rename AI env vars for v5.x (AI_API_KEY -> OPENAI_SDK_API_KEY, AI_BASE_URL -> OPENAI_SDK_BASE_URL)

Reviewed-on: https://git.coopcloud.tech/coop-cloud/lasuite-docs/pulls/14

.env.sample

@@ -66,3 +66,9 @@ OIDC_AUTH_REQUEST_EXTRA_PARAMS='{"acr_values": "eidas1"}'
 LOGGING_LEVEL_HANDLERS_CONSOLE=INFO
 LOGGING_LEVEL_LOGGERS_ROOT=INFO
 LOGGING_LEVEL_LOGGERS_APP=INFO
+
+##############################################################################
+# MIGRATIONS
+##############################################################################
+# Set to false to disable automatic migrations on backend startup
+# AUTO_MIGRATIONS=true

README.md

@@ -20,12 +20,12 @@
 * `abra app new lasuite-docs --secrets`
 * `abra app config <app-name>`
 * `abra app deploy <app-name>`
-* `abra app cmd <app-name> backend migrate`
+
+You should then be able to visit the landing page of your app, but not yet to login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section).
+
+* Migrations run automatically on backend startup. To trigger manually: `abra app cmd <app-name> backend migrate`
 * Minio buckets are created automatically on first deploy. To manually trigger: `abra app cmd <app-name> minio minio_initialize`
 
-You should then be able to visit the landing page of your app, but not yet to login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section). 
-
-
 ## Configure Authentication
 
 lasuite-docs **requires** an OpenID Connect (OIDC) single sign-on provider; deployment has been tested with [Keycloak](https://git.coopcloud.tech/coop-cloud/keycloak), which we recommend, or you could also try [Authentik](https://git.coopcloud.tech/coop-cloud/authentik), both of which are installable using Co-op Cloud.

abra.sh

@@ -4,6 +4,7 @@ export ABRA_ENTRYPOINT_VERSION=v5
 export NGINX_CONF_VERSION=v3
 export PG_BACKUP_VERSION=v3
 export MINIO_INITIALIZE_VERSION=v1
+export MIGRATE_VERSION=v1
 
 environment() {
   # this exports all the secrets as environment variables
@@ -11,8 +12,7 @@ environment() {
 }
 
 migrate() {
-  environment
-  python manage.py migrate --noinput
+  /migrate.sh
 }
 
 minio_initialize() {

compose.yml

@@ -49,10 +49,10 @@ x-common-env: &common-env
   LOGOUT_REDIRECT_URL:
   OIDC_REDIRECT_ALLOWED_HOSTS:
   OIDC_AUTH_REQUEST_EXTRA_PARAMS:
-  # AI (Fixme: remove?)
+  # AI
   AI_FEATURE_ENABLED: "false"
-  AI_BASE_URL: https://openaiendpoint.com
-  AI_API_KEY: password
+  OPENAI_SDK_BASE_URL: https://openaiendpoint.com
+  OPENAI_SDK_API_KEY: password
   AI_MODEL: llama
   # Collaboration
   COLLABORATION_API_URL: https://$DOMAIN/collaboration/api/
@@ -84,14 +84,14 @@ x-minio-env: &minio-env
 
 services:
   app:
-    image: lasuite/impress-frontend:v4.5.0
+    image: lasuite/impress-frontend:v5.1.0
     networks:
       - backend
     deploy:
       labels:
         - "traefik.enable=false"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=0.2.7+v4.5.0"
+        - "coop-cloud.${STACK_NAME}.version=0.3.0+v5.1.0"
     user: "${DOCKER_USER:-1000}"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080"]
@@ -101,11 +101,12 @@ services:
       start_period: 10s
 
