From 0085bb29437d2ab4efcb07934b7954c30fa09763 Mon Sep 17 00:00:00 2001 From: Walter Date: Wed, 19 Feb 2025 21:34:01 +0100 Subject: [PATCH] More progress for production, omg --- .env.example | 4 ++-- app/Dockerfile | 51 +++++++++++++++++++++++++++++++++++----- app/settings/settings.py | 4 ++-- docker-compose.yml | 4 +++- 4 files changed, 52 insertions(+), 11 deletions(-) diff --git a/.env.example b/.env.example index 7b8f814..efab9a9 100644 --- a/.env.example +++ b/.env.example @@ -1,6 +1,6 @@ -DEBUG=1 -SECRET_KEY=password123 DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1] vf bloons.walter.lol +DJANGO_SECRET_KEY=password123 +DJANGO_DEBUG=1 SQL_ENGINE=django.db.backends.postgresql SQL_DATABASE=bloonsworld SQL_USER=bloonsworld diff --git a/app/Dockerfile b/app/Dockerfile index cac0681..ca6615c 100644 --- a/app/Dockerfile +++ b/app/Dockerfile @@ -1,12 +1,51 @@ -FROM python:3.12.2-alpine3.21 +FROM python:3.12.2-slim-buster as builder + +WORKDIR /usr/src/app ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 \ PIP_NO_CACHE_DIR=1 -WORKDIR app -COPY requirements.txt . -RUN pip install -r requirements.txt && \ - pip install gunicorn +RUN apt-get update && \ + apt-get install -y --no-install-recommends gcc -COPY . . \ No newline at end of file +RUN pip install --upgrade pip +RUN pip install flake8==6.0.0 +COPY . /usr/src/app/ +RUN flake8 --ignore=E501,F401 . + +COPY ./requirements.txt . +RUN pip wheel --no-cache-dir --no-deps --wheel-dir /usr/src/app/wheels -r requirements.txt + + +FROM python:3.12.2-alpine3.21 + +ENV PYTHONDONTWRITEBYTECODE=1 \ + PYTHONUNBUFFERED=1 \ + PIP_NO_CACHE_DIR=1 \ + HOME=/home/app \ + APP_HOME=/home/app/web + +RUN mkdir -p $HOME && \ + mkdir $APP_HOME && \ + addgroup --system app && \ + adduser --system --group app + +WORKDIR $APP_HOME + +RUN apt-get update && \ + apt-get install -y --no-install-recommends netcat +COPY --from=builder /usr/src/app/wheels /wheels +COPY --from=builder /usr/src/app/requirements.txt . +RUN pip install --upgrade pip && \ + pip install --no-cache /wheels/* + +COPY . $APP_HOME +RUN sed -i 's/\r$//g' $APP_HOME/entrypoint.sh && \ + chmod +x $APP_HOME/entrypoint.sh + +RUN chown -R app:app $APP_HOME + +USER app + +ENTRYPOINT ["/home/app/web/entrypoint.sh"] diff --git a/app/settings/settings.py b/app/settings/settings.py index 9760b66..fc45300 100644 --- a/app/settings/settings.py +++ b/app/settings/settings.py @@ -23,13 +23,13 @@ BASE_DIR = Path(__file__).resolve().parent.parent # See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/ # SECURITY WARNING: don't run with debug turned on in production! -DEBUG = bool(os.environ.get("DEBUG", default=1)) +DEBUG = bool(os.environ.get("DJANGO_DEBUG", default=0)) or platform == "win32" def load_insecure_key(): print("Warning: Insecure SECRET_KEY loaded") return 'django-insecure-)e!wy4)=xinnd!d(iuw6*-tf^-)ptiwnttwf+9ql%*jy63wtd8' -SECRET_KEY = os.environ.get("SECRET_KEY") or load_insecure_key() +SECRET_KEY = os.environ.get("DJANGO_SECRET_KEY") or load_insecure_key() ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS").split(" ") or "*" diff --git a/docker-compose.yml b/docker-compose.yml index 6d7f533..ffb8af8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,7 +25,9 @@ services: volumes: - postgres_data:/var/lib/postgresql/data/ environment: - - "POSTGRES_HOST_AUTH_METHOD=trust" + - POSTGRES_USER=$SQL_USER + - POSTGRES_PASSWORD=$SQL_PASSWORD + - POSTGRES_DB=$SQL_DATABASE networks: - bloonsworld restart: unless-stopped