Studio-Yandex-Practicum · KonstantinRaikhert · Sep 7, 2023
diff --git a/.black b/.black
@@ -0,0 +1 @@
+line-length = 79
diff --git a/.env.example b/.env.example
@@ -0,0 +1,33 @@
+# Конфигурация Telegram бота
+TELEGRAM_TOKEN=YOUR_TELEGRAM_BOT_TOKEN
+# Webhook
+WEBHOOK_ENABLED=False
+WEBHOOK_URL=NOT_SET
+WEBHOOK_SECRET_KEY=STRONG_SECRET_KEY
+# Persistence
+REDIS=False
+REDIS_HOST=172.17.0.1
+REDIS_PORT=6379
+
+# Конфигурация Django
+DJANGO_SECRET_KEY=SOMETHING_REALLY_SECRET
+DEBUG=True
+ALLOWED_HOSTS=localhost,127.0.0.1
+
+# Конфигурация базы данных PostgreSQL
+POSTGRES_HOST=localhost
+POSTGRES_PORT=5432
+POSTGRES_DB=spread_wings
+POSTGRES_USER=spread_wings_user
+POSTGRES_PASSWORD=spread_wings_password
+
+# Конфигурация почтового агента
+EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend # Отправка через почтового агента
+EMAIL_HOST=smtp.yandex.ru
+EMAIL_PORT=465
+# реквизиты для аутентификации в почтовом сервисе
+EMAIL_ACCOUNT=example@yandex.ru
+EMAIL_PASSWORD=password
+# в настройках аккаунта откуда отправляется письмо подключите протокол IMAP
+# адрес по умолчанию для отправки вопросов от пользователей
+DEFAULT_EMAIL_ADDRESS=NOT_SET
diff --git a/.flake8 b/.flake8
@@ -0,0 +1,5 @@
+[flake8]
+ignore = E501, E265, F811, PT001, DJ05, D100, D105, D104, W504, W292, D106, D107, W503
+max-line-length = 79
+exclude =
+    */migrations/
diff --git a/.github/ISSUE_TEMPLATE/tasks.md b/.github/ISSUE_TEMPLATE/tasks.md
@@ -0,0 +1,17 @@
+---
+name: Tasks
+about: Create a task for this project
+title: ''
+labels: Feature
+assignees: ''
+
+---
+
+**Why?**
+Зачем выполняется реализация задачи и какую проблему она решает.
+
+**How To Do?**
+Как мы выполняем реализацию данной задачи, какие действия нужны для достижения цели.
+
+**Where?**
+Где делаем реализацию задачи, какие сервисы задействованы, ссылка на требования, сcылка на API, скриншоты.
diff --git a/.github/workflows/build-and-push-image-to-github-packages.yml b/.github/workflows/build-and-push-image-to-github-packages.yml
@@ -0,0 +1,54 @@
+name: Create and publish a Docker image
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image for Production
+        if: github.ref == 'refs/heads/master'
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          file: prod.Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Build and push Docker image for Stage
+        if: github.ref == 'refs/heads/develop'
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/check_django_migrations.yml b/.github/workflows/check_django_migrations.yml
@@ -0,0 +1,70 @@
+name: Django migrations Check
+
+on:
+  push:
+    branches:
+    - '**'
+  pull_request:
+    branches:
+    - master
+    - develop
+
+jobs:
+  migration-check:
+    name: Check Migrations
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.11.4
+
+      - name: Install production branch dependencies
+        if: github.ref == 'refs/heads/master'
+        run: |
+          pip install -r requirements/production.txt
+
+      - name: Install dependencies
+        if: github.ref != 'refs/heads/master'
+        run: |
+          pip install -r requirements/develop.txt
+
+      - name: Run migrations check
+        run: |
+          cd src/
+
+          touch .env
+
+          echo TELEGRAM_TOKEN=${{ secrets.TELEGRAM_TOKEN }} >> .env
+
+          echo WEBHOOK_ENABLED=${{ secrets.WEBHOOK_ENABLED }} >> .env
+          echo WEBHOOK_URL=${{ secrets.WEBHOOK_URL }} >> .env
+          echo WEBHOOK_SECRET_KEY=${{ secrets.WEBHOOK_SECRET_KEY }} >> .env
+
+          echo REDIS_HOST=${{ secrets.REDIS_HOST }} >> .env
+          echo REDIS_PORT=${{ secrets.REDIS_PORT }} >> .env
+          echo REDIS=${{ secrets.REDIS }} >> .env
+
+          echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env
+          echo DEBUG=False >> .env
+          echo ALLOWED_HOSTS=${{ secrets.ALLOWED_HOSTS }} >> .env
+
+          echo POSTGRES_HOST=${{ secrets.POSTGRES_HOST }} >> .env
+          echo POSTGRES_PORT=${{ secrets.POSTGRES_PORT }} >> .env
+          echo POSTGRES_DB=${{ secrets.POSTGRES_DB }} >> .env
+          echo POSTGRES_USER=${{ secrets.POSTGRES_USER }} >> .env
+          echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env
+
+          echo EMAIL_BACKEND=${{ secrets.EMAIL_BACKEND }} >> .env
+          echo DEFAULT_EMAIL_ADDRESS=${{ secrets.DEFAULT_EMAIL_ADDRESS }} >> .env
+          echo EMAIL_ACCOUNT=${{ secrets.EMAIL_ACCOUNT }} >> .env
+          echo EMAIL_HOST=${{ secrets.EMAIL_HOST }} >> .env
+          echo EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }} >> .env
+          echo EMAIL_PORT=${{ secrets.EMAIL_PORT }} >> .env
+
+          python manage.py makemigrations --settings=config.test_settings --check --dry-run
diff --git a/.github/workflows/check_vulnerabilities.yaml b/.github/workflows/check_vulnerabilities.yaml
@@ -0,0 +1,33 @@
+name: Python safety check
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - master
+
+env:
+  DEVELOP: requirements/develop.txt
+  PRODUCTION: requirements/production.txt
+  # https://github.com/aufdenpunkt/python-safety-check#env-variables
+  DEP_PATH: None
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out master
+        uses: actions/checkout@master
+
+      - name: Requiremets path to production branch
+        if: ${{ github.base_ref == 'master' }}
+        run: echo "DEP_PATH=$PRODUCTION" >> $GITHUB_ENV
+
+      - name: Requiremets path to develop branch
+        if: ${{ github.base_ref == 'develop' }}
+        run: echo "DEP_PATH=$DEVELOP" >> $GITHUB_ENV
+
+      - name: Security vulnerabilities scan
+        uses: aufdenpunkt/python-safety-check@master
+        with:
+          safety_args: '-i 39642'
diff --git a/.github/workflows/codestyle_pep8.yml b/.github/workflows/codestyle_pep8.yml
@@ -0,0 +1,30 @@
+name: App code style workflow
+
+on: [push]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./src
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.11
+
+    - name: Install dependencies
+      run: pip install -r ../requirements/develop.txt
+
+    - name: Isort
+      run: isort .
