inno-devops-labs · blxxdclxud · Feb 15, 2026 · Feb 15, 2026 · Feb 15, 2026 · Feb 15, 2026
diff --git a/.github/workflows/ansible-deploy-bonus.yml b/.github/workflows/ansible-deploy-bonus.yml
@@ -0,0 +1,97 @@
+name: Ansible Deployment - Bonus App
+
+on:
+  push:
+    branches: [main, master, lab06]
+    paths:
+      - 'ansible/vars/app_bonus.yml'
+      - 'ansible/playbooks/deploy_bonus.yml'
+      - 'ansible/roles/web_app/**'
+      - '.github/workflows/ansible-deploy-bonus.yml'
+  pull_request:
+    branches: [main, master]
+    paths:
+      - 'ansible/vars/app_bonus.yml'
+      - 'ansible/playbooks/deploy_bonus.yml'
+      - '.github/workflows/ansible-deploy-bonus.yml'
+
+jobs:
+  lint:
+    name: Ansible Lint - Bonus
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          pip install ansible ansible-lint
+          ansible-galaxy collection install community.docker ansible.posix community.general
+
+      - name: Write vault password for lint
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ansible/.vault_pass
+          chmod 600 ansible/.vault_pass
+
+      - name: Run ansible-lint on bonus playbook
+        working-directory: ansible
+        run: |
+          ansible-lint playbooks/deploy_bonus.yml
+
+      - name: Cleanup vault password
+        if: always()
+        run: rm -f ansible/.vault_pass
+
+  deploy:
+    name: Deploy Bonus App
+    needs: lint
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install Ansible and collections
+        run: |
+          pip install ansible
+          ansible-galaxy collection install community.docker ansible.posix community.general
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H ${{ secrets.VM_HOST }} >> ~/.ssh/known_hosts
+
+      - name: Write vault password file
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ansible/.vault_pass
+          chmod 600 ansible/.vault_pass
+
+      - name: Deploy bonus application
+        working-directory: ansible
+        run: |
+          ansible-playbook playbooks/deploy_bonus.yml \
+            -i inventory/hosts.ini
+
+      - name: Cleanup vault password file
+        if: always()
+        run: rm -f ansible/.vault_pass
+
+      - name: Verify bonus app deployment via SSH
+        run: |
+          ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no \
+            ${{ secrets.VM_USER }}@${{ secrets.VM_HOST }} \
+            "docker ps && curl -sf http://localhost:8001/health && echo 'Bonus app verified!'"
diff --git a/.github/workflows/ansible-deploy.yml b/.github/workflows/ansible-deploy.yml
@@ -0,0 +1,101 @@
+name: Ansible Deployment
+
+on:
+  push:
+    branches: [main, master, lab06]
+    paths:
+      - 'ansible/**'
+      - '!ansible/docs/**'
+      - '.github/workflows/ansible-deploy.yml'
+  pull_request:
+    branches: [main, master]
+    paths:
+      - 'ansible/**'
+      - '.github/workflows/ansible-deploy.yml'
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          pip install ansible ansible-lint
+          ansible-galaxy collection install community.docker ansible.posix community.general
+
+      - name: Write vault password for lint
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ansible/.vault_pass
+          chmod 600 ansible/.vault_pass
+
+      - name: Run ansible-lint
+        working-directory: ansible
+        run: |
+          ansible-lint playbooks/provision.yml playbooks/deploy.yml
+
+      - name: Cleanup vault password
+        if: always()
+        run: rm -f ansible/.vault_pass
+
+  deploy:
+    name: Deploy Application
+    needs: lint
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install Ansible and collections
+        run: |
+          pip install ansible
+          ansible-galaxy collection install community.docker ansible.posix community.general
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H ${{ secrets.VM_HOST }} >> ~/.ssh/known_hosts
+
+      - name: Write vault password file
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ansible/.vault_pass
+          chmod 600 ansible/.vault_pass
+
+      - name: Run provision playbook
+        working-directory: ansible
+        run: |
+          ansible-playbook playbooks/provision.yml \
+            -i inventory/hosts.ini
+
+      - name: Deploy application
+        working-directory: ansible
+        run: |
+          ansible-playbook playbooks/deploy_python.yml \
+            -i inventory/hosts.ini
+
+      - name: Cleanup vault password file
+        if: always()
+        run: rm -f ansible/.vault_pass
+
+      - name: Verify deployment via SSH
+        run: |
+          ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no \
+            ${{ secrets.VM_USER }}@${{ secrets.VM_HOST }} \
+            "docker ps && curl -sf http://localhost:5000/health && echo 'Deployment verified!'"
diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml
@@ -0,0 +1,45 @@
+name: Terraform CI
+
+on:
+  pull_request:
+    paths:
+      - 'terraform/**'
+      - '.github/workflows/terraform-ci.yml'
+  push:
+    paths:
+      - 'terraform/**'
+      - '.github/workflows/terraform-ci.yml'
+
+jobs:
+  validate:
+    name: Validate Terraform
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: terraform/
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.9.0"
+
+      - name: Terraform Format Check
+        run: terraform fmt -check -recursive
+
+      - name: Terraform Init
+        run: terraform init -backend=false
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: latest
+
+      - name: Run TFLint
+        run: tflint --format compact
diff --git a/.gitignore b/.gitignore
@@ -1 +1,25 @@
-test
+# Terraform
+*.tfstate
+*.tfstate.*
+.terraform/
+.terraform.lock.hcl
+terraform.tfvars
+*.tfvars
+crash.log
+
+# Pulumi
+venv/
+pulumi/venv/
+pulumi/Pulumi.*.yaml
+__pycache__/
+*.pyc
+
+# Credentials
+*.pem
+*.key
+yc-key.json
+
+# Ansible
+*.retry
+ansible/.vault_pass
+ansible/inventory/*.pyc
diff --git a/.idea/.gitignore b/.idea/.gitignore
diff --git a/.idea/DevOps-Core-Course.iml b/.idea/DevOps-Core-Course.iml
diff --git a/.idea/copilot.data.migration.ask2agent.xml b/.idea/copilot.data.migration.ask2agent.xml
diff --git a/.idea/material_theme_project_new.xml b/.idea/material_theme_project_new.xml
diff --git a/.idea/modules.xml b/.idea/modules.xml
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
diff --git a/README.md b/README.md
@@ -3,6 +3,9 @@
 [![Labs](https://img.shields.io/badge/Labs-18-blue)](#labs)
 [![Exam](https://img.shields.io/badge/Exam-Optional-green)](#exam-alternative)
 [![Duration](https://img.shields.io/badge/Duration-18%20Weeks-lightgrey)](#course-roadmap)
+[![Ansible Deployment](https://github.com/blxxdclxud/DevOps-Core-Course/actions/workflows/ansible-deploy.yml/badge.svg)](https://github.com/blxxdclxud/DevOps-Core-Course/actions/workflows/ansible-deploy.yml)
+[![Ansible Deployment - Bonus App](https://github.com/blxxdclxud/DevOps-Core-Course/actions/workflows/ansible-deploy-bonus.yml/badge.svg)](https://github.com/blxxdclxud/DevOps-Core-Course/actions/workflows/ansible-deploy-bonus.yml)
+[![Terraform CI](https://github.com/blxxdclxud/DevOps-Core-Course/actions/workflows/terraform-ci.yml/badge.svg)](https://github.com/blxxdclxud/DevOps-Core-Course/actions/workflows/terraform-ci.yml)
 
 Master **production-grade DevOps practices** through hands-on labs. Build, containerize, deploy, monitor, and scale applications using industry-standard tools.
 

diff --git a/ansible/.ansible-lint b/ansible/.ansible-lint
@@ -0,0 +1,13 @@
+---
+# Ansible-lint configuration
+profile: basic
+
+# Skip rules that conflict with our design choices
+skip_list:
+  # Vault variables and playbook vars use shared names (no role prefix)
+  - var-naming[no-role-prefix]
+  # We use ignore_errors in wipe.yml intentionally (app may not exist yet)
+  - ignore-errors
+
+warn_list:
+  - args[module]
diff --git a/ansible/README.md b/ansible/README.md
@@ -0,0 +1 @@
+# CI/CD configured and tested
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
@@ -0,0 +1,12 @@
+[defaults]
+inventory = inventory/hosts.ini
+roles_path = roles
+host_key_checking = False
+remote_user = ubuntu
+retry_files_enabled = False
+vault_password_file = .vault_pass
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root