Website-backend: Updated docker file and requirements file

[OchiengPaul442]

Description

• Fix for deployment issue

Endpoints Ready for Testing

• New endpoints ready for testing:
  • Endpoint 1
  • Endpoint 2
  • Other...

API Documentation Updated?

• Yes, API documentation was updated
• No, API documentation does not need updating

Additional Notes

[Add any additional notes or comments here]

Summary by CodeRabbit

• New Features

  • Updated the base image for the application environment to enhance compatibility.

• Bug Fixes

  • Downgraded the Django package to improve stability and compatibility with existing dependencies.
  • Removed the django-rest-swagger package to streamline dependency management.

[coderabbitai]

Warning

Rate limit exceeded

@OchiengPaul442 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 17 minutes and 38 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between ff08288 and 2c0579f.

📒 Files selected for processing (2)

• src/website/Dockerfile (1 hunks)
• src/website/requirements.txt (4 hunks)

📝 Walkthrough

📝 Walkthrough

📝 Walkthrough

Walkthrough

The pull request includes changes to the Dockerfile and requirements.txt files. The base image in the Dockerfile has been updated from Python 3.11-slim to Python 3.9-slim. In the requirements.txt, the Django package version has been downgraded from 5.1.4 to 4.2.8, and the django-rest-swagger package has been removed. These modifications affect the application’s runtime environment and dependency management.

Changes

File	Change Summary
src/website/Dockerfile	Base image updated from python:3.11-slim to python:3.9-slim.
src/website/requirements.txt	Downgraded Django from 5.1.4 to 4.2.8; removed django-rest-swagger.

Possibly related PRs

• website-backend: admin portal fix  #3904: The changes in the requirements.txt file in the main PR, specifically the downgrade of the Django package, may relate to the modifications in the admin portal's templates in this PR, as both involve adjustments to the website's backend dependencies and configurations.
• website-backend: update static files url #3906: The update to the STATIC_URL in src/website/core/settings.py in this PR is relevant as it may impact how static files are served, which could be affected by the changes in the Dockerfile and requirements in the main PR.
• website-backend: Authenticaton added for staff and non AirQo members (API docs) #3908: Similar to website-backend: update static files url #3906, this PR also modifies the STATIC_URL in src/website/core/settings.py, which is directly related to the environment setup and dependency management changes in the main PR.

Suggested labels

ready for review

Suggested reviewers

• Baalmart

🎉 In a Dockerfile, a change was made,
From Python 3.11, to 3.9 it swayed.
Django's version took a step back,
Removing swagger, keeping on track.
Dependencies shift, but all will be fine,
In this code journey, we continue to shine! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 11.73%. Comparing base (be69e9b) to head (bd13049).

Additional details and impacted files

@@           Coverage Diff            @@
##           staging    #4024   +/-   ##
========================================
  Coverage    11.73%   11.73%           
========================================
  Files          114      114           
  Lines        15331    15331           
  Branches       319      319           
========================================
  Hits          1799     1799           
  Misses       13532    13532           

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)

src/website/Dockerfile (1)

1-2: Document version constraints and dependencies

To improve maintainability, consider adding a comment explaining why Python 3.9 is required:

-# Use Python 3.9-slim as the base image
+# Using Python 3.9-slim to maintain compatibility with Django 4.2.8 LTS
+# Note: This version was chosen to address deployment issues while ensuring stability

src/website/requirements.txt (1)

Critical: Update Django to 4.2.17 to address SQL injection vulnerability

Security audit results for critical dependencies:

• Django 4.2.8: Affected by high-severity SQL injection vulnerability (CVE disclosed Dec 2024)
• djangorestframework 3.15.2: No known critical/high vulnerabilities
• requests 2.32.3: Not affected by any current critical/high vulnerabilities

Required action:

• Update Django version from 4.2.8 to 4.2.17 in requirements.txt to patch the SQL injection vulnerability

🔗 Analysis chain

Line range hint 1-99: Verify security advisories for critical dependencies

Let's ensure the specified versions are free from known vulnerabilities, particularly for critical packages:

• Django 4.2.8
• djangorestframework 3.15.2
• requests 2.32.3

---

Critical: Update Django version to 4.2.17 to address SQL injection vulnerability

The current Django version (4.2.8) is affected by a high-severity SQL injection vulnerability in HasKey(lhs, rhs) on Oracle, disclosed on December 6, 2024. The vulnerability affects versions >= 4.2.0, < 4.2.17.

• Update Django from 4.2.8 to 4.2.17 in requirements.txt
• No critical vulnerabilities found in djangorestframework 3.15.2

Let's verify the requests package before concluding:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for security advisories for critical dependencies

echo "Checking Django security advisories..."
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: PIP, package: "django", severities: [CRITICAL, HIGH]) {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}
'

echo "Checking DRF security advisories..."
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: PIP, package: "djangorestframework", severities: [CRITICAL, HIGH]) {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
    }
  }
}
'

Length of output: 1966

---

Script:

#!/bin/bash
# Check requests security advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: PIP, package: "requests", severities: [CRITICAL, HIGH]) {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}
'

Length of output: 585

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between be69e9b and ff08288.

📒 Files selected for processing (2)

• src/website/Dockerfile (1 hunks)
• src/website/requirements.txt (1 hunks)

🔇 Additional comments (3)

src/website/Dockerfile (1)

1-2: Consider Python version lifecycle and security implications

Python 3.9 is approaching its end of life (October 2025). While the downgrade aligns with Django 4.2.8's requirements, please note:

1. Performance improvements available in Python 3.11 will be missed
2. Security updates for 3.9 will become less frequent

Consider documenting the version constraint reasoning in the Dockerfile comments.

Let's verify the latest security patches for Python 3.9-slim:

✅ Verification successful

Let me analyze the Django version constraints and any documented Python version requirements to provide a comprehensive verification of the review comment's concerns about Python 3.9 usage.

---

Based on the gathered information, I can now provide a comprehensive verification of the review comment's concerns about Python 3.9 usage.

Python version choice is well-aligned with current requirements

The codebase shows Django 4.2.8 is being used, which officially supports Python 3.9. Additionally:

1. The latest Python 3.9-slim image (3.9.21) is being actively maintained with security updates
2. The project has multiple dependencies that are compatible with Python 3.9
3. The October 2025 EOL provides sufficient runway for future migration planning

The version constraint is documented indirectly through the requirements files showing compatible package versions.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check latest Python 3.9 slim image tags and CVE information

# Get latest Python 3.9 slim tags
curl -s https://registry.hub.docker.com/v2/repositories/library/python/tags?page_size=100 | \
  jq -r '.results[] | select(.name | contains("3.9") and contains("slim")) | .name'

# Check for any security advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: DOCKER, package: "python") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 1049

---

Script:

#!/bin/bash
# Let's check for Django version constraints and Python requirements

# Search for Django version specification in requirements files
fd requirements.txt --exec cat {} \; 

# Search for any Python version constraints in the codebase
rg -i "python_version|python_requires|python.*=|python.*>|python.*<" --type yaml --type txt --type toml

# Check for any documentation about Python version choice
fd "README|CONTRIBUTING" --exec cat {} \;

Length of output: 66785

src/website/requirements.txt (2)

Line range hint 1-99: Verify package compatibility matrix

The requirements file includes several packages that need to work together. Let's verify the compatibility of key components:

1. Django 4.2.8 with Python 3.9
2. djangorestframework 3.15.2 with Django 4.2.8
3. drf-yasg 1.21.8 with Django 4.2.8

✅ Verification successful

Package compatibility verification completed successfully

Based on the comprehensive analysis of the codebase and requirements:

1. Python 3.9 is confirmed as the primary runtime (from Dockerfile)
2. Django 4.2.8 is actively used with DRF 3.15.2 as evidenced by the extensive REST framework integration across multiple apps
3. drf-yasg 1.21.8 is properly configured in settings.py and urls.py with standard OpenAPI setup

