This commit significantly refactors the Docker setup and application
configuration for improved robustness and flexibility.
Key changes include:
- Centralized Environment Variables:
- Default values for essential settings (database, email, cache, etc.)
are now defined in `django_project/settings.py` using `environ.Env`.
This provides sensible defaults and reduces reliance on `.env` files,
especially during Docker image builds.
- `docker-compose.yml` no longer defines environment variables directly
for `web` and `worker` services, deferring to `.env` and settings defaults.
- Dockerfile & Entrypoint Improvements:
- `DJANGO_SETTINGS_MODULE` is now exclusively set as an ENV in `Dockerfile`, instead of setting it in `entrypoint.sh`
- `entrypoint.sh` now conditionally appends `--static-path-mount`
only to the `granian` command, leveraging the upgraded Granian's
(v2.3.0+) ability to serve static files directly. The `STATIC_ROOT` is
dynamically fetched from Django settings.
- Dependency Updates:
- Upgraded `granian` from 2.2.5 to 2.3.1.
- Upgraded `click` from 8.2.0 to 8.2.1.
- `uv.lock` reflects these and other minor transitive dependency updates.
- Configuration Adjustments in `settings.py`:
- Add defaults for all env variables, and set to default local dev settings
- Introduced a `SCHEME` environment variable (defaulting to 'http')
used for `CSRF_TRUSTED_ORIGINS`, `META_SITE_PROTOCOL`,
`ACCOUNT_DEFAULT_HTTP_PROTOCOL`, etc.
- `TIME_ZONE` and various email settings (host, port, user, password, TLS)
are now configurable via environment variables with defaults.
- `CELERY_TIMEZONE` now defaults to the `TIME_ZONE` setting.
- Removed the unused `SCW_SECRET_KEY` variable (previously used for
EMAIL auth).
- **Implemented Dynamic Gatekeeper (Anubis) Proxy:**
- Introduced Anubis as a Gatekeeper proxy layer for services (`web`, `web-staging`, `feedback`, `health`).
- Added `docker-gen` setup (`docker-compose_gatekeeper.template.yml`, `gatekeeper-manager`) to dynamically configure Anubis instances based on container labels (`enable_gatekeeper=true`).
- Updated HAProxy to route traffic through the respective Gatekeeper services.
- **Enhanced Service Health Monitoring & Checks:**
- Integrated `django-health-check` into the Django application, providing detailed health endpoints (e.g., `/health/`).
- Replaced the custom health check view with `django-health-check` URLs.
- Added `psutil` for system metrics in health checks.
- Made Gatus configuration dynamic using `docker-gen` (`config.template.yaml`), allowing automatic discovery and monitoring of service instances (e.g., web workers).
- Externalized Gatus SMTP credentials to environment variables.
- Strengthened `docker-compose_core.yml` with a combined `db-redis-healthcheck` service reporting to Gatus.
- Added explicit health checks for `db` and `redis` services in `docker-compose.yml`.
- **Improved Docker & Compose Configuration:**
- Added `depends_on` conditions in `docker-compose.yml` for `web` and `celery` services to wait for the database.
- Updated `ALLOWED_HOSTS` in `docker-compose_staging.yml` and `docker-compose_web.yml` to include internal container names for Gatekeeper communication.
- Set `DEBUG=False` for staging services.
- Removed `.env.production` from `.gitignore` (standardized to `.env`).
- Streamlined `scripts/entrypoint.sh` by removing the call to the no-longer-present `/deploy.sh`.
- **Dependency Updates:**
- Added `django-health-check>=3.18.3` and `psutil>=7.0.0` to `pyproject.toml` and `uv.lock`.
- Updated `settings.py` to include `health_check` apps, configuration, and use `REDIS_URL` consistently.
- **Streamlined deployment script used in GHA:**
- Updated the workflow to copy new server files and create a new `.env` file in the temporary directory before moving them into place.
- Consolidated the stopping and removal of old containers into a single step for better clarity and efficiency.
- Reduce container downtime by rearranging stop/start steps.
