Compare commits
2 Commits
8cd89e48a2
...
bcd01a5d3e
| Author | SHA1 | Date | |
|---|---|---|---|
| bcd01a5d3e | |||
| f9496fe208 |
92
.drone.yml
92
.drone.yml
@@ -134,9 +134,19 @@ steps:
|
||||
|
||||
- name: security-scan
|
||||
image: aquasec/trivy:latest
|
||||
volumes:
|
||||
- name: docker-sock
|
||||
path: /var/run/docker.sock
|
||||
commands:
|
||||
- echo "Security scanning Docker image..."
|
||||
- trivy image --exit-code 0 --severity HIGH,CRITICAL --no-progress smartsoltech:latest
|
||||
- |
|
||||
if docker image inspect smartsoltech:latest >/dev/null 2>&1; then
|
||||
echo "Image found, starting security scan..."
|
||||
trivy image --exit-code 0 --severity HIGH,CRITICAL --no-progress smartsoltech:latest
|
||||
else
|
||||
echo "Image smartsoltech:latest not found, scanning base Python image instead..."
|
||||
trivy image --exit-code 0 --severity HIGH,CRITICAL --no-progress python:3.10-slim
|
||||
fi
|
||||
- echo "Security scan completed"
|
||||
depends_on:
|
||||
- docker-compose-tests
|
||||
@@ -216,6 +226,36 @@ platform:
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: check-production-server
|
||||
image: alpine:latest
|
||||
environment:
|
||||
PROD_HOST:
|
||||
from_secret: production_host
|
||||
PROD_USER:
|
||||
from_secret: production_user
|
||||
commands:
|
||||
- echo "Checking production server connectivity..."
|
||||
- apk add --no-cache openssh-client curl
|
||||
- |
|
||||
if [ -z "$PROD_HOST" ] || [ -z "$PROD_USER" ]; then
|
||||
echo "❌ Production server credentials not configured"
|
||||
exit 1
|
||||
fi
|
||||
- echo "Testing SSH connectivity to $PROD_HOST..."
|
||||
- |
|
||||
if ! nc -z $PROD_HOST 22; then
|
||||
echo "❌ SSH port 22 is not accessible on $PROD_HOST"
|
||||
exit 1
|
||||
fi
|
||||
- echo "Testing HTTPS connectivity..."
|
||||
- |
|
||||
if curl -f -s --connect-timeout 10 https://smartsoltech.kr >/dev/null; then
|
||||
echo "✅ HTTPS service is accessible"
|
||||
else
|
||||
echo "⚠️ HTTPS service check failed, but continuing deployment"
|
||||
fi
|
||||
- echo "✅ Production server checks passed"
|
||||
|
||||
- name: deploy-production
|
||||
image: docker:24-dind
|
||||
volumes:
|
||||
@@ -230,13 +270,53 @@ steps:
|
||||
from_secret: production_ssh_key
|
||||
commands:
|
||||
- echo "Deploying to production..."
|
||||
- apk add --no-cache openssh-client git
|
||||
- apk add --no-cache openssh-client git curl
|
||||
- mkdir -p ~/.ssh
|
||||
- echo "$PROD_KEY" > ~/.ssh/id_rsa
|
||||
- chmod 600 ~/.ssh/id_rsa
|
||||
- ssh-keyscan -H $PROD_HOST >> ~/.ssh/known_hosts
|
||||
- ssh $PROD_USER@$PROD_HOST "cd /opt/smartsoltech && git pull origin master && ./bin/update"
|
||||
- echo "Production deployment completed"
|
||||
- echo "Creating backup before deployment..."
|
||||
- |
|
||||
ssh $PROD_USER@$PROD_HOST "cd /opt/smartsoltech &&
|
||||
echo 'Creating backup...' &&
|
||||
git stash push -m 'Pre-deployment backup $(date)' || true &&
|
||||
docker-compose down --timeout 30 || true"
|
||||
- echo "Pulling latest changes..."
|
||||
- |
|
||||
ssh $PROD_USER@$PROD_HOST "cd /opt/smartsoltech &&
|
||||
git fetch origin &&
|
||||
git reset --hard origin/master &&
|
||||
git clean -fd"
|
||||
- echo "Running deployment script..."
|
||||
- |
|
||||
ssh $PROD_USER@$PROD_HOST "cd /opt/smartsoltech &&
|
||||
if [ -f ./bin/update ]; then
|
||||
chmod +x ./bin/update &&
|
||||
./bin/update
|
||||
else
|
||||
echo 'Update script not found, running manual deployment...' &&
|
||||
docker-compose pull &&
|
||||
docker-compose up -d --build
|
||||
fi"
|
||||
- echo "Verifying deployment..."
|
||||
- sleep 30
|
||||
- |
|
||||
for i in 1 2 3; do
|
||||
if curl -f -s --connect-timeout 10 https://smartsoltech.kr >/dev/null; then
|
||||
echo "✅ Deployment verification successful"
|
||||
break
|
||||
else
|
||||
echo "⚠️ Deployment verification attempt $i failed, retrying..."
|
||||
sleep 15
|
||||
fi
|
||||
if [ $i -eq 3 ]; then
|
||||
echo "❌ Deployment verification failed after 3 attempts"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
- echo "🎉 Production deployment completed successfully"
|
||||
depends_on:
|
||||
- check-production-server
|
||||
|
||||
- name: notify-production-success
|
||||
image: plugins/webhook
|
||||
@@ -247,7 +327,7 @@ steps:
|
||||
template: |
|
||||
{
|
||||
"chat_id": "${TELEGRAM_CHAT_ID}",
|
||||
"text": "🎉 *SmartSolTech Production*\n\n✅ Production deployment completed!\n\n📝 *Version:* `${DRONE_TAG}`\n👤 *Author:* ${DRONE_COMMIT_AUTHOR}\n⏱ *Time:* ${DRONE_BUILD_FINISHED}\n\n🌐 [Website](https://smartsoltech.kr)",
|
||||
"text": "🎉 *SmartSolTech Production*\n\n✅ Production deployment completed!\n\n📝 *Commit:* \`${DRONE_COMMIT_SHA:0:8}\`\n👤 *Author:* ${DRONE_COMMIT_AUTHOR}\n🌿 *Branch:* ${DRONE_BRANCH}\n⏱ *Time:* ${DRONE_BUILD_FINISHED}\n\n🌐 [Website](https://smartsoltech.kr)\n🔧 [Admin](https://smartsoltech.kr/admin/)\n📊 [Status Check](https://smartsoltech.kr/health/)",
|
||||
"parse_mode": "Markdown"
|
||||
}
|
||||
environment:
|
||||
@@ -265,7 +345,7 @@ steps:
|
||||
template: |
|
||||
{
|
||||
"chat_id": "${TELEGRAM_CHAT_ID}",
|
||||
"text": "🚨 *SmartSolTech Production*\n\n❌ Production deployment failed!\n\n📝 *Version:* `${DRONE_TAG}`\n👤 *Author:* ${DRONE_COMMIT_AUTHOR}\n⏱ *Time:* ${DRONE_BUILD_FINISHED}\n\n🔗 [Logs](${DRONE_BUILD_LINK})",
|
||||
"text": "🚨 *SmartSolTech Production*\n\n❌ Production deployment failed!\n\n📝 *Commit:* \`${DRONE_COMMIT_SHA:0:8}\`\n👤 *Author:* ${DRONE_COMMIT_AUTHOR}\n🌿 *Branch:* ${DRONE_BRANCH}\n⏱ *Time:* ${DRONE_BUILD_FINISHED}\n💥 *Step:* ${DRONE_FAILED_STEPS}\n\n🔗 [View Logs](${DRONE_BUILD_LINK})\n🛠 [Rollback Guide](https://smartsoltech.kr/docs/rollback)",
|
||||
"parse_mode": "Markdown"
|
||||
}
|
||||
environment:
|
||||
|
||||
Reference in New Issue
Block a user