diff --git a/README.md b/README.md index 6711a4f..336598e 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ## Prerequisites -- [cookiecutter](https://cookiecutter.readthedocs.io/en/latest/installation.html) installed +- [cookiecutter](https://cookiecutter.readthedocs.io/en/latest/installation.html) or [uv](https://docs.astral.sh/uv/getting-started/installation/) installed ## Django template @@ -15,6 +15,8 @@ 2. Run the following command to create a new Django project using the newest template version: ```shell cookiecutter https://github.com/singularit-de/cc-python.git --directory django + # or + uvx cookiecutter https://github.com/singularit-de/cc-python.git --directory django ``` 1. If you want to use a specific version/branch you can use the `--checkout ` option: @@ -24,7 +26,24 @@ ## Why we are using templates -## Contribute to this repository +## Testing template updates locally + +If you contribute to the template you mostly want to test your changes locally before pushing them to the remote repository to see that everything works as expected. + + +1. Go into the top-level directory where your "cc-python" repository lives: + + ```shell + cd /path/to/the/cc-python/top-level-directory + ``` + +2. Run the following command to create a new Django project using the local template version: + + ```shell + cookiecutter cc-python --directory django + # or + uvx cookiecutter cc-python --directory django + ``` ### Tech stack of this repository diff --git a/django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml b/django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml index a1c46ff..a298b1b 100644 --- a/django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml +++ b/django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml @@ -6,6 +6,7 @@ stages: include: - local: .gitlab/ci/*.gitlab-ci.yml - component: singular-code.de/singularit/ci-components/utilities/size/all@1.2.0 + - component: $CI_SERVER_FQDN/singularit/ci-components/security/dependency-audit/sbom@0.3.6 variables: POSTGRES_HOST_AUTH_METHOD: trust diff --git a/django/{{ cookiecutter.project_slug }}/README.md b/django/{{ cookiecutter.project_slug }}/README.md index b20dad6..9cf69d1 100644 --- a/django/{{ cookiecutter.project_slug }}/README.md +++ b/django/{{ cookiecutter.project_slug }}/README.md @@ -87,3 +87,40 @@ ```bash pre-commit install ``` + +## Gitlab CI/CD + +### Dependency Track + +The uv.lock file is used to track vulnerabilities in dependencies. +Every push to a protected branch or a created tag will trigger an update of the Dependency Track Dashboard. +You can view the Dependency Track Dashboard [here](https://dependency-track.v3.singular-it-test.de/). + +### Stages + +#### Lint + +In the lint stage we are running `pre-commit'` that checks for code formatting and linting issues. + +When? Each push to a protected branch or a branch that has an open pull request to a protected branch. + +#### Test + +Our test stage has 3 jobs: + +1. `django-test` - runs the django unit tests +2. `deploy-check` - runs the django deployment check for security issues +3. `sbom:uv:prod` - generates a Software Bill of Materials (SBOM) for the Dependency Track Dashboard. There is a separate .post stage where the SBOM is uploaded to the Dependency Track Dashboard. + +When? Each push to a protected branch or a branch that has an open pull request to a protected branch. + +#### Deploy + +In the deploy stage we are deploying to our v2 staging server. + +When? Each push to a protected branch or a branch that has an open pull request to a protected branch. + staging server. + +#### .post + +In the .post stage we are uploading the SBOM to the Dependency Track Dashboard.