# Woodpecker CI/CD 流水线配置 - 企业级质量门禁 # 基于Docker化部署的完整CI/CD流水线 pipeline: # 代码质量检查阶段 code-quality: group: 质量检查 image: maven:3.9-openjdk-21 commands: - echo "🔍 开始代码质量检查..." - cd novalon-manage-api - echo "📊 运行静态代码分析..." - mvn spotbugs:check - echo "📏 检查代码规范..." - mvn checkstyle:check - echo "📈 生成代码质量报告..." - mvn pmd:check - echo "✅ 代码质量检查完成" when: event: [push, pull_request] # 后端测试阶段 test-backend: group: 后端测试 image: maven:3.9-openjdk-21 commands: - echo "🚀 开始后端测试..." - cd novalon-manage-api - echo "🧪 运行单元测试..." - mvn clean test jacoco:report - echo "📊 生成测试覆盖率报告..." - mvn jacoco:check - echo "✅ 后端测试完成,覆盖率: $(cat target/site/jacoco/jacoco.xml | grep -oP 'lineCoverage=\"\K[0-9.]+')%" when: event: [push, pull_request] # 前端测试阶段 test-frontend: group: 前端测试 image: node:20 commands: - echo "🚀 开始前端测试..." - cd novalon-manage-web - echo "📦 安装依赖..." - npm ci - echo "🧪 运行单元测试..." - npm run test:unit - echo "📏 检查代码规范..." - npm run lint - echo "✅ 前端测试完成" when: event: [push, pull_request] # Docker化构建阶段 docker-build: group: 容器化构建 image: docker:24 volumes: - /var/run/docker.sock:/var/run/docker.sock commands: - echo "🐳 开始Docker化构建..." - echo "📦 构建后端镜像..." - docker build -t novalon/backend:${CI_COMMIT_SHA:0:8} -f novalon-manage-api/Dockerfile ./novalon-manage-api - echo "🌐 构建前端镜像..." - docker build -t novalon/frontend:${CI_COMMIT_SHA:0:8} -f novalon-manage-web/Dockerfile ./novalon-manage-web - echo "✅ Docker镜像构建完成" when: event: [push] branch: [main, develop] # 集成测试阶段(使用Docker Compose) integration-test: group: 集成测试 image: docker:24 volumes: - /var/run/docker.sock:/var/run/docker.sock commands: - echo "🧪 开始集成测试..." - echo "🐳 启动测试环境..." - docker-compose -f docker-compose.test.yml up -d - echo "⏳ 等待服务就绪..." - sleep 60 - echo "🔍 检查服务健康状态..." - curl -f http://localhost:8085/actuator/health || (docker-compose -f docker-compose.test.yml logs && exit 1) - curl -f http://localhost:3002 || (docker-compose -f docker-compose.test.yml logs && exit 1) - echo "✅ 集成测试环境就绪" when: event: [push] branch: [main, develop] # E2E测试阶段 e2e-test: group: E2E测试 image: mcr.microsoft.com/playwright:v1.58.2-jammy commands: - echo "🎭 开始E2E测试..." - cd novalon-manage-web - echo "📦 安装依赖..." - npm ci - echo "🔧 安装浏览器..." - npx playwright install --with-deps chromium - echo "🧪 运行E2E测试..." - npx playwright test --project=journeys --reporter=html,json,junit - echo "✅ E2E测试完成" when: event: [push] branch: [main, develop] # 安全扫描阶段 security-scan: group: 安全扫描 image: aquasec/trivy:latest commands: - echo "🔒 开始安全扫描..." - echo "📊 扫描后端镜像..." - trivy image novalon/backend:${CI_COMMIT_SHA:0:8} - echo "📊 扫描前端镜像..." - trivy image novalon/frontend:${CI_COMMIT_SHA:0:8} - echo "✅ 安全扫描完成" when: event: [push] branch: [main, develop] # 部署阶段 deploy: group: 部署 image: alpine:latest commands: - echo "🚀 开始部署..." - echo "📦 推送镜像到仓库..." - docker tag novalon/backend:${CI_COMMIT_SHA:0:8} ${DOCKER_REGISTRY}/novalon/backend:${CI_COMMIT_SHA:0:8} - docker tag novalon/frontend:${CI_COMMIT_SHA:0:8} ${DOCKER_REGISTRY}/novalon/frontend:${CI_COMMIT_SHA:0:8} - docker push ${DOCKER_REGISTRY}/novalon/backend:${CI_COMMIT_SHA:0:8} - docker push ${DOCKER_REGISTRY}/novalon/frontend:${CI_COMMIT_SHA:0:8} - echo "✅ 部署完成" when: event: [push] branch: [main] # 清理阶段 cleanup: group: 清理 image: docker:24 volumes: - /var/run/docker.sock:/var/run/docker.sock commands: - echo "🧹 开始清理..." - docker-compose -f docker-compose.test.yml down -v - docker system prune -f - echo "✅ 清理完成" when: event: [push] branch: [main, develop] # 安全扫描 security-scan: image: aquasec/trivy:latest commands: - echo "🔒 开始安全漏洞扫描..." - trivy filesystem --severity HIGH,CRITICAL --exit-code 1 . - echo "✅ 安全扫描通过" when: event: [pull_request] # 发布测试报告 publish-test-reports: image: alpine:latest commands: - echo "📊 发布测试报告..." - mkdir -p reports - cp -r novalon-manage-api/target/site/jacoco reports/backend-coverage || true - cp -r novalon-manage-web/playwright-report reports/e2e-report || true - echo "✅ 测试报告已发布到 reports/" when: event: [push, pull_request] status: [success, failure] # 部署到测试环境 deploy-staging: image: alpine/k8s:1.29 commands: - echo "🚀 部署到测试环境..." - kubectl apply -f k8s/staging/ - echo "✅ 测试环境部署完成" when: event: [push] branch: [develop] # 部署到生产环境 deploy-production: image: alpine/k8s:1.29 commands: - echo "🚀 部署到生产环境..." - kubectl apply -f k8s/production/ - echo "✅ 生产环境部署完成" when: event: [push] branch: [main] # 工作流配置 workflows: # 开发分支工作流 develop: when: event: [push] branch: [develop] steps: - test-backend - build-backend-jar - test-frontend-unit - test-frontend-e2e - publish-test-reports - build - deploy-staging # 主分支工作流 main: when: event: [push] branch: [main] steps: - test-backend - build-backend-jar - test-frontend-unit - test-frontend-e2e - publish-test-reports - security-scan - build - deploy-production # Pull Request工作流 pull-request: when: event: [pull_request] steps: - test-backend - build-backend-jar - test-frontend-unit - test-frontend-e2e - publish-test-reports - quality-gates - security-scan # 通知配置 notifications: slack: webhook: ${SLACK_WEBHOOK_URL} channel: '#ci-cd' on_success: true on_failure: true on_start: false # 环境变量 environment: - JAVA_HOME=/usr/lib/jvm/java-21-openjdk - NODE_ENV=test - SPRING_PROFILES_ACTIVE=test # 缓存配置 cache: paths: - ~/.m2/repository - novalon-manage-web/node_modules