Django Verification

1---2name: django-verification3description: "Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR."4origin: ECC5---6 7# Django Verification Loop8 9Run before PRs, after major changes, and pre-deploy to ensure Django application quality and security.10 11## When to Activate12 13- Before opening a pull request for a Django project14- After major model changes, migration updates, or dependency upgrades15- Pre-deployment verification for staging or production16- Running full environment → lint → test → security → deploy readiness pipeline17- Validating migration safety and test coverage18 19## Phase 1: Environment Check20 21```bash22# Verify Python version23python --version  # Should match project requirements24 25# Check virtual environment26which python27pip list --outdated28 29# Verify environment variables30python -c "import os; import environ; print('DJANGO_SECRET_KEY set' if os.environ.get('DJANGO_SECRET_KEY') else 'MISSING: DJANGO_SECRET_KEY')"31```32 33If environment is misconfigured, stop and fix.34 35## Phase 2: Code Quality & Formatting36 37```bash38# Type checking39mypy . --config-file pyproject.toml40 41# Linting with ruff42ruff check . --fix43 44# Formatting with black45black . --check46black .  # Auto-fix47 48# Import sorting49isort . --check-only50isort .  # Auto-fix51 52# Django-specific checks53python manage.py check --deploy54```55 56Common issues:57- Missing type hints on public functions58- PEP 8 formatting violations59- Unsorted imports60- Debug settings left in production configuration61 62## Phase 3: Migrations63 64```bash65# Check for unapplied migrations66python manage.py showmigrations67 68# Create missing migrations69python manage.py makemigrations --check70 71# Dry-run migration application72python manage.py migrate --plan73 74# Apply migrations (test environment)75python manage.py migrate76 77# Check for migration conflicts78python manage.py makemigrations --merge  # Only if conflicts exist79```80 81Report:82- Number of pending migrations83- Any migration conflicts84- Model changes without migrations85 86## Phase 4: Tests + Coverage87 88```bash89# Run all tests with pytest90pytest --cov=apps --cov-report=html --cov-report=term-missing --reuse-db91 92# Run specific app tests93pytest apps/users/tests/94 95# Run with markers96pytest -m "not slow"  # Skip slow tests97pytest -m integration  # Only integration tests98 99# Coverage report100open htmlcov/index.html101```102 103Report:104- Total tests: X passed, Y failed, Z skipped105- Overall coverage: XX%106- Per-app coverage breakdown107 108Coverage targets:109 110| Component | Target |111|-----------|--------|112| Models | 90%+ |113| Serializers | 85%+ |114| Views | 80%+ |115| Services | 90%+ |116| Overall | 80%+ |117 118## Phase 5: Security Scan119 120```bash121# Dependency vulnerabilities122pip-audit123safety check --full-report124 125# Django security checks126python manage.py check --deploy127 128# Bandit security linter129bandit -r . -f json -o bandit-report.json130 131# Secret scanning (if gitleaks is installed)132gitleaks detect --source . --verbose133 134# Environment variable check135python -c "from django.core.exceptions import ImproperlyConfigured; from django.conf import settings; settings.DEBUG"136```137 138Report:139- Vulnerable dependencies found140- Security configuration issues141- Hardcoded secrets detected142- DEBUG mode status (should be False in production)143 144## Phase 6: Django Management Commands145 146```bash147# Check for model issues148python manage.py check149 150# Collect static files151python manage.py collectstatic --noinput --clear152 153# Create superuser (if needed for tests)154echo "from apps.users.models import User; User.objects.create_superuser('admin@example.com', 'admin')" | python manage.py shell155 156# Database integrity157python manage.py check --database default158 159# Cache verification (if using Redis)160python -c "from django.core.cache import cache; cache.set('test', 'value', 10); print(cache.get('test'))"161```162 163## Phase 7: Performance Checks164 165```bash166# Django Debug Toolbar output (check for N+1 queries)167# Run in dev mode with DEBUG=True and access a page168# Look for duplicate queries in SQL panel169 170# Query count analysis171django-admin debugsqlshell  # If django-debug-sqlshell installed172 173# Check for missing indexes174python manage.py shell << EOF175from django.db import connection176with connection.cursor() as cursor:177    cursor.execute("SELECT table_name, index_name FROM information_schema.statistics WHERE table_schema = 'public'")178    print(cursor.fetchall())179EOF180```181 182Report:183- Number of queries per page (should be < 50 for typical pages)184- Missing database indexes185- Duplicate queries detected186 187## Phase 8: Static Assets188 189```bash190# Check for npm dependencies (if using npm)191npm audit192npm audit fix193 194# Build static files (if using webpack/vite)195npm run build196 197# Verify static files198ls -la staticfiles/199python manage.py findstatic css/style.css200```201 202## Phase 9: Configuration Review203 204```python205# Run in Python shell to verify settings206python manage.py shell << EOF207from django.conf import settings208import os209 210# Critical checks211checks = {212    'DEBUG is False': not settings.DEBUG,213    'SECRET_KEY set': bool(settings.SECRET_KEY and len(settings.SECRET_KEY) > 30),214    'ALLOWED_HOSTS set': len(settings.ALLOWED_HOSTS) > 0,215    'HTTPS enabled': getattr(settings, 'SECURE_SSL_REDIRECT', False),216    'HSTS enabled': getattr(settings, 'SECURE_HSTS_SECONDS', 0) > 0,217    'Database configured': settings.DATABASES['default']['ENGINE'] != 'django.db.backends.sqlite3',218}219 220for check, result in checks.items():221    status = '✓' if result else '✗'222    print(f"{status} {check}")223EOF224```225 226## Phase 10: Logging Configuration227 228```bash229# Test logging output230python manage.py shell << EOF231import logging232logger = logging.getLogger('django')233logger.warning('Test warning message')234logger.error('Test error message')235EOF236 237# Check log files (if configured)238tail -f /var/log/django/django.log239```240 241## Phase 11: API Documentation (if DRF)242 243```bash244# Generate schema245python manage.py generateschema --format openapi-json > schema.json246 247# Validate schema248# Check if schema.json is valid JSON249python -c "import json; json.load(open('schema.json'))"250 251# Access Swagger UI (if using drf-yasg)252# Visit http://localhost:8000/swagger/ in browser253```254 255## Phase 12: Diff Review256 257```bash258# Show diff statistics259git diff --stat260 261# Show actual changes262git diff263 264# Show changed files265git diff --name-only266 267# Check for common issues268git diff | grep -i "todo\|fixme\|hack\|xxx"269git diff | grep "print("  # Debug statements270git diff | grep "DEBUG = True"  # Debug mode271git diff | grep "import pdb"  # Debugger272```273 274Checklist:275- No debugging statements (print, pdb, breakpoint())276- No TODO/FIXME comments in critical code277- No hardcoded secrets or credentials278- Database migrations included for model changes279- Configuration changes documented280- Error handling present for external calls281- Transaction management where needed282 283## Output Template284 285```286DJANGO VERIFICATION REPORT287==========================288 289Phase 1: Environment Check290  ✓ Python 3.11.5291  ✓ Virtual environment active292  ✓ All environment variables set293 294Phase 2: Code Quality295  ✓ mypy: No type errors296  ✗ ruff: 3 issues found (auto-fixed)297  ✓ black: No formatting issues298  ✓ isort: Imports properly sorted299  ✓ manage.py check: No issues300 301Phase 3: Migrations302  ✓ No unapplied migrations303  ✓ No migration conflicts304  ✓ All models have migrations305 306Phase 4: Tests + Coverage307  Tests: 247 passed, 0 failed, 5 skipped308  Coverage:309    Overall: 87%310    users: 92%311    products: 89%312    orders: 85%313    payments: 91%314 315Phase 5: Security Scan316  ✗ pip-audit: 2 vulnerabilities found (fix required)317  ✓ safety check: No issues318  ✓ bandit: No security issues319  ✓ No secrets