feat: implement lab03 ci/cd

.github/workflows/python-ci.yml

@@ -0,0 +1,122 @@
+name: Python CI/CD
+
+on:
+  - push
+  - pull_request
+
+env:
+  DOCKER_IMAGE: ${{ secrets.DOCKER_USERNAME }}/devops-info-service
+
+jobs:
+  test:
+    name: Lint & Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+
+      - name: Cache Python dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('app_python/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          cd app_python
+          pip install -r requirements.txt
+          pip install ruff
+
+      - name: Run linter (ruff)
+        run: |
+          cd app_python
+          ruff check app.py tests/
+
+      - name: Run tests
+        run: |
+          cd app_python
+          pytest tests/ -v --cov=. --cov-report=xml --cov-report=term
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          file: app_python/coverage.xml
+          token: ${{ secrets.CODECOV_TOKEN }}
+          fail_ci_if_error: false
+
+  security:
+    name: Security Scan (Snyk)
+    runs-on: ubuntu-latest
+    needs: test
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          cd app_python
+          pip install -r requirements.txt
+
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high --file=app_python/requirements.txt --skip-unresolved
+          command: test
+
+  build-and-push:
+    name: Build & Push Docker Image
+    runs-on: ubuntu-latest
+    needs: [test, security]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_IMAGE }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=ref,event=branch
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=sha,prefix=
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: app_python
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

app_python/.dockerignore

@@ -0,0 +1,43 @@
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+*.egg-info/
+dist/
+build/
+*.egg
+
+.venv/
+venv/
+ENV/
+env/
+
+.git/
+.gitignore
+.gitattributes
+
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+docs/
+README.md
+*.md
+
+tests/
+.pytest_cache/
+.coverage
+htmlcov/
+
+.env
+.env.local
+.env.*.local
+
+*.log
+
+*.bak
+*.tmp

app_python/.gitignore

@@ -0,0 +1,27 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+venv/
+env/
+ENV/
+*.log
+*.pot
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/

app_python/Dockerfile

@@ -0,0 +1,29 @@
+FROM python:3.13-slim
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    HOST=0.0.0.0 \
+    PORT=5000 \
+    DEBUG=False
+
+RUN groupadd -r appuser && useradd -r -g appuser -s /sbin/nologin -d /app appuser
+
+RUN mkdir -p /app && chown -R appuser:appuser /app
+
+WORKDIR /app
+
+COPY --chown=appuser:appuser requirements.txt .
+
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
+
+COPY --chown=appuser:appuser app.py .
+
+USER appuser
+
+EXPOSE 5000
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:5000/health')" || exit 1
+
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "5000"]

app_python/README.md

@@ -0,0 +1,166 @@
+# devops info service
+
+[![.github/workflows/python-ci.yml](https://github.com/agonychaser/devops-s26/actions/workflows/python-ci.yml/badge.svg)](https://github.com/agonychaser/devops-s26/actions/workflows/python-ci.yml)
+
+a web application providing detailed information about itself and its runtime environment. built with FastAPI as part of the devops course labs.
+
+## overview
+
+the devops info service is a monitoring foundation that reports system information and health status. this service will evolve throughout the course into a comprehensive monitoring tool with containerization, CI/CD, monitoring, and persistence capabilities.
+
+## prerequisites
+
+- python 3.11 or higher
+- pip (python package manager)
+
+## installation
+
+1. create a virtual environment:
+   ```bash
+   python3 -m venv .venv
+   ```
+
+2. activate the virtual environment:
+
+   ```bash
+   source venv/bin/activate
+   ```
+
+3. install dependencies:
+   ```bash
+   pip install -r requirements.txt
+   ```
+
+## running the application
+
+start the application with default configuration:
+
+```bash
+python app.py
+```
+
+or with custom configuration:
+
+```bash
+HOST=127.0.0.1 PORT=3000 DEBUG=True python app.py
+```
+
+the service will be available at `http://localhost:5000` (or the configured port).
+
+## API endpoints
+
+### `GET /`
+
+returns comprehensive service and system information.
+
+**example response:**
+```json
+{
+  "service": {
+    "name": "devops-info-service",
+    "version": "1.0.0",
+    "description": "DevOps course info service",
+    "framework": "FastAPI"
+  },
+  "system": {
+    "hostname": "s-razmakhov",
+    "platform": "Darwin",
+    "platform_version": "macOS-26.2-arm64-arm-64bit",
+    "architecture": "arm64",
+    "cpu_count": 12,
+    "python_version": "3.9.6"
+  },
+  "runtime": {
+    "uptime_seconds": 2,
+    "uptime_human": "2 seconds",
+    "current_time": "2026-01-28T20:07:01.956014+00:00",
+    "timezone": "UTC"
+  },
+  "request": {
+    "client_ip": "127.0.0.1",
+    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36",
+    "method": "GET",
+    "path": "/"
+  },
+  "endpoints": [
+    {
+      "path": "/",
+      "method": "GET",
+      "description": "Service information"
+    },
+    {
+      "path": "/health",
+      "method": "GET",
+      "description": "Health check"
+    }
+  ]
+}
+```
+
+### `GET /health`
+
+simple health check endpoint for monitoring and Kubernetes probes.
+
+**example response:**
+```json
+{
+  "status": "healthy",
+  "timestamp": "2026-01-28T20:08:16.012061+00:00",
+  "uptime_seconds": 76
+}
+```
+
+## configuration
+
+the application can be configured via environment variables:
+
+| variable | default | description |
+|----------|---------|-------------|
+| `HOST` | `0.0.0.0` | host to bind the server to |
+| `PORT` | `5000` | port to listen on |
+| `DEBUG` | `False` | enable debug mode with auto-reload |
+
+## docker
+
+### building the image
+
+build the docker image from the `app_python` directory:
+
+```bash
+docker build -t devops-info-service .
+```
+
+### running the container
+
+run the container with port mapping:
+
+```bash
+docker run -d -p 5000:5000 devops-info-service
+```
+
+### pulling from docker hub
+
+pull the image from docker hub:
+
+```bash
+docker pull onemoreslacker/devops-info-service:v0
+```
+
+run the pulled image:
+
+```bash
+docker run -d -p 5000:5000 onemoreslacker/devops-info-service:v0
+```
+
+## testing
+
+```bash
+# get main endpoint
+curl http://localhost:5000/
+
+# get health check
+curl http://localhost:5000/health
+
+# 404 not found
+curl http://localhost:5000/devops
+```