Lab9

.github/workflows/ansible-deploy.yaml

@@ -0,0 +1,70 @@
+name: Ansible Deployment
+
+on:
+  push:
+    branches: [main, master, lab*]
+    paths:
+      - "labs/ansible/**"
+      - ".github/workflows/ansible-deploy.yaml"
+  pull_request:
+    branches: [main, master, lab*]
+    paths:
+      - "labs/ansible/**"
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: |
+          pip install ansible ansible-lint
+
+      - name: Run ansible-lint
+        run: |
+          cd labs/ansible
+          ansible-lint playbooks/*.yaml
+
+  deploy:
+    name: Deploy Application
+    needs: lint
+    runs-on: self-hosted
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Ansible
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible
+
+      - name: Deploy with Ansible
+        env:
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        run: |
+          cd labs/ansible
+          echo "$ANSIBLE_VAULT_PASSWORD" > /tmp/vault_pass
+          ansible-playbook playbooks/deploy.yaml \
+            -i inventory/hosts.ini \
+            --vault-password-file /tmp/vault_pass \
+            --tags "app_deploy"
+          rm /tmp/vault_pass
+
+      - name: Verify Deployment
+        run: |
+          sleep 10
+          curl -f http://${{ secrets.VM_HOST }}:8000 || exit 1
+          curl -f http://${{ secrets.VM_HOST }}:8000/health || exit 1

.github/workflows/java-ci.yml

@@ -0,0 +1,83 @@
+name: Java CI
+
+on:
+  push:
+    branches: ["main", "lab*"]
+    paths:
+      - "labs/app_java/**"
+      - ".github/workflows/java-ci.yml"
+  pull_request:
+    branches: ["main", "lab*"]
+    paths:
+      - "labs/app_java/**"
+
+jobs:
+  build-and-test:
+    if: "!contains(github.event.head_commit.message, 'docs')"
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./labs/app_java
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: "17"
+          distribution: "temurin"
+          cache: "maven"
+
+      - name: Run Linting
+        run: mvn checkstyle:check
+
+      - name: Build and Test
+        run: mvn clean verify
+
+      - name: Install Snyk CLI
+        uses: snyk/actions/setup@master
+
+      - name: Run Snyk
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: snyk test
+        continue-on-error: true
+
+  docker-build:
+    needs: build-and-test
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+    defaults:
+      run:
+        working-directory: ./labs/app_java
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKER_USERNAME }}/devops-app-java
+          tags: |
+            type=semver,pattern={{version}}
+            type=raw,value=latest
+            type=sha
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./labs/app_java
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/python-ci.yaml

@@ -0,0 +1,94 @@
+name: Python CI
+
+on:
+  push:
+    branches: [lab*, main]
+    paths:
+      - "labs/app_python/**"
+    tags:
+      - "v*"
+  pull_request:
+    paths:
+      - "labs/app_python/**"
+
+jobs:
+  test-and-lint:
+    runs-on: ubuntu-latest
+    if: "!contains(github.event.head_commit.message, 'docs') && !contains(github.event.pull_request.title, 'docs')"
+    defaults:
+      run:
+        working-directory: labs/app_python
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.12.3"
+
+      - name: Install dev dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements-dev.txt
+
+      - name: Install Snyk CLI
+        run: |
+          curl -Lo ./snyk https://github.com/snyk/cli/releases/latest/download/snyk-linux
+          chmod +x ./snyk
+          sudo mv ./snyk /usr/local/bin/
+
+      - name: Run Snyk
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: |
+          snyk auth $SNYK_TOKEN
+          snyk test
+
+      - name: Lint code
+        run: |
+          flake8 .
+
+      - name: Run tests
+        run: |
+          pytest -v
+
+  build-and-push:
+    runs-on: ubuntu-latest
+    needs: test-and-lint
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/lab') || startsWith(github.ref, 'refs/tags/v'))
+    defaults:
+      run:
+        working-directory: labs/app_python
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKER_USERNAME }}/python-info-service
+          tags: |
+            type=ref,event=branch
+            type=sha,prefix={{date 'YYYYMMDD'}}-
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: labs/app_python
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/python-info-service:buildcache
+          cache-to: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/python-info-service:buildcache,mode=max

.github/workflows/terraform-ci.yaml

@@ -0,0 +1,46 @@
+name: Terraform CI
+
+on:
+  push:
+    branches: ["main", "lab*"]
+    paths:
+      - "labs/terraform/**"
+  pull_request:
+    paths:
+      - "labs/terraform/**"
+
+jobs:
+  terraform:
+    name: Terraform Validate
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: labs/terraform
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.10.0"
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: v0.50.0
+
+      - name: Terraform Format Check
+        run: terraform fmt -check
+
+      - name: Terraform Init
+        run: terraform init -backend=false
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: TFLint Init
+        run: tflint --init
+
+      - name: Run TFLint
+        run: tflint --format=compact