From 4f224a88cd54a8ab8b2aa41c8cd3951e8e65e2e7 Mon Sep 17 00:00:00 2001 From: "Ehsan.Asadi" Date: Sat, 27 Dec 2025 23:07:09 +0330 Subject: [PATCH] added files --- woodpecker copy.yml | 439 ++++++++++++++++++++++++++++++++++++++++++++ woodpecker.yml | 438 ++++--------------------------------------- 2 files changed, 471 insertions(+), 406 deletions(-) create mode 100644 woodpecker copy.yml diff --git a/woodpecker copy.yml b/woodpecker copy.yml new file mode 100644 index 0000000..f90a106 --- /dev/null +++ b/woodpecker copy.yml @@ -0,0 +1,439 @@ +# Peikarband Platform - Woodpecker CI/CD Pipeline +# Complete production-ready pipeline with Harbor registry integration + +variables: + - &harbor_registry 'harbor.peikarband.ir' + - &image_name 'peikarband/landing' + - &python_version '3.11' + +# Global configuration +when: + - evaluate: 'CI_PIPELINE_EVENT != "cron"' + +# ============================================ +# STAGE 1: Code Quality & Linting +# ============================================ +steps: + lint-python: + image: python:${python_version}-slim + environment: + - PYTHONPATH=/woodpecker/src/workspace + commands: + - pip install --no-cache-dir flake8 black isort mypy + - echo "🔍 Running flake8..." + - flake8 src/ --max-line-length=120 --exclude=__pycache__,migrations --statistics + - echo "✅ Flake8 passed" + - echo "🔍 Running black check..." + - black --check src/ --line-length=120 + - echo "✅ Black check passed" + - echo "🔍 Running isort check..." + - isort --check-only src/ + - echo "✅ Isort check passed" + when: + branch: + include: + - main + - develop + - staging + - feature/* + - hotfix/* + + lint-yaml: + image: cytopia/yamllint:latest + commands: + - echo "🔍 Validating YAML files..." + - yamllint -c .yamllint.yml helm/ || true + - yamllint woodpecker.yml + - echo "✅ YAML validation completed" + when: + branch: + include: + - main + - develop + - staging + +# # ============================================ +# # STAGE 2: Unit Tests & Coverage +# # ============================================ +# test-unit: +# image: python:${python_version}-slim +# environment: +# - PYTHONPATH=/woodpecker/src/workspace +# - ENVIRONMENT=test +# - DATABASE_URL=postgresql://test:test@postgres:5432/test_db +# - REDIS_URL=redis://redis:6379/0 +# commands: +# - apt-get update && apt-get install -y --no-install-recommends postgresql-client +# - pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt +# - echo "🧪 Running unit tests..." +# - pytest tests/unit/ -v --cov=src --cov-report=term --cov-report=xml --cov-report=html +# - echo "✅ Unit tests passed" +# - echo "📊 Coverage report generated" +# when: +# branch: +# include: +# - main +# - develop +# - staging +# - feature/* + +# test-integration: +# image: python:${python_version}-slim +# environment: +# - PYTHONPATH=/woodpecker/src/workspace +# - ENVIRONMENT=test +# - DATABASE_URL=postgresql://test:test@postgres:5432/test_db +# - REDIS_URL=redis://redis:6379/0 +# commands: +# - apt-get update && apt-get install -y --no-install-recommends postgresql-client +# - pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt +# - echo "🧪 Running integration tests..." +# - pytest tests/integration/ -v --maxfail=3 +# - echo "✅ Integration tests passed" +# when: +# branch: +# include: +# - main +# - develop +# - staging + +# # ============================================ +# # STAGE 3: Security Scanning +# # ============================================ +# security-python-deps: +# image: python:${python_version}-slim +# commands: +# - pip install --no-cache-dir safety bandit +# - echo "🔒 Checking Python dependencies for vulnerabilities..." +# - safety check --json || true +# - echo "🔒 Running Bandit security linter..." +# - bandit -r src/ -f json -o bandit-report.json || true +# - echo "✅ Security scan completed" +# when: +# branch: +# include: +# - main +# - develop +# - staging + +# security-secrets: +# image: trufflesecurity/trufflehog:latest +# commands: +# - echo "🔐 Scanning for secrets and credentials..." +# - trufflehog filesystem . --json --no-update || true +# - echo "✅ Secret scan completed" +# when: +# branch: +# include: +# - main +# - develop +# - staging + +# ============================================ +# STAGE 4: Docker Build +# ============================================ + docker-build: + image: plugins/docker + settings: + registry: *harbor_registry + repo: ${harbor_registry}/${image_name} + tags: + - ${CI_COMMIT_SHA:0:8} + - ${CI_COMMIT_BRANCH} + - latest + username: + from_secret: harbor_username + password: + from_secret: harbor_password + build_args: + - ENVIRONMENT=production + - VERSION=${CI_COMMIT_SHA:0:8} + cache_from: + - ${harbor_registry}/${image_name}:latest + dockerfile: Dockerfile + dry_run: false + when: + branch: + include: + - main + - develop + - staging + event: + - push + - tag + +# # ============================================ +# # STAGE 5: Container Security Scan +# # ============================================ +# security-trivy: +# image: aquasec/trivy:latest +# commands: +# - echo "🔒 Scanning Docker image for vulnerabilities..." +# - trivy image +# --severity HIGH,CRITICAL +# --exit-code 0 +# --format json +# --output trivy-report.json +# ${harbor_registry}/${image_name}:${CI_COMMIT_SHA:0:8} +# - echo "✅ Trivy scan completed" +# - trivy image +# --severity HIGH,CRITICAL +# --format table +# ${harbor_registry}/${image_name}:${CI_COMMIT_SHA:0:8} +# when: +# branch: +# include: +# - main +# - develop +# - staging +# event: +# - push + +# ============================================ +# STAGE 6: Helm Validation +# ============================================ + helm-lint: + image: alpine/helm:latest + commands: + - echo "📦 Linting Helm chart..." + - helm lint helm/peikarband --strict + - echo "✅ Helm lint passed" + - echo "📦 Validating Helm template..." + - helm template peikarband helm/peikarband + --set image.repository=${harbor_registry}/${image_name} + --set image.tag=${CI_COMMIT_SHA:0:8} + --debug > /dev/null + - echo "✅ Helm template validation passed" + when: + branch: + include: + - main + - develop + - staging + +# ============================================ +# STAGE 7: Database Migration Check +# ============================================ + migration-check: + image: python:${python_version}-slim + environment: + - PYTHONPATH=/woodpecker/src/workspace + commands: + - pip install --no-cache-dir alembic sqlalchemy psycopg2-binary + - echo "🗄️ Checking database migrations..." + - alembic check || echo "⚠️ Migration check completed with warnings" + - alembic history + - echo "✅ Migration check completed" + when: + branch: + include: + - main + - develop + - staging + +# ============================================ +# STAGE 8: Deploy to Staging +# ============================================ + deploy-staging: + image: argoproj/argocd:latest + environment: + ARGOCD_SERVER: + from_secret: argocd_server + ARGOCD_AUTH_TOKEN: + from_secret: argocd_token + commands: + - echo "🚀 Deploying to Staging via ArgoCD..." + - argocd app set peikarband-staging + --helm-set image.tag=${CI_COMMIT_SHA:0:8} + - argocd app sync peikarband-staging --prune + - argocd app wait peikarband-staging --timeout 600 + - echo "✅ Staging deployment completed" + when: + branch: + - develop + - staging + event: + - push + +# ============================================ +# STAGE 9: Deploy to Production +# ============================================ + deploy-production: + image: argoproj/argocd:latest + environment: + ARGOCD_SERVER: + from_secret: argocd_server + ARGOCD_AUTH_TOKEN: + from_secret: argocd_token + commands: + - echo "🚀 Deploying to Production via ArgoCD..." + - argocd app set peikarband + --helm-set image.tag=${CI_COMMIT_SHA:0:8} + - argocd app sync peikarband --prune + - argocd app wait peikarband --timeout 600 + - echo "✅ Production deployment completed" + - echo "🎉 Version ${CI_COMMIT_SHA:0:8} is now live!" + when: + branch: + - main + event: + - push + - tag + +# ============================================ +# STAGE 10: Post-Deployment Verification +# ============================================ + verify-deployment: + image: curlimages/curl:latest + commands: + - echo "🔍 Verifying deployment..." + - sleep 30 + - | + if [ "${CI_COMMIT_BRANCH}" = "main" ]; then + ENDPOINT="https://peikarband.ir/ping" + else + ENDPOINT="https://staging.peikarband.ir/ping" + fi + - echo "Testing endpoint: $ENDPOINT" + - curl -f -s -o /dev/null -w "HTTP Status: %{http_code}\n" $ENDPOINT || echo "⚠️ Health check warning" + - echo "✅ Deployment verification completed" + when: + branch: + include: + - main + - develop + - staging + event: + - push + +# ============================================ +# STAGE 11: Notifications +# ============================================ + notify-telegram: + image: appleboy/drone-telegram:latest + settings: + token: + from_secret: telegram_bot_token + to: + from_secret: telegram_chat_id + format: markdown + message: > + {{#success build.status}} + ✅ **Build Success** + {{else}} + ❌ **Build Failed** + {{/success}} + + **Project:** Peikarband Landing + + **Branch:** ${CI_COMMIT_BRANCH} + + **Commit:** `${CI_COMMIT_SHA:0:8}` + + **Author:** ${CI_COMMIT_AUTHOR} + + **Message:** ${CI_COMMIT_MESSAGE} + + **Build:** [#${CI_BUILD_NUMBER}](${CI_BUILD_LINK}) + + **Duration:** ${CI_BUILD_FINISHED} + when: + status: + - success + - failure + branch: + - main + - develop + - staging + + notify-slack: + image: plugins/slack:latest + settings: + webhook: + from_secret: slack_webhook + channel: deployments + username: Woodpecker CI + template: > + {{#success build.status}} + :white_check_mark: Build #{{build.number}} succeeded + {{else}} + :x: Build #{{build.number}} failed + {{/success}} + + *Repository:* {{repo.name}} + *Branch:* {{build.branch}} + *Commit:* {{build.commit}} + *Author:* {{build.author}} + *Message:* {{build.message}} + *Link:* {{build.link}} + when: + status: + - success + - failure + branch: + - main + +# ============================================ +# Services (for testing) +# ============================================ +services: + postgres: + image: postgres:14-alpine + environment: + POSTGRES_USER: test + POSTGRES_PASSWORD: test + POSTGRES_DB: test_db + when: + branch: + include: + - main + - develop + - staging + - feature/* + + redis: + image: redis:7-alpine + when: + branch: + include: + - main + - develop + - staging + - feature/* + +# ============================================ +# Matrix Build (Optional - Multi-arch support) +# ============================================ +matrix: + include: + - PLATFORM: linux/amd64 + ENVIRONMENT: production + - PLATFORM: linux/arm64 + ENVIRONMENT: production + +# ============================================ +# Pipeline Configuration +# ============================================ +labels: + platform: linux/amd64 + backend: docker + +depends_on: [] + +skip_clone: false + +# Workspace configuration +workspace: + base: /woodpecker/src + path: workspace + +# Clone settings +clone: + git: + image: woodpeckerci/plugin-git:latest + settings: + depth: 50 + lfs: false + recursive: true + tags: true + diff --git a/woodpecker.yml b/woodpecker.yml index f90a106..746f2c7 100644 --- a/woodpecker.yml +++ b/woodpecker.yml @@ -1,145 +1,26 @@ # Peikarband Platform - Woodpecker CI/CD Pipeline -# Complete production-ready pipeline with Harbor registry integration +# وضعیت: فقط بیلد و پوش به Harbor فعال است