Updated diploi.yaml to generate secret key during deployment launch

wickathou · wickathou · commit 337a19fc6a46 · 2025-12-06T12:48:15.000+02:00
Modified common tasks using uv
Added CSRF origin on settings.py
diff --git a/README.md b/README.md
@@ -59,6 +59,25 @@ To get all static files, the image runs the command:
 Lastly, the image will start the production server with the command:
 `uv run gunicorn djangoapp.wsgi:application --bind 0.0.0.0:8000 --workers 3 --log-level info`
 
+### Common tasks (using uv)
+
+- Create a superuser  
+  `uv run python manage.py createsuperuser`
+
+- Run migrations  
+  `uv run python manage.py migrate`
+
+- Switch the database to Postgres instead of SQLite  
+  1. Install the Postgres driver (already present in `pyproject.toml`, but if missing run `uv add "psycopg2-binary"`).  
+  2. In `djangoapp/settings.py`, set `DATABASES["default"]` to read from `DATABASE_URL` (e.g. using `env.dj_db_url` if `environs[django]` is installed). A typical value:  
+     `postgres://postgres:postgres@postgres.postgres:5432/app`  
+  3. Export `DATABASE_URL` in your environment (or add to `.env`), then run `uv run python manage.py migrate`.
+
+- Adjust CSRF trusted origins  
+  In `djangoapp/settings.py`, the list comes from `CSRF_TRUSTED_ORIGINS` env var. Add hosts as a comma-separated list, e.g.:  
+  `export CSRF_TRUSTED_ORIGINS="https://example.com,https://admin.example.com"`  
+  After updating, restart the app so Django picks up the new origins.
+
 ## Links
 
 - [Adding Django to a project](https://docs.diploi.com/building/components/django)
diff --git a/diploi.yaml b/diploi.yaml
@@ -17,6 +17,16 @@ connectionStrings:
     value: http://app.${DIPLOI_NAMESPACE}:8000
     description: This address is for requests from within the deployment and is inaccessible externally.
 
+parameterGroups:
+  - name: Secret Key
+    identifier: secret_key
+    description: Django Secret Key
+    parameters:
+      - name: Secret Key
+        identifier: SECRET_KEY
+        defaultValue: '${generate-random-password:50}'
+        type: secret
+
 images:
   - identifier: app
     prebuildImage: ghcr.io/diploi/component-django:[tag]
diff --git a/djangoapp/settings.py b/djangoapp/settings.py
@@ -29,6 +29,9 @@
 # THIS KEY IS UNSAFE AND ONLY MEANT TO BE USED WHEN TESTING, generate your own SECRET_KEY. You can use https://djecrety.ir/ to generate a new SECRET_KEY
 SECRET_KEY = '8um(xc_7mmw3frkj+yvz__ak$$5$o1_vl#esv-3ue0-%&n@gui'
 
+if 'SECRET_KEY' in os.environ:
+    SECRET_KEY = os.environ['SECRET_KEY']
+
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 # if 'STAGE' != 'development' in os.environ:
@@ -41,6 +44,9 @@
 if 'APP_PUBLIC_URL' in os.environ:
     ALLOWED_HOSTS.append(os.environ['APP_PUBLIC_URL'])
 
+CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[])
+if "APP_PUBLIC_URL" in os.environ:
+    CSRF_TRUSTED_ORIGINS.append(f"https://{os.environ['APP_PUBLIC_URL']}")
 
 # Application definition
 