The package versions in requirements.txt are compatible with each other and the codebase shows active usage of these frameworks with proper integration patterns. No compatibility issues were detected.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any Django apps using incompatible features
echo "Checking Django apps structure..."
fd -e py -x grep -l "from django import" {} \; | while read -r file; do
    echo "Analyzing $file for potential incompatibilities..."
    rg "apps\.AppConfig|apps\.registry|apps\.get_model" "$file" || true
done

# Look for potential middleware issues
echo "Checking middleware configurations..."
fd "settings.py" -x grep -A 5 "MIDDLEWARE" {} \;

Length of output: 817

---

Script:

#!/bin/bash
# Check Python version requirement in the project
echo "Checking Python version specifications..."
fd "runtime.txt|Dockerfile|.python-version" -x cat {} \; || true

# Check Django REST Framework usage patterns
echo "Checking DRF patterns..."
rg "rest_framework" -A 3 || true

# Check drf-yasg integration
echo "Checking Swagger/OpenAPI setup..."
rg "drf_yasg" -A 3 || true

# Check installed apps configuration
echo "Checking Django INSTALLED_APPS..."
fd "settings.py" -x grep -A 10 "INSTALLED_APPS" {} \;

Length of output: 30767

---

14-14: Verify compatibility with Django 4.2.8 downgrade

The downgrade from Django 5.1.4 to 4.2.8 is significant. While 4.2.8 is an LTS release (supported until April 2026), this change requires careful consideration:

1. Ensure all your Django apps are compatible with 4.2.8
2. Review any deprecated features you might be using from Django 5.x
3. Verify that this version works well with Python 3.9 (from Dockerfile change)

✅ Verification successful

Let me gather more information about Django version compatibility and potential issues.

---

Django 4.2.8 downgrade appears safe to proceed

Based on the codebase analysis:

• No Django 5.x specific features detected in views or models
• Simple model structures with basic Meta classes
• Standard DRF usage without version-specific features
• Basic template usage without advanced rendering features

The downgrade to Django 4.2.8 (LTS) appears compatible with your current codebase implementation and Python 3.9. The removal of django-rest-swagger is already compensated by drf-yasg.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for potential compatibility issues in Django views and models
echo "Checking for Django 5.x specific features..."
rg -l "class\s+.*View.*:" | while read -r file; do
  echo "Checking $file for potential Django 5.x features"
  rg "using\s*=|class_getitem|decorator\s*=|manager\s*=" "$file" || true
done

# Check for Django version compatibility with other packages
echo "Checking Django version compatibility with key packages..."
curl -s "https://pypi.org/pypi/djangorestframework/json" | jq -r '.info.requires_dist[] | select(contains("Django"))'

Length of output: 5447

---

Script:

#!/bin/bash
# Check for Django-specific model features and database operations
echo "Checking for Django model features..."
rg -l "class\s+.*\(models\.Model\)" | while read -r file; do
  echo "Checking models in $file"
  rg "class Meta:|unique_together|index_together|constraints =|indexes =" "$file" || true
done

# Check for template features that might have changed
echo "Checking template usage..."
fd -e html . | while read -r file; do
  echo "Checking template $file"
  rg "{% \w+_render|{% with_options|{% cache.*using" "$file" || true
done

# Check for specific Django REST Framework features
echo "Checking DRF features..."
rg -l "from rest_framework" | while read -r file; do
  echo "Checking DRF usage in $file"
  rg "class.*\(ViewSet\)|class.*\(ModelViewSet\)|@action|pagination_class" "$file" || true
done

Length of output: 13558

[coderabbitai]

🛠️ Refactor suggestion

Pin the base image to a specific version for better reproducibility

While using python:3.9-slim works, it's recommended to pin to a specific version (e.g., python:3.9.18-slim) to ensure consistent builds across environments.

-FROM python:3.9-slim
+FROM python:3.9.18-slim

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Use Python 3.9-slim as the base image
	FROM python:3.9-slim
	# Use Python 3.9-slim as the base image
	FROM python:3.9.18-slim