Skip to content

Harden configuration, persistence workflows, and operational docs#1

Open
Gonza10V wants to merge 2 commits into
AI_devfrom
codex/take-over-repository-development
Open

Harden configuration, persistence workflows, and operational docs#1
Gonza10V wants to merge 2 commits into
AI_devfrom
codex/take-over-repository-development

Conversation

@Gonza10V

Copy link
Copy Markdown

Motivation

  • Remove dangerous, development-only defaults (hardcoded secret key, permissive hosts/CORS, repo-checked DB credentials) and establish environment-driven configuration with fail-fast checks for non-development runs.
  • Improve durability and operational hygiene so a single local DB failure does not destroy production data by documenting and scripting backup/restore and prescribing managed Postgres as the production target.
  • Make local Docker Compose a safe developer workflow while clearly separating dev vs production expectations.
  • Provide minimal CI and runtime health checks to catch regressions early and make it easier for a new maintainer to run the system.

Description

  • Centralized and hardened backend config by replacing baked-in secrets and settings with environment-driven loaders and helpers in flapjack_api/flapjack_api/settings.py, including env(), env_bool(), env_list() helpers, JWT lifetime settings, structured logging, and fail-fast behavior for required settings in non-development environments.
  • Added operational endpoints and scripts: a public health endpoint at /api/healthz/ (flapjack_api/registry/health.py) and local orchestration scripts for migrations, backups and restores (scripts/migrate.sh, scripts/backup_db.sh, scripts/restore_db.sh).
  • Updated Docker Compose to use env-file loading, persistent named volumes for Postgres/Redis, improved healthchecks and startup ordering, and removed embedded DB credentials from compose (docker-compose.yml).
  • Added examples and hygiene: root and component .env.example files, frontend .env examples, a .gitignore entry to avoid committing real envs/backups, and allowed frontend env examples to be tracked; added a small health test (flapjack_api/registry/tests_health.py).
  • Introduced repository-level changes to docs and governance: canonical ARCHITECTURE.md, updates to README.md, PRODUCT.md, and ADR-001.md to reflect the secure persistence recommendation and the implemented baseline; added a GitHub Actions CI workflow to run backend checks and frontend build (.github/workflows/ci.yml).

Testing

  • python -m compileall flapjack_api flapjack_frontend/src ran successfully (byte-compile smoke).
  • python flapjack_api/manage.py check could not be executed to completion in this environment due to missing runtime dependencies (Django not installed), so full Django checks were not verified locally.
  • docker compose config / compose bring-up could not be executed in this environment due to the docker binary being unavailable, but Compose file includes healthchecks and is covered by the added CI which runs python manage.py check and makemigrations --check --dry-run in GitHub Actions.

Codex Task

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3ff6750333

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

CORS_ALLOWED_ORIGINS = env_list("DJANGO_CORS_ALLOWED_ORIGINS", default="")
else:
CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOWED_ORIGINS = env_list("DJANGO_CORS_ALLOWED_ORIGINS", default="")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Use a CORS setting supported by pinned middleware

In the non-debug path this assigns CORS_ALLOWED_ORIGINS, but the repository still uses django-cors-headers==3.2.1, whose documented allowlist setting is CORS_ORIGIN_WHITELIST. When DEBUG=false, CORS_ORIGIN_ALLOW_ALL is forced off here, so configured frontend origins will be ignored and cross-origin browser requests will fail without CORS headers.

Useful? React with 👍 / 👎.

Comment thread docker-compose.yml
redis:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "python manage.py check --deploy --fail-level WARNING || exit 1"]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Make API healthcheck pass in default dev configuration

This healthcheck runs python manage.py check --deploy --fail-level WARNING, but the new default .env.example keeps DJANGO_DEBUG=true. Django deployment checks emit warnings in that mode, and --fail-level WARNING converts them to a failing exit code, so the flapjack_api container will stay unhealthy in normal local development even when the app is actually serving requests.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant