some follow-on stuff after merging stephanie's pr

hjwp · hjwp · commit a94e44d23500 · 2024-08-01T18:17:05.000+01:00
diff --git a/chapter_10_production_readiness.asciidoc b/chapter_10_production_readiness.asciidoc
@@ -212,9 +212,8 @@ Believe it or not, this pun didn't actually hit me until I was rewriting this ch
 For 10 years it was right under my nose. I think that makes it funnier actually.]
 files from Python.
 
-First we install whitenoise into our local environment:
+First we install Whitenoise into our local environment:
 
-[source,python]
 ----
 pip install whitenoise
 ----
@@ -262,10 +261,6 @@ $ *docker build -t superlists . && docker run \
 And if you take another manual look at your site, things should look much healthier.
 Let's rerun our FTs to confirm:
 
-// DAVID: Incidentally as per your suggestion Harry I have just been skipping
-// the requirements.txt and instead just amending the pip install in the Dockerfile.
-// If we do that, however, we'll need to make sure readers rebuild the image each time
-// we add a requirement - such as at this point.
 
 [role="small-code"]
 [subs="specialcharacters,macros"]
@@ -443,14 +438,6 @@ TIP: Forgetting the `-r` and running `pip install requirements.txt`
     It's a mistake I still make, _all the time_.
 
 
-// CSANAD:  It's fine for now, but I would definitely put the requirements under
-//          /tmp and then `rm` it after `pip install`. Also, using a non-privileged
-// user is important, something like:
-//     `adduser --no-create-home --disabled-password todoapp`
-// and then setting the user in the Dockerfile with `USER todoapp`.
-// But we can cover this in a later chapter (the next one looks like a good fit,
-// since it's related to the app being production ready).
-// TODO yep let's definitely do this.
 
 Let's build & run: 
 
@@ -773,6 +760,7 @@ $ *docker build -t superlists . && docker run \
   -it superlists*
 ----
 
+and...
 
 [role="small-code"]
 [subs="specialcharacters,macros"]
@@ -801,24 +789,28 @@ $ *git status*
 $ *git commit -am "Add collectstatic to dockerfile, and new location to gitignore"*
 ----
 
-// CSANAD: now would be a good time to check our changes and notice git marked
-//         src/static as unstaged, so we should update .gitignore accordingly:
-// from `static` to `src/static`.
-// Or we could add this step to Chapter 09 at "Move all our code into a src
-// folder"
 
 
 === Switching to a nonroot user
 
-TODO: WIP, this is definitely a good idea for security, needs writing up.
+// CSANAD:  It's fine for now, but I would definitely put the requirements under
+//          /tmp and then `rm` it after `pip install`. Also, using a non-privileged
+// user is important, something like:
+//     `adduser --no-create-home --disabled-password todoapp`
+// and then setting the user in the Dockerfile with `USER todoapp`.
+// But we can cover this in a later chapter (the next one looks like a good fit,
+// since it's related to the app being production ready).
+// TODO yep let's definitely do this.
+
+TODO: apologies, WIP, this is definitely a good idea for security, needs writing up.
 
 Dockerfile should gain some lines a bit like this:
 
 .Dockerfile (ch10l0XX)
 ====
 [source,dockerfile]
 ----
-RUN addgroup --system nonroot && adduser --system --group nonroot
+RUN addgroup --system nonroot && adduser --system --no-create-home --disabled-password --group nonroot
 
 USER nonroot
 ----
@@ -899,7 +891,8 @@ but sometimes you just wanna say "just print stuff to stdout pls",
 and you wish that configuring the simplest thing was a little easier.].
 
 Here's pretty much the simplest possible logging config
-which just prints everything to the console (i.e. standard out). I've added this code to the very end of the settings.py file. 
+which just prints everything to the console (i.e. standard out).
+I've added this code to the very end of the settings.py file. 
 
 
 [role="sourcecode"]
