Lab13

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,39 @@
+name: Ansible Deployment
+
+on:
+  push:
+    branches: [ main, master, lab06 ]
+    paths:
+      - 'ansible/**'
+      - '.github/workflows/ansible-deploy.yml'
+
+jobs:
+  deploy:
+    runs-on: self-hosted
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Ansible and dependencies
+        run: |
+          sudo apt update
+          sudo apt install -y ansible python3-docker python3-pip
+
+      - name: Create inventory file for local connection
+        run: |
+          cd ansible
+          echo "[webservers]" > inventory/ci.ini
+          echo "localhost ansible_connection=local" >> inventory/ci.ini
+
+      - name: Deploy with Ansible
+        env:
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        run: |
+          cd ansible
+          echo "$ANSIBLE_VAULT_PASSWORD" > /tmp/vault_pass
+          ansible-playbook -i inventory/ci.ini playbooks/deploy.yml --vault-password-file /tmp/vault_pass
+          rm /tmp/vault_pass
+      - name: Verify deployment
+        run: |
+          sleep 10
+          curl -f http://localhost:8000/health || exit 1

.github/workflows/python-ci.yml

@@ -0,0 +1,123 @@
+name: Python CI/CD Pipeline
+
+on:
+  push:
+    branches: [ master, lab03 ]
+    paths:
+      - 'app_python/**'
+      - '.github/workflows/python-ci.yml'
+  pull_request:
+    branches: [ master ]
+    paths:
+      - 'app_python/**'
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: ${{ github.repository_owner }}/devops-info-service
+  PYTHON_VERSION: '3.13'
+
+jobs:
+  code-quality-and-testing:
+    name: Code Quality & Testing
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: app_python
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Python ${{ env.PYTHON_VERSION }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ env.PYTHON_VERSION }}
+        cache: 'pip'
+        cache-dependency-path: 'app_python/requirements.txt'
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install flake8 black pytest pytest-cov
+
+    - name: Lint with flake8
+      run: |
+        echo "Running flake8 linting..."
+        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+
+    - name: Check code formatting with black
+      run: |
+        echo "Checking code formatting with black..."
+        black --check --diff .
+
+    - name: Run unit tests with pytest
+      run: |
+        echo "Running unit tests with pytest..."
+        pytest --cov=app --cov-report=term-missing -v
+
+    - name: Security scan with Snyk
+      uses: snyk/actions/python@master
+      continue-on-error: true
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        args: --severity-threshold=high --file=requirements.txt
+
+  docker-build-and-push:
+    name: Docker Build & Push
+    runs-on: ubuntu-latest
+    needs: code-quality-and-testing
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    - name: Generate version tags
+      id: vars
+      run: |
+        echo "DATE_TAG=$(date +'%Y.%m.%d')" >> $GITHUB_OUTPUT
+        echo "SHORT_SHA=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
+
+        COMMIT_COUNT=$(git rev-list --count --since="$(date +'%Y-%m-%d 00:00:00')" HEAD 2>/dev/null || echo "0")
+        echo "CALVER_TAG=$(date +'%Y.%m').$COMMIT_COUNT" >> $GITHUB_OUTPUT
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./app_python
+        push: true
+        tags: |
+          ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.DATE_TAG }}
+          ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.CALVER_TAG }}
+          ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.DATE_TAG }}-${{ steps.vars.outputs.SHORT_SHA }}
+        labels: |
+          org.opencontainers.image.title=DevOps Info Service
+          org.opencontainers.image.description=DevOps course info service
+          org.opencontainers.image.version=${{ steps.vars.outputs.CALVER_TAG }}
+          org.opencontainers.image.created=${{ steps.vars.outputs.DATE_TAG }}
+          org.opencontainers.image.revision=${{ github.sha }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Verify pushed images
+      run: |
+        echo "Docker images pushed with tags:"
+        echo "- latest"
+        echo "- ${{ steps.vars.outputs.DATE_TAG }}"
+        echo "- ${{ steps.vars.outputs.CALVER_TAG }}"
+        echo "- ${{ steps.vars.outputs.DATE_TAG }}-${{ steps.vars.outputs.SHORT_SHA }}"

.gitignore

@@ -1 +1,10 @@
-test
+test
+*.retry
+.vault_pass
+ansible/inventory/*.pyc
+__pycache__/
+.env
+*.crt
+*.key
+*.tgz
+*.lock

ansible/README.md

@@ -0,0 +1 @@
+[![Ansible Deployment](https://github.com/s3rap1s/DevOps-Core-Course/actions/workflows/ansible-deploy.yml/badge.svg)](https://github.com/s3rap1s/DevOps-Core-Course/actions/workflows/ansible-deploy.yml)

ansible/ansible.cfg

@@ -0,0 +1,11 @@
+[defaults]
+inventory = inventory/hosts.ini
+roles_path = roles
+host_key_checking = False
+remote_user = devops
+retry_files_enabled = False
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root