PR: Lab03

.github/workflows/python-ci.yml

@@ -0,0 +1,103 @@
+name: Python CI (tests + docker)
+
+on:
+  push:
+    branches: [ "master", "lab03" ]
+    paths:
+      - "app_python/**"
+      - ".github/workflows/python-ci.yml"
+  pull_request:
+    branches: [ "master" ]
+    paths:
+      - "app_python/**"
+      - ".github/workflows/python-ci.yml"
+
+concurrency:
+  group: python-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  test-and-lint:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: true
+      matrix:
+        python-version: ["3.12", "3.13"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "pip"
+          cache-dependency-path: |
+            app_python/requirements.txt
+            app_python/requirements-dev.txt
+
+      - name: Install dependencies
+        working-directory: app_python
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install -r requirements-dev.txt
+
+      - name: Lint (ruff)
+        working-directory: app_python
+        run: |
+          ruff check .
+
+      - name: Run tests (pytest)
+        working-directory: app_python
+        run: |
+          pytest -q
+
+      - name: Install Snyk CLI
+        run: npm install -g snyk
+
+      - name: Snyk scan (dependencies)
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: |
+          cd app_python
+          snyk test --severity-threshold=high --file=requirements.txt
+
+  docker-build-and-push:
+    runs-on: ubuntu-latest
+    needs: test-and-lint
+
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/lab03')
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set version (CalVer)
+        run: |
+          echo "VERSION=$(date -u +%Y.%m.%d)" >> $GITHUB_ENV
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ./app_python
+          file: ./app_python/Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:${{ env.VERSION }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:latest

app_python/README.md

@@ -1,3 +1,5 @@
+[![Python CI (tests + docker)](https://github.com/Cdeth567/DevOps-Core-Course/actions/workflows/python-ci.yml/badge.svg?branch=lab03)](https://github.com/Cdeth567/DevOps-Core-Course/actions/workflows/python-ci.yml)
+
 # DevOps Info Service
 
 ## Overview
@@ -130,3 +132,11 @@ docker run --rm -p <host_port>:5000 <dockerhub_username>/<repo_name>:<tag>
 
 > Note (Windows PowerShell): `curl` is an alias for `Invoke-WebRequest`.  
 > For classic curl behavior, use `curl.exe`.
+
+## Testing
+Install dev dependencies:
+- python -m pip install -r requirements-dev.txt
+
+Run tests:
+- pytest
+