--- kind: pipeline type: docker name: code-quality trigger: event: - push - pull_request steps: - name: python-lint image: python:3.11-slim commands: - cd backend - pip install flake8 - echo "Running flake8 (critical errors only)..." - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - echo "✅ Critical checks passed" - name: frontend-lint image: node:18-alpine commands: - cd frontend - npm ci - echo "Running ESLint (non-blocking)..." - npm run lint || echo "⚠️ ESLint warnings found (non-blocking)" - echo "✅ Frontend checks completed" - name: python-security image: python:3.11-slim commands: - cd backend - pip install safety - echo "Checking for known security vulnerabilities..." - safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found (non-blocking)" - echo "✅ Security checks completed" - name: frontend-security image: node:18-alpine commands: - cd frontend - npm ci - echo "Running npm audit..." - npm audit --audit-level=moderate || true --- kind: pipeline type: docker name: build-and-publish trigger: event: - push - tag branch: - main - master - develop depends_on: - code-quality steps: - name: build-and-push image: plugins/docker settings: registry: registry.nevetime.ru repo: registry.nevetime.ru/mc-panel tags: - latest - ${DRONE_COMMIT_SHA:0:8} auto_tag: true dockerfile: Dockerfile context: . username: from_secret: docker_username password: from_secret: docker_password build_args: - BUILD_DATE=${DRONE_BUILD_CREATED} - VCS_REF=${DRONE_COMMIT_SHA} - VERSION=1.1.0 when: event: - push - tag - name: scan-image image: aquasec/trivy commands: - echo "⚠️ Image scanning skipped (requires registry authentication)" - echo "To enable scanning, configure registry credentials for Trivy" - echo "Image published registry.nevetime.ru/mc-panel" when: event: - push - tag depends_on: - build-and-push