Remove secrets and SQL dumps from repository

2026-04-03 11:56:52 +03:00
parent 464a724ec9
commit 648ca7317a
5 changed files with 394 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,333 @@
 ### JetBrains template
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 # User-specific stuff
 .idea/**/workspace.xml
 .idea/**/tasks.xml
 .idea/**/usage.statistics.xml
 .idea/**/dictionaries
 .idea/**/shelf
 # AWS User-specific
 .idea/**/aws.xml
 # Generated files
 .idea/**/contentModel.xml
 # Sensitive or high-churn files
 .idea/**/dataSources/
 .idea/**/dataSources.ids
 .idea/**/dataSources.local.xml
 .idea/**/sqlDataSources.xml
 .idea/**/dynamic.xml
 .idea/**/uiDesigner.xml
 .idea/**/dbnavigator.xml
 # Gradle
 .idea/**/gradle.xml
 .idea/**/libraries
 # Gradle and Maven with auto-import
 # When using Gradle or Maven with auto-import, you should exclude module files,
 # since they will be recreated, and may cause churn.  Uncomment if using
 # auto-import.
 # .idea/artifacts
 # .idea/compiler.xml
 # .idea/jarRepositories.xml
 # .idea/modules.xml
 # .idea/*.iml
 # .idea/modules
 # *.iml
 # *.ipr
 # CMake
 cmake-build-*/
 # Mongo Explorer plugin
 .idea/**/mongoSettings.xml
 # File-based project format
 *.iws
 # IntelliJ
 out/
 # mpeltonen/sbt-idea plugin
 .idea_modules/
 # JIRA plugin
 atlassian-ide-plugin.xml
 # Cursive Clojure plugin
 .idea/replstate.xml
 # SonarLint plugin
 .idea/sonarlint/
 # Crashlytics plugin (for Android Studio and IntelliJ)
 com_crashlytics_export_strings.xml
 crashlytics.properties
 crashlytics-build.properties
 fabric.properties
 # Editor-based Rest Client
 .idea/httpRequests
 # Android studio 3.1+ serialized cache file
 .idea/caches/build_file_checksums.ser
 ### VirtualEnv template
 # Virtualenv
 # http://iamzed.com/2009/05/07/a-primer-on-virtualenv/
 .Python
 [Bb]in
 [Ii]nclude
 [Ll]ib
 [Ll]ib64
 [Ll]ocal
 [Ss]cripts
 pyvenv.cfg
 .venv
 pip-selfcheck.json
 ### Linux template
 *~
 # temporary files which can be created if a process still has a handle open of a deleted file
 .fuse_hidden*
 # KDE directory preferences
 .directory
 # Linux trash folder which might appear on any partition or disk
 .Trash-*
 # .nfs files are created when an open file is removed but is still being accessed
 .nfs*
 ### Windows template
 # Windows thumbnail cache files
 Thumbs.db
 Thumbs.db:encryptable
 ehthumbs.db
 ehthumbs_vista.db
 # Dump file
 *.stackdump
 # Folder config file
 [Dd]esktop.ini
 # Recycle Bin used on file shares
 $RECYCLE.BIN/
 # Windows Installer files
 *.cab
 *.msi
 *.msix
 *.msm
 *.msp
 # Windows shortcuts
 *.lnk
 ### macOS template
 # General
 .DS_Store
 .AppleDouble
 .LSOverride
 # Icon must end with two \r
 Icon
 # Thumbnails
 ._*
 # Files that might appear in the root of a volume
 .DocumentRevisions-V100
 .fseventsd
 .Spotlight-V100
 .TemporaryItems
 .Trashes
 .VolumeIcon.icns
 .com.apple.timemachine.donotpresent
 # Directories potentially created on remote AFP share
 .AppleDB
 .AppleDesktop
 Network Trash Folder
 Temporary Items
 .apdisk
 ### Python template
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
 *$py.class
 # C extensions
 *.so
 # Distribution / packaging
 .Python
 build/
 develop-eggs/
 dist/
 downloads/
 eggs/
 .eggs/
 lib/
 lib64/
 parts/
 sdist/
 var/
 wheels/
 share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
 MANIFEST
 # PyInstaller
 #  Usually these files are written by a python script from a template
 #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 *.manifest
 *.spec
 # Installer logs
 pip-log.txt
 pip-delete-this-directory.txt
 # Unit test / coverage reports
 htmlcov/
 .tox/
 .nox/
 .coverage
 .coverage.*
 .cache
 nosetests.xml
 coverage.xml
 *.cover
 *.py,cover
 .hypothesis/
 .pytest_cache/
 cover/
 # Translations
 *.mo
 *.pot
 # Django stuff:
 *.log
 local_settings.py
 db.sqlite3
 db.sqlite3-journal
 # Flask stuff:
 instance/
 .webassets-cache
 # Scrapy stuff:
 .scrapy
 # Sphinx documentation
 docs/_build/
 # PyBuilder
 .pybuilder/
 target/
 # Jupyter Notebook
 .ipynb_checkpoints
 # IPython
 profile_default/
 ipython_config.py
 # pyenv
 #   For a library or package, you might want to ignore these files since the code is
 #   intended to run in multiple environments; otherwise, check them in:
 # .python-version
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies
 #   having no cross-platform support, pipenv may install dependencies that don't work, or not
 #   install all needed dependencies.
 #Pipfile.lock
 # poetry
 #   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
 #   This is especially recommended for binary packages to ensure reproducibility, and is more
 #   commonly ignored for libraries.
 #   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
 #poetry.lock
 # pdm
 #   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
 #pdm.lock
 #   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
 #   in version control.
 #   https://pdm.fming.dev/latest/usage/project/#working-with-version-control
 .pdm.toml
 .pdm-python
 .pdm-build/
 # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
 __pypackages__/
 # Celery stuff
 celerybeat-schedule
 celerybeat.pid
 # SageMath parsed files
 *.sage.py
 # Environments
 .env
 .venv
 env/
 venv/
 ENV/
 env.bak/
 venv.bak/
 # Spyder project settings
 .spyderproject
 .spyproject
 # Rope project settings
 .ropeproject
 # mkdocs documentation
 /site
 # mypy
 .mypy_cache/
 .dmypy.json
 dmypy.json
 # Pyre type checker
 .pyre/
 # pytype static type analyzer
 .pytype/
 # Cython debug symbols
 cython_debug/
 # PyCharm
 #  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 # -----------------------------------------------------------------------------
 # Project-specific files that must not be committed
 # -----------------------------------------------------------------------------
 SQL/
 *.sql
 cadpoint/cadpoint/my_secret.py
--- a/README.md
+++ b/README.md
@@ -7,4 +7,8 @@
 * типограф (по API или встроенный «типограф Муравьева», с костылями под ckeditor);
 * теги новостей (taggit).
-[Инструкция по развертыванию на хостинге DreamHost.com](deploy_to_dreamhost.md)
+[Инструкция по развертыванию на хостинге DreamHost.com](deploy_to_dreamhost.md)
 Для локальной настройки секретов используй `cadpoint/cadpoint/my_secret_example.py` как шаблон и
 создавай рядом незакоммиченный `cadpoint/cadpoint/my_secret.py`.
--- a/cadpoint/cadpoint/my_secret_example.py
+++ b/cadpoint/cadpoint/my_secret_example.py
@@ -0,0 +1,49 @@
 # -*- coding: utf-8 -*-
 """Шаблон локальных секретов для CADpoint.
 Скопируй этот файл в `my_secret.py` и заполни реальными значениями вне Git.
 """
 # Секретный ключ Django.
 MY_SECRET_KEY = "CHANGE_ME"
 # Имена хостов, на которых включается DEBUG.
 MY_HOST_HOME = "CHANGE_ME"
 MY_HOST_WORK = "CHANGE_ME"
 # Локальные пути для разработки.
 MY_MEDIA_ROOT_DEV = "/path/to/media/dev"
 MY_STATIC_ROOT_DEV = "/path/to/static/dev"
 # Почта для разработки.
 MY_EMAIL_HOST_DEV = "smtp.example.com"
 MY_EMAIL_PORT_DEV = 587
 MY_EMAIL_HOST_USER_DEV = "user@example.com"
 MY_EMAIL_HOST_PASSWORD_DEV = "CHANGE_ME"
 MY_EMAIL_FROM_DEV = "user@example.com"
 # База данных для разработки.
 MY_DATABASE_HOST_DEV = "127.0.0.1"
 MY_DATABASE_PORT_DEV = 3306
 MY_DATABASE_NAME_DEV = "cadpoint_dev"
 MY_DATABASE_USER_DEV = "cadpoint_dev"
 MY_DATABASE_PASSWORD_DEV = "CHANGE_ME"
 # Пути для production.
 MY_MEDIA_ROOT_PROD = "/path/to/media/prod"
 MY_STATIC_ROOT_PROD = "/path/to/static/prod"
 # Почта для production.
 MY_EMAIL_HOST_PROD = "smtp.example.com"
 MY_EMAIL_PORT_PROD = 587
 MY_EMAIL_HOST_USER_PROD = "user@example.com"
 MY_EMAIL_HOST_PASSWORD_PROD = "CHANGE_ME"
 MY_EMAIL_FROM_PROD = "user@example.com"
 # База данных для production.
 MY_DATABASE_HOST_PROD = "127.0.0.1"
 MY_DATABASE_PORT_PROD = 3306
 MY_DATABASE_NAME_PROD = "cadpoint_prod"
 MY_DATABASE_USER_PROD = "cadpoint_prod"
 MY_DATABASE_PASSWORD_PROD = "CHANGE_ME"
--- a/cadpoint/cadpoint/settings.py
+++ b/cadpoint/cadpoint/settings.py
@@ -11,9 +11,14 @@ https://docs.djangoproject.com/en/3.2/ref/settings/
 """
 from pathlib import Path
 from cadpoint.my_secret import *
 import socket
 try:
    # В репозитории хранится только шаблон секретов, а реальный файл остаётся локальным.
    from .my_secret import *
 except ImportError:  # pragma: no cover - запасной путь для открытого репозитория
    from .my_secret_example import *
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
--- a/deploy_to_dreamhost.md
+++ b/deploy_to_dreamhost.md
@@ -121,7 +121,7 @@ python -c "import django; print(django.get_version())"
 |   |-- cadpoint
 |   |   |-- __init__.py
 |   |   |-- asgi.py
-|   |   |-- my_secret.py
+|   |   |-- my_secret.py  # хранится только локально, в Git не коммитится
 |   |   |-- settings.py
 |   |   |-- urls.py
 |   |   `-- wsgi.py