rename AI env vars for v5.x (AI_API_KEY -> OPENAI_SDK_API_KEY, AI_BASE_URL -> OPENAI_SDK_BASE_URL)

Reviewed-on: https://git.coopcloud.tech/coop-cloud/lasuite-docs/pulls/14

.env.sample

@@ -66,3 +66,9 @@ OIDC_AUTH_REQUEST_EXTRA_PARAMS='{"acr_values": "eidas1"}'
 LOGGING_LEVEL_HANDLERS_CONSOLE=INFO
 LOGGING_LEVEL_LOGGERS_ROOT=INFO
 LOGGING_LEVEL_LOGGERS_APP=INFO
+
+##############################################################################
+# MIGRATIONS
+##############################################################################
+# Set to false to disable automatic migrations on backend startup
+# AUTO_MIGRATIONS=true

README.md

@@ -20,11 +20,11 @@
 * `abra app new lasuite-docs --secrets`
 * `abra app config <app-name>`
 * `abra app deploy <app-name>`
-* `abra app cmd <app-name> backend migrate`
-* `abra app restart <app-name> minio-bootstrap` (Note: this will appear to fail, but probably worked! Check `abra app logs <app-name> minio-bootstrap`)
 
-You should then be able to visit the landing page of your app, but not yet to login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section). 
+You should then be able to visit the landing page of your app, but not yet to login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section).
 
+* Migrations run automatically on backend startup. To trigger manually: `abra app cmd <app-name> backend migrate`
+* Minio buckets are created automatically on first deploy. To manually trigger: `abra app cmd <app-name> minio minio_initialize`
 
 ## Configure Authentication
 

abra.sh

@@ -3,6 +3,8 @@
 export ABRA_ENTRYPOINT_VERSION=v5
 export NGINX_CONF_VERSION=v3
 export PG_BACKUP_VERSION=v3
+export MINIO_INITIALIZE_VERSION=v1
+export MIGRATE_VERSION=v1
 
 environment() {
   # this exports all the secrets as environment variables
@@ -10,6 +12,9 @@ environment() {
 }
 
 migrate() {
-  environment
-  python manage.py migrate --noinput
+  /migrate.sh
+}
+
+minio_initialize() {
+  /minio-initialize.sh
 }

compose.yml

@@ -49,10 +49,10 @@ x-common-env: &common-env
   LOGOUT_REDIRECT_URL:
   OIDC_REDIRECT_ALLOWED_HOSTS:
   OIDC_AUTH_REQUEST_EXTRA_PARAMS:
-  # AI (Fixme: remove?)
+  # AI
   AI_FEATURE_ENABLED: "false"
-  AI_BASE_URL: https://openaiendpoint.com
-  AI_API_KEY: password
+  OPENAI_SDK_BASE_URL: https://openaiendpoint.com
+  OPENAI_SDK_API_KEY: password
   AI_MODEL: llama
   # Collaboration
   COLLABORATION_API_URL: https://$DOMAIN/collaboration/api/
@@ -84,14 +84,14 @@ x-minio-env: &minio-env
 
 services:
   app:
-    image: lasuite/impress-frontend:v4.4.0
+    image: lasuite/impress-frontend:v5.1.0
     networks:
       - backend
     deploy:
       labels:
         - "traefik.enable=false"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=0.2.5+v4.4.0"
+        - "coop-cloud.${STACK_NAME}.version=0.3.0+v5.1.0"
     user: "${DOCKER_USER:-1000}"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080"]
@@ -101,11 +101,12 @@ services:
       start_period: 10s
 
