Merge pull request #10 from Xpirix/pre-deployment-setup

Pre deployment setup

Author: Xpirix

.flake8

@@ -5,4 +5,4 @@ max-line-length = 79
 # E12x continuation line indentation
 # E251 no spaces around keyword / parameter equals
 # E303 too many blank lines (3)
-ignore = E125,E126,E251,E303,W504,W60,F405,E501
+ignore = E125,E126,E251,E303,W504,W60,F405,E501,E111,E121

README.md

@@ -81,6 +81,13 @@ So as to create your admin account:
 make superuser
 ```
 
+To fix missing dates on releases, run:
+```
+make uwsgi-shell
+python manage.py update-versions-release-date
+# Exit the shell with CTRL+D
+```
+
 **intercom.io**
 
 If you wish to make use of [intercom.io](https://www.intercom.io), include a

deployment/.env.example

@@ -49,16 +49,18 @@ VALID_DOMAIN=["localhost", "changelog.qgis.org", "staging.changelog.qgis.org"]
 
 # Email
 EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'
-EMAIL_HOST=''
-EMAIL_PORT=25
+EMAIL_HOST='smtp.resend.com'
+EMAIL_PORT=465
 EMAIL_USE_TLS=True
-EMAIL_HOST_USER=''
-EMAIL_HOST_PASSWORD=''
-EMAIL_SUBJECT_PREFIX=''
+EMAIL_HOST_USER="resend"  # e.g., no-reply@yourdomain.com
+EMAIL_HOST_PASSWORD="your_resend_api_key"  # Your Resend API key
+EMAIL_SUBJECT_PREFIX='[QGIS Changelog]'
 MAILDOMAIN=''
 SERVER_EMAIL=''
 ADMIN_EMAIL=''
-DEFAULT_FROM_EMAIL=''
+DEFAULT_FROM_EMAIL='no-reply@yourdomain.com'
+# Resend email
+RESEND_EMAIL_API_KEY=''
 
 # Stripe
 STRIPE_LIVE_SECRET_KEY='sk_live_key'
@@ -68,3 +70,9 @@ DJSTRIPE_WEBHOOK_SECRET='whsec_'
 # SENTRY
 SENTRY_DSN=''
 SENTRY_RATE=0.2
+
+# Deployment environment: dev, staging, prod or prod-ssl
+WEB_ENV=prod-ssl
+
+# UWSGI Docker Image
+UWSGI_DOCKER_IMAGE=qgis/qgis-changelog-uwsgi:latest

deployment/docker-compose.override.example.yml

@@ -7,11 +7,6 @@ volumes:
       type: none
       device: ${PWD}/pg/postgres_data
       o: bind
-  db-backups:
-    driver_opts:
-      type: none
-      device: ${PWD}/backups
-      o: bind
   static-data:
     driver_opts:
       type: none
@@ -34,27 +29,30 @@ volumes:
       o: bind
 services:
   uwsgi:
+    image: ${UWSGI_DOCKER_IMAGE}
     build:
       context: ${PWD}/../
       dockerfile: deployment/docker/Dockerfile
       target: prod
     volumes:
       - ../django_project:/home/web/django_project
+      - ${MEDIA_VOLUME}:/home/web/media:rw
       - ./logs:/var/log
 
   web:
     volumes:
       - ./logs:/var/log/nginx
+      - ${MEDIA_VOLUME}:/home/web/media:ro
     ports:
-      - "${HTTP_PORT}:8080"
+      - "${HTTP_PORT}:80"
       - "${HTTPS_PORT}:443"
 
   devweb:
-    image: kartoza/project-uwsgi:dev-latest
     build:
       context: ${PWD}/../
       dockerfile: deployment/docker/Dockerfile
       target: dev
     volumes:
       - ../django_project:/home/web/django_project
+      - ${MEDIA_VOLUME}:/home/web/media:rw
       - ./logs:/var/log

deployment/docker-compose.yml

@@ -14,14 +14,6 @@ volumes:
   reports-data:
   nginx-conf:
 services:
-  # smtp:
-  #   image: catatnight/postfix
-  #   hostname: postfix
-  #   environment:
-  #     # You could change this to something more suitable
-  #     - maildomain=kartoza.com
-  #     - smtp_user=noreply:docker
-  #   restart: unless-stopped
 
   db:
     image: kartoza/postgis:16-3.4
@@ -35,12 +27,17 @@ services:
     restart: unless-stopped
     ports:
       - "7543:5432"
+    networks:
+      internal:
 
   uwsgi: &uwsgi-common
+    image: ${UWSGI_DOCKER_IMAGE}
     build:
       context: ${PWD}/../
       dockerfile: deployment/docker/Dockerfile
       target: prod
+    expose:
+      - "8080"
     environment:
       - DATABASE_NAME=${DATABASE_NAME}
       - DATABASE_USERNAME=${DATABASE_USERNAME}
@@ -71,6 +68,7 @@ services:
       - static-data:/home/web/static:rw
       - media-data:/home/web/media:rw
       - reports-data:/home/web/reports
+      - ./docker/uwsgi.conf:/uwsgi.conf
     command: bash -c "npm install && npm run build && uwsgi --ini /uwsgi.conf"
     links:
       - db:db
@@ -82,6 +80,8 @@ services:
       options:
         max-size: "10m"
         max-file: "10"
+    networks:
+      internal:
 
   dbbackups:
     image: kartoza/pg-backup:16-3.4
@@ -102,14 +102,25 @@ services:
       - POSTGRES_HOST=${DATABASE_HOST}
       - PGDATABASE=${DATABASE_NAME}
     restart: unless-stopped
+    networks:
+      internal:
 
   # This is normally the main entry point for a production server
   web:
     image: nginx
+    entrypoint:
+    - /etc/nginx/sites-available/docker-entrypoint.sh
