wip

Add a documentation to deploy a self-hosted visio instance in a
standalone way (witout AI features)

.github/workflows/docker-hub.yml

@@ -156,7 +156,7 @@ jobs:
         name: Run trivy scan
         uses: numerique-gouv/action-trivy-cache@main
         with:
-          docker-build-args: '-f src/frontend/Dockerfile --target y-provider'
+          docker-build-args: '-f src/frontend/servers/y-provider/Dockerfile --target y-provider'
           docker-image-name: 'docker.io/lasuite/impress-frontend:${{ github.sha }}'
         continue-on-error: true
       -
@@ -164,7 +164,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: ./src/frontend/Dockerfile
+          file: ./src/frontend/servers/y-provider/Dockerfile
           target: y-provider
           build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
           push: ${{ github.event_name != 'pull_request' }}

.github/workflows/impress-frontend.yml

@@ -95,12 +95,12 @@ jobs:
       - name: Set e2e env variables
         run: cat env.d/development/common.e2e.dist >> env.d/development/common.dist
 
+      - name: Install Playwright Browsers
+        run: cd src/frontend/apps/e2e && yarn install --frozen-lockfile && yarn install-playwright chromium
+
       - name: Start Docker services
         run: make bootstrap FLUSH_ARGS='--no-input' cache=
 
-      - name: Install Playwright Browsers
-        run: cd src/frontend/apps/e2e && yarn install-playwright chromium
-
       # Tool to wait for a service to be ready
       - name: Install Dockerize
         run: |
@@ -151,12 +151,12 @@ jobs:
       - name: Set e2e env variables
         run: cat env.d/development/common.e2e.dist >> env.d/development/common.dist
 
+      - name: Install Playwright Browsers
+        run: cd src/frontend/apps/e2e && yarn install --frozen-lockfile && yarn install-playwright firefox webkit chromium
+
       - name: Start Docker services
         run: make bootstrap FLUSH_ARGS='--no-input' cache=
 
-      - name: Install Playwright Browsers
-        run: cd src/frontend/apps/e2e && yarn install-playwright firefox webkit chromium
-
       - name: Run e2e tests
         run: cd src/frontend/ && yarn e2e:test --project=firefox --project=webkit
 

.github/workflows/release-helm-chart.yaml

@@ -0,0 +1,36 @@
+name: Release Chart
+run-name: Release Chart
+
+on:
+  push:
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Cleanup
+        run: rm -rf ./src/helm/extra
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        with:
+          charts_dir: ./src/helm
+          skip_existing: True
+          mark_as_latest: False
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_GIT_REPO: numerique-gouv/helm-repo

CHANGELOG.md

@@ -11,8 +11,24 @@ and this project adheres to
 
 ## Added
 
+🔧(helm) add option to disable default tls setting by @dominikkaminski #519
+
+
+## [1.10.0] - 2024-12-17
+
+## Added
+
 - ✨(backend) add server-to-server API endpoint to create documents #467
 - ✨(email) white brand email #412
+- ✨(y-provider) create a markdown converter endpoint #488
+
+## Changed
+
+- ⚡️(docker) improve y-provider image #422
+
+## Fixed
+
+- ⚡️(e2e) reduce flakiness on e2e tests #511
 
 
 ## [1.9.0] - 2024-12-11
@@ -21,7 +37,6 @@ and this project adheres to
 
 - ✨(backend) annotate number of accesses on documents in list view #429
 - ✨(backend) allow users to mark/unmark documents as favorite #429
-- ✨(y-provider) create a markdown converter endpoint #488
 
 ## Changed
 
@@ -310,7 +325,8 @@ and this project adheres to
 - 🚀 Impress, project to manage your documents easily and collaboratively.
 
 
-[unreleased]: https://github.com/numerique-gouv/impress/compare/v1.9.0...main
+[unreleased]: https://github.com/numerique-gouv/impress/compare/v1.10.0...main
+[v1.10.0]: https://github.com/numerique-gouv/impress/releases/v1.10.0
 [v1.9.0]: https://github.com/numerique-gouv/impress/releases/v1.9.0
 [v1.8.2]: https://github.com/numerique-gouv/impress/releases/v1.8.2
 [v1.8.1]: https://github.com/numerique-gouv/impress/releases/v1.8.1

bin/Tiltfile

@@ -20,7 +20,7 @@ docker_build(
 docker_build(
     'localhost:5001/impress-y-provider:latest',
     context='..',
-    dockerfile='../src/frontend/Dockerfile',
+    dockerfile='../src/frontend/servers/y-provider/Dockerfile',
     only=['./src/frontend/', './docker/', './.dockerignore'],
     target = 'y-provider',
     live_update=[

bin/start-kind.sh

@@ -1,103 +1,3 @@
 #!/bin/sh
-set -o errexit
 
-CURRENT_DIR=$(pwd)
-
-echo "0. Create ca"
-# 0. Create ca
-mkcert -install
-cd /tmp
-mkcert "127.0.0.1.nip.io" "*.127.0.0.1.nip.io"
-cd $CURRENT_DIR
-
-echo "1. Create registry container unless it already exists"
-# 1. Create registry container unless it already exists
-reg_name='kind-registry'
-reg_port='5001'
-if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
-	docker run \
-		-d --restart=unless-stopped -p "127.0.0.1:${reg_port}:5000" --network bridge --name "${reg_name}" \
-		registry:2
-fi
-
-echo "2. Create kind cluster with containerd registry config dir enabled"
-# 2. Create kind cluster with containerd registry config dir enabled
-# TODO: kind will eventually enable this by default and this patch will
-# be unnecessary.
-#
-# See:
-# https://github.com/kubernetes-sigs/kind/issues/2875
-# https://github.com/containerd/containerd/blob/main/docs/cri/config.md#registry-configuration
-# See: https://github.com/containerd/containerd/blob/main/docs/hosts.md
-cat <<EOF | kind create cluster --config=-
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-containerdConfigPatches:
-- |-
-  [plugins."io.containerd.grpc.v1.cri".registry]
-    config_path = "/etc/containerd/certs.d"
-nodes:
-- role: control-plane
-  image: kindest/node:v1.27.3
-  kubeadmConfigPatches:
-  - |
-    kind: InitConfiguration
-    nodeRegistration:
-      kubeletExtraArgs:
-        node-labels: "ingress-ready=true"
-  extraPortMappings:
-  - containerPort: 80
-    hostPort: 80
-    protocol: TCP
-  - containerPort: 443
-    hostPort: 443
-    protocol: TCP
-- role: worker
-  image: kindest/node:v1.27.3
-- role: worker
-  image: kindest/node:v1.27.3
-EOF
-
-echo "3. Add the registry config to the nodes"
-# 3. Add the registry config to the nodes
-#
-# This is necessary because localhost resolves to loopback addresses that are
-# network-namespace local.
-# In other words: localhost in the container is not localhost on the host.
-#
-# We want a consistent name that works from both ends, so we tell containerd to
-# alias localhost:${reg_port} to the registry container when pulling images
-REGISTRY_DIR="/etc/containerd/certs.d/localhost:${reg_port}"
-for node in $(kind get nodes); do
-	docker exec "${node}" mkdir -p "${REGISTRY_DIR}"
-	cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
-[host."http://${reg_name}:5000"]
-EOF
-done
-
-echo "4. Connect the registry to the cluster network if not already connected"
-# 4. Connect the registry to the cluster network if not already connected
-# This allows kind to bootstrap the network but ensures they're on the same network
-if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${reg_name}")" = 'null' ]; then
-	docker network connect "kind" "${reg_name}"
-fi
-
-echo "5. Document the local registry"
-# 5. Document the local registry
-# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
-cat <<EOF | kubectl apply -f -
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: local-registry-hosting
-  namespace: kube-public
-data:
-  localRegistryHosting.v1: |
-    host: "localhost:${reg_port}"
-    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
-EOF
-
-echo "6. Install ingress-nginx"
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
-kubectl -n ingress-nginx create secret tls mkcert --key /tmp/127.0.0.1.nip.io+1-key.pem --cert /tmp/127.0.0.1.nip.io+1.pem
-kubectl -n ingress-nginx patch deployments.apps ingress-nginx-controller --type 'json' -p '[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value":"--default-ssl-certificate=ingress-nginx/mkcert"}]'
+curl https://raw.githubusercontent.com/numerique-gouv/tools/refs/heads/main/kind/create_cluster.sh | bash -s -- impress

docker-compose.yml

@@ -159,17 +159,13 @@ services:
     user: ${DOCKER_USER:-1000}
     build: 
       context: .
-      dockerfile: ./src/frontend/Dockerfile
+      dockerfile: ./src/frontend/servers/y-provider/Dockerfile
       target: y-provider
     restart: unless-stopped
     env_file:
       - env.d/development/common
     ports:
       - "4444:4444"
-    volumes:
-      - ./src/frontend/servers/y-provider:/home/frontend/servers/y-provider
-      - /home/frontend/servers/y-provider/node_modules/
-      - /home/frontend/servers/y-provider/dist/
 
   kc_postgresql:
     image: postgres:14.3

docs/examples/impress.values.yaml

@@ -0,0 +1,156 @@
+image:
+  repository: lasuite/impress-backend
+  pullPolicy: Always
+  tag: "latest"
+
+backend:
+  replicas: 1
+  envVars:
+    COLLABORATION_API_URL: https://impress.127.0.0.1.nip.io/collaboration/api/
+    COLLABORATION_SERVER_SECRET: my-secret
+    DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io
+    DJANGO_CONFIGURATION: Feature
+    DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
+    DJANGO_SERVER_TO_SERVER_API_TOKENS: secret-api-key
+    DJANGO_SECRET_KEY: AgoodOrAbadKey
+    DJANGO_SETTINGS_MODULE: impress.settings
+    DJANGO_SUPERUSER_PASSWORD: admin
+    DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
+    DJANGO_EMAIL_HOST: "mailcatcher"
+    DJANGO_EMAIL_LOGO_IMG: https://impress.127.0.0.1.nip.io/assets/logo-suite-numerique.png
+    DJANGO_EMAIL_PORT: 1025
+    DJANGO_EMAIL_USE_SSL: False
+    LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
+    LOGGING_LEVEL_LOGGERS_ROOT: INFO
+    LOGGING_LEVEL_LOGGERS_APP: INFO
+    OIDC_OP_JWKS_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/certs
+    OIDC_OP_AUTHORIZATION_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth
+    OIDC_OP_TOKEN_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token
+    OIDC_OP_USER_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo
+    OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/session/end
+    OIDC_RP_CLIENT_ID: impress
+    OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
+    OIDC_RP_SIGN_ALGO: RS256
+    OIDC_RP_SCOPES: "openid email"
+    OIDC_VERIFY_SSL: False
+    USER_OIDC_FIELD_TO_SHORTNAME: "given_name"
+    USER_OIDC_FIELDS_TO_FULLNAME: "given_name,usual_name"
+    OIDC_REDIRECT_ALLOWED_HOSTS: https://impress.127.0.0.1.nip.io
+    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
+    LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io
+    LOGIN_REDIRECT_URL_FAILURE: https://impress.127.0.0.1.nip.io
+    LOGOUT_REDIRECT_URL: https://impress.127.0.0.1.nip.io
+    DB_HOST: postgresql
+    DB_NAME: impress
+    DB_USER: dinum
+    DB_PASSWORD: pass
+    DB_PORT: 5432
+    POSTGRES_DB: impress
+    POSTGRES_USER: dinum
+    POSTGRES_PASSWORD: pass
+    REDIS_URL: redis://default:pass@redis-master:6379/1
+    AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000
+    AWS_S3_ACCESS_KEY_ID: root
+    AWS_S3_SECRET_ACCESS_KEY: password
+    AWS_STORAGE_BUCKET_NAME: impress-media-storage
+    STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
+    Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/
+    Y_PROVIDER_API_KEY: my-secret
+
+  migrate:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - |
+        python manage.py migrate --no-input &&
+        python manage.py create_demo --force
+    restartPolicy: Never
+
+  command:
+    - "gunicorn"
+    - "-c"
+    - "/usr/local/etc/gunicorn/impress.py"
+    - "impress.wsgi:application"
+    - "--reload"
+
+  createsuperuser:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - |
+        python manage.py createsuperuser --email admin@example.com --password admin
+    restartPolicy: Never
+
+  # Exra volume to manage our local custom CA and avoid to set ssl_verify: false
+  extraVolumeMounts:
+    - name: certs
+      mountPath: /usr/local/lib/python3.12/site-packages/certifi/cacert.pem
+      subPath: cacert.pem
+
+  # Exra volume to manage our local custom CA and avoid to set ssl_verify: false
+  extraVolumes:
+    - name: certs
+      configMap:
+        name: certifi
+        items:
+        - key: cacert.pem
+          path: cacert.pem
+frontend:
+  envVars:
+    PORT: 8080
+    NEXT_PUBLIC_API_ORIGIN: https://impress.127.0.0.1.nip.io
+
+  replicas: 1
+
+  image:
+    repository: lasuite/impress-frontend
+    pullPolicy: Always
+    tag: "latest"
+
+yProvider:
+  replicas: 1
+
+  image:
+    repository: lasuite/impress-y-provider
+    pullPolicy: Always
+    tag: "latest"
+
+  envVars:
+    COLLABORATION_LOGGING: true
+    COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io
+    COLLABORATION_SERVER_SECRET: my-secret
+    Y_PROVIDER_API_KEY: my-secret
+
+ingress:
+  enabled: true
+  host: impress.127.0.0.1.nip.io
+
+ingressCollaborationWS:
+  enabled: true
+  host: impress.127.0.0.1.nip.io
+  
+  annotations:
+    nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/collaboration-auth/
+
+ingressCollaborationApi:
+  enabled: true
+  host: impress.127.0.0.1.nip.io
+
+ingressAdmin:
+  enabled: true
+  host: impress.127.0.0.1.nip.io
+
+ingressMedia:
+  enabled: true
+  host: impress.127.0.0.1.nip.io
+
+  annotations:
+    nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/media-auth/
+    nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
+    nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000
+    nginx.ingress.kubernetes.io/rewrite-target: /impress-media-storage/$1
+
+serviceMedia:
+  host: minio.impress.svc.cluster.local
+  port: 9000
+

docs/examples/minio.values.yaml

@@ -0,0 +1,8 @@
+auth:
+  rootUser: root
+  rootPassword: password
+provisioning:
+  enabled: true
+  buckets:
+    - name: impress-media-storage
+      versioning: true

docs/examples/postgresql.values.yaml

@@ -0,0 +1,7 @@
+auth:
+  username: dinum
+  password: pass
+  database: impress
+tls:
+  enabled: true
+  autoGenerated: true

