Hugging Face's logo

Spaces:
kaeizen
/
grammo
Sleeping

App Files Community
kaeizen commited on
Commit
308a2f4
Β·
1 Parent(s): 0f55242

update key

Browse files
Files changed (4) hide show
  1. .env.example +3 -3
  2. Dockerfile +2 -2
  3. README.md +9 -9
  4. backend/settings.py +1 -1
.env.example CHANGED
@@ -15,13 +15,13 @@ HUGGINGFACEHUB_API_TOKEN=
15
  DEBUG=True
16
 
17
  # App mode: "development" (default) or "production"
18
- MODE=development
19
 
20
  # Port used only when running `python app.py` (Hugging Face Spaces)
21
  # PORT=7860
22
 
23
  # --- Production-only ---
24
- # When MODE=production, set these appropriately
25
  # Comma-separated (no spaces)
26
  # ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
27
 
@@ -29,5 +29,5 @@ MODE=development
29
  # CSRF_TRUSTED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
30
 
31
  # Notes:
32
- # - Security and CORS flags are derived automatically from MODE in settings.py
33
  # - Do not set SESSION_COOKIE_SECURE, CSRF_COOKIE_SECURE, CORS_ALLOW_ALL_ORIGINS, or SECURE_* directly
 
15
  DEBUG=True
16
 
17
  # App mode: "development" (default) or "production"
18
+ BUILD_MODE=development
19
 
20
  # Port used only when running `python app.py` (Hugging Face Spaces)
21
  # PORT=7860
22
 
23
  # --- Production-only ---
24
+ # When BUILD_MODE=production, set these appropriately
25
  # Comma-separated (no spaces)
26
  # ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
27
 
 
29
  # CSRF_TRUSTED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
30
 
31
  # Notes:
32
+ # - Security and CORS flags are derived automatically from BUILD_MODE in settings.py
33
  # - Do not set SESSION_COOKIE_SECURE, CSRF_COOKIE_SECURE, CORS_ALLOW_ALL_ORIGINS, or SECURE_* directly
Dockerfile CHANGED
@@ -28,8 +28,8 @@ RUN --mount=type=secret,id=SECRET_KEY,mode=0444,required=true \
28
  RUN --mount=type=secret,id=HUGGINGFACEHUB_API_TOKEN,mode=0444,required=true \
29
  sh -c 'printf "HUGGINGFACEHUB_API_TOKEN=%s\n" "$(cat /run/secrets/HUGGINGFACEHUB_API_TOKEN)" >> .env'
30
 
31
- RUN --mount=type=secret,id=MODE,mode=0444,required=true \
32
- sh -c 'printf "MODE=%s\n" "$(cat /run/secrets/MODE)" >> .env'
33
 
34
  RUN --mount=type=secret,id=DEBUG,mode=0444,required=true \
35
  sh -c 'printf "DEBUG=%s\n" "$(cat /run/secrets/DEBUG)" >> .env'
 
28
  RUN --mount=type=secret,id=HUGGINGFACEHUB_API_TOKEN,mode=0444,required=true \
29
  sh -c 'printf "HUGGINGFACEHUB_API_TOKEN=%s\n" "$(cat /run/secrets/HUGGINGFACEHUB_API_TOKEN)" >> .env'
30
 
31
+ RUN --mount=type=secret,id=BUILD_MODE,mode=0444,required=true \
32
+ sh -c 'printf "BUILD_MODE=%s\n" "$(cat /run/secrets/BUILD_MODE)" >> .env'
33
 
34
  RUN --mount=type=secret,id=DEBUG,mode=0444,required=true \
35
  sh -c 'printf "DEBUG=%s\n" "$(cat /run/secrets/DEBUG)" >> .env'
README.md CHANGED
@@ -1,6 +1,6 @@
1
  ---
2
  title: Grammo
3
- emoji: πŸ‘€
4
  colorFrom: purple
5
  colorTo: yellow
6
  sdk: docker
@@ -88,7 +88,7 @@ HUGGINGFACEHUB_API_TOKEN=your-huggingface-api-token
88
 
