direct-pythonapp

Python service created from Red Hat Developer Hub

Layout

.
├── Dockerfile
├── .dockerignore
├── catalog-info.yaml
├── pyproject.toml
├── src/direct_pythonapp/
│   ├── __init__.py
│   ├── __main__.py   # CLI: python -m direct_pythonapp
│   ├── main.py
│   └── web.py        # FastAPI + /healthz (container / OpenShift)
├── tests/
│   ├── test_package.py
│   └── test_web.py
├── deploy/openshift/ # Service, Route, Deployment (applied by GitHub Actions)
└── .github/workflows/
    ├── ci.yml
    ├── container-build.yml   # → ghcr.io/<owner>/<repo>
    └── deploy-openshift.yml  # after image: oc apply + rollout

Local

python -m venv .venv
source .venv/bin/activate   # Windows: .venv\Scripts\activate
pip install -e ".[dev]"
pytest
python -m direct_pythonapp
uvicorn direct_pythonapp.web:app --host 127.0.0.1 --port 8080
# http://127.0.0.1:8080/healthz

Local container

docker build -t direct-pythonapp:local .
docker run --rm -p 8080:8080 direct-pythonapp:local
curl -s http://127.0.0.1:8080/healthz

CI / image / OpenShift

1. ci.yml — tests (matrix 3.11 / 3.12), python -m, pytest (includes API tests).
2. container-build.yml — builds the image and pushes to GHCR (:latest and :sha-<git-sha>).
3. deploy-openshift.yml — runs when Container image finishes successfully on main. It checks out the same commit, oc apply -k deploy/openshift, oc set image to the sha-tagged image, waits for rollout, prints the Route host.

GitHub repository secrets

Secret	Purpose
OPENSHIFT_API_URL	API URL, e.g. https://api.cluster.example:6443
OPENSHIFT_TOKEN	Token for a user or SA that can deploy to the namespace
OPENSHIFT_NAMESPACE	(optional) Target project; omit to use the token’s default project

Use a dedicated service account with edit (or narrower) role in the namespace—not your personal admin token for real environments.

Cluster prep (once per namespace)

oc new-project <your-project>
# If GHCR package is private, create a pull secret and link the SA that runs the pods:
# oc create secret docker-registry ghcr-pull --docker-server=ghcr.io ...
# oc secrets link default ghcr-pull --for=pull -n <your-project>

For public GHCR packages, the cluster can pull without extra secrets.

Demo story (end-to-end)

Developer Hub → template runs → GitHub repo + Actions (CI → Container image → Deploy to OpenShift) → app on Route URL from the deploy job log or oc get route.

GitOps variant (later)

For a “production” story, replace the deploy-openshift job with Argo CD / OpenShift GitOps watching a manifests repo or this repo’s deploy/openshift, and let CI only push the image + bump image tag (or use an ImageStream + triggers).