The open-source alternative to Notion, a French government initiative in collaboration with Germany, has become the number 1 topic of discussion on Hacker News over the last 24 hours. In this post, we explain how to deploy and configure Docs on Clever Cloud.

What is Docs?

Docs isn't just an alternative to Notion: it's also a collaborative project from the Direction Interministérielle du Numérique (DINUM) and its German equivalent, the Zentrum Digitale Souveränität (ZENDIS, or Center for Digital Sovereignty).

Docs is one of many initiatives aimed at ensuring the digital sovereignty of governments , not only in their use of digital tools, but also in their creation. At Clever Cloud, we've already had the opportunity to work with various ministries on a daily basis, and we're proud to be able to contribute to the diffusion of these tools.

As Docs currently runs on Kubernetes, we have explored the possibilities of deploying it using Clever Cloud rather than a kube cluster. Of course, you'll be able to deploy it using Kubernetes when our managed kube product becomes available.

How to deploy Docs on Clever Cloud

Docs consists of two main applications:

• A backend (a Django API Rest) in src/backend
• A frontend (mainly based on Next.js and yarn workspaces) in src/frontend

And integrates the following dependencies :

• PostgreSQL database
• Redis
• Keycloak (optional)

To deploy it on Clever Cloud, opt for a Python application for the backend, and a Node.js application for the frontend. There's no need to version each subfolder; you can push your code with Git from the repository root and specify which subfolder to deploy using the APP_FOLDER variable for each of your applications.

Backend deployment

To take the value from the environment variables injected at runtime on Clever Cloud, we've made a few minor modifications to the code, and also renamed the environment variables for the PostgreSQL database and S3 storage. This last modification allows you to modify the database or buckets, change add-ons and renew identifiers without having to manually modify the value of the variables injected into the application. For smooth deployment of Docs on Clever Cloud, clone the branch under development on our fork.

Then, on Clever Cloud:

• Create a Python application
• Add a PostrgreSQL database
• Create a Cellar add-on (or create the bucket directly, if you already have one) and connect it to the application.
• Create a Redis add-on and connect it to the application
• Add the minimum configuration environment variables to your application:

APP_FOLDER="/src/backend"
CC_PYTHON_MODULE="impress.wsgi:application"
CC_PYTHON_VERSION="3"
CC_TROUBLESHOOT="true"
CELLAR_STORAGE_BUCKET_NAME="your-bucket-name"
DJANGO_ALLOWED_HOSTS="frontend-url/*"
DJANGO_CONFIGURATION="Development" / "Production"
DJANGO_SECRET_KEY="YourNewlyGeneratedKeyHere"
DJANGO_SETTINGS_MODULE="impress.settings"
DJANGO_SUPERUSER_PASSWORD=""
OIDC_OP_AUTHORIZATION_ENDPOINT="<>"
OIDC_OP_JWKS_ENDPOINT="<>"
OIDC_OP_TOKEN_ENDPOINT="<>"
OIDC_OP_USER_ENDPOINT="<>"
OIDC_RP_CLIENT_SECRET=""
STATIC_URL="frontend url"

Click on the Exposed configuration tab and add the variables to be shared with the frontend (the Cellar configuration and Keycloak, if you're adding one).

In your application, add the remote provided in the Python application dashboard (Information tab) and name it clever-backend, for example.

Once deployed, you'll be able to connect to the API administration interface on backend-url/admin.

Deploying the frontend

The Docs frontend requires far fewer dependencies, this one is configured to use yarn worspaces that facilitate both maintenance and the deployment of multiple applications on a single virtual machine on Clever Cloud.

On Clever Cloud:

• Create a Node.js application
• Add the following environment variables:

APP_FOLDER="./src/frontend"
CC_NODE_BUILD_TOOL="yarn"
CC_PRE_BUILD_HOOK="cd ./src/frontend && yarn install --frozen-lockfile && yarn app:build"
CC_RUN_COMMAND="cd ./src/frontend && yarn app:start"
CC_TROUBLESHOOT="true"
NEXT_PUBLIC_API_ORIGIN=""
NEXT_PUBLIC_SW_DEACTIVATED="true"
NODE_OPTIONS="--max-old-space-size=4096"

• Connect the application to the backend (Linked services tab), as well as to the database add-on.
• In your application, add the remote provided in the Node.js application dashboard (Information tab) and name it clever-frontend, for example.

Push the code, and you'll be able to connect using the authentication you've defined with Keycloak or the Django API.

Go further with Docs

This article presents an example of deployment on Clever Cloud, but Docs is a rich project with multiple functionalities that you can activate or customize. To work locally, you'll find instructions for starting the frontend here, and for starting the backend here. We welcome questions and contributions!

