张翔
264 lines
7.2 KiB
YAML
264 lines
7.2 KiB
YAML
# Woodpecker CI/CD 流水线配置 - 企业级质量门禁
|
||
# 基于Docker化部署的完整CI/CD流水线
|
||
|
||
pipeline:
|
||
# 代码质量检查阶段
|
||
code-quality:
|
||
group: 质量检查
|
||
image: maven:3.9-openjdk-21
|
||
commands:
|
||
- echo "🔍 开始代码质量检查..."
|
||
- cd novalon-manage-api
|
||
- echo "📊 运行静态代码分析..."
|
||
- mvn spotbugs:check
|
||
- echo "📏 检查代码规范..."
|
||
- mvn checkstyle:check
|
||
- echo "📈 生成代码质量报告..."
|
||
- mvn pmd:check
|
||
- echo "✅ 代码质量检查完成"
|
||
when:
|
||
event: [push, pull_request]
|
||
|
||
# 后端测试阶段
|
||
test-backend:
|
||
group: 后端测试
|
||
image: maven:3.9-openjdk-21
|
||
commands:
|
||
- echo "🚀 开始后端测试..."
|
||
- cd novalon-manage-api
|
||
- echo "🧪 运行单元测试..."
|
||
- mvn clean test jacoco:report
|
||
- echo "📊 生成测试覆盖率报告..."
|
||
- mvn jacoco:check
|
||
- echo "✅ 后端测试完成,覆盖率: $(cat target/site/jacoco/jacoco.xml | grep -oP 'lineCoverage=\"\K[0-9.]+')%"
|
||
when:
|
||
event: [push, pull_request]
|
||
|
||
# 前端测试阶段
|
||
test-frontend:
|
||
group: 前端测试
|
||
image: node:20
|
||
commands:
|
||
- echo "🚀 开始前端测试..."
|
||
- cd novalon-manage-web
|
||
- echo "📦 安装依赖..."
|
||
- npm ci
|
||
- echo "🧪 运行单元测试..."
|
||
- npm run test:unit
|
||
- echo "📏 检查代码规范..."
|
||
- npm run lint
|
||
- echo "✅ 前端测试完成"
|
||
when:
|
||
event: [push, pull_request]
|
||
|
||
# Docker化构建阶段
|
||
docker-build:
|
||
group: 容器化构建
|
||
image: docker:24
|
||
volumes:
|
||
- /var/run/docker.sock:/var/run/docker.sock
|
||
commands:
|
||
- echo "🐳 开始Docker化构建..."
|
||
- echo "📦 构建后端镜像..."
|
||
- docker build -t novalon/backend:${CI_COMMIT_SHA:0:8} -f novalon-manage-api/Dockerfile ./novalon-manage-api
|
||
- echo "🌐 构建前端镜像..."
|
||
- docker build -t novalon/frontend:${CI_COMMIT_SHA:0:8} -f novalon-manage-web/Dockerfile ./novalon-manage-web
|
||
- echo "✅ Docker镜像构建完成"
|
||
when:
|
||
event: [push]
|
||
branch: [main, develop]
|
||
|
||
# 集成测试阶段(使用Docker Compose)
|
||
integration-test:
|
||
group: 集成测试
|
||
image: docker:24
|
||
volumes:
|
||
- /var/run/docker.sock:/var/run/docker.sock
|
||
commands:
|
||
- echo "🧪 开始集成测试..."
|
||
- echo "🐳 启动测试环境..."
|
||
- docker-compose -f docker-compose.test.yml up -d
|
||
- echo "⏳ 等待服务就绪..."
|
||
- sleep 60
|
||
- echo "🔍 检查服务健康状态..."
|
||
- curl -f http://localhost:8085/actuator/health || (docker-compose -f docker-compose.test.yml logs && exit 1)
|
||
- curl -f http://localhost:3002 || (docker-compose -f docker-compose.test.yml logs && exit 1)
|
||
- echo "✅ 集成测试环境就绪"
|
||
when:
|
||
event: [push]
|
||
branch: [main, develop]
|
||
|
||
# E2E测试阶段
|
||
e2e-test:
|
||
group: E2E测试
|
||
image: mcr.microsoft.com/playwright:v1.58.2-jammy
|
||
commands:
|
||
- echo "🎭 开始E2E测试..."
|
||
- cd novalon-manage-web
|
||
- echo "📦 安装依赖..."
|
||
- npm ci
|
||
- echo "🔧 安装浏览器..."
|
||
- npx playwright install --with-deps chromium
|
||
- echo "🧪 运行E2E测试..."
|
||
- npx playwright test --project=journeys --reporter=html,json,junit
|
||
- echo "✅ E2E测试完成"
|
||
when:
|
||
event: [push]
|
||
branch: [main, develop]
|
||
|
||
# 安全扫描阶段
|
||
security-scan:
|
||
group: 安全扫描
|
||
image: aquasec/trivy:latest
|
||
commands:
|
||
- echo "🔒 开始安全扫描..."
|
||
- echo "📊 扫描后端镜像..."
|
||
- trivy image novalon/backend:${CI_COMMIT_SHA:0:8}
|
||
- echo "📊 扫描前端镜像..."
