Lab17

.github/workflows/ansible-deploy-java.yml

@@ -0,0 +1,107 @@
+name: Ansible Deploy — Java App
+
+on:
+  push:
+    branches: [master, main]
+    paths:
+      - "ansible/vars/app_java.yml"
+      - "ansible/playbooks/deploy_java.yml"
+      - "ansible/roles/web_app/**"
+      - ".github/workflows/ansible-deploy-java.yml"
+  pull_request:
+    branches: [master, main]
+    paths:
+      - "ansible/vars/app_java.yml"
+      - "ansible/playbooks/deploy_java.yml"
+      - "ansible/roles/web_app/**"
+      - ".github/workflows/ansible-deploy-java.yml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ansible-deploy-java-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ansible
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: pip
+
+      - name: Install Ansible and ansible-lint
+        run: pip install "ansible<10" ansible-lint
+
+      - name: Install required Ansible collections
+        run: ansible-galaxy collection install -r collections/requirements.yml
+
+      - name: Run ansible-lint on Java deploy playbook
+        run: ansible-lint playbooks/deploy_java.yml
+
+  deploy:
+    name: Deploy Java App
+    needs: lint
+    runs-on: ubuntu-latest
+    if: github.event_name != 'pull_request'
+    defaults:
+      run:
+        working-directory: ansible
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: pip
+
+      - name: Install Ansible and collections
+        run: |
+          pip install "ansible<10"
+          ansible-galaxy collection install -r collections/requirements.yml
+
+      - name: Configure SSH for target VM
+        run: |
+          mkdir -p ~/.ssh
+          printf '%s' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H ${{ secrets.VM_HOST }} >> ~/.ssh/known_hosts 2>/dev/null || true
+
+      - name: Write Vault password file
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > /tmp/vault_pass
+          chmod 600 /tmp/vault_pass
+
+      - name: Deploy Java application
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: "False"
+        run: |
+          ansible-playbook playbooks/deploy_java.yml \
+            -i inventory/hosts.ini \
+            --vault-password-file /tmp/vault_pass \
+            --extra-vars "ansible_user=${{ secrets.VM_USER }} ansible_host=${{ secrets.VM_HOST }}"
+
+      - name: Clean up sensitive files
+        if: always()
+        run: rm -f /tmp/vault_pass ~/.ssh/id_rsa
+
+      - name: Verify Java app is running
+        run: |
+          sleep 15
+          curl -f http://${{ secrets.VM_HOST }}:8001/health || exit 1
+          echo "Java app health check passed"

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,112 @@
+name: Ansible Deploy — Python App
+
+on:
+  push:
+    branches: [master, main, lab06]
+    paths:
+      - "ansible/**"
+      - "!ansible/docs/**"
+      - ".github/workflows/ansible-deploy.yml"
+  pull_request:
+    branches: [master, main]
+    paths:
+      - "ansible/**"
+      - "!ansible/docs/**"
+      - ".github/workflows/ansible-deploy.yml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ansible-deploy-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # ─────────────────────────────────────────────────────────────────
+  # Job 1: Lint – fast feedback before any deployment is attempted
+  # ─────────────────────────────────────────────────────────────────
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ansible
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: pip
+
+      - name: Install Ansible and ansible-lint
+        run: pip install "ansible<10" ansible-lint
+
+      - name: Install required Ansible collections
+        run: ansible-galaxy collection install -r collections/requirements.yml
+
+      - name: Run ansible-lint on all playbooks
+        run: ansible-lint playbooks/*.yml
+
+  # ─────────────────────────────────────────────────────────────────
+  # Job 2: Deploy – only runs after lint passes
+  # ─────────────────────────────────────────────────────────────────
+  deploy:
+    name: Deploy Python App
+    needs: lint
+    runs-on: ubuntu-latest
+    # Only actually deploy on pushes to main branches (not PRs)
+    if: github.event_name != 'pull_request'
+    defaults:
+      run:
+        working-directory: ansible
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: pip
+
+      - name: Install Ansible and collections
+        run: |
+          pip install "ansible<10"
+          ansible-galaxy collection install -r collections/requirements.yml
+
+      - name: Configure SSH for target VM
+        run: |
+          mkdir -p ~/.ssh
+          printf '%s' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H ${{ secrets.VM_HOST }} >> ~/.ssh/known_hosts 2>/dev/null || true
+
+      - name: Write Vault password file
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > /tmp/vault_pass
+          chmod 600 /tmp/vault_pass
+
+      - name: Deploy Python application
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: "False"
+        run: |
+          ansible-playbook playbooks/deploy_python.yml \
+            -i inventory/hosts.ini \
+            --vault-password-file /tmp/vault_pass \
+            --extra-vars "ansible_user=${{ secrets.VM_USER }} ansible_host=${{ secrets.VM_HOST }}"
+
+      - name: Clean up sensitive files
+        if: always()
+        run: rm -f /tmp/vault_pass ~/.ssh/id_rsa
+
+      - name: Verify Python app is running
+        run: |
+          sleep 10
+          curl -f http://${{ secrets.VM_HOST }}:5000/health || exit 1
+          echo "Python app health check passed"

.github/workflows/java-ci.yml

@@ -0,0 +1,83 @@
+name: Java CI
+
+on:
+  push:
+    branches: ["master"]
+    tags: ["v*"]
+    paths:
+      - "app_java/**"
+      - ".github/workflows/java-ci.yml"
+  pull_request:
+    branches: ["master"]
+    paths:
+      - "app_java/**"
+      - ".github/workflows/java-ci.yml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: java-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  JAVA_VERSION: "21"
+  DOCKER_IMAGE: "112005/devops-lab3-java"
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: app_java
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: ${{ env.JAVA_VERSION }}
+          cache: "maven"
+
+      - name: Lint (Checkstyle)
+        run: mvn -q -DskipTests=true checkstyle:check
+
+      - name: Test
+        run: mvn -q test
+
+  docker:
+    runs-on: ubuntu-latest
+    needs: test
+    if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_IMAGE }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: app_java
+          file: app_java/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}