--- kind: pipeline type: docker name: catlink-ci # Trigger настройки trigger: branch: - master - main - develop event: - push - pull_request # Глобальные переменные environment: DOCKER_BUILDKIT: 1 COMPOSE_DOCKER_CLI_BUILD: 1 # Этапы пайплайна steps: # 1. Установка зависимостей и подготовка - name: prepare image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock commands: - apk add --no-cache make curl git - docker --version - docker-compose --version - echo "Repository:$${DRONE_REPO}" - echo "Branch:$${DRONE_BRANCH}" - echo "Commit:$${DRONE_COMMIT_SHA:0:8}" # 2. Линтинг и проверка кода - name: lint image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock commands: - echo "🔍 Running code quality checks..." - ./scripts/ci/lint.sh depends_on: - prepare # 3. Сборка приложения - name: build image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock commands: - echo "🏗️ Building application..." - ./scripts/ci/build.sh depends_on: - lint # 4. Тестирование - name: test image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock environment: DATABASE_URL: postgres://catlink:catlink@postgres:5432/catlink_test commands: - echo "🧪 Running tests..." - ./scripts/ci/test.sh depends_on: - build # 5. Анализ безопасности - name: security-scan image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock commands: - echo "🔒 Running security scans..." - ./scripts/ci/security-scan.sh depends_on: - test failure: ignore # Не останавливаем пайплайн при проблемах безопасности # 6. Сборка Docker образов для продакшена - name: build-production image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock commands: - echo "🚀 Building production images..." - ./scripts/ci/build-production.sh - docker images | grep catlink depends_on: - security-scan when: branch: - master - main # 7. Публикация образов в Registry - name: publish image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock environment: DOCKER_USERNAME: from_secret: docker_username DOCKER_PASSWORD: from_secret: docker_password DOCKER_REGISTRY: from_secret: docker_registry commands: - echo "📦 Publishing to registry..." - ./scripts/ci/publish.sh depends_on: - build-production when: branch: - master - main event: - push # 8. Деплой на staging - name: deploy-staging image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock environment: STAGING_HOST: from_secret: staging_host STAGING_USER: from_secret: staging_user STAGING_KEY: from_secret: staging_ssh_key commands: - echo "🎭 Deploying to staging..." - ./scripts/ci/deploy-staging.sh depends_on: - publish when: branch: - develop event: - push # 9. Деплой на продакшен - name: deploy-production image: docker:20.10-dind volumes: - name: docker path: /var/run/docker.sock environment: PRODUCTION_HOST: from_secret: production_host PRODUCTION_USER: from_secret: production_user PRODUCTION_KEY: from_secret: production_ssh_key DEPLOY_KEY: from_secret: deploy_key commands: - echo "🚀 Deploying to production..." - ./scripts/ci/deploy-production.sh depends_on: - publish when: branch: - master - main event: - push # 10. Уведомления - name: notify image: plugins/slack settings: webhook: from_secret: slack_webhook channel: "#catlink-ci" username: "Drone CI" template: | {{#success build.status}} ✅ *Build {{build.number}} succeeded* 📁 Repository: {{repo.name}} 🌿 Branch: {{build.branch}} 👤 Author: {{build.author}} 📝 Commit: {{truncate build.commit 8}} 🔗 {{build.link}} {{else}} ❌ *Build {{build.number}} failed* 📁 Repository: {{repo.name}} 🌿 Branch: {{build.branch}} 👤 Author: {{build.author}} 📝 Commit: {{truncate build.commit 8}} 🔗 {{build.link}} {{/success}} depends_on: - deploy-production - deploy-staging when: status: - success - failure # Сервисы для тестирования services: # PostgreSQL для тестов - name: postgres image: postgres:14-alpine environment: POSTGRES_DB: catlink_test POSTGRES_USER: catlink POSTGRES_PASSWORD: catlink POSTGRES_HOST_AUTH_METHOD: trust tmpfs: - /var/lib/postgresql/data # Redis для кеширования (если потребуется) - name: redis image: redis:7-alpine # Volumes volumes: - name: docker host: path: /var/run/docker.sock --- # Дополнительный пайплайн для нотификаций в Telegram kind: pipeline type: docker name: telegram-notify # Уведомления в Telegram steps: - name: telegram image: appleboy/drone-telegram settings: token: from_secret: telegram_token to: from_secret: telegram_chat_id format: markdown message: | {{#success build.status}} ✅ *Build Success* {{else}} ❌ *Build Failed* {{/success}} 📁 *Repository:* {{repo.name}} 🌿 *Branch:* {{build.branch}} 👤 *Author:* {{build.author}} 📝 *Commit:* `{{truncate build.commit 8}}` ⏱️ *Duration:* {{since build.started}} 🔗 [View Build]({{build.link}}) trigger: status: - success - failure depends_on: - catlink-ci --- # Пайплайн для релизов kind: pipeline type: docker name: release steps: - name: create-release image: plugins/github-release settings: api_key: from_secret: github_token title: "CatLink v${DRONE_TAG}" note: "Release ${DRONE_TAG}" files: - "dist/*" checksum: - md5 - sha1 - sha256 trigger: event: - tag --- # Signature для верификации (если используется) kind: signature hmac: