While I can’t solve all printer woes today, I can share how we make debugging flaky tests easier at Canopy. We frequently use Model Bakery and Faker to generate test data, this randomly generated data can sometimes cause unpredictable test failures. To tackle this challenge, we’ve implemented a solution that makes pytest print the random seed number used in failing tests. This allows us to reproduce the same test conditions by reusing that seed number in subsequent test runs.

When a test fails, we can examine whether the randomly generated data is the culprit by rerunning the test with the same seed. If the test fails consistently with that seed, we’ve likely identified that the test’s randomized data contributes to the failure. While this isn’t always the root cause, it’s an excellent starting point for investigation. (I should probably write another post about dealing with stubborn printers and other common causes of flaky tests!)

Here’s the code we use to implement this functionality. First, add this to your BaseTest class:

class BaseTest(TestCase):
    @pytest.fixture(autouse=True)
    def seed_random(self, request):
        # Use seed from the command line if provided
        seed = request.config.getoption("--seed")
        if seed is None:
            pytest.seed = random.randint(0, 999999)
        else:
            pytest.seed = int(seed)
        random.seed(pytest.seed)
        Faker.seed(pytest.seed)
        print(f"\nRunning test with seed: {pytest.seed}")

If you’re using function-based tests instead of class-based tests, you’ll want to add this fixture to your conftest.py file:

@pytest.fixture(autouse=True)
def seed_random(request):
    # Same implementation as above
    ...

Finally, add this to your conftest.py to display the seed number when a test fails:

import pytest


pytest.seed = None


def pytest_runtest_makereport(item, call):
    if call.when == "call" and call.excinfo is not None:
        print(
            f"\n{'*' * 22}\nExtra Failure Context:\n* Seed number used: {pytest.seed}. Use `pytest --seed {pytest.seed}` "
            f"to run the tests again with the same seed number.\n"
        )

Then you can run your tests with the --seed flag to reproduce the same random data and investigate the issue further (e.g., pytest --seed 34512).

P.S. We have some amazing engineers at Canopy, and Levi Mann is the engineer at Canopy who gave us the idea. I’m just the one who used AI to help write it! 😂

The Current Django Project Setup

If you look at the official Django documentation, the tutorial instructs you to create a new project like this:

$ mkdir djangotutorial
$ django-admin startproject mysite djangotutorial

This creates the following directory structure:

.
├── manage.py
└── mysite
    ├── __init__.py
    ├── asgi.py
    ├── settings.py
    ├── urls.py
    └── wsgi.py

As someone who’s both learned and taught Django, I’ve noticed this structure raises several questions for newcomers:

• Why create a djangotutorial directory only to have another directory called mysite inside it?
• What should the mysite directory be named in a real-world project?
• Why are configuration files housed in a project-named directory?
• How does this impact project maintainability, especially when version control and project renaming come into play?

Learning from Other Frameworks

To provide context, let’s look at how other modern web frameworks handle project initialization. Laravel, for instance, offers a notably streamlined experience:

Laravel places all configuration files in a dedicated config directory:

.
...
├── config
│   ├── app.php
│   ├── auth.php
│   ├── cache.php
│   ├── database.php
│   ├── filesystems.php
│   ├── logging.php
│   ├── mail.php
│   ├── queue.php
│   ├── services.php
│   └── session.php
...

Compare this to the current Django experience:

The Django CLI experience has some rough edges - error messages aren’t consistently formatted, and simple issues like hyphens in project names result in errors rather than automatic conversion to underscores. The resulting structure still uses the project name for configuration files:

.
├── example_project
│   ├── __init__.py
│   ├── asgi.py
│   ├── settings.py
│   ├── urls.py
│   └── wsgi.py
└── manage.py

A Path Forward: DJ Beat Drop

While changing Django’s core project templates might be challenging (as evidenced by this PR that’s been open for two years), we can take a more pragmatic approach. I’ve created dj-beat-drop, a modern Django project initializer that brings the best practices from other frameworks to the Django ecosystem.

DJ Beat Drop offers:

• A more intuitive project structure
• It uses the official Django project template, but puts all configuration files in a config directory
• Built-in support for environment variables via .env files
• Integration with modern Python tooling like uv
• A smoother, more user-friendly CLI experience

Here’s what creating a new Django project with DJ Beat Drop looks like:

With the defaults the resulting structure looks like this:

.
├── README.md
├── config
│   ├── __init__.py
│   ├── asgi.py
│   ├── settings.py
│   ├── urls.py
│   └── wsgi.py
├── db.sqlite3
├── manage.py
├── pyproject.toml
└── uv.lock

If you say no to the defaults, then the resulting structure looks like this:

.
├── config
│   ├── __init__.py
│   ├── asgi.py
│   ├── settings.py
│   ├── urls.py
│   └── wsgi.py
└── manage.py

Join the Movement

If you’re interested in improving the Django developer experience, I invite you to try DJ Beat Drop and share your feedback. With community support, this could become the recommended way to start new Django projects, making the framework even more accessible to newcomers while maintaining the power and flexibility that Django developers love.

Want to help? Star the repository on GitHub and share it with your fellow Djangonauts. Together, we can make the Django ecosystem even better for the next generation of developers.

node    | Error: EACCES: permission denied, mkdir '/code/node_modules/.vite/deps_temp'
node    |     at Object.mkdirSync (node:fs:1349:3)
node    |     at runOptimizeDeps (file:///code/node_modules/vite/dist/node/chunks/dep-ca21228b.js:42881:14)
node    |     at Timeout._onTimeout (file:///code/node_modules/vite/dist/node/chunks/dep-ca21228b.js:42290:54)
node    |     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node    |   errno: -13,
node    |   syscall: 'mkdir',
node    |   code: 'EACCES',
node    |   path: '/code/node_modules/.vite/deps_temp'
node    | }

And:

npm WARN logfile Error: EACCES: permission denied, scandir '/root/.npm/_logs'
npm WARN logfile  error cleaning log files [Error: EACCES: permission denied, scandir '/root/.npm/_logs'] {
npm WARN logfile   errno: -13,
npm WARN logfile   code: 'EACCES',
npm WARN logfile   syscall: 'scandir',
npm WARN logfile   path: '/root/.npm/_logs'
npm WARN logfile }
npm ERR! code EACCESS
npm ERR! syscall mkdir
npm ERR! path /root/.npm/_cacache/tmp
npm ERR! errno -13
npm ERR! 

These errors didn’t make much sense to us because the errors were random, and the user that the node service was running as should have been root. What we discovered was that we were running into an issue where any scripts run with npm run were switching to running the process as the owner of a path based on the owner of its nearest existing parent by using infer-owner. This behavior has now been removed from NPM’s dependency promise-spawn as of v5.0.0 and NPM version v9.0.1. The owner of our project’s root folder was getting changed to a non-privileged user by our Django/Python process because we had set up that service to run as a generic app user that we created for security reasons. We’re still not 100% sure which Python script/process was changing to the root folder to be owned by the generic app user. But this is why npm run switched to running by the user ID of the generic app user since the generic app user didn’t exist in the node container.

We were also puzzled by why the file and directory owner and group changes persisted for our project directories. Through trial and error, we discovered that Docker stores owner and group changes using Mac’s extended attributes on a Mac host. When we looked at the project directories’ extended attributes by running xattr . on our Macs, we discovered there was an attribute named com.docker.grpcfuse.ownership when we printed the value of the attribute using xattr -p com.docker.grpcfuse.ownership . the result {"UID":33,"GID":33,"mode":10000} showed that was where Docker was storing the owner changes. After deleting the attribute with xattr -d com.docker.grpcfuse.ownership ., the directory’s owner returned to being root.

Our current solution is to ensure we are running our Python/Django service as the same user as our Node service is using. Right now, we’re just using root for both services since that’s straightforward and since this is only for local development. However, upgrading NPM could also fix this or switch to creating an app user with the same ID in both services.

My hope with this blog post is that others might find it and save some time in debugging and figuring out a solution. Our team learned a lot about Docker and Node in the process.

As of the writing of this blog post, these are the steps I used to deploy the Django Base Site to Fly.io.

1. Install flyctl
2. Run fly launch and answer all the input prompts. Make sure you respond with y when it asks to set up Postgres and Redis. It’s important to note that if you choose that you would like it to deploy now it will fail, so choose no. Fly.io’s default configuration is to use Heroku buildpacks, which should work with the Django Base Site, but for whatever reason I wasn’t able to get it work by using the Heroku buildpack for builder. If interested have a look at the steps I tried below.

   ➜ fly launch
   Creating app in /Users/brento/Sites/personal/django-base-site
   Scanning source code
   Detected a NodeJS app
   Using the following build configuration:
           Builder: heroku/buildpacks:20
   ? Choose an app name (leave blank to generate one): django-base-site
   automatically selected personal organization: Brent O'Connor
   ? Choose a region for deployment: Dallas, Texas (US) (dfw)
   Created app django-base-site in organization personal
   Admin URL: https://fly.io/apps/django-base-site
   Hostname: django-base-site.fly.dev
   Wrote config file fly.toml
   ? Would you like to set up a Postgresql database now? Yes
   ? Select configuration: Development - Single node, 1x shared CPU, 256MB RAM, 1GB disk
   Creating postgres cluster in organization personal
   Creating app...
   Setting secrets on app django-base-site-db...
   Provisioning 1 of 1 machines with image flyio/postgres:14.4
   Waiting for machine to start...
   Machine 3d8d3d7fe56989 is created
   ==> Monitoring health checks
     Waiting for 3d8d3d7fe56989 to become healthy (started, 3/3)
      
   Postgres cluster django-base-site-db created
     Username:    postgres
     Password:    <redacted>
     Hostname:    django-base-site-db.internal
     Proxy port:  5432
     Postgres port:  5433
     Connection string: postgres://postgres:<redacted>@django-base-site-db.internal:5432
      
   Save your credentials in a secure place -- you won't be able to see them again!
      
   Connect to postgres
   Any app within the Brent O'Connor organization can connect to this Postgres using the following connection string:
      
   Now that you've set up Postgres, here's what you need to understand: https://fly.io/docs/postgres/getting-started/what-you-should-know/
      
   Postgres cluster django-base-site-db is now attached to django-base-site
   The following secret was added to django-base-site:
     DATABASE_URL=postgres://django_base_site:tERgYWZ1jV2fHbJ@top2.nearest.of.django-base-site-db.internal:5432/django_base_site?sslmode=disable
   Postgres cluster django-base-site-db is now attached to django-base-site
   ? Would you like to set up an Upstash Redis database now? Yes
   ? Select an Upstash Redis plan Free: 100 MB Max Data Size
   input:3: createAddOn Validation failed: Name has already been taken
      
   ? Would you like to deploy now? No
   

3. Edit the fly.toml file the previous command created by updating the following sections to match below. Also make sure you replace <app_name> with the name of the app that was created when you ran fly launch.

   [build]
     dockerfile = "config/docker/Dockerfile"
   
   [build.args]
     ENV_NAME = "prod"
   
   [deploy]
     release_command = "python manage.py migrate --noinput"
   
   [env]
     PORT = "8080"
     ALLOWED_HOSTS = "<app_name>.fly.dev"
     INTERNAL_IPS = "<app_name>.fly.dev"
     DB_SSL_REQUIRED = "off"
   

4. Set the SECRET_KEY as a secret environment variable:

   fly secrets set SECRET_KEY=$(python -c "import random; print(''.join(random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%^&*(-_=+)') for i in range(50)))")
   

5. Run fly deploy to deploy your app to Fly.io.
6. Run fly ssh console and then run cd /srv/app && ./manage.py migrate && ./manage.py createsuperuser to create your user for signing in. Exit your ssh session.
7. Run fly open to open the app in your browser. You won’t be able to login via /accounts/login/ until you validate your email address. To do this, go to /admin/ and sign in. Then go to /admin/account/emailaddress/ and mark your email address as primary and validated. Then you should be able to sign in with the standard sign-in view. If your app was set up to send email, you wouldn’t have to validate your email address in the admin first because when you sign in, the app will send you an email with a link to click on to validate your email address.
8. Hurray, you’ve successfully deployed to Fly.io! 🎉

Troubleshooting

If you get a 500 error after you sign in or at any point with your running application and need to debug it, you can add the following to your settings and then run fly deploy. Once the app deploys, you can trigger the 500 error again, and then when you run fly logs, you should be able to see a python traceback of the exception error. This is a quick and easy solution for debugging, but a better solution for production environments is to set up something like Sentry.

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'console': {
            'class': 'logging.StreamHandler',
        },
    },
    'root': {
        'handlers': ['console'],
        'level': 'INFO',
    },
    'loggers': {
        'django': {
            'handlers': ['console'],
            'level': 'INFO',
            'propagate': False,
        },
    },
}

Steps I tried to get Fly.io working with Heroku Buildpacks

1. I added a requirements.txt file in the root of the project so the Heroku Buildpack would detect that the project is a Python application. Inside the file I pointed to my production requirements file -r config/requirements/prod_lock.txt.
2. Then I ran fly deploy, which failed because it couldn’t install the requirements and quit with the following error.

   ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
       tomli from https://files.pythonhosted.org/packages/97/75/10a9ebee3fd790d20926a90a2547f0bf78f371b2f13aa822c759680ca7b9/tomli-2.0.1-py3-none-any.whl (from coverage[toml]==7.0.1->-r /workspace/config/requirements/prod_lock.txt (line 131))
   

3. Next, I tried pointing the requirements to the un-hashed version of my requirements (-r config/requirements/prod.in) and then ran fly deploy again. This ultimately failed again, but this time it failed after installing the requirements and failed because it wasn’t able to read the SECRET_KEY environment variable.

         File "/workspace/config/settings/_base.py", line 28, in <module>
           SECRET_KEY = env("SECRET_KEY")
         File "/app/.heroku/python/lib/python3.10/site-packages/environs/__init__.py", line 116, in method
           raise EnvError('Environment variable "{}" not set'.format(proxied_key or parsed_key))
         environs.EnvError: Environment variable "SECRET_KEY" not set
   
   !     Error while running '$ python manage.py collectstatic --noinput'.
         See traceback above for details.
   
         You may need to update application code to resolve this error.
         Or, you can disable collectstatic for this application:
   
         $ heroku config:set DISABLE_COLLECTSTATIC=1
   

4. Logically, I tried setting the SECRET_KEY using fly secrets set SECRET_KEY=" <redacted>" and then I tried deploying again with fly deploy, but ultimately that failed again with the same error as the previous step. As another troubleshooting step, I also tried removing the SECRET_KEY with fly secrets unset SECRET_KEY and then adding it to the [env] section of the fly.toml file. This also failed with the same error when I ran fly deploy. This is where I gave up and tried the approach above by using the Django Base Site Dockerfile.

If anyone has any other ideas or can get the Django Base Site working with fly.io please let me know.

Conclusions

It would be nice to figure out why Heroku buildpacks (the default builder) didn’t work for me at some point because I had to create a pretty sophisticated Dockerfile to get Fly.io working. It makes me wonder if other people using Fly.io for a Django project run into the same problems or if it’s just something that unique to my Django Base Site.

If you want to deploy a hobby project to the world quickly then Fly.io seems like a good choice. Especially with its free plan. One of the things I liked about Fly.io is that it has intelligent caching. If you haven’t made changes to project requirement files, it deploys quickly (less than a minute), which is very nice!

I’ll save you from all the boring details from my hours of debugging and trying to fix it. What ending up being the fix was simply running my Docker Compose commands as root with the -u root argument.

Example:

docker compose run -u root --rm --no-deps web ./manage.py collectstatic --no-input

The reason I had to do this is that my Docker image is built using the USER app instruction in the Dockerfile and according to the GitHub documentation on the Dockerfile it says:

Docker actions must be run by the default Docker user (root). Do not use the USER instruction in your Dockerfile, because you won’t be able to access the GITHUB_WORKSPACE. For more information, see “Using environment variables” and USER reference in the Docker documentation.

As a bonus, if you’re debugging GitHub Actions, a fantastic tool that can save you hours of frustration is to use the mxschmitt/action-tmate action. Instead of making a change to your Github Action YAML file and then pushing the change and waiting to see if it passes. You can use this action to create a live interactive shell for the container your action is running in so that you can quickly test and try new fixes.

In most cases, if you have context data in your view like the following:

data = [
    {
        "mystr": "Foo",
        "myint": 123,
    },
]

Then all you have to do to make it work in a template is to use the safe template filter and then it just works. Example:

<script>
  function send_data_to_js_example(data) {
    console.assert(data[0].mystr === "Foo");
    console.assert(data[0].myint === 123);
  }
  send_data_to_js_example({{ data|safe }});
</script>

But what if your data is more complex like the following example?

data = [
    {
        "mystr": "Foo",
        "myint": 123,
        "myfloat": 123.45,
        456: "abc",
        "truebool": True,
        "falsebool": False,
        "list": ["a", 1, "b"],
        "user": {"id": 1, "name": "Joe Example"},
        "user_list": User.objects.all(),
        "date_time": now(),
        "html": '<p class="m-100 float-left random modifier p-100 spacer-5 john-b-good">My <strong>Paragraph</strong></p>',
    },
]

Using the safe template filter no longer works because your booleans aren’t converted to lowercase for use in Javascript as well as some of the other data types like the QuerySet, the Python datetime object, and your HTML string.

You might try using something like the escapejs hoping to find some easy template filter that just works. However, I’ll save you the trouble; it doesn’t work and the escapejs filter is only meant for use on a single variable and not a list of dicts. You also might try using json.dumps() with Django’s serialize() function, but as I discovered this doesn’t work so well for most of my use cases because the serialize() function doesn’t serialize the model instances in a flattened structure and serializes the data in a more nested structure. Example:

[
  {
    "model": "accounts.user",
    "pk": 1,
    "fields": {
      "first_name": "Joe",
      "last_name": "Example",
      "email": "joe@examle.com",
      ...
    }
  }
]

The Magic Solution

So if you’re wanting a Django template filter that just works, you’ll have to create your own. The following is the solution I came up with that just works and extends Django’s DjangoJSONEncoder encoder class which adds the functionality to serialize QuerySets.

class DjangoModelJSONEncoder(DjangoJSONEncoder):
    def default(self, o):
        if isinstance(o, QuerySet) is True:
            if o._iterable_class is ModelIterable:
                o = o.values()
            return list(o)
        return super().default(o)


@register.filter
def to_json(value: Any, indent: int = None):
    return mark_safe(json.dumps(value, cls=DjangoModelJSONEncoder, indent=indent).translate({
        ord(">"): "\\u003E",
        ord("<"): "\\u003C",
        ord("&"): "\\u0026",
    }))

With the previous to_json template filter created, then using it in a template like the following just works!

<script>
  function get_data_from_data_attribute() {
    data[0].date_time = new Date(data[0].date_time);
    console.assert(data[0].mystr === "Foo");
    console.assert(data[0].myint === 123);
    console.assert(data[0].myfloat === 123.45);
    console.assert(data[0]['456'] === "abc");
    console.assert(data[0].truebool === true);
    console.assert(data[0].falsebool === false);
    console.assert(data[0].user_list[0].last_name === "O'Connor");
    console.assert(data[0].user.id === 1);
    console.assert(data[0].date_time.toDateString() === "Sat Aug 27 2022");
    console.assert(data[0].html === '<p class="m-100 float-left random modifier p-100 spacer-5 john-b-good">My <strong>Paragraph</strong></p>');
  }
  get_data_from_data_attribute({{ data|to_json }});
</script>

Keep in mind if you use a Javascript framework like Vue or React and you’re wanting to pass your context data into a custom component, then you’ll need to use force_escape. Example:

<div id="data-div" data-data="{{{ data|safe|force_escape }}"></div>
<script>
function get_data_from_data_attribute() {
  const divElem = document.querySelector('#data-div');
  let data = divElem.dataset.data;
  data = JSON.parse(data)
  data[0].date_time = new Date(data[0].date_time);
  ...
}
get_data_from_data_attribute();
</script>

So why not use Django’s json_script template tag?

The short answer is you can use the json_script template tag, but there are some things to consider. First, if you look at the actual code you’ll see that the filter wraps the code in a script tag which I’ve found to not be necessary. Secondly, there isn’t a great way to use a subclassed DjangoJSONEncoder that we need if there are custom data types that the default DjangoJSONEncoder doesn’t handle.

What about security?

You should always be mindful of security and test your application to make sure that it hasn’t created a security exploit. I also recommend reading Django’s excellent security documentation. Having said that, in our example filter, to_json() I’m using mark_safe, which I’m fine with because I’ve read and know the precautions to take. First, under no circumstances pass user-submitted data to the to_json() filter unless you know the data has been sanitized with something like bleach. Secondly, write some tests and test your application manually for XSS exploits.

I should also mention that in our example data we’re using User.objects.all() for illustrative purposes only. However, those with a keen eye might recognize that this would send the hashed password to the template, which I don’t recommend. Instead, to avoid this I recommend you something like User.objects.values_list('first_name', 'last_name', 'email') or something equivalent.

Final Thoughts

Hopefully, this post will end up saving engineers a lot of time and prevent a lot of bugs from being created. I also hope that maybe Django could either include some of this information in the documentation or add a template filter like to_json to Django that could be easily extended with your project’s own default encoder.