Skip to content

Commit

Permalink
MIGRATIONS RESET
Browse files Browse the repository at this point in the history
  • Loading branch information
@saxix
saxix committed Oct 16, 2024
1 parent 5e9be98 commit fba5d92
Show file tree
Hide file tree
Showing 84 changed files with 3,783 additions and 2,610 deletions.
2 changes: 1 addition & 1 deletion .dockerignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
!docker/bin
!docker/conf
!pyproject.toml
!pdm.lock
!uv.lock
!src
!LICENSE
!README.md
269 changes: 156 additions & 113 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,42 +66,8 @@ jobs:
if [[ $force_build == "true" || "${{needs.changes.outputs.run_tests}}" == "true" ]]; then
echo "BUILD=true" >> $GITHUB_ENV
fi
build:
needs: [ changes ]
runs-on: ubuntu-latest
timeout-minutes: 30
defaults:
run:
shell: bash
outputs:
image: ${{ steps.build.outputs.image }}
version: ${{ steps.build.outputs.version }}
created: ${{ steps.build.outputs.created }}
steps:
- name: Checkout code
uses: actions/[email protected]
- id: checksum
uses: ./.github/actions/checksum
- name: Build Image
id: build
uses: ./.github/actions/docker_build
with:
dryrun: ${{ env.ACT || 'false' }}
rebuild: ${{ env.BUILD == 'true'}}
image: ${{ vars.DOCKER_IMAGE }}
target: 'python_dev_deps'
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
code_checksum: ${{ steps.checksum.outputs.checksum }}

test:
name: Run Test Suite
needs: [ changes,build ]
if: (needs.changes.outputs.run_tests == 'true'
|| contains(github.event.head_commit.message, 'ci:test')
|| contains(github.event.head_commit.message, 'ci:all')
|| github.event_name == 'create')
needs: [ changes ]
runs-on: ubuntu-latest
services:
redis:
Expand All @@ -112,30 +78,28 @@ jobs:
POSTGRES_DATABASE: country_workspace
POSTGRES_PASSWORD: postgres
POSTGRES_USERNAME: postgres
ports:
- 5432:5432
# ports:
# - 15432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
DOCKER_DEFAULT_PLATFORM: linux/amd64
DATABASE_URL: postgres://postgres:postgres@localhost:5432/country_workspace

steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run tests
run: |
docker run --rm \
-e DATABASE_URL=postgres://postgres:postgres@localhost:5432/country_workspace \
-e SECRET_KEY=secret_key \
-e CACHE_URL=redis://redis:6379/0 \
-e CELERY_BROKER_URL=redis://redis:6379/0 \
--network host \
-v $PWD:/code/app \
-w /code/app \
-t ${{needs.build.outputs.image}} \
pytest tests -v --create-db -v --maxfail=10
run: |
apt-get update
apt-get install python3-dev
pip install uv
uv venv
uv sync
uv run pytest tests/
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
Expand All @@ -145,68 +109,147 @@ jobs:
token: ${{ secrets.CODECOV_TOKEN }}
verbose: false
name: codecov-${{env.GITHUB_REF_NAME}}

deployable:
if:
contains(fromJSON('["refs/heads/develop", "refs/heads/staging", "refs/heads/master", "refs/heads/release"]'), github.ref)
|| contains(github.event.head_commit.message, 'ci:release')
|| contains(github.event.head_commit.message, 'ci:all')

