kind: pipeline type: docker name: quiz-bot-ci-cd # Триггеры для запуска pipeline trigger: branch: - main - develop - devops event: - push - pull_request # Глобальные переменные environment: IMAGE_NAME: quiz-bot REGISTRY: localhost:5000 # Локальный registry или замените на ваш steps: # 1. Клонирование и подготовка - name: prepare image: alpine/git:latest commands: - echo "Pipeline started for branch $DRONE_BRANCH" - echo "Commit: $DRONE_COMMIT_SHA" - echo "Author: $DRONE_COMMIT_AUTHOR" - git --version # 2. Линтинг Python кода - name: lint image: python:3.12-slim commands: - pip install --no-cache-dir flake8 black isort mypy - echo "Running Black formatter check..." - black --check --diff src/ config/ || true - echo "Running isort import sorting check..." - isort --check-only --diff src/ config/ || true - echo "Running flake8 linting..." - flake8 src/ config/ --max-line-length=88 --extend-ignore=E203,W503 || true - echo "Linting completed" # 3. Тестирование - name: test image: python:3.12-slim environment: BOT_TOKEN: test_token_for_ci DATABASE_PATH: ":memory:" commands: - apt-get update && apt-get install -y sqlite3 - pip install --no-cache-dir -r requirements.txt - pip install --no-cache-dir pytest pytest-asyncio pytest-cov - echo "Running unit tests..." - python -m pytest test_*.py -v --tb=short || true - echo "Testing completed" # 4. Проверка безопасности - name: security-scan image: python:3.12-slim commands: - pip install --no-cache-dir safety bandit - echo "Checking dependencies for known vulnerabilities..." - safety check || true - echo "Running security analysis with bandit..." - bandit -r src/ -f json || true - echo "Security scan completed" # 5. Сборка Docker образа - name: build-image image: plugins/docker settings: dry_run: true # Только сборка, без push dockerfile: Dockerfile context: . tags: - ${DRONE_BRANCH}-${DRONE_BUILD_NUMBER} - ${DRONE_BRANCH}-latest when: event: - push # 6. Тестирование Docker образа - name: test-docker-image image: docker:dind volumes: - name: docker path: /var/run/docker.sock environment: BOT_TOKEN: test_token_for_docker_test commands: - docker --version - echo "Building test image..." - docker build -t quiz-bot:test . - echo "Testing container startup..." - docker run --rm -d --name quiz-bot-test -e BOT_TOKEN=test_token quiz-bot:test sleep 30 - sleep 5 - docker logs quiz-bot-test - docker stop quiz-bot-test || true - echo "Container test completed" when: event: - push # 7. Проверка качества кода - name: code-quality image: python:3.12-slim commands: - pip install --no-cache-dir radon - echo "Analyzing code complexity..." - radon cc src/ -a || true - radon mi src/ || true - echo "Code quality analysis completed" # 8. Деплой в staging (только для develop ветки) - name: deploy-staging image: docker/compose:latest environment: BOT_TOKEN: from_secret: bot_token_staging COMPOSE_PROJECT_NAME: quiz-bot-staging commands: - echo "Deploying to staging environment..." - export IMAGE_TAG=${DRONE_BRANCH}-${DRONE_BUILD_NUMBER} - docker-compose -f docker-compose.yml up -d --build - sleep 10 - docker-compose -f docker-compose.yml ps - echo "Staging deployment completed" when: branch: - develop event: - push # 9. Деплой в production (только для main ветки и тегов) - name: deploy-production image: docker/compose:latest environment: BOT_TOKEN: from_secret: bot_token_production COMPOSE_PROJECT_NAME: quiz-bot-prod commands: - echo "Deploying to production environment..." - export IMAGE_TAG=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}} - docker-compose -f docker-compose.prod.yml up -d --build - sleep 15 - docker-compose -f docker-compose.prod.yml ps - echo "Production deployment completed" when: branch: - main event: - push - tag # 10. Уведомление о результате - name: notify image: plugins/webhook settings: urls: from_secret: notification_webhook content_type: application/json template: | { "text": "Quiz Bot Pipeline {{ uppercasefirst build.status }}: {{ build.link }}", "attachments": [ { "color": "{{ #success build.status }}good{{ else }}danger{{ /success }}", "fields": [ { "title": "Branch", "value": "{{ build.branch }}", "short": true }, { "title": "Commit", "value": "{{ truncate build.commit 8 }}", "short": true }, { "title": "Author", "value": "{{ build.author }}", "short": true } ] } ] } when: status: - success - failure # Volumes для Docker-in-Docker volumes: - name: docker host: path: /var/run/docker.sock --- # Отдельный pipeline для очистки старых образов kind: pipeline type: docker name: cleanup trigger: cron: - cleanup event: - cron steps: - name: cleanup-images image: docker:dind volumes: - name: docker path: /var/run/docker.sock commands: - echo "Cleaning up old Docker images..." - docker image prune -f --filter "until=72h" - docker container prune -f --filter "until=24h" - echo "Cleanup completed" volumes: - name: docker host: path: /var/run/docker.sock depends_on: - quiz-bot-ci-cd