chore(ci): clear Drone CI

2026-04-14 23:43:14 +08:00 · 2026-04-14 23:43:14 +08:00 · 47302fc9f3
commit 47302fc9f3
parent 88f58a65c0
1 changed files with 151 additions and 178 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1,7 +1,5 @@
 ---
 # =============================================================================
 # Drone CI Pipeline
 # =============================================================================
 kind: pipeline
 type: kubernetes
 name: default
@ -19,203 +17,178 @@ environment:
  BUILD_TARGET: x86_64-unknown-linux-gnu
 steps:
-    # =============================================================================
+  - name: clone
-    # Clone
+    image: bitnami/git:latest
-    # =============================================================================
+    commands:
-    - name: clone
+      - |
-      image: bitnami/git:latest
+        if [ -n "${DRONE_TAG}" ]; then
-      commands:
+          git checkout ${DRONE_TAG}
-        - |
+        fi
          if [ -n "${DRONE_TAG}" ]; then
            git checkout ${DRONE_TAG}
          fi
-    # =============================================================================
+  - name: rust-fmt
-    # Stage 1: Rust – fmt + clippy + test
+    image: rust:1.94
-    # =============================================================================
+    commands:
-    - name: rust-fmt
+      - cargo fmt --all -- --check
      image: rust:1.94
      commands:
        - cargo fmt --all -- --check
-    - name: rust-clippy
+  - name: rust-clippy
-      image: rust:1.94
+    image: rust:1.94
-      commands:
+    commands:
-        - apt-get update && apt-get install -y --no-install-recommends \
+      - apt-get update && apt-get install -y --no-install-recommends \
-          pkg-config libssl-dev libclang-dev libgit2-dev zlib1g-dev
+        pkg-config libssl-dev libclang-dev libgit2-dev zlib1g-dev
-        - rustup component add clippy
+      - rustup component add clippy
-        - cargo clippy --workspace --all-targets -- -D warnings
+      - cargo clippy --workspace --all-targets -- -D warnings
-    - name: rust-test
+  - name: rust-test
-      image: rust:1.94
+    image: rust:1.94
-      commands:
+    commands:
-        - apt-get update && apt-get install -y --no-install-recommends \
+      - apt-get update && apt-get install -y --no-install-recommends \
-          pkg-config libssl-dev libclang-dev libgit2-dev zlib1g-dev
+        pkg-config libssl-dev libclang-dev libgit2-dev zlib1g-dev
-        - cargo test --workspace --all-features
+      - cargo test --workspace --all-features
-    # =============================================================================
+  - name: frontend-deps
-    # Stage 2: Frontend – lint + typecheck + build
+    image: node:22-alpine
-    # =============================================================================
+    commands:
-    - name: frontend-deps
+      - corepack enable
-      image: node:22-alpine
+      - corepack prepare pnpm@10 --activate
-      commands:
+      - pnpm install --frozen-lockfile
        - corepack enable
        - corepack prepare pnpm@10 --activate
        - pnpm install --frozen-lockfile
-    - name: frontend-lint
+  - name: frontend-lint
-      image: node:22-alpine
+    image: node:22-alpine
-      commands:
+    commands:
-        - pnpm lint
+      - pnpm lint
-      depends_on: [ frontend-deps ]
+    depends_on: [ frontend-deps ]
-    - name: frontend-typecheck
+  - name: frontend-typecheck
-      image: node:22-alpine
+    image: node:22-alpine
-      commands:
+    commands:
-        - pnpm tsc -b --noEmit
+      - pnpm tsc -b --noEmit
-      depends_on: [ frontend-lint ]
+    depends_on: [ frontend-lint ]
-    - name: frontend-build
+  - name: frontend-build
-      image: node:22-alpine
+    image: node:22-alpine
-      commands:
+    commands:
-        - pnpm build
+      - pnpm build
-      depends_on: [ frontend-typecheck ]
+    depends_on: [ frontend-typecheck ]
-    # =============================================================================
+  - name: docker-login
-    # Stage 3: Docker build & push
+    image: docker:latest
-    # =============================================================================
+    commands:
-    - name: docker-login
+      - docker login ${REGISTRY} --username ${DRONE_SECRET_DOCKER_USERNAME} --password-stdin <<< ${DRONE_SECRET_DOCKER_PASSWORD}
-      image: docker:latest
+    when:
-      commands:
+      status: [ success ]
        - docker login ${REGISTRY} --username ${DRONE_SECRET_DOCKER_USERNAME} --password-stdin <<< ${DRONE_SECRET_DOCKER_PASSWORD}
      when:
        status: [ success ]
-    - name: docker-build-and-push
+  - name: docker-build-and-push
-      image: docker:latest
+    image: docker:latest
-      environment:
+    environment:
-        DOCKER_BUILDKIT: "1"
+      DOCKER_BUILDKIT: "1"
-      commands:
+    commands:
-        - |
+      - |
-          TAG="${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}"
+        TAG="${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}"
-          echo "==> Building images with tag: ${TAG}"
+        echo "==> Building images with tag: ${TAG}"
-          docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/app.Dockerfile     -t ${REGISTRY}/app:${TAG}          .
