252 lines
6.4 KiB
YAML
252 lines
6.4 KiB
YAML
kind: pipeline
|
|
type: docker
|
|
name: women-safety-backend
|
|
|
|
steps:
|
|
# Install dependencies and lint
|
|
- name: setup
|
|
image: python:3.11-slim
|
|
commands:
|
|
- apt-get update && apt-get install -y curl
|
|
- pip install --upgrade pip
|
|
- pip install -r requirements.txt
|
|
- pip install pytest-cov
|
|
|
|
# Code quality checks
|
|
- name: lint
|
|
image: python:3.11-slim
|
|
depends_on: [setup]
|
|
commands:
|
|
- pip install -r requirements.txt
|
|
- black --check .
|
|
- flake8 .
|
|
- isort --check-only .
|
|
|
|
# Type checking
|
|
- name: type-check
|
|
image: python:3.11-slim
|
|
depends_on: [setup]
|
|
commands:
|
|
- pip install -r requirements.txt
|
|
- mypy services/ --ignore-missing-imports
|
|
|
|
# Security checks
|
|
- name: security
|
|
image: python:3.11-slim
|
|
depends_on: [setup]
|
|
commands:
|
|
- pip install -r requirements.txt
|
|
- pip install safety bandit
|
|
- safety check --json || true
|
|
- bandit -r services/ -f json || true
|
|
|
|
# Unit tests
|
|
- name: test
|
|
image: python:3.11-slim
|
|
depends_on: [setup]
|
|
environment:
|
|
DATABASE_URL: postgresql://test:test@postgres:5432/test_db
|
|
REDIS_URL: redis://redis:6379/0
|
|
JWT_SECRET_KEY: test-secret-key
|
|
commands:
|
|
- pip install -r requirements.txt
|
|
- python -m pytest tests/ -v --cov=services --cov-report=xml --cov-report=term
|
|
|
|
# Build Docker images
|
|
- name: build-user-service
|
|
image: plugins/docker
|
|
depends_on: [lint, type-check, test]
|
|
settings:
|
|
repo: women-safety/user-service
|
|
tags:
|
|
- latest
|
|
- ${DRONE_COMMIT_SHA:0:7}
|
|
dockerfile: services/user_service/Dockerfile
|
|
context: .
|
|
when:
|
|
branch: [main, develop]
|
|
|
|
- name: build-emergency-service
|
|
image: plugins/docker
|
|
depends_on: [lint, type-check, test]
|
|
settings:
|
|
repo: women-safety/emergency-service
|
|
tags:
|
|
- latest
|
|
- ${DRONE_COMMIT_SHA:0:7}
|
|
dockerfile: services/emergency_service/Dockerfile
|
|
context: .
|
|
when:
|
|
branch: [main, develop]
|
|
|
|
- name: build-location-service
|
|
image: plugins/docker
|
|
depends_on: [lint, type-check, test]
|
|
settings:
|
|
repo: women-safety/location-service
|
|
tags:
|
|
- latest
|
|
- ${DRONE_COMMIT_SHA:0:7}
|
|
dockerfile: services/location_service/Dockerfile
|
|
context: .
|
|
when:
|
|
branch: [main, develop]
|
|
|
|
- name: build-calendar-service
|
|
image: plugins/docker
|
|
depends_on: [lint, type-check, test]
|
|
settings:
|
|
repo: women-safety/calendar-service
|
|
tags:
|
|
- latest
|
|
- ${DRONE_COMMIT_SHA:0:7}
|
|
dockerfile: services/calendar_service/Dockerfile
|
|
context: .
|
|
when:
|
|
branch: [main, develop]
|
|
|
|
- name: build-notification-service
|
|
image: plugins/docker
|
|
depends_on: [lint, type-check, test]
|
|
settings:
|
|
repo: women-safety/notification-service
|
|
tags:
|
|
- latest
|
|
- ${DRONE_COMMIT_SHA:0:7}
|
|
dockerfile: services/notification_service/Dockerfile
|
|
context: .