docs/examples/redis.values.yaml

@@ -0,0 +1,4 @@
+auth:
+  password: pass
+architecture: standalone
+

docs/installation.md

@@ -0,0 +1,231 @@
+# Installation on a k8s cluster
+
+This document is a step-by-step guide that describes how to install Docs on a k8s cluster without AI features.
+
+
+## Prerequisites
+
+- k8s cluster with an nginx-ingress controller
+- an OIDC provider (if you don't have one, we will provide an example)
+- a PostgreSQL server (if you don't have one, we will provide an example)
+- a Memcached server (if you don't have one, we will provide an example)
+- a S3 bucket (if you don't have one, we will provide an example)
+
+### Test cluster
+
+If you do not have a test cluster, you can install everything on a local kind cluster. In this case, the simplest way is to use our script **bin/start-kind.sh**.
+
+To be able to use the script, you will need to install:
+
+- Docker (https://docs.docker.com/desktop/)
+- Kind (https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
+- Mkcert (https://github.com/FiloSottile/mkcert#installation)
+- Helm (https://helm.sh/docs/intro/quickstart/#install-helm)
+
+```
+./bin/start-kind.sh 
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+100  4700  100  4700    0     0  92867      0 --:--:-- --:--:-- --:--:-- 94000
+0. Create ca
+The local CA is already installed in the system trust store! 👍
+The local CA is already installed in the Firefox and/or Chrome/Chromium trust store! 👍
+
+
+Created a new certificate valid for the following names 📜
+ - "127.0.0.1.nip.io"
+ - "*.127.0.0.1.nip.io"
+
+Reminder: X.509 wildcards only go one level deep, so this won't match a.b.127.0.0.1.nip.io ℹ️
+
+The certificate is at "./127.0.0.1.nip.io+1.pem" and the key at "./127.0.0.1.nip.io+1-key.pem" ✅
+
+It will expire on 24 March 2027 🗓
+
+1. Create registry container unless it already exists
+2. Create kind cluster with containerd registry config dir enabled
+Creating cluster "suite" ...
+ ✓ Ensuring node image (kindest/node:v1.27.3) 🖼
+ ✓ Preparing nodes 📦  
+ ✓ Writing configuration 📜 
+ ✓ Starting control-plane 🕹️ 
+ ✓ Installing CNI 🔌 
+ ✓ Installing StorageClass 💾 
+Set kubectl context to "kind-suite"
+You can now use your cluster with:
+
+kubectl cluster-info --context kind-suite
+
+Thanks for using kind! 😊
+3. Add the registry config to the nodes
+4. Connect the registry to the cluster network if not already connected
+5. Document the local registry
+configmap/local-registry-hosting created
+Warning: resource configmaps/coredns is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
+configmap/coredns configured
+deployment.apps/coredns restarted
+6. Install ingress-nginx
+namespace/ingress-nginx created
+serviceaccount/ingress-nginx created
+serviceaccount/ingress-nginx-admission created
+role.rbac.authorization.k8s.io/ingress-nginx created
+role.rbac.authorization.k8s.io/ingress-nginx-admission created
+clusterrole.rbac.authorization.k8s.io/ingress-nginx created
+clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
+rolebinding.rbac.authorization.k8s.io/ingress-nginx created
+rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
+clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
+clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
+configmap/ingress-nginx-controller created
+service/ingress-nginx-controller created
+service/ingress-nginx-controller-admission created
+deployment.apps/ingress-nginx-controller created
+job.batch/ingress-nginx-admission-create created
+job.batch/ingress-nginx-admission-patch created
+ingressclass.networking.k8s.io/nginx created
+validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
+secret/mkcert created
+deployment.apps/ingress-nginx-controller patched
+7. Setup namespace
+namespace/impress created
+Context "kind-suite" modified.
+secret/mkcert created
+$ kubectl -n ingress-nginx get po
+NAME                                        READY   STATUS      RESTARTS   AGE
+ingress-nginx-admission-create-t55ph        0/1     Completed   0          2m56s
+ingress-nginx-admission-patch-94dvt         0/1     Completed   1          2m56s
+ingress-nginx-controller-57c548c4cd-2rx47   1/1     Running     0          2m56s
+```
+When your k8s cluster is ready (the ingress nginx controller is up), you can start the deployment. This cluster is special because it uses the *.127.0.0.1.nip.io domain and mkcert certificates to have full HTTPS support and easy domain name management.
+
+Please remember that *.127.0.0.1.nip.io will always resolve to 127.0.0.1, except in the k8s cluster where we configure CoreDNS to answer with the ingress-nginx service IP.
+
+## Preparation
+
+### What will you use to authenticate your users ?
+
+Docs uses OIDC, so if you already have an OIDC provider, obtain the necessary information to use it. In the next step, we will see how to configure Django (and thus Docs) to use it. If you do not have a provider, we will show you how to deploy a local Keycloak instance (this is not a production deployment, just a demo).
+
+```
+$ kubectl create namespace impress
+$ kubectl config set-context --current --namespace=impress
+$ helm install keycloak oci://registry-1.docker.io/bitnamicharts/keycloak -f examples/keycloak.values.yaml
+$ #wait until
+$ kubectl get po
+NAME                    READY   STATUS    RESTARTS   AGE
+keycloak-0              1/1     Running   0          6m48s
+keycloak-postgresql-0   1/1     Running   0          6m48s
+```
+
+From here the important informations you will need are :
+
+```
+OIDC_OP_JWKS_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/certs
+OIDC_OP_AUTHORIZATION_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/auth
+OIDC_OP_TOKEN_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/token
+OIDC_OP_USER_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/userinfo
+OIDC_OP_LOGOUT_ENDPOINT: https://keycloak.127.0.0.1.nip.io/realms/impress/protocol/openid-connect/session/end
+OIDC_RP_CLIENT_ID: impress
+OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
+OIDC_RP_SIGN_ALGO: RS256
+OIDC_RP_SCOPES: "openid email"
+```
+
+You can find these values in **examples/keycloak.values.yaml**
+
+### Find redis server connexion values
+
+Impress need a redis so we will start by deploying a redis :
+
+```
+$ helm install redis oci://registry-1.docker.io/bitnamicharts/redis -f examples/redis.values.yaml
+$ kubectl get po
+NAME                    READY   STATUS    RESTARTS   AGE
+keycloak-0              1/1     Running   0          26m
+keycloak-postgresql-0   1/1     Running   0          26m
+redis-master-0          1/1     Running   0          35s
+```
+
+### Find postgresql connexion values
+
+Impress uses a postgresql db as backend so if you have a provider, obtain the necessary information to use it. If you do not have, you can install a postgresql testing environment as follow:
+
+```
+$ helm install postgresql oci://registry-1.docker.io/bitnamicharts/postgresql -f examples/postgresql.values.yaml
+$ kubectl get po
+NAME                    READY   STATUS    RESTARTS   AGE
+keycloak-0              1/1     Running   0          28m
+keycloak-postgresql-0   1/1     Running   0          28m
+postgresql-0            1/1     Running   0          14m
+redis-master-0          1/1     Running   0          42s
+```
+
+From here important informations you will need are :
+
+```
+DB_HOST: postgres-postgresql
+DB_NAME: impress
+DB_USER: dinum
+DB_PASSWORD: pass
+DB_PORT: 5432
+POSTGRES_DB: impress
+POSTGRES_USER: dinum
+POSTGRES_PASSWORD: pass
+```
+
+### Find s3 bucket connexion values
+
+Impress uses a s3 bucket to store documents so if you have a provider obtain the necessary information to use it. If you do not have, you can install a local minio testing environment as follow:
+
+```
+$ helm install minio oci://registry-1.docker.io/bitnamicharts/minio -f examples/minio.values.yaml
+$ kubectl get po
+NAME                       READY   STATUS      RESTARTS   AGE
+keycloak-0                 1/1     Running     0          38m
+keycloak-postgresql-0      1/1     Running     0          38m
+minio-84f5c66895-bbhsk     1/1     Running     0          42s
+minio-provisioning-2b5sq   0/1     Completed   0          42s
+postgresql-0               1/1     Running     0          24m
+redis-master-0             1/1     Running     0          10m
+```
+
+## Deployment
+
+Now you are ready to deploy Impress without AI. AI requiered more dependancies (openai API). To deploy impress you need to provide all previous informations to the helm chart.
+
+```
+$ helm repo add impress https://numerique-gouv.github.io/impress/
+$ helm repo update
+$ helm install impress impress/docs -f examples/impress.values.yaml
+$ kubectl get po
+NAME                                         READY   STATUS      RESTARTS   AGE
+impress-docs-backend-96558758d-xtkbp         0/1     Running     0          79s
+impress-docs-backend-createsuperuser-r7ltc   0/1     Completed   0          79s
+impress-docs-backend-migrate-c949s           0/1     Completed   0          79s
+impress-docs-frontend-6749f644f7-p5s42       1/1     Running     0          79s
+impress-docs-y-provider-6947fd8f54-78f2l     1/1     Running     0          79s
+keycloak-0                                   1/1     Running     0          48m
+keycloak-postgresql-0                        1/1     Running     0          48m
+minio-84f5c66895-bbhsk                       1/1     Running     0          10m
+minio-provisioning-2b5sq                     0/1     Completed   0          10m
+postgresql-0                                 1/1     Running     0          34m
+redis-master-0                               1/1     Running     0          20m
+```
+
+## Test your deployment
+
+In order to test your deployment you have to login to your instance. If you use exclusively our examples you can do :
+
+```
+$ kubectl get ingress
+NAME                             CLASS    HOSTS                       ADDRESS     PORTS     AGE
+impress-docs                     <none>   impress.127.0.0.1.nip.io    localhost   80, 443   114s
+impress-docs-admin               <none>   impress.127.0.0.1.nip.io    localhost   80, 443   114s
+impress-docs-collaboration-api   <none>   impress.127.0.0.1.nip.io    localhost   80, 443   114s
+impress-docs-media               <none>   impress.127.0.0.1.nip.io    localhost   80, 443   114s
+impress-docs-ws                  <none>   impress.127.0.0.1.nip.io    localhost   80, 443   114s
+keycloak                         <none>   keycloak.127.0.0.1.nip.io   localhost   80        49m
+```
+
+You can use impress on https://impress.127.0.0.1.nip.io. The provisionning user in keycloak is impress/impress.
+

env.d/development/common.e2e.dist

@@ -1,3 +1,6 @@
 # For the CI job test-e2e
 SUSTAINED_THROTTLE_RATES="200/hour"
 BURST_THROTTLE_RATES="200/minute"
+DJANGO_SERVER_TO_SERVER_API_TOKENS=test-e2e
+Y_PROVIDER_API_KEY=yprovider-api-key
+Y_PROVIDER_API_BASE_URL=http://y-provider:4444/api/

src/backend/core/api/serializers.py

@@ -275,7 +275,7 @@ class ServerCreateDocumentSerializer(serializers.Serializer):
             language = user.language or language
 
         try:
-            converter_response = YdocConverter().convert_markdown(
+            document_content = YdocConverter().convert_markdown(
                 validated_data["content"]
             )
         except ConversionError as err:
@@ -283,7 +283,7 @@ class ServerCreateDocumentSerializer(serializers.Serializer):
 
         document = models.Document.objects.create(
             title=validated_data["title"],
-            content=converter_response["content"],
+            content=document_content,
             creator=user,
         )
 

src/backend/core/models.py

@@ -594,7 +594,7 @@ class Document(BaseModel):
                     name=sender_name
                 ),
                 "message": _(
-                    "{name} invited you with the role ``{role}`` on the following document:"
+                    '{name} invited you with the role "{role}" on the following document:'
                 ).format(name=sender_name_email, role=role.lower()),
             }
             subject = _("{name} shared a document with you: {title}").format(

src/backend/core/services/ai_services.py

@@ -35,29 +35,10 @@ AI_ACTIONS = {
     ),
 }
 
-
 AI_TRANSLATE = (
-    """  
-    You are a professional translator for `{language:s}`.  
-
-    ### Guidelines:  
-    1. **Preserve exactly as-is:**  
-       - All formatting, markdown, symbols, tags  
-       - Names, numbers, URLs, citations  
-       - Code blocks and technical terms  
-    
-    2. **Translation Rules:**  
-       - Use natural expressions in the target language  
-       - Match the tone of the source text (default: professional)  
-       - Maintain original meaning precisely  
-       - Adapt idioms to suit the target culture  
-       - Ensure grammatical correctness stylistic coherence
-    
-    3. **Do Not:**  
-       - Add, remove, or explain any content  
-    
-    Output only the translated text, keeping all original formatting intact.
-    """
+    "Translate the markdown text to {language:s}, preserving markdown formatting. "
+    'Return JSON: {{"answer": "your translated markdown text in {language:s}"}}. '
+    "Do not provide any other information."
 )
 
 
@@ -78,14 +59,32 @@ class AIService:
         """Helper method to call the OpenAI API and process the response."""
         response = self.client.chat.completions.create(
             model=settings.AI_MODEL,
+            response_format={"type": "json_object"},
             messages=[
                 {"role": "system", "content": system_content},
-                {"role": "user", "content": text},
+                {"role": "user", "content": json.dumps({"markdown_input": text})},
             ],
         )
 
         content = response.choices[0].message.content
-        return {"answer": content}
+
+        try:
+            sanitized_content = re.sub(r'\s*"answer"\s*:\s*', '"answer": ', content)
+            sanitized_content = re.sub(r"\s*\}", "}", sanitized_content)
+            sanitized_content = re.sub(r"(?<!\\)\n", "\\\\n", sanitized_content)
+            sanitized_content = re.sub(r"(?<!\\)\t", "\\\\t", sanitized_content)
+
+            json_response = json.loads(sanitized_content)
+        except (json.JSONDecodeError, IndexError):
+            try:
+                json_response = json.loads(content)
+            except json.JSONDecodeError as err:
+                raise RuntimeError("AI response is not valid JSON", content) from err
+
+        if "answer" not in json_response:
+            raise RuntimeError("AI response does not contain an answer")
+
+        return json_response
 
     def transform(self, text, action):
         """Transform text based on specified action."""

src/backend/core/services/collaboration_services.py

@@ -26,6 +26,7 @@ class CollaborationService:
         # same pod thanks to a parameter
         endpoint_url = f"{settings.COLLABORATION_API_URL}{endpoint}/?room={room}"
 
+        # Note: Collaboration microservice accepts only raw token, which is not recommended
         headers = {"Authorization": settings.COLLABORATION_SERVER_SECRET}
         if user_id:
             headers["X-User-Id"] = user_id

src/backend/core/services/converter_services.py

@@ -31,7 +31,8 @@ class YdocConverter:
     @property
     def auth_header(self):
         """Build microservice authentication header."""
-        return f"Bearer {settings.CONVERSION_API_KEY}"
+        # Note: Yprovider microservice accepts only raw token, which is not recommended
+        return settings.Y_PROVIDER_API_KEY
 
     def convert_markdown(self, text):
         """Convert a Markdown text into our internal format using an external microservice."""
@@ -41,7 +42,7 @@ class YdocConverter:
 
         try:
             response = requests.post(
-                settings.CONVERSION_API_URL,
+                f"{settings.Y_PROVIDER_API_BASE_URL}{settings.CONVERSION_API_ENDPOINT}/",
                 json={
                     "content": text,
                 },
@@ -50,6 +51,7 @@ class YdocConverter:
                     "Content-Type": "application/json",
                 },
                 timeout=settings.CONVERSION_API_TIMEOUT,
+                verify=settings.CONVERSION_API_SECURE,
             )
             response.raise_for_status()
             conversion_response = response.json()

src/backend/core/tests/documents/test_api_document_accesses_create.py

@@ -173,7 +173,7 @@ def test_api_document_accesses_create_authenticated_administrator(via, mock_user
     email_content = " ".join(email.body.split())
     assert f"{user.full_name} shared a document with you!" in email_content
     assert (
-        f"{user.full_name} ({user.email}) invited you with the role ``{role}`` "
+        f"{user.full_name} ({user.email}) invited you with the role "{role}" "
         f"on the following document: {document.title}"
     ) in email_content
     assert "docs/" + str(document.id) + "/" in email_content
@@ -231,7 +231,7 @@ def test_api_document_accesses_create_authenticated_owner(via, mock_user_teams):
     email_content = " ".join(email.body.split())
     assert f"{user.full_name} shared a document with you!" in email_content
     assert (
-        f"{user.full_name} ({user.email}) invited you with the role ``{role}`` "
+        f"{user.full_name} ({user.email}) invited you with the role "{role}" "
         f"on the following document: {document.title}"
     ) in email_content
     assert "docs/" + str(document.id) + "/" in email_content

src/backend/core/tests/documents/test_api_document_invitations.py

@@ -406,7 +406,7 @@ def test_api_document_invitations_create_privileged_members(
         email_content = " ".join(email.body.split())
         assert f"{user.full_name} shared a document with you!" in email_content
         assert (
-            f"{user.full_name} ({user.email}) invited you with the role ``{invited}`` "
+            f"{user.full_name} ({user.email}) invited you with the role "{invited}" "
             f"on the following document: {document.title}"
         ) in email_content
         assert "My brand name" in email_content
@@ -536,7 +536,7 @@ def test_api_document_invitations_create_email_full_name_empty():
     email_content = " ".join(email.body.split())
     assert f"{user.email} shared a document with you!" in email_content
     assert (
-        f"{user.email.capitalize()} invited you with the role ``reader`` on the "
+        f"{user.email.capitalize()} invited you with the role "reader" on the "
         f"following document: {document.title}" in email_content
     )
 

src/backend/core/tests/documents/test_api_documents_create_for_owner.py

@@ -25,7 +25,7 @@ def mock_convert_markdown():
     with patch.object(
         YdocConverter,
         "convert_markdown",
-        return_value={"content": "Converted document content"},
+        return_value="Converted document content",
     ) as mock:
         yield mock
 

src/backend/core/tests/test_models_documents.py

@@ -441,7 +441,7 @@ def test_models_documents__email_invitation__success():
     email_content = " ".join(email.body.split())
 
     assert (
-        f"Test Sender (sender@example.com) invited you with the role ``editor`` "
+        f"Test Sender (sender@example.com) invited you with the role "editor" "
         f"on the following document: {document.title}" in email_content
     )
     assert f"docs/{document.id}/" in email_content
@@ -476,8 +476,8 @@ def test_models_documents__email_invitation__success_fr():
     email_content = " ".join(email.body.split())
 
     assert (
-        f"Test Sender2 (sender2@example.com) vous a invité avec le rôle ``propriétaire`` "
-        f"sur le document suivant : {document.title}" in email_content
+        f"Test Sender2 (sender2@example.com) vous a invité avec le rôle "propriétaire" "
+        f"sur le document suivant: {document.title}" in email_content
     )
     assert f"docs/{document.id}/" in email_content
 

src/backend/core/tests/test_services_converter_services.py

@@ -16,9 +16,9 @@ from core.services.converter_services import (
 
 def test_auth_header(settings):
     """Test authentication header generation."""
-    settings.CONVERSION_API_KEY = "test-key"
+    settings.Y_PROVIDER_API_KEY = "test-key"
     converter = YdocConverter()
-    assert converter.auth_header == "Bearer test-key"
+    assert converter.auth_header == "test-key"
 
 
 def test_convert_markdown_empty_text():
@@ -97,8 +97,9 @@ def test_convert_markdown_missing_content_field(mock_post, settings):
 def test_convert_markdown_full_integration(mock_post, settings):
     """Test full integration with all settings."""
 
-    settings.CONVERSION_API_URL = "http://test.com"
-    settings.CONVERSION_API_KEY = "test-key"
+    settings.Y_PROVIDER_API_BASE_URL = "http://test.com/"
+    settings.Y_PROVIDER_API_KEY = "test-key"
+    settings.CONVERSION_API_ENDPOINT = "conversion-endpoint"
     settings.CONVERSION_API_TIMEOUT = 5
     settings.CONVERSION_API_CONTENT_FIELD = "content"
 
@@ -113,13 +114,14 @@ def test_convert_markdown_full_integration(mock_post, settings):
 
     assert result == expected_content
     mock_post.assert_called_once_with(
-        "http://test.com",
+        "http://test.com/conversion-endpoint/",
         json={"content": "test markdown"},
         headers={
-            "Authorization": "Bearer test-key",
+            "Authorization": "test-key",
             "Content-Type": "application/json",
         },
         timeout=5,
+        verify=False,
     )
 
 

src/backend/impress/settings.py

@@ -505,13 +505,20 @@ class Base(Configuration):
         "day": 200,
     }
 
-    # Conversion microservice
-    CONVERSION_API_KEY = values.Value(
-        environ_name="CONVERSION_API_KEY",
+    # Y provider microservice
+    Y_PROVIDER_API_KEY = values.Value(
+        environ_name="Y_PROVIDER_API_KEY",
         environ_prefix=None,
     )
-    CONVERSION_API_URL = values.Value(
-        environ_name="CONVERSION_API_URL",
+    Y_PROVIDER_API_BASE_URL = values.Value(
+        environ_name="Y_PROVIDER_API_BASE_URL",
+        environ_prefix=None,
+    )
+
+    # Conversion endpoint
+    CONVERSION_API_ENDPOINT = values.Value(
+        default="convert-markdown",
+        environ_name="CONVERSION_API_ENDPOINT",
         environ_prefix=None,
     )
     CONVERSION_API_CONTENT_FIELD = values.Value(
@@ -524,6 +531,11 @@ class Base(Configuration):
         environ_name="CONVERSION_API_TIMEOUT",
         environ_prefix=None,
     )
+    CONVERSION_API_SECURE = values.Value(
+        default=False,
+        environ_name="CONVERSION_API_SECURE",
+        environ_prefix=None,
+    )
 
