Add GitLab EE Ansible role (temp location - move to infrastructure/ansible)

Moved to infrastructure/ansible.

.gitea/workflows/ci.yml

@@ -5,12 +5,15 @@ on:
     branches:
       - main
       - master
-      - fix-validation-issues
   pull_request:
 
+env:
+  REGISTRY: git.danhenry.dev
+  IMAGE_NAME: git.danhenry.dev/thelab/shopping-list-api
+
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: gitea
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -30,7 +33,7 @@ jobs:
         run: uv run pytest
 
   docker-push:
-    runs-on: ubuntu-latest
+    runs-on: gitea
     needs: test
     if: gitea.event_name == 'push'
     steps:
@@ -43,16 +46,10 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Set image name (lowercase)
-        id: meta
-        run: |
-          IMAGE="${{ secrets.DOCKER_REGISTRY }}/${{ toLower(gitea.repository) }}"
-          echo "image=${IMAGE}" >> "$GITHUB_OUTPUT"
-
       - name: Log in to Gitea container registry
         uses: docker/login-action@v3
         with:
-          registry: ${{ steps.meta.outputs.image }}
+          registry: ${{ env.REGISTRY }}
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
@@ -63,7 +60,7 @@ jobs:
           push: true
           platforms: linux/amd64,linux/arm64
           tags: |
-            ${{ steps.meta.outputs.image }}:${{ gitea.sha }}
+            ${{ env.IMAGE_NAME }}:${{ gitea.sha }}
-            ${{ steps.meta.outputs.image }}:latest
+            ${{ env.IMAGE_NAME }}:latest
-          cache-from: type=registry,ref=${{ steps.meta.outputs.image }}:latest
+          cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:latest
-          cache-to: type=registry,ref=${{ steps.meta.outputs.image }}:latest,mode=max
+          cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:latest,mode=max

infrastructure/ansible/playbooks/services/gitlab.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy GitLab EE
+  hosts: gitlab
+  become: true
+  roles:
+    - gitlab

infrastructure/ansible/playbooks/services/shopping_list_api.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy Shopping List API
+  hosts: shopping_list_api
+  become: true
+  roles:
+    - shopping_list_api

infrastructure/ansible/roles/gitlab/defaults/main.yml

@@ -0,0 +1,17 @@
+---
+gitlab_base_path: "{{ base_config_dir }}/gitlab"
+gitlab_config_path: "{{ gitlab_base_path }}/config"
+gitlab_logs_path: "{{ gitlab_base_path }}/logs"
+gitlab_data_path: "{{ gitlab_base_path }}/data"
+gitlab_state_path: "{{ gitlab_base_path }}/state"
+
+gitlab_hostname: gitlab.example.com
+gitlab_external_url: http://gitlab.example.com
+gitlab_ssh_port: 2222
+
+gitlab_proxy_port: 8080
+gitlab_http_port: 80
+gitlab_https_port: 443
+
+gitlab_gitlab_ee_image: gitlab/gitlab-ee:latest
+gitlab_nginx_image: nginx:alpine

infrastructure/ansible/roles/gitlab/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart GitLab
+  community.docker.docker_compose_v2:
+    project_src: "{{ gitlab_base_path }}"
+    state: restarted

infrastructure/ansible/roles/gitlab/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: docker

infrastructure/ansible/roles/gitlab/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+- name: Create GitLab directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ docker_uid }}"
+    group: "{{ docker_gid }}"
+    mode: '0755'
+  loop:
+    - "{{ gitlab_config_path }}"
+    - "{{ gitlab_logs_path }}"
+    - "{{ gitlab_data_path }}"
+    - "{{ gitlab_state_path }}"
+
+- name: Deploy docker-compose.yml
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: "{{ gitlab_base_path }}/docker-compose.yml"
+    owner: "{{ docker_uid }}"
+    group: "{{ docker_gid }}"
+    mode: '0600'
+  notify: Restart GitLab
+
+- name: Deploy nginx reverse proxy config
+  ansible.builtin.template:
+    src: nginx.conf.j2
+    dest: "{{ gitlab_base_path }}/nginx.conf"
+    owner: "{{ docker_uid }}"
+    group: "{{ docker_gid }}"
+    mode: '0644'
+  notify: Restart GitLab
+
+- name: Deploy GitLab via Docker Compose
+  community.docker.docker_compose_v2:
+    project_src: "{{ gitlab_base_path }}"
+    state: present

infrastructure/ansible/roles/gitlab/templates/docker-compose.yml.j2

@@ -0,0 +1,29 @@
+---
+services:
+  gitlab:
+    image: {{ gitlab_gitlab_ee_image }}
+    hostname: {{ gitlab_hostname }}
+    environment:
+      GITLAB_EXTERNAL_URL: "{{ gitlab_external_url }}"
+      GITLAB_SSH_PORT: {{ gitlab_ssh_port }}
+    ports:
+      - "{{ gitlab_ssh_port }}:22"
+    volumes:
+      - {{ gitlab_config_path }}:/etc/gitlab
+      - {{ gitlab_logs_path }}:/var/log/gitlab
+      - {{ gitlab_data_path }}:/var/opt/gitlab
+      - {{ gitlab_state_path }}:/var/gitlab/state
+    restart: unless-stopped
+    shm_size: '256m'
+
+  proxy:
+    image: {{ gitlab_nginx_image }}
+    ports:
+      - "{{ gitlab_proxy_port }}:80"
+      - "{{ gitlab_https_port }}:443"
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      gitlab:
+        condition: service_started
+    restart: unless-stopped

infrastructure/ansible/roles/gitlab/templates/nginx.conf.j2

@@ -0,0 +1,27 @@
+upstream gitlab {
+    server gitlab:{{ gitlab_http_port }};
+}
+
+server {
+    listen 80;
+    server_name {{ gitlab_hostname }};
+
+    location / {
+        proxy_pass http://gitlab;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_buffering off;
+        proxy_request_buffering off;
+    }
+
+    # GitLab WebSocket support for git clone via HTTP
+    location /-/gitlab-lfs/objects {
+        proxy_pass http://gitlab;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

main.py

@@ -107,6 +107,17 @@ class ListWithItems(ListResponse):
 def read_root():
     return {"message": "Shopping List API"}
 
+@app.get("/health", tags=["meta"])
+def health_check():
+    conn = get_db()
+    try:
+        conn.execute("SELECT 1").fetchone()
+        conn.close()
+        return {"status": "ok"}
+    except Exception as e:
+        conn.close()
+        return {"status": "error", "detail": str(e)}, 503
+
 @app.post("/products", response_model=ProductResponse, status_code=201, tags=["products"])
 def create_product(product: Product):
     conn = get_db()