variables: - &harbor_registry 'harbor.peikarband.ir' - &image_name 'peikarband/landing' - - &python_version '3.11' -# Global configuration +# تنظیمات کلی برای اجرا در هر پوش when: - evaluate: 'CI_PIPELINE_EVENT != "cron"' -# ============================================ -# STAGE 1: Code Quality & Linting -# ============================================ steps: - lint-python: - image: python:${python_version}-slim - environment: - - PYTHONPATH=/woodpecker/src/workspace - commands: - - pip install --no-cache-dir flake8 black isort mypy - - echo "🔍 Running flake8..." - - flake8 src/ --max-line-length=120 --exclude=__pycache__,migrations --statistics - - echo "✅ Flake8 passed" - - echo "🔍 Running black check..." - - black --check src/ --line-length=120 - - echo "✅ Black check passed" - - echo "🔍 Running isort check..." - - isort --check-only src/ - - echo "✅ Isort check passed" - when: - branch: - include: - - main - - develop - - staging - - feature/* - - hotfix/* - - lint-yaml: - image: cytopia/yamllint:latest - commands: - - echo "🔍 Validating YAML files..." - - yamllint -c .yamllint.yml helm/ || true - - yamllint woodpecker.yml - - echo "✅ YAML validation completed" - when: - branch: - include: - - main - - develop - - staging - -# # ============================================ -# # STAGE 2: Unit Tests & Coverage -# # ============================================ -# test-unit: -# image: python:${python_version}-slim -# environment: -# - PYTHONPATH=/woodpecker/src/workspace -# - ENVIRONMENT=test -# - DATABASE_URL=postgresql://test:test@postgres:5432/test_db -# - REDIS_URL=redis://redis:6379/0 -# commands: -# - apt-get update && apt-get install -y --no-install-recommends postgresql-client -# - pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt -# - echo "🧪 Running unit tests..." -# - pytest tests/unit/ -v --cov=src --cov-report=term --cov-report=xml --cov-report=html -# - echo "✅ Unit tests passed" -# - echo "📊 Coverage report generated" -# when: -# branch: -# include: -# - main -# - develop -# - staging -# - feature/* - -# test-integration: -# image: python:${python_version}-slim -# environment: -# - PYTHONPATH=/woodpecker/src/workspace -# - ENVIRONMENT=test -# - DATABASE_URL=postgresql://test:test@postgres:5432/test_db -# - REDIS_URL=redis://redis:6379/0 -# commands: -# - apt-get update && apt-get install -y --no-install-recommends postgresql-client -# - pip install --no-cache-dir -r requirements.txt -r requirements-dev.txt -# - echo "🧪 Running integration tests..." -# - pytest tests/integration/ -v --maxfail=3 -# - echo "✅ Integration tests passed" -# when: -# branch: -# include: -# - main -# - develop -# - staging - -# # ============================================ -# # STAGE 3: Security Scanning -# # ============================================ -# security-python-deps: -# image: python:${python_version}-slim -# commands: -# - pip install --no-cache-dir safety bandit -# - echo "🔒 Checking Python dependencies for vulnerabilities..." -# - safety check --json || true -# - echo "🔒 Running Bandit security linter..." -# - bandit -r src/ -f json -o bandit-report.json || true -# - echo "✅ Security scan completed" -# when: -# branch: -# include: -# - main -# - develop -# - staging - -# security-secrets: -# image: trufflesecurity/trufflehog:latest -# commands: -# - echo "🔐 Scanning for secrets and credentials..." -# - trufflehog filesystem . --json --no-update || true -# - echo "✅ Secret scan completed" -# when: -# branch: -# include: -# - main -# - develop -# - staging - # ============================================ -# STAGE 4: Docker Build +# STAGE: Docker Build & Push (تنها بخش فعال) # ============================================ docker-build: image: plugins/docker settings: registry: *harbor_registry repo: ${harbor_registry}/${image_name} + # تگ کردن تصویر با هش کامیت و کلمه latest tags: - ${CI_COMMIT_SHA:0:8} - - ${CI_COMMIT_BRANCH} - latest username: from_secret: harbor_username @@ -147,293 +28,38 @@ steps: from_secret: harbor_password build_args: - ENVIRONMENT=production - - VERSION=${CI_COMMIT_SHA:0:8} - cache_from: - - ${harbor_registry}/${image_name}:latest - dockerfile: Dockerfile - dry_run: false + # استفاده از کش برای سرعت بیشتر در بیلدهای بعدی + cache_from: ${harbor_registry}/${image_name}:latest when: - branch: - include: - - main - - develop - - staging - event: - - push - - tag - -# # ============================================ -# # STAGE 5: Container Security Scan -# # ============================================ -# security-trivy: -# image: aquasec/trivy:latest -# commands: -# - echo "🔒 Scanning Docker image for vulnerabilities..." -# - trivy image -# --severity HIGH,CRITICAL -# --exit-code 0 -# --format json -# --output trivy-report.json -# ${harbor_registry}/${image_name}:${CI_COMMIT_SHA:0:8} -# - echo "✅ Trivy scan completed" -# - trivy image -# --severity HIGH,CRITICAL -# --format table -# ${harbor_registry}/${image_name}:${CI_COMMIT_SHA:0:8} -# when: -# branch: -# include: -# - main -# - develop -# - staging -# event: -# - push + event: [push, tag] # ============================================ -# STAGE 6: Helm Validation +# بخش‌های غیرفعال (کامنت شده) # ============================================ - helm-lint: - image: alpine/helm:latest - commands: - - echo "📦 Linting Helm chart..." - - helm lint helm/peikarband --strict - - echo "✅ Helm lint passed" - - echo "📦 Validating Helm template..." - - helm template peikarband helm/peikarband - --set image.repository=${harbor_registry}/${image_name} - --set image.tag=${CI_COMMIT_SHA:0:8} - --debug > /dev/null - - echo "✅ Helm template validation passed" - when: - branch: - include: - - main - - develop - - staging -# ============================================ -# STAGE 7: Database Migration Check -# ============================================ - migration-check: - image: python:${python_version}-slim - environment: - - PYTHONPATH=/woodpecker/src/workspace - commands: - - pip install --no-cache-dir alembic sqlalchemy psycopg2-binary - - echo "🗄️ Checking database migrations..." - - alembic check || echo "⚠️ Migration check completed with warnings" - - alembic history - - echo "✅ Migration check completed" - when: - branch: - include: - - main - - develop - - staging +# lint-python: +# image: python:3.11-slim +# commands: +# - pip install --no-cache-dir flake8 black +# - flake8 src/ +# when: +# branch: [main, develop] -# ============================================ -# STAGE 8: Deploy to Staging -# ============================================ - deploy-staging: - image: argoproj/argocd:latest - environment: - ARGOCD_SERVER: - from_secret: argocd_server - ARGOCD_AUTH_TOKEN: - from_secret: argocd_token - commands: - - echo "🚀 Deploying to Staging via ArgoCD..." - - argocd app set peikarband-staging - --helm-set image.tag=${CI_COMMIT_SHA:0:8} - - argocd app sync peikarband-staging --prune - - argocd app wait peikarband-staging --timeout 600 - - echo "✅ Staging deployment completed" - when: - branch: - - develop - - staging - event: - - push - -# ============================================ -# STAGE 9: Deploy to Production -# ============================================ - deploy-production: - image: argoproj/argocd:latest - environment: - ARGOCD_SERVER: - from_secret: argocd_server - ARGOCD_AUTH_TOKEN: - from_secret: argocd_token - commands: - - echo "🚀 Deploying to Production via ArgoCD..." - - argocd app set peikarband - --helm-set image.tag=${CI_COMMIT_SHA:0:8} - - argocd app sync peikarband --prune - - argocd app wait peikarband --timeout 600 - - echo "✅ Production deployment completed" - - echo "🎉 