feat: complete lab03 ci pipeline

Author: pepega

.github/workflows/python-ci.yml

@@ -15,57 +15,64 @@ on:
       - "app_python/**"
       - ".github/workflows/python-ci.yml"
 
+permissions:
+  contents: read
+
 concurrency:
   group: python-ci-${{ github.ref }}
   cancel-in-progress: true
 
+env:
+  PIP_DISABLE_PIP_VERSION_CHECK: "1"
+
 jobs:
-  test:
+  lint-test:
+    name: Lint and test (Python ${{ matrix.python-version }})
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        python-version: ["3.11", "3.12"]
 
     steps:
-      - name: Checkout repository
+      - name: Checkout
         uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.12"
+          python-version: ${{ matrix.python-version }}
           cache: "pip"
           cache-dependency-path: app_python/requirements.txt
 
       - name: Install dependencies
-        working-directory: app_python
         run: |
           python -m pip install --upgrade pip
-          pip install -r requirements.txt
+          python -m pip install -r app_python/requirements.txt
 
-      - name: Lint with ruff
-        working-directory: app_python
-        run: ruff check .
+      - name: Lint (ruff)
+        run: python -m ruff check app_python
 
       - name: Run tests
-        working-directory: app_python
-        run: pytest -q
+        run: python -m pytest -v app_python/tests
 
       - name: Snyk security scan
-        if: ${{ secrets.SNYK_TOKEN != '' }}
-        uses: snyk/actions/python@master
+        if: matrix.python-version == '3.12' && github.event_name == 'push' && secrets.SNYK_TOKEN != ''
+        uses: snyk/actions/python@v3
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --severity-threshold=high
+          args: --severity-threshold=high --file=requirements.txt
+        working-directory: app_python
 
-  docker:
-    needs: test
-    if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/lab03') }}
+  docker-build-push:
+    name: Build and push Docker image
     runs-on: ubuntu-latest
-
-    env:
-      DOCKER_IMAGE: ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service
+    needs: lint-test
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/lab03')
 
     steps:
-      - name: Checkout repository
+      - name: Checkout
         uses: actions/checkout@v4
 
       - name: Set up Docker Buildx
@@ -77,15 +84,23 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Generate version
-        run: echo "VERSION=$(date +'%Y.%m.%d')" >> $GITHUB_ENV
+      - name: Set image version
+        run: |
+          CALVER=$(date +"%Y.%m")
+          VERSION="${CALVER}.${GITHUB_RUN_NUMBER}"
+          echo "CALVER=${CALVER}" >> $GITHUB_ENV
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+          echo "IMAGE_NAME=pepegx/devops-info-service" >> $GITHUB_ENV
 
-      - name: Build and push Docker image
+      - name: Build and push
         uses: docker/build-push-action@v6
         with:
           context: app_python
           file: app_python/Dockerfile
           push: true
           tags: |
-            ${{ env.DOCKER_IMAGE }}:${{ env.VERSION }}
-            ${{ env.DOCKER_IMAGE }}:latest
+            ${{ env.IMAGE_NAME }}:${{ env.VERSION }}
+            ${{ env.IMAGE_NAME }}:${{ env.CALVER }}
+            ${{ env.IMAGE_NAME }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

app_python/README.md

@@ -1,6 +1,6 @@
 # DevOps Info Service
 
-[![Python CI](https://github.com/pepegx/DevOps-Core-Course/actions/workflows/python-ci.yml/badge.svg)](https://github.com/pepegx/DevOps-Core-Course/actions/workflows/python-ci.yml)
+[![Python CI](https://github.com/pepegx/DevOps-Core-Course/actions/workflows/python-ci.yml/badge.svg?branch=master)](https://github.com/pepegx/DevOps-Core-Course/actions/workflows/python-ci.yml)
 
 > A web service that provides comprehensive system and runtime information for DevOps monitoring and diagnostics.
 
