diff --git a/.drone.yml b/.drone.yml index 9b3c055..f4a9a60 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,83 +1,82 @@ ---- kind: pipeline type: docker name: code-quality trigger: event: + - push + - pull_request + +steps: +- name: python-lint + image: python:3.11-slim + commands: + - cd backend + - pip install --no-cache-dir flake8 black isort + - echo "Running flake8 linting..." + - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + - echo "Checking code formatting with black..." + - black --check --diff . || echo "WARNING Code formatting issues found" + - echo "Checking import sorting..." + - isort --check-only --diff . || echo "WARNING Import sorting issues found" + - echo "SUCCESS Python checks completed" + +- name: frontend-lint + image: node:20-alpine + commands: + - cd frontend + - npm ci --silent + - echo "Running TypeScript compilation check..." + - npx tsc --noEmit || echo "WARNING TypeScript errors found" + - echo "Running ESLint..." + - npm run lint || echo "WARNING ESLint warnings found (non-blocking)" + - echo "SUCCESS Frontend checks completed" + +- name: python-tests + image: python:3.11-slim + commands: + - cd backend + - pip install --no-cache-dir -r requirements.txt pytest pytest-asyncio pytest-cov + - echo "Running Python tests..." + - python -m pytest tests/ -v --cov=. --cov-report=term-missing || echo "WARNING Some tests failed (non-blocking)" + - echo "SUCCESS Python tests completed" + when: + event: - push - pull_request -steps: - - name: python-lint - image: python:3.11-slim - commands: - - cd backend - - pip install --no-cache-dir flake8 black isort - - echo "Running flake8 linting..." - - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - - echo "Checking code formatting with black..." - - black --check --diff . || echo "WARNING Code formatting issues found" - - echo "Checking import sorting..." - - isort --check-only --diff . || echo "WARNING Import sorting issues found" - - echo "SUCCESS Python checks completed" +- name: frontend-tests + image: node:20-alpine + commands: + - cd frontend + - npm ci --silent + - echo "Running frontend tests..." + - npm test -- --run --reporter=verbose || echo "WARNING Some frontend tests failed (non-blocking)" + - echo "SUCCESS Frontend tests completed" + when: + event: + - push + - pull_request - - name: frontend-lint - image: node:20-alpine - commands: - - cd frontend - - npm ci --silent - - echo "Running TypeScript compilation check..." - - npx tsc --noEmit || echo "WARNING TypeScript errors found" - - echo "Running ESLint..." - - npm run lint || echo "WARNING ESLint warnings found (non-blocking)" - - echo "SUCCESS Frontend checks completed" +- name: python-security + image: python:3.11-slim + commands: + - cd backend + - pip install --no-cache-dir safety bandit + - echo "Checking for known security vulnerabilities..." + - safety check --file=requirements.txt --exit-zero || echo "WARNING Security warnings found" + - echo "Running bandit security analysis..." + - bandit -r . -f json -o bandit-report.json || echo "WARNING Security issues found" + - echo "SUCCESS Security checks completed" - - name: python-tests - image: python:3.11-slim - commands: - - cd backend - - pip install --no-cache-dir -r requirements.txt pytest pytest-asyncio pytest-cov - - echo "Running Python tests..." - - python -m pytest tests/ -v --cov=. --cov-report=term-missing || echo "WARNING Some tests failed (non-blocking)" - - echo "SUCCESS Python tests completed" - when: - event: - - push - - pull_request - - - name: frontend-tests - image: node:20-alpine - commands: - - cd frontend - - npm ci --silent - - echo "Running frontend tests..." - - npm test -- --run --reporter=verbose || echo "WARNING Some frontend tests failed (non-blocking)" - - echo "SUCCESS Frontend tests completed" - when: - event: - - push - - pull_request - - - name: python-security - image: python:3.11-slim - commands: - - cd backend - - pip install --no-cache-dir safety bandit - - echo "Checking for known security vulnerabilities..." - - safety check --file=requirements.txt --exit-zero || echo "WARNING Security warnings found" - - echo "Running