fixed drone.yml
Some checks failed
continuous-integration/drone/push Build encountered an error

This commit is contained in:
2026-01-18 19:48:21 +06:00
parent 0ed8039644
commit e4bbf50725
13 changed files with 1099 additions and 119 deletions

View File

@@ -9,40 +9,133 @@ trigger:
- pull_request
steps:
# Проверка качества Python кода
- name: python-lint
image: python:3.11-slim
commands:
- cd backend
- pip install flake8
- echo "Running flake8 (critical errors only)..."
- pip install --no-cache-dir flake8 black isort
- echo "Running flake8 linting..."
- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
- echo "✅ Critical checks passed"
- echo "Checking code formatting with black..."
- black --check --diff . || echo "⚠️ Code formatting issues found"
- echo "Checking import sorting..."
- isort --check-only --diff . || echo "⚠️ Import sorting issues found"
- echo "✅ Python checks completed"
# Проверка качества Frontend кода
- name: frontend-lint
image: node:18-alpine
image: node:20-alpine
commands:
- cd frontend
- npm ci
- echo "Running ESLint (non-blocking)..."
- npm ci --silent
- echo "Running TypeScript compilation check..."
- npx tsc --noEmit || echo "⚠️ TypeScript errors found"
- echo "Running ESLint..."
- npm run lint || echo "⚠️ ESLint warnings found (non-blocking)"
- echo "✅ Frontend checks completed"
# Тестирование Backend
- name: python-tests
image: python:3.11-slim
commands:
- cd backend
- pip install --no-cache-dir -r requirements.txt pytest pytest-asyncio pytest-cov
- echo "Running Python tests..."
- python -m pytest tests/ -v --cov=. --cov-report=term-missing || echo "⚠️ Some tests failed (non-blocking)"
- echo "✅ Python tests completed"
when:
event:
- push
- pull_request
# Тестирование Frontend
- name: frontend-tests
image: node:20-alpine
commands:
- cd frontend
- npm ci --silent
- echo "Running frontend tests..."
- npm test -- --run --reporter=verbose || echo "⚠️ Some frontend tests failed (non-blocking)"
- echo "✅ Frontend tests completed"
when:
event:
- push
- pull_request
# Проверка безопасности Python зависимостей
- name: python-security
image: python:3.11-slim
commands:
- cd backend
- pip install safety
- pip install --no-cache-dir safety bandit
- echo "Checking for known security vulnerabilities..."
- safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found (non-blocking)"
- safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found"
- echo "Running bandit security analysis..."
- bandit -r . -f json -o bandit-report.json || echo "⚠️ Security issues found"
- echo "✅ Security checks completed"
# Проверка безопасности Frontend зависимостей
- name: frontend-security
image: node:18-alpine
image: node:20-alpine
commands:
- cd frontend
- npm ci
- npm ci --silent
- echo "Running npm audit..."
- npm audit --audit-level=moderate || true
- npm audit --audit-level=moderate || echo "⚠️ Security warnings found"
- echo "✅ Frontend security checks completed"
---
kind: pipeline
type: docker
name: build-frontend
trigger:
event:
- push
- tag
branch:
- main
- master
- develop
depends_on:
- code-quality
steps:
# Сборка Frontend
- name: build-frontend
image: node:20-alpine
commands:
- cd frontend
- echo "Installing frontend dependencies..."
- npm ci --silent
- echo "Building frontend for production..."
- npm run build
- echo "Frontend build size:"
- du -sh dist/
- echo "✅ Frontend build completed"
volumes:
- name: frontend-dist
path: /drone/src/frontend/dist
# Сохранение артефактов Frontend
- name: save-frontend-artifacts
image: alpine:latest
commands:
- echo "Saving frontend build artifacts..."
- tar -czf frontend-dist.tar.gz -C frontend dist/
- ls -la frontend-dist.tar.gz
- echo "✅ Frontend artifacts saved"
volumes:
- name: frontend-dist
path: /drone/src/frontend/dist
depends_on:
- build-frontend
volumes:
- name: frontend-dist
temp: {}
---
kind: pipeline
@@ -60,8 +153,10 @@ trigger:
depends_on:
- code-quality
- build-frontend
steps:
# Сборка и публикация полного Docker образа
- name: build-and-push
image: plugins/docker
settings:
@@ -70,6 +165,7 @@ steps:
tags:
- latest
- ${DRONE_COMMIT_SHA:0:8}
- ${DRONE_BRANCH}
auto_tag: true
dockerfile: Dockerfile
context: .
@@ -80,21 +176,178 @@ steps:
build_args:
- BUILD_DATE=${DRONE_BUILD_CREATED}
- VCS_REF=${DRONE_COMMIT_SHA}
- VERSION=1.1.0
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}}
- FRONTEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
- BACKEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
when:
event:
- push
- tag
- name: scan-image
image: aquasec/trivy
# Тестирование собранного образа
- name: test-image
image: docker:dind
volumes:
- name: docker-sock
path: /var/run/docker.sock
commands:
- echo "⚠️ Image scanning skipped (requires registry authentication)"
- echo "To enable scanning, configure registry credentials for Trivy"
- echo "Image published registry.nevetime.ru/mc-panel"
- echo "Testing built Docker image..."
- docker run --rm -d --name mc-panel-test -p 8001:8000 registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
- sleep 30
- echo "Checking if application is responding..."
- docker exec mc-panel-test curl -f http://localhost:8000/ || echo "⚠️ Health check failed"
- docker stop mc-panel-test
- echo "✅ Image test completed"
when:
event:
- push
- tag
depends_on:
- build-and-push
# Сканирование образа на уязвимости
- name: scan-image
image: aquasec/trivy:latest
environment:
TRIVY_USERNAME:
from_secret: docker_username
TRIVY_PASSWORD:
from_secret: docker_password
commands:
- echo "Scanning image for vulnerabilities..."
- trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
- echo "Generating detailed security report..."
- trivy image --format json --output trivy-report.json --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} || true
- echo "✅ Security scan completed"
when:
event:
- push
- tag
depends_on:
- build-and-push
volumes:
- name: docker-sock
host:
path: /var/run/docker.sock
---
kind: pipeline
type: docker
name: deploy-staging
trigger:
event:
- push
branch:
- develop
depends_on:
- build-and-publish
steps:
# Деплой на staging окружение
- name: deploy-to-staging
image: alpine:latest
environment:
STAGING_HOST:
from_secret: staging_host
STAGING_USER:
from_secret: staging_user
STAGING_KEY:
from_secret: staging_ssh_key
commands:
- apk add --no-cache openssh-client
- echo "Deploying to staging environment..."
- echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key
- chmod 600 /tmp/ssh_key
- ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} && docker-compose -f /opt/mc-panel/docker-compose.staging.yml up -d"
- echo "✅ Staging deployment completed"
when:
event:
- push
branch:
- develop
---
kind: pipeline
type: docker
name: deploy-production
trigger:
event:
- tag
ref:
- refs/tags/v*
depends_on:
- build-and-publish
steps:
# Деплой на production окружение
- name: deploy-to-production
image: alpine:latest
environment:
PROD_HOST:
from_secret: production_host
PROD_USER:
from_secret: production_user
PROD_KEY:
from_secret: production_ssh_key
commands:
- apk add --no-cache openssh-client
- echo "Deploying to production environment..."
- echo "$PROD_KEY" | base64 -d > /tmp/ssh_key
- chmod 600 /tmp/ssh_key
- ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG} && docker-compose -f /opt/mc-panel/docker-compose.prod.yml up -d"
- echo "✅ Production deployment completed"
when:
event:
- tag
---
kind: pipeline
type: docker
name: notify
trigger:
event:
- push
- tag
- pull_request
status:
- success
- failure
depends_on:
- code-quality
- build-frontend
- build-and-publish
steps:
# Уведомления о результатах сборки
- name: notify-telegram
image: appleboy/drone-telegram
settings:
token:
from_secret: telegram_bot_token
to:
from_secret: telegram_chat_id
format: markdown
message: >
{{#success build.status}}
✅ **MC Panel Build Success**
{{else}}
❌ **MC Panel Build Failed**
{{/success}}
**Repository:** {{repo.name}}
**Branch:** {{build.branch}}
**Commit:** {{build.commit}}
**Author:** {{build.author}}
**Message:** {{build.message}}
**Build:** [#{{build.number}}]({{build.link}})
when:
status:
- success
- failure