|
|
when:
|
|
branch: [main, develop]
|
|
|
|
- name: build-api-gateway
|
|
image: plugins/docker
|
|
depends_on: [lint, type-check, test]
|
|
settings:
|
|
repo: women-safety/api-gateway
|
|
tags:
|
|
- latest
|
|
- ${DRONE_COMMIT_SHA:0:7}
|
|
dockerfile: services/api_gateway/Dockerfile
|
|
context: .
|
|
when:
|
|
branch: [main, develop]
|
|
|
|
# Deploy to staging
|
|
- name: deploy-staging
|
|
image: plugins/ssh
|
|
depends_on: [build-user-service, build-emergency-service, build-location-service, build-calendar-service, build-notification-service, build-api-gateway]
|
|
settings:
|
|
host:
|
|
from_secret: staging_host
|
|
username:
|
|
from_secret: staging_user
|
|
key:
|
|
from_secret: staging_ssh_key
|
|
script:
|
|
- cd /opt/women-safety-backend
|
|
- docker-compose pull
|
|
- docker-compose up -d
|
|
- docker system prune -f
|
|
when:
|
|
branch: [develop]
|
|
|
|
# Deploy to production
|
|
- name: deploy-production
|
|
image: plugins/ssh
|
|
depends_on: [build-user-service, build-emergency-service, build-location-service, build-calendar-service, build-notification-service, build-api-gateway]
|
|
settings:
|
|
host:
|
|
from_secret: production_host
|
|
username:
|
|
from_secret: production_user
|
|
key:
|
|
from_secret: production_ssh_key
|
|
script:
|
|
- cd /opt/women-safety-backend
|
|
- docker-compose -f docker-compose.prod.yml pull
|
|
- docker-compose -f docker-compose.prod.yml up -d
|
|
- docker system prune -f
|
|
when:
|
|
branch: [main]
|
|
event: [push]
|
|
|
|
# Send notifications
|
|
- name: notify-slack
|
|
image: plugins/slack
|
|
depends_on:
|
|
- deploy-staging
|
|
- deploy-production
|
|
settings:
|
|
webhook:
|
|
from_secret: slack_webhook
|
|
channel: women-safety-deployments
|
|
username: DroneCI
|
|
template: >
|
|
{{#success build.status}}
|
|
✅ Build #{{build.number}} succeeded for {{repo.name}}
|
|
📋 Commit: {{build.commit}}
|
|
🌿 Branch: {{build.branch}}
|
|
⏱️ Duration: {{build.duration}}
|
|
🔗 {{build.link}}
|
|
{{else}}
|
|
❌ Build #{{build.number}} failed for {{repo.name}}
|
|
📋 Commit: {{build.commit}}
|
|
🌿 Branch: {{build.branch}}
|
|
💥 Failed at: {{build.failedSteps}}
|
|
🔗 {{build.link}}
|
|
{{/success}}
|
|
when:
|
|
status: [success, failure]
|
|
|
|
services:
|
|
# Test database
|
|
- name: postgres
|
|
image: postgres:15
|
|
environment:
|
|
POSTGRES_DB: test_db
|
|
POSTGRES_USER: test
|
|
POSTGRES_PASSWORD: test
|
|
POSTGRES_HOST_AUTH_METHOD: trust
|
|
|
|
# Test Redis
|
|
- name: redis
|
|
image: redis:7-alpine
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: vulnerability-scan
|
|
|
|
trigger:
|
|
cron: [nightly]
|
|
|
|
steps:
|
|
- name: trivy-scan
|
|
image: aquasec/trivy:latest
|
|
commands:
|
|
- trivy image women-safety/user-service:latest
|
|
- trivy image women-safety/emergency-service:latest
|
|
- trivy image women-safety/location-service:latest
|
|
- trivy image women-safety/calendar-service:latest
|
|
- trivy image women-safety/notification-service:latest
|
|
- trivy image women-safety/api-gateway:latest
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: performance-test
|
|
|
|
trigger:
|
|
cron: [weekly]
|
|
|
|
steps:
|
|
- name: load-test
|
|
image: loadimpact/k6:latest
|
|
commands:
|
|
- k6 run tests/performance/load-test.js
|
|
- k6 run tests/performance/stress-test.js
|
|
|
|
---
|
|
kind: signature
|
|
hmac: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae
|