trevor/chat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc50a9858eccc26a5568d3dbc65ade1ab7c0c8d7
chat/DRONE_SETUP.md
Andrew K. Choi dc50a9858e
Some checks failed
continuous-integration/drone/push Build is failing
Details
pipeline features
2025-09-25 08:59:19 +09:00

200 lines
5.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Drone CI/CD Setup Instructions
## 🚁 Настройка Drone Pipeline для Women's Safety Backend
### Предварительные требования
1. **Drone Server** - установлен и настроен
2. **Docker Registry** - для хранения образов
3. **Production Servers** - настроены для развертывания
### 1. Настройка Repository в Drone
```bash
# Активация репозитория
drone repo enable women-safety/backend
# Настройка доверенного режима (для Docker)
drone repo update --trusted women-safety/backend
```
### 2. Настройка Secrets
```bash
# Docker Registry
drone secret add --repository women-safety/backend \
--name docker_username --data "your-docker-username"
drone secret add --repository women-safety/backend \
--name docker_password --data "your-docker-password"
# Production SSH
drone secret add --repository women-safety/backend \
--name production_host --data "production.example.com"
drone secret add --repository women-safety/backend \
--name production_user --data "deploy"
drone secret add --repository women-safety/backend \
--name production_ssh_key --data @~/.ssh/id_rsa
# Staging SSH
drone secret add --repository women-safety/backend \
--name staging_host --data "staging.example.com"
drone secret add --repository women-safety/backend \
--name staging_user --data "deploy"
drone secret add --repository women-safety/backend \
--name staging_ssh_key --data @~/.ssh/id_rsa_staging
# Notifications
drone secret add --repository women-safety/backend \
--name slack_webhook --data "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"
```
### 3. Настройка Pipeline Triggers
```bash
# Настройка cron для уязвимостей (каждую ночь в 2:00)
drone cron add --repository women-safety/backend \
--name nightly-security-scan \
--expr "0 2 * * *" \
--branch main
# Настройка cron для производительности (каждое воскресенье в 3:00)
drone cron add --repository women-safety/backend \
--name weekly-performance-test \
--expr "0 3 * * 0" \
--branch main
```
### 4. Workflow
#### Development Workflow:
```
1. Push to feature branch
2. ✅ Lint & Type Check
3. ✅ Unit Tests
4. ✅ Security Scan
5. ✅ Build Images
6. ✅ Integration Tests
```
#### Staging Deployment:
```
1. Merge to 'develop' branch
2. ✅ Full Pipeline
3. 🚀 Auto-deploy to staging
4. 📱 Slack notification
```
#### Production Deployment:
```
1. Merge to 'main' branch
2. ✅ Full Pipeline
3. ✅ Security & Performance validation
4. 🚀 Deploy to production
5. 📊 Health checks
6. 📱 Success notification
```
### 5. Мониторинг Pipeline
#### Dashboard URLs:
- **Drone UI**: `https://drone.example.com/women-safety/backend`
- **Build Status**: `https://drone.example.com/api/badges/women-safety/backend/status.svg`
#### CLI Commands:
```bash
# Просмотр статуса
drone build ls women-safety/backend
# Логи последнего build
drone build logs women-safety/backend
# Перезапуск build
drone build restart women-safety/backend 123
# Промотирование в продакшен
drone build promote women-safety/backend 123 production
```
### 6. Troubleshooting
#### Общие проблемы:
1. **Build fails на этапе Docker push:**
```bash
# Проверить Docker credentials
drone secret ls women-safety/backend
```
2. **SSH Connection Failed:**
```bash
# Проверить SSH ключи
drone secret update --repository women-safety/backend \
--name production_ssh_key --data @~/.ssh/id_rsa
```
3. **Integration tests timeout:**
```bash
# Увеличить timeout в .drone.yml
# Или проверить ресурсы на build сервере
```
### 7. Performance Tuning
#### Pipeline Optimization:
```yaml
# Параллельные этапы
depends_on: [setup]
# Кэширование
volumes:
- name: cache
host:
path: /tmp/cache
```
#### Resource Limits:
```yaml
# Настройка ресурсов для тяжелых задач
environment:
DOCKER_BUILDKIT: 1
```
### 8. Security Best Practices
1. **Secrets Management:**
- Никогда не коммитить секреты
- Использовать Drone secrets для всех чувствительных данных
- Регулярно ротировать ключи
2. **Image Security:**
- Сканирование образов с Trivy
- Использование minimal base images
- Регулярные обновления зависимостей
3. **Network Security:**
- VPN для production deployments
- Firewall rules для Drone server
- SSL/TLS для всех соединений
### 9. Backup & Recovery
```bash
# Backup Drone database
drone backup
# Restore configuration
drone restore backup-file.tar.gz
```
---
## 📞 Support
- **Documentation**: [Drone Docs](https://docs.drone.io/)
- **Community**: [Drone Community](https://discourse.drone.io/)
- **Issues**: Create issue в репозитории проекта
Reference in New Issue View Git Blame Copy Permalink