   backend:
-    image: lasuite/impress-backend:v4.4.0
+    image: lasuite/impress-backend:v5.1.0
     networks:
-      - backend 
+      - backend
     environment:
       <<: [*common-env, *postgres-env, *yprovider-env]
+      AUTO_MIGRATIONS: "${AUTO_MIGRATIONS:-true}"
     healthcheck:
       test: ["CMD", "/abra-entrypoint.sh", "python", "manage.py", "check"]
       interval: 15s
@@ -114,11 +115,15 @@ services:
       start_period: 10s
     user: "${DOCKER_USER:-1000}"
     command: ["gunicorn", "-c", "/usr/local/etc/gunicorn/impress.py", "impress.wsgi:application"]
-    entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"]
+    entrypoint: >
+      sh -c "if [ \"$$AUTO_MIGRATIONS\" = \"true\" ]; then /migrate.sh; fi && exec /abra-entrypoint.sh /usr/local/bin/entrypoint \"$$@\"" --
     configs:
       - source: abra_entrypoint
         target: /abra-entrypoint.sh
         mode: 0555
+      - source: migrate
+        target: /migrate.sh
+        mode: 0555
     secrets:
       - django_sk
       - django_sp
@@ -131,9 +136,15 @@ services:
       - email_pass
 
   celery:
-    image: lasuite/impress-backend:v4.4.0
+    image: lasuite/impress-backend:v5.1.0
     networks:
       - backend
+    healthcheck:
+      test: ["CMD", "celery", "-A", "impress.celery_app", "inspect", "ping", "--timeout", "5"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
     user: "${DOCKER_USER:-1000}"
     command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
     environment:
@@ -155,20 +166,26 @@ services:
 
 
   y-provider:
-    image: lasuite/impress-y-provider:v4.4.0
+    image: lasuite/impress-y-provider:v5.1.0
     networks:
-      - backend 
+      - backend
+    healthcheck:
+      # y-provider returns 403 on unauthenticated requests; wget exit 4 = network error (server down), anything else = server is responding
+      test: ["CMD-SHELL", "wget -qO /dev/null http://localhost:4444/ 2>/dev/null; test $$? -ne 4"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
     environment: *yprovider-env
     user: "${DOCKER_USER:-1000}"
     entrypoint: >
       sh -c "export Y_PROVIDER_API_KEY=\"$$(cat /run/secrets/y_api_key)\" && exec /usr/local/bin/entrypoint \"$$@\"" --
     command: ["yarn", "start"]
-    # NOTE: healthcheck - `wget` is available in the container, but `wget http://localhost:4444` gives a 403
     secrets:
       - y_api_key
 
   db:
-    image: postgres:16
+    image: pgautoupgrade/pgautoupgrade:18-debian
     networks:
       - backend 
     healthcheck:
@@ -178,7 +195,7 @@ services:
       retries: 300
     environment:
       <<: *postgres-env
-      PGDATA: var/lib/postgresql/data/pgdata
+      PGDATA: /var/lib/postgresql/data/pgdata
     volumes:
       - postgres:/var/lib/postgresql/data/pgdata
     deploy:
@@ -195,32 +212,14 @@ services:
       - postgres_p
 
   redis:
-    image: redis:8
-    networks:
-      - backend 
-
-  minio-bootstrap:
-    # NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale`
-    image: minio/mc:RELEASE.2025-05-21T01-59-54Z
-    environment: *minio-env
+    image: redis:8.2.6
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
     networks:
       - backend
-    entrypoint: >
-      sh -c "
-      MINIO_ROOT_USER=\"\$$(cat /run/secrets/minio_ru)\" &&   
-      MINIO_ROOT_PASSWORD=\"\$$(cat /run/secrets/minio_rp)\" &&   
-      /usr/bin/mc alias set docs http://minio:9000 \$${MINIO_ROOT_USER} \"\$${MINIO_ROOT_PASSWORD}\" &&
-      /usr/bin/mc mb --ignore-existing docs/docs-media-storage &&
-      /usr/bin/mc version enable docs/docs-media-storage &&
-      exit 0"
-    deploy:
-      mode: replicated
-      replicas: 0
-      restart_policy:
-        condition: none
-    secrets:
-      - minio_rp
-      - minio_ru
 
