Merge pull request #18 from gnanarepo/fix/tenantname

add health endpoints

Author: avisofaizan

Dockerfile

@@ -3,8 +3,6 @@
 # ==========================================
 FROM python:3.10-slim AS builder
 
-ARG GITHUB_TOKEN
-
 WORKDIR /build
 
 # Install build dependencies
@@ -20,8 +18,10 @@ RUN apt-get update \
 
 COPY requirements.txt .
 
-# CRITICAL: Create .netrc to authenticate HTTPS URLs automatically
-RUN echo "machine github.com login ${GITHUB_TOKEN} password x-oauth-basic" > ~/.netrc \
+# SECURE FIX: Use a secret mount instead of ARG.
+# This mounts the token only for this command, leaving no trace in the image history.
+RUN --mount=type=secret,id=github_token \
+    echo "machine github.com login $(cat /run/secrets/github_token) password x-oauth-basic" > ~/.netrc \
     && chmod 600 ~/.netrc \
     && pip install --user --no-cache-dir -r requirements.txt \
     && rm ~/.netrc
@@ -35,9 +35,13 @@ LABEL maintainer="Engineering Team <engineering@aviso.com>" \
       version="1.0.0" \
       description="Aviso Core Django Service"
 
+# Create the user first so we can use it for permissions
+RUN adduser --disabled-password --gecos '' appuser
+
 ENV PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1 \
     AVISO_APPS=aviso_core \
+    # Update PATH so python finds the installed scripts
     PATH="/home/appuser/.local/bin:$PATH"
 
 WORKDIR /app
@@ -49,17 +53,15 @@ RUN apt-get update \
        libmemcached11 \
     && rm -rf /var/lib/apt/lists/*
 
-RUN adduser --disabled-password --gecos '' appuser
-
-COPY --from=builder /root/.local /home/appuser/.local
-
-COPY . /app
+# FIX: Copy artifacts and change ownership immediately
+# The files in builder are owned by root (/root/.local).
+# We must chown them to appuser when copying to /home/appuser/.local
+COPY --from=builder --chown=appuser:appuser /root/.local /home/appuser/.local
 
-RUN chown -R appuser:appuser /app
+COPY --chown=appuser:appuser . /app
 
 USER appuser
 
 EXPOSE 8000
 
-# Ensure Gunicorn is installed in requirements.txt!
 CMD ["gunicorn", "aviso_core.wsgi:application", "--bind", "0.0.0.0:8000", "--workers", "3"]

docker-compose.yml

@@ -1,11 +1,33 @@
-version: '3.8'
-
+version: "3.8"
 services:
   web:
     image: aviso-core
+    container_name: aviso-core
     env_file:
       - .env
     ports:
       - "8000:8000"
-    # Overrides the CMD in Dockerfile if you want hot-reloading for dev
-    command: gunicorn aviso_core.wsgi:application --bind 0.0.0.0:8000 --reload
+    command: gunicorn aviso_core.wsgi:application --bind 0.0.0.0:8000 --reload
+    healthcheck:
+      # Ensure 'curl' is installed in your Docker image!
+      test: ["CMD", "curl", "-f", "http://localhost:8000/gbm/health/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    deploy:
+      resources:
+        reservations: # Changed from 'requests'
+          cpus: "1"      # Minimum reserved
+          memory: 2G     # Minimum reserved
+        limits:
+          cpus: "2"      # Hard cap
+          memory: 4G     # Hard cap
+    # Restart policy
+    restart: unless-stopped
+    # Logging configuration
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"

gbm_apis/api/health.py

@@ -0,0 +1,48 @@
+import logging
+from django.http import JsonResponse
+from django.views import View
+from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import csrf_exempt
+from django.db import connection
+from django.conf import settings
+
+logger = logging.getLogger(f'gnana.{__name__}')
+
+
+@method_decorator(csrf_exempt, name='dispatch')
+class HealthCheckView(View):
+    def get(self, request):
+        """
+        Health check endpoint that verifies basic application health
+        Returns 200 if healthy, 503 if unhealthy
+        """
+        try:
+            health_status = {
+                "status": "healthy",
+                "service": "aviso-core",
+                "version": getattr(settings, 'APP_VERSION', '1.0.0'),
+                "checks": {}
+            }
+
+            try:
+                with connection.cursor() as cursor:
+                    cursor.execute("SELECT 1")
+                health_status["checks"]["database"] = "ok"
+            except Exception as db_error:
+                logger.warning(f"Database health check failed: {str(db_error)}")
+                health_status["checks"]["database"] = "failed"
+                health_status["status"] = "degraded"
+
+            logger.info("Health check passed")
+            status_code = 200 if health_status["status"] == "healthy" else 503
+
+            return JsonResponse(health_status, status=status_code)
+
+        except Exception as e:
+            logger.error(f"Health check endpoint error: {str(e)}", exc_info=True)
+            error_response = {
+                "status": "unhealthy",
+                "service": "aviso-core",
+                "error": str(e)
+            }
+            return JsonResponse(error_response, status=503)

gbm_apis/urls.py

@@ -1,13 +1,14 @@
-
 from django.urls import path
 from gbm_apis.api.drilldown_fields_v2 import DrilldownFieldsV2
 from gbm_apis.api.data_load import DataLoadAPIView
 from gbm_apis.api.deals_results import DealsResultsAPIView
+from gbm_apis.api.health import HealthCheckView
 
 app_name = 'gbm_apis'
 
 urlpatterns = [
     path('v2/drilldown_fields/', DrilldownFieldsV2.as_view(), name='drilldown_fields_v2'),
     path('basic_results/', DataLoadAPIView.as_view(), name='basic_results'),
     path('deals_results/', DealsResultsAPIView.as_view(), name='deals_results'),
-]
+    path('health/', HealthCheckView.as_view(), name='health'),
+]