Skip to content

Commit 7c92cfc

Browse files
author
Irving Popovetsky
authored
Upgrade to Django 4.2 and support Postgres 17 (#402)
* Most minimal update to py3.9 and a better dockerfile Signed-off-by: Irving Popovetsky <irving@honeycomb.io> * Update django rest_framework by a few micro versions to fix a python 2 syntax warning Signed-off-by: Irving Popovetsky <irving@honeycomb.io> * A few more surgical dependency updates to rid us of the worst CVEs Signed-off-by: Irving Popovetsky <irving@honeycomb.io> * dramatically speed up launch and execution time Signed-off-by: Irving Popovetsky <irving@honeycomb.io> * downgrade psycopg2 because apparently we were picking up 2.9 which is too new Signed-off-by: Irving Popovetsky <irving@honeycomb.io> * add analysis of Postgres 14 upgrade * Django and PG upgrade - phase 0 * phase 1 done * functional test script to temporarily aid us * phase 2 complete * phase 3+4 done * django 4.2 upgrade fully validated in staging * let's go straight to Postgres 17 * more thoroughly update deps so that we're fully CVE-free and majorly cut down techdebt * no circleci * fix admin console --------- Signed-off-by: Irving Popovetsky <irving@honeycomb.io>
1 parent ed1cd14 commit 7c92cfc

74 files changed

Lines changed: 4906 additions & 3582 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.circleci/config.yml

Lines changed: 0 additions & 94 deletions
This file was deleted.

.gitignore

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,4 +77,8 @@ coverage.xml
7777

7878
## Installer logs
7979
pip-log.txt
80-
pip-delete-this-directory.txt
80+
pip-delete-this-directory.txt
81+
82+
## Database backups and tools with credentials
83+
backups/
84+
scripts/db-tools.sh

Dockerfile

Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
# syntax=docker/dockerfile:1
2+
3+
# =============================================================================
4+
# Builder stage: compile dependencies
5+
# =============================================================================
6+
FROM python:3.12-alpine AS builder
7+
8+
# Install build dependencies for compiling Python packages
9+
RUN apk add --no-cache \
10+
gcc \
11+
musl-dev \
12+
libffi-dev \
13+
postgresql-dev \
14+
python3-dev \
15+
zlib-dev \
16+
jpeg-dev
17+
18+
# Install poetry system-wide (not in venv, so it won't be copied to production)
19+
RUN pip install --no-cache-dir poetry
20+
21+
# Create clean venv with upgraded pip (--upgrade-deps handles CVE-2025-8869)
22+
RUN python -m venv /venv --upgrade-deps
23+
24+
WORKDIR /build
25+
COPY pyproject.toml poetry.lock ./
26+
27+
# Tell poetry to use our venv instead of creating its own
28+
ENV VIRTUAL_ENV=/venv \
29+
PATH="/venv/bin:$PATH"
30+
31+
# Install production dependencies only
32+
RUN poetry install --only=main --no-interaction --no-cache --compile
33+
34+
# =============================================================================
35+
# Test builder: add dev dependencies
36+
# =============================================================================
37+
FROM builder AS test-builder
38+
39+
RUN poetry install --no-interaction --no-cache --compile
40+
41+
# =============================================================================
42+
# Runtime base: minimal image shared by test and production
43+
# =============================================================================
44+
FROM python:3.12-alpine AS runtime-base
45+
46+
# Install only runtime dependencies (no build tools, no poetry)
47+
# Upgrade system pip to fix CVE-2025-8869 (even though app uses venv pip)
48+
RUN apk upgrade --no-cache && \
49+
apk add --no-cache libpq libjpeg-turbo && \
50+
pip install --no-cache-dir --upgrade pip
51+
52+
ENV PYTHONUNBUFFERED=1 \
53+
PYTHONDONTWRITEBYTECODE=1 \
54+
PATH="/venv/bin:$PATH"
55+
56+
WORKDIR /app
57+
58+
# =============================================================================
59+
# Test stage
60+
# =============================================================================
61+
FROM runtime-base AS test
62+
63+
COPY --from=test-builder /venv /venv
64+
COPY src ./src
65+
COPY .dev ./src/.dev
66+
COPY pytest.ini ./
67+
68+
WORKDIR /app/src
69+
70+
ENV DJANGO_ENV=testing \
71+
ENVIRONMENT=TEST
72+
73+
CMD ["pytest", "-v"]
74+
75+
# =============================================================================
76+
# Production stage
77+
# =============================================================================
78+
FROM runtime-base AS production
79+
80+
COPY --from=builder /venv /venv
81+
COPY src ./src
82+
COPY .dev ./src/.dev
83+
84+
# Pre-compile Python bytecode for faster cold starts
85+
RUN python -m compileall -q ./src/
86+
87+
WORKDIR /app/src
88+
89+
ENV DJANGO_ENV=production \
90+
DB_ENGINE=django.db.backends.postgresql
91+
92+
EXPOSE 8000
93+
94+
# Run background task processor and gunicorn
95+
CMD ["sh", "-c", "python manage.py qcluster & gunicorn operationcode_backend.wsgi -c /app/src/gunicorn_config.py"]

0 commit comments

Comments
 (0)