search

freedomofpress / securethenews

An automated scanner and web dashboard for tracking TLS deployment across news organizations
https://securethe.news
GNU Affero General Public License v3.0
100 stars 25 forks source link

Infra 318 django bump #108

Closed msheiny closed 7 years ago

msheiny commented 7 years ago

I saw some weird issues locally when trying to run from scratch that I wasnt able to reproduce in prod. In particular I needed to add in the following to my local roles copy:

- name: Upgrade PIP
  pip:
    name: "{{ item }}"
    virtualenv_python: "{{ django_stack_venv_python }}"
    executable: "{{ django_stack_gcorn_home }}/{{ django_stack_app_name }}/bin/pip"
    virtualenv_site_packages: "{{ django_stack_venv_sitepackage }}"
    extra_args: --upgrade
  with_items:
    - pip
    - setuptools

Should I add this upstream to django_stack ? im not really certain if theres any negative consequence to always updating pip + setuptools to the latest in prod, so I'm not sold on this without more testing. Id rather spend that testing time trying to implement pip deps into debian pkgs - but ill be willing to concede and add that in as a stop-gap now if someone can make a convincing argument. Run on sentences are ..... fun.

conorsch commented 7 years ago

Should I add this upstream to django_stack ?

No, adding it here for now is fine. We'll monitor the pip version resolution and make sure the pinning is honored. If the "always upgrade pip and setuptools" strategy makes the pip version resolution via Ansible more reliable, then we can consider upstreaming it to the django role.

Nice changes on making the local env more prod-like. LGTM!

conorsch commented 7 years ago

Local env behaving well. Django version upgrade already live in prod. Merging.