From 21475448d20d5cfaa2dc503cd564bcbbe3275cfa Mon Sep 17 00:00:00 2001 From: Warren Chen Date: Fri, 28 Nov 2025 17:36:54 +0900 Subject: [PATCH] Ready to deploy via docker --- innovedus_cms/.dockerignore | 5 +++++ innovedus_cms/Dockerfile | 17 +++++++++++++---- innovedus_cms/entrypoint.sh | 8 ++++++++ innovedus_cms/mysite/settings/base.py | 22 ++++++++++++++++++---- 4 files changed, 44 insertions(+), 8 deletions(-) create mode 100644 innovedus_cms/entrypoint.sh diff --git a/innovedus_cms/.dockerignore b/innovedus_cms/.dockerignore index b7c39d7..63b9dde 100644 --- a/innovedus_cms/.dockerignore +++ b/innovedus_cms/.dockerignore @@ -1,3 +1,8 @@ fly.toml .git/ +.venv +__pycache__/ +*.pyc *.sqlite3 +media/ +*.log diff --git a/innovedus_cms/Dockerfile b/innovedus_cms/Dockerfile index 3c36327..755d6ea 100644 --- a/innovedus_cms/Dockerfile +++ b/innovedus_cms/Dockerfile @@ -2,20 +2,29 @@ ARG PYTHON_VERSION=3.13-slim FROM python:${PYTHON_VERSION} -ENV PYTHONDONTWRITEBYTECODE 1 -ENV PYTHONUNBUFFERED 1 - -RUN mkdir -p /code +ENV PYTHONDONTWRITEBYTECODE=1 \ + PYTHONUNBUFFERED=1 \ + PIP_NO_CACHE_DIR=on \ + DJANGO_SETTINGS_MODULE=mysite.settings.production WORKDIR /code +# Create an unprivileged user to run the app +RUN adduser --disabled-password --gecos '' app + COPY requirements.txt /tmp/requirements.txt RUN set -ex && \ pip install --upgrade pip && \ pip install -r /tmp/requirements.txt && \ rm -rf /root/.cache/ + COPY . /code +COPY entrypoint.sh /entrypoint.sh + +RUN chmod +x /entrypoint.sh && chown -R app:app /code +USER app EXPOSE 8000 +ENTRYPOINT ["/entrypoint.sh"] CMD ["gunicorn","--bind",":8000","--workers","2","mysite.wsgi"] diff --git a/innovedus_cms/entrypoint.sh b/innovedus_cms/entrypoint.sh new file mode 100644 index 0000000..0e3d21d --- /dev/null +++ b/innovedus_cms/entrypoint.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -e + +# Run pending migrations and collect static assets before starting the app +python manage.py migrate --noinput +python manage.py collectstatic --noinput + +exec "$@" diff --git a/innovedus_cms/mysite/settings/base.py b/innovedus_cms/mysite/settings/base.py index a281a37..4995035 100644 --- a/innovedus_cms/mysite/settings/base.py +++ b/innovedus_cms/mysite/settings/base.py @@ -16,6 +16,15 @@ import os PROJECT_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) BASE_DIR = os.path.dirname(PROJECT_DIR) +def env_list(name, default): + """ + Return a list from a comma-separated env var; fall back to provided default list. + """ + value = os.environ.get(name) + if value: + return [item.strip() for item in value.split(",") if item.strip()] + return default + # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/ @@ -191,6 +200,9 @@ STORAGES = { }, } +# Avoid overwriting user uploads when using S3 storage unless explicitly enabled via env +AWS_S3_FILE_OVERWRITE = os.environ.get("AWS_S3_FILE_OVERWRITE", "False").lower() == "true" + # Django sets a maximum of 1000 fields per form by default, but particularly complex page models # can exceed this limit within Wagtail's page editor. DATA_UPLOAD_MAX_NUMBER_FIELDS = 10_000 @@ -218,8 +230,10 @@ WAGTAILADMIN_BASE_URL = "http://example.com" # see https://docs.wagtail.org/en/stable/advanced_topics/deploying.html#user-uploaded-files WAGTAILDOCS_EXTENSIONS = ['csv', 'docx', 'key', 'odt', 'pdf', 'pptx', 'rtf', 'txt', 'xlsx', 'zip'] -CSRF_TRUSTED_ORIGINS = [ - 'https://innovedus-cms.fly.dev', -] +CSRF_TRUSTED_ORIGINS = env_list( + "CSRF_TRUSTED_ORIGINS" +) -ALLOWED_HOSTS = ['innovedus-cms.fly.dev'] +ALLOWED_HOSTS = env_list( + "ALLOWED_HOSTS" +)