devops prepare

2025-09-11 07:40:57 +09:00
parent 5ddc540f9e
commit 1c47c11eb1
10 changed files with 1134 additions and 18 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,229 @@
+kind: pipeline
+type: docker
+name: quiz-bot-ci-cd
+
+# Триггеры для запуска pipeline
+trigger:
+  branch:
+    - main
+    - develop
+    - devops
+  event:
+    - push
+    - pull_request
+
+# Глобальные переменные
+environment:
+  IMAGE_NAME: quiz-bot
+  REGISTRY: localhost:5000  # Локальный registry или замените на ваш
+
+steps:
+  # 1. Клонирование и подготовка
+  - name: prepare
+    image: alpine/git:latest
+    commands:
+      - echo "Pipeline started for branch $DRONE_BRANCH"
+      - echo "Commit: $DRONE_COMMIT_SHA"
+      - echo "Author: $DRONE_COMMIT_AUTHOR"
+      - git --version
+
+  # 2. Линтинг Python кода
+  - name: lint
+    image: python:3.12-slim
+    commands:
+      - pip install --no-cache-dir flake8 black isort mypy
+      - echo "Running Black formatter check..."
+      - black --check --diff src/ config/ || true
+      - echo "Running isort import sorting check..."
+      - isort --check-only --diff src/ config/ || true
+      - echo "Running flake8 linting..."
+      - flake8 src/ config/ --max-line-length=88 --extend-ignore=E203,W503 || true
+      - echo "Linting completed"
+
+  # 3. Тестирование
+  - name: test
+    image: python:3.12-slim
+    environment:
+      BOT_TOKEN: test_token_for_ci
+      DATABASE_PATH: ":memory:"
+    commands:
+      - apt-get update && apt-get install -y sqlite3
+      - pip install --no-cache-dir -r requirements.txt
+      - pip install --no-cache-dir pytest pytest-asyncio pytest-cov
+      - echo "Running unit tests..."
+      - python -m pytest test_*.py -v --tb=short || true
+      - echo "Testing completed"
+
+  # 4. Проверка безопасности
+  - name: security-scan
+    image: python:3.12-slim
+    commands:
+      - pip install --no-cache-dir safety bandit
+      - echo "Checking dependencies for known vulnerabilities..."
+      - safety check || true
+      - echo "Running security analysis with bandit..."
+      - bandit -r src/ -f json || true
+      - echo "Security scan completed"
+
+  # 5. Сборка Docker образа
+  - name: build-image
+    image: plugins/docker
+    settings:
+      dry_run: true  # Только сборка, без push
+      dockerfile: Dockerfile
+      context: .
+      tags:
+        - ${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}
+        - ${DRONE_BRANCH}-latest
+    when:
+      event:
+        - push
+
+  # 6. Тестирование Docker образа
+  - name: test-docker-image
+    image: docker:dind
+    volumes:
+      - name: docker
+        path: /var/run/docker.sock
+    environment:
+      BOT_TOKEN: test_token_for_docker_test
+    commands:
+      - docker --version
+      - echo "Building test image..."
+      - docker build -t quiz-bot:test .
+      - echo "Testing container startup..."
+      - docker run --rm -d --name quiz-bot-test -e BOT_TOKEN=test_token quiz-bot:test sleep 30
+      - sleep 5
+      - docker logs quiz-bot-test
+      - docker stop quiz-bot-test || true
+      - echo "Container test completed"
+    when:
+      event:
+        - push
+
+  # 7. Проверка качества кода
+  - name: code-quality
+    image: python:3.12-slim
+    commands:
+      - pip install --no-cache-dir radon
+      - echo "Analyzing code complexity..."
+      - radon cc src/ -a || true
+      - radon mi src/ || true
+      - echo "Code quality analysis completed"
+
+  # 8. Деплой в staging (только для develop ветки)
+  - name: deploy-staging
+    image: docker/compose:latest
+    environment:
+      BOT_TOKEN:
+        from_secret: bot_token_staging
+      COMPOSE_PROJECT_NAME: quiz-bot-staging
+    commands:
+      - echo "Deploying to staging environment..."
+      - export IMAGE_TAG=${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}
+      - docker-compose -f docker-compose.yml up -d --build
+      - sleep 10
+      - docker-compose -f docker-compose.yml ps
+      - echo "Staging deployment completed"
+    when:
+      branch:
+        - develop
+      event:
+        - push
+
+  # 9. Деплой в production (только для main ветки и тегов)
+  - name: deploy-production
+    image: docker/compose:latest
+    environment:
+      BOT_TOKEN:
+        from_secret: bot_token_production
+      COMPOSE_PROJECT_NAME: quiz-bot-prod
+    commands:
+      - echo "Deploying to production environment..."
+      - export IMAGE_TAG=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}}
+      - docker-compose -f docker-compose.prod.yml up -d --build
+      - sleep 15
+      - docker-compose -f docker-compose.prod.yml ps
+      - echo "Production deployment completed"
+    when:
+      branch:
+        - main
+      event:
+        - push
+        - tag
+
+  # 10. Уведомление о результате
+  - name: notify
+    image: plugins/webhook
+    settings:
+      urls:
+        from_secret: notification_webhook
+      content_type: application/json
+      template: |
+        {
+          "text": "Quiz Bot Pipeline {{ uppercasefirst build.status }}: {{ build.link }}",
+          "attachments": [
+            {
+              "color": "{{ #success build.status }}good{{ else }}danger{{ /success }}",
+              "fields": [
+                {
+                  "title": "Branch",
+                  "value": "{{ build.branch }}",
+                  "short": true
+                },
+                {
+                  "title": "Commit",
+                  "value": "{{ truncate build.commit 8 }}",
+                  "short": true
+                },
+                {
+                  "title": "Author",
+                  "value": "{{ build.author }}",
+                  "short": true
+                }
+              ]
+            }
+          ]
+        }
+    when:
+      status:
+        - success
+        - failure
+
+# Volumes для Docker-in-Docker
+volumes:
+  - name: docker
+    host:
+      path: /var/run/docker.sock
+
+---
+# Отдельный pipeline для очистки старых образов
+kind: pipeline
+type: docker
+name: cleanup
+
+trigger:
+  cron:
+    - cleanup
+  event:
+    - cron
+
+steps:
+  - name: cleanup-images
+    image: docker:dind
+    volumes:
+      - name: docker
+        path: /var/run/docker.sock
+    commands:
+      - echo "Cleaning up old Docker images..."
+      - docker image prune -f --filter "until=72h"
+      - docker container prune -f --filter "until=24h"
+      - echo "Cleanup completed"
+
+volumes:
+  - name: docker
+    host:
+      path: /var/run/docker.sock
+
+depends_on:
+  - quiz-bot-ci-cd