Configuration to deploy using compose

.gitignore

@@ -41,6 +41,7 @@ ENV/
 env.bak/
 venv.bak/
 env.d/development/*
+env.d/production/*
 !env.d/development/*.dist
 env.d/terraform
 

Makefile

@@ -38,13 +38,13 @@ DB_PORT            = 5432
 DOCKER_UID          = $(shell id -u)
 DOCKER_GID          = $(shell id -g)
 DOCKER_USER         = $(DOCKER_UID):$(DOCKER_GID)
-COMPOSE             = DOCKER_USER=$(DOCKER_USER) docker compose
+COMPOSE             = DOCKER_USER=$(DOCKER_USER) ./bin/compose
+COMPOSE_PRODUCTION  = DOCKER_USER=$(DOCKER_USER) COMPOSE_FILE=compose.production.yaml ./bin/compose
 COMPOSE_EXEC        = $(COMPOSE) exec
 COMPOSE_EXEC_APP    = $(COMPOSE_EXEC) app-dev
 COMPOSE_RUN         = $(COMPOSE) run --rm
 COMPOSE_RUN_APP     = $(COMPOSE_RUN) app-dev
 COMPOSE_RUN_CROWDIN = $(COMPOSE_RUN) crowdin crowdin
-WAIT_DB             = @$(COMPOSE_RUN) dockerize -wait tcp://$(DB_HOST):$(DB_PORT) -timeout 60s
 
 # -- Backend
 MANAGE              = $(COMPOSE_RUN_APP) python manage.py
@@ -65,6 +65,19 @@ data/media:
 data/static:
 	@mkdir -p data/static
 
+# -- production volumes
+data/production/media:
+	@mkdir -p data/production/media
+
+data/production/certs:
+	@mkdir -p data/production/certs
+
+data/production/databases/backend:
+	@mkdir -p data/production/databases/backend
+
+data/production/databases/keycloak:
+	@mkdir -p data/production/databases/keycloak
+
 # -- Project
 
 create-env-files: ## Copy the dist env files to env files
@@ -89,6 +102,27 @@ bootstrap: \
 	mails-build
 .PHONY: bootstrap
 
+bootstrap-production: ## Prepare project to run in production mode using docker compose
+bootstrap-production: \
+	env.d/production \
+	data/production/media \
+	data/production/certs \
+	data/production/databases/backend \
+	data/production/databases/keycloak
+bootstrap-production:
+	@echo 'Environment files created in env.d/production'
+	@echo 'Edit them to set good value for your production environment'
+.PHONY: bootstrap-production
+
+run-production: ## Run compose project in production mode
+	@$(COMPOSE_PRODUCTION) up -d ingress
+.PHONY: run-production
+
+stop-production: ## Stop compose project in production mode
+	@$(COMPOSE_PRODUCTION) stop
+.PHONY: stop-production
+
+
 # -- Docker/compose
 build: cache ?= --no-cache
 build: ## build the project containers
@@ -124,8 +158,6 @@ run: ## start the wsgi (production) and development server
 	@$(COMPOSE) up --force-recreate -d celery-dev
 	@$(COMPOSE) up --force-recreate -d y-provider
 	@$(COMPOSE) up --force-recreate -d nginx
-	@echo "Wait for postgresql to be up..."
-	@$(WAIT_DB)
 .PHONY: run
 
 run-with-frontend: ## Start all the containers needed (backend to frontend)
@@ -188,14 +220,12 @@ test-back-parallel: ## run all back-end tests in parallel
 makemigrations:  ## run django makemigrations for the impress project.
 	@echo "$(BOLD)Running makemigrations$(RESET)"
 	@$(COMPOSE) up -d postgresql
-	@$(WAIT_DB)
 	@$(MANAGE) makemigrations
 .PHONY: makemigrations
 
 migrate:  ## run django migrations for the impress project.
 	@echo "$(BOLD)Running migrations$(RESET)"
 	@$(COMPOSE) up -d postgresql
-	@$(WAIT_DB)
 	@$(MANAGE) migrate
 .PHONY: migrate
 
@@ -229,6 +259,8 @@ resetdb: ## flush database and create a superuser "admin"
 	@${MAKE} superuser
 .PHONY: resetdb
 
+# -- Environment variable files
+
 env.d/development/common:
 	cp -n env.d/development/common.dist env.d/development/common
 
@@ -238,6 +270,9 @@ env.d/development/postgresql:
 env.d/development/kc_postgresql:
 	cp -n env.d/development/kc_postgresql.dist env.d/development/kc_postgresql
 
+env.d/production:
+	cp -rnf env.d/production.dist env.d/production
+
 # -- Internationalization
 
 env.d/development/crowdin:

README.md

@@ -52,12 +52,10 @@ Make sure you have a recent version of Docker and [Docker Compose](https://docs.
 
 ```shellscript
 $ docker -v
+  Docker version 27.4.1, build b9d17ea
 
-Docker version 20.10.2, build 2291f61
-
-$ docker compose -v
-
-docker compose version 1.27.4, build 40524192
+$ docker compose version
+  Docker Compose version v2.32.1
 ```
 
 > ⚠️ You may need to run the following commands with sudo but this can be avoided by assigning your user to the `docker` group.
@@ -170,4 +168,4 @@ docs
 Impress is built on top of [Django Rest Framework](https://www.django-rest-framework.org/), [Next.js](https://nextjs.org/), [MinIO](https://min.io/) and [BlocNote.js](https://www.blocknotejs.org/)
 
 ### States ❤️ open source
-Docs is the result of a joint effort lead by the French 🇫🇷🥖 ([DINUM](https://www.numerique.gouv.fr/dinum/)) and German 🇩🇪🥨 government ([ZenDiS](https://zendis.de/)). We are always looking for new public partners feel free to reach out if you are interested in using or contributing to docs.
+Docs is the result of a joint effort lead by the French 🇫🇷🥖 ([DINUM](https://www.numerique.gouv.fr/dinum/)) and German 🇩🇪🥨 government ([ZenDiS](https://zendis.de/)). We are always looking for new public partners feel free to reach out if you are interested in using or contributing to docs.

bin/_config.sh

@@ -6,9 +6,9 @@ REPO_DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd)"
 UNSET_USER=0
 
 TERRAFORM_DIRECTORY="./env.d/terraform"
-COMPOSE_FILE="${REPO_DIR}/docker-compose.yml"
-COMPOSE_PROJECT="docs"
-
+if [ -z ${COMPOSE_FILE+x} ]; then
+    COMPOSE_FILE="${REPO_DIR}/compose.yaml"
+fi
 
 # _set_user: set (or unset) default user id used to run docker commands
 #
@@ -40,9 +40,8 @@ function _set_user() {
 # ARGS   : docker compose command arguments
 function _docker_compose() {
 
-    echo "🐳(compose) project: '${COMPOSE_PROJECT}' file: '${COMPOSE_FILE}'"
+    echo "🐳(compose) project, file: '${COMPOSE_FILE}'"
     docker compose \
-        -p "${COMPOSE_PROJECT}" \
         -f "${COMPOSE_FILE}" \
         --project-directory "${REPO_DIR}" \
         "$@"

bin/update_app_cacert.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+set -o errexit
+
+#  The script is pretty simple. It downloads the latest  cacert.pem  file from the  certifi  package and appends the root certificate from  mkcert  to it. Then it copies the updated  cacert.pem  file to the container. 
+#  The script is executed with the following command: 
+#  $ bin/update_app_cacert.sh docs-production-backend-1
+
+CONTAINER_NAME=${1:-"docs-production-backend-1"}
+
+echo "updating cacert.pem for certifi package in ${CONTAINER_NAME}"
+
+
+curl --create-dirs https://raw.githubusercontent.com/certifi/python-certifi/refs/heads/master/certifi/cacert.pem -o /tmp/certifi/cacert.pem
+cat "$(mkcert -CAROOT)/rootCA.pem" >> /tmp/certifi/cacert.pem
+docker cp /tmp/certifi/cacert.pem ${CONTAINER_NAME}:/usr/local/lib/python3.12/site-packages/certifi/cacert.pem
+
+echo "end patching cacert.pem in ${CONTAINER_NAME}"

