Juan/lasuite

[yamijuan]

PR Type

Enhancement, Documentation

---

Description

• Added LaSuite documentation service configuration

• Created directory structure for service deployment

• Added Docker Compose configuration for docs service

• Included environment variable templates

---

Changes walkthrough 📝

	Relevant files
Documentation	6 files README.md Add placeholder for helper scripts                                              +1/-0      README.md Add placeholder for service state and logs                              +1/-0      README.md Add placeholder for docs helper scripts                                    +1/-0      README.md Add placeholder for docs service data                                        +1/-0      README.md Add placeholder for docs config files                                        +1/-0      README.md Add placeholder for config files                                                  +1/-0
Configuration changes	4 files docker-compose.yaml Add Docker Compose configuration for docs service                +148/-0  backend Add backend environment variable templates                              +65/-0    common Add common environment variables configuration                      +7/-0      yprovider Add Y-provider environment configuration                                  +7/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[pr-agent-monadical]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The docker-compose.yaml and environment variable templates contain placeholders for multiple sensitive credentials (DJANGO_SECRET_KEY, AWS_S3_ACCESS_KEY_ID, AWS_S3_SECRET_ACCESS_KEY, OIDC_RP_CLIENT_SECRET, AI_API_KEY, Y_PROVIDER_API_KEY, COLLABORATION_SERVER_SECRET). While these are just templates, there should be clear instructions to ensure these values are properly secured and not committed to version control when populated with actual secrets.

⚡ Recommended focus areas for review Configuration Error The y-provider service has an incorrect entrypoint configuration. The entrypoint should be a command, but environment variables are being passed instead. This will likely cause the service to fail on startup. entrypoint: - Y_PROVIDER_API_KEY=${Y_PROVIDER_API_KEY} - COLLABORATION_SERVER_SECRET=${COLLABORATION_SERVER_SECRET} - COLLABORATION_SERVER_ORIGIN=https://${DOCS_HOST} - COLLABORATION_API_URL=https://${DOCS_HOST}/collaboration/api/ - COLLABORATION_WS_URL=wss://${DOCS_HOST}/collaboration/ws/ - COLLABORATION_BACKEND_BASE_URL=https://${DOCS_HOST} - COLLABORATION_LOGGING=true Security Concern The docker-compose file contains placeholder values for sensitive configuration that should be properly secured before deployment, including API keys, secrets, and credentials. - DJANGO_ALLOWED_HOSTS=${DOCS_HOST} - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY} - DJANGO_SETTINGS_MODULE=impress.settings - DJANGO_CONFIGURATION=Production # Logging # Set to DEBUG level for dev only - LOGGING_LEVEL_HANDLERS_CONSOLE=ERROR - LOGGING_LEVEL_LOGGERS_ROOT=INFO - LOGGING_LEVEL_LOGGERS_APP=INFO # Python - PYTHONPATH=/app # Mail - DJANGO_EMAIL_HOST=${DJANGO_EMAIL_HOST} - DJANGO_EMAIL_HOST_USER=${DJANGO_EMAIL_HOST_USER} - DJANGO_EMAIL_HOST_PASSWORD=${DJANGO_EMAIL_HOST_PASSWORD} - DJANGO_EMAIL_PORT=${DJANGO_EMAIL_PORT} - DJANGO_EMAIL_FROM=${DJANGO_EMAIL_FROM} #DJANGO_EMAIL_USE_TLS=true # A flag to enable or disable TLS for email sending. #DJANGO_EMAIL_USE_SSL=true # A flag to enable or disable SSL for email sending. - DJANGO_EMAIL_BRAND_NAME="Monadical" # DJANGO_EMAIL_LOGO_IMG="https://${DOCS_HOST}/assets/logo-suite-numerique.png" # Media - AWS_S3_ENDPOINT_URL=https://${S3_HOST} - AWS_S3_ACCESS_KEY_ID=${AWS_S3_ACCESS_KEY_ID} - AWS_S3_SECRET_ACCESS_KEY=${AWS_S3_SECRET_ACCESS_KEY} - AWS_STORAGE_BUCKET_NAME=${BUCKET_NAME} - MEDIA_BASE_URL=https://${DOCS_HOST} # OIDC - OIDC_OP_JWKS_ENDPOINT=${OIDC_OP_JWKS_ENDPOINT} - OIDC_OP_AUTHORIZATION_ENDPOINT=${OIDC_OP_AUTHORIZATION_ENDPOINT} - OIDC_OP_TOKEN_ENDPOINT=${OIDC_OP_TOKEN_ENDPOINT} - OIDC_OP_USER_ENDPOINT=${OIDC_OP_USER_ENDPOINT} - OIDC_OP_LOGOUT_ENDPOINT=${OIDC_OP_LOGOUT_ENDPOINT} - OIDC_RP_CLIENT_ID=${OIDC_RP_CLIENT_ID} - OIDC_RP_CLIENT_SECRET=${OIDC_RP_CLIENT_SECRET} - OIDC_RP_SIGN_ALGO=RS256 - OIDC_RP_SCOPES="openid email" #USER_OIDC_FIELD_TO_SHORTNAME #USER_OIDC_FIELDS_TO_FULLNAME - LOGIN_REDIRECT_URL=https://${DOCS_HOST} - LOGIN_REDIRECT_URL_FAILURE=https://${DOCS_HOST} - LOGOUT_REDIRECT_URL=https://${DOCS_HOST} - OIDC_REDIRECT_ALLOWED_HOSTS=["https://${DOCS_HOST}"] # AI - AI_FEATURE_ENABLED=true # is false by default - AI_BASE_URL=${AI_BASE_URL} - AI_API_KEY=${AI_API_KEY} - AI_MODEL=${AI_MODEL} # e.g. llama