     # Logging
     # We want to make it easy to log to console but by default we log production

src/backend/locale/de_DE/LC_MESSAGES/django.po

@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-people\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-12-13 15:17+0000\n"
-"PO-Revision-Date: 2024-12-13 15:22\n"
+"POT-Creation-Date: 2024-12-17 15:50+0000\n"
+"PO-Revision-Date: 2024-12-17 15:53\n"
 "Last-Translator: \n"
 "Language-Team: German\n"
 "Language: de_DE\n"
@@ -220,7 +220,7 @@ msgstr ""
 
 #: core/models.py:597
 #, python-brace-format
-msgid "{name} invited you with the role ``{role}`` on the following document:"
+msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr ""
 
 #: core/models.py:600

src/backend/locale/en_US/LC_MESSAGES/django.po

@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-people\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-12-13 15:17+0000\n"
-"PO-Revision-Date: 2024-12-13 15:22\n"
+"POT-Creation-Date: 2024-12-17 15:50+0000\n"
+"PO-Revision-Date: 2024-12-17 15:53\n"
 "Last-Translator: \n"
 "Language-Team: English\n"
 "Language: en_US\n"
@@ -220,7 +220,7 @@ msgstr ""
 
 #: core/models.py:597
 #, python-brace-format
-msgid "{name} invited you with the role ``{role}`` on the following document:"
+msgid "{name} invited you with the role \"{role}\" on the following document:"
 msgstr ""
 
 #: core/models.py:600

src/backend/locale/fr_FR/LC_MESSAGES/django.po

@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: lasuite-people\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-12-13 15:17+0000\n"
-"PO-Revision-Date: 2024-12-13 16:47\n"
+"POT-Creation-Date: 2024-12-17 15:50+0000\n"
+"PO-Revision-Date: 2024-12-17 15:53\n"
 "Last-Translator: \n"
 "Language-Team: French\n"
 "Language: fr_FR\n"
@@ -220,8 +220,8 @@ msgstr "{name} a partagé un document avec vous!"
 
 #: core/models.py:597
 #, python-brace-format
-msgid "{name} invited you with the role ``{role}`` on the following document:"
-msgstr "{name} vous a invité avec le rôle ``{role}`` sur le document suivant :"
+msgid "{name} invited you with the role \"{role}\" on the following document:"
+msgstr "{name} vous a invité avec le rôle \"{role}\" sur le document suivant:"
 
 #: core/models.py:600
 #, python-brace-format

src/backend/pyproject.toml

@@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "impress"
-version = "1.9.0"
+version = "1.10.0"
 authors = [{ "name" = "DINUM", "email" = "dev@mail.numerique.gouv.fr" }]
 classifiers = [
     "Development Status :: 5 - Production/Stable",
@@ -25,7 +25,7 @@ license = { file = "LICENSE" }
 readme = "README.md"
 requires-python = ">=3.12"
 dependencies = [
-    "boto3==1.35.79",
+    "boto3==1.35.81",
     "Brotli==1.1.0",
     "celery[redis]==5.4.0",
     "django-configurations==2.5.1",
@@ -47,7 +47,7 @@ dependencies = [
     "jsonschema==4.23.0",
     "markdown==3.7",
     "nested-multipart-parser==1.5.0",
-    "openai==1.57.2",
+    "openai==1.57.4",
     "psycopg[binary]==3.2.3",
     "PyJWT==2.10.1",
     "pypandoc==1.14",
@@ -74,7 +74,7 @@ dev = [
     "freezegun==1.5.1",
     "ipdb==0.13.13",
     "ipython==8.30.0",
-    "pyfakefs==5.7.2",
+    "pyfakefs==5.7.3",
     "pylint-django==2.6.1",
     "pylint==3.3.2",
     "pytest-cov==6.0.0",

src/frontend/Dockerfile

@@ -1,33 +1,3 @@
-FROM node:20-alpine AS frontend-deps-y-provider
-
-WORKDIR /home/frontend/
-
-COPY ./src/frontend/package.json ./package.json
-COPY ./src/frontend/yarn.lock ./yarn.lock
-COPY ./src/frontend/servers/y-provider/package.json ./servers/y-provider/package.json
-COPY ./src/frontend/packages/eslint-config-impress/package.json ./packages/eslint-config-impress/package.json
-
-RUN yarn install
-
-COPY ./src/frontend/ .
-
-# Copy entrypoint
-COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
-
-# ---- y-provider ----
-FROM frontend-deps-y-provider AS y-provider
-
-WORKDIR /home/frontend/servers/y-provider
-RUN yarn build
-
-# Un-privileged user running the application
-ARG DOCKER_USER
-USER ${DOCKER_USER}
-
-ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
-
-CMD ["yarn", "start"]
-
 FROM node:20-alpine AS frontend-deps
 
 WORKDIR /home/frontend/
@@ -40,7 +10,9 @@ COPY ./src/frontend/packages/eslint-config-impress/package.json ./packages/eslin
 RUN yarn install --frozen-lockfile
 
 COPY .dockerignore ./.dockerignore
-COPY ./src/frontend/ .
+COPY ./src/frontend/.prettierrc.js ./.prettierrc.js
+COPY ./src/frontend/packages/eslint-config-impress ./packages/eslint-config-impress
+COPY ./src/frontend/apps/impress ./apps/impress
 
 ### ---- Front-end builder image ----
 FROM frontend-deps AS impress

src/frontend/apps/e2e/__tests__/app-impress/doc-create.spec.ts

@@ -1,6 +1,6 @@
 import { expect, test } from '@playwright/test';
 
-import { createDoc } from './common';
+import { createDoc, goToGridDoc, keyCloakSignIn, randomName } from './common';
 
 test.beforeEach(async ({ page }) => {
   await page.goto('/');
@@ -29,3 +29,47 @@ test.describe('Doc Create', () => {
     });
   });
 });
+
+test.describe('Doc Create: Not loggued', () => {
+  test.use({ storageState: { cookies: [], origins: [] } });
+
+  test('it creates a doc server way', async ({
+    page,
+    browserName,
+    request,
+  }) => {
+    const markdown = `This is a normal text\n\n# And this is a large heading`;
+    const [title] = randomName('My server way doc create', browserName, 1);
+    const data = {
+      title,
+      content: markdown,
+      sub: `user@${browserName}.e2e`,
+      email: `user@${browserName}.e2e`,
+    };
+
+    const newDoc = await request.post(
+      `http://localhost:8071/api/v1.0/documents/create-for-owner/`,
+      {
+        data,
+        headers: {
+          Authorization: 'Bearer test-e2e',
+          format: 'json',
+        },
+      },
+    );
+
+    expect(newDoc.ok()).toBeTruthy();
+
+    await keyCloakSignIn(page, browserName);
+
+    await goToGridDoc(page, { title });
+
+    await expect(page.getByRole('heading', { name: title })).toBeVisible();
+
+    const editor = page.locator('.ProseMirror');
+    await expect(editor.getByText('This is a normal text')).toBeVisible();
+    await expect(
+      editor.locator('h1').getByText('And this is a large heading'),
+    ).toBeVisible();
+  });
+});

src/frontend/apps/e2e/__tests__/app-impress/doc-editor.spec.ts

@@ -233,7 +233,7 @@ test.describe('Doc Editor', () => {
     test.skip(browserName === 'webkit', 'This test is very flaky with webkit');
 
     // Check the first doc
-    const doc = await goToGridDoc(page);
+    const [doc] = await createDoc(page, 'doc-quit-1', browserName, 1);
     await expect(page.locator('h2').getByText(doc)).toBeVisible();
 
     const editor = page.locator('.ProseMirror');
@@ -272,8 +272,8 @@ test.describe('Doc Editor', () => {
     ).toBeVisible();
   });
 
-  test('it adds an image to the doc editor', async ({ page }) => {
-    await goToGridDoc(page);
+  test('it adds an image to the doc editor', async ({ page, browserName }) => {
+    await createDoc(page, 'doc-image', browserName, 1);
 
     const fileChooserPromise = page.waitForEvent('filechooser');
 

src/frontend/apps/e2e/__tests__/app-impress/doc-header.spec.ts

@@ -120,13 +120,14 @@ test.describe('Doc Header', () => {
 
     await editor.locator('h1').fill('');
 
+    // eslint-disable-next-line playwright/no-wait-for-timeout
+    await page.waitForTimeout(500);
+
     await docHeader
       .getByRole('heading', { name: 'Top World', level: 2 })
       .fill(' ');
 
-    await page.getByText('Created at').click({
-      delay: 200,
-    });
+    await page.getByText('Created at').click();
 
     await expect(
       docHeader.getByRole('heading', { name: 'Untitled  document', level: 2 }),

src/frontend/apps/e2e/package.json

@@ -1,6 +1,6 @@
 {
   "name": "app-e2e",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "private": true,
   "scripts": {
     "lint": "eslint . --ext .ts",
@@ -12,7 +12,7 @@
     "test:ui::chromium": "yarn test:ui --project=chromium"
   },
   "devDependencies": {
-    "@playwright/test": "1.49.0",
+    "@playwright/test": "1.49.1",
     "@types/node": "*",
     "@types/pdf-parse": "1.1.4",
     "eslint-config-impress": "*",

src/frontend/apps/e2e/playwright.config.ts

@@ -19,6 +19,7 @@ export default defineConfig({
   forbidOnly: !!process.env.CI,
   /* Retry on CI only */
   retries: process.env.CI ? 2 : 0,
+  maxFailures: process.env.CI ? 3 : 0,
   /* Opt out of parallel tests on CI. */
   workers: process.env.CI ? 3 : undefined,
   /* Reporter to use. See https://playwright.dev/docs/test-reporters */

src/frontend/apps/impress/next-env.d.ts

@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/pages/building-your-application/configuring/typescript for more information.
+// see https://nextjs.org/docs/pages/api-reference/config/typescript for more information.

src/frontend/apps/impress/package.json

@@ -1,6 +1,6 @@
 {
   "name": "app-impress",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "private": true,
   "scripts": {
     "dev": "next dev",
@@ -19,33 +19,33 @@
     "@blocknote/mantine": "*",
     "@blocknote/react": "*",
     "@gouvfr-lasuite/integration": "1.0.2",
-    "@hocuspocus/provider": "2.14.0",
+    "@hocuspocus/provider": "2.15.0",
     "@openfun/cunningham-react": "2.9.4",
-    "@sentry/nextjs": "8.42.0",
-    "@tanstack/react-query": "5.62.2",
+    "@sentry/nextjs": "8.45.1",
+    "@tanstack/react-query": "5.62.7",
     "crisp-sdk-web": "1.0.25",
-    "i18next": "24.0.5",
-    "i18next-browser-languagedetector": "8.0.0",
-    "idb": "8.0.0",
+    "i18next": "24.1.0",
+    "i18next-browser-languagedetector": "8.0.2",
+    "idb": "8.0.1",
     "lodash": "4.17.21",
     "luxon": "3.5.0",
-    "next": "15.0.3",
+    "next": "15.1.0",
     "react": "*",
     "react-aria-components": "1.5.0",
     "react-dom": "*",
-    "react-i18next": "15.1.3",
-    "react-select": "5.8.3",
+    "react-i18next": "15.2.0",
+    "react-select": "5.9.0",
     "styled-components": "6.1.13",
     "y-protocols": "1.0.6",
     "yjs": "*",
-    "zustand": "5.0.1"
+    "zustand": "5.0.2"
   },
   "devDependencies": {
     "@svgr/webpack": "8.1.0",
-    "@tanstack/react-query-devtools": "5.62.2",
+    "@tanstack/react-query-devtools": "5.62.7",
     "@testing-library/dom": "10.4.0",
     "@testing-library/jest-dom": "6.6.3",
-    "@testing-library/react": "16.0.1",
+    "@testing-library/react": "16.1.0",
     "@testing-library/user-event": "14.5.2",
     "@types/jest": "29.5.14",
     "@types/lodash": "4.17.13",
@@ -60,12 +60,12 @@
     "jest": "29.7.0",
     "jest-environment-jsdom": "29.7.0",
     "node-fetch": "2.7.0",
-    "prettier": "3.4.1",
-    "stylelint": "16.11.0",
+    "prettier": "3.4.2",
+    "stylelint": "16.12.0",
     "stylelint-config-standard": "36.0.1",
     "stylelint-prettier": "5.0.2",
     "typescript": "*",
-    "webpack": "5.97.0",
+    "webpack": "5.97.1",
     "workbox-webpack-plugin": "7.1.0"
   }
 }

src/frontend/apps/impress/src/features/docs/doc-editor/components/BlockNoteToolbar.tsx

@@ -2,27 +2,29 @@ import '@blocknote/mantine/style.css';
 import {
   FormattingToolbar,
   FormattingToolbarController,
+  FormattingToolbarProps,
   getFormattingToolbarItems,
 } from '@blocknote/react';
-import React from 'react';
+import React, { useCallback } from 'react';
 
 import { AIGroupButton } from './AIButton';
 import { MarkdownButton } from './MarkdownButton';
 
 export const BlockNoteToolbar = () => {
-  return (
-    <FormattingToolbarController
-      formattingToolbar={({ blockTypeSelectItems }) => (
-        <FormattingToolbar>
-          {getFormattingToolbarItems(blockTypeSelectItems)}
+  const formattingToolbar = useCallback(
+    ({ blockTypeSelectItems }: FormattingToolbarProps) => (
+      <FormattingToolbar>
+        {getFormattingToolbarItems(blockTypeSelectItems)}
 
-          {/* Extra button to do some AI powered actions */}
-          <AIGroupButton key="AIButton" />
+        {/* Extra button to do some AI powered actions */}
+        <AIGroupButton key="AIButton" />
 
-          {/* Extra button to convert from markdown to json */}
-          <MarkdownButton key="customButton" />
-        </FormattingToolbar>
-      )}
-    />
+        {/* Extra button to convert from markdown to json */}
+        <MarkdownButton key="customButton" />
+      </FormattingToolbar>
+    ),
+    [],
   );
+
+  return <FormattingToolbarController formattingToolbar={formattingToolbar} />;
 };

src/frontend/apps/impress/src/pages/docs/[id]/index.tsx

@@ -65,10 +65,6 @@ const DocPage = ({ id }: DocProps) => {
 
     setDoc(docQuery);
     setCurrentDoc(docQuery);
-
-    return () => {
-      setCurrentDoc(undefined);
-    };
   }, [docQuery, setCurrentDoc]);
 
   useEffect(() => {

src/frontend/apps/impress/src/stores/useSentryStore.tsx

@@ -25,7 +25,7 @@ export const useSentryStore = create<SentryState>((set, get) => ({
         release: packageJson.version,
         replaysSessionSampleRate: 0.1,
         replaysOnErrorSampleRate: 1.0,
-        tracesSampleRate: 1.0,
+        tracesSampleRate: 0.1,
       }),
     });
   },

src/frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "impress",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "private": true,
   "workspaces": {
     "packages": [
@@ -28,13 +28,13 @@
     "server:test": "yarn COLLABORATION_SERVER run test"
   },
   "resolutions": {
-    "@blocknote/core": "0.20.0",
-    "@blocknote/mantine": "0.20.0",
-    "@blocknote/react": "0.20.0",
-    "@types/node": "22.10.1",
+    "@blocknote/core": "0.21.0",
+    "@blocknote/mantine": "0.21.0",
+    "@blocknote/react": "0.21.0",
+    "@types/node": "22.10.2",
     "@types/react-dom": "18.3.1",
-    "@typescript-eslint/eslint-plugin": "8.17.0",
-    "@typescript-eslint/parser": "8.17.0",
+    "@typescript-eslint/eslint-plugin": "8.18.0",
+    "@typescript-eslint/parser": "8.18.0",
     "cross-env": "7.0.3",
     "eslint": "8.57.0",
     "react": "18.3.1",

src/frontend/packages/eslint-config-impress/package.json

@@ -1,17 +1,17 @@
 {
   "name": "eslint-config-impress",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "license": "MIT",
   "scripts": {
     "lint": "eslint --ext .js ."
   },
   "dependencies": {
-    "@next/eslint-plugin-next": "15.0.3",
+    "@next/eslint-plugin-next": "15.1.0",
     "@tanstack/eslint-plugin-query": "5.62.1",
     "@typescript-eslint/eslint-plugin": "*",
     "@typescript-eslint/parser": "*",
     "eslint": "*",
-    "eslint-config-next": "15.0.3",
+    "eslint-config-next": "15.1.0",
     "eslint-config-prettier": "9.1.0",
     "eslint-plugin-import": "2.31.0",
     "eslint-plugin-jest": "28.9.0",
@@ -19,7 +19,7 @@
     "eslint-plugin-playwright": "2.1.0",
     "eslint-plugin-prettier": "5.2.1",
     "eslint-plugin-react": "7.37.2",
-    "eslint-plugin-testing-library": "7.0.0",
-    "prettier": "3.4.1"
+    "eslint-plugin-testing-library": "7.1.1",
+    "prettier": "3.4.2"
   }
 }

src/frontend/packages/i18n/package.json

@@ -1,6 +1,6 @@
 {
   "name": "packages-i18n",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "private": true,
   "scripts": {
     "extract-translation": "yarn extract-translation:impress",

src/frontend/servers/y-provider/Dockerfile

@@ -0,0 +1,42 @@
+FROM node:20-alpine AS y-provider-builder
+
+WORKDIR /home/frontend/
+
+COPY ./src/frontend/package.json ./package.json
+COPY ./src/frontend/yarn.lock ./yarn.lock
+COPY ./src/frontend/servers/y-provider/package.json ./servers/y-provider/package.json
+COPY ./src/frontend/packages/eslint-config-impress/package.json ./packages/eslint-config-impress/package.json
+
+RUN yarn install
+
+COPY ./src/frontend/packages/eslint-config-impress ./packages/eslint-config-impress
+COPY ./src/frontend/servers/y-provider ./servers/y-provider
+
+WORKDIR /home/frontend/servers/y-provider
+RUN yarn build
+
+FROM node:20-alpine AS y-provider
+
+WORKDIR /home/frontend/
+
+COPY ./src/frontend/package.json ./package.json
+COPY ./src/frontend/yarn.lock ./yarn.lock
+COPY ./src/frontend/servers/y-provider/package.json ./servers/y-provider/package.json
+
+WORKDIR /home/frontend/servers/y-provider
+
+COPY --from=y-provider-builder \
+    /home/frontend/servers/y-provider/dist \
+    ./dist
+
+RUN NODE_ENV=production yarn install --frozen-lockfile
+
+# Un-privileged user running the application
+ARG DOCKER_USER
+USER ${DOCKER_USER}
+
+# Copy entrypoint
+COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
+ENTRYPOINT [ "/usr/local/bin/entrypoint" ]
+
+CMD ["yarn", "start"]

src/frontend/servers/y-provider/__tests__/server.test.ts

@@ -14,6 +14,7 @@ jest.mock('../src/env', () => {
     PORT: port,
     COLLABORATION_SERVER_ORIGIN: origin,
     COLLABORATION_SERVER_SECRET: 'test-secret-api-key',
+    Y_PROVIDER_API_KEY: 'yprovider-api-key',
   };
 });
 
@@ -101,11 +102,21 @@ describe('Server Tests', () => {
     expect(response.body.error).toBe('Forbidden: Invalid API Key');
   });
 
+  test('POST /api/convert-markdown with a Bearer token', async () => {
+    const response = await request(app as any)
+      .post('/api/convert-markdown')
+      .set('Origin', origin)
+      .set('Authorization', 'Bearer test-secret-api-key');
+
+    // Warning: Changing the authorization header to Bearer token format will break backend compatibility with this microservice.
+    expect(response.status).toBe(403);
+  });
+
   test('POST /api/convert-markdown with missing body param content', async () => {
     const response = await request(app as any)
       .post('/api/convert-markdown')
       .set('Origin', origin)
-      .set('Authorization', 'test-secret-api-key');
+      .set('Authorization', 'yprovider-api-key');
 
     expect(response.status).toBe(400);
     expect(response.body.error).toBe('Invalid request: missing content');
@@ -115,7 +126,7 @@ describe('Server Tests', () => {
     const response = await request(app as any)
       .post('/api/convert-markdown')
       .set('Origin', origin)
-      .set('Authorization', 'test-secret-api-key')
+      .set('Authorization', 'yprovider-api-key')
       .send({
         content: '',
       });

src/frontend/servers/y-provider/package.json

@@ -1,6 +1,6 @@
 {
   "name": "server-y-provider",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "description": "Y.js provider for docs",
   "repository": "https://github.com/numerique-gouv/impress",
   "license": "MIT",
@@ -16,17 +16,17 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@blocknote/server-util": "0.20.0",
-    "@hocuspocus/server": "2.14.0",
-    "@sentry/node": "8.41.0",
-    "@sentry/profiling-node": "8.41.0",
-    "express": "4.21.1",
+    "@blocknote/server-util": "0.21.0",
+    "@hocuspocus/server": "2.15.0",
+    "@sentry/node": "8.45.1",
+    "@sentry/profiling-node": "8.45.1",
+    "express": "4.21.2",
     "express-ws": "5.0.2",
     "y-protocols": "1.0.6",
     "yjs": "13.6.20"
   },
   "devDependencies": {
-    "@hocuspocus/provider": "2.14.0",
+    "@hocuspocus/provider": "2.15.0",
     "@types/express": "5.0.0",
     "@types/express-ws": "3.0.5",
     "@types/jest": "29.5.14",
@@ -35,7 +35,7 @@
     "@types/ws": "8.5.13",
     "eslint-config-impress": "*",
     "jest": "29.7.0",
-    "nodemon": "3.1.7",
+    "nodemon": "3.1.9",
     "supertest": "7.0.0",
     "ts-jest": "29.2.5",
     "ts-node": "10.9.2",

src/frontend/servers/y-provider/src/env.ts

@@ -4,5 +4,7 @@ export const COLLABORATION_SERVER_ORIGIN =
   process.env.COLLABORATION_SERVER_ORIGIN || 'http://localhost:3000';
 export const COLLABORATION_SERVER_SECRET =
   process.env.COLLABORATION_SERVER_SECRET || 'secret-api-key';
+export const Y_PROVIDER_API_KEY =
+  process.env.Y_PROVIDER_API_KEY || 'yprovider-api-key';
 export const PORT = Number(process.env.PORT || 4444);
 export const SENTRY_DSN = process.env.SENTRY_DSN || '';

src/frontend/servers/y-provider/src/middlewares.ts

@@ -4,10 +4,13 @@ import * as ws from 'ws';
 import {
   COLLABORATION_SERVER_ORIGIN,
   COLLABORATION_SERVER_SECRET,
+  Y_PROVIDER_API_KEY,
 } from '@/env';
 
 import { logger } from './utils';
 
+const VALID_API_KEYS = [COLLABORATION_SERVER_SECRET, Y_PROVIDER_API_KEY];
+
 export const httpSecurity = (
   req: Request,
   res: Response,
@@ -25,8 +28,9 @@ export const httpSecurity = (
   }
 
   // Secret API Key check
+  // Note: Changing this header to Bearer token format will break backend compatibility with this microservice.
   const apiKey = req.headers['authorization'];
-  if (apiKey !== COLLABORATION_SERVER_SECRET) {
+  if (!apiKey || !VALID_API_KEYS.includes(apiKey)) {
     res.status(403).json({ error: 'Forbidden: Invalid API Key' });
     return;
   }

src/frontend/servers/y-provider/src/services/sentry.ts

@@ -6,6 +6,6 @@ import { SENTRY_DSN } from '../env';
 Sentry.init({
   dsn: SENTRY_DSN,
   integrations: [nodeProfilingIntegration()],
-  tracesSampleRate: 1.0,
+  tracesSampleRate: 0.1,
   profilesSampleRate: 1.0,
 });

src/helm/env.d/dev/values.impress.yaml.gotmpl

@@ -11,10 +11,13 @@ backend:
     DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io
     DJANGO_CONFIGURATION: Feature
     DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
+    DJANGO_SERVER_TO_SERVER_API_TOKENS: secret-api-key
     DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
     DJANGO_SETTINGS_MODULE: impress.settings
     DJANGO_SUPERUSER_PASSWORD: admin
+    DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
     DJANGO_EMAIL_HOST: "mailcatcher"
+    DJANGO_EMAIL_LOGO_IMG: https://impress.127.0.0.1.nip.io/assets/logo-suite-numerique.png
     DJANGO_EMAIL_PORT: 1025
     DJANGO_EMAIL_USE_SSL: False
     LOGGING_LEVEL_HANDLERS_CONSOLE: ERROR
@@ -46,13 +49,12 @@ backend:
     POSTGRES_PASSWORD: pass
     REDIS_URL: redis://default:pass@redis-master:6379/1
     AWS_S3_ENDPOINT_URL: http://minio.impress.svc.cluster.local:9000
-    AWS_S3_ACCESS_KEY_ID: impress
+    AWS_S3_ACCESS_KEY_ID: root
     AWS_S3_SECRET_ACCESS_KEY: password
     AWS_STORAGE_BUCKET_NAME: impress-media-storage
     STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
-    AI_API_KEY: **ask antoine**
-    AI_BASE_URL: https://albertine.beta.numerique.gouv.fr/v1/
-    AI_MODEL: meta-llama/Llama-3.1-8B-Instruct
+    Y_PROVIDER_API_BASE_URL: http://impress-y-provider:443/api/
+    Y_PROVIDER_API_KEY: my-secret
 
   migrate:
     command:
@@ -105,6 +107,7 @@ yProvider:
     COLLABORATION_LOGGING: true
     COLLABORATION_SERVER_ORIGIN: https://impress.127.0.0.1.nip.io
     COLLABORATION_SERVER_SECRET: my-secret
+    Y_PROVIDER_API_KEY: my-secret
 
 ingress:
   enabled: true

src/helm/extra/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v2
 name: extra
 description: A Helm chart to add some manifests to impress
 type: application
-version: 1.9.0
+version: 1.10.0

src/helm/helmfile.yaml

@@ -62,6 +62,6 @@ releases:
 environments:
   dev:
     values:
-      - version: 1.9.0
+      - version: 1.10.0
     secrets:
       - env.d/{{ .Environment.Name }}/secrets.enc.yaml

src/helm/impress/Chart.yaml

@@ -1,4 +1,5 @@
 apiVersion: v2
 type: application
-name: impress
-version: 1.9.0
+name: docs
+version: 0.0.1-debug
+appVersion: latest

src/helm/impress/templates/ingress.yaml

@@ -29,7 +29,7 @@ spec:
   {{- if .Values.ingress.tls.enabled }}
   tls:
     {{- if .Values.ingress.host }}
-    - secretName: {{ $fullName }}-tls
+    - secretName: {{ .Values.ingress.tls.secretName | default (printf "%s-tls" $fullName) | quote }}
       hosts:
         - {{ .Values.ingress.host | quote }}
     {{- end }}
@@ -115,4 +115,3 @@ spec:
           {{- end }}
     {{- end }}
 {{- end }}
-

