chore: Improve devops (#395)

openfoodfacts · Aug 22, 2024 · e3e2e1d · e3e2e1d
1 parent c01faf4
commit e3e2e1d
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/.env b/.env
@@ -9,7 +9,7 @@ SECRET_KEY=key
 
 DEBUG=True
 
-ALLOWED_HOSTS="localhost,localhost:8000,localhost:5173"
+ALLOWED_HOSTS="localhost,127.0.0.1"
 
 API_PORT=127.0.0.1:8000
 

diff --git a/.github/workflows/container-deploy.yml b/.github/workflows/container-deploy.yml
@@ -3,7 +3,9 @@ name: Container Image Deployment CI
 on:
   push:
     branches:
-      - main
+      # Temporarily use django rewrite branch,
+      # we should switch back to main once the migration to Django is done
+      - raphodn/django-5-rewrite
       - deploy-*
     tags:
       - v*.*.*
@@ -115,8 +117,10 @@ jobs:
           echo "RESTART_POLICY=always" >> .env
           # Set App variables
           echo "API_PORT=8190" >> .env
-          echo 'CORS_ALLOW_ORIGINS=["https://openfoodfacts-explorer.vercel.app", "https://prices.openfoodfacts.net", "https://prices.openfoodfacts.org"]' >> .env
+          echo "DEBUG=False" >> .env
+          echo 'ALLOWED_HOSTS=openfoodfacts-explorer.vercel.app,prices.openfoodfacts.net,prices.openfoodfacts.org' >> .env
           echo "OAUTH2_SERVER_URL=https://world.openfoodfacts.org/cgi/auth.pl" >> .env
+          echo "SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}" >> .env
           echo "SENTRY_DNS=${{ secrets.SENTRY_DSN }}" >> .env
           echo "POSTGRES_EXPOSE=127.0.0.1:5433" >> .env
           echo "POSTGRES_HOST=postgres.open_prices_default" >> .env

diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,7 @@ ARG PYTHON_VERSION=3.11
 
 # base python setup
 # -----------------
-FROM python:$PYTHON_VERSION-slim as python-base
+FROM python:$PYTHON_VERSION-slim AS python-base
 RUN apt-get update && \
     apt-get install --no-install-suggests --no-install-recommends -y curl && \
     apt-get autoremove --purge && \
@@ -23,15 +23,15 @@ ENV PYTHONUNBUFFERED=1 \
 
 # building packages
 # -----------------
-FROM python-base as builder-base
+FROM python-base AS builder-base
 RUN curl -sSL https://install.python-poetry.org | python3 -
 WORKDIR $PYSETUP_PATH
 COPY poetry.lock  pyproject.toml ./
 RUN poetry install --without dev
 
 # This is our final image
 # ------------------------
-FROM python-base as runtime
+FROM python-base AS runtime
 COPY --from=builder-base $VENV_PATH $VENV_PATH
 COPY --from=builder-base $POETRY_HOME $POETRY_HOME
 RUN poetry config virtualenvs.create false
@@ -43,6 +43,7 @@ ARG USER_GID=$USER_UID
 RUN groupadd -g $USER_GID off && \
     useradd -u $USER_UID -g off -m off && \
     mkdir -p /home/off && \
+    mkdir -p /home/off/.cache && \
     mkdir -p /opt/open-prices && \
     mkdir -p /opt/open-prices/data && \
     mkdir -p /opt/open-prices/img && \
@@ -67,7 +68,7 @@ CMD ["gunicorn", "config.wsgi", "--bind", "0.0.0.0:8000", "--workers", "1"]
 
 # building dev packages
 # ----------------------
-FROM builder-base as builder-dev
+FROM builder-base AS builder-dev
 WORKDIR $PYSETUP_PATH
 COPY poetry.lock  pyproject.toml ./
 # full install, with dev packages
@@ -76,7 +77,7 @@ RUN poetry install
 # image with dev tooling
 # ----------------------
 # This image will be used by default, unless a target is specified in docker-compose.yml
-FROM runtime as runtime-dev
+FROM runtime AS runtime-dev
 COPY --from=builder-dev $VENV_PATH $VENV_PATH
 COPY --from=builder-dev $POETRY_HOME $POETRY_HOME
 # Handle possible issue with Docker being too eager after copying files