diff --git a/pica-plume/CHANGELOG.md b/pica-plume/CHANGELOG.md
new file mode 100644
index 0000000000000000000000000000000000000000..931aaa95fd1ab81457ce066dfa2415ac559e371b
--- /dev/null
+++ b/pica-plume/CHANGELOG.md
@@ -0,0 +1,10 @@
+# Version 0.4.0
+
+[Official changelog](https://github.com/Plume-org/Plume/releases/tag/0.4.0-alpha-4), and for our custom image :
+
+* Add a custom Dockerfile based on the official one with a HEALTCHECK, psql client and static env variables
+* Add a custom entrypoint to automatically run the migrations at first launch only and run migration when updating
+* Clean separation of networks
+* Adding a tag to fix the version of image
+* Configure non-secret environment with Docker Compose
+* Update database to PG v12
diff --git a/pica-plume/Dockerfile b/pica-plume/Dockerfile
index 66168fca13797c1c4c3b4b13cb14133d619e5573..d663b8136349eb0ce8da799616e34f695f12df82 100644
--- a/pica-plume/Dockerfile
+++ b/pica-plume/Dockerfile
@@ -1 +1,19 @@
-FROM plumeorg/plume:latest
+ENV PLUME_VERSION=v0.4.0
+
+FROM plumeorg/plume:${PLUME_VERSION}
+
+ENV MIGRATION_DIRECTORY=migrations/postgres
+ENV USE_HTTPS=1
+ENV ROCKET_ADDRESS=0.0.0.0
+ENV ROCKET_PORT=7878
+ENV RUST_BACKTRACE=FULL
+ENV FIRSTLAUNCH_PATH=/firstlaunch/yeah
+
+RUN apt-get update && \
+ apt-get install -y postgresql-client && \
+ rm -rf /var/lib/apt/lists/*
+
+COPY ./entrypoin.sh /entrypoint.sh
+HEALTHCHECK --interval=20s --timeout=3s CMD curl --fail http://localhost:7878 || exit 1
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/pica-plume/README.md b/pica-plume/README.md
index 0e1335d82a4495277d54338798058a11e861ffc2..4ad91ee4263020510d8342d28df5bd1465310a72 100644
--- a/pica-plume/README.md
+++ b/pica-plume/README.md
@@ -1,6 +1,29 @@
-When launching for the first time, we first need to execute the initial database migration and create an admin user. This is done using the following command:
+## Picablog
-`source secrets/plume-first_launch.secrets && ./before_first_launch.sh`
+Ce dossier contient les fichiers nécessaires pour lancer une instance de Plume sur les serveurs de Picasoft.
+Nous nous basons sur l'image officielle car le [Dockerfile](https://github.com/Plume-org/Plume/blob/master/Dockerfile) est bien écrit et léger.
-The service can then be started with `docker-compose up -d`.
+En plus, nous ajoutons :
+
+* Un système d'initialisation directement dans l'image (plutôt que d'avoir [à lancer des commandes manuellement](https://docs.joinplu.me/installation/with/docker))
+* La détection de la mise à jour de l'image pour lancer les migrations
+* Un entrypoint permettant d'attendre que le serveur de base de données soit prêt
+* Des variables d'environnement qui ne devraient pas changer directement dans le Dockerfile
+* Un HEALTHCHECK
+
+### Mise à jour
+
+Mettre à jour `PLUME_VERSION` dans le [Dockerfile](./Dockerfile) et d'ajuster le tag de l'image construite dans le [docker-compose.yml](./docker-compose.yml)
+
+### Configuration et lancement
+
+Copier le fichier `plume.secrets.example` dans `plume.secrets` et `plume_db.secrets.example` dans `plume_db.secrets` et remplacez les valeurs par des mots de passe de production.
+
+**Attention** : `DATABASE_URL` doit refléter les valeurs `POSTGRES_*`.
