---
kind: pipeline
type: docker
name: code-quality

# Триггеры для пайплайна проверки качества
trigger:
  event:
    - push
    - pull_request

steps:
  # Проверка качества Python кода (только критические ошибки)
  - name: python-lint
    image: python:3.11-slim
    commands:
      - cd backend
      - pip install flake8
      - echo "Running flake8 (critical errors only)..."
      - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
      - echo "✅ Critical checks passed"

  # Проверка качества JavaScript/React кода (опционально)
  - name: frontend-lint
    image: node:18-alpine
    commands:
      - cd frontend
      - npm ci
      - echo "Running ESLint (non-blocking)..."
      - npm run lint || echo "⚠️ ESLint warnings found (non-blocking)"
      - echo "✅ Frontend checks completed"

  # Проверка безопасности зависимостей Python (опционально)
  - name: python-security
    image: python:3.11-slim
    commands:
      - cd backend
      - pip install safety
      - echo "Checking for known security vulnerabilities..."
      - safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found (non-blocking)"
      - echo "✅ Security checks completed"

  # Проверка безопасности зависимостей Node.js
  - name: frontend-security
    image: node:18-alpine
    commands:
      - cd frontend
      - npm ci
      - echo "Running npm audit..."
      - npm audit --audit-level=moderate || true

---
kind: pipeline
type: docker
name: build-and-publish

# Триггеры для пайплайна сборки
trigger:
  event:
    - push
    - tag
  branch:
    - main
    - master
    - develop

# Зависимость от пайплайна проверки качества
depends_on:
  - code-quality

steps:
  # Сборка и публикация Docker образа
  - name: build-and-push
    image: plugins/docker
    settings:
      # Настройки реестра
      registry: registry.nevetime.ru
      repo: registry.nevetime.ru/mc-panel
      
      # Теги для образа
      tags:
        - latest
        - ${DRONE_COMMIT_SHA:0:8}
        - ${DRONE_BRANCH}
      
      # Автоматическое тегирование при push тега
      auto_tag: true
      auto_tag_suffix: ${DRONE_BUILD_NUMBER}
      
      # Dockerfile
      dockerfile: Dockerfile
      context: .
      
      # Учетные данные (настройте в Drone secrets)
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
      
      # Build args (опционально)
      build_args:
        - BUILD_DATE=${DRONE_BUILD_CREATED}
        - VCS_REF=${DRONE_COMMIT_SHA}
        - VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
    
    when:
      event:
        - push
        - tag

  # Сканирование образа на уязвимости (с авторизацией)
  - name: scan-image
    image: aquasec/trivy
    environment:
      TRIVY_USERNAME:
        from_secret: docker_username
      TRIVY_PASSWORD:
        from_secret: docker_password
    commands:
      - echo "Scanning image for vulnerabilities..."
      - trivy image --exit-code 0 --severity HIGH,CRITICAL --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
      - echo "✅ Security scan completed"
    when:
      event:
        - push
        - tag
    depends_on:
      - build-and-push