Posting-1: Config updates

[mlv-dev]

1. Pipfile: removed typing ("python_version < '3.0'" ), we use python_version = "3.8"
2. Pipfile: added vk_api = "==11.10.0"
3. Pipfile: added django-q for task scheduling
4. Pipfile.lock: updated & locked
5. Dockerfile: updated version notation
6. docker-compose: auto-migrate & auto-create admin user
7. docker-compose: added django-q configuration
8. .env.exemple: dedicated file for not-ignored example env variables
9. create_superuser.py: auto-create admin user
10. Renamed docker-compose.yml -> docker-compose.example.yml
11. Edited Makefile to use docker-compose.example.yml
12. .dockerignore will ignore dangerous .env files
13. Removed quotes to avoid surprising parsing with docker-compose env_file
14. Trimed trailing whitespace
15. Replaced sleep with DB health-based start; removed brittle timing
16. Exeption in .gitignore for .env.example
17. Added more recomendations from @coderabbitai
18. Phony added to Makefile
19. Save db date between restarts
20. Added clean command to Makefile
21. Added run-migrations (run migrations at the first time)
22. Added django_cryptography
23. Many more fixes

Summary by CodeRabbit

• New Features

  • Background task queue enabled; startup now runs migrations, creates superuser, and services wait for DB readiness.
  • Field encryption and Russian/English localization support added.
  • VK integration package added.

• Chores

  • Added .env.example, expanded env ignore rules, and enabled unbuffered Python I/O / Russian locale.
  • Updated dependencies (queueing, encryption, VK; removed obsolete packages).

• Dev Tooling

  • Modernized Makefile and added a docker-compose example; improved container startup, migration coordination, and queue worker gating.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbit review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Replaces legacy compose with a development example, adds env handling and helper scripts (migrations/superuser), updates Dockerfile envs and pip cache cleanup, converts Makefile to docker compose v2 targets, updates dependencies in Pipfile, and extends Django settings (i18n, encryption, django-q).

Changes

Cohort / File(s)	Summary
Compose removal docker-compose.yml	Removes the existing compose file that defined db and web services and the backend network.
Example compose stack docker-compose.example.yml	Adds example compose with db (PostGIS + healthcheck), web (runs migrations → creates superuser → runserver), and qcluster (waits for migrations flag); defines pgdata/dtpstat volumes and backend network; uses env_file.
Dockerfile changes Dockerfile	Replaces PYTHONDONTWRITEBYTECODE with PYTHONUNBUFFERED=1, sets LC_ALL, LANG, LANGUAGE to ru_RU.UTF-8, and updates pip cache cleanup to use rm -rf "$(python -m pip cache dir)".
Env handling & examples .env.example, .dockerignore, .gitignore	Adds .env.example with app/db/superuser defaults; updates .dockerignore to ignore .env* but unignore *.dev; updates .gitignore to ignore .env* while allowing .env.example.
Makefile targets Makefile	Replaces legacy run target with v2 docker compose workflow: adds COMPOSE_FILE=docker-compose.example.yml, PHONY and targets all/up/down/clean/sh/build/test using docker compose -f $(COMPOSE_FILE) and --remove-orphans for down.
Django helpers run-migrations.py, create_superuser.py	Adds run-migrations.py (lock-file based, idempotent migrations with flag/lock paths via MIGRATIONS_FLAG_PATH/MIGRATIONS_LOCK_PATH) and create_superuser.py (creates superuser from env vars if missing).
Django settings dtpstat/settings.py	Adds timezone support, registers django_q, django_cryptography, publisher; adjusts MIDDLEWARE ordering; refines CORS config and LANGUAGE cookie handling; requires DJANGO_CRYPTOGRAPHY_KEY; adds Q_CLUSTER settings; updates CKEditor upload path and configs.
Dependencies Pipfile	Adds django-q==1.3.9, django_cryptography==1.1, vk_api==11.10.0; removes scrapy-rotating-proxies, tqdm, django-constance, and typing entry for py<3; reorders some entries.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant Compose as docker-compose.example.yml
  participant DB as db (PostGIS)
  participant Web as web (Django)
  participant Q as qcluster
  participant RM as run-migrations.py
  participant CS as create_superuser.py

  Dev->>Compose: docker compose -f docker-compose.example.yml up
  Compose->>DB: start db container (env_file .env.example)
  DB-->>DB: healthcheck (pg_isready) → healthy
  Compose->>Web: start web (depends_on db: service_healthy)
  Web->>RM: run migrations (lock -> check flag -> migrate)
  RM-->>Web: migrations done / failed
  Web->>CS: create superuser from env if missing
  CS-->>Web: created / existed
  Web->>Web: runserver 0.0.0.0:5000
  Compose->>Q: start qcluster (depends_on db healthy)
  Q->>Q: wait for migrations flag file
  Q->>Web: python manage.py qcluster

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Localization support for Django #117 — modifies Django localization/runtime locale configuration and settings related to LANGUAGE_COOKIE_SAMESITE and locale; closely related to the settings and Docker locale changes in this PR.

Suggested labels

enhancement

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch posting.1-configs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbit in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbit in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbit gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbit read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbit help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbit ignore or @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbit summary or @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbit or @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[mlv-dev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

23-23: Exclude .env files from Docker build context

The current .dockerignore does not exclude any .env* files, so COPY . . will include your local development secrets (e.g. .env.dev) in the image. This poses a critical security risk if the image is ever published.

Please update your .dockerignore to include at least the following entries:

• In .dockerignore, add near the top:

 # Common
 .git
 .github
 .dockerignore
 Dockerfile
 .md
 docs/
 *.log
 media/
 .idea
 deploy
 docker-compose.yml

+# Exclude environment files (avoid baking dev secrets into image)
+ .env*
+ !*.example

 # Python specific
 __pycache__/

• (Optional but recommended) Also exclude local compose overrides and tooling:

 # Exclude Docker Compose override files
 docker-compose*.yml
 *.local.yml

After making these changes, rebuild and verify that .env.dev (and any other .env* files) are not sent in the build context.

—

🧹 Nitpick comments (6)

Dockerfile (2)

3-3: ENV assignment fix is correct; consider adding PYTHONUNBUFFERED and locale envs for predictable logging/locale.

Adding these keeps stdout unbuffered for logs and ensures ru_RU.UTF-8 actually takes effect at runtime.

 ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1 \
+    LC_ALL=ru_RU.UTF-8 \
+    LANG=ru_RU.UTF-8 \
+    LANGUAGE=ru_RU:ru

---

20-22: Make pip cache deletion resilient across images.

Using python -m pip avoids relying on a specific pip shim and is more portable.

-    && pipenv --clear && rm -rf $(pip cache dir)
+    && pipenv --clear && rm -rf "$(python -m pip cache dir)"

.env.dev (1)

6-6: STATICFILES_DIRS parsing confirmed
In dtpstat/settings.py (around lines 196–197), you’re explicitly wrapping the single-string environment variable into a list:

if env('STATICFILES_DIRS'):
    STATICFILES_DIRS = [env('STATICFILES_DIRS')]

Given your .env.dev contains:

STATICFILES_DIRS='/code/static'

this correctly yields

STATICFILES_DIRS = ['/code/static']

for Django’s collectstatic.

• If you only ever need one static directory, no further change is required.
• If you anticipate specifying multiple directories via a comma-separated env var, you could simplify and harden this by using your loader’s list parser instead:

- if env('STATICFILES_DIRS'):
-     STATICFILES_DIRS = [env('STATICFILES_DIRS')]
+ STATICFILES_DIRS = env.list('STATICFILES_DIRS', default=[])

Pipfile (2)

39-39: Python 3.8 is EOL; consider planning an upgrade window.

Moving to 3.10/3.11 will make future upgrades (Django 4.2/5.x) smoother and keeps security support.

I can generate an upgrade checklist (base image bump, Pipfile requires, dependency pins, CI matrix) if helpful.

---

26-26: Bump psycopg2-binary to latest for PG14+ and use source build in production

• In Pipfile (line 26), upgrade

- psycopg2-binary = "==2.8.5"
+ psycopg2-binary = ">=2.9.10"

Version 2.9.10 is the current stable release (Oct 16 2024) with numerous bug- and compatibility fixes for PostgreSQL 14 (pypi.org).

• For production deployments, install the non-binary psycopg2 package built against system libraries instead of the binary wheel. The binary package is intended for development and testing, while the source-built adapter is recommended for production environments (pypi.org).

docker-compose.yml (1)

1-12: Port mapping note (5431:5432) — document for local tooling.

Internal services use db:5432 (OK). For host psql connections, the mapped port is 5431. Consider adding a README note to avoid confusion.

I can append a short “Connecting with psql” snippet to your README.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 78d3f2d and c6e4b7a.

⛔ Files ignored due to path filters (1)

• Pipfile.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• .env.dev (1 hunks)
• Dockerfile (1 hunks)
• Pipfile (1 hunks)
• create_superuser.py (1 hunks)
• docker-compose.yml (1 hunks)

🧰 Additional context used

🪛 dotenv-linter (3.3.0)

.env.dev

[warning] 3-3: [QuoteCharacter] The value has quote characters (', ")

(QuoteCharacter)

---

[warning] 3-3: [UnorderedKey] The DATABASE_URL key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 4-4: [QuoteCharacter] The value has quote characters (', ")

(QuoteCharacter)

---

[warning] 5-5: [QuoteCharacter] The value has quote characters (', ")

(QuoteCharacter)

---

[warning] 5-5: [UnorderedKey] The MEDIA_ROOT key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 6-6: [QuoteCharacter] The value has quote characters (', ")

(QuoteCharacter)

---

[warning] 6-6: [UnorderedKey] The STATICFILES_DIRS key should go before the STATIC_ROOT key

(UnorderedKey)

---

[warning] 7-7: [UnorderedKey] The RECAPTCHA_PUBLIC_KEY key should go before the SECRET_KEY key

(UnorderedKey)

---

[warning] 8-8: [UnorderedKey] The RECAPTCHA_PRIVATE_KEY key should go before the RECAPTCHA_PUBLIC_KEY key

(UnorderedKey)

---

[warning] 9-9: [UnorderedKey] The DEBUG key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 10-10: [UnorderedKey] The PROJECT_PATH key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 11-11: [QuoteCharacter] The value has quote characters (', ")

(QuoteCharacter)

---

[warning] 11-11: [UnorderedKey] The ALLOWED_HOSTS key should go before the DATABASE_URL key

(UnorderedKey)

---

[warning] 12-12: [UnorderedKey] The HERE_TOKEN key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 15-15: [TrailingWhitespace] Trailing whitespace detected

(TrailingWhitespace)

---

[warning] 16-16: [UnorderedKey] The DJANGO_SUPERUSER_EMAIL key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

---

[warning] 17-17: [UnorderedKey] The DJANGO_SUPERUSER_PASSWORD key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

🔇 Additional comments (2)

create_superuser.py (1)

4-5: LGTM on Django bootstrapping order.

Settings module is set before django.setup(); imports come after setup. Correct initialization order.

Pipfile (1)

31-34: Compatibility Confirmed: django-q 1.3.9 & vk_api 11.10.0 on Django 3.1.x / Python 3.8 with PostgreSQL 14

• django-q 1.3.9 requires Django ≥2.2 and is tested on Python 3.7–3.9 and Django 2.2.x & 3.2.x. Django 3.1 falls between these supported versions, so no compatibility concerns with Python 3.8 (pypi.org).
• vk_api 11.10.0 is framework-agnostic and its PyPI classifiers explicitly include Python 3.8 support; it does not depend on Django, so it works unmodified under Django 3.1 (pypi.org).
• PostgreSQL 14 is above the minimum version (9.4) required by Django 3.1, and official Django docs indicate support is dropped only in Django 5.2 (2026). No known issues have been reported with PG 14 on Django 3.1.x (code.djangoproject.com).

[mlv-dev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (6)

.gitignore (1)

105-106: Clarify intent for .env.dev tracking vs. ignoring.

You now ignore all .env* but unignore only .env.example. The PR description mentions adding a dedicated .env.dev for “non-ignored dev variables,” but with this rule .env.dev will remain ignored by git. If you actually want .env.dev tracked, add an explicit exception:

 .env*
 !.env.example
+!/.env.dev

If you don’t want .env.dev tracked (safer), please update the PR description to avoid confusion.

.env.example (1)

1-21: Add dev-only disclaimer and a trailing newline; keep secrets obviously non-production.

Recommend adding a comment header stating this is for development only, and ensure the file ends with a newline (linters flagged none). Also consider a more explicit placeholder SECRET_KEY to prevent accidental prod use.

+# Development defaults only. Do NOT use in production.
 PYTHONUNBUFFERED=1
-SECRET_KEY=secret
+SECRET_KEY=change-me-dev-only
 DATABASE_URL=postgis://docker:docker@db:5432/dtpstat
 STATIC_ROOT=/static
 MEDIA_ROOT=/app/media
 STATICFILES_DIRS=/code/static
 RECAPTCHA_PUBLIC_KEY=test
 RECAPTCHA_PRIVATE_KEY=test
 DEBUG=1
 PROJECT_PATH=/code
 ALLOWED_HOSTS=*
 HERE_TOKEN=123
 YANDEX_TOKEN=123

 POSTGRES_DB=dtpstat
 POSTGRES_USER=docker
 POSTGRES_PASSWORD=docker

 DJANGO_SUPERUSER_USERNAME=admin
 DJANGO_SUPERUSER_EMAIL=admin@localhost
 DJANGO_SUPERUSER_PASSWORD=admin
+ 

Note: The ordering warnings from dotenv linters are non-functional; feel free to ignore or reorder if you prefer.

Makefile (1)

5-13: Add a PHONY declaration and an 'up' alias to match docs; consider docker compose CLI.

• Add .PHONY for non-file targets (checkmake warnings).
• The compose file comments suggest make up, but there’s no up target. Provide an alias.
• Optional: switch to docker compose (plugin) for consistency with your comments.

Suggested patch (adds items outside the current hunk):

.PHONY: up run down sh build test

up: run

# For interactive shell sessions, you may want a TTY:
# bash:
# 	docker compose -f $(COMPOSE_FILE) exec web /bin/bash

And (optional) replace docker-compose with docker compose in the existing targets.

docker-compose.exapmle.yml (3)

3-6: Keep comments consistent with Makefile targets and filename.

Comments mention docker-compose.example.yml and “make up”, but the file is named docker-compose.exapmle.yml and your Makefile defines “run” (no “up”). Either:

• Rename this file to docker-compose.example.yml and add an “up” alias in the Makefile, or
• Update these comments to reference docker-compose.exapmle.yml and “make run”.

Example in-file comment tweak:

-# copy: 'cp docker-compose.example.yml docker-compose.yml'
-# or use 'docker compose -f docker-compose.example.yml up'
-# or just run 'make up' (Makefile handles it)
+# copy: 'cp docker-compose.exapmle.yml docker-compose.yml'
+# or use 'docker compose -f docker-compose.exapmle.yml up'
+# or just run 'make run' (Makefile handles it)

---

7-18: Persist Postgres data across container restarts (dev quality-of-life).

Right now the db has no volume, so data is ephemeral. For dev, consider:

 services:
   db:
     image: kartoza/postgis:14-3.3
+    volumes:
+      - pgdata:/var/lib/postgresql/data
 ...
 networks:
   backend:
+volumes:
+  pgdata:

Optional but handy.

---

47-60: Ensure qcluster waits for migrations before starting

Add a quick migrations step to the qcluster command so it won’t race ahead of your web service’s schema setup. For example, in docker-compose.exapmle.yml:

   qcluster:
     build: .
-    command: sh -c 'python manage.py qcluster'
+    command: sh -c 'python manage.py migrate --noinput && python manage.py qcluster'
     volumes:
       - .:/code
     working_dir: /code

• File: docker-compose.exapmle.yml (lines 47–60)
• This ensures that—even if qcluster’s container comes up before your web app finishes its initial migrations—it will apply any pending migrations first.

Optional: you could instead add a depends_on: web with a proper healthcheck on the web service, but embedding the migrate step in the qcluster startup is the simplest approach for dev environments.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c6e4b7a and 8c496a0.

⛔ Files ignored due to path filters (1)

• Pipfile.lock is excluded by !**/*.lock

📒 Files selected for processing (9)

• .dockerignore (1 hunks)
• .env.example (1 hunks)
• .gitignore (1 hunks)
• Dockerfile (1 hunks)
• Makefile (1 hunks)
• Pipfile (1 hunks)
• create_superuser.py (1 hunks)
• docker-compose.exapmle.yml (1 hunks)
• docker-compose.yml (0 hunks)

💤 Files with no reviewable changes (1)

• docker-compose.yml

🚧 Files skipped from review as they are similar to previous changes (3)

• Dockerfile
• create_superuser.py
• Pipfile

🧰 Additional context used

🪛 dotenv-linter (3.3.0)

.env.example

[warning] 3-3: [UnorderedKey] The DATABASE_URL key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 5-5: [UnorderedKey] The MEDIA_ROOT key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 6-6: [UnorderedKey] The STATICFILES_DIRS key should go before the STATIC_ROOT key

(UnorderedKey)

---

[warning] 7-7: [UnorderedKey] The RECAPTCHA_PUBLIC_KEY key should go before the SECRET_KEY key

(UnorderedKey)

---

[warning] 8-8: [UnorderedKey] The RECAPTCHA_PRIVATE_KEY key should go before the RECAPTCHA_PUBLIC_KEY key

(UnorderedKey)

---

[warning] 9-9: [UnorderedKey] The DEBUG key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 10-10: [UnorderedKey] The PROJECT_PATH key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 11-11: [UnorderedKey] The ALLOWED_HOSTS key should go before the DATABASE_URL key

(UnorderedKey)

---

[warning] 12-12: [UnorderedKey] The HERE_TOKEN key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 17-17: [UnorderedKey] The POSTGRES_PASSWORD key should go before the POSTGRES_USER key

(UnorderedKey)

---

[warning] 20-20: [UnorderedKey] The DJANGO_SUPERUSER_EMAIL key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

---

[warning] 21-21: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

---

[warning] 21-21: [UnorderedKey] The DJANGO_SUPERUSER_PASSWORD key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

🪛 checkmake (0.2.2)

Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)

---

[warning] 1-1: Missing required phony target "clean"

(minphony)

---

[warning] 1-1: Missing required phony target "test"

(minphony)

[mlv-dev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (4)

.env.example (3)

21-23: Add trailing newline at EOF.

Avoids minor tooling/lint issues (dotenv-linter warning).

Apply this minimal change:

-DJANGO_SUPERUSER_PASSWORD=admin
+DJANGO_SUPERUSER_PASSWORD=admin
+

---

1-23: Ordering warnings from dotenv-linter are non-blocking.

Alphabetizing keys can reduce churn and satisfy linters, but it’s optional here. I’d keep as-is unless your CI enforces ordering.

If you want, I can auto-generate a sorted version.

---

6-6: Ensure STATICFILES_DIRS Is Parsed as a List

A quick grep shows you currently have in dtpstat/settings.py (around line 197):

if env('STATICFILES_DIRS'):
    STATICFILES_DIRS = [env('STATICFILES_DIRS')]

This wraps the single string from your env in a one-element list, which works if you only ever need /code/static. However, if you ever want to mount multiple static-file directories, you’ll need to split a comma-separated value (or use the built-in list caster).

• File: .env.example
Current:

STATICFILES_DIRS=/code/static

Suggestion:

- STATICFILES_DIRS=/code/static
+ STATICFILES_DIRS=/code/static,/another/static

• File: dtpstat/settings.py (around line 197)
Current:

- STATICFILES_DIRS = [env('STATICFILES_DIRS')]
+ STATICFILES_DIRS = env.list('STATICFILES_DIRS', default=[])

Alternatively, if you prefer manual splitting:

STATICFILES_DIRS = [
    path.strip()
    for path in env('STATICFILES_DIRS', '').split(',')
    if path.strip()
]

This ensures you can declare multiple paths in your .env and have Django pick them up correctly.

docker-compose.example.yml (1)

70-70: Add a newline at EOF.

Minor but keeps linters and git happy.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8c496a0 and f9e7be0.

📒 Files selected for processing (8)

• .dockerignore (1 hunks)
• .env.example (1 hunks)
• .gitignore (1 hunks)
• Dockerfile (2 hunks)
• Makefile (1 hunks)
• docker-compose.example.yml (1 hunks)
• docker-compose.yml (0 hunks)
• run-migrations.py (1 hunks)

💤 Files with no reviewable changes (1)

• docker-compose.yml

🚧 Files skipped from review as they are similar to previous changes (3)

• .gitignore
• Dockerfile
• .dockerignore

🧰 Additional context used

🪛 YAMLlint (1.37.1)

docker-compose.example.yml

[warning] 32-32: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 70-70: no new line character at the end of file

(new-line-at-end-of-file)

🪛 checkmake (0.2.2)

Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)

🪛 dotenv-linter (3.3.0)

.env.example

[warning] 3-3: [UnorderedKey] The DATABASE_URL key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 5-5: [UnorderedKey] The MEDIA_ROOT key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 6-6: [UnorderedKey] The STATICFILES_DIRS key should go before the STATIC_ROOT key

(UnorderedKey)

---

[warning] 7-7: [UnorderedKey] The RECAPTCHA_PUBLIC_KEY key should go before the SECRET_KEY key

(UnorderedKey)

---

[warning] 8-8: [UnorderedKey] The RECAPTCHA_PRIVATE_KEY key should go before the RECAPTCHA_PUBLIC_KEY key

(UnorderedKey)

---

[warning] 9-9: [UnorderedKey] The DEBUG key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 10-10: [UnorderedKey] The PROJECT_PATH key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 11-11: [UnorderedKey] The ALLOWED_HOSTS key should go before the DATABASE_URL key

(UnorderedKey)

---

[warning] 12-12: [UnorderedKey] The HERE_TOKEN key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 17-17: [UnorderedKey] The POSTGRES_PASSWORD key should go before the POSTGRES_USER key

(UnorderedKey)

---

[warning] 18-18: [UnorderedKey] The POSTGRES_HOST_PORT key should go before the POSTGRES_PASSWORD key

(UnorderedKey)

---

[warning] 19-19: [UnorderedKey] The POSTGRES_INNER_PORT key should go before the POSTGRES_PASSWORD key

(UnorderedKey)

---

[warning] 22-22: [UnorderedKey] The DJANGO_SUPERUSER_EMAIL key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

---

[warning] 23-23: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

---

[warning] 23-23: [UnorderedKey] The DJANGO_SUPERUSER_PASSWORD key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

🔇 Additional comments (3)

.env.example (2)

2-12: Confirm these example-only settings aren’t used in production.

SECRET_KEY=secret, DEBUG=1, and ALLOWED_HOSTS=* are fine for local dev but must not leak to prod.

Do you want me to add inline comments or a guard in settings to error-out if DEBUG=1 and ALLOWED_HOSTS='*' in non-dev environments?

Also applies to: 9-9

---

3-3: No changes needed for PostGIS URI handling

A quick test confirms that django-environ’s Env.db() recognizes the postgis:// scheme and correctly sets
ENGINE='django.contrib.gis.db.backends.postgis' when parsing DATABASE_URL=postgis://… in your settings (env.db() returns the right engine and connection values). You can keep the current .env.example entry as is.

docker-compose.example.yml (1)

26-26: Healthcheck ‘start_interval’ needs Docker 25.0+.

If your team isn’t uniformly on Docker 25+, Compose will error on start_interval. Consider removing it for broader compatibility.

I can provide a variant without start_interval if you prefer.

[mlv-dev]

Надеюсь, это всё
@coderabbitai review

[coderabbitai]

@mlv-dev I understand you're hoping that covers everything! I'll review all the configuration changes you've made. This looks like a comprehensive update to modernize your Docker setup, add task scheduling, and improve environment handling.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[mlv-dev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[mlv-dev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

dtpstat/settings.py (1)

69-69: Lock down CORS in production

Allow-all is risky in prod. Gate by DEBUG and provide an allowlist via env.

-CORS_ORIGIN_ALLOW_ALL = True
+if DEBUG:
+    CORS_ORIGIN_ALLOW_ALL = True
+else:
+    CORS_ORIGIN_ALLOW_ALL = False
+    CORS_ALLOWED_ORIGINS = env.list(
+        'CORS_ALLOWED_ORIGINS',
+        default=[f'https://{PRODUCTION_HOST}']
+    )

🧹 Nitpick comments (3)

dtpstat/settings.py (3)

56-63: Place CorsMiddleware earlier in the stack

Per django-cors-headers docs, put it as high as possible (right after SecurityMiddleware) to ensure CORS headers are added before other middleware may short-circuit.

Apply:

 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'publisher.middleware.TimezoneMiddleware',
-    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',

---

164-171: LANGUAGE_COOKIE_SAMESITE should be a string

Django expects 'Lax' | 'Strict' | 'None' (string). Using None can be ignored or misinterpreted.

-LANGUAGE_COOKIE_SAMESITE = None
+LANGUAGE_COOKIE_SAMESITE = 'Lax' if DEBUG else 'None'

Note: 'None' requires a secure cookie — already handled via LANGUAGE_COOKIE_SECURE.

---

250-259: Make django-q cluster tunable via env

Allows per-environment scaling without code changes.

-Q_CLUSTER = {
-    'name': 'DjangoORM',  # имя кластера
-    'workers': 2,         # число воркеров
-    'recycle': 500,       # перезапуск воркеров после N задач
-    'timeout': 120,       # таймаут выполнения задачи
-    'retry': 180,
-    'save_limit': 250,    # максимальное количество сохранённых задач
-    'queue_limit': 100,   # максимальный размер очереди
-    'orm': 'default',     # используем базу данных Django
-}
+Q_CLUSTER = {
+    'name': env('Q_CLUSTER_NAME', default='DjangoORM'),
+    'workers': env.int('Q_CLUSTER_WORKERS', default=2),
+    'recycle': env.int('Q_CLUSTER_RECYCLE', default=500),
+    'timeout': env.int('Q_CLUSTER_TIMEOUT', default=120),
+    'retry': env.int('Q_CLUSTER_RETRY', default=180),
+    'save_limit': env.int('Q_CLUSTER_SAVE_LIMIT', default=250),
+    'queue_limit': env.int('Q_CLUSTER_QUEUE_LIMIT', default=100),
+    'orm': 'default',
+}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 98c5c92 and ff6bf17.

📒 Files selected for processing (2)

• docker-compose.example.yml (1 hunks)
• dtpstat/settings.py (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docker-compose.example.yml

🧰 Additional context used

🪛 Ruff (0.12.2)

dtpstat/settings.py

263-263: Undefined name DJANGO_CRYPTOGRAPHY_KEY

(F821)

🔇 Additional comments (4)

dtpstat/settings.py (4)

49-52: New apps added — confirm availability and migrations

Verify that publisher is a real app in the repo and that migrations for django_q and any encrypted fields are included.

Would you like a quick script to scan for publisher.middleware.TimezoneMiddleware and .env.example keys?

---

146-146: USE_TZ=True — check for naive datetimes

Confirm no code assumes naive datetimes (e.g., manual string parsing, JSON dumps) and that DB timestamps are aware after this change.

---

174-174: CKEditor upload path change looks good

Relative to MEDIA_ROOT; ensure the directory exists in your containers/volumes.

---

195-206: CKEditor removeFormatTags delimiter — verify expected format

CKEditor typically expects a delimited string; consider semicolons. Please verify against your CKEditor version.

-        'removeFormatTags': (
-            'b,i,u,strike,strong,em,hr,a,img,blockquote'
-        ),
+        'removeFormatTags': 'b;i;u;strike;strong;em;hr;a;img;blockquote',

[mlv-dev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

dtpstat/settings.py (2)

12-14: Parse ALLOWED_HOSTS as list and DEBUG as bool.

Prevents type bugs in host validation and conditional branches.

-ALLOWED_HOSTS = env('ALLOWED_HOSTS', default=[])
-DEBUG = env('DEBUG', default=False)
+ALLOWED_HOSTS = env.list('ALLOWED_HOSTS', default=[])
+DEBUG = env.bool('DEBUG', default=False)

---

216-220: Robust STATICFILES_DIRS retrieval.

Current code raises if the var is unset. Use list parsing with default.

-STATIC_ROOT = env('STATIC_ROOT')
-if env('STATICFILES_DIRS'):
-    STATICFILES_DIRS = [env('STATICFILES_DIRS')]
+STATIC_ROOT = env('STATIC_ROOT')
+static_dirs = env.list('STATICFILES_DIRS', default=[])
+if static_dirs:
+    STATICFILES_DIRS = static_dirs

♻️ Duplicate comments (1)

.env.example (1)

1-3: Harden example env: avoid real-looking secrets; gate superuser auto-creation (dev-only).

