kind: pipeline type: docker name: code-quality trigger: event: - push - pull_request steps: - name: python-lint image: python:3.11-slim commands: - cd backend - pip install flake8 - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - name: frontend-lint image: node:20-alpine commands: - cd frontend - npm ci --silent - npm run lint || echo "ESLint warnings found" - name: python-security image: python:3.11-slim commands: - cd backend - pip install safety - safety check --file=requirements.txt --exit-zero || echo "Security warnings found" - name: frontend-security image: node:20-alpine commands: - cd frontend - npm ci --silent - npm audit --audit-level=moderate || echo "Security warnings found" --- kind: pipeline type: docker name: build-and-publish trigger: event: - push - tag branch: - main - master - develop depends_on: - code-quality steps: - name: build-and-push image: plugins/docker settings: registry: registry.nevetime.ru repo: registry.nevetime.ru/mc-panel tags: - latest - ${DRONE_COMMIT_SHA:0:8} - ${DRONE_BRANCH} auto_tag: true dockerfile: Dockerfile context: . username: from_secret: docker_username password: from_secret: docker_password build_args: - BUILD_DATE=${DRONE_BUILD_CREATED} - VCS_REF=${DRONE_COMMIT_SHA} - VERSION=${DRONE_TAG:-${DRONE_BRANCH}} when: event: - push - tag - name: verify-image image: alpine:latest commands: - echo "Image built successfully: registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}" - echo "Security scanning can be done manually with:" - echo "trivy image registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}" when: event: - push - tag depends_on: - build-and-push --- kind: pipeline type: docker name: deploy-staging trigger: event: - push branch: - develop depends_on: - build-and-publish steps: - name: deploy-to-staging image: alpine:latest environment: STAGING_HOST: from_secret: staging_host STAGING_USER: from_secret: staging_user STAGING_KEY: from_secret: staging_ssh_key commands: - apk add --no-cache openssh-client - echo "Deploying to staging..." - echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key - chmod 600 /tmp/ssh_key - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}" when: event: - push branch: - develop --- kind: pipeline type: docker name: deploy-production trigger: event: - tag ref: - refs/tags/v* depends_on: - build-and-publish steps: - name: deploy-to-production image: alpine:latest environment: PROD_HOST: from_secret: production_host PROD_USER: from_secret: production_user PROD_KEY: from_secret: production_ssh_key commands: - apk add --no-cache openssh-client - echo "Deploying to production..." - echo "$PROD_KEY" | base64 -d > /tmp/ssh_key - chmod 600 /tmp/ssh_key - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG}" when: event: - tag