|
||
- trivy image novalon/frontend:${CI_COMMIT_SHA:0:8}
|
||
- echo "✅ 安全扫描完成"
|
||
when:
|
||
event: [push]
|
||
branch: [main, develop]
|
||
|
||
# 部署阶段
|
||
deploy:
|
||
group: 部署
|
||
image: alpine:latest
|
||
commands:
|
||
- echo "🚀 开始部署..."
|
||
- echo "📦 推送镜像到仓库..."
|
||
- docker tag novalon/backend:${CI_COMMIT_SHA:0:8} ${DOCKER_REGISTRY}/novalon/backend:${CI_COMMIT_SHA:0:8}
|
||
- docker tag novalon/frontend:${CI_COMMIT_SHA:0:8} ${DOCKER_REGISTRY}/novalon/frontend:${CI_COMMIT_SHA:0:8}
|
||
- docker push ${DOCKER_REGISTRY}/novalon/backend:${CI_COMMIT_SHA:0:8}
|
||
- docker push ${DOCKER_REGISTRY}/novalon/frontend:${CI_COMMIT_SHA:0:8}
|
||
- echo "✅ 部署完成"
|
||
when:
|
||
event: [push]
|
||
branch: [main]
|
||
|
||
# 清理阶段
|
||
cleanup:
|
||
group: 清理
|
||
image: docker:24
|
||
volumes:
|
||
- /var/run/docker.sock:/var/run/docker.sock
|
||
commands:
|
||
- echo "🧹 开始清理..."
|
||
- docker-compose -f docker-compose.test.yml down -v
|
||
- docker system prune -f
|
||
- echo "✅ 清理完成"
|
||
when:
|
||
event: [push]
|
||
branch: [main, develop]
|
||
|
||
# 安全扫描
|
||
security-scan:
|
||
image: aquasec/trivy:latest
|
||
commands:
|
||
- echo "🔒 开始安全漏洞扫描..."
|
||
- trivy filesystem --severity HIGH,CRITICAL --exit-code 1 .
|
||
- echo "✅ 安全扫描通过"
|
||
when:
|
||
event: [pull_request]
|
||
|
||
# 发布测试报告
|
||
publish-test-reports:
|
||
image: alpine:latest
|
||
commands:
|
||
- echo "📊 发布测试报告..."
|
||
- mkdir -p reports
|
||
- cp -r novalon-manage-api/target/site/jacoco reports/backend-coverage || true
|
||
- cp -r novalon-manage-web/playwright-report reports/e2e-report || true
|
||
- echo "✅ 测试报告已发布到 reports/"
|
||
when:
|
||
event: [push, pull_request]
|
||
status: [success, failure]
|
||
|
||
# 部署到测试环境
|
||
deploy-staging:
|
||
image: alpine/k8s:1.29
|
||
commands:
|
||
- echo "🚀 部署到测试环境..."
|
||
- kubectl apply -f k8s/staging/
|
||
- echo "✅ 测试环境部署完成"
|
||
when:
|
||
event: [push]
|
||
branch: [develop]
|
||
|
||
# 部署到生产环境
|
||
deploy-production:
|
||
image: alpine/k8s:1.29
|
||
commands:
|
||
- echo "🚀 部署到生产环境..."
|
||
- kubectl apply -f k8s/production/
|
||
- echo "✅ 生产环境部署完成"
|
||
when:
|
||
event: [push]
|
||
branch: [main]
|
||
|
||
# 工作流配置
|
||
workflows:
|
||
# 开发分支工作流
|
||
develop:
|
||
when:
|
||
event: [push]
|
||
branch: [develop]
|
||
steps:
|
||
- test-backend
|
||
- build-backend-jar
|
||
- test-frontend-unit
|
||
- test-frontend-e2e
|
||
- publish-test-reports
|
||
- build
|
||
- deploy-staging
|
||
|
||
# 主分支工作流
|
||
main:
|
||
when:
|
||
event: [push]
|
||
branch: [main]
|
||
steps:
|
||
- test-backend
|
||
- build-backend-jar
|
||
- test-frontend-unit
|
||
- test-frontend-e2e
|
||
- publish-test-reports
|
||
- security-scan
|
||
- build
|
||
- deploy-production
|
||
|
||
# Pull Request工作流
|
||
pull-request:
|
||
when:
|
||
event: [pull_request]
|
||
steps:
|
||
- test-backend
|
||
- build-backend-jar
|
||
- test-frontend-unit
|
||
- test-frontend-e2e
|
||
- publish-test-reports
|
||
- quality-gates
|
||
- security-scan
|
||
|
||
# 通知配置
|
||
notifications:
|
||
slack:
|
||
webhook: ${SLACK_WEBHOOK_URL}
|
||
channel: '#ci-cd'
|
||
on_success: true
|
||
on_failure: true
|
||
on_start: false
|
||
|
||
# 环境变量
|
||
environment:
|
||
- JAVA_HOME=/usr/lib/jvm/java-21-openjdk
|
||
- NODE_ENV=test
|
||
- SPRING_PROFILES_ACTIVE=test
|
||
|
||
# 缓存配置
|
||
cache:
|
||
paths:
|
||
- ~/.m2/repository
|
||
- novalon-manage-web/node_modules
|