ostxxp · ostxxp · May 15, 2025 · Jan 7, 2026 · Jan 17, 2026 · Jan 17, 2026
diff --git a/.github/workflows/ansible-deploy.yml b/.github/workflows/ansible-deploy.yml
@@ -0,0 +1,97 @@
+name: Ansible Deploy
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - lab6
+      - lab06
+      - lab7
+      - lab07
+    paths:
+      - "ansible/**"
+      - ".github/workflows/ansible-deploy.yml"
+  pull_request:
+    paths:
+      - "ansible/**"
+      - ".github/workflows/ansible-deploy.yml"
+
+concurrency:
+  group: ansible-deploy-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  syntax-check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install Ansible
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible
+
+      - name: Write vault password file
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.vault_pass.txt
+          chmod 600 ~/.vault_pass.txt
+
+      - name: Show Ansible version
+        run: ansible --version
+
+      - name: Syntax check provision playbook
+        working-directory: ansible
+        run: ansible-playbook -i inventory/hosts.ini playbooks/provision.yml --syntax-check --vault-password-file ~/.vault_pass.txt
+
+      - name: Syntax check deploy playbook
+        working-directory: ansible
+        run: ansible-playbook -i inventory/hosts.ini playbooks/deploy.yml --syntax-check --vault-password-file ~/.vault_pass.txt
+
+  deploy:
+    needs: syntax-check
+    if: github.event_name == 'push'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H "${{ secrets.SERVER_HOST }}" >> ~/.ssh/known_hosts
+
+      - name: Write vault password file
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.vault_pass.txt
+          chmod 600 ~/.vault_pass.txt
+
+      - name: Write inventory from secrets
+        run: |
+          cat > ansible/inventory/hosts.ini <<INVENTORY
+          [webservers]
+          app-server ansible_host=${{ secrets.SERVER_HOST }} ansible_user=${{ secrets.SERVER_USER }} ansible_ssh_private_key_file=~/.ssh/id_rsa
+          INVENTORY
+
+      - name: Install Ansible
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible
+
+      - name: Run provision playbook
+        working-directory: ansible
+        run: ansible-playbook -i inventory/hosts.ini playbooks/provision.yml --vault-password-file ~/.vault_pass.txt
+
+      - name: Run deploy playbook
+        working-directory: ansible
+        run: ansible-playbook -i inventory/hosts.ini playbooks/deploy.yml --vault-password-file ~/.vault_pass.txt
diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
@@ -0,0 +1,108 @@
+name: Python CI (Lab03)
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - lab3
+      - lab03
+      - lab4
+      - lab04
+      - lab5
+      - lab05
+      - lab6
+      - lab06
+      - lab7
+      - lab07
+    paths:
+      - "app_python/**"
+      - "monitoring/**"
+      - "ansible/**"
+      - "playbooks/**"
+      - ".github/workflows/python-ci.yml"
+  pull_request:
+    paths:
+      - "app_python/**"
+      - "monitoring/**"
+      - "ansible/**"
+      - "playbooks/**"
+      - ".github/workflows/python-ci.yml"
+
+concurrency:
+  group: python-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test-lint:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: app_python
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+          cache-dependency-path: "app_python/requirements.txt"
+
+      - name: Install deps
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Lint (ruff)
+        run: ruff check .
+
+      - name: Tests
+        run: pytest -q
+
+  docker-build-push:
+    needs: test-lint
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && (
+        github.ref_name == 'main' ||
+        github.ref_name == 'master' ||
+        github.ref_name == 'lab3' ||
+        github.ref_name == 'lab03' ||
+        github.ref_name == 'lab4' ||
+        github.ref_name == 'lab04' ||
+        github.ref_name == 'lab5' ||
+        github.ref_name == 'lab05' ||
+        github.ref_name == 'lab6' ||
+        github.ref_name == 'lab06' ||
+        github.ref_name == 'lab7' ||
+        github.ref_name == 'lab07'
+      )
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set version (CalVer)
+        run: |
+          echo "CALVER=$(date +%Y.%m)" >> $GITHUB_ENV
+          echo "BUILD=${{ github.run_number }}" >> $GITHUB_ENV
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build & Push
+        uses: docker/build-push-action@v6
+        with:
+          context: ./app_python
+          file: ./app_python/Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_USERNAME }}/devops-lab02-python:${{ env.CALVER }}.${{ env.BUILD }}
+            ${{ secrets.DOCKER_USERNAME }}/devops-lab02-python:latest
diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml
@@ -0,0 +1,49 @@
+name: Terraform CI
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - lab4
+      - lab04
+      - lab5
+      - lab05
+      - lab6
+      - lab06
+      - lab7
+      - lab07
+    paths:
+      - "terraform/**"
+      - ".github/workflows/terraform-ci.yml"
+  pull_request:
+    paths:
+      - "terraform/**"
+      - ".github/workflows/terraform-ci.yml"
+
+concurrency:
+  group: terraform-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  terraform-checks:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: terraform
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform fmt check
+        run: terraform fmt -check -recursive
+
+      - name: Terraform init
+        run: terraform init -input=false
+
+      - name: Terraform validate
+        run: terraform validate
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,23 @@
+__pycache__/
+*.py[cod]
+venv/
+__MACOSX/
+*.log
+
+.vscode/
+.idea/
+
+.obsidian
+
+.DS_Store
+.env
+
+terraform/.terraform/
+terraform/.terraform.lock.hcl
+terraform/terraform.tfstate
+terraform/terraform.tfstate.*
+**/.terraform/*
+**/*.tfstate
+**/*.tfstate.*
+
+pulumi/venv/