Merge branch 'main' into davidfischer/additional-youtube-sandboxing

Author: davidfischer

.env/local.sample

@@ -0,0 +1,8 @@
+# This is a sample of environment variables which are used only to run Docker locally.
+# These are never used in production.
+
+# Use a strong secret in production
+SECRET_KEY="this-is-a-bad-secret"
+
+# In production, we use postgres but for testing a deployment, using SQLite is fine
+DATABASE_URL="sqlite:///db.sqlite3"

.github/workflows/ci.yml

@@ -1,7 +1,12 @@
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
 name: Continuous Integration Checks
 
-# All branches
-on: push
+# All PRs as well as pushes to main
+on:
+  push:
+    branches:
+    - main
+  pull_request:
 
 jobs:
   build:
@@ -13,9 +18,9 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
         with:
-          python-version: "3.7"
+          python-version: "3.10"
 
       - name: Run CI
         run: |
-          pip install "tox<4.0"
+          pip install "tox>=4.0,<5.0"
           tox

.pre-commit-config.yaml

@@ -6,10 +6,10 @@ repos:
     -   id: end-of-file-fixer
     -   id: trailing-whitespace
 -   repo: https://github.com/ambv/black
-    rev: 22.8.0
+    rev: 24.4.2
     hooks:
     - id: black
       # Since the pre-commit runs on a file by file basis rather than a whole project,
       # The excludes in pyproject.toml are ignored
       exclude: migrations
-      language_version: python3.7
+      language_version: python3.10

Dockerfile

@@ -7,10 +7,16 @@ LABEL maintainer="https://github.com/sandiegopython"
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
-
 RUN apt-get update
+RUN apt-get install -y --no-install-recommends curl
+
+# Install Node v20
+# This should be run before apt-get install nodejs
+# https://github.com/nodesource/distributions
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash -
+
 RUN apt-get install -y --no-install-recommends \
-    nodejs npm \
+    nodejs \
     make \
     build-essential \
     g++ \
@@ -22,12 +28,13 @@ WORKDIR /code
 
 COPY . /code/
 
-RUN set -ex && \
+# Cache dependencies when building which should result in faster docker builds
+RUN --mount=type=cache,target=/root/.cache/pip set -ex && \
     pip install --upgrade --no-cache-dir pip && \
-    pip install --no-cache-dir -r /code/requirements.txt && \
-    pip install --no-cache-dir -r /code/requirements/local.txt
+    pip install -r /code/requirements.txt && \
+    pip install -r /code/requirements/local.txt
 
-# Build static assets
+# Build JS/static assets
 RUN npm install
 RUN npm run build
 

README.md

@@ -3,15 +3,14 @@
 This is the repository for the San Diego Python website at [sandiegopython.org](https://sandiegopython.org).
 
 [![AppVeyor](https://ci.appveyor.com/api/projects/status/184l9lc8y7av2fah?svg=true)](https://ci.appveyor.com/project/davidfischer/pythonsd-django)
-[![Requirements Status](https://requires.io/github/sandiegopython/pythonsd-django/requirements.svg?branch=main)](https://requires.io/github/sandiegopython/pythonsd-django/requirements/?branch=main)
 
 
 ## Developing
 
 ### Prerequisites
 
-* Python 3.7+
-* Node (12.x recommended)
+* Python v3.10
+* Node v20
 
 ### Getting started
 
@@ -25,6 +24,7 @@ pre-commit install                     # Setup code standard pre-commit hook
 ./manage.py runserver                  # Starts a local development server at http://localhost:8000
 ```
 
+
 ## Testing
 
 The entire test suite can be run with tox:
@@ -33,10 +33,33 @@ The entire test suite can be run with tox:
 tox
 ```
 
+To test the Dockerfile that is used for deployment,
+you can build the container and run it locally:
+
+```shell
+# Setup your local environment variables used with Docker
+# This only needs to be run once
+cp .env/local.sample .env/local
+
+# Build the docker image for sandiegopython.org
+docker buildx build -t sandiegopython.org .
+
+# Start a development server on http://localhost:8000
+docker run --env-file=".env/local" --publish=8000:8000 sandiegopython.org
+
+# You can start a shell to the container with the following:
+docker run --env-file=".env/local" -it sandiegopython.org /bin/bash
+```
+
+
 ## Deploying
 
 This site is deployed to [Fly.io](https://fly.io/).
-You will need to be a member of the San Diego Python team on Fly to deploy.
+It is deployed automatically when code is merged to the `main` branch
+via GitHub Actions.
+
+
+To deploy manually, you will need to be a member of the San Diego Python team on Fly.
 Once you're a member of the team, you can deploy with:
 
 ```shell

assets/dist/.gitkeep

@@ -0,0 +1,2 @@
+This file silences a dev-only Django warning
+that occurs when the staticfiles directory doesn't exist.

config/context_processors.py

@@ -1,4 +1,5 @@
 """Custom context processors that inject certain settings values into all templates."""
+
 from django.conf import settings
 
 

config/settings/base.py

@@ -7,6 +7,7 @@
 For the full list of settings and their values, see
 https://docs.djangoproject.com/en/3.2/ref/settings/
 """
+
 import json
 import os
 

config/settings/prod.py

@@ -17,7 +17,9 @@
 DEBUG = False
 SECRET_KEY = os.environ["SECRET_KEY"]
 ALLOWED_HOSTS = [
+    "0.0.0.0",
     "127.0.0.1",
+    "localhost",
     "pythonsd.org",
     "www.pythonsd.org",
     "pythonsd.com",
@@ -45,35 +47,37 @@
 # https://docs.djangoproject.com/en/3.2/ref/settings/#caches
 # http://niwinz.github.io/django-redis/
 # --------------------------------------------------------------------------
-CACHES = {
-    "default": {
-        "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": os.environ["REDIS_URL"],
-        "OPTIONS": {
-            "CLIENT_CLASS": "django_redis.client.DefaultClient",
-            "IGNORE_EXCEPTIONS": True,
-        },
+if "REDIS_URL" in os.environ:
+    CACHES = {
+        "default": {
+            "BACKEND": "django_redis.cache.RedisCache",
+            "LOCATION": os.environ["REDIS_URL"],
+            "OPTIONS": {
+                "CLIENT_CLASS": "django_redis.client.DefaultClient",
+                "IGNORE_EXCEPTIONS": True,
+            },
+        }
     }
-}
 
 
 # Security
 # https://docs.djangoproject.com/en/3.2/topics/security/
 # https://devcenter.heroku.com/articles/http-routing#heroku-headers
 # --------------------------------------------------------------------------
-SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
-SECURE_SSL_HOST = os.environ.get("SECURE_SSL_HOST")
-SECURE_SSL_REDIRECT = True
-SESSION_COOKIE_SECURE = True
-SESSION_COOKIE_HTTPONLY = True
-CSRF_COOKIE_SECURE = True
-CSRF_COOKIE_HTTPONLY = True
-SECURE_HSTS_SECONDS = 60 * 60 * 24 * 365
-SECURE_HSTS_INCLUDE_SUBDOMAINS = True
-SECURE_HSTS_PRELOAD = True
-SECURE_CONTENT_TYPE_NOSNIFF = True
-SECURE_BROWSER_XSS_FILTER = True
-X_FRAME_OPTIONS = "DENY"
+if "SECURE_SSL_HOST" in os.environ:
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+    SECURE_SSL_HOST = os.environ.get("SECURE_SSL_HOST")
+    SECURE_SSL_REDIRECT = True
+    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_HTTPONLY = True
+    CSRF_COOKIE_SECURE = True
+    CSRF_COOKIE_HTTPONLY = True
+    SECURE_HSTS_SECONDS = 60 * 60 * 24 * 365
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+    SECURE_HSTS_PRELOAD = True
+    SECURE_CONTENT_TYPE_NOSNIFF = True
+    SECURE_BROWSER_XSS_FILTER = True
+    X_FRAME_OPTIONS = "DENY"
 
 # If set, all requests to other domains redirect to this one
 # https://github.com/dabapps/django-enforce-host

config/settings/test.py

@@ -1,4 +1,5 @@
 """Settings used in testing."""
+
 import warnings
 
 from .dev import *  # noqa