Django项目的验证循环:迁移、代码检查、带覆盖率的测试、安全扫描,以及在发布或PR前的部署就绪检查。
在发起 PR 之前、进行重大更改之后以及部署之前运行,以确保 Django 应用程序的质量和安全性。
# Verify Python version
python --version # Should match project requirements
# Check virtual environment
which python
pip list --outdated
# Verify environment variables
python -c "import os; import environ; print('DJANGO_SECRET_KEY set' if os.environ.get('DJANGO_SECRET_KEY') else 'MISSING: DJANGO_SECRET_KEY')"
如果环境配置错误,请停止并修复。
# Type checking
mypy . --config-file pyproject.toml
# Linting with ruff
ruff check . --fix
# Formatting with black
black . --check
black . # Auto-fix
# Import sorting
isort . --check-only
isort . # Auto-fix
# Django-specific checks
python manage.py check --deploy
常见问题:
# Check for unapplied migrations
python manage.py showmigrations
# Create missing migrations
python manage.py makemigrations --check
# Dry-run migration application
python manage.py migrate --plan
# Apply migrations (test environment)
python manage.py migrate
# Check for migration conflicts
python manage.py makemigrations --merge # Only if conflicts exist
报告:
# Run all tests with pytest
pytest --cov=apps --cov-report=html --cov-report=term-missing --reuse-db
# Run specific app tests
pytest apps/users/tests/
# Run with markers
pytest -m "not slow" # Skip slow tests
pytest -m integration # Only integration tests
# Coverage report
open htmlcov/index.html
报告:
覆盖率目标:
| 组件 | 目标 |
|---|---|
| 模型 | 90%+ |
| 序列化器 | 85%+ |
| 视图 | 80%+ |
| 服务 | 90%+ |
| 总体 | 80%+ |
# Dependency vulnerabilities
pip-audit
safety check --full-report
# Django security checks
python manage.py check --deploy
# Bandit security linter
bandit -r . -f json -o bandit-report.json
# Secret scanning (if gitleaks is installed)
gitleaks detect --source . --verbose
# Environment variable check
python -c "from django.core.exceptions import ImproperlyConfigured; from django.conf import settings; settings.DEBUG"
报告:
# Check for model issues
python manage.py check
# Collect static files
python manage.py collectstatic --noinput --clear
# Create superuser (if needed for tests)
echo "from apps.users.models import User; User.objects.create_superuser('[email protected]', 'admin')" | python manage.py shell
# Database integrity
python manage.py check --database default
# Cache verification (if using Redis)
python -c "from django.core.cache import cache; cache.set('test', 'value', 10); print(cache.get('test'))"
# Django Debug Toolbar output (check for N+1 queries)
# Run in dev mode with DEBUG=True and access a page
# Look for duplicate queries in SQL panel
# Query count analysis
django-admin debugsqlshell # If django-debug-sqlshell installed
# Check for missing indexes
python manage.py shell << EOF
from django.db import connection
with connection.cursor() as cursor:
cursor.execute("SELECT table_name, index_name FROM information_schema.statistics WHERE table_schema = 'public'")
print(cursor.fetchall())
EOF
报告:
# Check for npm dependencies (if using npm)
npm audit
npm audit fix
# Build static files (if using webpack/vite)
npm run build
# Verify static files
ls -la staticfiles/
python manage.py findstatic css/style.css
# Run in Python shell to verify settings
python manage.py shell << EOF
from django.conf import settings
import os
# Critical checks
checks = {
'DEBUG is False': not settings.DEBUG,
'SECRET_KEY set': bool(settings.SECRET_KEY and len(settings.SECRET_KEY) > 30),
'ALLOWED_HOSTS set': len(settings.ALLOWED_HOSTS) > 0,
'HTTPS enabled': getattr(settings, 'SECURE_SSL_REDIRECT', False),
'HSTS enabled': getattr(settings, 'SECURE_HSTS_SECONDS', 0) > 0,
'Database configured': settings.DATABASES['default']['ENGINE'] != 'django.db.backends.sqlite3',
}
for check, result in checks.items():
status = '✓' if result else '✗'
print(f"{status} {check}")
EOF
# Test logging output
python manage.py shell << EOF
import logging
logger = logging.getLogger('django')
logger.warning('Test warning message')
logger.error('Test error message')
EOF
# Check log files (if configured)
tail -f /var/log/django/django.log
# Generate schema
python manage.py generateschema --format openapi-json > schema.json
# Validate schema
# Check if schema.json is valid JSON
python -c "import json; json.load(open('schema.json'))"
# Access Swagger UI (if using drf-yasg)
# Visit http://localhost:8000/swagger/ in browser
# Show diff statistics
git diff --stat
# Show actual changes
git diff
# Show changed files
git diff --name-only
# Check for common issues
git diff | grep -i "todo\|fixme\|hack\|xxx"
git diff | grep "print(" # Debug statements
git diff | grep "DEBUG = True" # Debug mode
git diff | grep "import pdb" # Debugger
检查清单:
DJANGO 验证报告
==========================
阶段 1:环境检查
✓ Python 3.11.5
✓ 虚拟环境已激活
✓ 所有环境变量已设置
阶段 2:代码质量
✓ mypy: 无类型错误
✗ ruff: 发现 3 个问题(已自动修复)
✓ black: 无格式问题
✓ isort: 导入已正确排序
✓ manage.py check: 无问题
阶段 3:数据库迁移
✓ 无未应用的迁移
✓ 无迁移冲突
✓ 所有模型均有对应的迁移文件
阶段 4:测试与覆盖率
测试:247 通过,0 失败,5 跳过
覆盖率:
总计:87%
users: 92%
products: 89%
orders: 85%
payments: 91%
阶段 5:安全扫描
✗ pip-audit: 发现 2 个漏洞(需要修复)
✓ safety check: 无问题
✓ bandit: 无安全问题
✓ 未检测到密钥泄露
✓ DEBUG = False
阶段 6:Django 命令
✓ collectstatic 完成
✓ 数据库完整性正常
✓ 缓存后端可访问
阶段 7:性能
✓ 未检测到 N+1 查询
✓ 数据库索引已配置
✓ 查询数量可接受
阶段 8:静态资源
✓ npm audit: 无漏洞
✓ 资源构建成功
✓ 静态文件已收集
阶段 9:配置
✓ DEBUG = False
✓ SECRET_KEY 已配置
✓ ALLOWED_HOSTS 已设置
✓ HTTPS 已启用
✓ HSTS 已启用
✓ 数据库已配置
阶段 10:日志
✓ 日志配置完成
✓ 日志文件可写入
阶段 11:API 文档
✓ 架构已生成
✓ Swagger UI 可访问
阶段 12:差异审查
文件变更:12
行数变化:+450, -120
✓ 无调试语句
✓ 无硬编码密钥
✓ 包含迁移文件
建议:WARNING: 部署前修复 pip-audit 发现的漏洞
后续步骤:
1. 更新存在漏洞的依赖项
2. 重新运行安全扫描
3. 部署到预发布环境进行最终测试
# .github/workflows/django-verification.yml