// Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR.
| name | django-verification |
| description | Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR. |
PRåã倧ããªå€æŽåŸããããã€åã«å®è¡ããŠãDjangoã¢ããªã±ãŒã·ã§ã³ã®å質ãšã»ãã¥ãªãã£ã確ä¿ããŸãã
# PythonããŒãžã§ã³ã確èª
python --version # ãããžã§ã¯ãèŠä»¶ãšäžèŽããããš
# ä»®æ³ç°å¢ããã§ãã¯
which python
pip list --outdated
# ç°å¢å€æ°ã確èª
python -c "import os; import environ; print('DJANGO_SECRET_KEY set' if os.environ.get('DJANGO_SECRET_KEY') else 'MISSING: DJANGO_SECRET_KEY')"
ç°å¢ã誀ã£ãŠæ§æãããŠããå Žåã¯ãåæ¢ããŠä¿®æ£ããŸãã
# åãã§ãã¯
mypy . --config-file pyproject.toml
# ruffã§ãªã³ãã£ã³ã°
ruff check . --fix
# blackã§ãã©ãŒããã
black . --check
black . # èªåä¿®æ£
# ã€ã³ããŒããœãŒã
isort . --check-only
isort . # èªåä¿®æ£
# Djangoåºæã®ãã§ãã¯
python manage.py check --deploy
äžè¬çãªåé¡:
# æªé©çšã®ãã€ã°ã¬ãŒã·ã§ã³ããã§ãã¯
python manage.py showmigrations
# æ¬ èœããŠãããã€ã°ã¬ãŒã·ã§ã³ãäœæ
python manage.py makemigrations --check
# ãã€ã°ã¬ãŒã·ã§ã³é©çšã®ãã©ã€ã©ã³
python manage.py migrate --plan
# ãã€ã°ã¬ãŒã·ã§ã³ãé©çšïŒãã¹ãç°å¢ïŒ
python manage.py migrate
# ãã€ã°ã¬ãŒã·ã§ã³ã®ç«¶åããã§ãã¯
python manage.py makemigrations --merge # 競åãããå Žåã®ã¿
ã¬ããŒã:
# pytestã§ãã¹ãŠã®ãã¹ããå®è¡
pytest --cov=apps --cov-report=html --cov-report=term-missing --reuse-db
# ç¹å®ã®ã¢ããªãã¹ããå®è¡
pytest apps/users/tests/
# ããŒã«ãŒã§å®è¡
pytest -m "not slow" # é
ããã¹ããã¹ããã
pytest -m integration # çµ±åãã¹ãã®ã¿
# ã«ãã¬ããžã¬ããŒã
open htmlcov/index.html
ã¬ããŒã:
ã«ãã¬ããžç®æš:
| ã³ã³ããŒãã³ã | ç®æš |
|---|---|
| ã¢ãã« | 90%+ |
| ã·ãªã¢ã©ã€ã¶ãŒ | 85%+ |
| ãã¥ãŒ | 80%+ |
| ãµãŒãã¹ | 90%+ |
| å šäœ | 80%+ |
# äŸåé¢ä¿ã®è匱æ§
pip-audit
safety check --full-report
# Djangoã»ãã¥ãªãã£ãã§ãã¯
python manage.py check --deploy
# Banditã»ãã¥ãªãã£ãªã³ã¿ãŒ
bandit -r . -f json -o bandit-report.json
# ã·ãŒã¯ã¬ããã¹ãã£ã³ïŒgitleaksãã€ã³ã¹ããŒã«ãããŠããå ŽåïŒ
gitleaks detect --source . --verbose
# ç°å¢å€æ°ãã§ãã¯
python -c "from django.core.exceptions import ImproperlyConfigured; from django.conf import settings; settings.DEBUG"
ã¬ããŒã:
# ã¢ãã«ã®åé¡ããã§ãã¯
python manage.py check
# éçãã¡ã€ã«ãåé
python manage.py collectstatic --noinput --clear
# ã¹ãŒããŒãŠãŒã¶ãŒãäœæïŒãã¹ãã«å¿
èŠãªå ŽåïŒ
echo "from apps.users.models import User; User.objects.create_superuser('admin@example.com', 'admin')" | python manage.py shell
# ããŒã¿ããŒã¹ã®æŽåæ§
python manage.py check --database default
# ãã£ãã·ã¥ã®æ€èšŒïŒRedisã䜿çšããŠããå ŽåïŒ
python -c "from django.core.cache import cache; cache.set('test', 'value', 10); print(cache.get('test'))"
# Django Debug ToolbaråºåïŒN+1ã¯ãšãªããã§ãã¯ïŒ
# DEBUG=Trueã§éçºã¢ãŒãã§å®è¡ããŠããŒãžã«ã¢ã¯ã»ã¹
# SQLããã«ã§éè€ã¯ãšãªãæ¢ã
# ã¯ãšãªæ°åæ
django-admin debugsqlshell # django-debug-sqlshellãã€ã³ã¹ããŒã«ãããŠããå Žå
# æ¬ èœããŠããã€ã³ããã¯ã¹ããã§ãã¯
python manage.py shell << EOF
from django.db import connection
with connection.cursor() as cursor:
cursor.execute("SELECT table_name, index_name FROM information_schema.statistics WHERE table_schema = 'public'")
print(cursor.fetchall())
EOF
ã¬ããŒã:
# npmäŸåé¢ä¿ããã§ãã¯ïŒnpmã䜿çšããŠããå ŽåïŒ
npm audit
npm audit fix
# éçãã¡ã€ã«ããã«ãïŒwebpack/viteã䜿çšããŠããå ŽåïŒ
npm run build
# éçãã¡ã€ã«ãæ€èšŒ
ls -la staticfiles/
python manage.py findstatic css/style.css
# Pythonã·ã§ã«ã§å®è¡ããŠèšå®ãæ€èšŒ
python manage.py shell << EOF
from django.conf import settings
import os
# éèŠãªãã§ãã¯
checks = {
'DEBUG is False': not settings.DEBUG,
'SECRET_KEY set': bool(settings.SECRET_KEY and len(settings.SECRET_KEY) > 30),
'ALLOWED_HOSTS set': len(settings.ALLOWED_HOSTS) > 0,
'HTTPS enabled': getattr(settings, 'SECURE_SSL_REDIRECT', False),
'HSTS enabled': getattr(settings, 'SECURE_HSTS_SECONDS', 0) > 0,
'Database configured': settings.DATABASES['default']['ENGINE'] != 'django.db.backends.sqlite3',
}
for check, result in checks.items():
status = 'â' if result else 'â'
print(f"{status} {check}")
EOF
# ãã°åºåããã¹ã
python manage.py shell << EOF
import logging
logger = logging.getLogger('django')
logger.warning('Test warning message')
logger.error('Test error message')
EOF
# ãã°ãã¡ã€ã«ããã§ãã¯ïŒèšå®ãããŠããå ŽåïŒ
tail -f /var/log/django/django.log
# ã¹ããŒããçæ
python manage.py generateschema --format openapi-json > schema.json
# ã¹ããŒããæ€èšŒ
# schema.jsonãæå¹ãªJSONããã§ãã¯
python -c "import json; json.load(open('schema.json'))"
# Swagger UIã«ã¢ã¯ã»ã¹ïŒdrf-yasgã䜿çšããŠããå ŽåïŒ
# ãã©ãŠã¶ã§ http://localhost:8000/swagger/ ã蚪å
# å·®åçµ±èšã衚瀺
git diff --stat
# å®éã®å€æŽã衚瀺
git diff
# å€æŽããããã¡ã€ã«ã衚瀺
git diff --name-only
# äžè¬çãªåé¡ããã§ãã¯
git diff | grep -i "todo\|fixme\|hack\|xxx"
git diff | grep "print(" # ãããã°ã¹ããŒãã¡ã³ã
git diff | grep "DEBUG = True" # ãããã°ã¢ãŒã
git diff | grep "import pdb" # ãããã¬ãŒ
ãã§ãã¯ãªã¹ã:
DJANGO æ€èšŒã¬ããŒã
==========================
ãã§ãŒãº1: ç°å¢ãã§ãã¯
â Python 3.11.5
â ä»®æ³ç°å¢ãã¢ã¯ãã£ã
â ãã¹ãŠã®ç°å¢å€æ°ãèšå®æžã¿
ãã§ãŒãº2: ã³ãŒãå質
â mypy: åãšã©ãŒãªã
â ruff: 3ã€ã®åé¡ãèŠã€ãããŸããïŒèªåä¿®æ£æžã¿ïŒ
â black: ãã©ãŒãããåé¡ãªã
â isort: ã€ã³ããŒããé©åã«ãœãŒãæžã¿
â manage.py check: åé¡ãªã
ãã§ãŒãº3: ãã€ã°ã¬ãŒã·ã§ã³
â æªé©çšã®ãã€ã°ã¬ãŒã·ã§ã³ãªã
â ãã€ã°ã¬ãŒã·ã§ã³ã®ç«¶åãªã
