291 lines
7.5 KiB
YAML
291 lines
7.5 KiB
YAML
# =============================================================================
|
|
# Woodpecker CI/CD Pipeline
|
|
#
|
|
# Triggers:
|
|
# - Push to develop: Run tests, build, deploy to testing
|
|
# - Push to testing: Run tests, build, deploy to staging
|
|
# - Push to main: Run tests, build, deploy to production
|
|
# - Pull requests: Run tests only
|
|
# =============================================================================
|
|
|
|
variables:
|
|
- &golang_image "golang:1.25-alpine"
|
|
- &node_image "node:lts-alpine"
|
|
- &podman_image "quay.io/podman/stable:latest"
|
|
|
|
# =============================================================================
|
|
# PIPELINE: Pull Request Checks
|
|
# =============================================================================
|
|
when:
|
|
- event: pull_request
|
|
|
|
steps:
|
|
# Frontend checks
|
|
frontend-lint:
|
|
image: *node_image
|
|
directory: frontend
|
|
commands:
|
|
- corepack enable && corepack prepare pnpm@latest --activate
|
|
- pnpm install --frozen-lockfile
|
|
- pnpm run lint
|
|
- pnpm run type-check
|
|
|
|
frontend-test:
|
|
image: *node_image
|
|
directory: frontend
|
|
commands:
|
|
- corepack enable && corepack prepare pnpm@latest --activate
|
|
- pnpm install --frozen-lockfile
|
|
- pnpm run test:unit
|
|
|
|
# Backend checks (run in parallel for each service)
|
|
backend-auth-test:
|
|
image: *golang_image
|
|
directory: backend/functions/auth-service
|
|
commands:
|
|
- go mod download
|
|
- go vet ./...
|
|
- go test -v ./...
|
|
|
|
backend-blog-test:
|
|
image: *golang_image
|
|
directory: backend/functions/blog-service
|
|
commands:
|
|
- go mod download
|
|
- go vet ./...
|
|
- go test -v ./...
|
|
|
|
backend-forum-test:
|
|
image: *golang_image
|
|
directory: backend/functions/forum-service
|
|
commands:
|
|
- go mod download
|
|
- go vet ./...
|
|
- go test -v ./...
|
|
|
|
backend-payment-test:
|
|
image: *golang_image
|
|
directory: backend/functions/payment-service
|
|
commands:
|
|
- go mod download
|
|
- go vet ./...
|
|
- go test -v ./...
|
|
|
|
backend-work-mgmt-test:
|
|
image: *golang_image
|
|
directory: backend/functions/work-management-service
|
|
commands:
|
|
- go mod download
|
|
- go vet ./...
|
|
- go test -v ./...
|
|
|
|
---
|
|
# =============================================================================
|
|
# PIPELINE: Develop Branch - Deploy to Testing
|
|
# =============================================================================
|
|
when:
|
|
- event: push
|
|
branch: develop
|
|
|
|
steps:
|
|
# Run all tests first
|
|
test-frontend:
|
|
image: *node_image
|
|
directory: frontend
|
|
commands:
|
|
- corepack enable && corepack prepare pnpm@latest --activate
|
|
- pnpm install --frozen-lockfile
|
|
- pnpm run lint
|
|
- pnpm run type-check
|
|
- pnpm run test:unit
|
|
|
|
test-backend:
|
|
image: *golang_image
|
|
commands:
|
|
- |
|
|
for svc in auth-service blog-service forum-service payment-service work-management-service contact-service; do
|
|
echo "=== Testing $svc ==="
|
|
cd backend/functions/$svc
|
|
go mod download
|
|
go vet ./...
