fix(mail): address review feedback on PR #3238

- env.js: relax SMTP_SECURE from enum(4-values) to z.string() +
  case-insensitive transform, so any casing from the V1 secret
  (True/TRUE/true) flows through without a Zod validation crash.
- .kontinuous/values.yaml: expand the SMTP-mapping comment to spell
  out the env/envFrom precedence, which is what makes the dev/preprod
  MailDev fallback work when smtp-app is missing.
- smtp-app.sealed-secret.yaml: annotate the file header with a note
  on the V1-legacy MAILER_SEND_EMAILS key — sealed, kept for a no-op
  migration, not consumed by the V2 app.
- transporter.ts: document that the cached transporter is process-
  scoped on purpose (configmap/secret changes roll the pod anyway).

Author: Viczei

.kontinuous/env/prod/templates/smtp-app.sealed-secret.yaml

@@ -1,3 +1,9 @@
+# Inherited as-is from the V1 prod setup (SocialGouv/egapro@master).
+# The MAILER_* keys are remapped to the V2 SMTP_* env var names in
+# .kontinuous/values.yaml. `MAILER_SEND_EMAILS` is a V1 legacy flag —
+# unused by the V2 app (sending is gated by MAIL_ENABLED in the `mail`
+# configmap). Kept in the sealed-secret for a no-op migration; can be
+# dropped once the prod credentials are re-sealed without it.
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:

.kontinuous/values.yaml

@@ -77,11 +77,17 @@ app:
         secretKeyRef:
           name: "{{ .Values.global.pgSecretName }}"
           key: PGSSLMODE
-    # SMTP (Tipimail in preprod/prod). The smtp-app sealed-secret is kept
-    # as-is from the V1 prod setup, with MAILER_* keys. We remap to the
-    # V2 SMTP_* names expected by src/env.js. `optional: true` lets dev
-    # review apps (no smtp-app secret) fall back to the values injected by
-    # the mail configmap (pointing at MailDev).
+    # SMTP (Tipimail in prod, MailDev on dev/preprod). The smtp-app
+    # sealed-secret is kept as-is from the V1 prod setup, with MAILER_*
+    # keys. We remap to the V2 SMTP_* names expected by src/env.js.
+    #
+    # Kubernetes precedence: `env` runs AFTER `envFrom`, so an `env` entry
+    # would normally override a same-named envFrom value. But with
+    # `optional: true` on a missing secret/key, the env entry is silently
+    # dropped and the envFrom value is preserved. That is exactly the
+    # fallback we rely on for dev/preprod review apps (no smtp-app
+    # secret) where SMTP_HOST, SMTP_PORT, etc. come from the `mail`
+    # configmap pointing at the in-cluster MailDev service.
     - name: SMTP_HOST
       valueFrom:
         secretKeyRef:

packages/app/src/env.js

@@ -91,11 +91,11 @@ export const env = createEnv({
 		/**
 		 * `true` → connect with implicit TLS (port 465). `false` (default) keeps
 		 * the plain-socket / STARTTLS upgrade path used by MailDev (1025) and
-		 * Tipimail on 587. Accepts both "True"/"False" so the value inherited
+		 * Tipimail on 587. Case-insensitive so any casing of the value inherited
 		 * from the V1 sealed-secret (MAILER_SMTP_SSL) flows through unchanged.
 		 */
 		SMTP_SECURE: z
-			.enum(["true", "false", "True", "False"])
+			.string()
 			.default("false")
 			.transform((v) => v.toLowerCase() === "true"),
 		MAIL_FROM: z.string().default("no-reply@egapro.local"),

packages/app/src/modules/mail/transporter.ts

@@ -2,6 +2,12 @@ import "server-only";
 import nodemailer, { type Transporter } from "nodemailer";
 import { env } from "~/env.js";
 
+/**
+ * Cached for the lifetime of the Node.js process. Env vars are read once at
+ * first call; changes to SMTP_HOST / SMTP_PORT / auth require a restart of
+ * the pod. That's the expected behaviour on Kubernetes since the Deployment
+ * is recreated when the configmap or secret changes.
+ */
 let cachedTransporter: Transporter | null = null;
 
 export function getTransporter(): Transporter {