Ready to deploy via docker

2025-11-28 17:36:54 +09:00 · 2025-11-28 17:36:54 +09:00 · 21475448d2
commit 21475448d2
parent 2c21cca5a7
4 changed files with 44 additions and 8 deletions
--- a/innovedus_cms/.dockerignore
+++ b/innovedus_cms/.dockerignore
@ -1,3 +1,8 @@
 fly.toml
 .git/
+.venv
+__pycache__/
+*.pyc
 *.sqlite3
+media/
+*.log
--- a/innovedus_cms/Dockerfile
+++ b/innovedus_cms/Dockerfile
@ -2,20 +2,29 @@ ARG PYTHON_VERSION=3.13-slim

 FROM python:${PYTHON_VERSION}

-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONUNBUFFERED 1
-
-RUN mkdir -p /code
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PIP_NO_CACHE_DIR=on \
+    DJANGO_SETTINGS_MODULE=mysite.settings.production

 WORKDIR /code

+# Create an unprivileged user to run the app
+RUN adduser --disabled-password --gecos '' app
+
 COPY requirements.txt /tmp/requirements.txt
 RUN set -ex && \
    pip install --upgrade pip && \
    pip install -r /tmp/requirements.txt && \
    rm -rf /root/.cache/
+
 COPY . /code
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /entrypoint.sh && chown -R app:app /code
+USER app

 EXPOSE 8000

+ENTRYPOINT ["/entrypoint.sh"]
 CMD ["gunicorn","--bind",":8000","--workers","2","mysite.wsgi"]
--- a/innovedus_cms/entrypoint.sh
+++ b/innovedus_cms/entrypoint.sh
@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -e
+
+# Run pending migrations and collect static assets before starting the app
+python manage.py migrate --noinput
+python manage.py collectstatic --noinput
+
+exec "$@"
--- a/innovedus_cms/mysite/settings/base.py
+++ b/innovedus_cms/mysite/settings/base.py
@ -16,6 +16,15 @@ import os
 PROJECT_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 BASE_DIR = os.path.dirname(PROJECT_DIR)

+def env_list(name, default):
+    """
+    Return a list from a comma-separated env var; fall back to provided default list.
+    """
+    value = os.environ.get(name)
+    if value:
+        return [item.strip() for item in value.split(",") if item.strip()]
+    return default
+

 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/
@ -191,6 +200,9 @@ STORAGES = {
    },
 }

+# Avoid overwriting user uploads when using S3 storage unless explicitly enabled via env
+AWS_S3_FILE_OVERWRITE = os.environ.get("AWS_S3_FILE_OVERWRITE", "False").lower() == "true"
+
 # Django sets a maximum of 1000 fields per form by default, but particularly complex page models
 # can exceed this limit within Wagtail's page editor.
 DATA_UPLOAD_MAX_NUMBER_FIELDS = 10_000
@ -218,8 +230,10 @@ WAGTAILADMIN_BASE_URL = "http://example.com"
 # see https://docs.wagtail.org/en/stable/advanced_topics/deploying.html#user-uploaded-files
 WAGTAILDOCS_EXTENSIONS = ['csv', 'docx', 'key', 'odt', 'pdf', 'pptx', 'rtf', 'txt', 'xlsx', 'zip']

-CSRF_TRUSTED_ORIGINS = [
-    'https://innovedus-cms.fly.dev',
-]
+CSRF_TRUSTED_ORIGINS = env_list(
+    "CSRF_TRUSTED_ORIGINS"
+)

-ALLOWED_HOSTS = ['innovedus-cms.fly.dev']
+ALLOWED_HOSTS = env_list(
+    "ALLOWED_HOSTS"
+)