Fixed drone.yml

.drone.yml.with-trivy

@@ -0,0 +1,128 @@
+---
+kind: pipeline
+type: docker
+name: code-quality
+
+# Триггеры для пайплайна проверки качества
+trigger:
+  event:
+    - push
+    - pull_request
+
+steps:
+  # Проверка качества Python кода (только критические ошибки)
+  - name: python-lint
+    image: python:3.11-slim
+    commands:
+      - cd backend
+      - pip install flake8
+      - echo "Running flake8 (critical errors only)..."
+      - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+      - echo "✅ Critical checks passed"
+
+  # Проверка качества JavaScript/React кода (опционально)
+  - name: frontend-lint
+    image: node:18-alpine
+    commands:
+      - cd frontend
+      - npm ci
+      - echo "Running ESLint (non-blocking)..."
+      - npm run lint || echo "⚠️ ESLint warnings found (non-blocking)"
+      - echo "✅ Frontend checks completed"
+
+  # Проверка безопасности зависимостей Python (опционально)
+  - name: python-security
+    image: python:3.11-slim
+    commands:
+      - cd backend
+      - pip install safety
+      - echo "Checking for known security vulnerabilities..."
+      - safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found (non-blocking)"
+      - echo "✅ Security checks completed"
+
+  # Проверка безопасности зависимостей Node.js
+  - name: frontend-security
+    image: node:18-alpine
+    commands:
+      - cd frontend
+      - npm ci
+      - echo "Running npm audit..."
+      - npm audit --audit-level=moderate || true
+
+---
+kind: pipeline
+type: docker
+name: build-and-publish
+
+# Триггеры для пайплайна сборки
+trigger:
+  event:
+    - push
+    - tag
+  branch:
+    - main
+    - master
+    - develop
+
+# Зависимость от пайплайна проверки качества
+depends_on:
+  - code-quality
+
+steps:
+  # Сборка и публикация Docker образа
+  - name: build-and-push
+    image: plugins/docker
+    settings:
+      # Настройки реестра
+      registry: registry.nevetime.ru
+      repo: registry.nevetime.ru/mc-panel
+      
+      # Теги для образа
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA:0:8}
+        - ${DRONE_BRANCH}
+      
+      # Автоматическое тегирование при push тега
+      auto_tag: true
+      auto_tag_suffix: ${DRONE_BUILD_NUMBER}
+      
+      # Dockerfile
+      dockerfile: Dockerfile
+      context: .
+      
+      # Учетные данные (настройте в Drone secrets)
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      
+      # Build args (опционально)
+      build_args:
+        - BUILD_DATE=${DRONE_BUILD_CREATED}
+        - VCS_REF=${DRONE_COMMIT_SHA}
+        - VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
+    
+    when:
+      event:
+        - push
+        - tag
+
+  # Сканирование образа на уязвимости (с авторизацией)
+  - name: scan-image
+    image: aquasec/trivy
+    environment:
+      TRIVY_USERNAME:
+        from_secret: docker_username
+      TRIVY_PASSWORD:
+        from_secret: docker_password
+    commands:
+      - echo "Scanning image for vulnerabilities..."
+      - trivy image --exit-code 0 --severity HIGH,CRITICAL --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
+      - echo "✅ Security scan completed"
+    when:
+      event:
+        - push
+        - tag
+    depends_on:
+      - build-and-push