â ãã¹ãŠã®ã¢ãã«ã«ãã€ã°ã¬ãŒã·ã§ã³ãã
ãã§ãŒãº4: ãã¹ã + ã«ãã¬ããž
ãã¹ã: 247æåã0倱æã5ã¹ããã
ã«ãã¬ããž:
å
šäœ: 87%
users: 92%
products: 89%
orders: 85%
payments: 91%
ãã§ãŒãº5: ã»ãã¥ãªãã£ã¹ãã£ã³
â pip-audit: 2ã€ã®è匱æ§ãèŠã€ãããŸããïŒä¿®æ£ãå¿
èŠïŒ
â safety check: åé¡ãªã
â bandit: ã»ãã¥ãªãã£åé¡ãªã
â ã·ãŒã¯ã¬ãããæ€åºããã
â DEBUG = False
ãã§ãŒãº6: Djangoã³ãã³ã
â collectstatic å®äº
â ããŒã¿ããŒã¹æŽåæ§OK
â ãã£ãã·ã¥ããã¯ãšã³ãå°éå¯èœ
ãã§ãŒãº7: ããã©ãŒãã³ã¹
â N+1ã¯ãšãªãæ€åºããã
â ããŒã¿ããŒã¹ã€ã³ããã¯ã¹ãæ§ææžã¿
â ã¯ãšãªæ°ã蚱容ç¯å²
ãã§ãŒãº8: éçã¢ã»ãã
â npm audit: è匱æ§ãªã
â ã¢ã»ãããæ£åžžã«ãã«ã
â éçãã¡ã€ã«ãåéæžã¿
ãã§ãŒãº9: æ§æ
â DEBUG = False
â SECRET_KEY æ§ææžã¿
â ALLOWED_HOSTS èšå®æžã¿
â HTTPS æå¹
â HSTS æå¹
â ããŒã¿ããŒã¹æ§ææžã¿
ãã§ãŒãº10: ãã°
â ãã°ãæ§ææžã¿
â ãã°ãã¡ã€ã«ãæžã蟌ã¿å¯èœ
ãã§ãŒãº11: APIããã¥ã¡ã³ã
â ã¹ããŒãçææžã¿
â Swagger UIã¢ã¯ã»ã¹å¯èœ
ãã§ãŒãº12: å·®åã¬ãã¥ãŒ
å€æŽããããã¡ã€ã«: 12
+450ã-120è¡
â ãããã°ã¹ããŒãã¡ã³ããªã
â ããŒãã³ãŒããããã·ãŒã¯ã¬ãããªã
â ãã€ã°ã¬ãŒã·ã§ã³ãå«ãŸãã
æšå¥š: WARNING: ãããã€åã«pip-auditã®è匱æ§ãä¿®æ£ããŠãã ãã
次ã®ã¹ããã:
1. è匱ãªäŸåé¢ä¿ãæŽæ°
2. ã»ãã¥ãªãã£ã¹ãã£ã³ãåå®è¡
3. æçµãã¹ãã®ããã«ã¹ããŒãžã³ã°ã«ãããã€
# .github/workflows/django-verification.yml
name: Django Verification
on: [push, pull_request]
jobs:
verify:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:14
env:
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Cache pip
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
- name: Install dependencies
run: |
pip install -r requirements.txt
pip install ruff black mypy pytest pytest-django pytest-cov bandit safety pip-audit
- name: Code quality checks
run: |
ruff check .
black . --check
isort . --check-only
mypy .
- name: Security scan
run: |
bandit -r . -f json -o bandit-report.json
safety check --full-report
pip-audit
- name: Run tests
env:
DATABASE_URL: postgres://postgres:postgres@localhost:5432/test
DJANGO_SECRET_KEY: test-secret-key
run: |
pytest --cov=apps --cov-report=xml --cov-report=term-missing
- name: Upload coverage
uses: codecov/codecov-action@v3
| ãã§ã㯠| ã³ãã³ã |
|---|---|
| ç°å¢ | python --version |
| åãã§ã㯠| mypy . |
| ãªã³ãã£ã³ã° | ruff check . |
| ãã©ãŒããã | black . --check |
| ãã€ã°ã¬ãŒã·ã§ã³ | python manage.py makemigrations --check |
| ãã¹ã | pytest --cov=apps |
| ã»ãã¥ãªã㣠| pip-audit && bandit -r . |
| Djangoãã§ã㯠| python manage.py check --deploy |
| éçãã¡ã€ã«åé | python manage.py collectstatic --noinput |
| å·®åçµ±èš | git diff --stat |
èŠããŠãããŠãã ãã: èªååãããæ€èšŒã¯äžè¬çãªåé¡ãææããŸãããæåã§ã®ã³ãŒãã¬ãã¥ãŒãšã¹ããŒãžã³ã°ç°å¢ã§ã®ãã¹ãã«ä»£ãããã®ã§ã¯ãããŸããã