CI/CD pipeline

.drone.yml

@@ -0,0 +1,284 @@
+kind: pipeline
+type: docker
+name: women-safety-backend
+
+steps:
+  # Install dependencies and lint
+  - name: setup
+    image: python:3.11-slim
+    commands:
+      - apt-get update && apt-get install -y curl
+      - pip install --upgrade pip
+      - pip install -r requirements.txt
+      - pip install pytest-cov
+
+  # Code quality checks
+  - name: lint
+    image: python:3.11-slim
+    depends_on: [setup]
+    commands:
+      - pip install -r requirements.txt
+      - black --check .
+      - flake8 .
+      - isort --check-only .
+
+  # Type checking
+  - name: type-check
+    image: python:3.11-slim
+    depends_on: [setup]
+    commands:
+      - pip install -r requirements.txt
+      - mypy services/ --ignore-missing-imports
+
+  # Security checks
+  - name: security
+    image: python:3.11-slim
+    depends_on: [setup]
+    commands:
+      - pip install -r requirements.txt
+      - pip install safety bandit
+      - safety check --json || true
+      - bandit -r services/ -f json || true
+
+  # Unit tests
+  - name: test
+    image: python:3.11-slim
+    depends_on: [setup]
+    environment:
+      DATABASE_URL: postgresql://test:test@postgres:5432/test_db
+      REDIS_URL: redis://redis:6379/0
+      JWT_SECRET_KEY: test-secret-key
+    commands:
+      - pip install -r requirements.txt
+      - python -m pytest tests/ -v --cov=services --cov-report=xml --cov-report=term
+
+  # Build Docker images
+  - name: build-user-service
+    image: plugins/docker
+    depends_on: [lint, type-check, test]
+    settings:
+      repo: women-safety/user-service
+      tags: 
+        - latest
+        - ${DRONE_COMMIT_SHA:0:7}
+      dockerfile: services/user_service/Dockerfile
+      context: .
+    when:
+      branch: [main, develop]
+
+  - name: build-emergency-service
+    image: plugins/docker
+    depends_on: [lint, type-check, test]
+    settings:
+      repo: women-safety/emergency-service
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA:0:7}
+      dockerfile: services/emergency_service/Dockerfile
+      context: .
+    when:
+      branch: [main, develop]
+
+  - name: build-location-service
+    image: plugins/docker
+    depends_on: [lint, type-check, test]
+    settings:
+      repo: women-safety/location-service
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA:0:7}
+      dockerfile: services/location_service/Dockerfile
+      context: .
+    when:
+      branch: [main, develop]
+
+  - name: build-calendar-service
+    image: plugins/docker
+    depends_on: [lint, type-check, test]
+    settings:
+      repo: women-safety/calendar-service
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA:0:7}
+      dockerfile: services/calendar_service/Dockerfile
+      context: .
+    when:
+      branch: [main, develop]
+
+  - name: build-notification-service
+    image: plugins/docker
+    depends_on: [lint, type-check, test]
+    settings:
+      repo: women-safety/notification-service
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA:0:7}
+      dockerfile: services/notification_service/Dockerfile
+      context: .
+    when:
+      branch: [main, develop]
+
+  - name: build-api-gateway
+    image: plugins/docker
+    depends_on: [lint, type-check, test]
+    settings:
+      repo: women-safety/api-gateway
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA:0:7}
+      dockerfile: services/api_gateway/Dockerfile
+      context: .
+    when:
+      branch: [main, develop]
+
+  # Integration tests with real services
+  - name: integration-test
+    image: docker/compose:latest
+    depends_on: 
+      - build-user-service
+      - build-emergency-service
+      - build-location-service
+      - build-calendar-service
+      - build-notification-service
+      - build-api-gateway
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - docker-compose -f docker-compose.test.yml up -d
+      - sleep 30
+      - docker-compose -f docker-compose.test.yml exec -T api-gateway curl -f http://localhost:8000/health
+      - docker-compose -f docker-compose.test.yml exec -T user-service curl -f http://localhost:8001/api/v1/health
+      - docker-compose -f docker-compose.test.yml down
+
+  # Deploy to staging
+  - name: deploy-staging
+    image: plugins/ssh
+    depends_on: [integration-test]
+    settings:
+      host:
+        from_secret: staging_host
+      username:
+        from_secret: staging_user
+      key:
+        from_secret: staging_ssh_key
+      script:
+        - cd /opt/women-safety-backend
+        - docker-compose pull
+        - docker-compose up -d
+        - docker system prune -f
+    when:
+      branch: [develop]
+
+  # Deploy to production
+  - name: deploy-production
+    image: plugins/ssh
+    depends_on: [integration-test]
+    settings:
+      host:
+        from_secret: production_host
+      username:
+        from_secret: production_user
+      key:
+        from_secret: production_ssh_key
+      script:
+        - cd /opt/women-safety-backend
+        - docker-compose -f docker-compose.prod.yml pull
+        - docker-compose -f docker-compose.prod.yml up -d
+        - docker system prune -f
+    when:
+      branch: [main]
+      event: [push]
+
+  # Send notifications
+  - name: notify-slack
+    image: plugins/slack
+    depends_on: 
+      - deploy-staging
+      - deploy-production
+    settings:
+      webhook:
+        from_secret: slack_webhook
+      channel: women-safety-deployments
+      username: DroneCI
+      template: >
+        {{#success build.status}}
+          ✅ Build #{{build.number}} succeeded for {{repo.name}}
+          📋 Commit: {{build.commit}}
+          🌿 Branch: {{build.branch}}
+          ⏱️ Duration: {{build.duration}}
+          🔗 {{build.link}}
+        {{else}}
+          ❌ Build #{{build.number}} failed for {{repo.name}}
+          📋 Commit: {{build.commit}}
+          🌿 Branch: {{build.branch}}
+          💥 Failed at: {{build.failedSteps}}
+          🔗 {{build.link}}
+        {{/success}}
+    when:
+      status: [success, failure]
+
+services:
+  # Test database
+  - name: postgres
+    image: postgres:15
+    environment:
+      POSTGRES_DB: test_db
+      POSTGRES_USER: test
+      POSTGRES_PASSWORD: test
+      POSTGRES_HOST_AUTH_METHOD: trust
+
+  # Test Redis
+  - name: redis
+    image: redis:7-alpine
+
+  # Test Kafka
+  - name: kafka
+    image: confluentinc/cp-kafka:latest
+    environment:
+      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
+      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092
+      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
+
+  - name: zookeeper
+    image: confluentinc/cp-zookeeper:latest
+    environment:
+      ZOOKEEPER_CLIENT_PORT: 2181
+      ZOOKEEPER_TICK_TIME: 2000
+
+---
+kind: pipeline
+type: docker
+name: vulnerability-scan
+
+trigger:
+  cron: [nightly]
+
+steps:
+  - name: trivy-scan
+    image: aquasec/trivy:latest
+    commands:
+      - trivy image women-safety/user-service:latest
+      - trivy image women-safety/emergency-service:latest
+      - trivy image women-safety/location-service:latest
+      - trivy image women-safety/calendar-service:latest
+      - trivy image women-safety/notification-service:latest
+      - trivy image women-safety/api-gateway:latest
+
+---
+kind: pipeline
+type: docker
+name: performance-test
+
+trigger:
+  cron: [weekly]
+
+steps:
+  - name: load-test
+    image: loadimpact/k6:latest
+    commands:
+      - k6 run tests/performance/load-test.js
+      - k6 run tests/performance/stress-test.js
+
+---
+kind: signature
+hmac: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae