basedosdados
diff --git a/‎.dockerignore‎
Lines changed: 1 addition & 0 deletions b/‎.dockerignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.editorconfig‎
Lines changed: 10 additions & 0 deletions b/‎.editorconfig‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.env.example‎
Lines changed: 17 additions & 15 deletions b/‎.env.example‎
Lines changed: 17 additions & 15 deletions
diff --git a/‎.flake8‎
Lines changed: 1 addition & 1 deletion b/‎.flake8‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/cd-prod.yaml‎
Lines changed: 96 additions & 0 deletions b/‎.github/workflows/cd-prod.yaml‎
Lines changed: 96 additions & 0 deletions
diff --git a/‎.github/workflows/cd-staging.yaml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/cd-staging.yaml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/lint.yaml‎
Lines changed: 33 additions & 0 deletions b/‎.github/workflows/lint.yaml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎.github/workflows/release-docker.yaml‎
Lines changed: 22 additions & 5 deletions b/‎.github/workflows/release-docker.yaml‎
Lines changed: 22 additions & 5 deletions
diff --git a/‎.gitignore‎
Lines changed: 13 additions & 0 deletions b/‎.gitignore‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 27 additions & 62 deletions b/‎Dockerfile‎
Lines changed: 27 additions & 62 deletions
@@ -244,3 +244,4 @@ fabric.properties
 Dockerfile
 Makefile
 README.md
+*sqlite3
@@ -0,0 +1,10 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+end_of_line = lf
+max_line_length = off
@@ -1,15 +1,17 @@
-# bdd_app
-export API_HOST=0.0.0.0
-export API_PORT=8080
-export VAULT_ADDRESS=
-export VAULT_TOKEN=
-# bdd_postgres
-export POSTGRES_USER=postgres
-export POSTGRES_PASSWORD=postgres
-export POSTGRES_DB=api
-export POSTGRES_PORT=5432
-# bdd_pg_admin
-export PGADMIN_LISTEN_ADDRESS=0.0.0.0
-export PGADMIN_LISTEN_PORT=5050
-export PGADMIN_DEFAULT_EMAIL=postgres@postgres.com
-export PGADMIN_DEFAULT_PASSWORD=postgres
+# Mail notifications
+ADMINS="Gabriel Milan,gabriel.gazola@poli.ufrj.br;Guilherme Peres,contact@gperes.dev"
+EMAIL_HOST_USER="notifications@gmail.com"
+EMAIL_HOST_PASSWORD="password"
+# Django configurations
+DJANGO_SECRET_KEY="some-secret"
+DJANGO_SETTINGS_MODULE="basedosdados_api.settings.dev"
+# Django database
+DB_HOST="database"
+DB_PORT="5432"
+DB_NAME="postgres"
+DB_USER="postgres"
+DB_PASSWORD="postgres"
+# Postgres database
+POSTGRES_USER="postgres"
+POSTGRES_PASSWORD="postgres"
+POSTGRES_DB="postgres"
@@ -3,4 +3,4 @@ exclude =
     .git,
     __pycache__,
     .venv
-max-line-length = 100
+max-line-length = 120
@@ -0,0 +1,96 @@
+name: Deployment - Production
+
+on:
+  workflow_run:
+    workflows: ["Docker - Release image"]
+    branches:
+      - main
+    types:
+      - completed
+  workflow_dispatch:
+
+jobs:
+  deploy-prod:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    environment:
+      name: production
+      url: https://api.basedosdados.org
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: production
+
+      - name: Import secrets from Vault
+        id: import_secrets
+        uses: hashicorp/vault-action@v2.4.1
+        with:
+          url: https://vault.basedosdados.org
+          token: ${{ secrets.VAULT_TOKEN }}
+          secrets: |
+            secret/data/gcp_credentials/basedosdados-dev GCP_PROJECT_ID   | GCP_PROJECT_ID ;
+            secret/data/gcp_credentials/basedosdados-dev GH_ACTIONS_SA    | GCP_SA ;
+            secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_NAME | GKE_CLUSTER_NAME ;
+            secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_ZONE | GKE_CLUSTER_ZONE ;
+
+      - name: Setup Google Cloud CLI
+        uses: google-github-actions/setup-gcloud@v0.2.1
+        with:
+          service_account_key: ${{ steps.import_secrets.outputs.GCP_SA }}
+          project_id: ${{ steps.import_secrets.outputs.GCP_PROJECT_ID }}
+          export_default_credentials: true
+
+      - name: Get GKE credentials
+        uses: google-github-actions/get-gke-credentials@v0.2.1
+        with:
+          cluster_name: ${{ steps.import_secrets.outputs.GKE_CLUSTER_NAME }}
+          location: ${{ steps.import_secrets.outputs.GKE_CLUSTER_ZONE }}
+          credentials: ${{ steps.import_secrets.outputs.GCP_SA }}
+
+      - name: Write values.yaml file
+        run: |
+          cat << EOF > values.yaml
+          api:
+            name: "api-prod"
+            image:
+              name: "ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}"
+              tag: "stable"
+              pullPolicy: "Always"
+            replicas: 1
+            resources:
+              limits:
+                cpu: 2000m
+                memory: 2048Mi
+              requests:
+                cpu: 1000m
+                memory: 1024Mi
+            env: []
+            envFrom:
+              - secretRef:
+                  name: api-prod-secrets
+            settingsModule: "basedosdados_api.settings.prod"
+          database:
+            host: "cloud-sql-proxy"
+            port: 5432
+            name: "api"
+            user: "api"
+            passwordSecret: "api-prod-database-password"
+          ingress:
+            enabled: true
+            host: "api.basedosdados.org"
+            annotations:
+              kubernetes.io/ingress.class: nginx
+              nginx.ingress.kubernetes.io/rewrite-target: /
+              cert-manager.io/issuer: "letsencrypt-production"
+              nginx.ingress.kubernetes.io/ssl-redirect: "true"
+            tls:
+              - hosts:
+                  - api.basedosdados.org
+                secretName: api-basedosdados-org-tls
+          EOF
+
+      - name: Deploy using Helm
+        run: |
+          helm upgrade --install api-prod charts/basedosdados-api/. -n website -f values.yaml --wait
@@ -32,7 +32,7 @@ jobs:
             secret/data/github_actions_deployment_secrets  GKE_CLUSTER      | GKE_CLUSTER ;
             secret/data/github_actions_deployment_secrets  GKE_ZONE         | GKE_ZONE ;
 