detected320  ✓ DEBUG = False321 322Phase 6: Django Commands323  ✓ collectstatic completed324  ✓ Database integrity OK325  ✓ Cache backend reachable326 327Phase 7: Performance328  ✓ No N+1 queries detected329  ✓ Database indexes configured330  ✓ Query count acceptable331 332Phase 8: Static Assets333  ✓ npm audit: No vulnerabilities334  ✓ Assets built successfully335  ✓ Static files collected336 337Phase 9: Configuration338  ✓ DEBUG = False339  ✓ SECRET_KEY configured340  ✓ ALLOWED_HOSTS set341  ✓ HTTPS enabled342  ✓ HSTS enabled343  ✓ Database configured344 345Phase 10: Logging346  ✓ Logging configured347  ✓ Log files writable348 349Phase 11: API Documentation350  ✓ Schema generated351  ✓ Swagger UI accessible352 353Phase 12: Diff Review354  Files changed: 12355  +450, -120 lines356  ✓ No debug statements357  ✓ No hardcoded secrets358  ✓ Migrations included359 360RECOMMENDATION: WARNING: Fix pip-audit vulnerabilities before deploying361 362NEXT STEPS:3631. Update vulnerable dependencies3642. Re-run security scan3653. Deploy to staging for final testing366```367 368## Pre-Deployment Checklist369 370- [ ] All tests passing371- [ ] Coverage ≥ 80%372- [ ] No security vulnerabilities373- [ ] No unapplied migrations374- [ ] DEBUG = False in production settings375- [ ] SECRET_KEY properly configured376- [ ] ALLOWED_HOSTS set correctly377- [ ] Database backups enabled378- [ ] Static files collected and served379- [ ] Logging configured and working380- [ ] Error monitoring (Sentry, etc.) configured381- [ ] CDN configured (if applicable)382- [ ] Redis/cache backend configured383- [ ] Celery workers running (if applicable)384- [ ] HTTPS/SSL configured385- [ ] Environment variables documented386 387## Continuous Integration388 389### GitHub Actions Example390 391```yaml392# .github/workflows/django-verification.yml393name: Django Verification394 395on: [push, pull_request]396 397jobs:398  verify:399    runs-on: ubuntu-latest400    services:401      postgres:402        image: postgres:14403        env:404          POSTGRES_PASSWORD: postgres405        options: >-406          --health-cmd pg_isready407          --health-interval 10s408          --health-timeout 5s409          --health-retries 5410 411    steps:412      - uses: actions/checkout@v3413 414      - name: Set up Python415        uses: actions/setup-python@v4416        with:417          python-version: '3.11'418 419      - name: Cache pip420        uses: actions/cache@v3421        with:422          path: ~/.cache/pip423          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}424 425      - name: Install dependencies426        run: |427          pip install -r requirements.txt428          pip install ruff black mypy pytest pytest-django pytest-cov bandit safety pip-audit429 430      - name: Code quality checks431        run: |432          ruff check .433          black . --check434          isort . --check-only435          mypy .436 437      - name: Security scan438        run: |439          bandit -r . -f json -o bandit-report.json440          safety check --full-report441          pip-audit442 443      - name: Run tests444        env:445          DATABASE_URL: postgres://postgres:postgres@localhost:5432/test446          DJANGO_SECRET_KEY: test-secret-key447        run: |448          pytest --cov=apps --cov-report=xml --cov-report=term-missing449 450      - name: Upload coverage451        uses: codecov/codecov-action@v3452```453 454## Quick Reference455 456| Check | Command |457|-------|---------|458| Environment | `python --version` |459| Type checking | `mypy .` |460| Linting | `ruff check .` |461| Formatting | `black . --check` |462| Migrations | `python manage.py makemigrations --check` |463| Tests | `pytest --cov=apps` |464| Security | `pip-audit && bandit -r .` |465| Django check | `python manage.py check --deploy` |466| Collectstatic | `python manage.py collectstatic --noinput` |467| Diff stats | `git diff --stat` |468 469Remember: Automated verification catches common issues but doesn't replace manual code review and testing in staging environment.