Move media folder outside of project root for Ansible deployment #666

[HarishKarthickS]

Related issues

Fixes #666

Checklist

• Did you run the pre-commit? (If not, your PR will most likely not pass — please ensure it passes pre-commit)
• Did you test the change? (Ensure you didn’t just prompt the AI and blindly commit — test the code and confirm it works)
• Added screenshots to the PR description (if applicable)

Summary by CodeRabbit

• Chores
  • Introduced a configurable media directory setting to improve deployment flexibility.
  • Ensured the media directory is created with correct permissions and linked into the project via symlink.
  • Unified media path management across the infrastructure setup for more maintainable deployments.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Introduces a new media_dir variable (/home/{{ vps_user }}/media), updates the nginx /media/ location alias to use {{ media_dir }}, updates playbook tasks to target {{ media_dir }}, and adds symlink tasks linking the project media path to the dedicated media directory.

Changes

Cohort / File(s)	Change Summary
Nginx template ansible/nginx-http.conf.j2	Replaced hard-coded media path with {{ media_dir }} in the /media/ location alias.
Playbook tasks & vars ansible/playbook.yml	Added media_dir var (set to /home/{{ vps_user }}/media); updated "Ensure media directory exists and readable" to use {{ media_dir }}; added symlink task(s) creating a link from {{ media_dir }} to {{ project_root }}/media (appears duplicated/mirrored in file).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Check duplicated symlink task blocks in ansible/playbook.yml for intentional separation or consolidation.
• Verify force: true on symlink tasks is safe and won't overwrite unintended files.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The AI-generated summary indicates duplicated/modular replication of media_dir usage and symlink tasks later in the playbook file, which appears to be unintended duplication unrelated to the core objective.	Remove the duplicated media_dir variable usage and symlink task that appears later in ansible/playbook.yml to maintain clean, non-redundant configuration.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main objective: moving the media folder outside the project root for Ansible deployment, which aligns with the primary changes in the pull request.
Linked Issues check	✅ Passed	The PR changes directly address issue #666 by introducing a configurable media_dir variable and moving media storage outside the project root, as evidenced by the new variable and symlink implementation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 01dc8a8 and e936da2.

📒 Files selected for processing (1)

• ansible/playbook.yml (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{yml,yaml}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

YAML files must be valid (check-yaml)

Files:

• ansible/playbook.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run Tests

🔇 Additional comments (2)

ansible/playbook.yml (2)

323-323: YAML truthy value fixed correctly.

The change from yes to true complies with YAML best practices and resolves the linter warning.

---

316-323: Verify symlink attribute behavior.

The owner and group attributes on symlink creation may not behave as expected, since symbolic links typically do not have their own ownership metadata (the target's ownership is used instead). Verify this works as intended in your deployment environment, or consider removing these attributes if they cause issues.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @harishkarthick-dev, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the Ansible deployment strategy to move the media directory outside of the project's root. This change enhances the robustness of deployments by separating persistent user-uploaded content from application code, preventing accidental data loss during updates and allowing for more flexible storage management. It introduces a new configurable variable for the media path and updates both the Nginx configuration and the Ansible playbook to correctly manage and serve these externalized media files via a symbolic link.

Highlights

• Externalized Media Directory: The media folder is now configured to reside outside of the project's root directory, improving data persistence and deployment flexibility.
• Configurable Media Path: A new Ansible variable, media_dir, has been introduced in playbook.yml to define the absolute path for the media storage, making the deployment more configurable.
• Nginx Configuration Update: The Nginx configuration (nginx-http.conf.j2) has been updated to use the new media_dir variable, ensuring Nginx correctly serves media files from their new location.
• Symlink for Media Access: A symbolic link is now created from {{ project_root }}/media to {{ media_dir }}. This maintains the expected file path within the application while physically storing media files externally.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly refactors the Ansible deployment to move the media directory outside of the project root, which is a good practice for separating user data from application code. The changes in the Nginx configuration and Ansible variables are appropriate. However, there is a critical issue in the Ansible playbook that could lead to data loss on existing deployments. The task that creates the symlink uses force: yes, which will delete the current media directory and all its contents. I've added a critical review comment with a suggestion to add a migration step to safely move existing media files before creating the symlink.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad91f49 and 01dc8a8.

📒 Files selected for processing (2)

• ansible/nginx-http.conf.j2 (1 hunks)
• ansible/playbook.yml (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{yml,yaml}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

YAML files must be valid (check-yaml)

Files:

• ansible/playbook.yml

🧠 Learnings (1)

📚 Learning: 2025-04-19T17:35:49.476Z

Learnt from: Inshamhaque
Repo: alphaonelabs/alphaonelabs-education-website PR: 0
File: :0-0
Timestamp: 2025-04-19T17:35:49.476Z
Learning: When serving user-uploaded files in Django, always resolve symlinks and use os.path.commonpath to ensure the requested file is within MEDIA_ROOT, and restrict allowed file extensions to prevent path traversal and unauthorized access.

Applied to files:

• ansible/nginx-http.conf.j2

🪛 YAMLlint (1.37.1)

ansible/playbook.yml

[warning] 323-323: truthy value should be one of [false, true]

(truthy)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run Tests

🔇 Additional comments (4)

ansible/playbook.yml (3)

10-10: Good practice: Centralized media directory configuration.

The new media_dir variable improves maintainability by centralizing the media directory path. Moving media outside the project root aligns with best practices for separating persistent user data from application code.

---

308-314: LGTM: Media directory task properly updated.

The task correctly uses the new media_dir variable with appropriate permissions (0755) for nginx to read and the application user to write.

---

316-323: Media directory safe—no existing content to overwrite.

Verification confirmed no media directory exists at {{ project_root }}/media, so the force: yes flag poses no risk of data loss. The YAML syntax is valid. Code is safe to proceed.

ansible/nginx-http.conf.j2 (1)

42-42: LGTM: Nginx configuration properly updated.

The /media/ location now correctly uses the media_dir variable, maintaining consistency with the playbook changes. The trailing slash is properly included for the alias directive.

[HarishKarthickS]

Hi @A1L13N, can you please review and merge this PR.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.