Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 21 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## Prerequisites

- [cookiecutter](https://cookiecutter.readthedocs.io/en/latest/installation.html) installed
- [cookiecutter](https://cookiecutter.readthedocs.io/en/latest/installation.html) or [uv](https://docs.astral.sh/uv/getting-started/installation/) installed

## Django template

Expand All @@ -15,6 +15,8 @@
2. Run the following command to create a new Django project using the newest template version:
```shell
cookiecutter https://github.com/singularit-de/cc-python.git --directory django
# or
uvx cookiecutter https://github.com/singularit-de/cc-python.git --directory django
```
Comment on lines 16 to 20

1. If you want to use a specific version/branch you can use the `--checkout <tag/branch>` option:
Expand All @@ -24,7 +26,24 @@

## Why we are using templates

## Contribute to this repository
## Testing template updates locally
Comment on lines 27 to +29

If you contribute to the template you mostly want to test your changes locally before pushing them to the remote repository to see that everything works as expected.


1. Go into the top-level directory where your "cc-python" repository lives:

```shell
cd /path/to/the/cc-python/top-level-directory
```

2. Run the following command to create a new Django project using the local template version:

```shell
cookiecutter cc-python --directory django
# or
uvx cookiecutter cc-python --directory django
```

### Tech stack of this repository

Expand Down
1 change: 1 addition & 0 deletions django/{{ cookiecutter.project_slug }}/.gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ stages:
include:
- local: .gitlab/ci/*.gitlab-ci.yml
- component: singular-code.de/singularit/ci-components/utilities/size/all@1.2.0
- component: $CI_SERVER_FQDN/singularit/ci-components/security/dependency-audit/sbom@0.3.6
Comment thread
Grayknife marked this conversation as resolved.

variables:
POSTGRES_HOST_AUTH_METHOD: trust
Expand Down
37 changes: 37 additions & 0 deletions django/{{ cookiecutter.project_slug }}/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,40 @@
```bash
pre-commit install
```

## Gitlab CI/CD

### Dependency Track

The uv.lock file is used to track vulnerabilities in dependencies.
Every push to a protected branch or a created tag will trigger an update of the Dependency Track Dashboard.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

das ist theoretisch nicht korrekt. Die default rule, dass die jobs laufen ist:

($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_TAG) && $CI_PIPELINE_SOURCE != "schedule"

in kurz: Wenn du auf den default branch pushst, oder einen tag (und nicht bei gescheduled pipelines). Das kann aber alles per input konifguriert werden: https://singular-code.de/explore/catalog/singularit/ci-components/security/dependency-audit?tab=components

You can view the Dependency Track Dashboard [here](https://dependency-track.v3.singular-it-test.de/).

### Stages

#### Lint

In the lint stage we are running `pre-commit'` that checks for code formatting and linting issues.

When? Each push to a protected branch or a branch that has an open pull request to a protected branch.

#### Test

Our test stage has 3 jobs:

1. `django-test` - runs the django unit tests
2. `deploy-check` - runs the django deployment check for security issues
3. `sbom:uv:prod` - generates a Software Bill of Materials (SBOM) for the Dependency Track Dashboard. There is a separate .post stage where the SBOM is uploaded to the Dependency Track Dashboard.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ist glaube ich nicht wichtig zu erwähnen, dass die auch da ist. Weil die ja sehr abstract ist.


When? Each push to a protected branch or a branch that has an open pull request to a protected branch.

#### Deploy

In the deploy stage we are deploying to our v2 staging server.

When? Each push to a protected branch or a branch that has an open pull request to a protected branch.
staging server.
Comment on lines +121 to +122
Comment on lines +121 to +122

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

meinst du hier staging und review app oder wieso auch wenn man vom mr aus kommt?


#### .post

In the .post stage we are uploading the SBOM to the Dependency Track Dashboard.
Loading