+    ports:
+    - "80:80"
+    - "443:443"
+    command:
+    - ${WEB_ENV}
     volumes:
-      - nginx-conf:/etc/nginx/conf.d:ro
+      - nginx-conf:/etc/nginx/sites-available/:ro
       - static-data:/home/web/static:ro
       - media-data:/home/web/media:ro
+      - ./webroot:/var/www/webroot
+      - ./certbot-etc:/etc/letsencrypt
     links:
       - uwsgi:uwsgi
     restart: unless-stopped
@@ -118,6 +129,8 @@ services:
       options:
         max-size: "10m"
         max-file: "10"
+    networks:
+      internal:
 
   # This is the entry point for a development server.
   # Run with --no-deps to run attached to the services
@@ -130,6 +143,8 @@ services:
       target: dev
     ports:
       - "62202:8000"
+    networks:
+      internal:
 
   webpack:
     build:
@@ -142,5 +157,21 @@ services:
       - ../django_project:/home/web/django_project
       - static-data:/home/web/static:rw
       - ${MEDIA_VOLUME}:/home/web/media:rw
+    networks:
+      internal:
+
+  certbot:
+    image: certbot/certbot
+    container_name: certbot
+    volumes:
+      - ./webroot:/var/www/webroot
+      - ./certbot-etc:/etc/letsencrypt
+    depends_on:
+      - web
+    command: certonly --webroot --webroot-path=/var/www/webroot --email admin@qgis.org --agree-tos --no-eff-email --force-renewal -d ${VIRTUAL_HOST:-changelog.qgis.org}
+    networks:
+      internal:
 
 
+networks:
+    internal:

deployment/docker/REQUIREMENTS.txt

@@ -57,4 +57,7 @@ pyjwt~=2.8
 # New dependencies
 # Webpack
 django-webpack-loader~=3.1
-sorl-thumbnail~=12.11
+sorl-thumbnail~=12.11
+
+# Resend email
+resend~=2.7

deployment/docker/uwsgi.conf

@@ -7,17 +7,12 @@ module = core.wsgi
 master = true
 pidfile=/tmp/django.pid
 socket = 0.0.0.0:8080
-http-socket = 0.0.0.0:80
 workers = 4
 cheaper = 2
 env = DJANGO_SETTINGS_MODULE=core.settings.prod_docker
 # disabled so we run in the foreground for docker
 #daemonize = /tmp/django.log
 req-logger = file:/var/log/uwsgi-requests.log
 logger = file:/var/log/uwsgi-errors.log
-log
-reload-os-env
-#uid = 1000
-#gid = 1000
 memory-report = true
 harakiri = 100

deployment/sites-enabled/default.conf deployment/sites-enabled/dev.confdeployment/sites-enabled/default.conf renamed to deployment/sites-enabled/dev.conf

@@ -16,7 +16,7 @@ server {
     error_log /var/log/nginx/error.log;
 
     # the port your site will be served on
-    listen      8080;
+    listen      80;
     # the domain name it will serve for
     server_name "";
     charset     utf-8;
@@ -84,5 +84,8 @@ server {
         uwsgi_param  REMOTE_PORT        $remote_port;
         uwsgi_param  SERVER_PORT        $server_port;
         uwsgi_param  SERVER_NAME        $server_name;
+
+        # Redirect changelog, sustaining members and certification to the new location
+        include redirections.conf;
     }
 }

deployment/sites-enabled/docker-entrypoint.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+# Clean up sites-enabled
+echo "Clean sites-enabled"
+rm -rf /etc/nginx/conf.d/*.conf
+mkdir -p /etc/nginx/conf.d
+
+if [ $# -eq 1 ]; then
+	case $1 in
+		# Debug mode, enable dev.conf
+		[Dd][Ee][Vv])
+			echo "Run in debug mode"
+			CONF_FILE=dev.conf
+			ln -s /etc/nginx/sites-available/$CONF_FILE /etc/nginx/conf.d/$CONF_FILE
+			ln -s /etc/nginx/sites-available/redirections.conf /etc/nginx/redirections.conf
+			exec nginx -g "daemon off;"
+			;;
+		# Production mode, run using uwsgi
+		[Pp][Rr][Oo][Dd])
+			echo "Run in prod mode"
+			CONF_FILE=prod.conf
+			ln -s /etc/nginx/sites-available/$CONF_FILE /etc/nginx/conf.d/$CONF_FILE
+			ln -s /etc/nginx/sites-available/redirections.conf /etc/nginx/redirections.conf
+			exec nginx -g "daemon off;"
+			;;
+		# Production SSL mode, run using uwsgi
+		[Pp][Rr][Oo][Dd][-][Ss][Ss][Ll])
+			echo "Run in prod SSL mode"
+			CONF_FILE=prod-ssl.conf
+			ln -s /etc/nginx/sites-available/$CONF_FILE /etc/nginx/conf.d/$CONF_FILE
+			ln -s /etc/nginx/sites-available/redirections.conf /etc/nginx/redirections.conf
+			exec nginx -g "daemon off;"
+			;;
+		# Staging SSL mode, run using uwsgi
+		[Ss][Tt][Aa][Gg][Ii][Nn][Gg])
+			echo "Run in staging SSL mode"
+			CONF_FILE=staging.conf
+			ln -s /etc/nginx/sites-available/$CONF_FILE /etc/nginx/conf.d/$CONF_FILE
+			ln -s /etc/nginx/sites-available/redirections.conf /etc/nginx/redirections.conf
+			exec nginx -g "daemon off;"
+			;;
+	esac
+fi
+
+# Run as bash entrypoint
+exec "$@"