-      - name: Setup Google Cloud CLI
+- name: Setup Google Cloud CLI
         uses: google-github-actions/setup-gcloud@v0.2.1
         with:
           service_account_key: ${{ steps.import_secrets.outputs.GCP_SA_KEY }}
@@ -117,7 +117,7 @@ jobs:
             secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_NAME | GKE_CLUSTER_NAME ;
             secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_ZONE | GKE_CLUSTER_ZONE ;
 
-      - name: Setup Google Cloud CLI
+- name: Setup Google Cloud CLI
         uses: google-github-actions/setup-gcloud@v0.2.1
         with:
           service_account_key: ${{ steps.import_secrets.outputs.GCP_SA }}
@@ -173,6 +173,6 @@ jobs:
                 secretName: staging-api-basedosdados-org-tls
           EOF
 
-      - name: Deploy using Helm
+- name: Deploy using Helm
         run: |
           helm upgrade --install api-staging charts/basedosdados-api/. -n website -f values.yaml --wait
@@ -0,0 +1,33 @@
+name: CI - Lint
+
+on:
+  push:
+
+jobs:
+  lint:
+    name: ${{ matrix.os }}${{ matrix.arch }} - Python ${{ matrix.python-version }} - lint
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        arch: [x64]
+        python-version: ["3.10.x"]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+          architecture: ${{ matrix.arch }}
+
+      - name: Set up Poetry and upgrade pip
+        run: |
+          pip install -U pip poetry
+      - name: Install this package
+        run: |
+          poetry install
+      - name: Run tests
+        run: |
+          poetry run lint
@@ -4,20 +4,22 @@ on:
   push:
     branches:
       - main
-    paths:
-      - ".github/workflows/release-docker.yaml"
-      - "app/**/*"
-      - "Dockerfile"
+      - staging
   pull_request:
     branches:
       - main
+      - staging
     paths:
       - ".github/workflows/release-docker.yaml"
       - "app/**/*"
       - "Dockerfile"
+  pull_request_review:
+    types:
+      - submitted
 
 jobs:
   release-docker:
+    name: Docker - Release image
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -45,9 +47,24 @@ jobs:
           build-args: |
             BUILDKIT_INLINE_CACHE=1
 
+      - name: Build and push staging tagged image
+        uses: docker/build-push-action@v2
+        if: github.event_name == 'push' && github.ref == 'refs/heads/staging' # If it's a push to staging, build and push with the staging tag
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:staging
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+          build-args: |
+            BUILDKIT_INLINE_CACHE=1
+
       - name: Build and push stable tagged image
         uses: docker/build-push-action@v2
-        if: github.event_name == 'push' # If it's a push to main, build and push with the stable tag
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main' # If it's a push to main, build and push with the stable tag
         with:
           context: .
           file: ./Dockerfile
 
