Merge pull request #118 from caktus/develop

Production Release June 28, 2022

Author: copelco

.circleci/config.yml

@@ -0,0 +1,60 @@
+name: deploy
+
+on:
+  push:
+    branches: [main, develop, 112-deploy-fix]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-20.04
+    env:
+      ENV: staging
+      GITHUB_ENV: https://staging.nccopwatch.org/
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set env vars (production)
+        if: endsWith(github.ref, '/main')
+        run: | 
+          echo "ENV=production" >> $GITHUB_ENV
+          echo "ENV_URL=https://nccopwatch.org/" >> $GITHUB_ENV
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.9'
+          cache: 'pip'
+          cache-dependency-path: 'requirements/*/*.txt'
+      - name: Install dependencies
+        run: |
+          python -m pip install pip-tools
+          pip-sync requirements/base/base.txt requirements/dev/dev.txt
+      - name: Start deployment
+        uses: bobheadxi/deployments@v1
+        id: deployment
+        with:
+          step: start
+          token: ${{ secrets.GITHUB_TOKEN }}
+          env: ${{ env.ENV }}
+      - name: Login to Docker
+        id: docker-login
+        run: |
+          echo "env is $ENV"
+          inv $ENV aws.docker-login
+      - name: Build, tag, push, and deploy image
+        id: build-tag-push-deploy
+        run: |
+          echo "env is $ENV"
+          inv $ENV image deploy --verbosity=0
+      - name: Update deployment status
+        uses: bobheadxi/deployments@v1
+        if: always()
+        with:
+          step: finish
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: ${{ job.status }}
+          env: ${{ env.ENV }}
+          env_url: ${{ env.ENV_URL }}
+          deployment_id: ${{ steps.deployment.outputs.deployment_id }}

.github/workflows/deploy.yaml

@@ -0,0 +1,51 @@
+name: test
+
+on:
+  pull_request:
+  push:
+    branches: [main, develop, actions-cd]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        # From:
+        # https://docs.github.com/en/actions/guides/creating-postgresql-service-containers
+        image: postgres
+        env:
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: traffic_stops
+        # Set health checks to wait until postgres has started
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.9'
+          cache: 'pip'
+          cache-dependency-path: 'requirements/*/*.txt'
+      - name: Install dependencies
+        run: |
+          sudo apt update
+          sudo apt install -y --no-install-recommends postgresql-client-12
+          python -m pip install pip-tools
+          pip-sync requirements/base/base.txt requirements/test/test.txt
+      - name: Create NC database
+        run: |
+          psql $DATABASE_URL -c 'CREATE DATABASE traffic_stops_nc;'
+        env:
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/traffic_stops
+      - name: Run tests
+        run: |
+           pytest
+        env:
+          DJANGO_SETTINGS_MODULE: traffic_stops.settings.dev
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/traffic_stops
+          DATABASE_URL_NC: postgres://postgres:postgres@localhost:5432/traffic_stops_nc

.github/workflows/test.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/psf/black
-    rev: 19.10b0
+    rev: 22.3.0
     hooks:
       - id: black
         language_version: python3.8

.pre-commit-config.yaml

@@ -1,9 +1,6 @@
 NC CopWatch
 ================
 
-.. image:: https://circleci.com/gh/caktus/Traffic-Stops.svg?style=svg
-    :target: https://circleci.com/gh/caktus/Traffic-Stops
-
 NC CopWatch is a website to monitor and identify racial profiling
 practices by North Carolina law enforcement agencies. This project is lead by
 `Forward Justice`_, a nonpartisan law, policy, and strategy center dedicated to advancing racial, 

README.rst

@@ -93,7 +93,7 @@ k8s_papertrail_logspout_destination: "syslog+tls://logs2.papertrailapp.com:20851
 k8s_papertrail_logspout_memory_limit: 128Mi
 
 # New Relic Infrastructure: admin+newrelic@caktusgroup.com
-k8s_newrelic_chart_version: "3.2.4"
+k8s_newrelic_chart_version: "3.5.1"
 k8s_newrelic_license_key: !vault |
   $ANSIBLE_VAULT;1.1;AES256
   37656631623333346263383231386165666531333961373931383661366338343634333362356430

deploy/group_vars/all.yml

@@ -39,7 +39,16 @@ k8s_migration_command:
   - migrate_all_dbs.sh
 k8s_collectstatic_enabled: false
 