@@ -114,20 +114,6 @@ HOST=127.0.0.1 PORT=3000 DEBUG=true python app.py
 gunicorn -w 4 -b 0.0.0.0:5000 app:app
 ```
 
-## Test Suite
-
-Run the test suite locally with:
-
-```bash
-pytest -q
-```
-
-Run linting locally with:
-
-```bash
-ruff check .
-```
-
 ## Docker
 
 ### Build Image (pattern)
@@ -225,6 +211,18 @@ Health check endpoint for monitoring systems and Kubernetes probes.
 
 ## Testing
 
+### Unit Tests (pytest)
+
+```bash
+python -m pytest -v
+```
+
+Or with python3:
+
+```bash
+python3 -m pytest -v
+```
+
 ### Using curl
 
 ```bash

app_python/docs/LAB03.md

@@ -1,4 +1,4 @@
-# Lab 3 — Continuous Integration (CI/CD): Implementation Report
+# Lab 3 — CI/CD: Implementation Report
 
 **Student:** Danil Fishchenko  
 **Date:** January 31, 2026  
@@ -8,59 +8,124 @@
 
 ## 1. Overview
 
-- **Testing framework:** pytest — concise syntax, strong fixtures ecosystem, widely used for Flask apps.
-- **Coverage:** Tests validate `GET /`, `GET /health`, and error responses (404, 405).
-- **Workflow triggers:** Runs on push to `master` and `lab03`, and on PRs to `master`, only when `app_python/**` or workflow file changes.
-- **Versioning strategy:** **CalVer** (`YYYY.MM.DD`) for Docker tags — simple and time-based for a continuously deployed service.
+**Testing framework:** `pytest` (simple syntax, strong fixtures ecosystem, widely used in Python projects).  
+**Coverage:** All endpoints (`GET /`, `GET /health`) plus error case (`GET /missing`).  
+**CI trigger:** Runs on `push` to `master`/`lab03` and on PRs to `master`, limited to `app_python/**` and workflow changes.  
+**Versioning strategy:** **CalVer** (`YYYY.MM` + GitHub `run_number`). This fits continuous delivery and makes releases time‑based.
 
 ---
 
 ## 2. Workflow Evidence
 
-- ✅ **Successful workflow run:** TODO — add GitHub Actions run link after push.
-- ✅ **Tests passing locally (terminal output):**
+**Local tests (pytest):**
+```
+========================== test session starts ==========================
+platform darwin -- Python 3.14.0, pytest-7.4.3, pluggy-1.6.0 -- /Users/pepega/Documents/devopss/DevOps-Core-Course/.venv/bin/python
+cachedir: .pytest_cache
+rootdir: /Users/pepega/Documents/devopss/DevOps-Core-Course
+plugins: flask-1.3.0
+collected 3 items
+
+app_python/tests/test_app.py::test_index_success PASSED           [ 33%]
+app_python/tests/test_app.py::test_health_success PASSED          [ 66%]
+app_python/tests/test_app.py::test_not_found_error PASSED         [100%]
+
+=========================== 3 passed in 0.10s ===========================
+```
 
+**Local lint (ruff):**
 ```
-....                                                              [100%]
-4 passed in 0.07s
+All checks passed!
 ```
 
-- ✅ **Local run + endpoint checks:**
+**Local endpoint testing:**
+
+`GET /health`
+```
+{
+    "status": "healthy",
+    "timestamp": "2026-01-31T11:10:41.601350+00:00",
+    "uptime_seconds": 5
+}
+```
 
+`GET /`
 ```
-{"endpoints":[{"description":"Service and system information","method":"GET","path":"/"},{"description":"Health check endpoint","method":"GET","path":"/health"}],"request":{"client_ip":"127.0.0.1","me
-{"status":"healthy","timestamp":"2026-01-31T11:00:38.653301+00:00","uptime_seconds":1}
+{
+    "endpoints": [
+        {
+            "description": "Service and system information",
+            "method": "GET",
+            "path": "/"
+        },
+        {
+            "description": "Health check endpoint",
+            "method": "GET",
+            "path": "/health"
+        }
+    ],
+    "request": {
+        "client_ip": "127.0.0.1",
+        "method": "GET",
+        "path": "/",
+        "user_agent": "curl/8.7.1"
+    },
+    "runtime": {
+        "current_time": "2026-01-31T11:10:44.028830+00:00",
+        "timezone": "UTC",
+        "uptime_human": "0 hours, 0 minutes",
+        "uptime_seconds": 7
+    },
+    "service": {
+        "description": "DevOps course info service",
+        "framework": "Flask",
+        "name": "devops-info-service",
+        "version": "1.0.0"
+    },
+    "system": {
+        "architecture": "arm64",
+        "cpu_count": 10,
+        "hostname": "pepegas-MacBook-Air.local",
+        "platform": "Darwin",
+        "platform_version": "Darwin Kernel Version 25.2.0: Tue Nov 18 21:08:48 PST 2025; root:xnu-12377.61.12~1/RELEASE_ARM64_T8132",
+        "python_version": "3.14.0"
+    }
+}
 ```
 