   minio:
     image: minio/minio:RELEASE.2025-05-24T17-08-30Z
@@ -233,7 +232,8 @@ services:
     networks:
       - backend
     command: minio server /data
-    entrypoint: ["/usr/bin/docker-entrypoint.sh"]
+    entrypoint: >
+      sh -c "/minio-initialize.sh & exec /usr/bin/docker-entrypoint.sh \"$$@\"" --
     volumes:
       - minio:/data
     deploy:
@@ -244,12 +244,21 @@ services:
       - source: abra_entrypoint
         target: /abra-entrypoint.sh
         mode: 0555
+      - source: minio_initialize
+        target: /minio-initialize.sh
+        mode: 0555
     secrets:
       - minio_rp
       - minio_ru
 
   web:
-    image: nginx:1.29
+    image: nginx:1.30.0
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8083"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
     configs:
       - source: nginx_conf
         target: /etc/nginx/conf.d/default.conf
@@ -291,6 +300,12 @@ configs:
   abra_entrypoint:
     name: ${STACK_NAME}_entrypoint_${ABRA_ENTRYPOINT_VERSION}
     file: abra-entrypoint.sh
+  minio_initialize:
+    name: ${STACK_NAME}_minio_initialize_${MINIO_INITIALIZE_VERSION}
+    file: minio-initialize.sh
+  migrate:
+    name: ${STACK_NAME}_migrate_${MIGRATE_VERSION}
+    file: migrate.sh
 
 secrets:
   django_sk:

migrate.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+# Load secrets into environment
+source /abra-entrypoint.sh -e
+
+# Wait for database to be ready (up to 30 seconds)
+i=0
+while ! python manage.py check --database default 2>/dev/null; do
+  i=$((i+1))
+  if [ "$i" -ge 30 ]; then
+    echo "migrate: timed out waiting for database" >&2
+    exit 1
+  fi
+  sleep 1
+done
+
+# Idempotent: skip if no pending migrations
+if python manage.py migrate --check > /dev/null 2>&1; then
+  echo "migrate: no pending migrations, skipping"
+  exit 0
+fi
+
+echo "migrate: applying pending migrations..."
+python manage.py migrate --noinput
+echo "migrate: done"

minio-initialize.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+set -e
+
+# Wait for minio to be ready (up to 60 seconds)
+i=0
+while ! mc ready local 2>/dev/null; do
+  i=$((i+1))
+  if [ "$i" -ge 60 ]; then
+    echo "minio-initialize: timed out waiting for minio to be ready" >&2
+    exit 1
+  fi
+  sleep 1
+done
+
+MINIO_ROOT_USER="$(cat /run/secrets/minio_ru)"
+MINIO_ROOT_PASSWORD="$(cat /run/secrets/minio_rp)"
+
+mc alias set docs http://localhost:9000 "${MINIO_ROOT_USER}" "${MINIO_ROOT_PASSWORD}"
+
+# Idempotent: skip if bucket already exists
+if mc ls docs/docs-media-storage > /dev/null 2>&1; then
+  echo "minio-initialize: bucket 'docs-media-storage' already exists, skipping"
+  exit 0
+fi
+
+echo "minio-initialize: creating bucket 'docs-media-storage'..."
+mc mb docs/docs-media-storage
+mc version enable docs/docs-media-storage
+echo "minio-initialize: done"

pg_backup.sh

@@ -10,7 +10,7 @@ function backup {
 }
 
 function restore {
-    cd /var/lib/postgresql/data/
+    cd /var/lib/postgresql/data/pgdata/
     restore_config(){
         # Restore allowed connections
         cat pg_hba.conf.bak > pg_hba.conf

release/0.2.6+v4.5.0

@@ -0,0 +1,4 @@
+upgraded to v4.5.0, and also switched from postgres:16 to pgautoupgrade/pgautoupgrade:18-bookworm
+for automatic major version upgrades
+
+no actions by operator should be necessary