   backend:
-    image: lasuite/impress-backend:v4.5.0
+    image: lasuite/impress-backend:v5.1.0
     networks:
-      - backend 
+      - backend
     environment:
       <<: [*common-env, *postgres-env, *yprovider-env]
+      AUTO_MIGRATIONS: "${AUTO_MIGRATIONS:-true}"
     healthcheck:
       test: ["CMD", "/abra-entrypoint.sh", "python", "manage.py", "check"]
       interval: 15s
@@ -114,11 +115,15 @@ services:
       start_period: 10s
     user: "${DOCKER_USER:-1000}"
     command: ["gunicorn", "-c", "/usr/local/etc/gunicorn/impress.py", "impress.wsgi:application"]
-    entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"]
+    entrypoint: >
+      sh -c "if [ \"$$AUTO_MIGRATIONS\" = \"true\" ]; then /migrate.sh; fi && exec /abra-entrypoint.sh /usr/local/bin/entrypoint \"$$@\"" --
     configs:
       - source: abra_entrypoint
         target: /abra-entrypoint.sh
         mode: 0555
+      - source: migrate
+        target: /migrate.sh
+        mode: 0555
     secrets:
       - django_sk
       - django_sp
@@ -131,9 +136,15 @@ services:
       - email_pass
 
   celery:
-    image: lasuite/impress-backend:v4.5.0
+    image: lasuite/impress-backend:v5.1.0
     networks:
       - backend
+    healthcheck:
+      test: ["CMD", "celery", "-A", "impress.celery_app", "inspect", "ping", "--timeout", "5"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
     user: "${DOCKER_USER:-1000}"
     command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
     environment:
@@ -155,15 +166,21 @@ services:
 
 
   y-provider:
-    image: lasuite/impress-y-provider:v4.5.0
+    image: lasuite/impress-y-provider:v5.1.0
     networks:
-      - backend 
+      - backend
+    healthcheck:
+      # y-provider returns 403 on unauthenticated requests; wget exit 4 = network error (server down), anything else = server is responding
+      test: ["CMD-SHELL", "wget -qO /dev/null http://localhost:4444/ 2>/dev/null; test $$? -ne 4"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
     environment: *yprovider-env
     user: "${DOCKER_USER:-1000}"
     entrypoint: >
       sh -c "export Y_PROVIDER_API_KEY=\"$$(cat /run/secrets/y_api_key)\" && exec /usr/local/bin/entrypoint \"$$@\"" --
     command: ["yarn", "start"]
-    # NOTE: healthcheck - `wget` is available in the container, but `wget http://localhost:4444` gives a 403
     secrets:
       - y_api_key
 
@@ -195,9 +212,14 @@ services:
       - postgres_p
 
   redis:
-    image: redis:8
+    image: redis:8.2.6
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
     networks:
-      - backend 
+      - backend
 
   minio:
     image: minio/minio:RELEASE.2025-05-24T17-08-30Z
@@ -230,7 +252,13 @@ services:
       - minio_ru
 
   web:
-    image: nginx:1.29
+    image: nginx:1.30.0
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8083"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
     configs:
       - source: nginx_conf
         target: /etc/nginx/conf.d/default.conf
@@ -275,6 +303,9 @@ configs:
   minio_initialize:
     name: ${STACK_NAME}_minio_initialize_${MINIO_INITIALIZE_VERSION}
     file: minio-initialize.sh
+  migrate:
+    name: ${STACK_NAME}_migrate_${MIGRATE_VERSION}
+    file: migrate.sh
 
 secrets:
   django_sk:

migrate.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+# Load secrets into environment
+source /abra-entrypoint.sh -e
+
+# Wait for database to be ready (up to 30 seconds)
+i=0
+while ! python manage.py check --database default 2>/dev/null; do
+  i=$((i+1))
+  if [ "$i" -ge 30 ]; then
+    echo "migrate: timed out waiting for database" >&2
+    exit 1
+  fi
+  sleep 1
+done
+
+# Idempotent: skip if no pending migrations
+if python manage.py migrate --check > /dev/null 2>&1; then
+  echo "migrate: no pending migrations, skipping"
+  exit 0
+fi
+
+echo "migrate: applying pending migrations..."
+python manage.py migrate --noinput
+echo "migrate: done"