name: "Build deployable Docker"
needs: [ test ]
runs-on: ubuntu-latest
timeout-minutes: 30
defaults:
run:
shell: bash
outputs:
image: ${{ steps.build.outputs.image }}
version: ${{ steps.build.outputs.version }}
created: ${{ steps.build.outputs.created }}
steps:
- name: Checkout code
uses: actions/[email protected]
- id: checksum
uses: ./.github/actions/checksum
- name: Build
id: build
uses: ./.github/actions/docker_build
with:
dryrun: ${{ env.ACT || 'false' }}
rebuild: ${{ env.BUILD == 'true'}}
image: ${{ vars.DOCKER_IMAGE }}
target: 'dist'
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
code_checksum: ${{ contains(github.event.head_commit.message, 'ci:build') && steps.checksum.outputs.checksum || '' }}
- shell: bash
run: |
echo "${{ toJSON(steps.build.outputs) }}"
trivy:
name: Check Image with Trivy
runs-on: ubuntu-latest
needs: [ deployable ]
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
if: needs.release.outputs.created == 'true'
|| contains(github.event.head_commit.message, 'ci:scan')
|| contains(github.event.head_commit.message, 'ci:all')
|| github.event_name == 'create'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{needs.deployable.outputs.image}}
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
#
# build:
# needs: [ changes ]
# runs-on: ubuntu-latest
# timeout-minutes: 30
# defaults:
# run:
# shell: bash
# outputs:
# image: ${{ steps.build.outputs.image }}
# version: ${{ steps.build.outputs.version }}
# created: ${{ steps.build.outputs.created }}
# steps:
# - name: Checkout code
# uses: actions/[email protected]
# - id: checksum
# uses: ./.github/actions/checksum
# - name: Build Image
# id: build
# uses: ./.github/actions/docker_build
# with:
# dryrun: ${{ env.ACT || 'false' }}
# rebuild: ${{ env.BUILD == 'true'}}
# image: ${{ vars.DOCKER_IMAGE }}
# target: 'python_dev_deps'
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
# code_checksum: ${{ steps.checksum.outputs.checksum }}
#
# test:
# name: Run Test Suite
# needs: [ changes,build ]
# if: (needs.changes.outputs.run_tests == 'true'
# || contains(github.event.head_commit.message, 'ci:test')
# || contains(github.event.head_commit.message, 'ci:all')
# || github.event_name == 'create')
# runs-on: ubuntu-latest
# services:
# redis:
# image: redis
# db:
# image: postgres:14
# env:
# POSTGRES_DATABASE: country_workspace
# POSTGRES_PASSWORD: postgres
# POSTGRES_USERNAME: postgres
# ports:
# - 5432:5432
# options: >-
# --health-cmd pg_isready
# --health-interval 10s
# --health-timeout 5s
# --health-retries 5
# env:
# DOCKER_DEFAULT_PLATFORM: linux/amd64
# steps:
# - name: Checkout code
# uses: actions/checkout@v4
# - name: Run tests
# run: |
# docker run --rm \
# -e DATABASE_URL=postgres://postgres:postgres@localhost:5432/country_workspace \
# -e SECRET_KEY=secret_key \
# -e CACHE_URL=redis://redis:6379/0 \
# -e CELERY_BROKER_URL=redis://redis:6379/0 \
# --network host \
# -v $PWD:/code/app \
# -w /code/app \
# -t ${{needs.build.outputs.image}} \
# pytest tests -v --create-db -v --maxfail=10
# - name: Upload coverage to Codecov
# uses: codecov/codecov-action@v4
# with:
# env_vars: OS,PYTHON
# fail_ci_if_error: true
# files: coverage.xml
# token: ${{ secrets.CODECOV_TOKEN }}
# verbose: false
# name: codecov-${{env.GITHUB_REF_NAME}}
#
# deployable:
# if:
# contains(fromJSON('["refs/heads/develop", "refs/heads/staging", "refs/heads/master", "refs/heads/release"]'), github.ref)
# || contains(github.event.head_commit.message, 'ci:release')
# || contains(github.event.head_commit.message, 'ci:all')
#
# name: "Build deployable Docker"
# needs: [ test ]
# runs-on: ubuntu-latest
# timeout-minutes: 30
# defaults:
# run:
# shell: bash
# outputs:
# image: ${{ steps.build.outputs.image }}
# version: ${{ steps.build.outputs.version }}
# created: ${{ steps.build.outputs.created }}
# steps:
# - name: Checkout code
# uses: actions/[email protected]
# - id: checksum
# uses: ./.github/actions/checksum
# - name: Build
# id: build
# uses: ./.github/actions/docker_build
# with:
# dryrun: ${{ env.ACT || 'false' }}
# rebuild: ${{ env.BUILD == 'true'}}
# image: ${{ vars.DOCKER_IMAGE }}
# target: 'dist'
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
# code_checksum: ${{ contains(github.event.head_commit.message, 'ci:build') && steps.checksum.outputs.checksum || '' }}
# - shell: bash
# run: |
# echo "${{ toJSON(steps.build.outputs) }}"
#
# trivy:
# name: Check Image with Trivy
# runs-on: ubuntu-latest
# needs: [ deployable ]
# permissions:
# contents: read # for actions/checkout to fetch code
# security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
# actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
# if: needs.release.outputs.created == 'true'
# || contains(github.event.head_commit.message, 'ci:scan')
# || contains(github.event.head_commit.message, 'ci:all')
# || github.event_name == 'create'
# steps:
# - name: Checkout code
# uses: actions/checkout@v4
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: ${{needs.deployable.outputs.image}}
# format: 'sarif'
# output: 'trivy-results.sarif'
# severity: 'CRITICAL,HIGH'
#
# - name: Upload Trivy scan results to GitHub Security tab
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: 'trivy-results.sarif'
Empty file added AUTHORS
View file
Empty file.
0 CHANGES → CHANGES.md
View file
File renamed without changes.
10 changes: 10 additions & 0 deletions MANIFEST.in
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
include README.md
include MANIFEST.in
include AUTHORS
include CHANGES.md
include LICENSE


recursive-include src/country_workspace *

prune **/~*
47 changes: 41 additions & 6 deletions docker/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,45 @@
FROM python:3.12-slim-bookworm
COPY uv.lock pyproject.toml
COPY conf /conf
COPY bin /usr/local/bin/
FROM python:3.12-slim-bookworm as python_base

FROM python_base AS builder
RUN set -x \
&& buildDeps="build-essential \
cmake \
curl \
gcc \
git \
libssl-dev \
libxml2-dev \
python3-dev \
zlib1g-dev \
" \
&& apt-get update \
&& apt-get install -y --no-install-recommends $buildDeps \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN pip install uwsgi uv


COPY docker/conf /conf/
COPY docker/bin /usr/local/bin/

WORKDIR /app
COPY . /app/

RUN uv venv \
&& uv sync --no-dev --no-editable --frozen \
&& uv pip install . \
&& ls -al /app/.venv/

FROM python_base


FROM python_base
ENV PATH=/app/.venv/bin:$PATH

COPY docker/conf /conf/
COPY docker/bin /usr/local/bin/
COPY --chown=user:app --from=builder /app/.venv /app/.venv

RUN pip imstall uv \
&& uv sync

EXPOSE 8000
ENTRYPOINT exec docker-entrypoint.sh "$0" "$@"
Expand Down
3 changes: 2 additions & 1 deletion docker/bin/docker-entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ export MEDIA_ROOT="${MEDIA_ROOT:-/var/run/app/media}"
export STATIC_ROOT="${STATIC_ROOT:-/var/run/app/static}"
export UWSGI_PROCESSES="${UWSGI_PROCESSES:-"4"}"
export DJANGO_SETTINGS_MODULE="${DJANGO_SETTINGS_MODULE:-"country_workspace.config.settings"}"
mkdir -p "${MEDIA_ROOT}" "${STATIC_ROOT}" || echo "Cannot create dirs ${MEDIA_ROOT} ${STATIC_ROOT}"

ls -al /app/

case "$1" in
run)
Expand Down
3 changes: 1 addition & 2 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ dependencies = [
"deepdiff>=8.0.1",
"django-admin-extra-buttons>=1.6.0",
"django-adminactions>=2.3.0",
"django-adminfilters>=2.4.3",
"django-adminfilters>=2.5.0",
"django-celery-beat>=2.6.0",
"django-celery-results>=2.5.1",
"django-constance>=3.1.0",
Expand All @@ -41,7 +41,6 @@ dependencies = [
"sentry-sdk>=2.7.1",
"social-auth-app-django",
"unicef-security>=1.5.1",
"uwsgi",
]

[tool.uv]
Expand Down
Loading

0 comments on commit fba5d92

Please sign in to comment.