Refactor

.dockerignore

@@ -2,9 +2,10 @@
 **
 
 # Except
+!docker-entrypoint.sh
 !pyproject.toml
-!uv.lock
 !README.md
-!config/**
-!src/**
+!uv.lock
 !alembic.ini
+!src/**
+!tests/**

.github/workflows/ci.yaml

@@ -7,43 +7,24 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v6
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.13"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v6
+        uses: astral-sh/setup-uv@v7
 
       - name: Install dependencies
         run: uv sync --locked --group dev
 
       - name: Check code
-        run: uv run make code.check
+        run: uv run make check
 
-      - name: Test Docker Compose setup
+      - name: Test with Docker
         env:
-          APP_ENV: local
-        run: |
-          uv run config/toml_config_manager.py
-          cd config/local
-          docker compose --env-file .env.local up -d --build
-
-      - name: Verify Application Health
-        run: |
-          timeout 10s bash -s <<'BASH'
-          while ! curl -sf http://127.0.0.1:9999/api/v1/health; do
-            sleep 1
-          done
-          BASH
-
-      - name: Test Signup Handler
-        run: |
-          curl -f --json @- http://127.0.0.1:9999/api/v1/account/signup <<'JSON'
-          {
-            "username": "string",
-            "password": "string"
-          }
-          JSON
+          ALLOW_DESTRUCTIVE_TEST_CLEANUP: 1
+        run: make test-docker

.gitignore

@@ -159,18 +159,16 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
 
-# Config
-config/local/*
-!config/local/.gitkeep
-config/dev/*
-!config/dev/.gitkeep
-config/prod/*
-!config/prod/.gitkeep
-.secrets.*
-.env.*
-
-# IgnoreToDo
+# other
+.claude/
+.import_linter_cache/
+.ruff_cache/
+.vscode/
+htmlcov-docker/
 todo/
 
-# ImportLinter
-.import_linter_cache/
+.constraints.in
+.secrets
+AGENTS.md
+CLAUDE.md
+pylock.toml

.pre-commit-config.yaml

@@ -1,14 +1,70 @@
+default_language_version:
+  python: python3.13
+
+default_stages: [pre-commit]
+
 repos:
   - repo: local
     hooks:
-      - id: make-check
-        name: source-code-check
-        entry: make code.check
+      - id: code-check
+        name: code-check (local)
+        entry: uv run make check
+        language: system
+        pass_filenames: false
+      - id: pip-audit-local
+        name: pip-audit (local)
+        entry: uv run make pip-audit
+        language: system
+        pass_filenames: false
+        verbose: true
+      - id: test-docker
+        name: test-docker (local)
+        entry: make test-docker
         language: system
+        stages: [pre-push]
         pass_filenames: false
-        always_run: true
+        verbose: true
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-ast
+      - id: check-case-conflict
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+        exclude: ^docs/
+      - id: check-added-large-files
+      - id: check-docstring-first
+      - id: check-json
+      - id: check-toml
+      - id: check-yaml
+        exclude: docker-compose.test.yml
+      - id: detect-private-key
+      - id: debug-statements
+      - id: check-merge-conflict
+      - id: mixed-line-ending
+        args: ["--fix=lf"]
+      - id: no-commit-to-branch
+        args: [--branch, develop, --branch, dev, --branch, master, --branch, main]
+
+  - repo: https://github.com/crate-ci/typos
+    rev: v1.40.0
+    hooks:
+      - id: typos
+        args: [--force-exclude]
 
   - repo: https://github.com/google/yamlfmt
     rev: v0.20.0
     hooks:
       - id: yamlfmt
+        name: YAML formatter
+        files: (^|/).*\.ya?ml$
+        args:
+          - "--conf"
+          - ".yamlfmt"
+
+  - repo: https://github.com/koalaman/shellcheck-precommit
+    rev: v0.11.0
+    hooks:
+      - id: shellcheck
+        args: ["--severity=warning"]

.yamlfmt

@@ -4,4 +4,4 @@ formatter:
   type: basic
   line_ending: lf
   retain_line_breaks: true
-  scan_folded_as_literal: true
+  scan_folded_as_literal: true

Dockerfile

@@ -0,0 +1,41 @@
+ARG PYTHON_VERSION=3.13
+FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-trixie-slim
+
+ARG APP_VERSION=develop
+ARG ENVIRONMENT="prod"
+
+ENV APP_VERSION=${APP_VERSION}
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV UV_HTTP_TIMEOUT=300
+ENV UV_LINK_MODE=copy
+ENV UV_PROJECT_ENVIRONMENT=/usr/local
+
+WORKDIR /code
+
+COPY pyproject.toml uv.lock README.md ./
+
+RUN if [ "${ENVIRONMENT}" = "prod" ]; then \
+      uv sync --frozen --no-cache --no-dev --no-install-project; \
+    else \
+      uv sync --frozen --dev --no-install-project; \
+    fi
+
+COPY . .
+
+RUN if [ "${ENVIRONMENT}" = "prod" ]; then \
+      uv sync --frozen --no-cache --no-dev; \
+    else \
+      uv sync --frozen --dev; \
+    fi
+
+RUN groupadd -r runner
+RUN useradd -r -g runner -m -s /usr/sbin/nologin runner
+RUN chown -R runner:root /code
+RUN chmod -R g=u /code
+
+USER runner
+
+EXPOSE 8000
+
+ENTRYPOINT [ "/code/docker-entrypoint.sh" ]