Merge pull request #20 from ministryofjustice/environment-variables

add environment variables
ministryofjustice · Jan 26, 2024 · b63bf2b · b63bf2b
2 parents b599e5e + 8912ec1
commit b63bf2b
Show file tree

Hide file tree

Showing 11 changed files with 213 additions and 36 deletions.
diff --git a/.env.example b/.env.example
@@ -0,0 +1,8 @@
+# Django Development Variables
+DEBUG=1
+SECRET_KEY=foo
+DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1] .service.justice.gov.uk
+
+# Catalogue Variables
+CATALOGUE_TOKEN=mycatalogtoken
+CATALOGUE_URL=https://datahub.apps-tools.development.data-platform.service.justice.gov.uk/api/gms
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -35,7 +35,13 @@ jobs:
           cat deployments/templates/deployment.yml | envsubst > deployments/deployment.yml
           cat deployments/templates/ingress.yml | envsubst > deployments/ingress.yml
           cat deployments/templates/service.yml | envsubst > deployments/service.yml
+          cat deployments/templates/secrets.yml | envsubst > deployments/secrets.yml
         env:
+          CATALOGUE_URL: ${{ vars.CATALOGUE_URL }}
+          DEBUG: ${{ vars.DEBUG }}
+          DJANGO_ALLOWED_HOSTS: ${{ vars.DJANGO_ALLOWED_HOSTS }}
+          SECRET_KEY: ${{ secrets.SECRET_KEY }}
+          CATALOGUE_TOKEN: ${{ secrets.CATALOGUE_TOKEN }}
           IMAGE_TAG: ${{ github.sha }}
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
           REPOSITORY: ${{ vars.ECR_REPOSITORY }}

diff --git a/.gitignore b/.gitignore
@@ -163,6 +163,4 @@ cython_debug/
 #static files dirs
 staticfiles/
 
-local.py
-
 node_modules
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,25 @@
+default_stages: [commit]
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: requirements-txt-fixer
+      - id: check-yaml
+      - id: end-of-file-fixer
+        exclude: tf$|j2$
+      - id: trailing-whitespace
+        exclude: tf$|j2$
+
+  - repo: https://github.com/psf/black
+    rev: 23.11.0
+    hooks:
+      - id: black
+        name: black formatting
+        args: [--config=./pyproject.toml]
+
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        args: ["--baseline", ".secrets.baseline"]
+        exclude: package.lock.json
diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
 # Install poetry via pip
-RUN pip install poetry==1.5.1
+RUN pip install poetry==1.7.1
 
 ENV POETRY_NO_INTERACTION=1 \
     POETRY_VIRTUALENVS_IN_PROJECT=1 \

diff --git a/core/settings.py b/core/settings.py
@@ -1,37 +1,22 @@
-"""
-Django settings for core project.
-
-Generated by 'django-admin startproject' using Django 5.0.1.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/5.0/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/5.0/ref/settings/
-"""
 import os
 from pathlib import Path
 
+from dotenv import load_dotenv
 import yaml
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/
+# loads the configs from .env
+load_dotenv(os.path.join(BASE_DIR, ".env"))
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "django-insecure-l!hxiq=!g2@)$-n3v0)yec128g7j=ksrdql+86%z66d-x6no5%"
+SECRET_KEY = str(os.environ.get('SECRET_KEY'))
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = os.getenv("DEBUG", "False") == "True"
+DEBUG = bool(os.environ.get("DEBUG", default=0))
 
-ALLOWED_HOSTS = [
-    "localhost",
-    "127.0.0.1",
-    ".service.justice.gov.uk",
-]
+ALLOWED_HOSTS = str(os.environ.get("DJANGO_ALLOWED_HOSTS")).split(" ")
 
 # Application definition
 INSTALLED_APPS = [
@@ -118,9 +103,6 @@
 USE_TZ = True
 
 
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/5.0/howto/static-files/
-
 # https://whitenoise.readthedocs.io/en/latest/django.html#WHITENOISE_STATIC_PREFIX
 STATIC_URL = "/static/"
 # https://whitenoise.readthedocs.io/en/latest/django.html#make-sure-staticfiles-is-configured-correctly
@@ -147,10 +129,7 @@
 with open(SAMPLE_SEARCH_RESULTS_FILENAME) as f:
     SAMPLE_SEARCH_RESULTS = yaml.safe_load(f)
 
-DATAHUB_TOKEN = os.environ["CATALOGUE_TOKEN"]
-DATAHUB_URL = os.environ["CATALOGUE_URL"]
 
-try:
-    from local import *  # type: ignore[reportMissingImports]
-except ImportError:
-    pass
+# Catalog settings
+CATALOGUE_URL = os.environ.get("CATALOGUE_URL")
+CATALOGUE_TOKEN = os.environ.get("CATALOGUE_TOKEN")
diff --git a/deployments/templates/deployment.yml b/deployments/templates/deployment.yml
@@ -21,3 +21,20 @@ spec:
             - name: http
               containerPort: 8000
               protocol: TCP
+          env:
+            - name: CATALOGUE_URL
+              value: "${CATALOGUE_URL}"
+            - name: DEBUG
+              value: "${DEBUG}"
+            - name: DJANGO_ALLOWED_HOSTS
+              value: "${DJANGO_ALLOWED_HOSTS}"
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: find-moj-data-secrets
+                  key: secret_key
+            - name: CATALOGUE_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: find-moj-data-secrets
+                  key: catalogue_token
diff --git a/deployments/templates/secrets.yml b/deployments/templates/secrets.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "find-moj-data-secrets"
+type: Opaque
+data:
+  secret_key: "${SECRET_KEY}"
+  catalogue_token: "${CATALOGUE_TOKEN}"
diff --git a/home/services.py b/home/services.py
@@ -5,5 +5,5 @@
 
 def get_catalogue_client() -> BaseCatalogueClient:
     return DataHubCatalogueClient(
-        jwt_token=settings.DATAHUB_TOKEN, api_url=settings.DATAHUB_URL
+        jwt_token=settings.CATALOGUE_TOKEN, api_url=settings.CATALOGUE_URL
     )
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,5 +1,5 @@
 [tool.poetry]
-name = "daap-catalogue"
+name = "find-moj-data"
 version = "0.1.0"
 description = ""
 authors = ["Mitch Dawson <[email protected]>"]
@@ -13,11 +13,13 @@ gunicorn = "^21.2.0"
 whitenoise = "^6.6.0"
 ministryofjustice-data-platform-catalogue = "^0.5.0"
 markdown = "^3.5.2"
+python-dotenv = "^1.0.1"
 
 [tool.poetry.group.dev] # dev group definition
 
 [tool.poetry.group.dev.dependencies]
 black = "^23.12.1"
+pre-commit = "^3.6.0"
 
 [build-system]
 requires = ["poetry-core"]