Refactor/deployment

.github/workflows/build-rock.yaml

@@ -0,0 +1,35 @@
+name: Build rock on PR
+
+on:
+  workflow_dispatch: {}
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Determine any rockcraft.yaml changed in the PR
+      id: changed-files
+      uses: tj-actions/changed-files@v35
+      with:
+        files: "./rockcraft.yaml"
+
+    - name: Setup LXD
+      if: steps.changed-files.outputs.any_changed
+      uses: canonical/[email protected]
+      with:
+        channel: latest/stable
+
+    - name: Install dependencies
+      if: steps.changed-files.outputs.any_changed
+      run: |
+        sudo snap install --classic rockcraft
+    - name: Build ROCK
+      if: steps.changed-files.outputs.any_changed
+      run: |
+        rockcraft pack --verbose

.github/workflows/rock-release-dev.yaml

@@ -0,0 +1,59 @@
+# The workflow canonical/observability/.github/workflows/rock-release-dev.yaml@main
+# https://github.com/canonical/observability/blob/34b7edb56094e8e3f01200ce49e01bf9dd6688ac/.github/workflows/rock-release-dev.yaml
+# does not allow setting a GHCR repo where to publish at the moment.
+# We thus copy it below and adapt it.
+
+name: Build ROCK and release dev tag to GHCR
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Find the *latest* rockcraft.yaml
+      id: find-latest
+      run: |
+        latest_rockcraft_file=$(find $GITHUB_WORKSPACE -name "rockcraft.yaml" | sort -V | tail -n1)
+        rockcraft_dir=$(dirname ${latest_rockcraft_file#\./})
+        echo "latest-dir=$rockcraft_dir" >> $GITHUB_OUTPUT
+    - name: Build ROCK
+      uses: canonical/craft-actions/rockcraft-pack@main
+      with:
+        path: "${{ steps.find-latest.outputs.latest-dir }}"
+        verbosity: verbose
+      id: rockcraft
+
+    - name: Upload locally built ROCK artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: cos-registration-agent-rock
+        path: ${{ steps.rockcraft.outputs.rock }}
+        retention-days: 7
+
+    - name: Upload ROCK to ghcr.io
+      run: |
+        sudo skopeo --insecure-policy copy oci-archive:$(realpath ${{ steps.rockcraft.outputs.rock }}) docker://ghcr.io/ubuntu-robotics/cos-registration-server:dev --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}"
+    - name: Generate digest
+      run: |
+        digest=$(skopeo inspect oci-archive:$(realpath ${{ steps.rockcraft.outputs.rock }}) --format '{{.Digest}}')
+        echo "digest=${digest#*:}" >> "$GITHUB_OUTPUT"
+    - name: Install Syft
+      run: |
+        curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+    - name: Create SBOM
+      run: syft $(realpath ${{ steps.rockcraft.outputs.rock }}) -o spdx-json=cos-registration-server.sbom.json
+
+    - name: Upload SBOM
+      uses: actions/upload-artifact@v4
+      with:
+        name: cos-registration-server-sbom
+        path: "cos-registration-server.sbom.json"

.github/workflows/main.yml → .github/workflows/tests.yml

@@ -1,6 +1,6 @@
 # This is a basic workflow to help you get started with Actions
 
-name: CI
+name: tests
 
 # Controls when the workflow will run
 on:
@@ -18,7 +18,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [3.9]
+        python-version: ["3.10"]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -28,6 +28,8 @@ jobs:
           python-version: ${{ matrix.python-version }}
       - name: Install project
         run: make install
+      - name: Generate django secret key
+        run: export SECRET_KEY_DJANGO=$(make secretkey)
       - name: Run linter
         run: make lint
 
@@ -36,7 +38,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [3.9]
+        python-version: ["3.10"]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:

.gitignore

@@ -130,3 +130,10 @@ dmypy.json
 
 # templates
 .github/templates/*
+
+# snap
+*.snap
+# rock
+*.rock
+# static files
+cos_registration_server/static/

CONTRIBUTING.md

@@ -21,6 +21,10 @@ then activate it with `source .venv/bin/activate`.
 
 Run `make install` to install the project in develop mode.
 
+## Start the developer server
+
+Run `make runserver` to start the django developer server.
+
 ## Run the tests to ensure everything is working
 
 Run `make test` to run the tests.

MANIFEST.in

@@ -1,5 +1,4 @@
 include LICENSE
 include HISTORY.md
-include Containerfile
-graft tests
 graft cos_registration_server
+recursive-include cos_registration_server/devices/templates *

Makefile

@@ -27,6 +27,11 @@ install:          ## Install the project in dev mode.
 runserver:          ## Django run server.
 	$(ENV_PREFIX)python3 cos_registration_server/manage.py runserver
 
+.PHONY: secretkey
+secretkey:          ## Generate the django secret key.
+	$(ENV_PREFIX)python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'
+
+
 .PHONY: fmt
 fmt:              ## Format code using black & isort.
 	$(ENV_PREFIX)isort cos_registration_server/
@@ -75,9 +80,9 @@ virtualenv:       ## Create a virtual environment.
 release:          ## Create a new tag for release.
 	@echo "WARNING: This operation will create s version tag and push to github"
 	@read -p "Version? (provide the next x.y.z semver) : " TAG
-	@echo "$${TAG}" > cos_registration_server/VERSION
+	@echo "$${TAG}" > cos_registration_server/cos_registration_server/VERSION
 	@$(ENV_PREFIX)gitchangelog > HISTORY.md
-	@git add cos_registration_server/VERSION HISTORY.md
+	@git add cos_registration_server/cos_registration_server/VERSION HISTORY.md
 	@git commit -m "release: version $${TAG} 🚀"
 	@echo "creating git tag : $${TAG}"
 	@git tag $${TAG}

