-
Notifications
You must be signed in to change notification settings - Fork 15
Use uv as package manager #565
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -71,3 +71,5 @@ db.sqlite3 | |
|
|
||
| # env | ||
| .env* | ||
|
|
||
| .python-version | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,23 @@ | ||
| FROM python:3.10-slim-buster | ||
| FROM python:3.10-slim-bookworm | ||
|
|
||
| COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/ | ||
|
|
||
| WORKDIR /srv | ||
|
|
||
| ENV PYTHONDONTWRITEBYTECODE 1 | ||
| ENV PYTHONUNBUFFERED 1 | ||
| ENV PYTHONDONTWRITEBYTECODE=1 | ||
| ENV PYTHONUNBUFFERED=1 | ||
| ENV UV_COMPILE_BYTECODE=1 | ||
| ENV UV_LINK_MODE=copy | ||
|
|
||
| RUN apt update && apt install -y libpq-dev build-essential netcat && rm -rf /var/lib/apt/lists/* | ||
| RUN apt-get update && apt-get install -y --no-install-recommends libpq-dev build-essential netcat-openbsd && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| COPY ./requirements.txt . | ||
| COPY ./requirements-prod.txt . | ||
| COPY pyproject.toml uv.lock ./ | ||
|
|
||
| RUN pip install --upgrade pip && pip install -r requirements.txt && pip install -r requirements-prod.txt | ||
| RUN uv sync --frozen --no-dev --group prod --no-install-project | ||
|
|
||
| COPY . . | ||
|
|
||
| RUN uv sync --frozen --no-dev --group prod --no-editable | ||
|
|
||
| ENTRYPOINT ["./entrypoint.sh"] | ||
| CMD ["gunicorn", "incubator.wsgi:application", "--bind", "0.0.0.0:8000"] | ||
| CMD ["uv", "run", "gunicorn", "incubator.wsgi:application", "--bind", "0.0.0.0:8000"] | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this file still relevant ?
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't even know what it's |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,14 @@ | ||
| from fabric.api import run, cd | ||
| from fabric.context_managers import prefix | ||
|
|
||
|
|
||
| def deploy(): | ||
| code_dir = '/home/www-data/incubator' | ||
| with cd(code_dir), prefix('source ve/bin/activate'): | ||
| run('sudo supervisorctl stop incubator') | ||
| code_dir = "/home/www-data/incubator" | ||
| with cd(code_dir): | ||
| run("sudo supervisorctl stop incubator") | ||
| run("./save_db.sh") | ||
| run("git pull") | ||
| run("pip install -r requirements.txt --upgrade -q") | ||
| run("./manage.py collectstatic --noinput -v 0") | ||
| run("./manage.py makemigrations") | ||
| run("./manage.py migrate") | ||
| run('sudo supervisorctl start incubator') | ||
| run("uv sync --frozen") | ||
| run("uv run ./manage.py collectstatic --noinput -v 0") | ||
| run("uv run ./manage.py makemigrations") | ||
| run("uv run ./manage.py migrate") | ||
| run("sudo supervisorctl start incubator") |
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,64 @@ | ||||||
| [project] | ||||||
| name = "incubator" | ||||||
| version = "0.1.0" | ||||||
| description = "UrLab's incubator – hackerspace management platform" | ||||||
| requires-python = ">=3.10" | ||||||
|
|
||||||
| dependencies = [ | ||||||
| # Main packages | ||||||
| "django>=3,<4", | ||||||
|
|
||||||
| # Main Django apps | ||||||
| "djangorestframework", | ||||||
| "django-activity-stream", | ||||||
| "django-bootstrap4", | ||||||
| "django-constance", | ||||||
|
||||||
| "django-constance", | |
| "django-constance[database]", |
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Dockerfile pulls
ghcr.io/astral-sh/uvusing the mutablelatesttag, which is a supply-chain risk. If that registry or tag is ever compromised, a maliciousuvbinary could be injected into your build, with the ability to influence dependency resolution and run in an environment that may have access to secrets or sensitive configuration. To reduce this risk, reference this image using an immutable identifier such as a specific version tag and preferably a content digest, and update it explicitly when you choose to upgrade.