compose.production.yaml

@@ -0,0 +1,167 @@
+name: docs-production
+
+services:
+  postgresql:
+    image: postgres:16
+    healthcheck:
+      test: ["CMD", "pg_isready", "-q", "-U", "docs", "-d", "docs"]
+      interval: 1s
+      timeout: 2s
+      retries: 300
+    env_file:
+      - env.d/production/postgresql
+    environment:
+      - PGDATA=/var/lib/postgresql/data/pgdata
+    volumes:
+      - ./data/production/databases/backend:/var/lib/postgresql/data/pgdata
+
+  redis:
+    image: redis:5
+
+  backend-migration:
+    image: lasuite/impress-backend:latest
+    user: ${DOCKER_USER:-1000}
+    command: ["python", "manage.py", "migrate", "--noinput"]
+    environment:
+      - DJANGO_CONFIGURATION=Production
+    env_file:
+      - env.d/production/backend
+      - env.d/production/postgresql
+      - env.d/production/yprovider
+    depends_on:
+      postgresql:
+        condition: service_healthy
+        restart: true
+      redis:
+        condition: service_started
+      minio:
+        condition: service_started
+
+  backend:
+    image: lasuite/impress-backend:latest
+    user: ${DOCKER_USER:-1000}
+    restart: always
+    environment:
+      - DJANGO_CONFIGURATION=Production
+    env_file:
+      - env.d/production/backend
+      - env.d/production/postgresql
+      - env.d/production/yprovider
+    healthcheck:
+      test: ["CMD", "python", "manage.py", "check"]
+      interval: 15s
+      timeout: 30s
+      retries: 20
+      start_period: 10s
+    depends_on:
+      postgresql:
+        condition: service_healthy
+        restart: true
+      backend-migration:
+        condition: service_completed_successfully
+      redis:
+        condition: service_started
+      minio:
+        condition: service_started
+      minio-bootstrap:
+        condition: service_completed_successfully
+
+  celery:
+    user: ${DOCKER_USER:-1000}
+    image: lasuite/impress-backend:latest
+    command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
+    environment:
+      - DJANGO_CONFIGURATION=Production
+    env_file:
+      - env.d/production/backend
+      - env.d/production/postgresql
+      - env.d/production/yprovider
+    depends_on:
+      - backend
+
+  frontend:
+    image: lasuite/impress-frontend:latest
+    user: ${DOCKER_USER:-1000}
+
+  y-provider:
+    image: lasuite/impress-y-provider:latest
+    user: ${DOCKER_USER:-1000}
+    env_file:
+      - env.d/production/yprovider
+
+  kc_postgresql:
+    image: postgres:16
+    healthcheck:
+      test: ["CMD", "pg_isready", "-q", "-U", "keycloak", "-d", "keycloak"]
+      interval: 1s
+      timeout: 2s
+      retries: 300    
+    env_file:
+      - env.d/production/kc_postgresql
+    environment:
+      - PGDATA=/var/lib/postgresql/data/pgdata
+    volumes:
+      - ./data/production/databases/keycloak:/var/lib/postgresql/data/pgdata
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:26.1.0
+    command: ["start"]
+    env_file:
+      - env.d/production/keycloak
+      - env.d/production/kc_postgresql
+    ports:
+      - "8443:8443"
+    volumes:
+      - ${DOCS_PROD_KEYCLOAK_CERT_FOLDER:-./data/production/certs}:/etc/ssl/certs:ro
+    depends_on:
+      kc_postgresql:
+        condition: service_healthy
+        restart: true
+
+  minio-bootstrap:
+    image: minio/mc
+    env_file:
+      - env.d/production/minio
+    depends_on:
+      minio:
+        condition: service_healthy
+        restart: true
+    entrypoint: >
+      sh -c "
+      /usr/bin/mc alias set docs http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD} && \
+      /usr/bin/mc mb --ignore-existing docs/docs-media-storage && \
+      /usr/bin/mc version enable docs/docs-media-storage && \
+      exit 0;"
+
+  minio:
+    user: ${DOCKER_USER:-1000}
+    image: minio/minio
+    env_file:
+      - env.d/production/minio
+    healthcheck:
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 1s
+      timeout: 20s
+      retries: 300
+    entrypoint: ""
+    command: minio server /data
+    volumes:
+      - ./data/production/media:/data
+
+  ingress:
+    image: nginx:1.27
+    ports:
+      - "${DOCS_PROD_NGING_PORT:-443}:8083"
+    volumes:
+      - ./docker/files/production/etc/nginx/conf.d:/etc/nginx/conf.d:ro
+      - ${DOCS_PROD_NGINX_CERT_FOLDER:-./data/production/certs}:/etc/nginx/ssl:ro
+    depends_on:
+      frontend:
+        condition: service_started
+      y-provider:
+        condition: service_started
+      keycloak:
+        condition: service_started
+      backend:
+        condition: service_healthy
+        restart: true