bandit security analysis..." - - bandit -r . -f json -o bandit-report.json || echo "WARNING Security issues found" - - echo "SUCCESS Security checks completed" - - - name: frontend-security - image: node:20-alpine - commands: - - cd frontend - - npm ci --silent - - echo "Running npm audit..." - - npm audit --audit-level=moderate || echo "WARNING Security warnings found" - - echo "SUCCESS Frontend security checks completed" +- name: frontend-security + image: node:20-alpine + commands: + - cd frontend + - npm ci --silent + - echo "Running npm audit..." + - npm audit --audit-level=moderate || echo "WARNING Security warnings found" + - echo "SUCCESS Frontend security checks completed" --- kind: pipeline @@ -86,84 +85,84 @@ name: build-and-publish trigger: event: - - push - - tag + - push + - tag branch: - - main - - master - - develop + - main + - master + - develop depends_on: - - code-quality +- code-quality steps: - - name: build-and-push - image: plugins/docker - settings: - registry: registry.nevetime.ru - repo: registry.nevetime.ru/mc-panel - tags: - - latest - - ${DRONE_COMMIT_SHA:0:8} - - ${DRONE_BRANCH} - auto_tag: true - dockerfile: Dockerfile - context: . - username: - from_secret: docker_username - password: - from_secret: docker_password - build_args: - - BUILD_DATE=${DRONE_BUILD_CREATED} - - VCS_REF=${DRONE_COMMIT_SHA} - - VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}} - when: - event: - - push - - tag +- name: build-and-push + image: plugins/docker + settings: + registry: registry.nevetime.ru + repo: registry.nevetime.ru/mc-panel + tags: + - latest + - ${DRONE_COMMIT_SHA:0:8} + - ${DRONE_BRANCH} + auto_tag: true + dockerfile: Dockerfile + context: . + username: + from_secret: docker_username + password: + from_secret: docker_password + build_args: + - BUILD_DATE=${DRONE_BUILD_CREATED} + - VCS_REF=${DRONE_COMMIT_SHA} + - VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}} + when: + event: + - push + - tag - - name: test-image - image: docker:dind - volumes: - - name: docker-sock - path: /var/run/docker.sock - commands: - - echo "Testing built Docker image..." - - docker run --rm -d --name mc-panel-test -p 8001:8000 registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} - - sleep 30 - - echo "Checking if application is responding..." - - docker exec mc-panel-test curl -f http://localhost:8000/ || echo "WARNING Health check failed" - - docker stop mc-panel-test - - echo "SUCCESS Image test completed" - when: - event: - - push - - tag - depends_on: - - build-and-push +- name: test-image + image: docker:dind + volumes: + - name: docker-sock + path: /var/run/docker.sock + commands: + - echo "Testing built Docker image..." + - docker run --rm -d --name mc-panel-test -p 8001:8000 registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} + - sleep 30 + - echo "Checking if application is responding..." + - docker exec mc-panel-test curl -f http://localhost:8000/ || echo "WARNING Health check failed" + - docker stop mc-panel-test + - echo "SUCCESS Image test completed" + when: + event: + - push + - tag + depends_on: + - build-and-push - - name: scan-image - image: aquasec/trivy:latest - environment: - TRIVY_USERNAME: - from_secret: docker_username - TRIVY_PASSWORD: - from_secret: docker_password - commands: - - echo "Scanning image for vulnerabilities..." - - trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} - - echo "SUCCESS Security scan completed" - when: - event: - - push - - tag - depends_on: - - build-and-push +- name: scan-image + image: aquasec/trivy:latest + environment: + TRIVY_USERNAME: + from_secret: docker_username + TRIVY_PASSWORD: + from_secret: docker_password + commands: + - echo "Scanning image for vulnerabilities..." + - trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} + - echo "SUCCESS Security scan completed" + when: + event: + - push + - tag + depends_on: + - build-and-push volumes: - - name: docker-sock - host: - path: /var/run/docker.sock +- name: docker-sock + host: + path: /var/run/docker.sock --- kind: pipeline @@ -172,35 +171,35 @@ name: deploy-staging trigger: event: - - push + - push branch: - - develop + - develop depends_on: - - build-and-publish +- build-and-publish steps: - - name: deploy-to-staging - image: alpine:latest - environment: - STAGING_HOST: - from_secret: staging_host - STAGING_USER: - from_secret: staging_user - STAGING_KEY: - from_secret: staging_ssh_key - commands: - - apk add --no-cache openssh-client - - echo "Deploying to staging environment..." - - echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key - - chmod 600 /tmp/ssh_key - - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} && docker-compose -f /opt/mc-panel/docker-compose.staging.yml up -d" - - echo "SUCCESS Staging deployment completed" - when: - event: - - push - branch: - - develop +- name: deploy-to-staging + image: alpine:latest + environment: + STAGING_HOST: + from_secret: staging_host + STAGING_USER: + from_secret: staging_user + STAGING_KEY: + from_secret: staging_ssh_key + commands: + - apk add --no-cache openssh-client + - echo "Deploying to staging environment..." + - echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key + - chmod 600 /tmp/ssh_key + - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} && docker-compose -f /opt/mc-panel/docker-compose.staging.yml up -d" + - echo "SUCCESS Staging deployment completed" + when: + event: + - push + branch: + - develop --- kind: pipeline @@ -209,33 +208,33 @@ name: deploy-production trigger: event: - - tag + - tag ref: - - refs/tags/v* + - refs/tags/v* depends_on: - - build-and-publish +- build-and-publish steps: - - name: deploy-to-production - image: alpine:latest - environment: - PROD_HOST: - from_secret: production_host - PROD_USER: - from_secret: production_user - PROD_KEY: - from_secret: production_ssh_key - commands: - - apk add --no-cache openssh-client - - echo "Deploying to production environment..." - - echo "$PROD_KEY" | base64 -d > /tmp/ssh_key - - chmod 600 /tmp/ssh_key - - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG} && docker-compose -f /opt/mc-panel/docker-compose.prod.yml up -d" - - echo "SUCCESS Production deployment completed" - when: - event: - - tag +- name: deploy-to-production + image: alpine:latest + environment: + PROD_HOST: + from_secret: production_host + PROD_USER: + from_secret: production_user + PROD_KEY: + from_secret: production_ssh_key + commands: + - apk add --no-cache openssh-client + - echo "Deploying to production environment..." + - echo "$PROD_KEY" | base64 -d > /tmp/ssh_key + - chmod 600 /tmp/ssh_key + - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG} && docker-compose -f /opt/mc-panel/docker-compose.prod.yml up -d" + - echo "SUCCESS Production deployment completed" + when: + event: + - tag --- kind: pipeline @@ -244,40 +243,40 @@ name: notify trigger: event: - - push - - tag - - pull_request + - push + - tag + - pull_request status: - - success - - failure + - success + - failure depends_on: - - code-quality - - build-and-publish +- code-quality +- build-and-publish steps: - - name: notify-telegram - image: appleboy/drone-telegram - settings: - token: - from_secret: telegram_bot_token - to: - from_secret: telegram_chat_id - format: markdown - message: > - {{#success build.status}} - SUCCESS **MC Panel Build Success** - {{else}} - ERROR **MC Panel Build Failed** - {{/success}} - - **Repository:** {{repo.name}} - **Branch:** {{build.branch}} - **Commit:** {{build.commit}} - **Author:** {{build.author}} - **Message:** {{build.message}} - **Build:** [#{{build.number}}]({{build.link}}) - when: - status: - - success - - failure \ No newline at end of file +- name: notify-telegram + image: appleboy/drone-telegram + settings: + token: + from_secret: telegram_bot_token + to: + from_secret: telegram_chat_id + format: markdown + message: > + {{#success build.status}} + SUCCESS **MC Panel Build Success** + {{else}} + ERROR **MC Panel Build Failed** + {{/success}} + + **Repository:** {{repo.name}} + **Branch:** {{build.branch}} + **Commit:** {{build.commit}} + **Author:** {{build.author}} + **Message:** {{build.message}} + **Build:** [#{{build.number}}]({{build.link}}) + when: + status: + - success + - failure \ No newline at end of file