bump to 0.2.9+v4.5.0

add healthchecks for celery, y-provider, redis, and web
pin redis and nginx to full semver tags
2026-02-20 19:51:18 +00:00 · 2026-02-20 19:33:12 +00:00 · 2026-02-20 19:30:55 +00:00 · 2026-02-20 14:19:15 -05:00 · 2026-02-20 19:15:10 +00:00 · 2026-02-20 19:15:02 +00:00
6 changed files with 117 additions and 36 deletions
--- a/.env.sample
+++ b/.env.sample
@ -66,3 +66,9 @@ OIDC_AUTH_REQUEST_EXTRA_PARAMS='{"acr_values": "eidas1"}'
 LOGGING_LEVEL_HANDLERS_CONSOLE=INFO
 LOGGING_LEVEL_LOGGERS_ROOT=INFO
 LOGGING_LEVEL_LOGGERS_APP=INFO
+
+##############################################################################
+# MIGRATIONS
+##############################################################################
+# Set to false to disable automatic migrations on backend startup
+# AUTO_MIGRATIONS=true
--- a/README.md
+++ b/README.md
@ -20,11 +20,11 @@
 * `abra app new lasuite-docs --secrets`
 * `abra app config <app-name>`
 * `abra app deploy <app-name>`
-* `abra app cmd <app-name> backend migrate`
-* `abra app restart <app-name> minio-bootstrap` (Note: this will appear to fail, but probably worked! Check `abra app logs <app-name> minio-bootstrap`)

-You should then be able to visit the landing page of your app, but not yet to login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section). 
+You should then be able to visit the landing page of your app, but not yet to login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section).

+* Migrations run automatically on backend startup. To trigger manually: `abra app cmd <app-name> backend migrate`
+* Minio buckets are created automatically on first deploy. To manually trigger: `abra app cmd <app-name> minio minio_initialize`

 ## Configure Authentication

--- a/abra.sh
+++ b/abra.sh
@ -3,6 +3,8 @@
 export ABRA_ENTRYPOINT_VERSION=v5
 export NGINX_CONF_VERSION=v3
 export PG_BACKUP_VERSION=v3
+export MINIO_INITIALIZE_VERSION=v1
+export MIGRATE_VERSION=v1

 environment() {
  # this exports all the secrets as environment variables
@ -10,6 +12,9 @@ environment() {
 }

 migrate() {
-  environment
-  python manage.py migrate --noinput
+  /migrate.sh
+}
+
+minio_initialize() {
+  /minio-initialize.sh
 }
--- a/compose.yml
+++ b/compose.yml
@ -91,7 +91,7 @@ services:
      labels:
        - "traefik.enable=false"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=0.2.6+v4.5.0"
+        - "coop-cloud.${STACK_NAME}.version=0.2.9+v4.5.0"
    user: "${DOCKER_USER:-1000}"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080"]
@ -103,9 +103,10 @@ services:
  backend:
    image: lasuite/impress-backend:v4.5.0
    networks:
-      - backend 
+      - backend
    environment:
      <<: [*common-env, *postgres-env, *yprovider-env]
+      AUTO_MIGRATIONS: "${AUTO_MIGRATIONS:-true}"
    healthcheck:
      test: ["CMD", "/abra-entrypoint.sh", "python", "manage.py", "check"]
      interval: 15s
@ -114,11 +115,15 @@ services:
      start_period: 10s
    user: "${DOCKER_USER:-1000}"
    command: ["gunicorn", "-c", "/usr/local/etc/gunicorn/impress.py", "impress.wsgi:application"]
-    entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"]
+    entrypoint: >
+      sh -c "if [ \"$$AUTO_MIGRATIONS\" = \"true\" ]; then /migrate.sh; fi && exec /abra-entrypoint.sh /usr/local/bin/entrypoint \"$$@\"" --
    configs:
      - source: abra_entrypoint
        target: /abra-entrypoint.sh
        mode: 0555
+      - source: migrate
+        target: /migrate.sh
+        mode: 0555
    secrets:
      - django_sk
      - django_sp
@ -134,6 +139,12 @@ services:
    image: lasuite/impress-backend:v4.5.0
    networks:
      - backend
+    healthcheck:
+      test: ["CMD", "celery", "-A", "impress.celery_app", "inspect", "ping", "--timeout", "5"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
    user: "${DOCKER_USER:-1000}"
    command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
    environment:
@ -157,13 +168,19 @@ services:
  y-provider:
    image: lasuite/impress-y-provider:v4.5.0
    networks:
-      - backend 
+      - backend
+    healthcheck:
+      # y-provider returns 403 on unauthenticated requests; wget exit 4 = network error (server down), anything else = server is responding
+      test: ["CMD-SHELL", "wget -qO /dev/null http://localhost:4444/ 2>/dev/null; test $$? -ne 4"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
    environment: *yprovider-env
    user: "${DOCKER_USER:-1000}"
    entrypoint: >
      sh -c "export Y_PROVIDER_API_KEY=\"$$(cat /run/secrets/y_api_key)\" && exec /usr/local/bin/entrypoint \"$$@\"" --
    command: ["yarn", "start"]
-    # NOTE: healthcheck - `wget` is available in the container, but `wget http://localhost:4444` gives a 403
    secrets:
      - y_api_key

