8D9mBT6VUUp1JTLW
+            t18K0eHuNQW4M9ZrxSrrTHQkQ60e3/GJym7OAkhnwA7dt+G9hg6Jbw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-18T09:35:17Z"
+    mac: ENC[AES256_GCM,data:Rk8HeFcfsSPEZdfM6LYGrZgMl6uev+0nrLApyqtke1gXUj5cAGymNmKAmRUuE3IO5iHFn13c67FPDYeK28FSgPZ6r+ae/IE+ypCT6UnLx/HznLUdmo6dI81SNeUlCGPwgVe2V+/LThknF85MSo5fQks2/OzoRinDBhGfgt8e2so=,iv:V/nrhZnxfMr2uJbdza6ATHmZN41F982jO7UhjOjBh30=,tag:avXISYuDAvYywbFxfgnwGQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0

src/helm/env.d/docs-ia/secrets.enc.yaml

@@ -0,0 +1 @@
+../../../../secrets/numerique-gouv/impress/env/docs-ia/secrets.enc.yaml

src/helm/env.d/docs-ia/values.impress.yaml.gotmpl

@@ -0,0 +1,186 @@
+image:
+  repository: lasuite/impress-backend
+  pullPolicy: Always
+  tag: "vdemo"
+
+backend:
+  migrateJobAnnotations:
+    argocd.argoproj.io/hook: PreSync
+    argocd.argoproj.io/hook-delete-policy: HookSucceeded
+  envVars:
+    AI_API_KEY:
+      secretKeyRef:
+        name: backend
+        key: AI_API_KEY
+    AI_BASE_URL:
+      secretKeyRef:
+        name: backend
+        key: AI_BASE_URL
+    AI_DOCUMENT_RATE_THROTTLE_RATES: '{"minute": 5000, "hour": 5000, "day": 5000}'
+    AI_MODEL: ministral-8b-latest
+    AI_USER_RATE_THROTTLE_RATES: '{"minute": 5000, "hour": 5000, "day": 5000}'
+    DJANGO_CSRF_TRUSTED_ORIGINS: http://docs-ia.beta.numerique.gouv.fr,https://docs-ia.beta.numerique.gouv.fr
+    DJANGO_CONFIGURATION: Production
+    DJANGO_ALLOWED_HOSTS: "*"
+    DJANGO_SECRET_KEY:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SECRET_KEY
+    DJANGO_SETTINGS_MODULE: impress.settings
+    DJANGO_SUPERUSER_EMAIL:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SUPERUSER_EMAIL
+    DJANGO_SUPERUSER_PASSWORD:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SUPERUSER_PASSWORD
+    DJANGO_EMAIL_HOST: "smtp.tem.scw.cloud"
+    DJANGO_EMAIL_PORT: 587
+    DJANGO_EMAIL_USE_TLS: True
+    DJANGO_EMAIL_FROM: "noreply@docs.beta.numerique.gouv.fr"
+    DJANGO_EMAIL_HOST_USER:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_EMAIL_HOST_USER
+    DJANGO_EMAIL_HOST_PASSWORD:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_EMAIL_HOST_PASSWORD
+    DJANGO_SILENCED_SYSTEM_CHECKS: security.W008,security.W004
+    OIDC_OP_JWKS_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/jwks
+    OIDC_OP_AUTHORIZATION_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/authorize
+    OIDC_OP_TOKEN_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/token
+    OIDC_OP_USER_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo
+    OIDC_OP_LOGOUT_ENDPOINT: https://fca.integ01.dev-agentconnect.fr/api/v2/session/end
+    OIDC_RP_CLIENT_ID:
+      secretKeyRef:
+        name: backend
+        key: OIDC_RP_CLIENT_ID
+    OIDC_RP_CLIENT_SECRET:
+      secretKeyRef:
+        name: backend
+        key: OIDC_RP_CLIENT_SECRET
+    OIDC_RP_SIGN_ALGO: RS256
+    OIDC_RP_SCOPES: "openid email"
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://docs-ia.beta.numerique.gouv.fr
+    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
+    LOGIN_REDIRECT_URL: https://docs-ia.beta.numerique.gouv.fr
+    LOGIN_REDIRECT_URL_FAILURE: https://docs-ia.beta.numerique.gouv.fr
+    LOGOUT_REDIRECT_URL: https://docs-ia.beta.numerique.gouv.fr
+    DB_HOST:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: host
+    DB_NAME:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: database
+    DB_USER:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: username
+    DB_PASSWORD:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: password
+    DB_PORT:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: port
+    POSTGRES_USER:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: username
+    POSTGRES_DB:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: database
+    POSTGRES_PASSWORD:
+      secretKeyRef:
+        name: postgresql.postgres.libre.sh
+        key: password
+    REDIS_URL:
+      secretKeyRef:
+        name: redis.redis.libre.sh
+        key: url
+    AWS_S3_ENDPOINT_URL:
+      secretKeyRef:
+        name: impress-media-storage.bucket.libre.sh
+        key: url
+    AWS_S3_ACCESS_KEY_ID:
+      secretKeyRef:
+        name: impress-media-storage.bucket.libre.sh
+        key: accessKey
+    AWS_S3_SECRET_ACCESS_KEY:
+      secretKeyRef:
+        name: impress-media-storage.bucket.libre.sh
+        key: secretKey
+    AWS_STORAGE_BUCKET_NAME:
+      secretKeyRef:
+        name: impress-media-storage.bucket.libre.sh
+        key: bucket
+    AWS_S3_REGION_NAME: local
+    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
+
+  createsuperuser:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - |
+        python manage.py createsuperuser --email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
+    restartPolicy: Never
+
+frontend:
+  image:
+    repository: lasuite/impress-frontend
+    pullPolicy: Always
+    tag: "vdemo"
+
+yProvider:
+  image:
+    repository: lasuite/impress-y-provider
+    pullPolicy: Always
+    tag: "vdemo"
+
+ingress:
+  enabled: true
+  host: docs-ia.beta.numerique.gouv.fr
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+
+ingressWS:
+  enabled: true
+  host: docs-ia.beta.numerique.gouv.fr
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+
+ingressAdmin:
+  enabled: true
+  host: docs-ia.beta.numerique.gouv.fr
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/start
+    nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy-preprod.beta.numerique.gouv.fr/oauth2/auth
+
+ingressMedia:
+  enabled: true
+  host: docs-ia.beta.numerique.gouv.fr
+
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
+    nginx.ingress.kubernetes.io/auth-url: https://docs-ia.beta.numerique.gouv.fr/api/v1.0/documents/retrieve-auth/
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /docs-ia-impress-media-storage/$1
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/upstream-vhost: s3.margaret-hamilton.indiehosters.net
+
+serviceMedia:
+  host: s3.margaret-hamilton.indiehosters.net
+  port: 443
+

