marc/rotini
Archived
1
0
Fork 0
Code Issues 4 Pull requests 10 Projects Releases Packages Wiki Activity

refactor: FastAPI -> Django migration #41

Merged
mcataford merged 11 commits from feat/django-migration into main 2023-11-27 02:34:10 +00:00
Conversation 2 Commits 11 Files changed 59 +1060 -2140
mcataford commented 2023-11-17 06:13:53 +00:00 (Migrated from github.com)
Copy link

Description

This changeset migrates the backend from FastAPI to Django. The main rationale behind it is about framework stability and ecosystem - Django is closer to "the devil you know" and has a bigger contributor base at the moment, making it more likely to weather the storm.

The need for async support is what had initially motivated the choice to play with FastAPI, but Django's async support seems decent enough to enable what needs enablin'.

Being early on in the project, it's a now-or-never scenario.

Approach

Django is first introduced as a parallel path under backend/rotini_django and has its own variant of the tooling (see Taskfile.backend.yml). Then the APIs are moved over to the Django app until it's at parity. Then rotini_django -> rotini.

# Description This changeset migrates the backend from FastAPI to Django. The main rationale behind it is about framework stability and ecosystem - Django is closer to "the devil you know" and has a bigger contributor base at the moment, making it more likely to weather the storm. The need for async support is what had initially motivated the choice to play with FastAPI, but Django's async support seems decent enough to enable what needs enablin'. Being early on in the project, it's a now-or-never scenario. # Approach Django is first introduced as a parallel path under `backend/rotini_django` and has its own variant of the tooling (see `Taskfile.backend.yml`). Then the APIs are moved over to the Django app until it's at parity. Then `rotini_django -> rotini`.
gitguardian[bot] commented 2023-11-17 06:13:56 +00:00 (Migrated from github.com)
Copy link

⚠️ GitGuardian has uncovered 3 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id Secret Commit Filename
8785839 Django Secret Key 205f661cd0 backend/rotini_django/base/settings.py View secret
8785839 Django Secret Key c7e49abff1 backend/rotini_django/base/settings.py View secret
8785839 Django Secret Key 2db0d9ec62 backend/rotini/base/settings.py View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

#### ⚠️ GitGuardian has uncovered 3 secrets following the scan of your pull request. Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components. <details> <summary>🔎 Detected hardcoded secrets in your pull request</summary> <br> | GitGuardian id | Secret | Commit | Filename | | | -------------- | ------------------------- | ---------------- | --------------- | -------------------- | | [8785839](https://dashboard.gitguardian.com/incidents/8785839?occurrence=119618999) | Django Secret Key | 205f661cd0cff66ef06e01015acfc7b78e6c3629 | backend/rotini_django/base/settings.py | [View secret](https://github.com/mcataford/rotini/commit/205f661cd0cff66ef06e01015acfc7b78e6c3629#diff-4578ca4c0a8f6f5a102290b4c1310398a9683dbfcc8c8923d3a2afb25bf53b18R23) | | [8785839](https://dashboard.gitguardian.com/incidents/8785839?occurrence=119734475) | Django Secret Key | c7e49abff1f3a9c0b056b8b1ae8f87065c5f8495 | backend/rotini_django/base/settings.py | [View secret](https://github.com/mcataford/rotini/commit/c7e49abff1f3a9c0b056b8b1ae8f87065c5f8495#diff-4578ca4c0a8f6f5a102290b4c1310398a9683dbfcc8c8923d3a2afb25bf53b18L23) | | [8785839](https://dashboard.gitguardian.com/incidents/8785839?occurrence=120143933) | Django Secret Key | 2db0d9ec62d1ce69c71b50995309badbd803eb67 | backend/rotini/base/settings.py | [View secret](https://github.com/mcataford/rotini/commit/2db0d9ec62d1ce69c71b50995309badbd803eb67#diff-b44f02bd5e3d58d66312bd7588c4ce8564e6819c52c0e518eebdda136626cc14L14) | </details> <details> <summary>🛠 Guidelines to remediate hardcoded secrets</summary> <br> 1. Understand the implications of revoking this secret by investigating where it is used in your code. 2. Replace and store your secrets safely. [Learn here](https://blog.gitguardian.com/secrets-api-management?utm_source=product&amp;utm_medium=GitHub_checks&amp;utm_campaign=check_run_comment) the best practices. 3. Revoke and [rotate these secrets](https://docs.gitguardian.com/secrets-detection/detectors/specifics/secret_key_in_django_config#revoke-the-secret?utm_source=product&amp;utm_medium=GitHub_checks&amp;utm_campaign=check_run_comment). 4. If possible, [rewrite git history](https://blog.gitguardian.com/rewriting-git-history-cheatsheet?utm_source=product&amp;utm_medium=GitHub_checks&amp;utm_campaign=check_run_comment). Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data. To avoid such incidents in the future consider - following these [best practices](https://blog.gitguardian.com/secrets-api-management/?utm_source=product&amp;utm_medium=GitHub_checks&amp;utm_campaign=check_run_comment) for managing and storing secrets including API keys and other credentials - install [secret detection on pre-commit](https://docs.gitguardian.com/ggshield-docs/integrations/git-hooks/pre-commit?utm_source=product&amp;utm_medium=GitHub_checks&amp;utm_campaign=check_run_comment) to catch secret before it leaves your machine and ease remediation. </details> --- <sup>🦉 [GitGuardian](https://dashboard.gitguardian.com/auth/login/?utm_medium=checkruns&amp;utm_source=github&amp;utm_campaign=cr1) detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.<br/><br/>Our GitHub checks need improvements? [Share your feedbacks](https://050127dayho.typeform.com/to/KmeAPTMk)!</sup>
mcataford commented 2023-11-27 01:44:43 +00:00 (Migrated from github.com)
Copy link

Note: placeholder secrets previously included were rotated.

Note: placeholder secrets previously included were rotated.
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels   
automerge

   
backend

   
bug

Something isn't working

  
ci/tooling

   
dependencies

   
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
feature

New features or capabilities

  
frontend

   
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
research

   
test-dependencies

   
wontfix

This will not be worked on

No labels
automerge
backend
bug
ci/tooling
dependencies
documentation
duplicate
enhancement
feature
frontend
good first issue
help wanted
invalid
question
research
test-dependencies
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: marc/rotini#41
No description provided.
Delete branch "feat/django-migration"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?