@ -195,32 +212,14 @@ services:
      - postgres_p

  redis:
-    image: redis:8
-    networks:
-      - backend 
-
-  minio-bootstrap:
-    # NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale`
-    image: minio/mc:RELEASE.2025-05-21T01-59-54Z
-    environment: *minio-env
+    image: redis:8.0.5
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
    networks:
      - backend
-    entrypoint: >
-      sh -c "
-      MINIO_ROOT_USER=\"\$$(cat /run/secrets/minio_ru)\" &&   
-      MINIO_ROOT_PASSWORD=\"\$$(cat /run/secrets/minio_rp)\" &&   
-      /usr/bin/mc alias set docs http://minio:9000 \$${MINIO_ROOT_USER} \"\$${MINIO_ROOT_PASSWORD}\" &&
-      /usr/bin/mc mb --ignore-existing docs/docs-media-storage &&
-      /usr/bin/mc version enable docs/docs-media-storage &&
-      exit 0"
-    deploy:
-      mode: replicated
-      replicas: 0
-      restart_policy:
-        condition: none
-    secrets:
-      - minio_rp
-      - minio_ru

  minio:
    image: minio/minio:RELEASE.2025-05-24T17-08-30Z
@ -233,7 +232,8 @@ services:
    networks:
      - backend
    command: minio server /data
-    entrypoint: ["/usr/bin/docker-entrypoint.sh"]
+    entrypoint: >
+      sh -c "/minio-initialize.sh & exec /usr/bin/docker-entrypoint.sh \"$$@\"" --
    volumes:
      - minio:/data
    deploy:
@ -244,12 +244,21 @@ services:
      - source: abra_entrypoint
        target: /abra-entrypoint.sh
        mode: 0555
+      - source: minio_initialize
+        target: /minio-initialize.sh
+        mode: 0555
    secrets:
      - minio_rp
      - minio_ru

  web:
-    image: nginx:1.29
+    image: nginx:1.29.5
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8083"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
    configs:
      - source: nginx_conf
        target: /etc/nginx/conf.d/default.conf
@ -291,6 +300,12 @@ configs:
  abra_entrypoint:
    name: ${STACK_NAME}_entrypoint_${ABRA_ENTRYPOINT_VERSION}
    file: abra-entrypoint.sh
+  minio_initialize:
+    name: ${STACK_NAME}_minio_initialize_${MINIO_INITIALIZE_VERSION}
+    file: minio-initialize.sh
+  migrate:
+    name: ${STACK_NAME}_migrate_${MIGRATE_VERSION}
+    file: migrate.sh

 secrets:
  django_sk:
--- a/migrate.sh
+++ b/migrate.sh
@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+# Load secrets into environment
+source /abra-entrypoint.sh -e
+
+# Wait for database to be ready (up to 30 seconds)
+i=0
+while ! python manage.py check --database default 2>/dev/null; do
+  i=$((i+1))
+  if [ "$i" -ge 30 ]; then
+    echo "migrate: timed out waiting for database" >&2
+    exit 1
+  fi
+  sleep 1
+done
+
+# Idempotent: skip if no pending migrations
+if python manage.py migrate --check > /dev/null 2>&1; then
+  echo "migrate: no pending migrations, skipping"
+  exit 0
+fi
+
+echo "migrate: applying pending migrations..."
+python manage.py migrate --noinput
+echo "migrate: done"
--- a/minio-initialize.sh
+++ b/minio-initialize.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+set -e
+
+# Wait for minio to be ready (up to 60 seconds)
+i=0
+while ! mc ready local 2>/dev/null; do
+  i=$((i+1))
+  if [ "$i" -ge 60 ]; then
+    echo "minio-initialize: timed out waiting for minio to be ready" >&2
+    exit 1
+  fi
+  sleep 1
+done
+
+MINIO_ROOT_USER="$(cat /run/secrets/minio_ru)"
+MINIO_ROOT_PASSWORD="$(cat /run/secrets/minio_rp)"
+
+mc alias set docs http://localhost:9000 "${MINIO_ROOT_USER}" "${MINIO_ROOT_PASSWORD}"
+
+# Idempotent: skip if bucket already exists
+if mc ls docs/docs-media-storage > /dev/null 2>&1; then
+  echo "minio-initialize: bucket 'docs-media-storage' already exists, skipping"
+  exit 0
+fi
+
+echo "minio-initialize: creating bucket 'docs-media-storage'..."
+mc mb docs/docs-media-storage
+mc version enable docs/docs-media-storage
+echo "minio-initialize: done"
Author	SHA1	Message	Date
notplants	781f3350c2	bump to 0.2.9+v4.5.0	2026-02-20 19:51:18 +00:00
notplants	c2f923d340	add healthchecks for celery, y-provider, redis, and web	2026-02-20 19:33:12 +00:00
notplants	39287c2b87	pin redis and nginx to full semver tags	2026-02-20 19:30:55 +00:00
notplants	988662f2ca	improve .env.sample	2026-02-20 14:19:15 -05:00
notplants	90d3e6ac69	bump to 0.2.8+v4.5.0	2026-02-20 19:15:10 +00:00
notplants	dcd91e6a6f	add auto-migration on backend startup	2026-02-20 19:15:02 +00:00
notplants	3647245ea4	fix readme	2026-02-20 13:01:45 -05:00
notplants	10d7a66c4a	bump to 0.2.7+v4.5.0	2026-02-20 17:55:01 +00:00
notplants	6b2e1f166e	working on minio-initialize	2026-02-20 11:34:35 -05:00