-- ✅ **Docker image on Docker Hub:** https://hub.docker.com/r/pepegx/devops-info-service
-- ✅ **Status badge in README:** Added to the top of the app README.
+**Workflow run (CI):**  
+https://github.com/pepegx/DevOps-Core-Course/actions/workflows/python-ci.yml
+
+**Docker Hub image:**  
+https://hub.docker.com/r/pepegx/devops-info-service
 
 ---
 
 ## 3. Best Practices Implemented
 
-- **Dependency caching:** `actions/setup-python` with pip cache speeds up repeated installs.
-- **Job dependencies:** Docker build/push runs only after tests pass (`needs: test`).
-- **Conditional publishing:** Docker push runs only on `master` or `lab03` branch pushes.
-- **Workflow concurrency:** Cancels outdated runs on the same branch.
-- **Path filters:** CI runs only when `app_python/` changes.
-- **Snyk scanning:** Optional dependency vulnerability scan with `SNYK_TOKEN` secret.
+- **Matrix testing (3.11, 3.12):** catches version-specific issues early.
+- **Job dependency:** Docker build/push only runs after tests pass.
+- **Conditional deploy:** image push only on `master`/`lab03` pushes.
+- **Workflow concurrency:** cancels outdated runs to save CI minutes.
+- **Least-privilege permissions:** `contents: read` only.
+- **Dependency caching:** `actions/setup-python` cache enabled for pip.
+- **Docker layer cache:** `cache-from`/`cache-to` with Buildx to speed rebuilds.
 
-**Caching speed improvement:** TODO — record cache hit/miss times from Actions.
+**Caching note:** The workflow is configured to cache pip dependencies; verify cache hit and time saved in the Actions logs after the first run.
 
-**Snyk results:** TODO — record findings or note “no issues found.”
+**Snyk:** Integrated via `snyk/actions/python@v3` with `--severity-threshold=high`. Runs only on push when `SNYK_TOKEN` is present.
 
 ---
 
 ## 4. Key Decisions
 
-- **Versioning Strategy:** CalVer aligns with frequent service updates without manual SemVer management.
-- **Docker Tags:** `${VERSION}` (CalVer) and `latest` for stable consumers.
-- **Workflow Triggers:** Focused on `app_python/` to avoid unnecessary CI in a monorepo.
-- **Test Coverage:** Core endpoints and error cases tested; system-specific values are asserted by structure, not exact host values.
+**Versioning Strategy:** CalVer (`YYYY.MM.<run_number>`). It matches a continuous delivery workflow and avoids manual tag management.  
+**Docker Tags:** `pepegx/devops-info-service:<YYYY.MM.RUN>`, `<YYYY.MM>`, and `latest`.  
+**Workflow Triggers:** Push/PR limited to `app_python/**` to avoid unnecessary CI runs in a monorepo.  
+**Test Coverage:** Endpoint success cases and 404 error handler are covered; low‑value paths (e.g., startup logs) are not.
 
 ---
 
-## 5. Challenges (Optional)
+## 5. Challenges & Solutions
 
-- **None encountered** during local test setup.
+- **Background app startup for local testing:** Used `nohup env HOST=127.0.0.1 PORT=3000 ...` to run locally without blocking the shell.

app_python/requirements.txt

@@ -7,4 +7,4 @@ gunicorn==21.2.0
 # Development and Testing
 pytest==7.4.3
 pytest-flask==1.3.0
-ruff==0.6.9
+ruff==0.6.8