ddd

.github/workflows/README.md

@@ -0,0 +1 @@
+# Workflow Test Сб 21 мар 2026 00:12:21 MSK

.github/workflows/terraform-apply.yml

@@ -0,0 +1,65 @@
+# ============================================================
+# GitHub Actions: Terraform Apply на merge в main
+# Файл: .github/workflows/terraform-apply.yml
+# ============================================================
+
+name: Terraform Apply
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  terraform-apply:
+    name: 'Terraform Apply'
+    runs-on: ubuntu-latest
+    environment: production
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: '1.6.0'
+
+    - name: Terraform Init
+      run: |
+        cd bootstrap
+        terraform init \
+          -backend-config="bucket=${{ secrets.TF_BUCKET_NAME }}" \
+          -backend-config="access_key=${{ secrets.TF_ACCESS_KEY }}" \
+          -backend-config="secret_key=${{ secrets.TF_SECRET_KEY }}" \
+          -reconfigure
+
+    - name: Terraform Validate
+      run: |
+        cd bootstrap
+        terraform validate
+
+    - name: Terraform Plan
+      run: |
+        cd bootstrap
+        terraform plan -no-color -out=tfplan
+      env:
+        TF_VAR_yandex_token: ${{ secrets.YC_TOKEN }}
+        YC_TOKEN: ${{ secrets.YC_TOKEN }}
+
+    - name: Terraform Apply
+      run: |
+        cd bootstrap
+        terraform apply -auto-approve tfplan
+      env:
+        TF_VAR_yandex_token: ${{ secrets.YC_TOKEN }}
+        YC_TOKEN: ${{ secrets.YC_TOKEN }}
+
+    - name: Update Outputs
+      run: |
+        cd bootstrap
+        terraform output -json > ../infrastructure/bootstrap-outputs.json
+      env:
+        YC_TOKEN: ${{ secrets.YC_TOKEN }}

.github/workflows/terraform-plan.yml

@@ -0,0 +1,62 @@
+# ============================================================
+# GitHub Actions: Terraform Plan на Pull Request
+# Файл: .github/workflows/terraform-plan.yml
+# ============================================================
+
+name: Terraform Plan
+
+on:
+  pull_request:
+    branches: [ main ]
+
+
+jobs:
+  terraform-plan:
+    name: 'Terraform Plan'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: '1.6.0'
+
+    - name: Terraform Init
+      run: |
+        cd bootstrap
+        terraform init \
+          -backend-config="bucket=${{ secrets.TF_BUCKET_NAME }}" \
+          -backend-config="access_key=${{ secrets.TF_ACCESS_KEY }}" \
+          -backend-config="secret_key=${{ secrets.TF_SECRET_KEY }}"
+
+    - name: Terraform Validate
+      run: |
+        cd bootstrap
+        terraform validate
+
+    - name: Terraform Plan
+      run: |
+        cd bootstrap
+        terraform plan -no-color -out=tfplan
+      env:
+        TF_VAR_yandex_token: ${{ secrets.YC_TOKEN }}
+        YC_TOKEN: ${{ secrets.YC_TOKEN }}
+
+    - name: Comment PR with Plan Output
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const fs = require('fs');
+          const plan = fs.readFileSync('bootstrap/tfplan', 'utf8');
+          await github.rest.issues.createComment({
+            issue_number: context.payload.pull_request.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: `## 🗂️ Terraform Plan Output\n\n\`\`\`\n${plan.substring(0, 65000)}\n\`\`\``
+          });

.gitignore

@@ -1,122 +1,43 @@
-.lock.hcl
-.tfstate
-.vagrant
-*.retry
-**/vagrant_ansible_inventory
-*.iml
-temp
-contrib/offline/offline-files
-contrib/offline/offline-files.tar.gz
-.idea
-.vscode
-.tox
-.cache
-*.bak
+# ============================================================
+# TERRAFORM - Чувствительные файлы (В НАЧАЛЕ!)
+# ============================================================
+*.tfplan
+*.tfplan.json
 *.tfstate
-*.tfstate*backup
-*.lock.hcl
+*.tfstate.backup
+*.tfstate.*
+*.tfvars
 .terraform/
-contrib/terraform/aws/credentials.tfvars
 .terraform.lock.hcl
-/ssh-bastion.conf
-**/*.sw[pon]
-*~
-vagrant/
-plugins/mitogen
-
-# Ansible inventory
-inventory/*
-!inventory/local
-!inventory/sample
-inventory/*/artifacts/
-
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-
-# Distribution / packaging
-.Python
-env/
-build/
-credentials/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-parts/
-sdist/
-var/
-*.egg-info/
-.installed.cfg
-*.egg
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*,cover
-.hypothesis/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
+!*.tfvars.example
+infrastructure/tfplan
+infrastructure/tfplan.*
+bootstrap/tfplan
+bootstrap/tfplan.*
+kubernetes-kubeadm/tfplan
+kubernetes-kubeadm/tfplan.*
+
+# ============================================================
+# OUTPUTS С СЕКРЕТАМИ
+# ============================================================
+*-outputs.json
+bootstrap-outputs.json
+infra-outputs.json
+
+# ============================================================
+# СЕКРЕТЫ И КЛЮЧИ
+# ============================================================
+*.pem
+*.key
+*.secret
+credentials.json
+*.password
+*.env
+
+# ============================================================
+# ЛОКАЛЬНЫЕ КОНФИГИ
+# ============================================================
+.kube/
 *.log
-local_settings.py
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-target/
-
-# IPython Notebook
-.ipynb_checkpoints
-
-# pyenv
-.python-version
-
-# dotenv
-.env
-
-# virtualenv
-venv/
-ENV/
-
-# molecule
-roles/**/molecule/**/__pycache__/
-
-# macOS
 .DS_Store
-
-# Temp location used by our scripts
-scripts/tmp/
-tmp.md
-
-# Ansible collection files
-kubernetes_sigs-kubespray*tar.gz
-ansible_collections
+*~