Dans ce formidable épisode, il est question d'automation et de télétravail, de Rust, d'expérimentation de Fetch dans Node.js, de HTML Dialog Element, du nouveau chip Intel, de grpcurl… et comme toujours on finira en chanson !

👋 Venez discuter avec nous sur @clever_cloudFR pour nous dire ce que vous avez pensé de ce nouvel épisode.

➡️ Pour découvrir ou réécouter d’anciens épisodes c’est par ici !

Timecodes & liens :

00:00:00 Introduction

00:01:30 I automated my job over a year ago and haven't told anyone.
https://www.reddit.com/r/antiwork/comments/s2igq9/i_automated_my_job_over_a_year_ago_and_havent

00:08:45 Include diagrams in your Markdown files with Mermaid
https://github.blog/2022-02-14-include-diagrams-markdown-files-mermaid/

00:12:50 Rust-Written Replacement To GNU Coreutils Progressing, Some Binaries Now Faster
https://www.phoronix.com/scan.php?page=news_item&px=Rust-Coreutils-Jan-2022
https://en.wikipedia.org/wiki/List_of_GNU_Core_Utilities_commands

00:17:25 Real-time, open-source, scalable and extensible orchestration platform
https://kestra.io/
https://medium.com/@kestra-io/introducing-kestra-infinitely-scalable-open-source-orchestration-and-scheduling-platform-8e4d47193616

00:22:25 Fetch arrive en experimental dans Node.js 17.5.0
https://nodejs.org/en/blog/release/v17.5.0/
https://github.com/nodejs/node/commit/76a229c4ff
https://github.com/nodejs/node/issues/19393
https://github.com/nodejs/undici/pull/1183
https://github.com/node-fetch/node-fetch/blob/main/docs/v3-LIMITS.md

00:35:10 Replace JavaScript Dialogs With the New HTML Dialog Element
https://css-tricks.com/replace-javascript-dialogs-html-dialog-element/
https://caniuse.com/dialog

00:40:55 New Intel chips won't play Blu-ray disks due to SGX deprecation
https://www.bleepingcomputer.com/news/security/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation/
'At least' 6.5 exabytes lost after contamination hits Kioxia/WD 3D NAND fabs
https://www.theregister.com/2022/02/10/kioxia_wd_chemical_contamination_flash_fabs/

00:47:45 PHP builtin webserver
https://www.php.net/manual/en/features.commandline.webserver.php

00:51:40 grpCurl - gRPC via command-line
https://github.com/fullstorydev/grpcurl

00:58:30 Choix musical de David Brassely
Groundation - Jah Jah Know
https://www.youtube.com/watch?v=-EOcV2-gI5s

Few days ago, Marak Squires, the developer behind the open-source npm libraries colors and faker, decided to corrupt the libraries, to denounce issues in open-source projects' funding system.

The infinite loop introduced by the developer broke several apps using these libraries by printing the text 'LIBERTY LIBERTY LIBERTY' and non-ASCII characters in the apps' logs.

It causes a lot of trouble as the colors library receives over 20 million weekly downloads on npm alone and has almost 19,000 projects relying on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

How to check if your Node.js app is impacted?

The first thing to do is to check if your app is using the npm libraries 'colors' or 'faker'. To do so, run either:

npm ls colors

Or

npm ls faker

You will get an output like this:

my-project@1.2.3 /home/me/my-project
├─┬ @storybook/addon-docs@5.3.18
│ └─┬ vue-docgen-loader@1.5.0
│   └─┬ jscodeshift@0.7.0
│     └── colors@1.4.0  deduped
├─┬ @storybook/vue@5.3.18
│ └─┬ @storybook/core@5.3.18
│   └─┬ cli-table3@0.5.1
│     └── colors@1.4.0  deduped
└── colors@1.4.0

With this output, we can identify that this project uses 'colors' directly with version 1.4.0 and through transitive dependencies, also in version 1.4.0.

Your app uses 'colors' or 'faker', what can you do?

If your app uses one of these npm libraries, we invite you to check three thing:

Check the version

First of all, you need to check if you're using one of the compromised versions of these libraries:

• colors: 1.4.1, 1.4.2, and 1.4.44-liberty-2
• faker: 6.6.6

Check the package-lock.json

Do you have a package-lock.json? If you don't we invite you to read the documentation and add one to your project.

If you do, you need to force a version which is not compromised (1.4.0 for colors and 5.5.3 for 'faker'). You're using npm? You can try with the module npm-force-resolutions. You're using Yarn? You can use the process described in this documentation.

Update your tools to their latest version

We also invite you to check if the dependencies you use released an update. As an exemple, if you use Storybook, the v6.4.10 released earlier yesterday fixes the issue.

A note for Clever Tools users

By the way, if you use our CLI, the clever-tools, and if you installed it via npm, please upgrade to v2.8.1.