--- kind: pipeline type: docker name: smartsoltech-ci platform: os: linux arch: amd64 # Глобальные переменные environment: DJANGO_SETTINGS_MODULE: smartsoltech.settings POSTGRES_DB: smartsoltech_test POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres DATABASE_URL: postgresql://postgres:postgres@postgres:5432/smartsoltech_test # Сервисы для тестирования services: - name: postgres image: postgres:17-alpine environment: POSTGRES_DB: smartsoltech_test POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres ports: - 5432 - name: redis image: redis:7-alpine ports: - 6379 # Этапы сборки steps: # 1. Подготовка и проверка кода - name: code-quality image: python:3.10-slim environment: DATABASE_URL: postgresql://postgres:postgres@postgres:5432/smartsoltech_test commands: - apt-get update && apt-get install -y git - pip install --upgrade pip - pip install flake8 black isort bandit safety - echo "🔍 Проверка стиля кода..." - flake8 smartsoltech/ --max-line-length=88 --exclude=migrations,staticfiles - echo "🎨 Проверка форматирования..." - black --check smartsoltech/ - echo "📦 Проверка импортов..." - isort --check-only smartsoltech/ - echo "🛡️ Проверка безопасности..." - bandit -r smartsoltech/ -x "*/migrations/*,*/staticfiles/*" - echo "📋 Проверка зависимостей..." - safety check --file requirements.txt # 2. Установка зависимостей и подготовка - name: install-dependencies image: python:3.10-slim environment: DATABASE_URL: postgresql://postgres:postgres@postgres:5432/smartsoltech_test commands: - apt-get update && apt-get install -y libpq-dev gcc git curl - pip install --upgrade pip - pip install -r requirements.txt - pip install coverage pytest-django pytest-cov - echo "✅ Зависимости установлены" depends_on: - code-quality # 3. Тестирование базы данных - name: database-tests image: python:3.10-slim environment: DATABASE_URL: postgresql://postgres:postgres@postgres:5432/smartsoltech_test SECRET_KEY: test-secret-key-for-ci DEBUG: false commands: - apt-get update && apt-get install -y libpq-dev gcc - pip install --upgrade pip - pip install -r requirements.txt - echo "🗄️ Проверка миграций..." - cd smartsoltech - python manage.py check - python manage.py makemigrations --check --dry-run - python manage.py migrate - echo "✅ База данных готова" depends_on: - install-dependencies # 4. Модульные тесты - name: unit-tests image: python:3.10-slim environment: DATABASE_URL: postgresql://postgres:postgres@postgres:5432/smartsoltech_test SECRET_KEY: test-secret-key-for-ci DEBUG: false commands: - apt-get update && apt-get install -y libpq-dev gcc - pip install --upgrade pip - pip install -r requirements.txt - pip install coverage pytest-django pytest-cov - cd smartsoltech - echo "🧪 Запуск модульных тестов..." - python manage.py test --verbosity=2 - echo "📊 Генерация отчета о покрытии..." - coverage run --source='.' manage.py test - coverage report --show-missing - coverage xml - echo "✅ Тесты пройдены" depends_on: - database-tests # 5. Интеграционные тесты - name: integration-tests image: python:3.10-slim environment: DATABASE_URL: postgresql://postgres:postgres@postgres:5432/smartsoltech_test SECRET_KEY: test-secret-key-for-ci DEBUG: false TELEGRAM_BOT_TOKEN: test-token commands: - apt-get update && apt-get install -y libpq-dev gcc curl - pip install --upgrade pip - pip install -r requirements.txt - pip install requests - cd smartsoltech - python manage.py migrate - python manage.py collectstatic --noinput - echo "🔗 Запуск интеграционных тестов..." - python manage.py test web.tests.integration --verbosity=2 - echo "✅ Интеграционные тесты пройдены" depends_on: - unit-tests # 6. Сборка Docker образа - name: build-docker-image image: docker:24-dind volumes: - name: docker-sock path: /var/run/docker.sock commands: - echo "🐳 Сборка Docker образа..." - docker build -t smartsoltech:${DRONE_COMMIT_SHA:0:8} . - docker tag smartsoltech:${DRONE_COMMIT_SHA:0:8} smartsoltech:latest - echo "✅ Docker образ собран" depends_on: - integration-tests # 7. Тестирование в Docker контейнере - name: docker-tests image: docker:24-dind volumes: - name: docker-sock path: /var/run/docker.sock environment: DATABASE_URL: postgresql://postgres:postgres@postgres:5432/smartsoltech_test commands: - echo "🐳 Тестирование в Docker контейнере..." - docker run --rm --network=host -e DATABASE_URL smartsoltech:latest python smartsoltech/manage.py check - echo "✅ Docker тесты пройдены" depends_on: - build-docker-image # 8. Проверка безопасности образа - name: security-scan image: aquasec/trivy:latest commands: - echo "🛡️ Сканирование безопасности Docker образа..." - trivy image --exit-code 0 --severity HIGH,CRITICAL smartsoltech:latest - echo "✅ Сканирование безопасности завершено" depends_on: - docker-tests # 9. Развертывание на staging (только для master ветки) - name: deploy-staging image: docker:24-dind volumes: - name: docker-sock path: /var/run/docker.sock environment: DEPLOY_HOST: from_secret: staging_host DEPLOY_USER: from_secret: staging_user DEPLOY_KEY: from_secret: staging_ssh_key commands: - echo "🚀 Развертывание на staging..." - apk add --no-cache openssh-client - mkdir -p ~/.ssh - echo "$DEPLOY_KEY" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts - scp docker-compose.yml $DEPLOY_USER@$DEPLOY_HOST:/opt/smartsoltech/ - ssh $DEPLOY_USER@$DEPLOY_HOST "cd /opt/smartsoltech && docker-compose pull && docker-compose up -d" - echo "✅ Развертывание на staging завершено" when: branch: - master depends_on: - security-scan # 10. Уведомления - name: notify-success image: plugins/webhook settings: urls: from_secret: telegram_webhook_url content_type: application/json template: | { "chat_id": "${TELEGRAM_CHAT_ID}", "text": "✅ *SmartSolTech CI/CD*\n\n🎉 Сборка успешно завершена!\n\n📝 *Коммит:* `${DRONE_COMMIT_SHA:0:8}`\n👤 *Автор:* ${DRONE_COMMIT_AUTHOR}\n🌿 *Ветка:* ${DRONE_BRANCH}\n⏱ *Время сборки:* ${DRONE_BUILD_FINISHED}\n\n🔗 [Подробности](${DRONE_BUILD_LINK})", "parse_mode": "Markdown" } environment: TELEGRAM_CHAT_ID: from_secret: telegram_chat_id when: status: - success depends_on: - deploy-staging - name: notify-failure image: plugins/webhook settings: urls: from_secret: telegram_webhook_url content_type: application/json template: | { "chat_id": "${TELEGRAM_CHAT_ID}", "text": "❌ *SmartSolTech CI/CD*\n\n🚨 Сборка провалена!\n\n📝 *Коммит:* `${DRONE_COMMIT_SHA:0:8}`\n👤 *Автор:* ${DRONE_COMMIT_AUTHOR}\n🌿 *Ветка:* ${DRONE_BRANCH}\n💥 *Этап:* ${DRONE_FAILED_STEPS}\n⏱ *Время:* ${DRONE_BUILD_FINISHED}\n\n🔗 [Логи](${DRONE_BUILD_LINK})", "parse_mode": "Markdown" } environment: TELEGRAM_CHAT_ID: from_secret: telegram_chat_id when: status: - failure depends_on: - deploy-staging # Volumes для Docker in Docker volumes: - name: docker-sock host: path: /var/run/docker.sock # Триггеры trigger: branch: - master - develop - feature/* event: - push - pull_request - tag --- # Production deployment pipeline kind: pipeline type: docker name: production-deploy platform: os: linux arch: amd64 steps: - name: deploy-production image: docker:24-dind volumes: - name: docker-sock path: /var/run/docker.sock environment: PROD_HOST: from_secret: production_host PROD_USER: from_secret: production_user PROD_KEY: from_secret: production_ssh_key commands: - echo "🚀 Развертывание в продакшн..." - apk add --no-cache openssh-client git - mkdir -p ~/.ssh - echo "$PROD_KEY" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh-keyscan -H $PROD_HOST >> ~/.ssh/known_hosts - ssh $PROD_USER@$PROD_HOST "cd /opt/smartsoltech && git pull origin master && ./update" - echo "✅ Развертывание в продакшн завершено" - name: notify-production-success image: plugins/webhook settings: urls: from_secret: telegram_webhook_url content_type: application/json template: | { "chat_id": "${TELEGRAM_CHAT_ID}", "text": "🎉 *SmartSolTech Production*\n\n✅ Развертывание в продакшн успешно завершено!\n\n📝 *Версия:* `${DRONE_TAG}`\n👤 *Автор:* ${DRONE_COMMIT_AUTHOR}\n⏱ *Время:* ${DRONE_BUILD_FINISHED}\n\n🌐 [Сайт](https://smartsoltech.kr)", "parse_mode": "Markdown" } environment: TELEGRAM_CHAT_ID: from_secret: telegram_chat_id depends_on: - deploy-production volumes: - name: docker-sock host: path: /var/run/docker.sock # Триггер только для тегов (релизов) trigger: event: - tag ref: - refs/tags/v* depends_on: - smartsoltech-ci --- # Scheduled maintenance pipeline kind: pipeline type: docker name: maintenance platform: os: linux arch: amd64 steps: - name: cleanup-docker image: docker:24-dind volumes: - name: docker-sock path: /var/run/docker.sock commands: - echo "🧹 Очистка Docker..." - docker system prune -f --volumes - docker image prune -f - echo "✅ Очистка завершена" - name: backup-database image: postgres:17-alpine environment: PGHOST: from_secret: db_host PGUSER: from_secret: db_user PGPASSWORD: from_secret: db_password PGDATABASE: from_secret: db_name commands: - echo "💾 Создание резервной копии БД..." - pg_dump > /tmp/backup_$(date +%Y%m%d_%H%M%S).sql - echo "✅ Резервная копия создана" volumes: - name: docker-sock host: path: /var/run/docker.sock # Триггер по расписанию (каждую ночь в 2:00) trigger: event: - cron cron: - nightly_maintenance