src/helm/env.d/preprod/values.impress.yaml.gotmpl

@@ -1,7 +1,7 @@
 image:
   repository: lasuite/impress-backend
   pullPolicy: Always
-  tag: "v1.6.0-preprod"
+  tag: "v1.5.1-preprod"
 
 backend:
   migrateJobAnnotations:
@@ -133,13 +133,13 @@ frontend:
   image:
     repository: lasuite/impress-frontend
     pullPolicy: Always
-    tag: "v1.6.0-preprod"
+    tag: "v1.5.1-preprod"
 
 yProvider:
   image:
     repository: lasuite/impress-y-provider
     pullPolicy: Always
-    tag: "v1.6.0-preprod"
+    tag: "v1.5.1-preprod"
 
 ingress:
   enabled: true

src/helm/env.d/production/values.impress.yaml.gotmpl

@@ -1,7 +1,7 @@
 image:
   repository: lasuite/impress-backend
   pullPolicy: Always
-  tag: "v1.6.0"
+  tag: "v1.5.1"
 
 backend:
   migrateJobAnnotations:
@@ -133,13 +133,13 @@ frontend:
   image:
     repository: lasuite/impress-frontend
     pullPolicy: Always
-    tag: "v1.6.0"
+    tag: "v1.5.1"
 
 yProvider:
   image:
     repository: lasuite/impress-y-provider
     pullPolicy: Always
-    tag: "v1.6.0"
+    tag: "v1.5.1"
 
 ingress:
   enabled: true

src/helm/helmfile.yaml

@@ -53,11 +53,13 @@ releases:
   - name: impress
     version: {{ .Values.version }}
     namespace: {{ .Namespace }}
+    missingFileHandler: Warn
     chart: ./impress
     values:
       - env.d/{{ .Environment.Name }}/values.impress.yaml.gotmpl
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
+      - env.d/{{ .Environment.Name }}/custom-secrets.enc.yaml
 
 environments:
   dev:
@@ -70,6 +72,11 @@ environments:
       - version: 0.0.1
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml
+  docs-ia:
+    values:
+      - version: 0.0.1
+    secrets:
+      - env.d/{{ .Environment.Name }}/secrets.enc.yaml
   preprod:
     values:
       - version: 0.0.1

src/mail/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mail_mjml",
-  "version": "1.6.0",
+  "version": "1.5.1",
   "description": "An util to generate html and text django's templates from mjml templates",
   "type": "module",
   "dependencies": {