kind: pipeline type: docker name: women-safety-backend steps: # Install dependencies and lint - name: setup image: python:3.11-slim commands: - apt-get update && apt-get install -y curl - pip install --upgrade pip - pip install -r requirements.txt - pip install pytest-cov # Code quality checks - name: lint image: python:3.11-slim depends_on: [setup] commands: - pip install -r requirements.txt - black --check . - flake8 . - isort --check-only . # Type checking - name: type-check image: python:3.11-slim depends_on: [setup] commands: - pip install -r requirements.txt - mypy services/ --ignore-missing-imports # Security checks - name: security image: python:3.11-slim depends_on: [setup] commands: - pip install -r requirements.txt - pip install safety bandit - safety check --json || true - bandit -r services/ -f json || true # Unit tests - name: test image: python:3.11-slim depends_on: [setup] environment: DATABASE_URL: postgresql://test:test@postgres:5432/test_db REDIS_URL: redis://redis:6379/0 JWT_SECRET_KEY: test-secret-key commands: - pip install -r requirements.txt - python -m pytest tests/ -v --cov=services --cov-report=xml --cov-report=term # Build Docker images - name: build-user-service image: plugins/docker depends_on: [lint, type-check, test] settings: repo: women-safety/user-service tags: - latest - ${DRONE_COMMIT_SHA:0:7} dockerfile: services/user_service/Dockerfile context: . when: branch: [main, develop] - name: build-emergency-service image: plugins/docker depends_on: [lint, type-check, test] settings: repo: women-safety/emergency-service tags: - latest - ${DRONE_COMMIT_SHA:0:7} dockerfile: services/emergency_service/Dockerfile context: . when: branch: [main, develop] - name: build-location-service image: plugins/docker depends_on: [lint, type-check, test] settings: repo: women-safety/location-service tags: - latest - ${DRONE_COMMIT_SHA:0:7} dockerfile: services/location_service/Dockerfile context: . when: branch: [main, develop] - name: build-calendar-service image: plugins/docker depends_on: [lint, type-check, test] settings: repo: women-safety/calendar-service tags: - latest - ${DRONE_COMMIT_SHA:0:7} dockerfile: services/calendar_service/Dockerfile context: . when: branch: [main, develop] - name: build-notification-service image: plugins/docker depends_on: [lint, type-check, test] settings: repo: women-safety/notification-service tags: - latest - ${DRONE_COMMIT_SHA:0:7} dockerfile: services/notification_service/Dockerfile context: . when: branch: [main, develop] - name: build-api-gateway image: plugins/docker depends_on: [lint, type-check, test] settings: repo: women-safety/api-gateway tags: - latest - ${DRONE_COMMIT_SHA:0:7} dockerfile: services/api_gateway/Dockerfile context: . when: branch: [main, develop] # Deploy to staging - name: deploy-staging image: plugins/ssh depends_on: [build-user-service, build-emergency-service, build-location-service, build-calendar-service, build-notification-service, build-api-gateway] settings: host: from_secret: staging_host username: from_secret: staging_user key: from_secret: staging_ssh_key script: - cd /opt/women-safety-backend - docker-compose pull - docker-compose up -d - docker system prune -f when: branch: [develop] # Deploy to production - name: deploy-production image: plugins/ssh depends_on: [build-user-service, build-emergency-service, build-location-service, build-calendar-service, build-notification-service, build-api-gateway] settings: host: from_secret: production_host username: from_secret: production_user key: from_secret: production_ssh_key script: - cd /opt/women-safety-backend - docker-compose -f docker-compose.prod.yml pull - docker-compose -f docker-compose.prod.yml up -d - docker system prune -f when: branch: [main] event: [push] # Send notifications - name: notify-slack image: plugins/slack depends_on: - deploy-staging - deploy-production settings: webhook: from_secret: slack_webhook channel: women-safety-deployments username: DroneCI template: > {{#success build.status}} ✅ Build #{{build.number}} succeeded for {{repo.name}} 📋 Commit: {{build.commit}} 🌿 Branch: {{build.branch}} ⏱️ Duration: {{build.duration}} 🔗 {{build.link}} {{else}} ❌ Build #{{build.number}} failed for {{repo.name}} 📋 Commit: {{build.commit}} 🌿 Branch: {{build.branch}} 💥 Failed at: {{build.failedSteps}} 🔗 {{build.link}} {{/success}} when: status: [success, failure] services: # Test database - name: postgres image: postgres:15 environment: POSTGRES_DB: test_db POSTGRES_USER: test POSTGRES_PASSWORD: test POSTGRES_HOST_AUTH_METHOD: trust # Test Redis - name: redis image: redis:7-alpine --- kind: pipeline type: docker name: vulnerability-scan trigger: cron: [nightly] steps: - name: trivy-scan image: aquasec/trivy:latest commands: - trivy image women-safety/user-service:latest - trivy image women-safety/emergency-service:latest - trivy image women-safety/location-service:latest - trivy image women-safety/calendar-service:latest - trivy image women-safety/notification-service:latest - trivy image women-safety/api-gateway:latest --- kind: pipeline type: docker name: performance-test trigger: cron: [weekly] steps: - name: load-test image: loadimpact/k6:latest commands: - k6 run tests/performance/load-test.js - k6 run tests/performance/stress-test.js --- kind: signature hmac: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae