hotfix/bug-server

Author: amandaambrosiov

.github/workflows/ci.yml

@@ -0,0 +1,41 @@
+name: CI - Argus IA
+
+on:
+  push:
+    branches: [ "main", "develop" ]
+  pull_request:
+    branches: [ "main", "develop" ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout do código
+        uses: actions/checkout@v3
+
+      - name: Configurar Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+
+      - name: Instalar dependências
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt || true
+
+      - name: Rodar testes (opcional – se adicionar testes)
+        run: |
+          echo "Nenhum teste configurado por enquanto"
+        continue-on-error: true
+
+      - name: Build Docker
+        uses: docker/setup-buildx-action@v2
+
+      - name: Construir imagem Docker
+        run: |
+          docker build -t argusia .
+
+      - name: Verificar sucesso do build
+        run: |
+          echo "Build do Docker finalizado com sucesso!"

Dockerfile

@@ -1,19 +1,33 @@
-# Use uma imagem oficial do Python
+# Use imagem oficial do Python
 FROM python:3.10-slim
 
-# Defina o diretório de trabalho dentro do container
+# Diretório de trabalho
 WORKDIR /app
 
-# Copie os arquivos de requirements e instale as dependências
+# Configurações
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+
+# Dependências do sistema
+RUN apt-get update && apt-get install -y \
+    gcc \
+    libpq-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copiar requirements
 COPY requirements.txt .
+
 RUN pip install --upgrade pip
 RUN pip install -r requirements.txt
 
-# Copie todo o projeto para dentro do container
+# Copiar projeto
 COPY . .
 
-# Exponha a porta que o Django vai rodar
+# Coletar estáticos
+RUN python manage.py collectstatic --noinput
+
+# Expor porta
 EXPOSE 8000
 
-# Comando para rodar o servidor Django
-CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
+# O Railway vai sobrescrever esse CMD com o startCommand
+CMD ["gunicorn", "argus_ia.wsgi:application", "--bind", "0.0.0.0:8000"]

Procfile

@@ -1 +1 @@
-web: mkdir -p staticfiles && python manage.py collectstatic --noinput && python manage.py migrate --noinput && gunicorn argus_ia.wsgi:application --bind 0.0.0.0:$PORT
+web: python manage.py migrate && gunicorn argus_ia.wsgi:application --bind 0.0.0.0:$PORT

argus_ia/settings.py

@@ -4,14 +4,20 @@
 
 import os
 from pathlib import Path
+import sys
 
 BASE_DIR = Path(__file__).resolve().parent.parent
 
 SECRET_KEY = os.environ.get('SECRET_KEY', 'django-insecure-dev-key-argus-ia-2024')
 
 DEBUG = os.environ.get('DEBUG', 'False').lower() == 'true'
 
-ALLOWED_HOSTS = ['argus-ia.up.railway.app', '.railway.app', 'localhost', '127.0.0.1']
+ALLOWED_HOSTS = [
+    h.strip() for h in os.environ.get(
+        'ALLOWED_HOSTS',
+        'argus-ia.up.railway.app,localhost,127.0.0.1'
+    ).split(',')
+]
 
 INSTALLED_APPS = [
     'django.contrib.admin',
@@ -54,71 +60,83 @@
 
 WSGI_APPLICATION = 'argus_ia.wsgi.application'
 
-# Database Configuration
-# DATABASES
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': BASE_DIR / 'db.sqlite3',
-    }
-}
 
+# ================= DATABASE =====================
 if 'DATABASE_URL' in os.environ:
     import dj_database_url
-    DATABASES['default'] = dj_database_url.config(
-        conn_max_age=600,
-        ssl_require=False
-    )
+    DATABASES = {
+        'default': dj_database_url.config(
+            conn_max_age=600,
+            conn_health_checks=True,
+            ssl_require=False 
+        )
+    }
+else:
+    DATABASES = {
+        'default': {
+            'ENGINE': 'django.db.backends.sqlite3',
+            'NAME': BASE_DIR / 'db.sqlite3',
+        }
+    }
+
 
-# Password validation
+# ================= PASSWORD =====================
 AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
-    },
+    {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
+    {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'},
+    {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'},
+    {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'},
 ]
 
+
+# ================= LOCALE =====================
 LANGUAGE_CODE = 'pt-br'
 TIME_ZONE = 'America/Sao_Paulo'
 USE_I18N = True
 USE_TZ = True
 
-# Static files
+
+# ================= STATIC FILES =====================
 STATIC_URL = '/static/'
 STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
-STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static')]
 
-# Whitenoise configuration
-STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
+if DEBUG:
+    STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static')]
 
-# Corrige o warning do Whitenoise
+STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
 WHITENOISE_ROOT = os.path.join(BASE_DIR, 'staticfiles')
 
+
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
-# Session configuration
+
+# ================= SESSION =====================
 SESSION_ENGINE = 'django.contrib.sessions.backends.db'
-SESSION_COOKIE_AGE = 3600  # 1 hora
+SESSION_COOKIE_AGE = 3600
 SESSION_SAVE_EVERY_REQUEST = True
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False
 
-# CSRF configuration
+
+# ================= CSRF =====================
 CSRF_TRUSTED_ORIGINS = [
     'https://argus-ia.up.railway.app',
-    'https://*.railway.app'
+    'https://*.railway.app',
 ]
 
-# if not DEBUG:
-#     SECURE_SSL_REDIRECT = True
-#     SESSION_COOKIE_SECURE = True
-#     CSRF_COOKIE_SECURE = True
-#     SECURE_BROWSER_XSS_FILTER = True
-#     SECURE_CONTENT_TYPE_NOSNIFF = True
+# Segurança em produção — NÃO aplicar no ambiente local
+if not DEBUG and not ('localhost' in ALLOWED_HOSTS or '127.0.0.1' in ALLOWED_HOSTS):
+    SECURE_SSL_REDIRECT = True
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+    SECURE_BROWSER_XSS_FILTER = True
+    SECURE_CONTENT_TYPE_NOSNIFF = True
+    SECURE_HSTS_SECONDS = 31536000
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+    SECURE_HSTS_PRELOAD = True
+else:
+    # Ambiente local — não usar SSL
+    SECURE_SSL_REDIRECT = False
+    SESSION_COOKIE_SECURE = False
+    CSRF_COOKIE_SECURE = False
+
+PORT = os.environ.get('PORT', 8000)

railway.json

@@ -3,7 +3,7 @@
     "builder": "NIXPACKS"
   },
   "deploy": {
-    "startCommand": "python manage.py migrate --noinput && gunicorn argus_ia.wsgi:application --bind 0.0.0.0:$PORT",
+    "startCommand": "python manage.py migrate && gunicorn argus_ia.wsgi:application --bind 0.0.0.0:$PORT",
     "restartPolicyType": "ON_FAILURE",
     "restartPolicyMaxRetries": 10
   }