Compare commits
6 Commits
Author | SHA1 | Date | |
---|---|---|---|
bb5d88229a | |||
7975776398 | |||
9c8f1388ce | |||
4da8562871 | |||
009d9b15e0 | |||
56f5acfff8 |
27
.gitea/workflows/ci.yaml
Normal file
27
.gitea/workflows/ci.yaml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
name: "CI"
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- "release"
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
run-checks:
|
||||||
|
name: "Checks"
|
||||||
|
runs-on: "ubuntu-latest"
|
||||||
|
steps:
|
||||||
|
- uses: "actions/checkout@v4"
|
||||||
|
- uses: "actions/setup-python@v5"
|
||||||
|
with:
|
||||||
|
python-version: "3.10"
|
||||||
|
- uses: "Gr1N/setup-poetry@v8"
|
||||||
|
with:
|
||||||
|
poetry-version: "1.7.1"
|
||||||
|
- name: "Install deps"
|
||||||
|
run: |
|
||||||
|
set -x
|
||||||
|
poetry install
|
||||||
|
- name: "Run CI task"
|
||||||
|
run: |
|
||||||
|
set -x
|
||||||
|
poetry run inv ci
|
|
@ -1,5 +1,14 @@
|
||||||
## Keep It Secret Changelog
|
## Keep It Secret Changelog
|
||||||
|
|
||||||
|
#### v1.2.2 (2024-06-05)
|
||||||
|
|
||||||
|
* TeamCity integration for private builds.
|
||||||
|
|
||||||
|
#### v1.2.1 (2024-05-29)
|
||||||
|
|
||||||
|
* Gitea Actions integration.
|
||||||
|
* `README.md` language fixes.
|
||||||
|
|
||||||
#### v1.2.0 (2024-02-08)
|
#### v1.2.0 (2024-02-08)
|
||||||
|
|
||||||
* Hashicorp Vault integration.
|
* Hashicorp Vault integration.
|
||||||
|
|
88
Dockerfile
Normal file
88
Dockerfile
Normal file
|
@ -0,0 +1,88 @@
|
||||||
|
ARG APP_USER_UID=10001
|
||||||
|
ARG APP_USER_GID=10001
|
||||||
|
ARG IMAGE_TAG=development.000000
|
||||||
|
|
||||||
|
FROM python:3.10.14-slim-bookworm AS base
|
||||||
|
|
||||||
|
ARG APP_USER_UID
|
||||||
|
ARG APP_USER_GID
|
||||||
|
ARG IMAGE_TAG
|
||||||
|
|
||||||
|
ENV PYTHONUNBUFFERED=1 \
|
||||||
|
PYTHONDONTWRITEBYTECODE=1 \
|
||||||
|
PIP_NO_CACHE_DIR=off \
|
||||||
|
PIP_DISABLE_PIP_VERSION_CHECK=on \
|
||||||
|
PIP_DEFAULT_TIMEOUT=100 \
|
||||||
|
PIP_INDEX_URL="https://nexus.bthlabs.pl/repository/pypi/simple/" \
|
||||||
|
POETRY_VERSION=1.7.1 \
|
||||||
|
POETRY_HOME="/srv/poetry" \
|
||||||
|
POETRY_NO_INTERACTION=1 \
|
||||||
|
VIRTUAL_ENV="/srv/venv" \
|
||||||
|
KEEP_IT_SECRET_IMAGE_TAG=${IMAGE_TAG}
|
||||||
|
|
||||||
|
RUN if [ ! $(getent group ${APP_USER_GID}) ];then groupadd -g ${APP_USER_GID} app; fi && \
|
||||||
|
useradd -m -d /home/app -u ${APP_USER_UID} -g ${APP_USER_GID} app && \
|
||||||
|
apt-get update && \
|
||||||
|
apt-get install -y --no-install-recommends wait-for-it dumb-init curl && \
|
||||||
|
(curl -sSL https://install.python-poetry.org | python -) && \
|
||||||
|
python3.10 -m venv ${VIRTUAL_ENV} && \
|
||||||
|
mkdir /srv/app /srv/bin /srv/lib /srv/log /srv/run && \
|
||||||
|
chown -R ${APP_USER_UID}:${APP_USER_GID} /srv
|
||||||
|
|
||||||
|
ENV PATH="${VIRTUAL_ENV}/bin:/srv/bin:/srv/poetry/bin:${PATH}"
|
||||||
|
|
||||||
|
USER app
|
||||||
|
WORKDIR /srv/app
|
||||||
|
|
||||||
|
FROM base AS development
|
||||||
|
|
||||||
|
ARG APP_USER_UID
|
||||||
|
ARG APP_USER_GID
|
||||||
|
ARG IMAGE_TAG
|
||||||
|
|
||||||
|
USER app
|
||||||
|
WORKDIR /srv/app
|
||||||
|
|
||||||
|
FROM development AS deployment-build
|
||||||
|
|
||||||
|
ARG APP_USER_UID
|
||||||
|
ARG APP_USER_GID
|
||||||
|
ARG IMAGE_TAG
|
||||||
|
|
||||||
|
ADD --chown=$APP_USER_UID:$APP_USER_GID . /srv/app
|
||||||
|
RUN poetry install --no-dev
|
||||||
|
|
||||||
|
FROM deployment-build AS ci
|
||||||
|
|
||||||
|
ARG APP_USER_UID
|
||||||
|
ARG APP_USER_GID
|
||||||
|
ARG IMAGE_TAG
|
||||||
|
|
||||||
|
RUN poetry install
|
||||||
|
|
||||||
|
FROM base AS deployment
|
||||||
|
|
||||||
|
ARG APP_USER_UID
|
||||||
|
ARG APP_USER_GID
|
||||||
|
ARG IMAGE_TAG
|
||||||
|
|
||||||
|
COPY --from=deployment-build /srv/app /srv/app
|
||||||
|
COPY --from=deployment-build /srv/venv /srv/venv
|
||||||
|
RUN chown -R $APP_USER_UID:$APP_USER_GID /srv
|
||||||
|
|
||||||
|
USER root
|
||||||
|
|
||||||
|
RUN apt-get clean autoclean && \
|
||||||
|
apt-get autoremove --yes && \
|
