From 648ca7317a7aad0f05ddaac410a918c814f8a710 Mon Sep 17 00:00:00 2001 From: erjemin Date: Fri, 3 Apr 2026 11:56:52 +0300 Subject: [PATCH] Remove secrets and SQL dumps from repository --- .gitignore | 333 +++++++++++++++++++++++++ README.md | 6 +- cadpoint/cadpoint/my_secret_example.py | 49 ++++ cadpoint/cadpoint/settings.py | 7 +- deploy_to_dreamhost.md | 2 +- 5 files changed, 394 insertions(+), 3 deletions(-) create mode 100644 .gitignore create mode 100644 cadpoint/cadpoint/my_secret_example.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f1010ea --- /dev/null +++ b/.gitignore @@ -0,0 +1,333 @@ +### JetBrains template +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# AWS User-specific +.idea/**/aws.xml + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/artifacts +# .idea/compiler.xml +# .idea/jarRepositories.xml +# .idea/modules.xml +# .idea/*.iml +# .idea/modules +# *.iml +# *.ipr + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# SonarLint plugin +.idea/sonarlint/ + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +### VirtualEnv template +# Virtualenv +# http://iamzed.com/2009/05/07/a-primer-on-virtualenv/ +.Python +[Bb]in +[Ii]nclude +[Ll]ib +[Ll]ib64 +[Ll]ocal +[Ss]cripts +pyvenv.cfg +.venv +pip-selfcheck.json + +### Linux template +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +### Windows template +# Windows thumbnail cache files +Thumbs.db +Thumbs.db:encryptable +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +### macOS template +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +### Python template +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/latest/usage/project/#working-with-version-control +.pdm.toml +.pdm-python +.pdm-build/ + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +#.idea/ + +# ----------------------------------------------------------------------------- +# Project-specific files that must not be committed +# ----------------------------------------------------------------------------- +SQL/ +*.sql +cadpoint/cadpoint/my_secret.py + diff --git a/README.md b/README.md index 107e6b6..f2a168a 100644 --- a/README.md +++ b/README.md @@ -7,4 +7,8 @@ * типограф (по API или встроенный «типограф Муравьева», с костылями под ckeditor); * теги новостей (taggit). -[Инструкция по развертыванию на хостинге DreamHost.com](deploy_to_dreamhost.md) \ No newline at end of file +[Инструкция по развертыванию на хостинге DreamHost.com](deploy_to_dreamhost.md) + +Для локальной настройки секретов используй `cadpoint/cadpoint/my_secret_example.py` как шаблон и +создавай рядом незакоммиченный `cadpoint/cadpoint/my_secret.py`. + diff --git a/cadpoint/cadpoint/my_secret_example.py b/cadpoint/cadpoint/my_secret_example.py new file mode 100644 index 0000000..e6e3d06 --- /dev/null +++ b/cadpoint/cadpoint/my_secret_example.py @@ -0,0 +1,49 @@ +# -*- coding: utf-8 -*- +"""Шаблон локальных секретов для CADpoint. + +Скопируй этот файл в `my_secret.py` и заполни реальными значениями вне Git. +""" + +# Секретный ключ Django. +MY_SECRET_KEY = "CHANGE_ME" + +# Имена хостов, на которых включается DEBUG. +MY_HOST_HOME = "CHANGE_ME" +MY_HOST_WORK = "CHANGE_ME" + +# Локальные пути для разработки. +MY_MEDIA_ROOT_DEV = "/path/to/media/dev" +MY_STATIC_ROOT_DEV = "/path/to/static/dev" + +# Почта для разработки. +MY_EMAIL_HOST_DEV = "smtp.example.com" +MY_EMAIL_PORT_DEV = 587 +MY_EMAIL_HOST_USER_DEV = "user@example.com" +MY_EMAIL_HOST_PASSWORD_DEV = "CHANGE_ME" +MY_EMAIL_FROM_DEV = "user@example.com" + +# База данных для разработки. +MY_DATABASE_HOST_DEV = "127.0.0.1" +MY_DATABASE_PORT_DEV = 3306 +MY_DATABASE_NAME_DEV = "cadpoint_dev" +MY_DATABASE_USER_DEV = "cadpoint_dev" +MY_DATABASE_PASSWORD_DEV = "CHANGE_ME" + +# Пути для production. +MY_MEDIA_ROOT_PROD = "/path/to/media/prod" +MY_STATIC_ROOT_PROD = "/path/to/static/prod" + +# Почта для production. +MY_EMAIL_HOST_PROD = "smtp.example.com" +MY_EMAIL_PORT_PROD = 587 +MY_EMAIL_HOST_USER_PROD = "user@example.com" +MY_EMAIL_HOST_PASSWORD_PROD = "CHANGE_ME" +MY_EMAIL_FROM_PROD = "user@example.com" + +# База данных для production. +MY_DATABASE_HOST_PROD = "127.0.0.1" +MY_DATABASE_PORT_PROD = 3306 +MY_DATABASE_NAME_PROD = "cadpoint_prod" +MY_DATABASE_USER_PROD = "cadpoint_prod" +MY_DATABASE_PASSWORD_PROD = "CHANGE_ME" + diff --git a/cadpoint/cadpoint/settings.py b/cadpoint/cadpoint/settings.py index 8a12585..0911f6e 100644 --- a/cadpoint/cadpoint/settings.py +++ b/cadpoint/cadpoint/settings.py @@ -11,9 +11,14 @@ https://docs.djangoproject.com/en/3.2/ref/settings/ """ from pathlib import Path -from cadpoint.my_secret import * import socket +try: + # В репозитории хранится только шаблон секретов, а реальный файл остаётся локальным. + from .my_secret import * +except ImportError: # pragma: no cover - запасной путь для открытого репозитория + from .my_secret_example import * + # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent diff --git a/deploy_to_dreamhost.md b/deploy_to_dreamhost.md index c7223d2..566c064 100644 --- a/deploy_to_dreamhost.md +++ b/deploy_to_dreamhost.md @@ -121,7 +121,7 @@ python -c "import django; print(django.get_version())" | |-- cadpoint | | |-- __init__.py | | |-- asgi.py -| | |-- my_secret.py +| | |-- my_secret.py # хранится только локально, в Git не коммитится | | |-- settings.py | | |-- urls.py | | `-- wsgi.py