arkonsadter
3a621b6d92
Some checks failed
continuous-integration/drone/push Build encountered an error
129 lines
3.6 KiB
Plaintext
129 lines
3.6 KiB
Plaintext
---
|
||
kind: pipeline
|
||
type: docker
|
||
name: code-quality
|
||
|
||
# Триггеры для пайплайна проверки качества
|
||
trigger:
|
||
event:
|
||
- push
|
||
- pull_request
|
||
|
||
steps:
|
||
# Проверка качества Python кода (только критические ошибки)
|
||
- name: python-lint
|
||
image: python:3.11-slim
|
||
commands:
|
||
- cd backend
|
||
- pip install flake8
|
||
- echo "Running flake8 (critical errors only)..."
|
||
- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
|
||
- echo "✅ Critical checks passed"
|
||
|
||
# Проверка качества JavaScript/React кода (опционально)
|
||
- name: frontend-lint
|
||
image: node:18-alpine
|
||
commands:
|
||
- cd frontend
|
||
- npm ci
|
||
- echo "Running ESLint (non-blocking)..."
|
||
- npm run lint || echo "⚠️ ESLint warnings found (non-blocking)"
|
||
- echo "✅ Frontend checks completed"
|
||
|
||
# Проверка безопасности зависимостей Python (опционально)
|
||
- name: python-security
|
||
image: python:3.11-slim
|
||
commands:
|
||
- cd backend
|
||
- pip install safety
|
||
- echo "Checking for known security vulnerabilities..."
|
||
- safety check --file=requirements.txt --exit-zero || echo "⚠️ Security warnings found (non-blocking)"
|
||
- echo "✅ Security checks completed"
|
||
|
||
# Проверка безопасности зависимостей Node.js
|
||
- name: frontend-security
|
||
image: node:18-alpine
|
||
commands:
|
||
- cd frontend
|
||
- npm ci
|
||
- echo "Running npm audit..."
|
||
- npm audit --audit-level=moderate || true
|
||
|
||
---
|
||
kind: pipeline
|
||
type: docker
|
||
name: build-and-publish
|
||
|
||
# Триггеры для пайплайна сборки
|
||
trigger:
|
||
event:
|
||
- push
|
||
- tag
|
||
branch:
|
||
- main
|
||
- master
|
||
- develop
|
||
|
||
# Зависимость от пайплайна проверки качества
|
||
depends_on:
|
||
- code-quality
|
||
|
||
steps:
|
||
# Сборка и публикация Docker образа
|
||
- name: build-and-push
|
||
image: plugins/docker
|
||
settings:
|
||
# Настройки реестра
|
||
registry: registry.nevetime.ru
|
||
repo: registry.nevetime.ru/mc-panel
|
||
|
||
# Теги для образа
|
||
tags:
|
||
- latest
|
||
- ${DRONE_COMMIT_SHA:0:8}
|
||
- ${DRONE_BRANCH}
|
||
|
||
# Автоматическое тегирование при push тега
|
||
auto_tag: true
|
||
auto_tag_suffix: ${DRONE_BUILD_NUMBER}
|
||
|
||
# Dockerfile
|
||
dockerfile: Dockerfile
|
||
context: .
|
||
|
||
# Учетные данные (настройте в Drone secrets)
|
||
username:
|
||
from_secret: docker_username
|
||
password:
|
||
from_secret: docker_password
|
||
|
||
# Build args (опционально)
|
||
build_args:
|
||
- BUILD_DATE=${DRONE_BUILD_CREATED}
|
||
- VCS_REF=${DRONE_COMMIT_SHA}
|
||
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}}
|
||
|
||
when:
|
||
event:
|
||
- push
|
||
- tag
|
||
|
||
# Сканирование образа на уязвимости (с авторизацией)
|
||
- name: scan-image
|
||
image: aquasec/trivy
|
||
environment:
|
||
TRIVY_USERNAME:
|
||
from_secret: docker_username
|
||
TRIVY_PASSWORD:
|
||
from_secret: docker_password
|
||
commands:
|
||
- echo "Scanning image for vulnerabilities..."
|
||
- trivy image --exit-code 0 --severity HIGH,CRITICAL --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
|
||
- echo "✅ Security scan completed"
|
||
when:
|
||
event:
|
||
- push
|
||
- tag
|
||
depends_on:
|
||
- build-and-push
|