Replace predictable defaults, comment out admin creds, and add an explicit opt‑in flag to prevent accidental use in shared/prod environments.

+## WARNING: Insecure example values for local development only.
+## Copy to .env and customize before any shared/prod deployment.

-PYTHONUNBUFFERED=1
-SECRET_KEY=secret
+PYTHONUNBUFFERED=1
+SECRET_KEY=django-insecure-CHANGE_ME

 ...

-DJANGO_SUPERUSER_USERNAME=admin
-DJANGO_SUPERUSER_EMAIL=admin@localhost
-DJANGO_SUPERUSER_PASSWORD=admin
+# Superuser auto-creation (opt-in for local dev)
+DJANGO_AUTO_CREATE_SUPERUSER=0
+# DJANGO_SUPERUSER_USERNAME=admin
+# DJANGO_SUPERUSER_EMAIL=admin@localhost
+# DJANGO_SUPERUSER_PASSWORD=CHANGE_ME

 ...

-# (example key):
-DJANGO_ENCRYPTION_KEY=Z0n5S1hFhE1w8V7eG1WQ9h9x8pPCk9Q5jQWQv7P3c4Y=
+# Generate a key: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+DJANGO_ENCRYPTION_KEY=CHANGE_ME_BASE64_FERNET_KEY

Also applies to: 19-21, 25-27

🧹 Nitpick comments (2)

.env.example (1)

12-13: Prefer unmistakable placeholders for external tokens.

Prevents accidental reuse and quiets secret scanners.

-HERE_TOKEN=123
-YANDEX_TOKEN=123
+HERE_TOKEN=CHANGE_ME
+YANDEX_TOKEN=CHANGE_ME

dtpstat/settings.py (1)

268-274: Encryption key: allow fallback and avoid double-fail.

Read with default and fall back to legacy name; then fail fast with a clear message.

-DJANGO_CRYPTOGRAPHY_KEY = env('DJANGO_ENCRYPTION_KEY')
-
-if not DJANGO_CRYPTOGRAPHY_KEY:
-    from django.core.exceptions import ImproperlyConfigured
-    raise ImproperlyConfigured(
-        "DJANGO_CRYPTOGRAPHY_KEY must be set in the environment"
-    )
+DJANGO_CRYPTOGRAPHY_KEY = env('DJANGO_ENCRYPTION_KEY', default=None) or env('FIELD_ENCRYPTION_KEY', default=None)
+if not DJANGO_CRYPTOGRAPHY_KEY:
+    from django.core.exceptions import ImproperlyConfigured
+    raise ImproperlyConfigured("Set DJANGO_ENCRYPTION_KEY (or FIELD_ENCRYPTION_KEY).")

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ff6bf17 and d3c00f6.

📒 Files selected for processing (2)

• .env.example (1 hunks)
• dtpstat/settings.py (5 hunks)

🧰 Additional context used

🪛 dotenv-linter (3.3.0)

.env.example

[warning] 3-3: [UnorderedKey] The DATABASE_URL key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 5-5: [UnorderedKey] The MEDIA_ROOT key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 6-6: [UnorderedKey] The STATICFILES_DIRS key should go before the STATIC_ROOT key

(UnorderedKey)

---

[warning] 7-7: [UnorderedKey] The RECAPTCHA_PUBLIC_KEY key should go before the SECRET_KEY key

(UnorderedKey)

---

[warning] 8-8: [UnorderedKey] The RECAPTCHA_PRIVATE_KEY key should go before the RECAPTCHA_PUBLIC_KEY key

(UnorderedKey)

---

[warning] 9-9: [UnorderedKey] The DEBUG key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 10-10: [UnorderedKey] The PROJECT_PATH key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 11-11: [UnorderedKey] The ALLOWED_HOSTS key should go before the DATABASE_URL key

(UnorderedKey)

---

[warning] 12-12: [UnorderedKey] The HERE_TOKEN key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 17-17: [UnorderedKey] The POSTGRES_PASSWORD key should go before the POSTGRES_USER key

(UnorderedKey)

---

[warning] 20-20: [UnorderedKey] The DJANGO_SUPERUSER_EMAIL key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

---

[warning] 21-21: [UnorderedKey] The DJANGO_SUPERUSER_PASSWORD key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

🪛 Gitleaks (8.27.2)

.env.example

27-27: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

[mlv-dev]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

.env.example (2)

12-12: ALLOWED_HOSTS format looks good (CSV matches env.list parsing).
No action needed.

---

26-28: Replace realistic-looking encryption key with a placeholder to satisfy secret scanners.
Gitleaks flags this as a generic API key.

