fixed drone.yml

2026-01-18 19:48:21 +06:00
parent 0ed8039644
commit e4bbf50725
13 changed files with 1099 additions and 119 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -9,40 +9,133 @@ trigger:
    - pull_request

 steps:
+  # Проверка качества Python кода
  - name: python-lint
    image: python:3.11-slim
    commands:
      - cd backend
-      - pip install flake8
-      - echo "Running flake8 (critical errors only)..."
+      - pip install --no-cache-dir flake8 black isort
+      - echo "Running flake8 linting..."
      - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
-      - echo "✅ Critical checks passed"
+      - echo "Checking code formatting with black..."
+      - black --check --diff . || echo "⚠️ Code formatting issues found"
+      - echo "Checking import sorting..."
+      - isort --check-only --diff . || echo "⚠️ Import sorting issues found"
+      - echo "✅ Python checks completed"

+  # Проверка качества Frontend кода
  - name: frontend-lint
-    image: node:18-alpine
+    image: node:20-alpine
    commands:
      - cd frontend
-      - npm ci
-      - echo "Running ESLint (non-blocking)..."
+      - npm ci --silent
+      - echo "Running TypeScript compilation check..."
+      - npx tsc --noEmit || echo "⚠️ TypeScript errors found"
+      - echo "Running ESLint..."
      - npm run lint || echo "⚠️ ESLint warnings found (non-blocking)"
      - echo "✅ Frontend checks completed"

+  # Тестирование Backend
+  - name: python-tests
+    image: python:3.11-slim
+    commands:
+      - cd backend
+      - pip install --no-cache-dir -r requirements.txt pytest pytest-asyncio pytest-cov
+      - echo "Running Python tests..."
+      - python -m pytest tests/ -v --cov=. --cov-report=term-missing || echo "⚠️ Some tests failed (non-blocking)"
+      - echo "✅ Python tests completed"
+    when:
+      event:
+        - push
+        - pull_request
+
+  # Тестирование Frontend
+  - name: frontend-tests
+    image: node:20-alpine
+    commands:
+      - cd frontend
+      - npm ci --silent
+      - echo "Running frontend tests..."
+      - npm test -- --run --reporter=verbose || echo "⚠️ Some frontend tests failed (non-blocking)"
+      - echo "✅ Frontend tests completed"
+    when:
+      event:
+        - push
+        - pull_request
+
+  # Проверка безопасности Python зависимостей
  - name: python-security
    image: python:3.11-slim
    commands:
      - cd backend
-      - pip install safety
+      - pip install --no-cache-dir safety bandit
      - echo "Checking for known security vulnerabilities..."
-      - safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found (non-blocking)"
+      - safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found"
+      - echo "Running bandit security analysis..."
+      - bandit -r . -f json -o bandit-report.json || echo "⚠️ Security issues found"
      - echo "✅ Security checks completed"

+  # Проверка безопасности Frontend зависимостей
  - name: frontend-security
-    image: node:18-alpine
+    image: node:20-alpine
    commands:
      - cd frontend
-      - npm ci
+      - npm ci --silent
      - echo "Running npm audit..."
-      - npm audit --audit-level=moderate || true
+      - npm audit --audit-level=moderate || echo "⚠️ Security warnings found"
+      - echo "✅ Frontend security checks completed"
+
+---
+kind: pipeline
+type: docker
+name: build-frontend
+
+trigger:
+  event:
+    - push
+    - tag
+  branch:
+    - main
+    - master
+    - develop
+
+depends_on:
+  - code-quality
+
+steps:
+  # Сборка Frontend
+  - name: build-frontend
+    image: node:20-alpine
+    commands:
+      - cd frontend
+      - echo "Installing frontend dependencies..."
+      - npm ci --silent
+      - echo "Building frontend for production..."
+      - npm run build
+      - echo "Frontend build size:"
+      - du -sh dist/
+      - echo "✅ Frontend build completed"
+    volumes:
+      - name: frontend-dist
+        path: /drone/src/frontend/dist
+
+  # Сохранение артефактов Frontend
+  - name: save-frontend-artifacts
+    image: alpine:latest
+    commands:
+      - echo "Saving frontend build artifacts..."
+      - tar -czf frontend-dist.tar.gz -C frontend dist/
+      - ls -la frontend-dist.tar.gz
+      - echo "✅ Frontend artifacts saved"
+    volumes:
+      - name: frontend-dist
+        path: /drone/src/frontend/dist
+    depends_on:
+      - build-frontend
+
+volumes:
+  - name: frontend-dist
+    temp: {}

 ---
 kind: pipeline
@@ -60,8 +153,10 @@ trigger:

 depends_on:
  - code-quality
+  - build-frontend

 steps:
+  # Сборка и публикация полного Docker образа
  - name: build-and-push
    image: plugins/docker
    settings:
@@ -70,6 +165,7 @@ steps:
      tags:
        - latest
        - ${DRONE_COMMIT_SHA:0:8}
+        - ${DRONE_BRANCH}
      auto_tag: true
      dockerfile: Dockerfile
      context: .
@@ -80,21 +176,178 @@ steps:
      build_args:
        - BUILD_DATE=${DRONE_BUILD_CREATED}
        - VCS_REF=${DRONE_COMMIT_SHA}
-        - VERSION=1.1.0
+        - VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}}
+        - FRONTEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
+        - BACKEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
    when:
      event:
        - push
        - tag

-  - name: scan-image
-    image: aquasec/trivy
+  # Тестирование собранного образа
+  - name: test-image
+    image: docker:dind
+    volumes:
+      - name: docker-sock
+        path: /var/run/docker.sock
    commands:
-      - echo "⚠️ Image scanning skipped (requires registry authentication)"
-      - echo "To enable scanning, configure registry credentials for Trivy"
-      - echo "Image published registry.nevetime.ru/mc-panel"
+      - echo "Testing built Docker image..."
+      - docker run --rm -d --name mc-panel-test -p 8001:8000 registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
+      - sleep 30
+      - echo "Checking if application is responding..."
+      - docker exec mc-panel-test curl -f http://localhost:8000/ || echo "⚠️ Health check failed"
+      - docker stop mc-panel-test
+      - echo "✅ Image test completed"
    when:
      event:
        - push
        - tag
    depends_on:
      - build-and-push
+
+  # Сканирование образа на уязвимости
+  - name: scan-image
+    image: aquasec/trivy:latest
+    environment:
+      TRIVY_USERNAME:
+        from_secret: docker_username
+      TRIVY_PASSWORD:
+        from_secret: docker_password
+    commands:
+      - echo "Scanning image for vulnerabilities..."
+      - trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
+      - echo "Generating detailed security report..."
+      - trivy image --format json --output trivy-report.json --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} || true
+      - echo "✅ Security scan completed"
+    when:
+      event:
+        - push
+        - tag
+    depends_on:
+      - build-and-push
+
+volumes:
+  - name: docker-sock
+    host:
+      path: /var/run/docker.sock
+
+---
+kind: pipeline
+type: docker
+name: deploy-staging
+
+trigger:
+  event:
+    - push
+  branch:
+    - develop
+
+depends_on:
+  - build-and-publish
+
+steps:
+  # Деплой на staging окружение
+  - name: deploy-to-staging
+    image: alpine:latest
+    environment:
+      STAGING_HOST:
+        from_secret: staging_host
+      STAGING_USER:
+        from_secret: staging_user
+      STAGING_KEY:
+        from_secret: staging_ssh_key
+    commands:
+      - apk add --no-cache openssh-client
+      - echo "Deploying to staging environment..."
+      - echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key
+      - chmod 600 /tmp/ssh_key
+      - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} && docker-compose -f /opt/mc-panel/docker-compose.staging.yml up -d"
+      - echo "✅ Staging deployment completed"
+    when:
+      event:
+        - push
+      branch:
+        - develop
+
+---
+kind: pipeline
+type: docker
+name: deploy-production
+
+trigger:
+  event:
+    - tag
+  ref:
+    - refs/tags/v*
+
+depends_on:
+  - build-and-publish
+
+steps:
+  # Деплой на production окружение
+  - name: deploy-to-production
+    image: alpine:latest
+    environment:
+      PROD_HOST:
+        from_secret: production_host
+      PROD_USER:
+        from_secret: production_user
+      PROD_KEY:
+        from_secret: production_ssh_key
+    commands:
+      - apk add --no-cache openssh-client
+      - echo "Deploying to production environment..."
+      - echo "$PROD_KEY" | base64 -d > /tmp/ssh_key
+      - chmod 600 /tmp/ssh_key
+      - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG} && docker-compose -f /opt/mc-panel/docker-compose.prod.yml up -d"
+      - echo "✅ Production deployment completed"
+    when:
+      event:
+        - tag
+
+---
+kind: pipeline
+type: docker
+name: notify
+
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
+  status:
+    - success
+    - failure
+
+depends_on:
+  - code-quality
+  - build-frontend
+  - build-and-publish
+
+steps:
+  # Уведомления о результатах сборки
+  - name: notify-telegram
+    image: appleboy/drone-telegram
+    settings:
+      token:
+        from_secret: telegram_bot_token
+      to:
+        from_secret: telegram_chat_id
+      format: markdown
+      message: >
+        {{#success build.status}}
+        ✅ **MC Panel Build Success**
+        {{else}}
+        ❌ **MC Panel Build Failed**
+        {{/success}}
+        
+        **Repository:** {{repo.name}}
+        **Branch:** {{build.branch}}
+        **Commit:** {{build.commit}}
+        **Author:** {{build.author}}
+        **Message:** {{build.message}}
+        **Build:** [#{{build.number}}]({{build.link}})
+    when:
+      status:
+        - success
+        - failure