+
+    - name: Test with flake8
+      run: flake8
+
+    - name: Test with black
+      run: black .
diff --git a/.github/workflows/deploy-bot-on-prod.yml b/.github/workflows/deploy-bot-on-prod.yml
@@ -0,0 +1,84 @@
+name: Deploy bot on prod
+
+on:
+  workflow_run:
+    workflows: [Create and publish a Docker image]
+    types: [completed]
+    branches: [master]
+
+jobs:
+  on-success:
+    runs-on: ubuntu-latest
+    environment:
+      name: prod_deploy
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Prepare infra/prod
+        run: |
+          mkdir ../build
+          cp -TR ./infra/prod ../build
+          tar -cvf deploy.tar ../build/
+      - name: copy infra/prod
+        uses: appleboy/scp-action@v0.1.4
+        with:
+          host: ${{ secrets.VM_HOST }}
+          username: ${{ secrets.VM_USER }}
+          password: ${{ secrets.VM_PASSWORD }}
+          source: "deploy.tar"
+          target: /home/deploy/spread_wings_bot/infra/prod/
+      - name: ssh pull and start
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.VM_HOST }}
+          username: ${{ secrets.VM_USER }}
+          password: ${{ secrets.VM_PASSWORD }}
+          script: |
+            cd /home/deploy/spread_wings_bot/infra/prod/
+            tar -xvf deploy.tar --strip-components 1
+            rm deploy.tar
+            rm .env
+            touch .env
+
+            echo NGINX_HOST=${{ secrets.NGINX_HOST }} >> .env
+            echo NGINX_PORT=${{ secrets.NGINX_PORT }} >> .env
+
+            echo TELEGRAM_TOKEN=${{ secrets.TELEGRAM_TOKEN }} >> .env
+
+            echo WEBHOOK_ENABLED=${{ secrets.WEBHOOK_ENABLED }} >> .env
+            echo WEBHOOK_URL=${{ secrets.WEBHOOK_URL }} >> .env
+            echo WEBHOOK_SECRET_KEY=${{ secrets.WEBHOOK_SECRET_KEY }} >> .env
+
+            echo REDIS_HOST=${{ secrets.REDIS_HOST }} >> .env
+            echo REDIS_PORT=${{ secrets.REDIS_PORT }} >> .env
+            echo REDIS=${{ secrets.REDIS }} >> .env
+
+            echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env
+            echo DEBUG=False >> .env
+            echo ALLOWED_HOSTS=${{ secrets.ALLOWED_HOSTS }} >> .env
+
+            echo POSTGRES_HOST=${{ secrets.POSTGRES_HOST }} >> .env
+            echo POSTGRES_PORT=${{ secrets.POSTGRES_PORT }} >> .env
+            echo POSTGRES_DB=${{ secrets.POSTGRES_DB }} >> .env
+            echo POSTGRES_USER=${{ secrets.POSTGRES_USER }} >> .env
+            echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env
+
+            echo EMAIL_BACKEND=${{ secrets.EMAIL_BACKEND }} >> .env
+            echo DEFAULT_EMAIL_ADDRESS=${{ secrets.DEFAULT_EMAIL_ADDRESS }} >> .env
+            echo EMAIL_ACCOUNT=${{ secrets.EMAIL_ACCOUNT }} >> .env
+            echo EMAIL_HOST=${{ secrets.EMAIL_HOST }} >> .env
+            echo EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }} >> .env
+            echo EMAIL_PORT=${{ secrets.EMAIL_PORT }} >> .env
+
+            # Cleaning unused containers, images, networks
+            docker system prune --force
+
+            # Installing defend service for app
+            sudo cp -f /home/deploy/spread_wings_bot/infra/prod/spread_wings_bot_prod.service /etc/systemd/system/spread_wings_bot_prod.service
+            sudo systemctl daemon-reload
+            sudo systemctl restart spread_wings_bot_prod.service
+
+            # Applying initialization commands
+            sleep 7
+            docker exec spread-wings-bot python manage.py migrate
+            docker exec spread-wings-bot python manage.py collectstatic --noinput