From 49affe389159ca2c9c9c49930a35af56ad198e6c Mon Sep 17 00:00:00 2001 From: arkonsadter Date: Sun, 18 Jan 2026 20:27:54 +0600 Subject: [PATCH] fixed drone.yml --- .drone.yml | 347 ++++++++++++++++++----------------------------------- 1 file changed, 116 insertions(+), 231 deletions(-) diff --git a/.drone.yml b/.drone.yml index f4a9a60..03e5ac4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,79 +4,37 @@ name: code-quality trigger: event: - - push - - pull_request + - push + - pull_request steps: -- name: python-lint - image: python:3.11-slim - commands: - - cd backend - - pip install --no-cache-dir flake8 black isort - - echo "Running flake8 linting..." - - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - - echo "Checking code formatting with black..." - - black --check --diff . || echo "WARNING Code formatting issues found" - - echo "Checking import sorting..." - - isort --check-only --diff . || echo "WARNING Import sorting issues found" - - echo "SUCCESS Python checks completed" + - name: python-lint + image: python:3.11-slim + commands: + - cd backend + - pip install flake8 + - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics -- name: frontend-lint - image: node:20-alpine - commands: - - cd frontend - - npm ci --silent - - echo "Running TypeScript compilation check..." - - npx tsc --noEmit || echo "WARNING TypeScript errors found" - - echo "Running ESLint..." - - npm run lint || echo "WARNING ESLint warnings found (non-blocking)" - - echo "SUCCESS Frontend checks completed" + - name: frontend-lint + image: node:20-alpine + commands: + - cd frontend + - npm ci --silent + - npm run lint || echo "ESLint warnings found" -- name: python-tests - image: python:3.11-slim - commands: - - cd backend - - pip install --no-cache-dir -r requirements.txt pytest pytest-asyncio pytest-cov - - echo "Running Python tests..." - - python -m pytest tests/ -v --cov=. --cov-report=term-missing || echo "WARNING Some tests failed (non-blocking)" - - echo "SUCCESS Python tests completed" - when: - event: - - push - - pull_request + - name: python-security + image: python:3.11-slim + commands: + - cd backend + - pip install safety + - safety check --file=requirements.txt --exit-zero || echo "Security warnings found" -- name: frontend-tests - image: node:20-alpine - commands: - - cd frontend - - npm ci --silent - - echo "Running frontend tests..." - - npm test -- --run --reporter=verbose || echo "WARNING Some frontend tests failed (non-blocking)" - - echo "SUCCESS Frontend tests completed" - when: - event: - - push - - pull_request - -- name: python-security - image: python:3.11-slim - commands: - - cd backend - - pip install --no-cache-dir safety bandit - - echo "Checking for known security vulnerabilities..." - - safety check --file=requirements.txt --exit-zero || echo "WARNING Security warnings found" - - echo "Running bandit security analysis..." - - bandit -r . -f json -o bandit-report.json || echo "WARNING Security issues found" - - echo "SUCCESS Security checks completed" - -- name: frontend-security - image: node:20-alpine - commands: - - cd frontend - - npm ci --silent - - echo "Running npm audit..." - - npm audit --audit-level=moderate || echo "WARNING Security warnings found" - - echo "SUCCESS Frontend security checks completed" + - name: frontend-security + image: node:20-alpine + commands: + - cd frontend + - npm ci --silent + - npm audit --audit-level=moderate || echo "Security warnings found" --- kind: pipeline @@ -85,84 +43,58 @@ name: build-and-publish trigger: event: - - push - - tag + - push + - tag branch: - - main - - master - - develop + - main + - master + - develop depends_on: -- code-quality + - code-quality steps: -- name: build-and-push - image: plugins/docker - settings: - registry: registry.nevetime.ru - repo: registry.nevetime.ru/mc-panel - tags: - - latest - - ${DRONE_COMMIT_SHA:0:8} - - ${DRONE_BRANCH} - auto_tag: true - dockerfile: Dockerfile - context: . - username: - from_secret: docker_username - password: - from_secret: docker_password - build_args: - - BUILD_DATE=${DRONE_BUILD_CREATED} - - VCS_REF=${DRONE_COMMIT_SHA} - - VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}} - when: - event: - - push - - tag + - name: build-and-push + image: plugins/docker + settings: + registry: registry.nevetime.ru + repo: registry.nevetime.ru/mc-panel + tags: + - latest + - ${DRONE_COMMIT_SHA:0:8} + - ${DRONE_BRANCH} + auto_tag: true + dockerfile: Dockerfile + context: . + username: + from_secret: docker_username + password: + from_secret: docker_password + build_args: + - BUILD_DATE=${DRONE_BUILD_CREATED} + - VCS_REF=${DRONE_COMMIT_SHA} + - VERSION=${DRONE_TAG:-${DRONE_BRANCH}} + when: + event: + - push + - tag -- name: test-image - image: docker:dind - volumes: - - name: docker-sock - path: /var/run/docker.sock - commands: - - echo "Testing built Docker image..." - - docker run --rm -d --name mc-panel-test -p 8001:8000 registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} - - sleep 30 - - echo "Checking if application is responding..." - - docker exec mc-panel-test curl -f http://localhost:8000/ || echo "WARNING Health check failed" - - docker stop mc-panel-test - - echo "SUCCESS Image test completed" - when: - event: - - push - - tag - depends_on: - - build-and-push - -- name: scan-image - image: aquasec/trivy:latest - environment: - TRIVY_USERNAME: - from_secret: docker_username - TRIVY_PASSWORD: - from_secret: docker_password - commands: - - echo "Scanning image for vulnerabilities..." - - trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} - - echo "SUCCESS Security scan completed" - when: - event: - - push - - tag - depends_on: - - build-and-push - -volumes: -- name: docker-sock - host: - path: /var/run/docker.sock + - name: scan-image + image: aquasec/trivy:latest + environment: + TRIVY_USERNAME: + from_secret: docker_username + TRIVY_PASSWORD: + from_secret: docker_password + commands: + - echo "Scanning image for vulnerabilities..." + - trivy image --exit-code 0 --severity HIGH,CRITICAL registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} + when: + event: + - push + - tag + depends_on: + - build-and-push --- kind: pipeline @@ -171,35 +103,34 @@ name: deploy-staging trigger: event: - - push + - push branch: - - develop + - develop depends_on: -- build-and-publish + - build-and-publish steps: -- name: deploy-to-staging - image: alpine:latest - environment: - STAGING_HOST: - from_secret: staging_host - STAGING_USER: - from_secret: staging_user - STAGING_KEY: - from_secret: staging_ssh_key - commands: - - apk add --no-cache openssh-client - - echo "Deploying to staging environment..." - - echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key - - chmod 600 /tmp/ssh_key - - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} && docker-compose -f /opt/mc-panel/docker-compose.staging.yml up -d" - - echo "SUCCESS Staging deployment completed" - when: - event: - - push - branch: - - develop + - name: deploy-to-staging + image: alpine:latest + environment: + STAGING_HOST: + from_secret: staging_host + STAGING_USER: + from_secret: staging_user + STAGING_KEY: + from_secret: staging_ssh_key + commands: + - apk add --no-cache openssh-client + - echo "Deploying to staging..." + - echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key + - chmod 600 /tmp/ssh_key + - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}" + when: + event: + - push + branch: + - develop --- kind: pipeline @@ -208,75 +139,29 @@ name: deploy-production trigger: event: - - tag - ref: - - refs/tags/v* - -depends_on: -- build-and-publish - -steps: -- name: deploy-to-production - image: alpine:latest - environment: - PROD_HOST: - from_secret: production_host - PROD_USER: - from_secret: production_user - PROD_KEY: - from_secret: production_ssh_key - commands: - - apk add --no-cache openssh-client - - echo "Deploying to production environment..." - - echo "$PROD_KEY" | base64 -d > /tmp/ssh_key - - chmod 600 /tmp/ssh_key - - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG} && docker-compose -f /opt/mc-panel/docker-compose.prod.yml up -d" - - echo "SUCCESS Production deployment completed" - when: - event: - tag - ---- -kind: pipeline -type: docker -name: notify - -trigger: - event: - - push - - tag - - pull_request - status: - - success - - failure + ref: + - refs/tags/v* depends_on: -- code-quality -- build-and-publish + - build-and-publish steps: -- name: notify-telegram - image: appleboy/drone-telegram - settings: - token: - from_secret: telegram_bot_token - to: - from_secret: telegram_chat_id - format: markdown - message: > - {{#success build.status}} - SUCCESS **MC Panel Build Success** - {{else}} - ERROR **MC Panel Build Failed** - {{/success}} - - **Repository:** {{repo.name}} - **Branch:** {{build.branch}} - **Commit:** {{build.commit}} - **Author:** {{build.author}} - **Message:** {{build.message}} - **Build:** [#{{build.number}}]({{build.link}}) - when: - status: - - success - - failure \ No newline at end of file + - name: deploy-to-production + image: alpine:latest + environment: + PROD_HOST: + from_secret: production_host + PROD_USER: + from_secret: production_user + PROD_KEY: + from_secret: production_ssh_key + commands: + - apk add --no-cache openssh-client + - echo "Deploying to production..." + - echo "$PROD_KEY" | base64 -d > /tmp/ssh_key + - chmod 600 /tmp/ssh_key + - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG}" + when: + event: + - tag \ No newline at end of file