Lab06 Solution

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,54 @@
+name: Ansible Deployment
+
+on:
+  push:
+    branches: [ main, master ]
+    paths:
+      - 'ansible/**'
+      - '.github/workflows/ansible-deploy.yml'
+  pull_request:
+    branches: [ main, master ]
+    paths:
+      - 'ansible/**'
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          pip install ansible ansible-lint
+
+      - name: Run ansible-lint
+        run: |
+          cd ansible
+          ansible-lint playbooks/*.yml
+
+  deploy:
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Deploy with Ansible
+        run: |
+          cd ansible
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > /tmp/vault_pass
+          ansible-playbook playbooks/deploy.yml \
+            --vault-password-file /tmp/vault_pass \
+            --tags "app_deploy"
+          rm /tmp/vault_pass
+
+      - name: Verify Deployment
+        run: |
+          sleep 10  # Wait for app to start
+          curl -f http://${{ secrets.VM_HOST }}:5000 || exit 1
+          curl -f http://${{ secrets.VM_HOST }}:5000/health || exit 1

.github/workflows/python-ci.yml

@@ -0,0 +1,94 @@
+name: Python CI & Docker
+
+on:
+  push:
+    branches: [ main, master ]
+    tags: [ 'v*' ]
+  pull_request:
+    branches: [ main, master ]
+
+env:
+  APP_DIR: app_python
+
+jobs:
+  lint-and-test:
+    name: Lint, Test and Snyk
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Cache pip
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r ${{ env.APP_DIR }}/requirements.txt
+          pip install -r ${{ env.APP_DIR }}/requirements-dev.txt
+
+      - name: Lint
+        run: |
+          flake8 ${{ env.APP_DIR }}
+
+      - name: Run tests
+        run: |
+          cd ${{ env.APP_DIR }}
+          pytest -q
+
+      - name: Install Snyk
+        run: |
+          npm install -g snyk
+
+      - name: Snyk test
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: |
+          snyk test --file=${{ env.APP_DIR }}/requirements.txt --severity-threshold=high || true
+
+  docker-build-push:
+    name: Build and Push Docker Image
+    needs: lint-and-test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set version variables
+        id: vars
+        run: |
+          echo "GITHUB_REF=$GITHUB_REF"
+          if [[ "$GITHUB_REF" == refs/tags/v* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          else
+            VERSION="0.0.0-dev-${GITHUB_RUN_NUMBER}"
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          MAJOR_MINOR=$(echo $VERSION | awk -F. '{print $1"."$2}')
+          echo "MAJOR_MINOR=$MAJOR_MINOR" >> $GITHUB_ENV
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: ./app_python
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:${{ env.VERSION }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:${{ env.MAJOR_MINOR }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:latest

.gitignore

@@ -1 +1,7 @@
-test
+test
+
+# Ansible
+*.retry
+.vault_pass
+ansible/inventory/*.pyc
+__pycache__/

ansible/.ansible-lint.yml

@@ -0,0 +1,2 @@
+skip_list:
+  - var-naming[no-role-prefix]

ansible/README.md

@@ -0,0 +1 @@
+[![Ansible Deployment](https://github.com/iu-capstone-ad/DevOps-Core-Course/actions/workflows/ansible-deploy.yml/badge.svg)](https://github.com/iu-capstone-ad/DevOps-Core-Course/actions/workflows/ansible-deploy.yml)

ansible/ansible.cfg

@@ -0,0 +1,11 @@
+[defaults]
+inventory = inventory/hosts.ini
+roles_path = roles
+host_key_checking = False
+remote_user = cirno
+retry_files_enabled = False
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root