arkonsadter
e4bbf50725
Some checks failed
continuous-integration/drone/push Build encountered an error
354 lines
9.3 KiB
YAML
354 lines
9.3 KiB
YAML
---
|
||
kind: pipeline
|
||
type: docker
|
||
name: code-quality
|
||
|
||
trigger:
|
||
event:
|
||
- push
|
||
- pull_request
|
||
|
||
steps:
|
||
# Проверка качества Python кода
|
||
- name: python-lint
|
||
image: python:3.11-slim
|
||
commands:
|
||
- cd backend
|
||
- pip install --no-cache-dir flake8 black isort
|
||
- echo "Running flake8 linting..."
|
||
- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
|
||
- echo "Checking code formatting with black..."
|
||
- black --check --diff . || echo "⚠️ Code formatting issues found"
|
||
- echo "Checking import sorting..."
|
||
- isort --check-only --diff . || echo "⚠️ Import sorting issues found"
|
||
- echo "✅ Python checks completed"
|
||
|
||
# Проверка качества Frontend кода
|
||
- name: frontend-lint
|
||
image: node:20-alpine
|
||
commands:
|
||
- cd frontend
|
||
- npm ci --silent
|
||
- echo "Running TypeScript compilation check..."
|
||
- npx tsc --noEmit || echo "⚠️ TypeScript errors found"
|
||
- echo "Running ESLint..."
|
||
- npm run lint || echo "⚠️ ESLint warnings found (non-blocking)"
|
||
- echo "✅ Frontend checks completed"
|
||
|
||
# Тестирование Backend
|
||
- name: python-tests
|
||
image: python:3.11-slim
|
||
commands:
|
||
- cd backend
|
||
- pip install --no-cache-dir -r requirements.txt pytest pytest-asyncio pytest-cov
|
||
- echo "Running Python tests..."
|
||
- python -m pytest tests/ -v --cov=. --cov-report=term-missing || echo "⚠️ Some tests failed (non-blocking)"
|
||
- echo "✅ Python tests completed"
|
||
when:
|
||
event:
|
||
- push
|
||
- pull_request
|
||
|
||
# Тестирование Frontend
|
||
- name: frontend-tests
|
||
image: node:20-alpine
|
||
commands:
|
||
- cd frontend
|
||
- npm ci --silent
|
||
- echo "Running frontend tests..."
|
||
- npm test -- --run --reporter=verbose || echo "⚠️ Some frontend tests failed (non-blocking)"
|
||
- echo "✅ Frontend tests completed"
|
||
when:
|
||
event:
|
||
- push
|
||
- pull_request
|
||
|
||
# Проверка безопасности Python зависимостей
|
||
- name: python-security
|
||
image: python:3.11-slim
|
||
commands:
|
||
- cd backend
|
||
- pip install --no-cache-dir safety bandit
|
||
- echo "Checking for known security vulnerabilities..."
|
||
- safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found"
|
||
- echo "Running bandit security analysis..."
|
||
- bandit -r . -f json -o bandit-report.json || echo "⚠️ Security issues found"
|
||
- echo "✅ Security checks completed"
|
||
|
||
# Проверка безопасности Frontend зависимостей
|
||
- name: frontend-security
|
||
image: node:20-alpine
|
||
commands:
|
||
- cd frontend
|
||
- npm ci --silent
|
||
- echo "Running npm audit..."
|
||
- npm audit --audit-level=moderate || echo "⚠️ Security warnings found"
|
||
- echo "✅ Frontend security checks completed"
|
||
|
||
---
|
||
kind: pipeline
|
||
type: docker
|
||
name: build-frontend
|
||
|
||
trigger:
|
||
event:
|
||
- push
|
||
- tag
|
||
branch:
|
||
- main
|
||
- master
|
||
- develop
|
||
|
||
depends_on:
|
||
- code-quality
|
||
|
||
steps:
|
||
# Сборка Frontend
|
||
- name: build-frontend
|
||
image: node:20-alpine
|
||
commands:
|
||
- cd frontend
|
||
- echo "Installing frontend dependencies..."
|
||
- npm ci --silent
|
||
- echo "Building frontend for production..."
|
||
- npm run build
|
||
- echo "Frontend build size:"
|
||
- du -sh dist/
|
||
- echo "✅ Frontend build completed"
|
||
volumes:
|
||
- name: frontend-dist
|
||
path: /drone/src/frontend/dist
|
||
|
||
# Сохранение артефактов Frontend
|
||
- name: save-frontend-artifacts
|
||
image: alpine:latest
|
||
commands:
|
||
- echo "Saving frontend build artifacts..."
|
||
- tar -czf frontend-dist.tar.gz -C frontend dist/
|
||
- ls -la frontend-dist.tar.gz
|
||
- echo "✅ Frontend artifacts saved"
|
||
volumes:
|
||
- name: frontend-dist
|
||
path: /drone/src/frontend/dist
|
||
depends_on:
|
||
- build-frontend
|
||
|
||
volumes:
|
||
- name: frontend-dist
|
||
temp: {}
|
||
|
||
---
|
||
kind: pipeline
|
||
type: docker
|
||
name: build-and-publish
|
||
|
||
trigger:
|
||
event:
|
||
- push
|
||
- tag
|
||
branch:
|
||
- main
|
||
- master
|
||
- develop
|
||
|
||
depends_on:
|
||
- code-quality
|
||
- build-frontend
|
||
|
||
steps:
|
||
# Сборка и публикация полного Docker образа
|
||
- name: build-and-push
|
||
image: plugins/docker
|
||
settings:
|
||
registry: registry.nevetime.ru
|
||
repo: registry.nevetime.ru/mc-panel
|
||
tags:
|
||
- latest
|
||
- ${DRONE_COMMIT_SHA:0:8}
|
||
- ${DRONE_BRANCH}
|
||
auto_tag: true
|
||
dockerfile: Dockerfile
|
||
context: .
|
||
username:
|
||
from_secret: docker_username
|
||
password:
|
||
from_secret: docker_password
|
||
build_args:
|
||
- BUILD_DATE=${DRONE_BUILD_CREATED}
|
||
- VCS_REF=${DRONE_COMMIT_SHA}
|
||
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}}
|
||
- FRONTEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
|
||
- BACKEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
|
||
when:
|
||
event:
|
||
- push
|
||
- tag
|
||
|
||
# Тестирование собранного образа
|
||
- name: test-image
|
||
image: docker:dind
|
||
volumes:
|
||
- name: docker-sock
|
||
path: /var/run/docker.sock
|
||
commands:
|
||
- echo "Testing built Docker image..."
|
||
- docker run --rm -d --name mc-panel-test -p 8001:8000 registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
|
||
- sleep 30
|
||
- echo "Checking if application is responding..."
|
||
- docker exec mc-panel-test curl -f http://localhost:8000/ || echo "⚠️ Health check failed"
|
||
- docker stop mc-panel-test
|
||
- echo "✅ Image test completed"
|
||
when:
|
||
event:
|
||
- push
|
||
- tag
|
||
depends_on:
|
||
- build-and-push
|
||
|
||
# Сканирование образа на уязвимости
|
||
- name: scan-image
|
||
image: aquasec/trivy:latest
|
||
environment:
|
||
TRIVY_USERNAME:
|
||
from_secret: docker_username
|
||
TRIVY_PASSWORD:
|
||
from_secret: docker_password
|
||
commands:
|
||
- echo "Scanning image for vulnerabilities..."
|
||
- trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
|
||
- echo "Generating detailed security report..."
|
||
- trivy image --format json --output trivy-report.json --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} || true
|
||
- echo "✅ Security scan completed"
|
||
when:
|
||
event:
|
||
- push
|
||
- tag
|
||
depends_on:
|
||
- build-and-push
|
||
|
||
volumes:
|
||
- name: docker-sock
|
||
host:
|
||
path: /var/run/docker.sock
|
||
|
||
---
|
||
kind: pipeline
|
||
type: docker
|
||
name: deploy-staging
|
||
|
||
trigger:
|
||
event:
|
||
- push
|
||
branch:
|
||
- develop
|
||
|
||
depends_on:
|
||
- build-and-publish
|
||
|
||
steps:
|
||
# Деплой на staging окружение
|
||
- name: deploy-to-staging
|
||
image: alpine:latest
|
||
environment:
|
||
STAGING_HOST:
|
||
from_secret: staging_host
|
||
STAGING_USER:
|
||
from_secret: staging_user
|
||
STAGING_KEY:
|
||
from_secret: staging_ssh_key
|
||
commands:
|
||
- apk add --no-cache openssh-client
|
||
- echo "Deploying to staging environment..."
|
||
- echo "$STAGING_KEY" | base64 -d > /tmp/ssh_key
|
||
- chmod 600 /tmp/ssh_key
|
||
- ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $STAGING_USER@$STAGING_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} && docker-compose -f /opt/mc-panel/docker-compose.staging.yml up -d"
|
||
- echo "✅ Staging deployment completed"
|
||
when:
|
||
event:
|
||
- push
|
||
branch:
|
||
- develop
|
||
|
||
---
|
||
kind: pipeline
|
||
type: docker
|
||
name: deploy-production
|
||
|
||
trigger:
|
||
event:
|
||
- tag
|
||
ref:
|
||
- refs/tags/v*
|
||
|
||
depends_on:
|
||
- build-and-publish
|
||
|
||
steps:
|
||
# Деплой на production окружение
|
||
- name: deploy-to-production
|
||
image: alpine:latest
|
||
environment:
|
||
PROD_HOST:
|
||
from_secret: production_host
|
||
PROD_USER:
|
||
from_secret: production_user
|
||
PROD_KEY:
|
||
from_secret: production_ssh_key
|
||
commands:
|
||
- apk add --no-cache openssh-client
|
||
- echo "Deploying to production environment..."
|
||
- echo "$PROD_KEY" | base64 -d > /tmp/ssh_key
|
||
- chmod 600 /tmp/ssh_key
|
||
- ssh -o StrictHostKeyChecking=no -i /tmp/ssh_key $PROD_USER@$PROD_HOST "docker pull registry.nevetime.ru/mc-panel:${DRONE_TAG} && docker-compose -f /opt/mc-panel/docker-compose.prod.yml up -d"
|
||
- echo "✅ Production deployment completed"
|
||
when:
|
||
event:
|
||
- tag
|
||
|
||
---
|
||
kind: pipeline
|
||
type: docker
|
||
name: notify
|
||
|
||
trigger:
|
||
event:
|
||
- push
|
||
- tag
|
||
- pull_request
|
||
status:
|
||
- success
|
||
- failure
|
||
|
||
depends_on:
|
||
- code-quality
|
||
- build-frontend
|
||
- build-and-publish
|
||
|
||
steps:
|
||
# Уведомления о результатах сборки
|
||
- name: notify-telegram
|
||
image: appleboy/drone-telegram
|
||
settings:
|
||
token:
|
||
from_secret: telegram_bot_token
|
||
to:
|
||
from_secret: telegram_chat_id
|
||
format: markdown
|
||
message: >
|
||
{{#success build.status}}
|
||
✅ **MC Panel Build Success**
|
||
{{else}}
|
||
❌ **MC Panel Build Failed**
|
||
{{/success}}
|
||
|
||
**Repository:** {{repo.name}}
|
||
**Branch:** {{build.branch}}
|
||
**Commit:** {{build.commit}}
|
||
**Author:** {{build.author}}
|
||
**Message:** {{build.message}}
|
||
**Build:** [#{{build.number}}]({{build.link}})
|
||
when:
|
||
status:
|
||
- success
|
||
- failure
|