+
+Lancer :
+
+```bash
+docker-compose up -d
+```
diff --git a/pica-plume/before_first_launch.sh b/pica-plume/before_first_launch.sh
deleted file mode 100755
index d71d13caf71447a4113f584cc20b7af7612f9e77..0000000000000000000000000000000000000000
--- a/pica-plume/before_first_launch.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-docker-compose up -d plumedb
-docker-compose run --rm plume plm migration run
-docker-compose run --rm plume plm search init
-docker-compose run --rm plume plm instance new -d '$URL' -n '$NAME' -l 'CC-BY-SA'
-docker-compose run --rm plume plm users new -n '$ADMIN_USER' -N '$ADMIN_NAME' -b '' -e '$ADMIN_EMAIL' -p '$ADMIN_PASS' --admin
-
diff --git a/pica-plume/docker-compose.yml b/pica-plume/docker-compose.yml
index 3ce827962db82ce734825c08d3d7013fb3c059d2..e58d4538d059ce1ce4e040a639829765fa243b0e 100644
--- a/pica-plume/docker-compose.yml
+++ b/pica-plume/docker-compose.yml
@@ -1,41 +1,52 @@
version: "3"
volumes:
- plumedb-data:
- plume-data:
- plume-searchidx:
+ db:
+ name: "plume_db"
+ data:
+ name: "plume_data"
+ searchidx:
+ name: "plume_index"
+ first-launch:
+ name: "plume_first_launch"
networks:
docker_default:
external: true
+ plume:
+ name: "plume"
services:
- plumedb:
- image: postgres:10.5
- container_name: plumedb
- env_file: plume.env
- restart: always
- volumes:
- - "plumedb-data:/var/lib/postgresql/data"
- networks:
- - docker_default
-
plume:
- image: registry.picasoft.net/pica-plume
+ image: registry.picasoft.net/pica-plume:0.4.0
container_name: plume
- env_file: plume.env
- restart: always
+ env_file:
+ - secrets/plume_db.secrets
+ - secrets/plume.secrets
+ environment:
+ BASE_URL: "blog.picasoft.net"
+ URL: "blog.picasoft.net"
+ NAME: "Picablog"
+ ADMIN_EMAIL: picasoft@assos.utc.fr
volumes:
- - "plume-data:/app/static/media"
- - "./plume.env:/app/.env"
- - "plume-searchidx:/app/search_index"
+ - "data:/app/static/media"
+ - "searchidx:/app/search_index"
+ - "first-launch:/firstlaunch"
labels:
- - "traefik.frontend.rule=Host:blog.picasoft.net"
- - "traefik.enable=true"
- - "traefik.port=7878"
- links:
- - plumedb:plumedb
+ traefik.frontend.rule: "Host:blog.picasoft.net"
+ traefik.enable: true
+ traefik.port: 7878
networks:
+ - plume
- docker_default
+ restart: unless-stopped
-
+plumedb:
+ image: postgres:12
+ container_name: plumedb
+ env_file: plume_db.secrets
+ volumes:
+ - "db:/var/lib/postgresql/data"
+ networks:
+ - plume
+ restart: unless-stopped
diff --git a/pica-plume/entrypoint.sh b/pica-plume/entrypoint.sh
new file mode 100755
index 0000000000000000000000000000000000000000..6e4523f1ada5472b561b53adeb89f95f92974376
--- /dev/null
+++ b/pica-plume/entrypoint.sh
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Checks if Plume has already been launched one
+# Otherwise, initialize the instance and create
+# a file at FIRSTLAUNCH_PATH to indicate that the
+# instance has already been initialized
+# FIRSTLAUNCH_PATH is configured via environment
+#
+# Also manage running migrations when updating
+
+if [ -z "${POSTGRES_PASSWORD}" ]; then
+ echo >&2 'Error : missing required ${POSTGRES_PASSWORD} environment variable, exiting.'
+ exit 1
+fi
+if [ -z "${POSTGRES_USER}" ]; then
+ echo >&2 'Error : missing required ${POSTGRES_USER} environment variable, exiting.'
+ exit 1
+fi
+if [ -z "${POSTGRES_DB}" ]; then
+ echo >&2 'Error : missing required ${POSTGRES_DB} environment variable, exiting.'
+ exit 1
+fi
+
+
+# Wait for database to be ready
+while ! PGPASSWORD="${DB_PASSWORD}" psql -h"${DB_HOST}" -U"${DB_USER}" -d"${DB_NAME}" -c "SELECT 1" &>/dev/null; do
+ echo "Database server not ready yet, re-trying in 5 seconds..."
+ sleep 5
+done
+
+# If first launch, initialize and create marker file
+if [ ! -f ${FIRSTLAUNCH_PATH} ]; then
+ echo "First launch detected."
