Deploy (#2)

* add heroku deployment

* fix python version

* fix python version

* fix python version

* fix python version

* fix python version

* fix python version

* store certs in heroku

* fix release command

* fix release command

* fix release command

* fix release command

* cleanup

* deploy

* python version

.github/workflows/deploy.yaml

@@ -0,0 +1,21 @@
+on:
+  release:
+    types: [created]
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cloning repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Push to dokku
+        uses: dokku/github-action@master
+        env:
+          APP_NAME: kafka-python-example
+          HOST: ovz2.feofanov.mydem.vps.myjino.ru
+          PORT: 49279
+        with:
+          git_remote_url: 'ssh://dokku@$HOST:$PORT/$APP_NAME'
+          ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}

.github/workflows/config.yaml → .github/workflows/validate.yaml

@@ -6,24 +6,20 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [ 3.8 ]
+        python-version: [ 3.8.8 ]
 
-    # Service containers to run with `runner-job`
     services:
-      # Label used to access the service container
       postgres:
         image: postgres:13
         env:
           POSTGRES_DB: test
           POSTGRES_PASSWORD: postgres
-        # Set health checks to wait until postgres has started
         options: >-
           --health-cmd pg_isready
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
         ports:
-          # Maps tcp port 5432 on service container to the host
           - 5432:5432
 
     steps:

.prospector.yaml

@@ -5,3 +5,4 @@ pylint:
     - unused-argument
     - too-few-public-methods
     - too-many-arguments
+    - not-a-mapping

Procfile

@@ -0,0 +1,2 @@
+web: uvicorn main:app --host=0.0.0.0 --port=${PORT:-5000}
+receiver: python receiver.py

config.py

@@ -12,13 +12,12 @@
 
 
 class AuthEnum(str, Enum):
-    off = 'off'
-    ssl = 'ssl'
-    basic = 'basic'
+    OFF = 'OFF'
+    SSL = 'SSL'
+    SASL = 'SASL_SSL'
 
 
 class Settings(BaseSettings):
-    root_dir: str = PROJECT_DIR
     database_url: PostgresDsn
     kafka_url: str = None
     kafka_topic: str = None
@@ -27,35 +26,54 @@ class Settings(BaseSettings):
     kafka_auth_ca: str = None
     kafka_auth_cert: str = None
     kafka_auth_pkey: str = None
+    kafka_auth_username: str = None
+    kafka_auth_password: str = None
     kafka: Dict = None
 
     class Config:
         env_file = ".env"
 
-    @validator('kafka_url', 'kafka_topic', 'kafka_consumer_group', pre=True)
     @classmethod
+    @validator('kafka_url', 'kafka_topic', 'kafka_consumer_group', pre=True)
     def pass_in_test_env(cls, value, values, field):
         if os.environ.get('ENVIRONMENT') != 'test' and value is None:
             raise ValueError(f'Config var {field.name} is required')
         return value
 
 
-@lru_cache
-def get_settings():
-    settings = Settings()
-
-    settings.kafka = dict(bootstrap_servers=settings.kafka_url)
-
-    # TODO: add password auth
-    if settings.kafka_auth == 'ssl' and all([settings.kafka_auth_ca,
-                                             settings.kafka_auth_cert,
-                                             settings.kafka_auth_pkey]):
-        settings.kafka['security_protocol'] = 'SSL'
-        settings.kafka['ssl_cafile'] = os.path.join(
-            settings.root_dir, settings.kafka_auth_ca)
-        settings.kafka['ssl_certfile'] = os.path.join(
-            settings.root_dir, settings.kafka_auth_cert)
-        settings.kafka['ssl_keyfile'] = os.path.join(
-            settings.root_dir, settings.kafka_auth_pkey)
+def set_kafka_auth(settings: Settings) -> Settings:
+    settings.kafka = dict(
+        bootstrap_servers=settings.kafka_url,
+    )
+
+    if settings.kafka_auth == AuthEnum.SASL and all([
+            settings.kafka_auth_username,
+            settings.kafka_auth_password]):
+
+        settings.kafka.update({
+            'security_protocol': AuthEnum.SASL,
+            'sasl_mechanism': 'PLAIN',
+            'sasl_plain_username': settings.kafka_auth_username,
+            'sasl_plain_password': settings.kafka_auth_password,
+            # 'ssl_cafile': os.path.join(PROJECT_DIR, settings.kafka_auth_ca)
+        })
+
+    elif settings.kafka_auth == AuthEnum.SSL and all([
+            settings.kafka_auth_ca,
+            settings.kafka_auth_cert,
+            settings.kafka_auth_pkey]):
+
+        settings.kafka.update({
+            'security_protocol': AuthEnum.SSL,
+            'ssl_certfile': os.path.join(PROJECT_DIR,
+                                         settings.kafka_auth_cert),
+            'ssl_keyfile': os.path.join(PROJECT_DIR, settings.kafka_auth_pkey),
+            'ssl_cafile': os.path.join(PROJECT_DIR, settings.kafka_auth_ca)
+        })
 
     return settings
+
+
+@lru_cache
+def get_settings() -> Settings:
+    return set_kafka_auth(Settings())

main.py

@@ -19,7 +19,7 @@
 
 
 # Dependencies
-@lru_cache
+# One session per request
 def get_db():
     session = SessionLocal()
     try:
@@ -28,16 +28,19 @@ def get_db():
         session.close()
 
 
+# One Kafka producer for all requests
 @lru_cache
 def get_kafka():
     producer = KafkaProducer(
         value_serializer=msgpack.packb,
         **settings.kafka
     )
-    try:
-        yield producer
-    finally:
-        producer.close()
+    return producer
+
+
+@app.on_event("shutdown")
+def shutdown_event(producer: KafkaProducer = Depends(get_kafka)):
+    producer.close()
 
 
 @app.post("/messages/")