Conversation
Main Tasks (Python app): - Add production-ready Dockerfile with best practices - Non-root user (appuser) - Specific base image version (python:3.13-slim) - Proper layer ordering for caching - Health check implementation - Create .dockerignore for optimized build context - Add Docker section to README.md with usage examples - Create comprehensive LAB02.md documentation - Push image to Docker Hub (ellilin/devops-info-service:v1.0.0) - Final image size: 208MB Bonus Task (Go app - Multi-stage build): - Implement multi-stage Dockerfile for Go application - Stage 1: Builder (golang:1.21-alpine) for compilation - Stage 2: Runtime (alpine:3.19) for minimal footprint - Static binary with stripped symbols (-ldflags='-s -w') - Create .dockerignore for Go - Build 31.6MB final image (91% smaller than single-stage) - Push to Docker Hub (ellilin/devops-info-service-go:v1.0.0) - Create detailed LAB02.md documentation explaining: - Multi-stage strategy and benefits - Size comparison analysis - Security implications - Technical explanation of each stage Security: - Both apps run as non-root user - Minimal base images for reduced attack surface - No build tools in production images - Proper health checks implemented
…e CodeQL to v4, fix SARIF upload conditions
Lab 6 Implementation (10 pts + 2.5 bonus): Main Tasks: - Task 1: Refactored roles with blocks and tags (2 pts) * Common role: package/user management blocks with rescue/always * Docker role: installation/configuration blocks with error handling * Comprehensive tag strategy for selective execution - Task 2: Upgraded to Docker Compose (3 pts) * Renamed app_deploy to web_app * Created Docker Compose template with Jinja2 * Implemented role dependencies (web_app depends on docker) * Deployed using community.docker.docker_compose_v2 module - Task 3: Implemented wipe logic (1 pt) * Double-gating with variable + tag for safety * Clean reinstallation workflow (wipe → deploy) * Support for removing volumes and images - Task 4: CI/CD with GitHub Actions (3 pts) * Created ansible-deploy.yml workflow * Integrated ansible-lint for syntax checking * Automated deployment on push to main/master * Added verification steps for application health * Configured path filters for efficiency - Task 5: Documentation (1 pt) * Created comprehensive LAB06.md * Documented all implementations with examples * Answered all research questions * Added testing results and evidence Bonus Tasks: - Bonus Part 1: Multi-App Deployment (1.5 pts) * Created separate variable files for Python and Go apps * Implemented deployment playbooks for each app * Role reusability with different configurations * Independent wipe functionality per app - Bonus Part 2: Multi-App CI/CD (1 pt) * Separate workflows for Python and Go apps * Path filters for independent triggering * App-specific verification steps Infrastructure: - Updated Terraform for Lab 6 - Added security group rules for ports 5000, 5001 - Opened SSH for GitHub Actions self-hosted runner - Updated all resource tags to Lab06 Files Changed: - ansible/roles/common/tasks/main.yml (blocks & tags) - ansible/roles/docker/tasks/main.yml (blocks & tags) - ansible/roles/web_app/ (Docker Compose, wipe logic) - ansible/vars/ (multi-app variables) - ansible/playbooks/ (deployment playbooks) - .github/workflows/ (CI/CD workflows) - terraform/ (infrastructure updates) - README.md (status badges) - ansible/docs/LAB06.md (documentation)
|
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Terraform Validation Results ✅
DetailsTerraform configuration has been validated successfully! Pushed by: @ellilin, Action: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.