+# Auxillary pod configuration:
+k8s_worker_enabled: true
+k8s_worker_replicas: 1
+k8s_worker_celery_app: "traffic_stops"
+k8s_worker_beat_enabled: true
+k8s_memcached_enabled: false
+k8s_redis_enabled: true
+
 # Shared environment variables:
+env_django_debug: false
 env_database_url: "postgres://{{ app_name }}_{{ env_name }}:{{ database_password }}@{{ DatabaseAddress }}:5432/{{ app_name }}_{{ env_name }}"
 env_database_url_nc: "postgres://{{ app_name }}_{{ env_name }}:{{ database_password }}@{{ DatabaseAddress }}:5432/{{ app_name }}_{{ env_name }}_nc"
 env_django_settings: "traffic_stops.settings.deploy"
@@ -83,13 +92,48 @@ env_email_host_password: !vault |
   3232353563333332396133636565626662366332356638303166
 env_email_use_tls: "true"
 
-# Auxillary pod configuration:
-k8s_worker_enabled: true
-k8s_worker_replicas: 1
-k8s_worker_celery_app: "traffic_stops"
-k8s_worker_beat_enabled: true
-k8s_memcached_enabled: false
-k8s_redis_enabled: true
+k8s_environment_variables:
+  DJANGO_DEBUG: "{{ env_django_debug | string | title | string }}"
+  DATABASE_URL: "{{ env_database_url }}"
+  DATABASE_URL_NC: "{{ env_database_url_nc }}"
+  DJANGO_SETTINGS_MODULE: "{{ env_django_settings }}"
+  # DOMAIN is the ALLOWED_HOST
+  DOMAIN: "{{ k8s_domain_names[0] }}"
+  ALLOWED_HOSTS: "{{ k8s_domain_names[0] }}"
+  ENVIRONMENT: "{{ env_name }}"
+  CACHE_HOST: "{{ env_cache_host }}"
+  BROKER_URL: "{{ env_broker_url }}"
+  # *** Uploaded media
+  DEFAULT_FILE_STORAGE: "{{ env_default_file_storage }}"
+  MEDIA_STORAGE_BUCKET_NAME: "{{ env_media_storage_bucket_name }}"
+  AWS_DEFAULT_ACL: "{{ env_aws_default_acl }}"
+  AWS_DEFAULT_REGION: "{{ aws_region }}"
+  MEDIA_LOCATION: "{{ env_media_location }}"
+  # *** Email
+  # 'ses-smtp-user.20200921-084510' user in traffic-stops account
+  EMAIL_HOST: "{{ env_email_host }}"
+  EMAIL_HOST_USER: "{{ env_email_host_user }}"
+  EMAIL_HOST_PASSWORD: "{{ env_email_host_password }}"
+  EMAIL_USE_TLS: "{{ env_email_use_tls }}"
+  # *** New Relic APM
+  NEW_RELIC_APP_NAME: "{{ env_new_relic_app_name }}"
+  NEW_RELIC_LICENSE_KEY: "{{ env_new_relic_license_key }}"
+  SENTRY_DSN: "{{ env_sentry_dsn }}"
+  DJANGO_SECRET_KEY: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    35313432353232386662373534636239333765663936643639363266323337333936656462373962
+    3766616464653266613234303331663934386462313238370a646532663834356266333765623763
+    63633165383834303864613362623364653165623135323138346234313031393461653033306233
+    3861323666306530640a346233653332356235623036653865383235626636623764613038653331
+    61343666356364623132323230626430616261313463366462643632346132313331316561633764
+    37646461333661316261363930626239643633323333633930636232616231326530656233396164
+    613035323630616135653866373062303966
+  # ** FTP_ACCESS
+  NC_FTP_HOST: "{{ env_nc_ftp_host }}"
+  NC_FTP_USER: "{{ env_nc_ftp_user }}"
+  NC_FTP_PASSWORD: "{{ env_nc_ftp_password }}"
+  # Contact form
+  CONTACT_US_EMAILS: "{{ env_contact_us_emails|join(':') }}"
 
 # S3 bucket configuration:
 k8s_s3_region: "{{ aws_region }}"

deploy/group_vars/k8s.yml

@@ -9,6 +9,28 @@ k8s_ingress_tls_domains_extra:
 # - nccopwatch.com
 # - www.nccopwatch.com
 