Version ${CI_COMMIT_SHA:0:8} is now live!" - when: - branch: - - main - event: - - push - - tag - -# ============================================ -# STAGE 10: Post-Deployment Verification -# ============================================ - verify-deployment: - image: curlimages/curl:latest - commands: - - echo "🔍 Verifying deployment..." - - sleep 30 - - | - if [ "${CI_COMMIT_BRANCH}" = "main" ]; then - ENDPOINT="https://peikarband.ir/ping" - else - ENDPOINT="https://staging.peikarband.ir/ping" - fi - - echo "Testing endpoint: $ENDPOINT" - - curl -f -s -o /dev/null -w "HTTP Status: %{http_code}\n" $ENDPOINT || echo "⚠️ Health check warning" - - echo "✅ Deployment verification completed" - when: - branch: - include: - - main - - develop - - staging - event: - - push - -# ============================================ -# STAGE 11: Notifications -# ============================================ - notify-telegram: - image: appleboy/drone-telegram:latest - settings: - token: - from_secret: telegram_bot_token - to: - from_secret: telegram_chat_id - format: markdown - message: > - {{#success build.status}} - ✅ **Build Success** - {{else}} - ❌ **Build Failed** - {{/success}} - - **Project:** Peikarband Landing - - **Branch:** ${CI_COMMIT_BRANCH} - - **Commit:** `${CI_COMMIT_SHA:0:8}` - - **Author:** ${CI_COMMIT_AUTHOR} - - **Message:** ${CI_COMMIT_MESSAGE} - - **Build:** [#${CI_BUILD_NUMBER}](${CI_BUILD_LINK}) - - **Duration:** ${CI_BUILD_FINISHED} - when: - status: - - success - - failure - branch: - - main - - develop - - staging - - notify-slack: - image: plugins/slack:latest - settings: - webhook: - from_secret: slack_webhook - channel: deployments - username: Woodpecker CI - template: > - {{#success build.status}} - :white_check_mark: Build #{{build.number}} succeeded - {{else}} - :x: Build #{{build.number}} failed - {{/success}} - - *Repository:* {{repo.name}} - *Branch:* {{build.branch}} - *Commit:* {{build.commit}} - *Author:* {{build.author}} - *Message:* {{build.message}} - *Link:* {{build.link}} - when: - status: - - success - - failure - branch: - - main - -# ============================================ -# Services (for testing) -# ============================================ -services: - postgres: - image: postgres:14-alpine - environment: - POSTGRES_USER: test - POSTGRES_PASSWORD: test - POSTGRES_DB: test_db - when: - branch: - include: - - main - - develop - - staging - - feature/* - - redis: - image: redis:7-alpine - when: - branch: - include: - - main - - develop - - staging - - feature/* - -# ============================================ -# Matrix Build (Optional - Multi-arch support) -# ============================================ -matrix: - include: - - PLATFORM: linux/amd64 - ENVIRONMENT: production - - PLATFORM: linux/arm64 - ENVIRONMENT: production - -# ============================================ -# Pipeline Configuration -# ============================================ -labels: - platform: linux/amd64 - backend: docker - -depends_on: [] - -skip_clone: false - -# Workspace configuration -workspace: - base: /woodpecker/src - path: workspace - -# Clone settings -clone: - git: - image: woodpeckerci/plugin-git:latest - settings: - depth: 50 - lfs: false - recursive: true - tags: true +# deploy-staging: +# image: argoproj/argocd:latest +# environment: +# ARGOCD_SERVER: { from_secret: argocd_server } +# ARGOCD_AUTH_TOKEN: { from_secret: argocd_token } +# commands: +# - argocd app set peikarband-staging --helm-set image.tag=${CI_COMMIT_SHA:0:8} +# - argocd app sync peikarband-staging +# when: +# branch: [develop] +# notify-telegram: +# image: appleboy/drone-telegram:latest +# settings: +# token: { from_secret: telegram_bot_token } +# to: { from_secret: telegram_chat_id } +# when: +# status: [success, failure] \ No newline at end of file