131 lines
3.6 KiB
YAML
131 lines
3.6 KiB
YAML
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: code-quality
|
|
|
|
# Триггеры для пайплайна проверки качества
|
|
trigger:
|
|
event:
|
|
- push
|
|
- pull_request
|
|
|
|
steps:
|
|
# Проверка качества Python кода
|
|
- name: python-lint
|
|
image: python:3.11-slim
|
|
commands:
|
|
- cd backend
|
|
- pip install flake8 pylint black isort
|
|
- echo "Running flake8..."
|
|
- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
|
|
- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
|
|
- echo "Running pylint..."
|
|
- pylint **/*.py --exit-zero --max-line-length=127
|
|
- echo "Checking code formatting with black..."
|
|
- black --check --diff .
|
|
- echo "Checking imports with isort..."
|
|
- isort --check-only --diff .
|
|
|
|
# Проверка качества JavaScript/React кода
|
|
- name: frontend-lint
|
|
image: node:18-alpine
|
|
commands:
|
|
- cd frontend
|
|
- npm ci
|
|
- echo "Running ESLint..."
|
|
- npm run lint || true
|
|
- echo "Checking code formatting..."
|
|
- npx prettier --check "src/**/*.{js,jsx,ts,tsx,json,css,md}" || true
|
|
|
|
# Проверка безопасности зависимостей Python
|
|
- name: python-security
|
|
image: python:3.11-slim
|
|
commands:
|
|
- cd backend
|
|
- pip install safety bandit
|
|
- echo "Checking for known security vulnerabilities..."
|
|
- safety check --file=requirements.txt --exit-zero
|
|
- echo "Running bandit security linter..."
|
|
- bandit -r . -f json -o bandit-report.json --exit-zero || true
|
|
- bandit -r . --exit-zero
|
|
|
|
# Проверка безопасности зависимостей Node.js
|
|
- name: frontend-security
|
|
image: node:18-alpine
|
|
commands:
|
|
- cd frontend
|
|
- npm ci
|
|
- echo "Running npm audit..."
|
|
- npm audit --audit-level=moderate || true
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: build-and-publish
|
|
|
|
# Триггеры для пайплайна сборки
|
|
trigger:
|
|
event:
|
|
- push
|
|
- tag
|
|
branch:
|
|
- main
|
|
- master
|
|
- develop
|
|
|
|
# Зависимость от пайплайна проверки качества
|
|
depends_on:
|
|
- code-quality
|
|
|
|
steps:
|
|
# Сборка и публикация Docker образа
|
|
- name: build-and-push
|
|
image: plugins/docker
|
|
settings:
|
|
# Настройки реестра (замените на свои)
|
|
registry: registry.example.com
|
|
repo: registry.example.com/mc-panel
|
|
|
|
# Теги для образа
|
|
tags:
|
|
- latest
|
|
- ${DRONE_COMMIT_SHA:0:8}
|
|
- ${DRONE_BRANCH}
|
|
|
|
# Автоматическое тегирование при push тега
|
|
auto_tag: true
|
|
auto_tag_suffix: ${DRONE_BUILD_NUMBER}
|
|
|
|
# Dockerfile
|
|
dockerfile: Dockerfile
|
|
context: .
|
|
|
|
# Учетные данные (настройте в Drone secrets)
|
|
username:
|
|
from_secret: docker_username
|
|
password:
|
|
from_secret: docker_password
|
|
|
|
# Build args (опционально)
|
|
build_args:
|
|
- BUILD_DATE=${DRONE_BUILD_CREATED}
|
|
- VCS_REF=${DRONE_COMMIT_SHA}
|
|
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
|
|
|
|
when:
|
|
event:
|
|
- push
|
|
- tag
|
|
|
|
# Сканирование образа на уязвимости
|
|
- name: scan-image
|
|
image: aquasec/trivy
|
|
commands:
|
|
- trivy image --exit-code 0 --severity HIGH,CRITICAL registry.example.com/mc-panel:${DRONE_COMMIT_SHA:0:8}
|
|
when:
|
|
event:
|
|
- push
|
|
- tag
|
|
depends_on:
|
|
- build-and-push
|