src/helm/impress/templates/ingress_admin.yaml

@@ -29,7 +29,7 @@ spec:
   {{- if .Values.ingressAdmin.tls.enabled }}
   tls:
     {{- if .Values.ingressAdmin.host }}
-    - secretName: {{ $fullName }}-tls
+    - secretName: {{ .Values.ingressAdmin.tls.secretName | default (printf "%s-tls" $fullName) | quote }}
       hosts:
         - {{ .Values.ingressAdmin.host | quote }}
     {{- end }}
@@ -95,4 +95,3 @@ spec:
             {{- end }}
     {{- end }}
 {{- end }}
-

src/helm/impress/templates/ingress_collaboration_api.yaml

@@ -29,7 +29,7 @@ spec:
   {{- if .Values.ingressCollaborationApi.tls.enabled }}
   tls:
     {{- if .Values.ingressCollaborationApi.host }}
-    - secretName: {{ $fullName }}-tls
+    - secretName: {{ .Values.ingressCollaborationApi.tls.secretName | default (printf "%s-tls" $fullName) | quote }}
       hosts:
         - {{ .Values.ingressCollaborationApi.host | quote }}
     {{- end }}
@@ -69,4 +69,3 @@ spec:
           {{- end }}
     {{- end }}
 {{- end }}
-

src/helm/impress/templates/ingress_collaboration_ws.yaml

@@ -29,7 +29,7 @@ spec:
   {{- if .Values.ingressCollaborationWS.tls.enabled }}
   tls:
     {{- if .Values.ingressCollaborationWS.host }}
-    - secretName: {{ $fullName }}-tls
+    - secretName: {{ .Values.ingressCollaborationWS.tls.secretName | default (printf "%s-tls" $fullName) | quote }}
       hosts:
         - {{ .Values.ingressCollaborationWS.host | quote }}
     {{- end }}
@@ -69,4 +69,3 @@ spec:
           {{- end }}
     {{- end }}
 {{- end }}
-

src/helm/impress/templates/ingress_media.yaml

@@ -29,7 +29,7 @@ spec:
   {{- if .Values.ingressMedia.tls.enabled }}
   tls:
     {{- if .Values.ingressMedia.host }}
-    - secretName: {{ $fullName }}-tls
+    - secretName: {{ .Values.ingressMedia.tls.secretName | default (printf "%s-tls" $fullName) | quote }}
       hosts:
         - {{ .Values.ingressMedia.host | quote }}
     {{- end }}

src/helm/impress/templates/secrets.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: backend
-  namespace: {{ .Release.Namespace | quote }}
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": before-hook-creation
-stringData:
-  DJANGO_SUPERUSER_EMAIL: {{ .Values.djangoSuperUserEmail }}
-  DJANGO_SUPERUSER_PASSWORD: {{ .Values.djangoSuperUserPass }}
-  DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
-{{- if .Values.djangoEmailHostUser }}
-  DJANGO_EMAIL_HOST_USER: {{ .Values.djangoEmailHostUser }}
-{{- end }}
-{{- if .Values.djangoEmailHostPassword }}
-  DJANGO_EMAIL_HOST_PASSWORD: {{ .Values.djangoEmailHostPassword }}
-{{- end }}
-  OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}
-  OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
-  AI_API_KEY: {{ .Values.aiApiKey }}
-  AI_BASE_URL: {{ .Values.aiBaseUrl }}

src/helm/impress/values.yaml

@@ -37,12 +37,14 @@ ingress:
   ## @param ingress.hosts Additional host to configure for the Ingress
   hosts: []
   #  - chart-example.local
-  ## @param ingress.tls.enabled Wether to enable TLS for the Ingress
+  ## @param ingress.tls.enabled Weather to enable TLS for the Ingress
+  ## @param ingress.tls.secretName Secret name for TLS config
   ## @skip ingress.tls.additional
   ## @extra ingress.tls.additional[].secretName Secret name for additional TLS config
   ## @extra ingress.tls.additional[].hosts[] Hosts for additional TLS config
   tls:
     enabled: true
+    secretName: null
     additional: []
 
   ## @param ingress.customBackends Add custom backends to ingress
@@ -60,21 +62,23 @@ ingressCollaborationWS:
   ## @param ingress.hosts Additional host to configure for the Ingress
   hosts: []
   #  - chart-example.local
-  ## @param ingressCollaborationWS.tls.enabled Wether to enable TLS for the Ingress
+  ## @param ingressCollaborationWS.tls.enabled Weather to enable TLS for the Ingress
+  ## @param ingressCollaborationWS.tls.secretName Secret name for TLS config
   ## @skip ingressCollaborationWS.tls.additional
   ## @extra ingressCollaborationWS.tls.additional[].secretName Secret name for additional TLS config
   ## @extra ingressCollaborationWS.tls.additional[].hosts[] Hosts for additional TLS config
   tls:
     enabled: true
+    secretName: null
     additional: []
 
   ## @param ingressCollaborationWS.customBackends Add custom backends to ingress
   customBackends: []
 
-  annotations: 
+  annotations:
     nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Can-Edit, X-User-Id"
     nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/collaboration-auth/
-    nginx.ingress.kubernetes.io/enable-websocket: "true" 
+    nginx.ingress.kubernetes.io/enable-websocket: "true"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
     nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
@@ -91,20 +95,23 @@ ingressCollaborationApi:
   ## @param ingress.hosts Additional host to configure for the Ingress
   hosts: []
   #  - chart-example.local
-  ## @param ingressCollaborationApi.tls.enabled Wether to enable TLS for the Ingress
+  ## @param ingressCollaborationApi.tls.enabled Weather to enable TLS for the Ingress
+  ## @param ingressCollaborationApi.tls.secretName Secret name for TLS config
   ## @skip ingressCollaborationApi.tls.additional
   ## @extra ingressCollaborationApi.tls.additional[].secretName Secret name for additional TLS config
   ## @extra ingressCollaborationApi.tls.additional[].hosts[] Hosts for additional TLS config
   tls:
     enabled: true
+    secretName: null
     additional: []
 
   ## @param ingressCollaborationApi.customBackends Add custom backends to ingress
   customBackends: []
 
-  annotations: 
+  annotations:
     nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
 
+
 ## @param ingressAdmin.enabled whether to enable the Ingress or not
 ## @param ingressAdmin.className IngressClass to use for the Ingress
 ## @param ingressAdmin.host Host for the Ingress
@@ -117,12 +124,14 @@ ingressAdmin:
   ## @param ingressAdmin.hosts Additional host to configure for the Ingress
   hosts: [ ]
   #  - chart-example.local
-  ## @param ingressAdmin.tls.enabled Wether to enable TLS for the Ingress
+  ## @param ingressAdmin.tls.enabled Weather to enable TLS for the Ingress
+  ## @param ingressAdmin.tls.secretName Secret name for TLS config
   ## @skip ingressAdmin.tls.additional
   ## @extra ingressAdmin.tls.additional[].secretName Secret name for additional TLS config
   ## @extra ingressAdmin.tls.additional[].hosts[] Hosts for additional TLS config
   tls:
     enabled: true
+    secretName: null
     additional: []
 
 ## @param ingressMedia.enabled whether to enable the Ingress or not
@@ -137,12 +146,14 @@ ingressMedia:
   ## @param ingressMedia.hosts Additional host to configure for the Ingress
   hosts: [ ]
   #  - chart-example.local
-  ## @param ingressMedia.tls.enabled Wether to enable TLS for the Ingress
+  ## @param ingressMedia.tls.enabled Weather to enable TLS for the Ingress
+  ## @param ingressMedia.tls.secretName Secret name for TLS config
   ## @skip ingressMedia.tls.additional
   ## @extra ingressMedia.tls.additional[].secretName Secret name for additional TLS config
   ## @extra ingressMedia.tls.additional[].hosts[] Hosts for additional TLS config
   tls:
     enabled: true
+    secretName: null
     additional: []
 
   annotations:
@@ -214,6 +225,16 @@ backend:
       - "--no-input"
     restartPolicy: Never
 
+ ## @param backend.createsuperuser.command backend migrate command
+ ## @param backend.createsuperuser.restartPolicy backend migrate job restart policy
+  createsuperuser:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - |
+        python manage.py createsuperuser --email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
+    restartPolicy: Never
+
   ## @param backend.probes.liveness.path [nullable] Configure path for backend HTTP liveness probe
   ## @param backend.probes.liveness.targetPort [nullable] Configure port for backend HTTP liveness probe
   ## @param backend.probes.liveness.initialDelaySeconds [nullable] Configure initial delay for backend liveness probe
@@ -442,4 +463,4 @@ yProvider:
   extraVolumeMounts: []
 
   ## @param yProvider.extraVolumes Additional volumes to mount on the yProvider.
-  extraVolumes: []
+  extraVolumes: []

src/mail/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mail_mjml",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "description": "An util to generate html and text django's templates from mjml templates",
   "type": "module",
   "dependencies": {