+ echo "Initialize search index..."
+ plume plm search init
+ echo "Initialize instance..."
+ plume plm instance new -d '$URL' -n '$NAME' -l 'CC-BY-SA'
+ echo "Create admin user..."
+ plume plm users new -n '$ADMIN_USER' -N '$ADMIN_NAME' -b '' -e '$ADMIN_EMAIL' -p '$ADMIN_PASS' --admin
+ echo "Done."
+ touch ${FIRSTLAUNCH_PATH}
+fi
+
+# Check if we updated since last launch
+if [ ${PLUME_VERSION} != $(cat ${FIRSTLAUNCH_PATH}) ]; then
+ # If so, we need to run migrations
+ echo "Instance updated since last launch, running migrations..."
+ plume plm migration run
+fi
+
+# Now write the version if the file
+echo "${PLUME_VERSION}" > ${FIRSTLAUNCH_PATH}
+echo "Launching Plume..."
diff --git a/pica-plume/plume.env b/pica-plume/plume.env
deleted file mode 100644
index e742eff23f4e822a0da6dafd6d9f3677f3654bd2..0000000000000000000000000000000000000000
--- a/pica-plume/plume.env
+++ /dev/null
@@ -1,24 +0,0 @@
-BASE_URL=blog.test.picasoft.net
-# generate one with openssl rand -base64 32
-ROCKET_SECRET_KEY=kkZNhngivtkphj2QXuQLZ3eIPf372+RsTyvHA0AR7tI=
-
-# Mail settings
-#MAIL_SERVER=smtp.example.org
-#MAIL_USER=example
-#MAIL_PASSWORD=123456
-#MAIL_HELO_NAME=example.org
-
-# DATABASE SETUP
-POSTGRES_PASSWORD=passw0rd
-POSTGRES_USER=plume
-POSTGRES_DB=plume
-
-# you can safely leave those defaults
-DATABASE_URL=postgres://plume:passw0rd@plumedb:5432/plume
-MIGRATION_DIRECTORY=migrations/postgres
-USE_HTTPS=1
-ROCKET_ADDRESS=0.0.0.0
-ROCKET_PORT=7878
-
-
-RUST_BACKTRACE=FULL
diff --git a/pica-plume/secrets/plume-first_launch.secrets.example b/pica-plume/secrets/plume-first_launch.secrets.example
deleted file mode 100644
index 38ff9e2f81a7ff4b0bcfe17c82182fe3883aae51..0000000000000000000000000000000000000000
--- a/pica-plume/secrets/plume-first_launch.secrets.example
+++ /dev/null
@@ -1,6 +0,0 @@
-URL=blog.test.picasoft.net
-NAME=PicaTestBlog
-ADMIN_USER=picasoft
-ADMIN_NAME=Picasoft
-ADMIN_PASS=pica2020pica
-ADMIN_EMAIL=pica@picasoft.net
diff --git a/pica-plume/secrets/plume.secrets.example b/pica-plume/secrets/plume.secrets.example
new file mode 100644
index 0000000000000000000000000000000000000000..72eb1566fb9c08d17caffdebf84f131cdf1359ec
--- /dev/null
+++ b/pica-plume/secrets/plume.secrets.example
@@ -0,0 +1,13 @@
+ADMIN_USER=picasoft
+ADMIN_NAME=Picasoft
+ADMIN_PASS=pica2020pica
+
+MAIL_SERVER=smtp.example.org
+#MAIL_USER=example
+#MAIL_PASSWORD=123456
+#MAIL_HELO_NAME=example.org
+
+# Generate one with openssl rand -base64 32
+ROCKET_SECRET_KEY=izhduozygdyuzd
+
+DATABASE_URL=postgres://plume:passw0rd@plumedb:5432/plume
diff --git a/pica-plume/secrets/plume_db.secrets.example b/pica-plume/secrets/plume_db.secrets.example
new file mode 100644
index 0000000000000000000000000000000000000000..fe9cfd04764b7f4fae888e25a78a412cb7df1638
--- /dev/null
+++ b/pica-plume/secrets/plume_db.secrets.example
@@ -0,0 +1,3 @@
+POSTGRES_PASSWORD=passw0rd
+POSTGRES_USER=plume
+POSTGRES_DB=plume