+env_contact_us_emails:
+  - wcarpenter@forwardjustice.org
+
+database_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  31303862343062663437326263393631366262363939333135623034333633386233616431643866
+  6564313439393663386438656334653430316365363462390a383834386462636664663861656536
+  39333463653932393665333038353735303735366230623539613734393637633063336534633130
+  3634653137623430320a373235636435363338353833636261613538386436643539323232373131
+  36373833353534643936383734646537656238623839373161316139373132373332
+
+# pwgen -s 64 1|tr -d '\n'|ansible-vault encrypt_string
+env_django_secret_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  35313432353232386662373534636239333765663936643639363266323337333936656462373962
+  3766616464653266613234303331663934386462313238370a646532663834356266333765623763
+  63633165383834303864613362623364653165623135323138346234313031393461653033306233
+  3861323666306530640a346233653332356235623036653865383235626636623764613038653331
+  61343666356364623132323230626430616261313463366462643632346132313331316561633764
+  37646461333661316261363930626239643633323333633930636232616231326530656233396164
+  613035323630616135653866373062303966
+
 k8s_auth_api_key: !vault |
   $ANSIBLE_VAULT;1.1;AES256
   63656266376132353139656233643430353262323431616436326435666333633664353533353261
@@ -65,56 +87,6 @@ k8s_auth_api_key: !vault |
   38323164663832643565653430326466663132626334303932313333313331343634666634383936
   3730
 
-database_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  31303862343062663437326263393631366262363939333135623034333633386233616431643866
-  6564313439393663386438656334653430316365363462390a383834386462636664663861656536
-  39333463653932393665333038353735303735366230623539613734393637633063336534633130
-  3634653137623430320a373235636435363338353833636261613538386436643539323232373131
-  36373833353534643936383734646537656238623839373161316139373132373332
-
-k8s_environment_variables:
-  DATABASE_URL: "{{ env_database_url }}"
-  DATABASE_URL_NC: "{{ env_database_url_nc }}"
-  DJANGO_SETTINGS_MODULE: "{{ env_django_settings }}"
-  DJANGO_DEBUG: "False"
-  # DOMAIN is the ALLOWED_HOST
-  DOMAIN: "{{ k8s_domain_names[0] }}"
-  ALLOWED_HOSTS: "{{ k8s_domain_names[0] }}"
-  ENVIRONMENT: "{{ env_name }}"
-  CACHE_HOST: "{{ env_cache_host }}"
-  BROKER_URL: "{{ env_broker_url }}"
-  # *** Uploaded media
-  DEFAULT_FILE_STORAGE: "{{ env_default_file_storage }}"
-  MEDIA_STORAGE_BUCKET_NAME: "{{ env_media_storage_bucket_name }}"
-  AWS_DEFAULT_ACL: "{{ env_aws_default_acl }}"
-  AWS_DEFAULT_REGION: "{{ aws_region }}"
-  MEDIA_LOCATION: "{{ env_media_location }}"
-  # *** Email
-  # 'ses-smtp-user.20200921-084510' user in traffic-stops account
-  EMAIL_HOST: "{{ env_email_host }}"
-  EMAIL_HOST_USER: "{{ env_email_host_user }}"
-  EMAIL_HOST_PASSWORD: "{{ env_email_host_password }}"
-  EMAIL_USE_TLS: "{{ env_email_use_tls }}"
-  # *** New Relic APM
-  NEW_RELIC_APP_NAME: "{{ env_new_relic_app_name }}"
-  NEW_RELIC_LICENSE_KEY: "{{ env_new_relic_license_key }}"
-  SENTRY_DSN: "{{ env_sentry_dsn }}"
-  DJANGO_SECRET_KEY: !vault |
-    $ANSIBLE_VAULT;1.1;AES256
-    35313432353232386662373534636239333765663936643639363266323337333936656462373962
-    3766616464653266613234303331663934386462313238370a646532663834356266333765623763
-    63633165383834303864613362623364653165623135323138346234313031393461653033306233
-    3861323666306530640a346233653332356235623036653865383235626636623764613038653331
-    61343666356364623132323230626430616261313463366462643632346132313331316561633764
-    37646461333661316261363930626239643633323333633930636232616231326530656233396164
-    613035323630616135653866373062303966
-  # ** FTP_ACCESS
-  NC_FTP_HOST: "{{ env_nc_ftp_host }}"
-  NC_FTP_USER: "{{ env_nc_ftp_user }}"
-  NC_FTP_PASSWORD: "{{ env_nc_ftp_password }}"
-
-
 # ** TS_BACKUPS
 k8s_hosting_services_project_name: "{{ app_name }}"
 k8s_hosting_services_aws_secret_access_key: !vault |