This commit is contained in:
70
.drone.yml
70
.drone.yml
@@ -9,7 +9,6 @@ trigger:
|
|||||||
- pull_request
|
- pull_request
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
# Проверка качества Python кода
|
|
||||||
- name: python-lint
|
- name: python-lint
|
||||||
image: python:3.11-slim
|
image: python:3.11-slim
|
||||||
commands:
|
commands:
|
||||||
@@ -23,7 +22,6 @@ steps:
|
|||||||
- isort --check-only --diff . || echo "WARNING Import sorting issues found"
|
- isort --check-only --diff . || echo "WARNING Import sorting issues found"
|
||||||
- echo "SUCCESS Python checks completed"
|
- echo "SUCCESS Python checks completed"
|
||||||
|
|
||||||
# Проверка качества Frontend кода
|
|
||||||
- name: frontend-lint
|
- name: frontend-lint
|
||||||
image: node:20-alpine
|
image: node:20-alpine
|
||||||
commands:
|
commands:
|
||||||
@@ -35,7 +33,6 @@ steps:
|
|||||||
- npm run lint || echo "WARNING ESLint warnings found (non-blocking)"
|
- npm run lint || echo "WARNING ESLint warnings found (non-blocking)"
|
||||||
- echo "SUCCESS Frontend checks completed"
|
- echo "SUCCESS Frontend checks completed"
|
||||||
|
|
||||||
# Тестирование Backend
|
|
||||||
- name: python-tests
|
- name: python-tests
|
||||||
image: python:3.11-slim
|
image: python:3.11-slim
|
||||||
commands:
|
commands:
|
||||||
@@ -49,7 +46,6 @@ steps:
|
|||||||
- push
|
- push
|
||||||
- pull_request
|
- pull_request
|
||||||
|
|
||||||
# Тестирование Frontend
|
|
||||||
- name: frontend-tests
|
- name: frontend-tests
|
||||||
image: node:20-alpine
|
image: node:20-alpine
|
||||||
commands:
|
commands:
|
||||||
@@ -63,7 +59,6 @@ steps:
|
|||||||
- push
|
- push
|
||||||
- pull_request
|
- pull_request
|
||||||
|
|
||||||
# Проверка безопасности Python зависимостей
|
|
||||||
- name: python-security
|
- name: python-security
|
||||||
image: python:3.11-slim
|
image: python:3.11-slim
|
||||||
commands:
|
commands:
|
||||||
@@ -75,7 +70,6 @@ steps:
|
|||||||
- bandit -r . -f json -o bandit-report.json || echo "WARNING Security issues found"
|
- bandit -r . -f json -o bandit-report.json || echo "WARNING Security issues found"
|
||||||
- echo "SUCCESS Security checks completed"
|
- echo "SUCCESS Security checks completed"
|
||||||
|
|
||||||
# Проверка безопасности Frontend зависимостей
|
|
||||||
- name: frontend-security
|
- name: frontend-security
|
||||||
image: node:20-alpine
|
image: node:20-alpine
|
||||||
commands:
|
commands:
|
||||||
@@ -85,58 +79,6 @@ steps:
|
|||||||
- npm audit --audit-level=moderate || echo "WARNING Security warnings found"
|
- npm audit --audit-level=moderate || echo "WARNING Security warnings found"
|
||||||
- echo "SUCCESS Frontend security checks completed"
|
- echo "SUCCESS Frontend security checks completed"
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: docker
|
|
||||||
name: build-frontend
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
event:
|
|
||||||
- push
|
|
||||||
- tag
|
|
||||||
branch:
|
|
||||||
- main
|
|
||||||
- master
|
|
||||||
- develop
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- code-quality
|
|
||||||
|
|
||||||
steps:
|
|
||||||
# Сборка Frontend
|
|
||||||
- name: build-frontend
|
|
||||||
image: node:20-alpine
|
|
||||||
commands:
|
|
||||||
- cd frontend
|
|
||||||
- echo "Installing frontend dependencies..."
|
|
||||||
- npm ci --silent
|
|
||||||
- echo "Building frontend for production..."
|
|
||||||
- npm run build
|
|
||||||
- echo "Frontend build size:"
|
|
||||||
- du -sh dist/
|
|
||||||
- echo "SUCCESS Frontend build completed"
|
|
||||||
volumes:
|
|
||||||
- name: frontend-dist
|
|
||||||
path: /drone/src/frontend/dist
|
|
||||||
|
|
||||||
# Сохранение артефактов Frontend
|
|
||||||
- name: save-frontend-artifacts
|
|
||||||
image: alpine:latest
|
|
||||||
commands:
|
|
||||||
- echo "Saving frontend build artifacts..."
|
|
||||||
- tar -czf frontend-dist.tar.gz -C frontend dist/
|
|
||||||
- ls -la frontend-dist.tar.gz
|
|
||||||
- echo "SUCCESS Frontend artifacts saved"
|
|
||||||
volumes:
|
|
||||||
- name: frontend-dist
|
|
||||||
path: /drone/src/frontend/dist
|
|
||||||
depends_on:
|
|
||||||
- build-frontend
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- name: frontend-dist
|
|
||||||
temp: {}
|
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
type: docker
|
type: docker
|
||||||
@@ -153,10 +95,8 @@ trigger:
|
|||||||
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- code-quality
|
- code-quality
|
||||||
- build-frontend
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
# Сборка и публикация полного Docker образа
|
|
||||||
- name: build-and-push
|
- name: build-and-push
|
||||||
image: plugins/docker
|
image: plugins/docker
|
||||||
settings:
|
settings:
|
||||||
@@ -177,14 +117,11 @@ steps:
|
|||||||
- BUILD_DATE=${DRONE_BUILD_CREATED}
|
- BUILD_DATE=${DRONE_BUILD_CREATED}
|
||||||
- VCS_REF=${DRONE_COMMIT_SHA}
|
- VCS_REF=${DRONE_COMMIT_SHA}
|
||||||
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}}
|
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}}
|
||||||
- FRONTEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
|
|
||||||
- BACKEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
|
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- push
|
- push
|
||||||
- tag
|
- tag
|
||||||
|
|
||||||
# Тестирование собранного образа
|
|
||||||
- name: test-image
|
- name: test-image
|
||||||
image: docker:dind
|
image: docker:dind
|
||||||
volumes:
|
volumes:
|
||||||
@@ -205,7 +142,6 @@ steps:
|
|||||||
depends_on:
|
depends_on:
|
||||||
- build-and-push
|
- build-and-push
|
||||||
|
|
||||||
# Сканирование образа на уязвимости
|
|
||||||
- name: scan-image
|
- name: scan-image
|
||||||
image: aquasec/trivy:latest
|
image: aquasec/trivy:latest
|
||||||
environment:
|
environment:
|
||||||
@@ -216,8 +152,6 @@ steps:
|
|||||||
commands:
|
commands:
|
||||||
- echo "Scanning image for vulnerabilities..."
|
- echo "Scanning image for vulnerabilities..."
|
||||||
- trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
|
- trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
|
||||||
- echo "Generating detailed security report..."
|
|
||||||
- trivy image --format json --output trivy-report.json --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} || true
|
|
||||||
- echo "SUCCESS Security scan completed"
|
- echo "SUCCESS Security scan completed"
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
@@ -246,7 +180,6 @@ depends_on:
|
|||||||
- build-and-publish
|
- build-and-publish
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
# Деплой на staging окружение
|
|
||||||
- name: deploy-to-staging
|
- name: deploy-to-staging
|
||||||
image: alpine:latest
|
image: alpine:latest
|
||||||
environment:
|
environment:
|
||||||
@@ -284,7 +217,6 @@ depends_on:
|
|||||||
- build-and-publish
|
- build-and-publish
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
# Деплой на production окружение
|
|
||||||
- name: deploy-to-production
|
- name: deploy-to-production
|
||||||
image: alpine:latest
|
image: alpine:latest
|
||||||
environment:
|
environment:
|
||||||
@@ -321,11 +253,9 @@ trigger:
|
|||||||
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- code-quality
|
- code-quality
|
||||||
- build-frontend
|
|
||||||
- build-and-publish
|
- build-and-publish
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
# Уведомления о результатах сборки
|
|
||||||
- name: notify-telegram
|
- name: notify-telegram
|
||||||
image: appleboy/drone-telegram
|
image: appleboy/drone-telegram
|
||||||
settings:
|
settings:
|
||||||
|
|||||||
Reference in New Issue
Block a user