mirror of
https://github.com/mediacms-io/mediacms.git
synced 2026-06-07 09:24:20 -04:00
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 semantic-release-bot
|
2e01000559 | ||
 Markos Gogoulos
|
4f11addcfd | ||
|
semantic-release-bot
|
b11f2f561c | ||
|
Markos Gogoulos
|
b6da9c4662 | ||
|
semantic-release-bot
|
10c0782fe0 | ||
|
Markos Gogoulos
|
318dad0e5d |
@@ -37,3 +37,5 @@ frontend-tools/chapters-editor/client/public/videos/sample-video.mp3
|
||||
static/chapters_editor/videos/sample-video.mp3
|
||||
static/video_editor/videos/sample-video.mp3
|
||||
templates/todo-MS4.md
|
||||
.secret_key
|
||||
.secret_key.lock
|
||||
|
||||
@@ -1,5 +1,23 @@
|
||||
# Changelog
|
||||
|
||||
## [8.0.6](https://github.com/mediacms-io/mediacms/compare/v8.0.5...v8.0.6) (2026-05-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* better place secret key settings ([4f11add](https://github.com/mediacms-io/mediacms/commit/4f11addcfd6657e7e63eed0570b1d4d9bca75698))
|
||||
|
||||
## [8.0.5](https://github.com/mediacms-io/mediacms/compare/v8.0.4...v8.0.5) (2026-05-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* add secret key to gitignore ([b6da9c4](https://github.com/mediacms-io/mediacms/commit/b6da9c4662b3fba234b8dc69700ffa44fced7482))
|
||||
|
||||
## [8.0.4](https://github.com/mediacms-io/mediacms/compare/v8.0.3...v8.0.4) (2026-05-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docker compose settings, provide key ([318dad0](https://github.com/mediacms-io/mediacms/commit/318dad0e5d2512d68068c019eb87f942f83318e9))
|
||||
|
||||
## [8.0.3](https://github.com/mediacms-io/mediacms/compare/v8.0.2...v8.0.3) (2026-05-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
+13
-5
@@ -1,7 +1,6 @@
|
||||
import os
|
||||
|
||||
from celery.schedules import crontab
|
||||
from django.core.management.utils import get_random_secret_key
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
DEBUG = False
|
||||
@@ -172,10 +171,19 @@ REST_FRAMEWORK = {
|
||||
}
|
||||
|
||||
|
||||
# Set the SECRET_KEY env var in production. If unset, a fresh random key is
|
||||
# generated per process — safe but invalidates sessions and signed tokens on
|
||||
# every restart.
|
||||
SECRET_KEY = os.getenv("SECRET_KEY") or get_random_secret_key()
|
||||
# In docker, deploy/docker/entrypoint.sh ensures the SECRET_KEY env var is
|
||||
# set (generating .secret_key once on first start if needed). Outside docker,
|
||||
# either set SECRET_KEY in the environment or create a .secret_key file at the
|
||||
# project root, e.g.:
|
||||
# python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())' > .secret_key
|
||||
SECRET_KEY = os.getenv('SECRET_KEY')
|
||||
if not SECRET_KEY:
|
||||
_secret_path = os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), '.secret_key')
|
||||
if os.path.exists(_secret_path):
|
||||
with open(_secret_path) as _f:
|
||||
SECRET_KEY = _f.read().strip()
|
||||
if not SECRET_KEY:
|
||||
raise RuntimeError("SECRET_KEY is not set. Set the SECRET_KEY env var or create a .secret_key file at the project root.")
|
||||
|
||||
TEMP_DIRECTORY = "/tmp" # Don't use a temp directory inside BASE_DIR!!!
|
||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
|
||||
+1
-1
@@ -1 +1 @@
|
||||
VERSION = "8.0.3"
|
||||
VERSION = "8.0.6"
|
||||
|
||||
@@ -35,4 +35,29 @@ find /home/mediacms.io/mediacms ! \( -path "*.git*" -o -name "package-lock.json"
|
||||
|
||||
chmod +x /home/mediacms.io/mediacms/deploy/docker/start.sh /home/mediacms.io/mediacms/deploy/docker/prestart.sh
|
||||
|
||||
# Generate or read SECRET_KEY once, shared across all containers via the
|
||||
# host-mounted project volume. Atomic create-or-read so parallel container
|
||||
# starts (web + celery_worker + celery_beat + migrations) can't race.
|
||||
# Uses `mkdir` as the lock primitive (POSIX-atomic, no dependency on flock).
|
||||
SECRET_KEY_FILE="${SECRET_KEY_FILE:-/home/mediacms.io/mediacms/.secret_key}"
|
||||
SECRET_KEY_LOCK="${SECRET_KEY_FILE}.lock"
|
||||
|
||||
if [ -z "${SECRET_KEY:-}" ]; then
|
||||
if [ ! -s "$SECRET_KEY_FILE" ]; then
|
||||
# Spin-acquire the lock. mkdir is atomic; first caller wins, others retry.
|
||||
while ! mkdir "$SECRET_KEY_LOCK" 2>/dev/null; do
|
||||
sleep 0.2
|
||||
done
|
||||
# Re-check inside the lock: another container may have just written it.
|
||||
if [ ! -s "$SECRET_KEY_FILE" ]; then
|
||||
python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())' > "$SECRET_KEY_FILE"
|
||||
chown www-data:www-data "$SECRET_KEY_FILE"
|
||||
chmod 600 "$SECRET_KEY_FILE"
|
||||
echo "entrypoint.sh: generated new SECRET_KEY at $SECRET_KEY_FILE"
|
||||
fi
|
||||
rmdir "$SECRET_KEY_LOCK"
|
||||
fi
|
||||
export SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
|
||||
@@ -1,10 +1,7 @@
|
||||
import os
|
||||
|
||||
from django.core.management.utils import get_random_secret_key
|
||||
|
||||
FRONTEND_HOST = os.getenv('FRONTEND_HOST', 'http://localhost')
|
||||
PORTAL_NAME = os.getenv('PORTAL_NAME', 'MediaCMS')
|
||||
SECRET_KEY = os.getenv('SECRET_KEY') or get_random_secret_key()
|
||||
REDIS_LOCATION = os.getenv('REDIS_LOCATION', 'redis://redis:6379/1')
|
||||
|
||||
DATABASES = {
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "mediacms",
|
||||
"version": "8.0.3",
|
||||
"version": "8.0.6",
|
||||
"devDependencies": {
|
||||
"@semantic-release/changelog": "^6.0.3",
|
||||
"@semantic-release/git": "^10.0.1",
|
||||
|
||||
Reference in New Issue
Block a user