Lab4: Salavat Zaynulin with bonus task

.github/workflows/go-ci.yml

@@ -0,0 +1,91 @@
+name: Go CI/CD Pipeline
+
+on:
+  push:
+    branches: [ "master", "lab3" ]
+    paths:
+      - 'app_go/**'
+      - '.github/workflows/go-ci.yml'
+  pull_request:
+    branches: [ "master", "lab3" ]
+    paths:
+      - 'app_go/**'
+      - '.github/workflows/go-ci.yml'
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: zsalavat/devops-info-service-go
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22.x'
+
+      - name: Cache Go modules
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('app_go/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Download dependencies
+        working-directory: app_go
+        run: go mod download
+
+      - name: Lint with golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.59.1
+          working-directory: app_go
+          args: --timeout=2m
+
+      - name: Run unit tests
+        working-directory: app_go
+        run: go test ./... -v
+
+  cd:
+    needs: ci
+    runs-on: ubuntu-latest
+    if: >
+      github.event_name == 'push' &&
+      (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/lab3')
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata for Docker tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest
+            type=raw,value={{date 'YYYY.MM'}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: app_go
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/python-ci.yml

@@ -0,0 +1,106 @@
+name: Python CI/CD Pipeline
+
+on:
+  push:
+    branches: [ "master", "lab3" ]
+    paths:
+      - 'app_python/**'
+      - '.github/workflows/python-ci.yml'
+  pull_request:
+    branches: [ "master", "lab3" ]
+    paths:
+      - 'app_python/**'
+      - '.github/workflows/python-ci.yml'
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: zsalavat/devops-info-service-python
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10"]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Cache pip dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          if [ -f app_python/requirements.txt ]; then
+            pip install -r app_python/requirements.txt
+          fi
+          pip install pytest pylint pip-audit
+
+      - name: Lint with pylint
+        run: |
+          pylint --disable=R,C,W1203,W1514,W0621,W0611,E0401 app_python/app.py app_python/tests/
+
+      - name: Run unit tests with coverage
+        run: |
+          pytest -v --tb=short --cov=app_python --cov-report=xml --cov-report=term
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          files: ./coverage.xml
+          flags: python
+          fail_ci_if_error: false
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+
+      - name: Run security scan with pip-audit
+        working-directory: app_python
+        run: pip-audit -r requirements.txt
+
+  cd:
+    needs: ci
+    runs-on: ubuntu-latest
+    if: >
+      github.event_name == 'push' &&
+      (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/lab3')
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata for Docker tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest
+            type=raw,value={{date 'YYYY.MM'}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: app_python
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/terraform-ci.yml

@@ -0,0 +1,81 @@
+name: Terraform CI/CD Pipeline
+
+on: 
+  push:
+    branches: ["master", "lab4"]
+    paths:
+      - 'terraform/**'
+  pull_request:
+    branches: ["master", "lab4"]
+    paths:
+      - 'terraform/**'
+
+jobs:
+  validate:
+    name: Validate Terraform
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+
+    env:
+      TF_IN_AUTOMATION: "true"
+      TF_INPUT: "false"
+      TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.6.6
+          terraform_wrapper: false
+
+      - name: Prepare Terraform plugin cache
+        run: |
+          mkdir -p "${TF_PLUGIN_CACHE_DIR}"
+
+      - name: Cache Terraform plugins
+        uses: actions/cache@v4
+        with:
+          path: .terraform.d/plugin-cache
+          key: ${{ runner.os }}-terraform-plugins-${{ hashFiles('terraform/.terraform.lock.hcl') }}
+          restore-keys: |
+            ${{ runner.os }}-terraform-plugins-
+
+      - name: Terraform fmt (check)
+        working-directory: terraform
+        run: |
+          echo "::group::terraform fmt"
+          terraform fmt -check -recursive -diff
+          echo "::endgroup::"
+
+      - name: Terraform init (no backend)
+        working-directory: terraform
+        run: |
+          echo "::group::terraform init"
+          terraform init -backend=false -no-color
+          echo "::endgroup::"
+
+      - name: Terraform validate
+        working-directory: terraform
+        run: |
+          echo "::group::terraform validate"
+          terraform validate -no-color
+          echo "::endgroup::"
+
+      - name: Set up TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: v0.53.0
+
+      - name: TFLint (lint)
+        working-directory: terraform
+        run: |
+          echo "::group::tflint"
+          tflint --version
+          # If you keep placeholder/unused variables for later labs, disable this rule.
+          tflint --disable-rule=terraform_unused_declarations
+          echo "::endgroup::"

.gitignore

@@ -1 +1,19 @@
-test
+test
+app_python/.venv
+app_python/.pytest_cache
+app_python/__pycache__
+
+
+# Terraform files
+*.tfstate
+*.tfstate.*
+*.tfvars
+.terraform/
+terraform.tfvars
+
+# Sensitive files
+secrets.auto.tfvars
+
+Pulumi.*.yaml
+venv/
+__pycache__/