Apply:

-# (example key):
-DJANGO_ENCRYPTION_KEY=Z0n5S1hFhE1w8V7eG1WQ9h9x8pPCk9Q5jQWQv7P3c4Y=
+# Set after generation (base64 Fernet key):
+DJANGO_ENCRYPTION_KEY=CHANGE_ME_BASE64_FERNET_KEY

dtpstat/settings.py (1)

269-275: Fix error message and add fallback for legacy key name.
Clarifies which env var is required; optional fallback eases migration.

Apply:

-DJANGO_CRYPTOGRAPHY_KEY = env('DJANGO_ENCRYPTION_KEY')
-
-if not DJANGO_CRYPTOGRAPHY_KEY:
-    from django.core.exceptions import ImproperlyConfigured
-    raise ImproperlyConfigured(
-        "DJANGO_CRYPTOGRAPHY_KEY must be set in the environment"
-    )
+DJANGO_CRYPTOGRAPHY_KEY = env('DJANGO_ENCRYPTION_KEY', default=os.environ.get('FIELD_ENCRYPTION_KEY'))
+if not DJANGO_CRYPTOGRAPHY_KEY:
+    from django.core.exceptions import ImproperlyConfigured
+    raise ImproperlyConfigured("DJANGO_ENCRYPTION_KEY (or FIELD_ENCRYPTION_KEY) must be set")

🧹 Nitpick comments (1)

dtpstat/settings.py (1)

218-220: Simplify STATICFILES_DIRS assignment.
Use a single env.list with default [].

Apply:

-static_dirs = env.list('STATICFILES_DIRS', default=[])
-if static_dirs:
-    STATICFILES_DIRS = static_dirs
+STATICFILES_DIRS = env.list('STATICFILES_DIRS', default=[])

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d3c00f6 and 2795df5.

📒 Files selected for processing (2)

• .env.example (1 hunks)
• dtpstat/settings.py (6 hunks)

🧰 Additional context used

🪛 dotenv-linter (3.3.0)

.env.example

[warning] 3-3: [UnorderedKey] The DATABASE_URL key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 5-5: [UnorderedKey] The MEDIA_ROOT key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 6-6: [UnorderedKey] The STATICFILES_DIRS key should go before the STATIC_ROOT key

(UnorderedKey)

---

[warning] 7-7: [UnorderedKey] The RECAPTCHA_PUBLIC_KEY key should go before the SECRET_KEY key

(UnorderedKey)

---

[warning] 8-8: [UnorderedKey] The RECAPTCHA_PRIVATE_KEY key should go before the RECAPTCHA_PUBLIC_KEY key

(UnorderedKey)

---

[warning] 9-9: [UnorderedKey] The DEBUG key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 10-10: [UnorderedKey] The PROJECT_PATH key should go before the PYTHONUNBUFFERED key

(UnorderedKey)

---

[warning] 12-12: [UnorderedKey] The ALLOWED_HOSTS key should go before the DATABASE_URL key

(UnorderedKey)

---

[warning] 13-13: [UnorderedKey] The HERE_TOKEN key should go before the MEDIA_ROOT key

(UnorderedKey)

---

[warning] 18-18: [UnorderedKey] The POSTGRES_PASSWORD key should go before the POSTGRES_USER key

(UnorderedKey)

---

[warning] 21-21: [UnorderedKey] The DJANGO_SUPERUSER_EMAIL key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

---

[warning] 22-22: [UnorderedKey] The DJANGO_SUPERUSER_PASSWORD key should go before the DJANGO_SUPERUSER_USERNAME key

(UnorderedKey)

🪛 Gitleaks (8.27.2)

.env.example

28-28: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (4)

.env.example (2)

2-2: Use a non-secret placeholder for SECRET_KEY and add an explicit warning.
Prevents accidental use in shared/prod environments.
[ suggest_essential_refactor ]
[ duplicate_comment ]
Apply:

-SECRET_KEY=secret
+# WARNING: Example values only. Do NOT use in production. Copy to .env and customize.
+SECRET_KEY=django-insecure-CHANGE_ME

---

20-22: Gate superuser auto-creation and comment out defaults.
Avoids shipping predictable admin creds.
[ suggest_essential_refactor ]
[ duplicate_comment ]
Apply:

+DJANGO_AUTO_CREATE_SUPERUSER=0
-DJANGO_SUPERUSER_USERNAME=admin
-DJANGO_SUPERUSER_EMAIL=admin@localhost
-DJANGO_SUPERUSER_PASSWORD=admin
+# DJANGO_SUPERUSER_USERNAME=admin
+# DJANGO_SUPERUSER_EMAIL=admin@localhost
+# DJANGO_SUPERUSER_PASSWORD=CHANGE_ME

dtpstat/settings.py (2)

12-13: Correct use of env parsers for ALLOWED_HOSTS and DEBUG.
Matches CSV/boolean expectations.

---

49-52: LGTM on new integrations and configs (apps, middleware, CORS, TZ, CKEditor, Q_CLUSTER).
No issues spotted in these segments.

Also applies to: 58-58, 61-61, 69-76, 153-153, 181-214, 258-267