initial commit

Author: haron

.github/workflows/deploy.yml

@@ -0,0 +1,39 @@
+name: Deploy
+
+on:
+  push:
+    branches: [master]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-24.04
+    container:
+      image: alpine/ansible:2.18.1
+      options: --cap-add=NET_ADMIN --device=/dev/net/tun
+    env:
+      ANSIBLE_HOST_KEY_CHECKING: "False"
+      ANSIBLE_PRIVATE_KEY_FILE: ~/.ssh/id_ed25519
+      UV_LINK_MODE: copy
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - run: apk add make coreutils curl sudo tar
+
+      - uses: astral-sh/setup-uv@v5
+        with:
+          enable-cache: true
+
+      - uses: tailscale/github-action@v3
+        with:
+          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
+          tags: tag:ci
+
+      - name: Deploy
+        uses: dawidd6/action-ansible-playbook@v3
+        with:
+          playbook: deploy.yml
+          inventory: {{ cookiecutter.deploy_host }}
+          key: ${{ secrets.DEPLOY_SSH_KEY }}

.gitignore

@@ -0,0 +1,31 @@
+.aider*
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+dist/
+build/
+*.egg-info/
+
+# Virtual environments
+.venv/
+venv/
+env/
+ENV/
+
+# Testing
+.coverage
+htmlcov/
+.pytest_cache/
+
+# IDE specific files
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# OS specific files
+.DS_Store

.rsync-filter

@@ -0,0 +1,22 @@
+- /.*
+- /*.yml
+- /*.sqlite*
+- __pycache__
+- /ansible*
+- /hosts
+- /etc
+- /tmp
+- /files
+- /images
+- *.sw*
+- *.git*
+- *.bak
+- *.sqlite*
+- *.pyc
+- *.test
+- .env*
+- *env-*
+- .DS_Store
+- /localpy
+- local_settings.py
+- Makefile

Makefile

@@ -0,0 +1,49 @@
+.DEFAULT_GOAL := deploy
+SHELL := /usr/bin/env -S bash -O globstar # makes work globs like **/*.py
+HOST ?= {{ cookiecutter.deploy_host }}
+PROJECT ?= {{ cookiecutter.project_name }}
+ENV ?= prod
+SLUG := $(PROJECT)-$(ENV)
+PREFIX := /var/www/$(SLUG)
+USER := {{ cookiecutter.deploy_user }}
+ANSIBLE := ansible-playbook deploy.yml -i $(HOST), -e project=$(PROJECT) -u $(USER)
+SSH := ssh -t $(USER)@$(HOST)
+
+deploy: linter
+	uv sync
+	$(ANSIBLE) --skip-tags=full
+
+init: clean githooks
+	uv venv -q
+	uv sync
+
+clean:
+	rm -rf .venv db.sqlite3 __pycache__
+
+githooks:
+	git config --local core.hooksPath .githooks
+
+linter:
+	python -m py_compile **/*.py
+	uvx isort -q **/*.py
+	uvx ruff format -q --line-length 140 **/*.py
+	uvx ruff check -q --ignore F401 **/*.py
+
+safety:
+	uv tool run safety scan -o bare
+
+full-deploy:
+	uv sync
+	$(ANSIBLE)
+
+logs:
+	ssh -t $(HOST) less +GF /var/log/supervisor/$(SLUG).log
+
+migrate:
+	./manage.py makemigrations db
+	$(SSH) rm -rf $(PREFIX)/db/migrations
+	make deploy
+	$(SSH) uv run --directory $(PREFIX) manage.py migrate
+
+restart:
+	$(ANSIBLE) --tags restart

ansible.cfg

@@ -0,0 +1,10 @@
+[defaults]
+retry_files_enabled = False
+deprecation_warnings = False
+command_warnings = False
+remote_user = deploy
+interpreter_python = auto_legacy_silent
+
+[ssh_connection]
+pipelining = True
+ssh_args = -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

cookiecutter.json

@@ -0,0 +1,9 @@
+{
+  "project_name": "My Project",
+  "project_slug": "{{ cookiecutter.project_name.lower().replace(' ', '_').replace('-', '_') }}",
+  "description": "A Python project created with cookiecutter",
+  "author_name": "Your Name",
+  "author_email": "your.email@example.com",
+  "deploy_host": "my.host",
+  "deploy_user": "deploy"
+}

deploy.yml

@@ -0,0 +1,53 @@
+#!/usr/bin/env ansible-playbook
+---
+- name: deploy bot
+  hosts: all
+  strategy: free
+  gather_facts: false
+  vars:
+    env: prod
+    slug: "{{ project }}-{{ env }}"
+    prefix: /var/www/{{ slug }}
+    user: deploy
+    group: "{{ user }}"
+  tasks:
+    - name: remove existing virtualenv
+      file: path="{{ prefix }}/.venv" state=absent
+      tags: full
+
+    - name: upload directory {{ playbook_dir }} to {{ prefix }}
+      synchronize: src="{{ playbook_dir }}/" dest={{ prefix }}
+
+    - name: cleanup UV cache
+      command: uv cache clean
+      args:
+        chdir: "{{ prefix }}"
+      tags: full
+
+    - name: create virtualenv
+      shell: uv venv -q
+      args:
+        chdir: "{{ prefix }}"
+      tags: full
+
+    - name: install dependencies
+      shell: uv sync --frozen || uv sync --frozen --refresh
+      args:
+        chdir: "{{ prefix }}"
+
+    - name: check if env-{{ env }} file exists locally
+      local_action: stat path=env-{{ env }}
+      register: env_file
+
+    - name: copy secrets
+      copy: src=env-{{ env }} dest={{ prefix }}/.env owner={{ user }} group={{ group }} mode=0400
+      when: env_file.stat.exists
+      ignore_errors: true
+
+    - name: install supervisor config
+      file: state=link src={{ prefix }}/supervisor.conf dest=/etc/supervisor/conf.d/{{ slug }}.conf
+      tags: full
+
+    - name: restart process
+      supervisorctl: name="{{ slug }}" state=restarted
+      tags: restart

pyproject.toml

@@ -0,0 +1,16 @@
+[project]
+name = "{{ cookiecutter.project_name }}"
+version = "0.1.0"
+description = "{{ cookiecutter.description }}"
+authors = [
+  { name="{{ cookiecutter.author_name }}", email="{{ cookiecutter.author_email }}" },
+]
+requires-python = ">=3.13"
+dependencies = [
+    "sentry-sdk",
+    "django",
+    "django-extensions",
+    "dj-database-url",
+    "python-decouple",
+    "psycopg",
+]

supervisor.conf

@@ -0,0 +1,8 @@
+[program:{{ cookiecutter.project_name }}]
+directory=/var/www/%(program_name)s
+command=uv --directory /var/www/%(program_name)s run -q bot.py
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+user=deploy
+autostart=true
+autorestart=true