@@ -1,4 +1,9 @@
 # Byte-compiled / optimized / DLL files
+
+credentials.json
+utils/migration/data/*
+**/data/*
+
 __pycache__/
 *.py[cod]
 *$py.class
@@ -236,3 +241,11 @@ fabric.properties
 
 # Android studio 3.1+ serialized cache file
 .idea/caches/build_file_checksums.ser
+
+*sqlite3
+
+.vscode/
+.DS_Store
+/basedosdados_api/media/
+/basedosdados_api/notebooks/
+/basedosdados_api/staticfiles/
@@ -1,48 +1,27 @@
 # Build arguments
-ARG PYTHON_VERSION=3.9
+ARG PYTHON_VERSION=3.10-slim
 
-# Start from the official Python base image on version: 3.9
-# First stage, build the application with the dependencies that
-# managed by Poetry.
-FROM python:${PYTHON_VERSION} as requirements-stage
-
-# Set python virtual environment
-ENV VIRTUAL_ENV=/opt/venv
-RUN python -m venv $VIRTUAL_ENV
-ENV PATH="$VIRTUAL_ENV/bin:$PATH"
-
-# Set /tmp as the current working directory. Here's where we will
-# generate the file requirements.txt.
-WORKDIR /tmp
-
-# Update pip and install Poetry in this Docker stage.
-RUN pip install --upgrade pip && \
-    pip install poetry
-
-# Copy the pyproject.toml and poetry.lock files to the /tmp directory.
-# Because it uses ./poetry.lock* (ending with a *), it won't crash if
-# that file is not available yet.
-ADD ./pyproject.toml ./poetry.lock* /tmp/
-
-# Generate the requirements.txt file.
-RUN poetry export -f requirements.txt --output requirements.txt --without-hashes
-
-# This is the final stage, anything here will be preserved in the final
-# container image.
 FROM python:${PYTHON_VERSION}
 
-# Create the app user
-RUN addgroup --system app && adduser --no-create-home --system --group app
-
-# Set python virtual environment
-ENV VIRTUAL_ENV=/opt/venv
-RUN python -m venv $VIRTUAL_ENV
-ENV PATH="$VIRTUAL_ENV/bin:$PATH"
-
-# Set the current working directory to /code. This is where
-# we'll put the code for our application.
-WORKDIR /code
-
+# Install virtualenv and create a virtual environment
+RUN pip install --no-cache-dir -U virtualenv>=20.13.1 && virtualenv /env --python=python3.10
+ENV PATH /env/bin:$PATH
+
+# Install pip requirements
+WORKDIR /app
+COPY . .
+RUN /env/bin/pip install --no-cache-dir . && \
+    rm nginx.conf
+
+# Install nginx and copy configuration
+RUN apt-get update && apt-get install -y --no-install-recommends nginx curl \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm /etc/nginx/sites-enabled/default \
+    && mkdir -p /var/log/django \
+    && touch /var/log/django/basedosdados_api.log \
+    && chown www-data:www-data /var/log/django/basedosdados_api.log
+COPY nginx.conf /etc/nginx/nginx.conf
 # https://docs.python.org/3/using/cmdline.html#envvar-PYTHONDONTWRITEBYTECODE
 # Prevents Python from writing .pyc files to disc
 ENV PYTHONDONTWRITEBYTECODE 1
@@ -52,25 +31,11 @@ ENV PYTHONDONTWRITEBYTECODE 1
 # in real time. Equivalent to python -u: https://docs.python.org/3/using/cmdline.html#cmdoption-u
 ENV PYTHONUNBUFFERED 1
 
-# Copy the requirements.txt file from the requirements-stage to the
-# /code directory.
-COPY --from=requirements-stage /tmp/requirements.txt /code/requirements.txt
-
-# Upgrade pip and install the dependencies from the requirements.txt file.
-RUN pip install --upgrade pip && \
-    pip install --no-cache-dir --upgrade -r /code/requirements.txt
-
-# Copy the api directory to the /code directory.
-ADD /app /code/app
-ADD run.sh /code/run.sh
-RUN chmod +x /code/run.sh
-
-# chown all the files to the app user
-RUN chown -R app:app /code
-
-# Change to the app user
-USER app
+# Copy app, generate static and set permissions
+RUN /env/bin/python manage.py collectstatic --no-input --settings=basedosdados_api.settings.base && \
+    chown -R www-data:www-data /app
 
-# Run the uvicorn command, telling it to use the app object imported
-# from api.main.
-CMD ["sh", "/code/run.sh"]
+# Expose and run app
+EXPOSE 80
+STOPSIGNAL SIGKILL
+CMD ["/app/start-server.sh"]