diff --git a/.drone.yml b/.drone.yml index cfec609..fae8b25 100644 --- a/.drone.yml +++ b/.drone.yml @@ -200,7 +200,8 @@ steps: - echo "⚡ Running performance tests..." - pip install -r requirements.txt - echo "Running performance benchmarks..." - - python -c " + - | + python -c " import time start = time.time() # Simulate performance test @@ -224,6 +225,22 @@ trigger: - feature/* - experimental/* +# Services for testing +services: + - name: redis + image: redis:7-alpine + when: + event: + - push + branch: + - main + +# Volume Configuration +volumes: + - name: docker-socket + host: + path: /var/run/docker.sock + # Global Environment Variables environment: PYTHONPATH: "/drone/src" @@ -231,319 +248,6 @@ environment: CI: "true" DRONE_BUILD: "true" -steps: - # Code quality and testing pipeline - - name: lint-and-test - image: python:3.11-slim - environment: - PYTHONPATH: /drone/src - commands: - # Install system dependencies - - apt-get update && apt-get install -y git curl - - # Install Python dependencies - - pip install --upgrade pip - - pip install -r requirements.txt - - pip install pytest pytest-asyncio pytest-cov flake8 black mypy - - # Code formatting check - - black --check src/ tests/ - - # Lint code - - flake8 src/ --max-line-length=88 --extend-ignore=E203,W503 - - # Type checking - - mypy src/ --ignore-missing-imports - - # Run unit tests with coverage - - pytest tests/unit/ -v --cov=src --cov-report=xml --cov-report=term - - # Security check for dependencies - - pip install safety - - safety check - - # Integration tests - - name: integration-tests - image: python:3.11-slim - environment: - PYTHONPATH: /drone/src - TEST_DATABASE_URL: sqlite:///tmp/test.db - commands: - - apt-get update && apt-get install -y iptables curl - - pip install -r requirements.txt - - pip install pytest pytest-asyncio - - pytest tests/integration/ -v - depends_on: - - lint-and-test - - # Build Docker images - - name: build-docker-images - image: docker:24-dind - environment: - DOCKER_BUILDKIT: 1 - volumes: - - name: docker-sock - path: /var/run/docker.sock - commands: - # Build controller image - - docker build -f deployment/docker/Dockerfile --target controller -t pyguardian:controller-${DRONE_COMMIT_SHA:0:8} . - - # Build agent image - - docker build -f deployment/docker/Dockerfile --target agent -t pyguardian:agent-${DRONE_COMMIT_SHA:0:8} . - - # Build standalone image - - docker build -f deployment/docker/Dockerfile --target standalone -t pyguardian:standalone-${DRONE_COMMIT_SHA:0:8} . - - # Test images can start - - timeout 30 docker run --rm pyguardian:standalone-${DRONE_COMMIT_SHA:0:8} python --version - depends_on: - - integration-tests - - # Security scanning - - name: security-scan - image: aquasec/trivy:latest - commands: - # Scan for vulnerabilities in built images - - trivy image --no-progress --severity HIGH,CRITICAL pyguardian:controller-${DRONE_COMMIT_SHA:0:8} - - trivy image --no-progress --severity HIGH,CRITICAL pyguardian:agent-${DRONE_COMMIT_SHA:0:8} - depends_on: - - build-docker-images - failure: ignore # Don't fail build on security issues, but report them - - # End-to-end tests - - name: e2e-tests - image: docker/compose:latest - environment: - COMPOSE_FILE: deployment/docker/docker-compose.yml - TELEGRAM_BOT_TOKEN: test_token - CLUSTER_SECRET: test_secret - volumes: - - name: docker-sock - path: /var/run/docker.sock - commands: - # Start services - - docker-compose -f deployment/docker/docker-compose.yml up -d - - # Wait for services to be ready - - sleep 30 - - # Run E2E tests - - python tests/e2e/test_cluster_communication.py - - # Cleanup - - docker-compose -f deployment/docker/docker-compose.yml down -v - depends_on: - - build-docker-images - failure: ignore # E2E tests are flaky in CI - - # Documentation build - - name: build-docs - image: python:3.11-slim - commands: - - pip install mkdocs mkdocs-material - - mkdocs build --strict - depends_on: - - lint-and-test - - # Package creation - - name: create-packages - image: python:3.11-slim - commands: - # Create installation package - - tar -czf pyguardian-${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}.tar.gz \ - src/ config/ main.py requirements.txt deployment/scripts/ - - # Create checksums - - sha256sum pyguardian-${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}.tar.gz > checksums.txt - depends_on: - - build-docker-images - - build-docs - - # Release workflow (only on tags) - - name: docker-registry-push - image: docker:24-dind - environment: - REGISTRY: - from_secret: docker_registry - REGISTRY_USERNAME: - from_secret: docker_username - REGISTRY_PASSWORD: - from_secret: docker_password - volumes: - - name: docker-sock - path: /var/run/docker.sock - commands: - # Login to registry - - docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $REGISTRY - - # Tag and push images - - docker tag pyguardian:controller-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:controller-${DRONE_TAG} - - docker tag pyguardian:agent-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:agent-${DRONE_TAG} - - docker tag pyguardian:standalone-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:standalone-${DRONE_TAG} - - - docker push $REGISTRY/pyguardian:controller-${DRONE_TAG} - - docker push $REGISTRY/pyguardian:agent-${DRONE_TAG} - - docker push $REGISTRY/pyguardian:standalone-${DRONE_TAG} - - # Also tag as latest if this is a release - - | - if [ "$DRONE_TAG" != "" ]; then - docker tag pyguardian:controller-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:controller-latest - docker tag pyguardian:agent-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:agent-latest - docker tag pyguardian:standalone-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:standalone-latest - - docker push $REGISTRY/pyguardian:controller-latest - docker push $REGISTRY/pyguardian:agent-latest - docker push $REGISTRY/pyguardian:standalone-latest - fi - depends_on: - - create-packages - when: - event: - - tag - - # GitHub Release - - name: github-release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - files: - - pyguardian-*.tar.gz - - checksums.txt - title: "PyGuardian ${DRONE_TAG}" - note: | - ## PyGuardian Release ${DRONE_TAG} - - ### Features - - Advanced agent authentication with JWT tokens - - Centralized cluster management - - Secure API endpoints for agent communication - - Docker containerization support - - ### Installation - ```bash - # Download and extract - wget https://github.com/SmartSolTech/PyGuardian/releases/download/${DRONE_TAG}/pyguardian-${DRONE_TAG}.tar.gz - tar -xzf pyguardian-${DRONE_TAG}.tar.gz - - # Install - sudo ./deployment/scripts/install.sh - ``` - - ### Docker - ```bash - # Pull images - docker pull ${REGISTRY}/pyguardian:controller-${DRONE_TAG} - docker pull ${REGISTRY}/pyguardian:agent-${DRONE_TAG} - - # Run with docker-compose - curl -O https://raw.githubusercontent.com/SmartSolTech/PyGuardian/${DRONE_TAG}/deployment/docker/docker-compose.yml - docker-compose up -d - ``` - depends_on: - - docker-registry-push - when: - event: - - tag - - # Deployment notification - - name: notify-deployment - image: plugins/webhook - settings: - urls: - from_secret: deployment_webhook - content_type: application/json - template: | - { - "text": "🚀 PyGuardian ${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}} deployed successfully!", - "attachments": [{ - "color": "good", - "fields": [{ - "title": "Version", - "value": "${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}", - "short": true - }, { - "title": "Commit", - "value": "${DRONE_COMMIT_MESSAGE}", - "short": false - }] - }] - } - depends_on: - - github-release - when: - status: - - success - event: - - tag - -# Volumes for Docker in Docker -volumes: - - name: docker-sock - host: - path: /var/run/docker.sock - ---- -# Separate pipeline for nightly builds -kind: pipeline -type: docker -name: nightly-security-scan - -trigger: - cron: - - nightly-security - -steps: - - name: dependency-security-scan - image: python:3.11-slim - commands: - - pip install safety bandit semgrep - - # Check for known vulnerable dependencies - - safety check --json --output safety-report.json || true - - # Static security analysis - - bandit -r src/ -f json -o bandit-report.json || true - - # Semgrep security rules - - semgrep --config=auto src/ --json --output semgrep-report.json || true - - # Upload results to security dashboard - - python deployment/scripts/upload-security-reports.py - - - name: container-security-scan - image: aquasec/trivy:latest - commands: - # Build fresh images - - docker build -t pyguardian:security-scan . - - # Comprehensive vulnerability scan - - trivy image --format json --output trivy-report.json pyguardian:security-scan - - # Upload to security dashboard - - python deployment/scripts/upload-trivy-report.py - ---- -# Documentation deployment pipeline -kind: pipeline -type: docker -name: docs-deployment - -trigger: - branch: - - main - path: - include: - - "documentation/**" - - "*.md" - -steps: - - name: build-and-deploy-docs - image: python:3.11-slim - environment: - GITHUB_TOKEN: - from_secret: github_token - commands: - - pip install mkdocs mkdocs-material mkdocs-git-revision-date-localized-plugin - - mkdocs gh-deploy --force \ No newline at end of file +# Node Configuration +node: + runner: docker \ No newline at end of file