diff --git a/.env_sample b/.env_sample index 6bd01cfbd..d02097600 100644 --- a/.env_sample +++ b/.env_sample @@ -1,5 +1,3 @@ -SECRET_KEY=change-this-secret - # For local setup and debug DEBUG=True diff --git a/docker-compose.yml b/docker-compose.yml index 46c1783de..68f6ac899 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,7 +26,11 @@ services: context: . dockerfile: packaging/container/Containerfile # NOTE: We use watchmedo to reload gunicorn nicely, Uvicorn + Gunicorn reloads don't work well - command: ["python manage.py migrate --no-input && python manage.py collectstatic --no-input && cd /app/src && watchmedo auto-restart -p '*.py' --recursive -- python3 ./gunicorn_run.py"] + command: + - bash + - -c + - "cd /app/src && watchmedo auto-restart -p '*.py' --recursive -- python3 ./gunicorn_run.py" + environment: - DATABASE_URL=postgres://${DB_USERNAME}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME} env_file: .env @@ -241,4 +245,4 @@ services: logging: options: max-size: "20m" - max-file: "5" + max-file: "5" \ No newline at end of file diff --git a/packaging/container/Containerfile b/packaging/container/Containerfile index 448a6ed17..1da86dbc2 100644 --- a/packaging/container/Containerfile +++ b/packaging/container/Containerfile @@ -15,6 +15,8 @@ COPY uv.lock ./ # Install dependencies RUN uv sync --all-extras --frozen - WORKDIR /app -ENTRYPOINT ["/bin/bash", "-c"] +# Copier l'entrypoint +COPY packaging/container/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] diff --git a/packaging/container/entrypoint.sh b/packaging/container/entrypoint.sh new file mode 100644 index 000000000..a1ad98c9f --- /dev/null +++ b/packaging/container/entrypoint.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +set -euo pipefail + +ENV_FILE=/app/.env +TMP_FILE="${ENV_FILE}.tmp" + +# read existing DJANGO_SECRET_KEY from .env (raw value after =) +existing="" +if [ -f "$ENV_FILE" ]; then + existing=$(grep -E '^DJANGO_SECRET_KEY=' "$ENV_FILE" | tail -n1 | sed -E 's/^DJANGO_SECRET_KEY=//') +fi + +# if variable is already provided by environment, persist it if absent from .env +if [ -n "${DJANGO_SECRET_KEY:-}" ]; then + KEY="$DJANGO_SECRET_KEY" + if [ -z "$existing" ]; then + esc=$(printf '%s' "$KEY" | sed "s/'/'\\\\''/g") + if [ -f "$ENV_FILE" ]; then + grep -v -E '^DJANGO_SECRET_KEY=' "$ENV_FILE" > "$TMP_FILE" || true + else + : > "$TMP_FILE" + fi + printf "DJANGO_SECRET_KEY='%s'\n" "$esc" >> "$TMP_FILE" + mv "$TMP_FILE" "$ENV_FILE" + fi + export DJANGO_SECRET_KEY="$KEY" +else + if [ -n "$existing" ]; then + # remove surrounding quotes if present + KEY=$(printf '%s' "$existing" | sed -E "s/^'(.*)'$/\1/; s/^\"(.*)\"$/\1/") + export DJANGO_SECRET_KEY="$KEY" + else + # generate, persist and export + KEY=$(python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())") + esc=$(printf '%s' "$KEY" | sed "s/'/'\\\\''/g") + if [ -f "$ENV_FILE" ]; then + grep -v -E '^DJANGO_SECRET_KEY=' "$ENV_FILE" > "$TMP_FILE" || true + else + : > "$TMP_FILE" + fi + printf "DJANGO_SECRET_KEY='%s'\n" "$esc" >> "$TMP_FILE" + mv "$TMP_FILE" "$ENV_FILE" + export DJANGO_SECRET_KEY="$KEY" + fi +fi + +exec "$@" diff --git a/src/settings/base.py b/src/settings/base.py index ed5b978d7..8e4f0639e 100644 --- a/src/settings/base.py +++ b/src/settings/base.py @@ -5,7 +5,7 @@ from celery import signals import dj_database_url from .logs_loguru import configure_logging - +from django.core.management.utils import get_random_secret_key BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # Also add ../../apps to python path @@ -119,7 +119,10 @@ USE_I18N = True USE_L10N = True USE_TZ = True -SECRET_KEY = os.environ.get("SECRET_KEY", '(*0&74%ihg0ui+400+@%2pe92_c)x@w2m%6s(jhs^)dc$&&g93') + +### SECRET KEY ### +SECRET_KEY = os.environ.get("DJANGO_SECRET_KEY", get_random_secret_key()) + LOGIN_REDIRECT_URL = '/' LOGOUT_REDIRECT_URL = '/'