diff --git a/.env_sample b/.env_sample index 6bd01cfbd..d02097600 100644 --- a/.env_sample +++ b/.env_sample @@ -1,5 +1,3 @@ -SECRET_KEY=change-this-secret - # For local setup and debug DEBUG=True diff --git a/docker-compose.yml b/docker-compose.yml index de8bfe42e..867cfb8e3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,7 +28,11 @@ services: dockerfile: packaging/container/Containerfile image: django_site-worker # NOTE: We use watchmedo to reload gunicorn nicely, Uvicorn + Gunicorn reloads don't work well - command: ["python manage.py migrate --no-input && python manage.py collectstatic --no-input && cd /app/src && watchmedo auto-restart -p '*.py' --recursive -- python3 ./gunicorn_run.py"] + command: + - bash + - -c + - "cd /app/src && watchmedo auto-restart -p '*.py' --recursive -- python3 ./gunicorn_run.py" + environment: - DATABASE_URL=postgres://${DB_USERNAME}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME} env_file: .env @@ -248,4 +252,4 @@ services: logging: options: max-size: "20m" - max-file: "5" + max-file: "5" \ No newline at end of file diff --git a/packaging/container/Containerfile b/packaging/container/Containerfile index 9e1ca00bb..cdb958128 100644 --- a/packaging/container/Containerfile +++ b/packaging/container/Containerfile @@ -15,6 +15,8 @@ COPY pyproject.toml uv.lock ./ # Install dependencies RUN uv sync --all-extras --frozen - WORKDIR /app -ENTRYPOINT ["/bin/bash", "-c"] +# Copier l'entrypoint +COPY packaging/container/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] diff --git a/packaging/container/entrypoint.sh b/packaging/container/entrypoint.sh new file mode 100644 index 000000000..389a04412 --- /dev/null +++ b/packaging/container/entrypoint.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash +set -euo pipefail + +ENV_FILE=/.env + +existing="" +if [ -f "$ENV_FILE" ]; then + existing=$(grep -E '^SECRET_KEY=' "$ENV_FILE" | tail -n1 | sed -E 's/^SECRET_KEY=//') +fi + +if [ -n "${SECRET_KEY:-}" ]; then + KEY="$SECRET_KEY" + if [ -z "$existing" ]; then + esc=$(printf '%s' "$KEY" | sed "s/'/'\\\\''/g") + if [ -f "$ENV_FILE" ]; then + TMP=$(mktemp) + grep -v -E '^SECRET_KEY=' "$ENV_FILE" > "$TMP" || true + else + TMP=$(mktemp) + : > "$TMP" + fi + printf "SECRET_KEY='%s'\n" "$esc" >> "$TMP" + mv "$TMP" "$ENV_FILE" + fi + export SECRET_KEY="$KEY" +else + if [ -n "$existing" ]; then + KEY=$(printf '%s' "$existing" | sed -E "s/^'(.*)'$/\1/; s/^\"(.*)\"$/\1/") + export SECRET_KEY="$KEY" + else + KEY=$(python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())") + esc=$(printf '%s' "$KEY" | sed "s/'/'\\\\''/g") + if [ -f "$ENV_FILE" ]; then + TMP=$(mktemp) + grep -v -E '^SECRET_KEY=' "$ENV_FILE" > "$TMP" || true + else + TMP=$(mktemp) + : > "$TMP" + fi + printf "SECRET_KEY='%s'\n" "$esc" >> "$TMP" + mv "$TMP" "$ENV_FILE" + export SECRET_KEY="$KEY" + fi +fi + +exec "$@" diff --git a/src/settings/base.py b/src/settings/base.py index 127b17eb8..b44e8d73e 100644 --- a/src/settings/base.py +++ b/src/settings/base.py @@ -6,7 +6,6 @@ import dj_database_url from .logs_loguru import configure_logging - BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # Also add ../../apps to python path sys.path.insert(0, os.path.join(BASE_DIR, 'apps')) @@ -125,7 +124,10 @@ USE_I18N = True USE_L10N = True USE_TZ = True -SECRET_KEY = os.environ.get("SECRET_KEY", '(*0&74%ihg0ui+400+@%2pe92_c)x@w2m%6s(jhs^)dc$&&g93') + +# SECRET KEY +SECRET_KEY = os.environ["SECRET_KEY"] + LOGIN_REDIRECT_URL = '/' LOGOUT_REDIRECT_URL = '/'