updates docker and CI

.dockerignore

@@ -1,4 +1,6 @@
 *
+.venv
+.act
 
 !docker/bin
 !docker/conf

compose.yaml

@@ -2,24 +2,44 @@ x-common: &common
   build:
     context: .
     dockerfile: docker/Dockerfile
-    target: builder
+    target: tests
   platform: linux/amd64
+  develop:
+    watch:
+      - action: sync
+        path: .
+        target: /app/
+        ignore:
+          - ./.venv/
+      - action: sync
+        path: ./src/country_workspace
+        target: /app/.venv/lib/python3.12/site-packages/country_workspace
+        ignore:
+          - ./.venv/
+      - action: rebuild
+        path: uv.lock
   environment:
     - DEBUG=true
     - [email protected]
     - ADMIN_PASSWORD=123
+    - ALLOWED_HOSTS=localhost
+    - CSRF_COOKIE_SECURE=False
+    - CSRF_TRUSTED_ORIGINS=http://localhost
+    - AUTHENTICATION_BACKENDS="country_workspace.security.backends.AnyUserAuthBackend"
+    - HOPE_API_TOKEN=${HOPE_API_TOKEN}
     - CACHE_URL=redis://redis:6379/1
     - CELERY_BROKER_URL=redis://redis:6379/9
     - CELERY_TASK_ALWAYS_EAGER=False
     - DATABASE_URL=postgres://hcw:password@db:5432/country_workspace
-    - DJANGO_SETTINGS_MODULE=country_workspace.config.settings
     - MEDIA_ROOT=/var/country_workspace/media
-    - PYTHONPATH=/code/src/:/code/__pypackages__/3.12/lib/
     - SECRET_KEY=sensitive-secret-key
     - STATIC_ROOT=/var/country_workspace/static
-  volumes:
-    - .:/app
-    - /var/run/docker.sock:/var/run/docker.sock
+#  volumes:
+#    - ./src/:/app/src/
+#    - ./tests/:/app/tests/
+#    - ./pyproject.toml:/app/pyproject.toml
+#    - ./uv.lock:/app/uv.lock
+#    - /var/run/docker.sock:/var/run/docker.sock
   restart: always
   depends_on:
     db:
@@ -32,13 +52,16 @@ services:
     <<: *common
     ports:
       - 8000:8000
-    # command: ["tail", "-f", "/dev/null"]
-    command: >
-      bash -c "
-        ./manage.py upgrade  &&
-        ./manage.py demo &&
-        django-admin runserver 0.0.0.0:8000
-      "
+#    stdin_open: true # docker run -i
+#    tty: true        # docker run -t      -
+    command: ["ls", "-al", "/app/"]
+#    command: ["ls", "-al", "/app/.venv/lib/python3.12/site-packages/"]
+#    command: >
+#      bash -c "
+#        django-admin upgrade  &&
+#        django-admin demo &&
+#        django-admin runserver 0.0.0.0:8000
+#      "
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8000/healthcheck"]
       interval: 10s
@@ -53,8 +76,8 @@ services:
       - POSTGRES_DB=country_workspace
     volumes:
       - postgres_data:/var/lib/postgresql/data/
-    ports:
-      - 5432:5432
+#    ports:
+#      - 5432:5432
     restart: always
     healthcheck:
       test: ["CMD", "pg_isready", "-U", "hcw", "-d", "country_workspace"]
@@ -66,8 +89,8 @@ services:
 
   redis:
     image: redis:7.2
-    ports:
-      - 6379:6379
+#    ports:
+#      - 6379:6379
     restart: always
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
@@ -76,22 +99,22 @@ services:
       interval: 5s
       timeout: 4s
       retries: 5
-
-  celery_worker:
-    <<: *common
-    # entrypoint: ["sh", "-c", "exec docker-entrypoint.sh \"$0\" \"$@\""]
-    # command: worker
-    command: >
-      sh -c '
-      gosu user:app celery -A country_workspace.config.celery worker -E --loglevel=INFO --concurrency=4
-      '
-
-  celery-beat:
-    <<: *common
-    command: >
-      sh -c '
-      gosu user:app celery -A country_workspace.config.celery beat --loglevel=INFO --scheduler django_celery_beat.schedulers:DatabaseScheduler
-      '
+#
+#  celery_worker:
+#    <<: *common
+#    # entrypoint: ["sh", "-c", "exec docker-entrypoint.sh \"$0\" \"$@\""]
+#    # command: worker
+#    command: >
+#      sh -c '
+#      gosu user:app celery -A country_workspace.config.celery worker -E --loglevel=INFO --concurrency=4
+#      '
+#
+#  celery-beat:
+#    <<: *common
+#    command: >
+#      sh -c '
+#      gosu user:app celery -A country_workspace.config.celery beat --loglevel=INFO --scheduler django_celery_beat.schedulers:DatabaseScheduler
+#      '
 
 
 volumes:

docker/Dockerfile

@@ -8,8 +8,8 @@ RUN set -x \
     libxml2 \
   " \
   && buildDeps=" \
-  wget \
-  " \
+wget \
+" \
   && apt-get update && apt-get install -y --no-install-recommends ${buildDeps} ${runtimeDeps} \
   && rm -rf /var/lib/apt/lists/* \
   && wget --quiet -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \
@@ -23,77 +23,104 @@ RUN groupadd --gid 1024 app \
 
 # ------- builder -------
 FROM python_base AS builder
-ARG BUILD_DATE
-ARG VERSION
-
 RUN set -x \
     && buildDeps="build-essential \
-        cmake \
-        curl \
-        gcc \
-        git \
-        libssl-dev \
-        libxml2-dev  \
-        python3-dev \
-        zlib1g-dev  \
-    " \
+cmake \
+curl \
+gcc \
+git \
+libssl-dev \
+libxml2-dev  \
+python3-dev \
+zlib1g-dev  \
+" \
     && apt-get update \
     && apt-get install -y --no-install-recommends $buildDeps \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 RUN pip install uv
 
-COPY pyproject.toml uv.lock AUTHORS LICENSE README.md MANIFEST.in /app/
+#COPY AUTHORS LICENSE README.md MANIFEST.in /app/
 
 WORKDIR /app
-RUN uv sync --no-dev --no-editable --frozen --extra distribution
+RUN --mount=type=cache,target=/root/.uv-cache \
+    --mount=type=bind,source=uv.lock,target=/app/uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=/app/pyproject.toml \
+    --mount=type=bind,source=MANIFEST.in,target=/app/MANIFEST.in \
+    --mount=type=bind,source=./src/country_workspace,target=/app/src/country_workspace \
+    uv sync --cache-dir=/root/.uv-cache --no-dev --no-editable --frozen --extra distribution
 
 
 # ------- tests -------
 FROM builder AS tests
+ARG BUILD_DATE
+ARG VERSION
+
 LABEL distro="tests"
 LABEL org.opencontainers.image.created="$BUILD_DATE"
 LABEL org.opencontainers.image.version="$VERSION"
 
 ENV PATH=/app/.venv/bin:/usr/local/bin/:/usr/bin:/bin \
     DJANGO_SETTINGS_MODULE=country_workspace.config.settings \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
     PYTHONPATH=""\
     UWSGI_PROCESSES=4
 WORKDIR /app
-RUN uv sync --no-editable --frozen --extra distribution \
-    && rm -fr build hope_country_workspace.egg-info
-
-# ------- package -------
-FROM builder AS package
+RUN --mount=type=cache,target=/root/.uv-cache \
+    --mount=type=bind,source=uv.lock,target=/app/uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=/app/pyproject.toml \
+    --mount=type=bind,source=MANIFEST.in,target=/app/MANIFEST.in \
+    --mount=type=bind,source=./src/country_workspace,target=/app/src/country_workspace \
+    uv sync --cache-dir=/root/.uv-cache --no-editable --frozen --extra distribution
+
+# ------- production only deps-------
+FROM builder AS production
 ENV PATH=/app/.venv/bin:/usr/local/bin/:/usr/bin:/bin \
     DJANGO_SETTINGS_MODULE=country_workspace.config.settings \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
     PYTHONPATH=""\
     UWSGI_PROCESSES=4
 WORKDIR /app
-COPY src/ /app/src/
-COPY pyproject.toml uv.lock AUTHORS LICENSE README.md MANIFEST.in /app/
-RUN uv sync --no-dev --no-editable --frozen --extra distribution
+#COPY src/ /app/src/
+#COPY pyproject.toml uv.lock AUTHORS LICENSE README.md MANIFEST.in /app/
+#RUN uv sync --no-dev --no-editable --frozen --extra distribution
+#RUN #--mount=type=cache,target=/root/.uv-cache \
+#    --mount=type=bind,source=.,target=/app/ \
+#    uv sync --no-dev --no-editable --frozen --extra distribution \
+
+RUN --mount=type=cache,target=/root/.uv-cache \
+    --mount=type=bind,source=uv.lock,target=/app/uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=/app/pyproject.toml \
+    --mount=type=bind,source=MANIFEST.in,target=/app/MANIFEST.in \
+    --mount=type=bind,source=./src/country_workspace,target=/app/src/country_workspace \
+    uv sync --cache-dir=/root/.uv-cache --no-dev --no-editable --frozen --extra distribution
 
 # ------- dist -------
 FROM python_base AS dist
 ARG BUILD_DATE
 ARG VERSION
-ARG BRANCH
+ARG GIT_SHA
 
 ENV PATH=/app/.venv/bin:/usr/local/bin/:/usr/bin:/bin \
     DJANGO_SETTINGS_MODULE=country_workspace.config.settings \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    STATIC_URL="/static/" \
     PYTHONPATH=""\
     UWSGI_PROCESSES=4
 RUN <<EOF cat> /RELEASE
 {"version": "$VERSION",
- "commit": "$GITHUB_SHA",
+ "commit": "GIT_SHA",
  "date": "$BUILD_DATE",
 }
 EOF
 WORKDIR /app
 COPY docker/conf /conf/
 COPY docker/bin/* /usr/local/bin/
-COPY --chown=user:app --from=package /app/.venv /app/.venv
+COPY AUTHORS LICENSE README.md /
+COPY --chown=user:app --from=production /app/.venv /app/.venv
 
