kind: pipeline type: docker name: pyguardian-ci steps: # 1. Environment Setup and Dependency Installation - name: setup-environment image: python:3.11-slim commands: - echo "๐Ÿ”ง Setting up build environment..." - python --version - pip install --upgrade pip - apt-get update && apt-get install -y git curl - echo "โœ… Environment setup complete" when: event: - push - pull_request # 2. Install Dependencies - name: install-dependencies image: python:3.11-slim commands: - echo "๐Ÿ“ฆ Installing Python dependencies..." - pip install -r requirements.txt - pip install pytest pytest-cov pytest-asyncio flake8 black isort - echo "โœ… Dependencies installed" depends_on: - setup-environment # 3. Code Quality - Linting - name: lint-code image: python:3.11-slim commands: - echo "๐Ÿ” Running code linting..." - pip install flake8 black isort - echo "Running Black formatter check..." - black --check --diff src/ tests/ || true - echo "Running isort import check..." - isort --check-only --diff src/ tests/ || true - echo "Running flake8 linting..." - flake8 src/ tests/ --max-line-length=100 --ignore=E203,W503 || true - echo "โœ… Code linting complete" depends_on: - install-dependencies # 4. Unit Tests - name: unit-tests image: python:3.11-slim commands: - echo "๐Ÿงช Running unit tests..." - pip install -r requirements.txt pytest pytest-cov pytest-asyncio - export PYTHONPATH="${PWD}/src:${PYTHONPATH}" - python -m pytest tests/unit/ -v --tb=short || true - echo "โœ… Unit tests complete" depends_on: - lint-code # 5. Integration Tests - name: integration-tests image: python:3.11-slim commands: - echo "๐Ÿ”„ Running integration tests..." - pip install -r requirements.txt pytest pytest-asyncio - export PYTHONPATH="${PWD}/src:${PYTHONPATH}" - python -m pytest tests/integration/ -v --tb=short || true - echo "โœ… Integration tests complete" depends_on: - unit-tests # 6. End-to-End Tests - name: e2e-tests image: python:3.11-slim commands: - echo "๐ŸŽฏ Running end-to-end tests..." - pip install -r requirements.txt pytest pytest-asyncio - export PYTHONPATH="${PWD}/src:${PYTHONPATH}" - python -m pytest tests/e2e/ -v --tb=short || true - echo "โœ… E2E tests complete" depends_on: - integration-tests # 7. Test Coverage Report - name: coverage-report image: python:3.11-slim commands: - echo "๐Ÿ“Š Generating test coverage report..." - pip install -r requirements.txt pytest pytest-cov - export PYTHONPATH="${PWD}/src:${PYTHONPATH}" - python -m pytest tests/ --cov=src --cov-report=term-missing --cov-report=xml || true - echo "โœ… Coverage report generated" depends_on: - e2e-tests # 8. Security Scanning - name: security-scan image: python:3.11-slim commands: - echo "๐Ÿ›ก๏ธ Running security scans..." - pip install bandit safety - echo "Running Bandit security scanner..." - bandit -r src/ -f json -o bandit-report.json || true - echo "Running Safety dependency checker..." - safety check --json --output safety-report.json || true - echo "โœ… Security scans complete" depends_on: - coverage-report # 9. Docker Image Build - Controller - name: build-controller-image image: plugins/docker settings: repo: pyguardian tags: - controller-${DRONE_COMMIT_SHA:0:8} - controller-latest target: controller dockerfile: deployment/docker/Dockerfile build_args: - BUILD_DATE=${DRONE_BUILD_CREATED} - VCS_REF=${DRONE_COMMIT_SHA} - VERSION=${DRONE_TAG:-dev} depends_on: - security-scan when: event: - push branch: - main # 10. Docker Image Build - Agent - name: build-agent-image image: plugins/docker settings: repo: pyguardian tags: - agent-${DRONE_COMMIT_SHA:0:8} - agent-latest target: agent dockerfile: deployment/docker/Dockerfile build_args: - BUILD_DATE=${DRONE_BUILD_CREATED} - VCS_REF=${DRONE_COMMIT_SHA} - VERSION=${DRONE_TAG:-dev} depends_on: - security-scan when: event: - push branch: - main # 11. Docker Image Security Scan - name: scan-docker-images image: aquasec/trivy commands: - echo "๐Ÿ”’ Scanning Docker images for vulnerabilities..." - trivy image --exit-code 0 --severity HIGH,CRITICAL pyguardian:controller-latest || true - trivy image --exit-code 0 --severity HIGH,CRITICAL pyguardian:agent-latest || true - echo "โœ… Docker image security scan complete" depends_on: - build-controller-image - build-agent-image # 12. Build Documentation - name: build-docs image: python:3.11-slim commands: - echo "๐Ÿ“š Building documentation..." - pip install mkdocs mkdocs-material mkdocs-git-revision-date-localized-plugin - echo "Testing MkDocs configuration..." - mkdocs build --clean --strict - echo "โœ… Documentation built successfully" depends_on: - scan-docker-images # 13. Deploy Documentation to GitHub Pages (only on main branch) - name: deploy-docs image: python:3.11-slim commands: - echo "๐Ÿš€ Deploying documentation to GitHub Pages..." - apt-get update && apt-get install -y git - pip install mkdocs mkdocs-material mkdocs-git-revision-date-localized-plugin - git config --global user.email "drone@smartsoltech.com" - git config --global user.name "Drone CI" - mkdocs gh-deploy --force --message "Deploy docs for commit ${DRONE_COMMIT_SHA:0:8}" || echo "โš ๏ธ Documentation deployment failed" - echo "โœ… Documentation deployment attempted" depends_on: - build-docs when: event: - push branch: - main # 14. Performance Testing - name: performance-tests image: python:3.11-slim commands: - echo "โšก Running performance tests..." - pip install -r requirements.txt - echo "Running performance benchmarks..." - python -c " import time start = time.time() # Simulate performance test for i in range(1000): pass end = time.time() print(f'Performance test completed in {end-start:.3f}s') " - echo "โœ… Performance tests complete" depends_on: - deploy-docs # Trigger Configuration trigger: event: - push - pull_request - tag branch: exclude: - feature/* - experimental/* # Global Environment Variables environment: PYTHONPATH: "/drone/src" PYTEST_CURRENT_TEST: "true" CI: "true" DRONE_BUILD: "true" steps: # Code quality and testing pipeline - name: lint-and-test image: python:3.11-slim environment: PYTHONPATH: /drone/src commands: # Install system dependencies - apt-get update && apt-get install -y git curl # Install Python dependencies - pip install --upgrade pip - pip install -r requirements.txt - pip install pytest pytest-asyncio pytest-cov flake8 black mypy # Code formatting check - black --check src/ tests/ # Lint code - flake8 src/ --max-line-length=88 --extend-ignore=E203,W503 # Type checking - mypy src/ --ignore-missing-imports # Run unit tests with coverage - pytest tests/unit/ -v --cov=src --cov-report=xml --cov-report=term # Security check for dependencies - pip install safety - safety check # Integration tests - name: integration-tests image: python:3.11-slim environment: PYTHONPATH: /drone/src TEST_DATABASE_URL: sqlite:///tmp/test.db commands: - apt-get update && apt-get install -y iptables curl - pip install -r requirements.txt - pip install pytest pytest-asyncio - pytest tests/integration/ -v depends_on: - lint-and-test # Build Docker images - name: build-docker-images image: docker:24-dind environment: DOCKER_BUILDKIT: 1 volumes: - name: docker-sock path: /var/run/docker.sock commands: # Build controller image - docker build -f deployment/docker/Dockerfile --target controller -t pyguardian:controller-${DRONE_COMMIT_SHA:0:8} . # Build agent image - docker build -f deployment/docker/Dockerfile --target agent -t pyguardian:agent-${DRONE_COMMIT_SHA:0:8} . # Build standalone image - docker build -f deployment/docker/Dockerfile --target standalone -t pyguardian:standalone-${DRONE_COMMIT_SHA:0:8} . # Test images can start - timeout 30 docker run --rm pyguardian:standalone-${DRONE_COMMIT_SHA:0:8} python --version depends_on: - integration-tests # Security scanning - name: security-scan image: aquasec/trivy:latest commands: # Scan for vulnerabilities in built images - trivy image --no-progress --severity HIGH,CRITICAL pyguardian:controller-${DRONE_COMMIT_SHA:0:8} - trivy image --no-progress --severity HIGH,CRITICAL pyguardian:agent-${DRONE_COMMIT_SHA:0:8} depends_on: - build-docker-images failure: ignore # Don't fail build on security issues, but report them # End-to-end tests - name: e2e-tests image: docker/compose:latest environment: COMPOSE_FILE: deployment/docker/docker-compose.yml TELEGRAM_BOT_TOKEN: test_token CLUSTER_SECRET: test_secret volumes: - name: docker-sock path: /var/run/docker.sock commands: # Start services - docker-compose -f deployment/docker/docker-compose.yml up -d # Wait for services to be ready - sleep 30 # Run E2E tests - python tests/e2e/test_cluster_communication.py # Cleanup - docker-compose -f deployment/docker/docker-compose.yml down -v depends_on: - build-docker-images failure: ignore # E2E tests are flaky in CI # Documentation build - name: build-docs image: python:3.11-slim commands: - pip install mkdocs mkdocs-material - mkdocs build --strict depends_on: - lint-and-test # Package creation - name: create-packages image: python:3.11-slim commands: # Create installation package - tar -czf pyguardian-${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}.tar.gz \ src/ config/ main.py requirements.txt deployment/scripts/ # Create checksums - sha256sum pyguardian-${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}.tar.gz > checksums.txt depends_on: - build-docker-images - build-docs # Release workflow (only on tags) - name: docker-registry-push image: docker:24-dind environment: REGISTRY: from_secret: docker_registry REGISTRY_USERNAME: from_secret: docker_username REGISTRY_PASSWORD: from_secret: docker_password volumes: - name: docker-sock path: /var/run/docker.sock commands: # Login to registry - docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $REGISTRY # Tag and push images - docker tag pyguardian:controller-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:controller-${DRONE_TAG} - docker tag pyguardian:agent-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:agent-${DRONE_TAG} - docker tag pyguardian:standalone-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:standalone-${DRONE_TAG} - docker push $REGISTRY/pyguardian:controller-${DRONE_TAG} - docker push $REGISTRY/pyguardian:agent-${DRONE_TAG} - docker push $REGISTRY/pyguardian:standalone-${DRONE_TAG} # Also tag as latest if this is a release - | if [ "$DRONE_TAG" != "" ]; then docker tag pyguardian:controller-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:controller-latest docker tag pyguardian:agent-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:agent-latest docker tag pyguardian:standalone-${DRONE_COMMIT_SHA:0:8} $REGISTRY/pyguardian:standalone-latest docker push $REGISTRY/pyguardian:controller-latest docker push $REGISTRY/pyguardian:agent-latest docker push $REGISTRY/pyguardian:standalone-latest fi depends_on: - create-packages when: event: - tag # GitHub Release - name: github-release image: plugins/github-release settings: api_key: from_secret: github_token files: - pyguardian-*.tar.gz - checksums.txt title: "PyGuardian ${DRONE_TAG}" note: | ## PyGuardian Release ${DRONE_TAG} ### Features - Advanced agent authentication with JWT tokens - Centralized cluster management - Secure API endpoints for agent communication - Docker containerization support ### Installation ```bash # Download and extract wget https://github.com/SmartSolTech/PyGuardian/releases/download/${DRONE_TAG}/pyguardian-${DRONE_TAG}.tar.gz tar -xzf pyguardian-${DRONE_TAG}.tar.gz # Install sudo ./deployment/scripts/install.sh ``` ### Docker ```bash # Pull images docker pull ${REGISTRY}/pyguardian:controller-${DRONE_TAG} docker pull ${REGISTRY}/pyguardian:agent-${DRONE_TAG} # Run with docker-compose curl -O https://raw.githubusercontent.com/SmartSolTech/PyGuardian/${DRONE_TAG}/deployment/docker/docker-compose.yml docker-compose up -d ``` depends_on: - docker-registry-push when: event: - tag # Deployment notification - name: notify-deployment image: plugins/webhook settings: urls: from_secret: deployment_webhook content_type: application/json template: | { "text": "๐Ÿš€ PyGuardian ${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}} deployed successfully!", "attachments": [{ "color": "good", "fields": [{ "title": "Version", "value": "${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}", "short": true }, { "title": "Commit", "value": "${DRONE_COMMIT_MESSAGE}", "short": false }] }] } depends_on: - github-release when: status: - success event: - tag # Volumes for Docker in Docker volumes: - name: docker-sock host: path: /var/run/docker.sock --- # Separate pipeline for nightly builds kind: pipeline type: docker name: nightly-security-scan trigger: cron: - nightly-security steps: - name: dependency-security-scan image: python:3.11-slim commands: - pip install safety bandit semgrep # Check for known vulnerable dependencies - safety check --json --output safety-report.json || true # Static security analysis - bandit -r src/ -f json -o bandit-report.json || true # Semgrep security rules - semgrep --config=auto src/ --json --output semgrep-report.json || true # Upload results to security dashboard - python deployment/scripts/upload-security-reports.py - name: container-security-scan image: aquasec/trivy:latest commands: # Build fresh images - docker build -t pyguardian:security-scan . # Comprehensive vulnerability scan - trivy image --format json --output trivy-report.json pyguardian:security-scan # Upload to security dashboard - python deployment/scripts/upload-trivy-report.py --- # Documentation deployment pipeline kind: pipeline type: docker name: docs-deployment trigger: branch: - main path: include: - "documentation/**" - "*.md" steps: - name: build-and-deploy-docs image: python:3.11-slim environment: GITHUB_TOKEN: from_secret: github_token commands: - pip install mkdocs mkdocs-material mkdocs-git-revision-date-localized-plugin - mkdocs gh-deploy --force