Lab16

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,105 @@
+name: Ansible Deployment
+
+on:
+  workflow_run:
+    workflows:
+      - "Python CD - Containerize and publish image"
+    branches:
+      - main
+      - master
+    types:
+      - completed
+  push:
+    branches:
+      - test
+  workflow_dispatch:
+
+jobs:
+  lint:
+    name: Ansible Lint
+    if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: solution/lab05/ansible
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_sha || github.sha }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install lint dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-core ansible-lint
+          ansible-galaxy collection install -r collections/requirements.yml --timeout 120
+
+      - name: Run ansible-lint
+        run: ansible-lint playbooks/*.yml
+
+  deploy:
+    name: Deploy Web App
+    needs: lint
+    if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
+    runs-on: self-hosted
+    defaults:
+      run:
+        working-directory: solution/lab05/ansible
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_sha || github.sha }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install deployment dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-core
+
+      - name: Configure SSH access
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          VM_HOST: ${{ secrets.VM_HOST }}
+        run: |
+          set -euo pipefail
+          test -n "$SSH_PRIVATE_KEY"
+          test -n "$VM_HOST"
+          install -m 700 -d ~/.ssh
+          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          touch ~/.ssh/known_hosts
+          chmod 600 ~/.ssh/known_hosts
+          ssh-keyscan -H "$VM_HOST" >> ~/.ssh/known_hosts || true
+
+      - name: Run deploy playbook
+        env:
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+          VM_HOST: ${{ secrets.VM_HOST }}
+          VM_USER: ${{ secrets.VM_USER }}
+        run: |
+          set -euo pipefail
+          trap 'rm -f /tmp/vault_pass' EXIT
+          printf '%s\n' "$ANSIBLE_VAULT_PASSWORD" > /tmp/vault_pass
+          ansible-playbook playbooks/deploy.yml \
+            -i inventory/hosts.ini \
+            --vault-password-file /tmp/vault_pass \
+            -e "ansible_host=$VM_HOST ansible_user=$VM_USER ansible_ssh_common_args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"
+
+      - name: Verify deployment endpoint
+        env:
+          VM_HOST: ${{ secrets.VM_HOST }}
+        run: |
+          set -euo pipefail
+          sleep 10
+          curl -fsS "http://$VM_HOST:5000"
+          curl -fsS "http://$VM_HOST:5000/health"

.github/workflows/python-cd.yml

@@ -0,0 +1,37 @@
+name: Python CD - Containerize and publish image
+
+on:
+  workflow_run:
+    workflows: ["Python CI - Run tests and lints"]
+    branches: [main, master]
+    types: [completed]
+
+env: 
+  VERSION: 0.1.0
+jobs:
+  deploy:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+
+      - name: Build Docker image
+        working-directory: ./solution/app_python
+        run: docker build -t devops-i-lobazov:${{ env.VERSION }} .
+
+      - name: Login to Docker Hub
+        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+
+      - name: Tag image (version)
+        run: docker tag devops-i-lobazov:${{ env.VERSION }} ${{ secrets.DOCKER_USERNAME }}/devops-i-lobazov:${{ env.VERSION }}
+
+      - name: Tag image (latest)
+        run: docker tag devops-i-lobazov:${{ env.VERSION }} ${{ secrets.DOCKER_USERNAME }}/devops-i-lobazov:latest
+
+      - name: Push image (version tag)
+        run: docker push ${{ secrets.DOCKER_USERNAME }}/devops-i-lobazov:${{ env.VERSION }}
+
+      - name: Push image (latest tag)
+        run: docker push ${{ secrets.DOCKER_USERNAME }}/devops-i-lobazov:latest

.github/workflows/python-ci.yml

@@ -0,0 +1,53 @@
+name: Python CI - Run tests and lints
+
+on:
+  push:
+    paths:
+      - 'solution/app_python/**'
+      - '.github/workflows/python-ci.yml'
+  pull_request:
+    paths:
+      - 'solution/app_python/**'
+      - '.github/workflows/python-ci.yml'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python environment
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.14'
+          cache: 'pip'
+          cache-dependency-path: |
+            solution/app_python/requirements.txt
+            solution/app_python/requirements.dev.txt
+
+      - name: Install dependencies
+        working-directory: ./solution/app_python
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install -r requirements.dev.txt
+
+      - name: Run flake8 linter
+        working-directory: ./solution/app_python
+        run: flake8 .
+
+      - name: Run tests with coverage
+        working-directory: ./solution/app_python
+        run: |
+          pytest tests/ -v --cov=. --cov-report=xml --cov-report=term-missing
+
+      - name: Install Snyk CLI
+        uses: snyk/actions/setup@master
+
+      - name: Run Snyk security scan
+        working-directory: ./solution/app_python
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: snyk test --severity-threshold=high

.github/workflows/rust-cd.yml

@@ -0,0 +1,38 @@
+name: Rust CD - Containerize and publish image
+
+on:
+  workflow_run:
+    workflows: ["Rust CI - Lint and test"]
+    branches: [main, master]
+    types: [completed]
+
+env:
+    VERSION: 0.1.0
+
+jobs:
+  deploy:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+
+      - name: Build Docker image
+        working-directory: ./solution/app_rust
+        run: docker build -t devops-info-service-rust:${{ env.VERSION }} .
+
+      - name: Login to Docker Hub
+        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+
+      - name: Tag image (version)
+        run: docker tag devops-info-service-rust:${{ env.VERSION }} ${{ secrets.DOCKER_USERNAME }}/devops-info-service-rust:${{ env.VERSION }}
+
+      - name: Tag image (latest)
+        run: docker tag devops-info-service-rust:${{ env.VERSION }} ${{ secrets.DOCKER_USERNAME }}/devops-info-service-rust:latest
+
+      - name: Push image (version tag)
+        run: docker push ${{ secrets.DOCKER_USERNAME }}/devops-info-service-rust:${{ env.VERSION }}
+
+      - name: Push image (latest tag)
+        run: docker push ${{ secrets.DOCKER_USERNAME }}/devops-info-service-rust:latest

.github/workflows/rust-ci.yml

@@ -0,0 +1,61 @@
+name: Rust CI - Lint and test
+
+on:
+  push:
+    paths:
+      - 'solution/app_rust/**'
+      - '.github/workflows/rust-ci.yml'
+  pull_request:
+    paths:
+      - 'solution/app_rust/**'
+      - '.github/workflows/rust-ci.yml'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          components: rustfmt, clippy
+
+      - name: Cache cargo registry
+        uses: actions/cache@v3
+        with:
+          path: ~/.cargo/registry
+          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Cache cargo index
+        uses: actions/cache@v3
+        with:
+          path: ~/.cargo/git
+          key: ${{ runner.os }}-cargo-git-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Cache cargo build
+        uses: actions/cache@v3
+        with:
+          path: solution/app_rust/target
+          key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
+
+      # Free plan allows only limited support for the rust and by unknown reason Snyk CLI doesn't recognize Cargo.toml regardless the efforts
+      # - name: Install Snyk CLI
+      #   uses: snyk/actions/setup@master
+
+      # - name: Run Snyk security scan
+      #   working-directory: ./solution/app_rust
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #   run: snyk test --severity-threshold=high
+
+      - name: Run clippy linter
+        working-directory: ./solution/app_rust
+        run: cargo clippy --all-targets --all-features -- -D warnings
+
+      - name: Run tests
+        working-directory: ./solution/app_rust
+        run: cargo test

.github/workflows/terraform-ci.yml

@@ -0,0 +1,43 @@
+name: Terraform CI
+
+on:
+  pull_request:
+    paths:
+      - "solution/terraform/**"
+      - ".github/workflows/terraform-ci.yml"
+  workflow_dispatch:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: solution/terraform
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform fmt (check)
+        run: terraform fmt -check -recursive
+
+      - name: Terraform init
+        run: terraform init -backend=false
+
+      - name: Terraform validate
+        run: terraform validate
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+
+      - name: TFLint version
+        run: tflint --version
+
+      - name: TFLint init
+        run: tflint --init
+
+      - name: Run TFLint
+        run: tflint --format compact

.gitignore

@@ -1 +1,10 @@
-test
+test
+.idea
+.vscode
+.env
+k8s/certs/
+solution/monitoring/.env
+*.exe
+*.tgz
+**/data/**
+.local/

README.md

@@ -3,6 +3,7 @@
 [![Labs](https://img.shields.io/badge/Labs-18-blue)](#labs)
 [![Exam](https://img.shields.io/badge/Exam-Optional-green)](#exam-alternative)
 [![Duration](https://img.shields.io/badge/Duration-18%20Weeks-lightgrey)](#course-roadmap)
+[![Ansible Deployment](https://github.com/xrixis/DevOps-Core-Course/actions/workflows/ansible-deploy.yml/badge.svg)](https://github.com/xrixis/DevOps-Core-Course/actions/workflows/ansible-deploy.yml)
 
 Master **production-grade DevOps practices** through hands-on labs. Build, containerize, deploy, monitor, and scale applications using industry-standard tools.
 
@@ -269,3 +270,4 @@ After completing all 16 core labs (+ optional Labs 17-18), you'll have:
 **Ready to begin? Start with [Lab 1](labs/lab01.md)!**
 
 Questions? Check the course Moodle page or ask during office hours.
+