 EXPOSE 8000
 ENTRYPOINT exec docker-entrypoint.sh "$0" "$@"
@@ -104,11 +131,10 @@ LABEL org.opencontainers.image.authors="[email protected]"
 LABEL org.opencontainers.image.description="Hope Country Workspace"
 LABEL org.opencontainers.image.documentation="https://github.com/unicef/hope-country-workspace/"
 LABEL org.opencontainers.image.title="Hope Country Workspace"
-LABEL org.opencontainers.image.licenses="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/blob/${SOURCE_COMMIT:-master}/LICENSE"
-LABEL org.opencontainers.image.revision=$SOURCE_COMMIT
-LABEL org.opencontainers.image.source="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/tree/${SOURCE_COMMIT:-master}/"
+LABEL org.opencontainers.image.licenses="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/blob/${GIT_SHA:-master}/LICENSE"
+LABEL org.opencontainers.image.revision=$GIT_SHA
+LABEL org.opencontainers.image.source="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/tree/${GIT_SHA:-master}/"
 LABEL org.opencontainers.image.url="https://hub.docker.com/repository/docker/unicef/hope-country-workspace/tags/"
 LABEL org.opencontainers.image.vendor="UNICEF"
 LABEL org.opencontainers.image.created="$BUILD_DATE"
 LABEL org.opencontainers.image.version="$VERSION"
-LABEL org.opencontainers.image.branch="$BRANCH"

docker/bin/docker-entrypoint.sh

@@ -6,59 +6,20 @@ export STATIC_ROOT="${STATIC_ROOT:-/var/run/app/static}"
 export UWSGI_PROCESSES="${UWSGI_PROCESSES:-"4"}"
 export DJANGO_SETTINGS_MODULE="${DJANGO_SETTINGS_MODULE:-"country_workspace.config.settings"}"
 
-ls -al /app/
-
 case "$1" in
     run)
-      django-admin check --deploy
-      django-admin upgrade
+      django-admin upgrade --with-check
 	    set -- tini -- "$@"
+	    MAPPING=""
+	    if [ "${STATIC_URL}" = "/static/" ]; then
+	      MAPPING="--static-map ${STATIC_URL}=${STATIC_ROOT}"
+	    fi
 	    uwsgi --http :8000 \
 	          --module country_workspace.config.wsgi \
 	          --uid user \
-	          --gid app
-#  		set -- gosu user:app uwsgi --ini /conf/uwsgi.ini
+	          --gid app \
+	          $MAPPING
 	    ;;
 esac
 
 exec "$@"
-
-#
-#case "$1" in
-#    run)
-#      if [ "$INIT_RUN_CHECK" = "1" ];then
-#        echo "Running Django checks..."
-#        django-admin check --deploy
-#      fi
-#      OPTS="--no-check -v 1"
-#      if [ "$INIT_RUN_UPGRADE" = "1" ];then
-#        if [ "$INIT_RUN_COLLECTSTATIC" != "1" ];then
-#          OPTS="$OPTS --no-static"
-#        fi
-#        if [ "$INIT_RUN_MIGRATATIONS" != "1" ];then
-#          OPTS="$OPTS --no-migrate"
-#        fi
-#        echo "Running 'upgrade $OPTS'"
-#        django-admin upgrade $OPTS
-#      fi
-#      set -- tini -- "$@"
-#      echo "Starting uwsgi..."
-#      exec uwsgi --ini /conf/uwsgi.ini
-#      ;;
-#    worker)
-#      exec celery -A country_workspace.celery worker -E --loglevel=ERROR --concurrency=4
-#      ;;
-#    beat)
-#      exec celery -A country_workspace.celery beat -E --loglevel=ERROR ---scheduler django_celery_beat.schedulers:DatabaseScheduler
-#      ;;
-#    dev)
-#      until pg_isready -h db -p 5432;
-#        do echo "waiting for database"; sleep 2; done;
-#      django-admin collectstatic --no-input
-#      django-admin migrate
-#      django-admin runserver 0.0.0.0:8000
-#      ;;
-#    *)
-#      exec "$@"
-#      ;;
-#esac

docs/src/contributing.md

@@ -45,3 +45,15 @@ Install [uv](https://docs.astral.sh/uv/)
         export AUTHENTICATION_BACKENDS="country_workspace.security.backends.AnyUserAuthBackend"
 
     It works only if `DEBUG=True`
+
+
+
+## Docker compose
+
+Alternatively you can use provided docker compose for development
+
+    docker compose up
+
+Alternatively you can use provided docker compose for development
+
+    docker compose up