From 90f2a29a1734b470f3330abbf836d4869c6913a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laur=C3=A9line=20Gu=C3=A9rin?= <zebuline@crocobox.org>
Date: Tue, 21 Apr 2026 08:36:14 +0200
Subject: [PATCH 1/3] empty commit


From 56fda8ef798ee1ba9229c29cfeab88041922c2f7 Mon Sep 17 00:00:00 2001
From: Mathieu Agopian <mathieu@agopian.info>
Date: Wed, 29 Apr 2026 16:52:41 +0200
Subject: [PATCH 2/3] No FC proxy in production (#826)

---
 .env                         |  3 ---
 .github/workflows/pytest.yml | 11 ++++++++++-
 CONTRIBUTING.md              | 13 ++++++++-----
 ami/settings.py              |  7 ++++++-
 4 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/.env b/.env
index bf6db38ee..a2230f7ba 100644
--- a/.env
+++ b/.env
@@ -12,9 +12,6 @@ PUBLIC_MATOMO_URL="https://stats.data.gouv.fr/"
 PUBLIC_MATOMO_CDN_URL="https://stats.data.gouv.fr/"
 PUBLIC_MATOMO_SITE_ID="315"
 
-#### FranceConnect login proxy. This should be empty in production.
-PUBLIC_FC_PROXY="https://ami-fc-proxy-dev.osc-fr1.scalingo.io/"
-
 #### FranceConnect AMI variables
 FC_AMI_CLIENT_ID="33fe498cc172fe691778912a2967baa650b24f1ae0ebbe47ae552f37b2d25ead"
 FC_AMI_CLIENT_SECRET="fake secret for AMI"
diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml
index 6676eca78..1441435e1 100644
--- a/.github/workflows/pytest.yml
+++ b/.github/workflows/pytest.yml
@@ -24,7 +24,13 @@ jobs:
         working-directory: ./public/mobile-app
         run: npm ci
 
-      - run: make lint-and-format
+      - name: lint-and-format
+        env:
+          AUTH_COOKIE_JWT_SECRET: secret
+          PARTNERS_PSL_SECRET: secret
+          PUBLIC_WEBSITE_PUBLIC: true
+          PUBLIC_FC_PROXY: https://ami-fc-proxy-dev.osc-fr1.scalingo.io/
+        run: make lint-and-format
 
   run-tests:
     name: python
@@ -66,6 +72,8 @@ jobs:
           echo "PARTNERS_DINUM_AMI_SECRET=\"secret\"" >> .env.local
 
       - name: Run tests
+        env:
+          PUBLIC_FC_PROXY: https://ami-fc-proxy-dev.osc-fr1.scalingo.io/
         run: make test-ci
 
   mobile-app-tests:
@@ -95,4 +103,5 @@ jobs:
           AUTH_COOKIE_JWT_SECRET: secret
           PARTNERS_PSL_SECRET: secret
           PUBLIC_WEBSITE_PUBLIC: true
+          PUBLIC_FC_PROXY: https://ami-fc-proxy-dev.osc-fr1.scalingo.io/
         run: npm test
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index da2f3b78b..7de569dd4 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -74,11 +74,9 @@ from the following files in your environment directory, in this order:
 
     .env # loaded in all cases
     .env.local # loaded in all cases, ignored by git
-    .env.development # loaded only in development
+    .env.development # loaded only in development, values should be overloaded on Scalingo
     .env.development.local # loaded only in development, ignored by git
 
-`.env.development` files are not loaded by the backend unless you add them to your `uv run` command lines.
-
 ### 4. Run Database Migrations
 
 Apply the database schema:
@@ -249,8 +247,13 @@ on Scalingo.
 
 We now use a
 [proxy](https://ami-fc-proxy-dev.osc-fr1.scalingo.io/)
-through the configuration of the `FC_PROXY` env variable in the `.env` file, so
-none of that is needed anymore, it's all been configured once and for all.
+through the configuration of the `FC_PROXY` env variable.
+It needs to be set through Scalingo in the staging and review apps,
+and for local development, it needs to be set in the `.env.local` file.
+
+```
+PUBLIC_FC_PROXY="https://ami-fc-proxy-dev.osc-fr1.scalingo.io/"
+```
 
 ## Pro Connect
 
diff --git a/ami/settings.py b/ami/settings.py
index 613e7e3b3..73053f91b 100644
--- a/ami/settings.py
+++ b/ami/settings.py
@@ -250,7 +250,12 @@ def before_send(event, hint):
 FC_AMI_CLIENT_ID = CONFIG["FC_AMI_CLIENT_ID"]
 FC_AMI_CLIENT_SECRET = CONFIG["FC_AMI_CLIENT_SECRET"]
 PUBLIC_FC_BASE_URL = CONFIG["PUBLIC_FC_BASE_URL"]
-PUBLIC_FC_PROXY = CONFIG["PUBLIC_FC_PROXY"]
+
+# This should not be set in production:
+# It should be set in the .env.local file for local development
+# and in the Scalingo staging and review apps as an env variable.
+PUBLIC_FC_PROXY = CONFIG.get("PUBLIC_FC_PROXY")
+
 FC_SCOPE = CONFIG["FC_SCOPE"]
 FC_AMI_REDIRECT_URL = PUBLIC_API_URL + "/login-callback"
 FC_TOKEN_ENDPOINT = "/api/v2/token"

From 3bcffe7e86e6d3dcdd0fad7a4947bbc8ed0bfbd9 Mon Sep 17 00:00:00 2001
From: Mathieu Agopian <mathieu@agopian.info>
Date: Thu, 30 Apr 2026 15:58:02 +0200
Subject: [PATCH 3/3] Keep the (empty) PUBLIC_FC_PROXY env variable for the
 frontend

---
 .env | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.env b/.env
index a2230f7ba..53d4708b2 100644
--- a/.env
+++ b/.env
@@ -12,6 +12,9 @@ PUBLIC_MATOMO_URL="https://stats.data.gouv.fr/"
 PUBLIC_MATOMO_CDN_URL="https://stats.data.gouv.fr/"
 PUBLIC_MATOMO_SITE_ID="315"
 
+#### FranceConnect login proxy. This should be empty in production.
+PUBLIC_FC_PROXY=""
+
 #### FranceConnect AMI variables
 FC_AMI_CLIENT_ID="33fe498cc172fe691778912a2967baa650b24f1ae0ebbe47ae552f37b2d25ead"
 FC_AMI_CLIENT_SECRET="fake secret for AMI"