89
  # Common
90
  DEBUG=True
91
- MODE=development # change to "production" for deployment
92
  ```
93
 
94
  To generate a Django secret key:
@@ -125,8 +125,8 @@ HUGGINGFACEHUB_API_TOKEN=your-huggingface-api-token
125
  # Debug mode (default: True)
126
  DEBUG=True
127
 
128
- # App mode: "development" (default) or "production"
129
- MODE=development
130
 
131
  # Port only used when running `python app.py` (Hugging Face Spaces)
132
  # PORT=7860
@@ -134,7 +134,7 @@ MODE=development
134
 
135
  ### Production-only
136
 
137
- When `MODE=production`, the following become relevant:
138
 
139
  ```env
140
  # Allowed hosts (comma-separated, no spaces)
@@ -145,10 +145,10 @@ CSRF_TRUSTED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
145
  ```
146
 
147
  Notes:
148
- - Most security and CORS flags are derived automatically from `MODE` in `backend/settings.py`:
149
  - In development: permissive defaults for local usage
150
  - In production: `CORS_ALLOW_ALL_ORIGINS=False`, secure cookies, HSTS, content type nosniff, and SSL redirect are enabled
151
- - Do not set `SESSION_COOKIE_SECURE`, `CSRF_COOKIE_SECURE`, `CORS_ALLOW_ALL_ORIGINS`, or `SECURE_*` directly via env; they are computed from `MODE`.
152
 
153
  ## Running the Application
154
 
@@ -329,7 +329,7 @@ The backend includes a `Dockerfile` configured for HuggingFace Spaces deployment
329
  1. **Set environment variables** in your Space settings:
330
  - `SECRET_KEY`
331
  - `HUGGINGFACEHUB_API_TOKEN`
332
- - `MODE=production`
333
  - `DEBUG=False`
334
  - `ALLOWED_HOSTS=your-space-name.hf.space`
335
  - `CSRF_TRUSTED_ORIGINS=https://your-space-name.hf.space`
@@ -341,7 +341,7 @@ The backend includes a `Dockerfile` configured for HuggingFace Spaces deployment
341
  ### General Production Deployment
342
 
343
  1. Set production environment variables (see [Environment Variables](#environment-variables))
344
- - `MODE=production`, `DEBUG=False`
345
  - `ALLOWED_HOSTS` and `CSRF_TRUSTED_ORIGINS`
346
  3. Configure a proper database (PostgreSQL recommended)
347
  4. Set up Redis or another cache backend for sessions
 
1
  ---
2
  title: Grammo
3
+ emoji: πŸ“š
4
  colorFrom: purple
5
  colorTo: yellow
6
  sdk: docker
 
88
 
89
  # Common
90
  DEBUG=True
91
+ BUILD_MODE=development # change to "production" for deployment
92
  ```
93
 
94
  To generate a Django secret key:
 
125
  # Debug mode (default: True)
126
  DEBUG=True
127
 
128
+ # App build mode: "development" (default) or "production"
129
+ BUILD_MODE=development
130
 
131
  # Port only used when running `python app.py` (Hugging Face Spaces)
132
  # PORT=7860
 
134
 
135
  ### Production-only
136
 
137
+ When `BUILD_MODE=production`, the following become relevant:
138
 
139
  ```env
140
  # Allowed hosts (comma-separated, no spaces)
 
145
  ```
146
 
147
  Notes:
148
+ - Most security and CORS flags are derived automatically from `BUILD_MODE` in `backend/settings.py`:
149
  - In development: permissive defaults for local usage
150
  - In production: `CORS_ALLOW_ALL_ORIGINS=False`, secure cookies, HSTS, content type nosniff, and SSL redirect are enabled
151
+ - Do not set `SESSION_COOKIE_SECURE`, `CSRF_COOKIE_SECURE`, `CORS_ALLOW_ALL_ORIGINS`, or `SECURE_*` directly via env; they are computed from `BUILD_MODE`.
152
 
153
  ## Running the Application
154
 
 
329
  1. **Set environment variables** in your Space settings:
330
  - `SECRET_KEY`
331
  - `HUGGINGFACEHUB_API_TOKEN`
332
+ - `BUILD_MODE=production`
333
  - `DEBUG=False`
334
  - `ALLOWED_HOSTS=your-space-name.hf.space`
335
  - `CSRF_TRUSTED_ORIGINS=https://your-space-name.hf.space`
 
341
  ### General Production Deployment
342
 
343
  1. Set production environment variables (see [Environment Variables](#environment-variables))
344
+ - `BUILD_MODE=production`, `DEBUG=False`
345
  - `ALLOWED_HOSTS` and `CSRF_TRUSTED_ORIGINS`
346
  3. Configure a proper database (PostgreSQL recommended)
347
  4. Set up Redis or another cache backend for sessions
backend/settings.py CHANGED
@@ -30,7 +30,7 @@ SECRET_KEY = os.environ.get("SECRET_KEY", "local-dev-secret")
30
  # SECURITY WARNING: don't run with debug turned on in production!
31
  DEBUG = os.environ.get("DEBUG", "True") == "True"
32
 
33
- MODE = os.environ.get("MODE", "development")
34
 
35
  ALLOWED_HOSTS =[
36
  origin.strip()
 
30
  # SECURITY WARNING: don't run with debug turned on in production!
31
  DEBUG = os.environ.get("DEBUG", "True") == "True"
32
 
33
+ MODE = os.environ.get("BUILD_MODE", "development")
34
 
35
  ALLOWED_HOSTS =[
36
  origin.strip()