+        docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/app.Dockerfile     -t ${REGISTRY}/app:${TAG}          .
-          docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/gitserver.Dockerfile -t ${REGISTRY}/gitserver:${TAG}   .
+        docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/gitserver.Dockerfile -t ${REGISTRY}/gitserver:${TAG}   .
-          docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/email-worker.Dockerfile -t ${REGISTRY}/email-worker:${TAG} .
+        docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/email-worker.Dockerfile -t ${REGISTRY}/email-worker:${TAG} .
-          docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/git-hook.Dockerfile    -t ${REGISTRY}/git-hook:${TAG}    .
+        docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/git-hook.Dockerfile    -t ${REGISTRY}/git-hook:${TAG}    .
-          docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/migrate.Dockerfile    -t ${REGISTRY}/migrate:${TAG}    .
+        docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/migrate.Dockerfile    -t ${REGISTRY}/migrate:${TAG}    .
-          docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/operator.Dockerfile   -t ${REGISTRY}/operator:${TAG}   .
+        docker build --build-arg BUILD_TARGET=${BUILD_TARGET} -f docker/operator.Dockerfile   -t ${REGISTRY}/operator:${TAG}   .
-          docker build -f docker/static.Dockerfile    -t ${REGISTRY}/static:${TAG}    .
+        docker build -f docker/static.Dockerfile    -t ${REGISTRY}/static:${TAG}    .
-          docker build -f docker/frontend.Dockerfile  -t ${REGISTRY}/frontend:${TAG}  .
+        docker build -f docker/frontend.Dockerfile  -t ${REGISTRY}/frontend:${TAG}  .
-          echo "==> Pushing images"
+        echo "==> Pushing images"
-          for svc in app gitserver email-worker git-hook migrate operator static frontend; do
+        for svc in app gitserver email-worker git-hook migrate operator static frontend; do
-            docker push ${REGISTRY}/${svc}:${TAG}
+          docker push ${REGISTRY}/${svc}:${TAG}
-          done
+        done
-          echo "==> Tagging as latest"
+        echo "==> Tagging as latest"
-          for svc in app gitserver email-worker git-hook migrate operator static frontend; do
+        for svc in app gitserver email-worker git-hook migrate operator static frontend; do
-            docker tag ${REGISTRY}/${svc}:${TAG} ${REGISTRY}/${svc}:latest
+          docker tag ${REGISTRY}/${svc}:${TAG} ${REGISTRY}/${svc}:latest
-            docker push ${REGISTRY}/${svc}:latest
+          docker push ${REGISTRY}/${svc}:latest
-          done
+        done
-          echo "==> All images pushed"
+        echo "==> All images pushed"
-      depends_on: [ docker-login, frontend-build ]
+    depends_on: [ docker-login, frontend-build ]
-      settings:
+    settings:
-        privileged: true
+      privileged: true
-      when:
+    when:
-        status: [ success ]
+      status: [ success ]
-    # =============================================================================
+  - name: prepare-kubeconfig
-    # Stage 4: Deploy to Kubernetes
+    image: alpine:latest
-    # =============================================================================
+    commands:
-    - name: prepare-kubeconfig
+      - apk add --no-cache kubectl
-      image: alpine:latest
+      - mkdir -p ~/.kube
-      commands:
+      - echo "${KUBECONFIG}" | base64 -d > ~/.kube/config
-        - apk add --no-cache kubectl
+      - chmod 600 ~/.kube/config
        - mkdir -p ~/.kube
        - echo "${KUBECONFIG}" | base64 -d > ~/.kube/config
        - chmod 600 ~/.kube/config
-    - name: create-namespace
+  - name: create-namespace
-      image: bitnami/kubectl:latest
+    image: bitnami/kubectl:latest
-      commands:
+    commands:
-        - kubectl create namespace gitdataai --dry-run=client -o yaml | kubectl apply -f -
+      - kubectl create namespace gitdataai --dry-run=client -o yaml | kubectl apply -f -
-      depends_on: [ prepare-kubeconfig ]
+    depends_on: [ prepare-kubeconfig ]
-      when:
+    when:
-        branch: [ main ]
+      branch: [ main ]
-    - name: deploy-configmap
+  - name: deploy-configmap
-      image: bitnami/kubectl:latest
+    image: bitnami/kubectl:latest
-      commands:
+    commands:
-        - kubectl apply -f deploy/configmap.yaml
+      - kubectl apply -f deploy/configmap.yaml
-      depends_on: [ create-namespace ]
+    depends_on: [ create-namespace ]
-      when:
+    when:
-        branch: [ main ]
+      branch: [ main ]
-    - name: helm-deploy
+  - name: helm-deploy
-      image: alpine/helm:latest
+    image: alpine/helm:latest
-      commands:
+    commands:
-        - apk add --no-cache curl kubectl
+      - apk add --no-cache curl kubectl
-        - curl -fsSL -o /tmp/helm.tar.gz https://get.helm.sh/helm-v3.15.0-linux-amd64.tar.gz
+      - curl -fsSL -o /tmp/helm.tar.gz https://get.helm.sh/helm-v3.15.0-linux-amd64.tar.gz
-        - tar -xzf /tmp/helm.tar.gz -C /tmp
+      - tar -xzf /tmp/helm.tar.gz -C /tmp
-        - mv /tmp/linux-amd64/helm /usr/local/bin/helm && chmod +x /usr/local/bin/helm
+      - mv /tmp/linux-amd64/helm /usr/local/bin/helm && chmod +x /usr/local/bin/helm
-        - |
+      - |
-          TAG="${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}"
+        TAG="${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}"
-          helm upgrade --install gitdata deploy/ \
+        helm upgrade --install gitdata deploy/ \
-            --namespace gitdataai \
+          --namespace gitdataai \
-            -f deploy/values.yaml \
+          -f deploy/values.yaml \
-            -f deploy/secrets.yaml \
+          -f deploy/secrets.yaml \
-            --set image.registry=${REGISTRY} \
+          --set image.registry=${REGISTRY} \
-            --set app.image.tag=${TAG} \
+          --set app.image.tag=${TAG} \
-            --set gitserver.image.tag=${TAG} \
+          --set gitserver.image.tag=${TAG} \
-            --set emailWorker.image.tag=${TAG} \
+          --set emailWorker.image.tag=${TAG} \
-            --set gitHook.image.tag=${TAG} \
+          --set gitHook.image.tag=${TAG} \
-            --set operator.image.tag=${TAG} \
+          --set operator.image.tag=${TAG} \
-            --set static.image.tag=${TAG} \
+          --set static.image.tag=${TAG} \
-            --set frontend.image.tag=${TAG} \
+          --set frontend.image.tag=${TAG} \
-            --wait \
+          --wait \
-            --timeout 5m \
+          --timeout 5m \
-            --atomic
+          --atomic
-      depends_on: [ deploy-configmap ]
+    depends_on: [ deploy-configmap ]
-      when:
+    when:
-        status: [ success ]
+      status: [ success ]
-        branch: [ main ]
+      branch: [ main ]
-    - name: verify-rollout
+  - name: verify-rollout
-      image: bitnami/kubectl:latest
+    image: bitnami/kubectl:latest
-      commands:
+    commands:
-        - kubectl rollout status deployment/gitdata-frontend -n gitdataai --timeout=300s
+      - kubectl rollout status deployment/gitdata-frontend -n gitdataai --timeout=300s
-        - kubectl rollout status deployment/gitdata-app -n gitdataai --timeout=300s
+      - kubectl rollout status deployment/gitdata-app -n gitdataai --timeout=300s
-        - kubectl rollout status deployment/gitdata-gitserver -n gitdataai --timeout=300s
+      - kubectl rollout status deployment/gitdata-gitserver -n gitdataai --timeout=300s
-        - kubectl rollout status deployment/gitdata-email-worker -n gitdataai --timeout=300s
+      - kubectl rollout status deployment/gitdata-email-worker -n gitdataai --timeout=300s
-        - kubectl rollout status deployment/gitdata-git-hook -n gitdataai --timeout=300s
+      - kubectl rollout status deployment/gitdata-git-hook -n gitdataai --timeout=300s
-      depends_on: [ helm-deploy ]
+    depends_on: [ helm-deploy ]
-      when:
+    when:
-        status: [ success ]
+      status: [ success ]
-        branch: [ main ]
+      branch: [ main ]
 # =============================================================================
 # Secrets (register via drone CLI)
 # =============================================================================
 # Harbor username
 #   drone secret add --repository <org/repo> --name drone_secret_docker_username --data <username>
 #
-#   # Harbor username for docker login
+# Harbor password
-#   drone secret add \
+#   drone secret add --repository <org/repo> --name drone_secret_docker_password --data <password>
 #     --repository <org/repo> \
 #     --name drone_secret_docker_username \
 #     --data <harbor-username>
 #
-#   # Harbor password for docker login
+# kubeconfig (base64)
-#   drone secret add \
+#   drone secret add --repository <org/repo> --name kubeconfig --data "$(cat ~/.kube/config | base64 -w 0)"
 #     --repository <org/repo> \
 #     --name drone_secret_docker_password \
 #     --data <harbor-password>
 #
-#   # kubeconfig (base64 encoded)
+# Local exec:
 #   drone secret add \
 #     --repository <org/repo> \
 #     --name kubeconfig \
 #     --data "$(cat ~/.kube/config | base64 -w 0)"
 #
 #   # Local exec (for testing):
 #   drone exec --trusted \
 #     --secret=DRONE_SECRET_DOCKER_USERNAME=<username> \
 #     --secret=DRONE_SECRET_DOCKER_PASSWORD=<password> \
 #     --secret=KUBECONFIG=$(base64 -w 0 ~/.kube/config)
 # =============================================================================