Lab14

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,75 @@
+name: Ansible Deployment
+
+on:
+  push:
+    branches: [ main, master, lab06 ]
+    paths:
+      - "ansible/**"
+      - ".github/workflows/ansible-deploy.yml"
+  pull_request:
+    branches: [ main, master, lab06 ]
+    paths:
+      - "ansible/**"
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: |
+          pip install ansible ansible-lint
+
+      - name: Run ansible-lint
+
+        run: |
+          ansible-lint playbooks/*.yml roles/**/*.yml
+
+  deploy:
+    name: Deploy Application
+    needs: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Ansible
+        run: pip install ansible
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H ${{ secrets.VM_HOST }} >> ~/.ssh/known_hosts
+
+      - name: Deploy with Ansible
+        env:
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        run: |
+          cd ansible
+          echo "$ANSIBLE_VAULT_PASSWORD" > /tmp/vault_pass
+          ansible-playbook playbooks/deploy.yml \
+            -i inventory/hosts.ini \
+            --vault-password-file /tmp/vault_pass \
+            --tags "app_deploy"
+          rm /tmp/vault_pass
+
+      - name: Verify Deployment
+        run: |
+          sleep 10
+          curl -f http://${{ secrets.VM_HOST }}:8000 || exit 1
+          curl -f http://${{ secrets.VM_HOST }}:8000/health || exit 1

.github/workflows/python-ci.yml

@@ -0,0 +1,86 @@
+name: Python CI - DevOps Info Service
+
+on:
+  push:
+    branches: [ "**" ]
+    tags:
+      - "v*.*.*"
+    paths:
+      - "app_python/**"
+      - ".github/workflows/python-ci.yml"
+
+  pull_request:
+    branches: [ "main" ]
+    paths:
+      - "app_python/**"
+
+jobs:
+  test:
+    name: Lint & Test
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        working-directory: app_python
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+          cache-dependency-path: |
+            app_python/requirements.txt
+            app_python/requirements-dev.txt
+
+      - name: Install dependencies
+        run: |
+          pip install -r requirements.txt
+          pip install -r requirements-dev.txt
+
+      - name: Run linter (ruff)
+        run: |
+          pip install ruff
+          ruff check .
+
+      - name: Run tests with coverage
+        run: |
+          pytest --cov=. --cov-report=term-missing --cov-fail-under=60
+
+      - name: Install Bandit
+        run: pip install bandit
+
+      - name: Run Bandit security scan
+        run: bandit -r . -ll -s B101,B104
+
+  docker:
+    name: Build & Push Docker Image
+    needs: test
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Extract version
+        id: vars
+        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./app_python
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:${{ steps.vars.outputs.VERSION }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:latest

.gitignore

@@ -1 +1,7 @@
-test
+test
+key.json
+.terraform/
+*.tfstate
+*.tfstate.*
+terraform.tfvars
+.history/

README.md

@@ -1,3 +1,6 @@
+![CI](https://github.com/essence-666/DevOps-Core-Course/actions/workflows/python-ci.yml/badge.svg)
+
+
 # DevOps Engineering: Core Practices
 
 [![Labs](https://img.shields.io/badge/Labs-18-blue)](#labs)

ansible/.gitignore

@@ -0,0 +1 @@
+.vault_pass

ansible/README.md

@@ -0,0 +1 @@
+[![Ansible Deployment](https://github.com/essence-666/DevOps-Core-Course/actions/workflows/ansible-deploy.yml/badge.svg)](https://github.com/essence-666/DevOps-Core-Course/actions/workflows/ansible-deploy.yml)

ansible/ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+roles_path = ./roles:./playbooks/roles
+inventory = ./inventory/hosts.ini
+private_key_file = ~/.ssh/id_ed25519
+remote_user = ubuntu
+host_key_checking = False