Lab6

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,90 @@
+name: Ansible Deploy
+
+on:
+  push:
+    branches: [master, lab6]
+    paths:
+      - 'ansible/**'
+      - '.github/workflows/ansible-deploy.yml'
+  pull_request:
+    branches: [master]
+    paths:
+      - 'ansible/**'
+  workflow_dispatch:
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install ansible-lint
+        run: |
+          pip install ansible-lint ansible-core
+
+      - name: Run ansible-lint
+        run: |
+          cd ansible
+          ansible-lint roles/ playbooks/
+        continue-on-error: true
+
+  deploy:
+    name: Deploy Application
+    needs: lint
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install Ansible and dependencies
+        run: |
+          pip install ansible
+          ansible-galaxy collection install community.docker
+          ansible-galaxy collection install community.general
+
+      - name: Create vault password file
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > /tmp/vault_pass
+
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H ${{ secrets.VM_HOST }} >> ~/.ssh/known_hosts
+
+      - name: Test Ansible connectivity
+        run: |
+          cd ansible
+          ansible all -m ping --vault-password-file /tmp/vault_pass
+
+      - name: Deploy application
+        run: |
+          cd ansible
+          ansible-playbook playbooks/site.yml --vault-password-file /tmp/vault_pass
+
+      - name: Verify deployment
+        run: |
+          sleep 10
+          curl -f http://${{ secrets.VM_HOST }}:5000/health
+
+      - name: Cleanup
+        if: always()
+        run: |
+          rm -f /tmp/vault_pass
+          rm -f ~/.ssh/id_rsa

.github/workflows/python-ci.yml

@@ -0,0 +1,111 @@
+name: Python CI/CD
+
+on:
+  push:
+    branches: [ master, lab3 ]
+    paths:
+      - 'app_python/**'
+      - '.github/workflows/python-ci.yml'
+  pull_request:
+    branches: [ master ]
+    paths:
+      - 'app_python/**'
+
+defaults:
+  run:
+    working-directory: app_python
+
+jobs:
+  test:
+    name: Test & Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+          cache-dependency-path: 'app_python/requirements*.txt'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
+          pip install pylint
+
+      - name: Run linter
+        run: |
+          pylint app.py --disable=C0114,C0116,R0903,W0718 --max-line-length=120 || true
+        continue-on-error: true
+
+      - name: Run tests
+        run: |
+          pytest tests/ -v --tb=short
+
+  security-scan:
+    name: Security Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python-3.10@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high --file=app_python/requirements.txt
+
+  build-and-push:
+    name: Build & Push Docker Image
+    needs: test
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Generate version tag (CalVer)
+        id: version
+        run: |
+          VERSION=$(date +%Y.%m.%d)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Generated version: $VERSION"
+        working-directory: .
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKER_USERNAME }}/system-info-api
+          tags: |
+            type=raw,value=${{ steps.version.outputs.version }}
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./app_python
+          file: ./app_python/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/terraform-ci.yml

@@ -0,0 +1,71 @@
+name: Terraform CI
+
+on:
+  push:
+    branches: [ master, lab04 ]
+    paths:
+      - 'terraform/**'
+      - '.github/workflows/terraform-ci.yml'
+  pull_request:
+    branches: [ master ]
+    paths:
+      - 'terraform/**'
+
+defaults:
+  run:
+    working-directory: terraform
+
+jobs:
+  terraform-validate:
+    name: Terraform Validation
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.9.0
+
+      - name: Terraform Format Check
+        id: fmt
+        run: terraform fmt -check -recursive
+        continue-on-error: true
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -backend=false
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Comment Format Check Result
+        if: steps.fmt.outcome == 'failure'
+        run: |
+          echo "❌ Terraform formatting check failed!"
+          echo "Run 'terraform fmt -recursive' to fix"
+          exit 1
+
+  tflint:
+    name: TFLint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: latest
+
+      - name: Init TFLint
+        working-directory: terraform
+        run: tflint --init
+
+      - name: Run TFLint
+        working-directory: terraform
+        run: tflint --format compact --no-color

.gitignore

@@ -1 +1,2 @@
-test
+test
+terraform.tfvars

ansible/.ansible-lint

@@ -0,0 +1,15 @@
+---
+skip_list:
+  - role-name
+  - yaml[line-length]
+  - name[casing]
+  - fqcn[action-core]
+
+exclude_paths:
+  - .github/
+  - venv/
+  - .vault_pass
+
+warn_list:
+  - experimental
+  - no-changed-when

ansible/.gitignore

@@ -0,0 +1,6 @@
+# Ansible
+*.retry
+.vault_pass
+*.pyc
+__pycache__/
+.ansible/

ansible/ansible.cfg

@@ -0,0 +1,16 @@
+[defaults]
+inventory = inventory/hosts.ini
+roles_path = roles
+host_key_checking = False
+remote_user = ubuntu
+retry_files_enabled = False
+deprecation_warnings = False
+stdout_callback = default
+private_key_file = /mnt/c/Users/prizr/.ssh/id_rsa
+vault_password_file = .vault_pass
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root
+become_ask_pass = False

ansible/group_vars/all.yml

@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+32343866633564306332363439386564636337653536663037363139633863653630323633626135
+3839653031303534376364336164633933336334613639630a366436656165396635613237353730
+63613931646134643965353639353365653266326533653230666339373338383830613036353632
+3336303936666139370a643831613931626330393962323938646639333863376437336465343038
+64396138353439373130303661653937323738373039356565653962393261656237653239396331
+35323163356238613263323832346366326466653835336231353963303561393132383031363333
+34373662313665623232663766356434653337396465336237346533376463623066653339643134
+66383034386333613365656339646632663637656532333033626335366337626332346536633639
+37376164626261393636393466393935653638393132626163383530343933616166366139626261
+36626365643131613736346161336631363461383335623165656364346532613134303735376431
+62633864316637313136656331366338646636323732623833643538626130343163313066653766
+64323930626332396634633666386531363935623965613035366437316634383961613061633865
+66653833636563653138336334316336383762363137396565323135643336333964666464636330
+66636330653966653931353736326565316361313864663463663131353663396237386664373935
+65643666333439366366633635333331326335373833306466313338643933366639393431386537
+61386232653266383632393332393262643465353934306266643833643731626663326436313564
+3130

ansible/inventory/hosts.ini

@@ -0,0 +1,5 @@
+[webservers]
+lab04-vm ansible_host=93.77.179.128 ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/id_rsa
+
+[webservers:vars]
+ansible_python_interpreter=/usr/bin/python3

ansible/playbooks/deploy.yml

@@ -0,0 +1,19 @@
+---
+- name: Deploy application
+  hosts: webservers
+  become: yes
+  vars_files:
+    - ../group_vars/all.yml
+
+  roles:
+    - role: web_app
+      tags: deploy
+
+  post_tasks:
+    - name: Display deployment success message
+      ansible.builtin.debug:
+        msg: "Application deployed successfully on port {{ app_host_port }}!"
+
+    - name: Show application URL
+      ansible.builtin.debug:
+        msg: "Access application at: http://{{ ansible_host }}:{{ app_host_port }}"

ansible/playbooks/provision.yml

@@ -0,0 +1,18 @@
+---
+# System provisioning playbook
+
+- name: Provision web servers
+  hosts: webservers
+  become: yes
+
+  roles:
+    - role: common
+      tags: common
+
+    - role: docker
+      tags: docker
+
+  post_tasks:
+    - name: Display provisioning completion message
+      ansible.builtin.debug:
+        msg: "System provisioning completed successfully!"