|
|
go test -v ./... || exit 1
|
|
cd -
|
|
done
|
|
|
|
# Build frontend
|
|
build-frontend:
|
|
image: *node_image
|
|
directory: frontend
|
|
depends_on:
|
|
- test-frontend
|
|
commands:
|
|
- corepack enable && corepack prepare pnpm@latest --activate
|
|
- pnpm install --frozen-lockfile
|
|
- pnpm run build
|
|
|
|
# Deploy to testing server
|
|
deploy-testing:
|
|
image: appleboy/drone-ssh
|
|
depends_on:
|
|
- test-frontend
|
|
- test-backend
|
|
settings:
|
|
host:
|
|
from_secret: testing_server_host
|
|
username:
|
|
from_secret: testing_server_user
|
|
key:
|
|
from_secret: testing_server_ssh_key
|
|
port: 22
|
|
script:
|
|
- cd /home/administrator/projects/coppertone.tech
|
|
- git fetch origin develop
|
|
- git checkout develop
|
|
- git pull origin develop
|
|
- export DB_SCHEMA=testing
|
|
- podman-compose build
|
|
- podman-compose down
|
|
- podman-compose up -d
|
|
- echo "Deployed to testing environment"
|
|
|
|
# Notify on success
|
|
notify-success:
|
|
image: plugins/webhook
|
|
depends_on:
|
|
- deploy-testing
|
|
settings:
|
|
urls:
|
|
from_secret: notification_webhook
|
|
content_type: application/json
|
|
template: |
|
|
{
|
|
"event": "deploy",
|
|
"branch": "{{ .CI_COMMIT_BRANCH }}",
|
|
"commit": "{{ .CI_COMMIT_SHA }}",
|
|
"status": "success",
|
|
"environment": "testing"
|
|
}
|
|
when:
|
|
- status: success
|
|
|
|
---
|
|
# =============================================================================
|
|
# PIPELINE: Testing Branch - Deploy to Staging
|
|
# =============================================================================
|
|
when:
|
|
- event: push
|
|
branch: testing
|
|
|
|
steps:
|
|
test-all:
|
|
image: *golang_image
|
|
commands:
|
|
- echo "Running full test suite for staging deployment..."
|
|
# Add comprehensive tests here
|
|
|
|
deploy-staging:
|
|
image: appleboy/drone-ssh
|
|
depends_on:
|
|
- test-all
|
|
settings:
|
|
host:
|
|
from_secret: staging_server_host
|
|
username:
|
|
from_secret: staging_server_user
|
|
key:
|
|
from_secret: staging_server_ssh_key
|
|
port: 22
|
|
script:
|
|
- cd /opt/coppertone
|
|
- git fetch origin testing
|
|
- git checkout testing
|
|
- git pull origin testing
|
|
- export DB_SCHEMA=testing
|
|
- podman-compose build
|
|
- podman-compose down
|
|
- podman-compose up -d
|
|
- echo "Deployed to staging environment"
|
|
|
|
---
|
|
# =============================================================================
|
|
# PIPELINE: Main Branch - Deploy to Production
|
|
# =============================================================================
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
|
|
steps:
|
|
# Full test suite
|
|
test-all:
|
|
image: *golang_image
|
|
commands:
|
|
- echo "Running full test suite for production deployment..."
|
|
# Add comprehensive tests here
|
|
|
|
# Security scan
|
|
security-scan:
|
|
image: aquasec/trivy:latest
|
|
commands:
|
|
- trivy fs --severity HIGH,CRITICAL --exit-code 1 .
|
|
failure: ignore # Alert but don't block (adjust as needed)
|
|
|
|
# Build and push images to registry (if using one)
|
|
# build-images:
|
|
# image: *podman_image
|
|
# privileged: true
|
|
# commands:
|
|
# - podman-compose build
|
|
# - podman push ...
|
|
|
|
# Deploy to production
|
|
deploy-production:
|
|
image: appleboy/drone-ssh
|
|
depends_on:
|
|
- test-all
|
|
settings:
|
|
host:
|
|
from_secret: production_server_host
|
|
username:
|
|
from_secret: production_server_user
|
|
key:
|
|
from_secret: production_server_ssh_key
|
|
port: 22
|
|
script:
|
|
- cd /opt/coppertone
|
|
- git fetch origin main
|
|
- git checkout main
|
|
- git pull origin main
|
|
- export DB_SCHEMA=prod
|
|
- podman-compose build
|
|
- podman-compose down
|
|
- podman-compose up -d
|
|
- echo "Deployed to production environment"
|
|
|
|
# Create release tag
|
|
create-tag:
|
|
image: alpine/git
|
|
depends_on:
|
|
- deploy-production
|
|
commands:
|
|
- |
|
|
VERSION=$(date +%Y.%m.%d)-${CI_COMMIT_SHA:0:7}
|
|
git tag -a "v$VERSION" -m "Release $VERSION"
|
|
git push origin "v$VERSION"
|
|
|
|
notify-production:
|
|
image: plugins/webhook
|
|
depends_on:
|
|
- deploy-production
|
|
settings:
|
|
urls:
|
|
from_secret: notification_webhook
|
|
content_type: application/json
|
|
template: |
|
|
{
|
|
"event": "production_deploy",
|
|
"branch": "{{ .CI_COMMIT_BRANCH }}",
|
|
"commit": "{{ .CI_COMMIT_SHA }}",
|
|
"status": "success",
|
|
"environment": "production"
|
|
}
|