initial commit

github-stars/docker/caddy/Caddyfile

@@ -0,0 +1,40 @@
+# See https://caddyserver.com/docs
+
+# Email for Let's Encrypt expiration notices
+{
+  email {$TLS_EMAIL}
+}
+
+# "www" redirect to "non-www" version
+www.{$DOMAIN_NAME} {
+  redir https://{$DOMAIN_NAME}{uri}
+}
+
+{$DOMAIN_NAME} {
+  # HTTPS options:
+  header Strict-Transport-Security max-age=31536000;
+
+  # Removing some headers for improved security:
+  header -Server
+
+  # Exclude matcher for Django assets
+  @excludeDirs {
+    not path /static/* /media/*
+  }
+
+  # Serving dynamic requests:
+  reverse_proxy @excludeDirs web:8000
+
+  # Serves static files, should be the same as `STATIC_ROOT` setting:
+  file_server {
+    root /var/www/django
+  }
+
+   # Allows to use `.gz` files when available:
+  encode gzip
+
+  # Logs:
+  log {
+	  output stdout
+  }
+}

github-stars/docker/ci.sh

@@ -0,0 +1,96 @@
+#!/usr/bin/env sh
+
+set -o errexit
+set -o nounset
+
+# Initializing global variables and functions:
+: "${DJANGO_ENV:=development}"
+
+# Fail CI if `DJANGO_ENV` is not set to `development`:
+if [ "$DJANGO_ENV" != 'development' ]; then
+  echo 'DJANGO_ENV is not set to development. Running tests is not safe.'
+  exit 1
+fi
+
+pyclean () {
+  # Cleaning cache:
+  find . \
+  | grep -E '(__pycache__|\.hypothesis|\.perm|\.cache|\.static|\.py[cod]$)' \
+  | xargs rm -rf
+}
+
+run_ci () {
+  echo '[ci started]'
+  set -x  # we want to print commands during the CI process.
+
+  # Testing filesystem and permissions:
+  touch .perm && rm -f .perm
+  touch '/var/www/django/media/.perm' && rm -f '/var/www/django/media/.perm'
+  touch '/var/www/django/static/.perm' && rm -f '/var/www/django/static/.perm'
+
+  # Checking `.env` files:
+  dotenv-linter config/.env config/.env.template
+
+  # Running linting for all python files in the project:
+  flake8 .
+
+  # Running type checking, see https://github.com/typeddjango/django-stubs
+  mypy manage.py server $(find tests -name '*.py')
+
+  # Running tests:
+  pytest --dead-fixtures
+  pytest
+
+  # Run checks to be sure we follow all django's best practices:
+  python manage.py check --fail-level WARNING
+
+  # Run checks to be sure settings are correct (production flag is required):
+  DJANGO_ENV=production python manage.py check --deploy --fail-level WARNING
+
+  # Check that staticfiles app is working fine:
+  DJANGO_ENV=production DJANGO_COLLECTSTATIC_DRYRUN=1 \
+    python manage.py collectstatic --no-input --dry-run
+
+  # Check that all migrations worked fine:
+  python manage.py makemigrations --dry-run --check
+
+  # Check that all migrations are backwards compatible:
+  python manage.py lintmigrations --exclude-apps=axes --warnings-as-errors
+
+  # Checking if all the dependencies are secure and do not have any
+  # known vulnerabilities:
+  safety check --full-report
+
+  # Checking `pyproject.toml` file contents:
+  poetry check
+
+  # Checking dependencies status:
+  pip check
+
+  # Checking docs:
+  doc8 -q docs
+
+  # Checking `yaml` files:
+  yamllint -d '{"extends": "default", "ignore": ".venv"}' -s .
+
+  # Checking translation files, ignoring ordering and locations:
+  polint -i location,unsorted locale
+
+  # Also checking translation files for syntax errors:
+  if find locale -name '*.po' -print0 | grep -q "."; then
+    # Only executes when there is at least one `.po` file:
+    dennis-cmd lint --errorsonly locale
+  fi
+
+  set +x
+  echo '[ci finished]'
+}
+
+# Remove any cache before the script:
+pyclean
+
+# Clean everything up:
+trap pyclean EXIT INT TERM
+
+# Run the CI process:
+run_ci

github-stars/docker/django/Dockerfile

@@ -0,0 +1,46 @@
+FROM python:3.8.9-slim-buster
+
+ENV BUILD_ONLY_PACKAGES='wget' \
+  # python:
+  PYTHONFAULTHANDLER=1 \
+  PYTHONUNBUFFERED=1 \
+  PYTHONHASHSEED=random \
+  PYTHONDONTWRITEBYTECODE=1 \
+  # pip:
+  PIP_NO_CACHE_DIR=off \
+  PIP_DISABLE_PIP_VERSION_CHECK=on \
+  PIP_DEFAULT_TIMEOUT=100 \
+  # poetry:
+  POETRY_VERSION=1.1.4 \
+  POETRY_NO_INTERACTION=1 \
+  POETRY_VIRTUALENVS_CREATE=false \
+  POETRY_CACHE_DIR='/var/cache/pypoetry' \
+  PATH="$PATH:/root/.poetry/bin"
+
+# System deps:
+RUN apt-get update \
+  && apt-get install --no-install-recommends -y \
+    bash \
+    build-essential \
+    curl \
+    gettext \
+    git \
+    libpq-dev \
+    nano \
+    # Defining build-time-only dependencies:
+    $BUILD_ONLY_PACKAGES \
+  && curl -sSL 'https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py' | python \
+  && poetry --version \
+  # Removing build-time-only dependencies:
+  && apt-get remove -y $BUILD_ONLY_PACKAGES \
+  # Cleaning cache:
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+  && apt-get clean -y && rm -rf /var/lib/apt/lists/* \
+  && rm -rf $POETRY_CACHE_DIR
+
+WORKDIR /code
+
+# Copy only requirements, to cache them in docker layer
+COPY ./poetry.lock ./pyproject.toml /code/
+RUN poetry install
+COPY . /code

github-stars/docker/django/entrypoint.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env sh
+
+set -o errexit
+set -o nounset
+
+readonly cmd="$*"
+
+postgres_ready () {
+  # Check that postgres is up and running on port `5432`:
+  dockerize -wait 'tcp://db:5432' -timeout 5s
+}
+
+# We need this line to make sure that this container is started
+# after the one with postgres:
+until postgres_ready; do
+  >&2 echo 'Postgres is unavailable - sleeping'
+done
+
+# It is also possible to wait for other services as well: redis, elastic, mongo
+>&2 echo 'Postgres is up - continuing...'
+
+# Evaluating passed command (do not touch):
+# shellcheck disable=SC2086
+exec $cmd

github-stars/docker/django/gunicorn.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env sh
+
+set -o errexit
+set -o nounset
+
+# We are using `gunicorn` for production, see:
+# http://docs.gunicorn.org/en/stable/configure.html
+
+# Check that $DJANGO_ENV is set to "production",
+# fail otherwise, since it may break things:
+
+
+echo "DJANGO_ENV is $DJANGO_ENV"
+if [ "$DJANGO_ENV" != 'production' ]; then
+  echo 'Error: DJANGO_ENV is not set to "production".'
+  echo 'Application will not start.'
+  exit 1
+fi
+
+export DJANGO_ENV
+
+
+# Run python specific scripts:
+# Running migrations in startup script might not be the best option, see:
+# docs/pages/template/production-checklist.rst
+python /code/manage.py migrate --noinput
+python /code/manage.py collectstatic --noinput
+python /code/manage.py compilemessages
+
+# Start gunicorn:
+# Docs: http://docs.gunicorn.org/en/stable/settings.html
+# Concerning `workers` setting see:
+# https://github.com/wemake-services/wemake-django-template/issues/1022
+/usr/local/bin/gunicorn server.wsgi \
+  --workers=4 `# Sync worker settings` \
+  --max-requests=2000 \
+  --max-requests-jitter=400 \
+  --bind='0.0.0.0:8000' `# Run Django on 8000 port` \
+  --chdir='/code'       `# Locations` \
+  --log-file=- \
+  --worker-tmp-dir='/dev/shm'

github-stars/docker/docker-compose.prod.yml

@@ -0,0 +1,65 @@
+---
+
+# This compose-file is production only. So, it should not be called directly.
+#
+# Instead, it should be a part of your deploy strategy.
+# This setup is supposed to be used with `docker-swarm`.
+# See `./docs/pages/template/production.rst` docs.
+
+version: "3.6"
+services:
+  caddy:
+    image: "caddy:2.2.1"
+    restart: unless-stopped
+    env_file: ./config/.env
+    volumes:
+      - ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile  # configuration
+      - caddy-config:/config  # configuration autosaves
+      - caddy-data:/data  # saving certificates
+      - django-static:/var/www/django/static  # serving django's statics
+      - django-media:/var/www/django/media  # serving django's media
+    ports:
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - web
+    networks:
+      - proxynet
+
+  web:
+    <<: &web
+      # Image for production:
+      image: "registry.gitlab.com/balsh/github-repos:latest"
+      build:
+        target: production_build
+        args:
+          DJANGO_ENV: production
+
+      restart: unless-stopped
+      volumes:
+        - django-media:/var/www/django/media  # since in dev it is app's folder
+        - django-locale:/code/locale  # since in dev it is app's folder
+
+    command: sh ./docker/django/gunicorn.sh
+    networks:
+      - proxynet
+    expose:
+      - 8000
+
+# This task is an example of how to extend existing ones:
+#   some_wroker:
+#     <<: *web
+#     command: python manage.py worker_process
+#     deploy:
+#       replicas: 2
+
+networks:
+  # Network for your proxy server and application to connect them,
+  # do not use it for anything else!
+  proxynet:
+
+volumes:
+  django-media:
+  django-locale:
+  caddy-config:
+  caddy-data: