From 10691ac6f69cb17efcfc12a7ae38030b8b29539e Mon Sep 17 00:00:00 2001 From: Edward Oliveira Date: Wed, 10 Sep 2025 12:45:48 -0300 Subject: [PATCH 1/2] Remove setup.py do projeto SAPL Remove legacy CI/CD stuff --- .travis.yml | 25 --------------------- MANIFEST.in | 8 ------- README.rst | 3 +-- release.sh | 4 +--- setup.py | 65 ----------------------------------------------------- 5 files changed, 2 insertions(+), 103 deletions(-) delete mode 100644 .travis.yml delete mode 100644 MANIFEST.in delete mode 100644 setup.py diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index f9ef2fe97..000000000 --- a/.travis.yml +++ /dev/null @@ -1,25 +0,0 @@ -language: python - -python: - - 3.7 - -services: - - postgresql - -install: - - pip install -r requirements/test-requirements.txt - -before_script: - - cp sapl/.env_test sapl/.env - - psql -c "CREATE USER sapl WITH PASSWORD 'sapl'" -U postgres; - - psql -c "CREATE DATABASE sapl OWNER sapl;" -U postgres - - ./scripts/django/check_migrations.sh - -script: - - ./manage.py migrate - - py.test --create-db - # - ./scripts/django/test_and_check_qa.sh - -addons: - hosts: - - 127.0.0.1 sapldb diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index 7c730520d..000000000 --- a/MANIFEST.in +++ /dev/null @@ -1,8 +0,0 @@ -include README.rst LICENSE.txt -include sapl/webpack-stats.json -recursive-include sapl *.html *.yaml -recursive-include sapl/static * -recursive-include sapl/relatorios/templates *.py -recursive-include sapl/compilacao *.sql -global-exclude __pycache__ -global-exclude *.py[co] diff --git a/README.rst b/README.rst index 5481ba985..fc082b9d5 100644 --- a/README.rst +++ b/README.rst @@ -1,5 +1,4 @@ -.. image:: https://travis-ci.org/interlegis/sapl.svg?branch=3.1.x - :target: https://travis-ci.org/interlegis/sapl + *********************************************** diff --git a/release.sh b/release.sh index e2928980b..138e92f66 100755 --- a/release.sh +++ b/release.sh @@ -46,13 +46,11 @@ function change_files { if [[ "$OSTYPE" == "darwin"* ]]; then # MacOS (BSD sed) sed -E -i "" "s|$OLD_VERSION|$FINAL_VERSION|g" docker/docker-compose.yaml - sed -E -i "" "s|$OLD_VERSION|$FINAL_VERSION|g" setup.py sed -E -i "" "s|$OLD_VERSION|$FINAL_VERSION|g" sapl/templates/base.html sed -E -i "" "s|$OLD_VERSION|$FINAL_VERSION|g" sapl/settings.py else # Linux (GNU sed) sed -i -E "s|$OLD_VERSION|$FINAL_VERSION|g" docker/docker-compose.yaml - sed -i -E "s|$OLD_VERSION|$FINAL_VERSION|g" setup.py sed -i -E "s|$OLD_VERSION|$FINAL_VERSION|g" sapl/templates/base.html sed -i -E "s|$OLD_VERSION|$FINAL_VERSION|g" sapl/settings.py fi @@ -93,7 +91,7 @@ prompt_yes_no() { function commit_and_push { echo -e "${green_color}Committing new release $FINAL_VERSION...${color_reset}" - git add docker/docker-compose.yaml setup.py sapl/settings.py sapl/templates/base.html + git add docker/docker-compose.yaml sapl/settings.py sapl/templates/base.html git changelog --tag $FINAL_VERSION --prune-old -x > latest_changes.md cat latest_changes.md CHANGES.md > CHANGES.tmp mv CHANGES.tmp CHANGES.md diff --git a/setup.py b/setup.py deleted file mode 100644 index cc0c19b16..000000000 --- a/setup.py +++ /dev/null @@ -1,65 +0,0 @@ -import os - -from setuptools import find_packages, setup - -with open(os.path.join(os.path.dirname(__file__), 'README.rst')) as readme: - README = readme.read() - -# allow setup.py to be run from any path -os.chdir(os.path.normpath(os.path.join(os.path.abspath(__file__), os.pardir))) - -install_requires = [ - 'django>=1.11.19,<3.0', - 'django-haystack==2.8.1', - 'django-filter==2.0.0', - 'djangorestframework==3.11.2', - 'dj-database-url==0.5.0', - 'django-braces==1.9.0', - 'django-crispy-forms==1.7.2', - 'django-extra-views==0.12.0', - 'django-model-utils==3.1.2', - 'django-extensions==2.1.4', - 'django-image-cropping==1.2.0', - 'django-webpack-loader==0.6.0', - 'drf-yasg==1.20.0', - 'easy-thumbnails==2.5', - 'python-decouple==3.1', - 'psycopg2-binary==2.7.6.1', - 'pyyaml==5.4', - 'pytz==2018.9', - 'python-magic==0.4.15', - 'unipath==1.1', - 'WeasyPrint==44', - 'gunicorn==22.0.0', - 'pysolr==3.6.0', - - # 'git+git://github.com/interlegis/trml2pdf.git', - # 'git+git://github.com/interlegis/django-admin-bootstrapped', -] -setup( - name='interlegis-sapl', - version='3.1.164-RC2', - packages=find_packages(), - include_package_data=True, - license='GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007', - description='SAPL - Legislative Process Support System', - long_description=README, - url='https://github.com/interlegis/sapl', - author='interlegis', - author_email='', - classifiers=[ - 'Environment :: Web Environment', - 'Framework :: Django', - 'Framework :: Django :: 1.9', - 'Intended Audience :: Developers', - 'License :: OSI Approved :: BSD License', # example license - 'Operating System :: OS Independent', - 'Programming Language :: Python', - 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.4', - 'Programming Language :: Python :: 3.5', - 'Topic :: Internet :: WWW/HTTP', - 'Topic :: Internet :: WWW/HTTP :: Dynamic Content', - ], - install_requires=install_requires, -) From e5a8a851bd9e26497f4af4ecdc52763ef50ddb25 Mon Sep 17 00:00:00 2001 From: Edward Oliveira Date: Wed, 10 Sep 2025 16:34:51 -0300 Subject: [PATCH 2/2] Fix read-only mount on k8s --- docker/Dockerfile | 2 +- docker/docker-compose.yaml | 10 +++++----- docker/startup_scripts/start.sh | 21 +++++++++++++++------ 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 9fe3d6b75..831627ec8 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -62,7 +62,7 @@ RUN set -eux; \ # Usuários/grupos (idempotente) RUN useradd --system --no-create-home --shell /usr/sbin/nologin sapl || true \ - && groupadd -r nginx || true \ + && groupadd -g 101 -r nginx || true \ && usermod -aG nginx www-data || true \ && usermod -aG nginx sapl || true diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index e84924050..21eb5915f 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -33,11 +33,11 @@ services: networks: - sapl-net sapl: - image: interlegis/sapl:3.1.164-RC2 -# build: -# context: ../ -# dockerfile: ./docker/Dockerfile -# container_name: sapl +# image: eribeiro/sapl:debug-k8s + build: + context: ../ + dockerfile: ./docker/Dockerfile + container_name: sapl labels: NAME: "sapl" restart: always diff --git a/docker/startup_scripts/start.sh b/docker/startup_scripts/start.sh index b612532bc..69f1333f4 100755 --- a/docker/startup_scripts/start.sh +++ b/docker/startup_scripts/start.sh @@ -2,12 +2,24 @@ set -Eeuo pipefail IFS=$'\n\t' +APP_DIR="/var/interlegis/sapl" DATA_DIR="/var/interlegis/sapl/data" -APP_DIR="/var/interlegis/sapl/sapl" +MEDIA_DIR="/var/interlegis/sapl/media" +RUN_DIR="/var/interlegis/sapl/run" +GUNICORN_DIR="/run/gunicorn" + ENV_FILE="$APP_DIR/.env" SECRET_FILE="$DATA_DIR/secret.key" -mkdir -p "$DATA_DIR" "$APP_DIR" +chown -R root:nginx "$RUN_DIR" || true +chown -R root:nginx "$MEDIA_DIR" || true +chown -R root:nginx "$GUNICORN_DIR" || true +chmod -R g+rwX "$RUN_DIR" || true +chmod -R g+rwX "$MEDIA_DIR" || true +chmod -R g+rwX "$GUNICORN_DIR" || true + +# setgid bit on our writable trees (not data/) +find "$RUN_DIR" "$MEDIA_DIR" -type d -exec chmod g+s {} + 2>/dev/null || true log() { printf '[%s] %s\n' "$(date -Is)" "$*"; } err() { printf '[%s] ERROR: %s\n' "$(date -Is)" "$*" >&2; } @@ -76,7 +88,6 @@ create_secret() { SECRET_KEY="$(python3 genkey.py)" umask 177 printf '%s\n' "$SECRET_KEY" > "$SECRET_FILE" - chmod 600 "$SECRET_FILE" fi export SECRET_KEY } @@ -225,9 +236,7 @@ fix_logging_and_socket_perms() { # dirs mkdir -p "$APP_DIR/run" - chown -R root:nginx "$APP_DIR" - chmod 2775 "$APP_DIR" "$APP_DIR/run" - chmod -R g+rwX "$APP_DIR" + chmod 2775 "$APP_DIR/run" # new files/sockets → 660 umask 0007