Skip to content

Supersede #58: rebase 3-tier preview on main + runtime/CI/doc fixes#63

Open
xMinhx wants to merge 8 commits intomainfrom
SecureCheckPlus-57
Open

Supersede #58: rebase 3-tier preview on main + runtime/CI/doc fixes#63
xMinhx wants to merge 8 commits intomainfrom
SecureCheckPlus-57

Conversation

@xMinhx
Copy link
Copy Markdown
Collaborator

@xMinhx xMinhx commented Apr 19, 2026

Summary

This PR supersedes #58 and keeps the same core goal (local 3-tier preview), rebased onto current main and stabilized for merge.

Contains original commits by @StefanSchubert plus integration/rebase/runtime/docs fixes by @xMinhx.

Why supersede #58

PR #58 currently points to an older head state and does not include the rebase-era fixes required to run reliably on current main.

Key changes

  • Keep 3-tier split (frontend nginx + backend Django + db).
  • Fix frontend image/runtime issues (frontend/Dockerfile, frontend/nginx.conf).
  • Restore dev/prod Docker stages and use Gunicorn in prod with proper LOG_LEVEL expansion.
  • Remove startup makemigrations from backend entrypoint; keep migrate.
  • Align CI to production target (docker-compose.ci.yml uses target: prod).
  • Update docs to match real behavior (QUICK_START.md, PROJEKTÜBERSICHT_3TIER.md, README-DEV-INSTALLATION.md).
  • Ignore generated backend static artifacts (backend/staticfiles/*).

Validation

  • docker compose -f docker-compose-preview.yml up --build -d succeeds.
  • Frontend / responds 200.
  • Backend /check_health responds 200.
  • Unauthenticated /api/projects returns 401/403 (expected).
  • Frontend static via proxy /static/rest_framework/css/default.css returns 200.
  • docker compose -f docker-compose.ci.yml build securecheckplus_server succeeds.
  • Verified Gunicorn process in CI/prod runtime path.

Migration policy rationale

makemigrations is intentionally manual, while migrate remains automatic at startup.

Reason:

  • migration files are code artifacts and should be reviewed/committed explicitly,
  • startup-generated migrations make environments non-deterministic,
  • multiple containers can generate conflicting migration state.

Supersedes

Schubert, Stefan and others added 7 commits April 19, 2026 16:07
@xMinhx
Sponsored docker container for the frontend.
089c2c1 
Sponsored docker compose preview version.
Agentic Coding Fixed to dockerize the frontend container.
Startet dokumentation change (not finished yet)
@xMinhx
chore(frontend): remove deprecated frontend/src/api/apiClient.ts (mig…
2777c50 
…rated to queries/apiClient)
@xMinhx
refactor: implement 3-tier architecture by separating frontend and ba…
10e14ba 
…ckend assets
@xMinhx
refactor: migrate to 3-tier architecture by removing legacy views and…
f72494f 
… adding login page
@xMinhx
feat: add preview data seeding for demo project in development mode
477bb8d
@xMinhx
fix(runtime): stabilize preview and align CI with prod
a9d6547 
- remove invalid frontend image COPY of /staticfiles paths that are outside frontend build context

- proxy /static/ via frontend nginx to backend in preview mode

- stop running makemigrations at container startup; keep migrate only for deterministic schema

- add RUNNER_UID/GID defaults in preview compose to improve first-run reliability

- run gunicorn in Dockerfile prod stage with LOG_LEVEL default expansion

- switch docker-compose.ci.yml build target to prod so CI validates production-like runtime

Reasoning:

These changes remove non-deterministic startup behavior and fix a concrete preview build failure, while making CI exercise the same runtime model used for production deployment.
@xMinhx
docs: align preview/prod runtime guidance
b0d98f6 
- update quick-start API/static expectations for 3-tier preview

- document REACT_APP_API_URL same-origin proxy behavior

- clarify makemigrations is a manual dev workflow, not container startup

- point dev installation guide to docker-compose-preview.yml

- ignore generated backend/staticfiles artifacts
@xMinhx xMinhx requested a review from marcus67 April 19, 2026 21:17
@xMinhx xMinhx self-assigned this Apr 19, 2026
@xMinhx xMinhx added bug Something isn't working documentation Improvements or additions to documentation ci / cd / devops backend code quality labels Apr 19, 2026
@xMinhx xMinhx added this to the Post-Go-Live-Cleanup milestone Apr 19, 2026
@xMinhx xMinhx mentioned this pull request Apr 19, 2026
Closed
@xMinhx xMinhx requested a review from Greenpepper15 April 25, 2026 23:36
Greenpepper15
Greenpepper15 reviewed May 1, 2026
View reviewed changes
Comment thread backend/securecheckplus/urls.py
Greenpepper15
Greenpepper15 reviewed May 1, 2026
View reviewed changes
Comment thread frontend/src/components/LoginBox.tsx Outdated
Greenpepper15
Greenpepper15 reviewed May 1, 2026
View reviewed changes
Comment thread frontend/src/components/LoginBox.tsx Outdated
Greenpepper15
Greenpepper15 reviewed May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@Greenpepper15 Greenpepper15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ich habe mir das mal mit AI angeguckt und diese Punkte schienen für mich relevant.

Ich habe die APP auch mal ausprobiert. Die Kern Funktionalitäten haben bei mir auch geklappt.

Comment thread frontend/src/components/LoginBox.tsx Outdated
Comment thread frontend/src/components/LoginBox.tsx Outdated
Comment thread frontend/Dockerfile
Comment thread frontend/Dockerfile Outdated
Comment thread frontend/Dockerfile Outdated
Comment thread frontend/src/components/LoginBox.tsx
Comment thread backend/entrypoint.sh
Comment thread backend/assets/images/SecureCheckPlusLogoHorizontal.png
Comment thread backend/securecheckplus/settings.py Outdated
@xMinhx
fix: address PR review comments
fc5c30f 
- Remove debug console statements that logged passwords (LoginBox.tsx)
- Translate German comments to English (LoginBox.tsx)
- Add GET method with @ensure_csrf_cookie to Login view; remove validate_email from username check
- Restore deleted backend/assets/icons/ and backend/assets/images/ (eye.svg, logos, flags, etc.)
- Add set -e to entrypoint.sh
- Fix FQDN https check to use startswith("https://") instead of substring match
- Switch frontend Dockerfile from yarn to npm ci + npm run build
- Add frontend/.dockerignore
@xMinhx
Copy link
Copy Markdown
Collaborator Author

xMinhx commented May 4, 2026

Hi, thanks for the thorough review! I've addressed all your comments in the latest commit:

  • Removed all console.debug statements that included passwords
  • Translated German comments to English
  • Replaced the 405-side-effect CSRF hack with a proper GET /api/login endpoint decorated with @ensure_csrf_cookie
  • Removed validate_email() from the backend login view — plain usernames are now accepted consistently on both sides
  • Restored the deleted backend/assets/icons/ and backend/assets/images/ (eye.svg, logos, flags, etc.)
  • Added set -e to entrypoint.sh
  • Fixed the FQDN https check to use startswith("https://") instead of a substring match
  • Switched the frontend Dockerfile to npm ci + npm run build
  • Added frontend/.dockerignore

@xMinhx xMinhx requested a review from Greenpepper15 May 4, 2026 04:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcus67 marcus67 Awaiting requested review from marcus67

@Greenpepper15 Greenpepper15 Awaiting requested review from Greenpepper15

At least 1 approving review is required to merge this pull request.

Assignees

@xMinhx xMinhx

Labels

backend bug Something isn't working ci / cd / devops code quality documentation Improvements or additions to documentation

Projects

None yet

Milestone

Post-Go-Live-Cleanup

Development

Successfully merging this pull request may close these issues.

2 participants

@xMinhx @Greenpepper15