Harden configuration, persistence workflows, and operational docs#1
Harden configuration, persistence workflows, and operational docs#1Gonza10V wants to merge 2 commits into
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3ff6750333
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| CORS_ALLOWED_ORIGINS = env_list("DJANGO_CORS_ALLOWED_ORIGINS", default="") | ||
| else: | ||
| CORS_ORIGIN_ALLOW_ALL = False | ||
| CORS_ALLOWED_ORIGINS = env_list("DJANGO_CORS_ALLOWED_ORIGINS", default="") |
There was a problem hiding this comment.
Use a CORS setting supported by pinned middleware
In the non-debug path this assigns CORS_ALLOWED_ORIGINS, but the repository still uses django-cors-headers==3.2.1, whose documented allowlist setting is CORS_ORIGIN_WHITELIST. When DEBUG=false, CORS_ORIGIN_ALLOW_ALL is forced off here, so configured frontend origins will be ignored and cross-origin browser requests will fail without CORS headers.
Useful? React with 👍 / 👎.
| redis: | ||
| condition: service_healthy | ||
| healthcheck: | ||
| test: ["CMD-SHELL", "python manage.py check --deploy --fail-level WARNING || exit 1"] |
There was a problem hiding this comment.
Make API healthcheck pass in default dev configuration
This healthcheck runs python manage.py check --deploy --fail-level WARNING, but the new default .env.example keeps DJANGO_DEBUG=true. Django deployment checks emit warnings in that mode, and --fail-level WARNING converts them to a failing exit code, so the flapjack_api container will stay unhealthy in normal local development even when the app is actually serving requests.
Useful? React with 👍 / 👎.
Motivation
Description
flapjack_api/flapjack_api/settings.py, includingenv(),env_bool(),env_list()helpers, JWT lifetime settings, structured logging, and fail-fast behavior for required settings in non-development environments./api/healthz/(flapjack_api/registry/health.py) and local orchestration scripts for migrations, backups and restores (scripts/migrate.sh,scripts/backup_db.sh,scripts/restore_db.sh).docker-compose.yml)..env.examplefiles, frontend.envexamples, a.gitignoreentry to avoid committing real envs/backups, and allowed frontend env examples to be tracked; added a small health test (flapjack_api/registry/tests_health.py).ARCHITECTURE.md, updates toREADME.md,PRODUCT.md, andADR-001.mdto reflect the secure persistence recommendation and the implemented baseline; added a GitHub Actions CI workflow to run backend checks and frontend build (.github/workflows/ci.yml).Testing
python -m compileall flapjack_api flapjack_frontend/srcran successfully (byte-compile smoke).python flapjack_api/manage.py checkcould not be executed to completion in this environment due to missing runtime dependencies (Django not installed), so full Django checks were not verified locally.docker compose config/ compose bring-up could not be executed in this environment due to thedockerbinary being unavailable, but Compose file includes healthchecks and is covered by the added CI which runspython manage.py checkandmakemigrations --check --dry-runin GitHub Actions.Codex Task