||||||
|
rm -rf /var/lib/apt /var/lib/dpkg && \
|
||||||
|
rm -rf /home/app/.cache
|
||||||
|
|
||||||
|
USER app
|
||||||
|
|
||||||
|
ENV PYTHONPATH="/srv/app"
|
||||||
|
ENV DJANGO_SETTINGS_MODULE="settings"
|
||||||
|
|
||||||
|
EXPOSE 8000
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/bin/dumb-init"]
|
||||||
|
CMD ["echo NOOP"]
|
|
@ -65,7 +65,7 @@ to provide secrets suitable for the development environment:
|
||||||
```
|
```
|
||||||
|
|
||||||
The `ProductionSecrets` class uses environment variables and AWS Secrets
|
The `ProductionSecrets` class uses environment variables and AWS Secrets
|
||||||
Manager to provide secrets suitable for the development environment:
|
Manager to provide secrets suitable for the production environment:
|
||||||
|
|
||||||
```
|
```
|
||||||
>>> production_secrets = ProductionSecrets()
|
>>> production_secrets = ProductionSecrets()
|
||||||
|
|
|
@ -11,10 +11,10 @@
|
||||||
project = 'Keep It Secret'
|
project = 'Keep It Secret'
|
||||||
copyright = '2023-present Tomek Wójcik'
|
copyright = '2023-present Tomek Wójcik'
|
||||||
author = 'Tomek Wójcik'
|
author = 'Tomek Wójcik'
|
||||||
version = '1.2.0'
|
version = '1.2.2'
|
||||||
|
|
||||||
# The full version, including alpha/beta/rc tags
|
# The full version, including alpha/beta/rc tags
|
||||||
release = '1.2.0'
|
release = '1.2.2'
|
||||||
|
|
||||||
# -- General configuration ---------------------------------------------------
|
# -- General configuration ---------------------------------------------------
|
||||||
# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
|
# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
|
||||||
|
|
|
@ -6,7 +6,7 @@ from .fields import ( # noqa: F401
|
||||||
)
|
)
|
||||||
from .secrets import Secrets # noqa: F401
|
from .secrets import Secrets # noqa: F401
|
||||||
|
|
||||||
__version__ = '1.2.0'
|
__version__ = '1.2.2'
|
||||||
|
|
||||||
__all__ = [
|
__all__ = [
|
||||||
'AbstractField',
|
'AbstractField',
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[tool.poetry]
|
[tool.poetry]
|
||||||
name = "keep-it-secret"
|
name = "keep-it-secret"
|
||||||
version = "1.2.0"
|
version = "1.2.2"
|
||||||
description = "Keep It Secret by BTHLabs"
|
description = "Keep It Secret by BTHLabs"
|
||||||
authors = ["Tomek Wójcik <contact@bthlabs.pl>"]
|
authors = ["Tomek Wójcik <contact@bthlabs.pl>"]
|
||||||
maintainers = ["BTHLabs <contact@bthlabs.pl>"]
|
maintainers = ["BTHLabs <contact@bthlabs.pl>"]
|
||||||
|
|
|
@ -6,6 +6,7 @@ hang-closing = False
|
||||||
|
|
||||||
[tool:pytest]
|
[tool:pytest]
|
||||||
addopts = --disable-warnings
|
addopts = --disable-warnings
|
||||||
|
junit_suite_name = keep_it_secret
|
||||||
env =
|
env =
|
||||||
KEEP_IT_SECRET_TESTS_SPAM=spam
|
KEEP_IT_SECRET_TESTS_SPAM=spam
|
||||||
AWS_ACCESS_KEY_ID=thisisntright
|
AWS_ACCESS_KEY_ID=thisisntright
|
||||||
|
|
16
tasks.py
16
tasks.py
|
@ -1,5 +1,7 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# type: ignore
|
# type: ignore
|
||||||
|
import os
|
||||||
|
|
||||||
from invoke import task
|
from invoke import task
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -20,13 +22,25 @@ def mypy(ctx, warn=False):
|
||||||
|
|
||||||
@task
|
@task
|
||||||
def tests(ctx, warn=False):
|
def tests(ctx, warn=False):
|
||||||
return ctx.run('pytest -v', warn=warn)
|
pytest_command_line = [
|
||||||
|
'pytest',
|
||||||
|
'-v',
|
||||||
|
]
|
||||||
|
|
||||||
|
if 'KEEP_IT_SECRET_JUNIT_XML_PATH' in os.environ:
|
||||||
|
pytest_command_line.append(
|
||||||
|
f"--junit-xml={os.environ['KEEP_IT_SECRET_JUNIT_XML_PATH']}",
|
||||||
|
)
|
||||||
|
|
||||||
|
return ctx.run(' '.join(pytest_command_line), warn=warn)
|
||||||
|
|
||||||
|
|
||||||
@task
|
@task
|
||||||
def ci(ctx):
|
def ci(ctx):
|
||||||
result = True
|
result = True
|
||||||
|
|
||||||
|
ctx.run('mkdir -p build')
|
||||||
|
|
||||||
if flake8(ctx, warn=True).exited != 0:
|
if flake8(ctx, warn=True).exited != 0:
|
||||||
result = False
|
result = False
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user