--- kind: pipeline type: docker name: code-quality trigger: event: - push - pull_request steps: - name: python-lint image: python:3.11-slim commands: - cd backend - pip install --no-cache-dir flake8 black isort - echo "Running flake8 linting..." - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - echo "Checking code formatting with black..." - black --check --diff . || echo "WARNING Code formatting issues found" - echo "Checking import sorting..." - isort --check-only --diff . || echo "WARNING Import sorting issues found" - echo "SUCCESS Python checks completed" - name: frontend-lint image: node:20-alpine commands: - cd frontend - npm ci --silent - echo "Running TypeScript compilation check..." - npx tsc --noEmit || echo "WARNING TypeScript errors found" - echo "Running ESLint..." - npm run lint || echo "WARNING ESLint warnings found (non-blocking)" - echo "SUCCESS Frontend checks completed" - name: python-tests image: python:3.11-slim commands: - cd backend - pip install --no-cache-dir -r requirements.txt pytest pytest-asyncio pytest-cov - echo "Running Python tests..." - python -m pytest tests/ -v --cov=. --cov-report=term-missing || echo "WARNING Some tests failed (non-blocking)" - echo "SUCCESS Python tests completed" when: event: - push - pull_request - name: frontend-tests image: node:20-alpine commands: - cd frontend - npm ci --silent - echo "Running frontend tests..." - npm test -- --run --reporter=verbose || echo "WARNING Some frontend tests failed (non-blocking)" - echo "SUCCESS Frontend tests completed" when: event: - push - pull_request - name: python-security image: python:3.11-slim commands: - cd backend - pip install --no-cache-dir safety bandit - echo "Checking for known security vulnerabilities..." - safety check --file=requirements.txt --exit-zero || echo "WARNING Security warnings found" - echo "Running bandit security analysis..." - bandit -r . -f json -o bandit-report.json || echo "WARNING Security issues found" - echo "SUCCESS Security checks completed" - name: frontend-security image: node:20-alpine commands: - cd frontend - npm ci --silent - echo "Running npm audit..." - npm audit --audit-level=moderate || echo "WARNING Security warnings found" - echo "SUCCESS Frontend security checks completed" --- kind: pipeline type: docker name: build-and-publish trigger: event: - push - tag branch: - main - master - develop depends_on: - code-quality steps: - name: build-and-push image: plugins/docker settings: registry: registry.nevetime.ru repo: registry.nevetime.ru/mc-panel tags: - latest - ${DRONE_COMMIT_SHA:0:8} - ${DRONE_BRANCH} auto_tag: true dockerfile: Dockerfile context: . username: from_secret: docker_username password: from_secret: docker_password build_args: - BUILD_DATE=${DRONE_BUILD_CREATED} - VCS_REF=${DRONE_COMMIT_SHA} - VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}} when: event: - push - tag - name: test-image image: docker:dind volumes: - name: docker-sock path: /var/run/docker.sock commands: - echo "Testing built Docker image..." - docker run --rm -d --name mc-panel-test -p 8001:8000 registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} - sleep 30 - echo "Checking if application is responding..." - docker exec mc-panel-test curl -f http://localhost:8000/ || echo "WARNING Health check failed" - docker stop mc-panel-test - echo "SUCCESS Image test completed" when: event: - push - tag depends_on: - build-and-push - name: scan-image image: aquasec/trivy:latest environment: TRIVY_USERNAME: from_secret: docker_username TRIVY_PASSWORD: from_secret: docker_password commands: - echo "Scanning image for vulnerabilities..." - trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} - echo "SUCCESS Security scan completed" when: event: - push - tag depends_on: - build-and-push volumes: - name: docker-sock host: path: /var/run/docker.sock --- kind: pipeline type: docker name: deploy-staging trigger: event: - push branch: - develop depends_on: - build-and-publish steps: - name: deploy-to-staging image: alpine:latest environment: STAGING_HOST: from_secret: staging_host STAGING_USER: from_secret: staging_user STAGING_KEY: from_secret: staging_ssh_key commands: - apk add --no-cache openssh-client - echo "Deploying to staging environment..." - echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key - chmod 600 /tmp/ssh_key - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} && docker-compose -f /opt/mc-panel/docker-compose.staging.yml up -d" - echo "SUCCESS Staging deployment completed" when: event: - push branch: - develop --- kind: pipeline type: docker name: deploy-production trigger: event: - tag ref: - refs/tags/v* depends_on: - build-and-publish steps: - name: deploy-to-production image: alpine:latest environment: PROD_HOST: from_secret: production_host PROD_USER: from_secret: production_user PROD_KEY: from_secret: production_ssh_key commands: - apk add --no-cache openssh-client - echo "Deploying to production environment..." - echo "$PROD_KEY" | base64 -d > /tmp/ssh_key - chmod 600 /tmp/ssh_key - ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG} && docker-compose -f /opt/mc-panel/docker-compose.prod.yml up -d" - echo "SUCCESS Production deployment completed" when: event: - tag --- kind: pipeline type: docker name: notify trigger: event: - push - tag - pull_request status: - success - failure depends_on: - code-quality - build-and-publish steps: - name: notify-telegram image: appleboy/drone-telegram settings: token: from_secret: telegram_bot_token to: from_secret: telegram_chat_id format: markdown message: > {{#success build.status}} SUCCESS **MC Panel Build Success** {{else}} ERROR **MC Panel Build Failed** {{/success}} **Repository:** {{repo.name}} **Branch:** {{build.branch}} **Commit:** {{build.commit}} **Author:** {{build.author}} **Message:** {{build.message}} **Build:** [#{{build.number}}]({{build.link}}) when: status: - success - failure