inno-devops-labs · merkulovleo · Jan 28, 2026 · Jan 28, 2026 · Feb 5, 2026 · Feb 5, 2026
diff --git a/.DS_Store b/.DS_Store
diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml
@@ -0,0 +1,87 @@
+name: Go CI
+
+on:
+  push:
+    branches: [master, lab03]
+    paths:
+      - 'app_go/**'
+      - '.github/workflows/go-ci.yml'
+  pull_request:
+    branches: [master]
+    paths:
+      - 'app_go/**'
+      - '.github/workflows/go-ci.yml'
+
+concurrency:
+  group: go-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  GO_VERSION: "1.22"
+  DOCKER_IMAGE: merkulovlr05/devops-info-go
+
+jobs:
+  test:
+    name: Lint & Test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: app_go
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache-dependency-path: app_go/go.sum
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          working-directory: app_go
+
+      - name: Run tests with coverage
+        run: go test -v -coverprofile=coverage.out ./...
+
+      - name: Upload coverage to Codecov
+        if: github.event_name == 'push'
+        uses: codecov/codecov-action@v4
+        with:
+          file: app_go/coverage.out
+          flags: go
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  docker:
+    name: Build & Push Docker Image
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate CalVer version
+        id: version
+        run: echo "VERSION=$(date +%Y.%m).${{ github.run_number }}" >> "$GITHUB_OUTPUT"
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: app_go
+          push: true
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:${{ steps.version.outputs.VERSION }}
+            ${{ env.DOCKER_IMAGE }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
@@ -0,0 +1,117 @@
+name: Python CI
+
+on:
+  push:
+    branches: [master, lab03]
+    paths:
+      - 'app_python/**'
+      - '.github/workflows/python-ci.yml'
+  pull_request:
+    branches: [master]
+    paths:
+      - 'app_python/**'
+      - '.github/workflows/python-ci.yml'
+
+concurrency:
+  group: python-ci-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  PYTHON_VERSION: "3.13"
+  DOCKER_IMAGE: merkulovlr05/devops-info
+
+jobs:
+  test:
+    name: Lint & Test
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: app_python
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: pip
+          cache-dependency-path: app_python/requirements.txt
+
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+
+      - name: Lint with flake8
+        run: flake8 app.py tests/ --max-line-length=100
+
+      - name: Run tests with coverage
+        run: pytest tests/ -v --cov=. --cov-report=term-missing --cov-report=xml
+
+      - name: Upload coverage to Codecov
+        if: github.event_name == 'push'
+        uses: codecov/codecov-action@v4
+        with:
+          file: app_python/coverage.xml
+          flags: python
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: app_python
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: pip
+          cache-dependency-path: app_python/requirements.txt
+
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --file=app_python/requirements.txt --severity-threshold=high
+
+  docker:
+    name: Build & Push Docker Image
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate CalVer version
+        id: version
+        run: echo "VERSION=$(date +%Y.%m).${{ github.run_number }}" >> "$GITHUB_OUTPUT"
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: app_python
+          push: true
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:${{ steps.version.outputs.VERSION }}
+            ${{ env.DOCKER_IMAGE }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml
@@ -0,0 +1,116 @@
+name: Terraform CI/CD
+
+on:
+  pull_request:
+    paths:
+      - 'terraform/**'
+      - 'terraform-oracle/**'
+      - '.github/workflows/terraform-ci.yml'
+  push:
+    branches:
+      - master
+      - lab04
+    paths:
+      - 'terraform/**'
+      - 'terraform-oracle/**'
+      - '.github/workflows/terraform-ci.yml'
+
+jobs:
+  terraform-validate:
+    name: Terraform Validation
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        terraform-dir: ['terraform', 'terraform-oracle']
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.5.7
+
+      - name: Check if directory exists
+        id: check_dir
+        run: |
+          if [ -d "${{ matrix.terraform-dir }}" ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Terraform Format Check
+        if: steps.check_dir.outputs.exists == 'true'
+        run: |
+          cd ${{ matrix.terraform-dir }}
+          terraform fmt -check -recursive
+        continue-on-error: false
+
+      - name: Terraform Init
+        if: steps.check_dir.outputs.exists == 'true'
+        run: |
+          cd ${{ matrix.terraform-dir }}
+          terraform init -backend=false
+        env:
+          TF_CLI_ARGS: "-no-color"
+
+      - name: Terraform Validate
+        if: steps.check_dir.outputs.exists == 'true'
+        run: |
+          cd ${{ matrix.terraform-dir }}
+          terraform validate -no-color
+
+      - name: Setup TFLint
+        if: steps.check_dir.outputs.exists == 'true'
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: latest
+
+      - name: Init TFLint
+        if: steps.check_dir.outputs.exists == 'true'
+        run: |
+          cd ${{ matrix.terraform-dir }}
+          tflint --init
+
+      - name: Run TFLint
+        if: steps.check_dir.outputs.exists == 'true'
+        run: |
+          cd ${{ matrix.terraform-dir }}
+          tflint --format compact
+
+  security-scan:
+    name: Security Scan (tfsec)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run tfsec
+        uses: aquasecurity/tfsec-action@v1.0.3
+        with:
+          working_directory: '.'
+          soft_fail: true  # Don't fail the workflow, just report
+          format: default
+
+  summary:
+    name: Validation Summary
+    runs-on: ubuntu-latest
+    needs: [terraform-validate, security-scan]
+    if: always()
+
+    steps:
+      - name: Check validation results
+        run: |
+          echo "## Terraform CI/CD Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "✅ All Terraform configurations validated successfully!" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Checks Performed:" >> $GITHUB_STEP_SUMMARY
+          echo "- ✅ Terraform format validation" >> $GITHUB_STEP_SUMMARY
+          echo "- ✅ Terraform syntax validation" >> $GITHUB_STEP_SUMMARY
+          echo "- ✅ TFLint analysis" >> $GITHUB_STEP_SUMMARY
+          echo "- ✅ Security scan (tfsec)" >> $GITHUB_STEP_SUMMARY
diff --git a/.gitignore b/.gitignore
@@ -1 +1,61 @@
-test
+test
+
+# Terraform
+*.tfstate
+*.tfstate.*
+.terraform/
+terraform.tfvars
+*.tfvars
+.terraform.lock.hcl
+terraform/.terraform/
+terraform/*.tfvars
+terraform/*.tfstate*
+terraform-oracle/.terraform/
+terraform-oracle/*.tfvars
+terraform-oracle/*.tfstate*
+terraform-github/.terraform/
+terraform-github/*.tfvars
+terraform-github/*.tfstate*
+
+# Pulumi
+pulumi/venv/
+pulumi/__pycache__/
+pulumi/.venv/
+pulumi/*.egg-info/
+Pulumi.*.yaml
+pulumi/.pulumi/
+
+# Cloud credentials
+*.pem
+*.key
+*.json
+credentials
+authorized_key
+service-account-key.json
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+venv/
+.venv/
+ENV/
+env/
+
+# Ansible
+*.retry
+ansible/.vault_pass
+ansible/inventory/*.pyc
+ansible/__pycache__/
+
+# macOS
+.DS_Store
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+*~