README.md

@@ -137,6 +137,20 @@ requiring to access the device database.
 </details>
 
 ## Installation
+First we must generate a secret key for our django to sign data.
+The secret key must be a large random value and it must be kept secret.
+
+A secret key can be generated with the following command:
+
+`export SECRET_KEY_DJANGO=$(make secretkey)`
+
+We can expand the allowed hosts list:
+
+`export ALLOWED_HOST_DJANGO="cos-registration-server.com"`
+
+Additionally, we can provide a directory for the database:
+
+`export DATABASE_BASE_DIR_DJANGO="/var/lib"`
 
 `make install`
 

cos_registration_server/api/views.py

@@ -1,11 +1,9 @@
 from api.serializer import DeviceSerializer
 from devices.models import Device
 from django.http import HttpResponse, JsonResponse
-from django.views.decorators.csrf import csrf_exempt
 from rest_framework.parsers import JSONParser
 
 
-@csrf_exempt
 def devices(request):
     if request.method == "GET":
         devices = Device.objects.all()
@@ -26,7 +24,6 @@ def devices(request):
         return JsonResponse(serialized.errors, status=400)
 
 
-@csrf_exempt
 def device(request, uid):
     try:
         device = Device.objects.get(uid=uid)

cos_registration_server/cos_registration_server/settings.py

@@ -10,25 +10,28 @@
 https://docs.djangoproject.com/en/4.2/ref/settings/
 """
 
+import os
 from pathlib import Path
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = (
-    "django-insecure-$b#5b(2h9_%p439=#ev0!dkde9wqt=rgoc!jvi-y93^@+wcvw8"
-)
+try:
+    SECRET_KEY = os.environ["SECRET_KEY_DJANGO"]
+except KeyError:
+    pass
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False
 
-ALLOWED_HOSTS = ["*"]
+ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
 
+# to be able to add the webserver address
+try:
+    additional_host = os.environ["ALLOWED_HOST_DJANGO"]
+    ALLOWED_HOSTS.append(additional_host)
+except KeyError:
+    pass
 
 # Application definition
 
@@ -48,10 +51,10 @@
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",
-    "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "whitenoise.middleware.WhiteNoiseMiddleware",
 ]
 
 ROOT_URLCONF = "cos_registration_server.urls"
@@ -78,10 +81,16 @@
 # Database
 # https://docs.djangoproject.com/en/4.2/ref/settings/#databases
 
+# to be able to store the database in a juju storage
+try:
+    database_base_dir = Path(os.environ["DATABASE_BASE_DIR_DJANGO"])
+except KeyError:
+    database_base_dir = BASE_DIR
+
 DATABASES = {
     "default": {
         "ENGINE": "django.db.backends.sqlite3",
-        "NAME": BASE_DIR / "db.sqlite3",
+        "NAME": database_base_dir / "db.sqlite3",
     }
 }
 
@@ -124,9 +133,17 @@
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/4.2/howto/static-files/
 
-STATIC_URL = "static/"
+STATIC_URL = os.getenv("SCRIPT_NAME", "") + "/static/"
+
+STATIC_ROOT = BASE_DIR / "static/"
+
+WHITENOISE_STATIC_PREFIX = "static/"
 
 # Default primary key field type
 # https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+# To keep the reverse proxy prefix when forwarding.
+USE_X_FORWARDED_HOST = True
+

cos_registration_server/devices/tests.py

@@ -71,7 +71,7 @@ def test_one_device_then_two(self):
 class DeviceViewTests(TestCase):
     def setUp(self):
         # custom client with META HTTP_HOST specified
-        self.base_url = "192.168.1.2:8080"
+        self.base_url = "127.0.0.1:8080"
         self.client = Client(HTTP_HOST=self.base_url)
 
     def test_unlisted_device(self):

requirements.txt

@@ -1,2 +1,5 @@
 django
 djangorestframework
+whitenoise
+tzdata
+gunicorn

rock/local/configure.bash

@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+
+cd /lib/python3.10/site-packages/cos_registration_server
+
+export DATABASE_BASE_DIR_DJANGO="/server_data"
+
+# migrate the database
+/bin/python3 manage.py migrate

rock/local/create_super_user.bash

@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+# necessary for daphne as the option --root-path doesn't work
+cd /lib/python3.10/site-packages/cos_registration_server
+
+export DATABASE_BASE_DIR_DJANGO="/server_data"
+export SECRET_KEY_DJANGO=$(cat /server_data/secret_key)
+
+python3 manage.py createsuperuser $@

rock/local/install.bash

@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+
+mkdir /server_data
+
+SECRET_KEY=$(/bin/python3 -c \
+'from django.core.management.utils import get_random_secret_key;
+print(get_random_secret_key())')
+echo $SECRET_KEY > /server_data/secret_key

rock/local/launcher.bash

@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+
+cd /lib/python3.10/site-packages/cos_registration_server
+
+export DATABASE_BASE_DIR_DJANGO="/server_data"
+export SECRET_KEY_DJANGO=$(cat /server_data/secret_key)
+
+gunicorn --bind 0.0.0.0:8000 cos_registration_server.wsgi