testcicd/.drone.yml

kind: pipeline
name: default

# 内置变量，通知用
# https://docs.drone.io/pipeline/environment/reference/
# dingtalk 官方文档： https://open.dingtalk.com/document/orgapp/enterprise-internal-robots-send-markdown-messages


# type: ssh     # 定义流水线类型，还有kubernetes、exec、docker等类型

#server:
#  host: 127.0.0.1
#  user: root
#  password:
#    from_secret: passwdlocal       # 可以在你的drone web界面设置里进行设置，这儿直接引用

# 用的是树莓派所以架构要用arm64 正常 platform 这项就不用写了
#platform:
#  os: linux
#  arch: amd64

# 指定运行 runner，不需要
# node:
#   name: pi-runner

clone:
  depth: 1         # 定义git克隆的深度，这里只需要完整的克隆项目就行，之前的提交并不需要去克隆
  disable: false
  
# CICD 常用插件说明 https://notes.lzwang.ltd/DevOps/CICD/drone_plugin_review/
#  远程与运维¶
#  git clone 仓库（默认启用）: Drone Plugins - Git
#  执行 git push 到指定仓库: Drone Plugins - Git Push
#  执行 Ansible Playbook: Drone Plugins - Ansible
#  SSH登录到远程主机: Drone Plugins - SSH
#    制品上传下载与签名¶
#  对制品进行GPG签名: Drone Plugins - GPG Sign
#  上传制品到WebDAV服务器上: Drone Plugins - WebDAV
#  上传制品到FTP服务器上: Drone Plugins - FTP(S)
#  上传制品到SCP服务器上: Drone Plugins - SCP
#  下载文件到本地用于此次构建: Drone Plugins - Download
#    发布¶
#  推送文件到Codecov进行覆盖率检查: Drone Plugins - Codecov
#  发布镜像到Docker Registry: (1) Drone Plugins - Docker (2) Drone Plugins - Drone Buildah
#  发布npm包到指定registry: Drone Plugins - NPM
#  发布Python包到PyPi: Drone Plugins - PyPI
#    GitHub相关¶
#  发布静态页面到GitHub: Drone Plugins - GitHub Pages
#  发布新的Release到GitHub: Drone Plugins - Github Release
#  生成ChangeLog: Drone Plugins - Github-changelog-generator
#  发布Comment到GitHub的Pull Request: Drone Plugins - Github Comment
#    Gitea相关¶
#  发布新的Release到Gitea: Drone Plugins - Gitea Release
#  发布Comment到Gitea的Pull Request: Drone Plugins - Gitea Comment
#    触发其他构建¶
#  触发一组Drone下游构建: Drone Plugins - Downstream Build
#  触发CircleCI构建: Drone Plugins - CircleCI
#  触发GitlabCI构建: Drone Plugins - Gitlab-CI
#  触发Jenkins构建: Drone Plugins - Jenkins
#    消息通知¶
#  发送Webhook消息: Drone Plugins - Webhook
#  发送微信消息通知: Drone Plugins - Wechat
#  发送企业微信消息通知: Drone Plugins - Wechat for Work
#  发送邮件通知: Drone Plugins - Email
#  发送丁丁消息通知: Drone Plugins - DingTalk
#  发送及时达推送给微信用户通知: Drone Plugins - InstantAccess(即时达)
#  发送Telegram消息通知: Drone Plugins - Telegram
#    其他¶
#  同步豆瓣标记的数据到csv、json或者Notion数据库: Drone Plugins - Doumark
#    相关工具链¶
#    Testspace¶
#  云托管测试: Test Management Software - Testspace
#  在Drone中配置: CI/CD Support | Testspace
#    Codecov¶
#  覆盖率检测: Codecov - The Leading Code Coverage Solution
#  在Drone中配置: Drone Plugins - Codecov
#    Badge¶
#  自定义Badge: Shields.io: Quality metadata badges for open source projects
#    参考¶
#  Drone一直卡在pending状态FAQ: Builds are Stuck in Pending Status - FAQ - Drone
#  Drone插件市场: Drone Plugins
#  插件开发: Overview | Drone

#######################################################
###### steps ： https://drone.cool/pipeline/docker/syntax/steps/
#######################################################
# step为执行的步骤，drone的步骤每一步都是使用临时docker的容器来实现的，每一步docker容器执行完会被自动销毁，所以本配置中的第一个用的是docker的ssh镜像，可以用来执行指定容器的命令。settings中配置了ssh要登录的host、username等，由于我们把username的信息放入drone来配置，这样保证了这些敏感字段的安全
#- name: run-python
#  image: appleboy/drone-ssh
#  settings:
#    host: 192.168.1.246
#    username:
#      from_secret: pi_user
#    password:
#      from_secret: pi_password
#    port: 22
#    environment:
#      GOOS: linux
#    command_timeout: 5m
#    script:
#      - echo success
#      - cd /buildCache
#      - chmod 777 run.sh
#      - bash run.sh
# 条件
#  when:
#    branch:
#    - master
#  when:
#    status:
#    - failure
#    - success
#   failure: ignore 失败后如何？
#failure: ""
#failure: "fail"
#failure: "fail-fast"
#failure: "fast"
#failure: "always" # 
#failure: "ignore" # 单个失败，不影响整个 pipline
# 
#  detach: true # 后台异步执行，并且忽略其结果
#
# privileged: true 给容器赋予访问主机权限
#
# 任意阶段任意命令返回非0，则全部按照失败终止

#######################################################
###### service ： https://drone.cool/pipeline/docker/syntax/services/
#######################################################


#######################################################
###### plugins ： https://plugins.drone.io/
#######################################################

# 比如单侧单独用 redis，这里可以异步起动一个服务，pipline完成后关闭
#steps:
#- name: ping
#  image: redis
#  commands:
#  - redis-cli -h cache ping

#services:
#- name: cache
#  image: redis

##################################### 编译 ##################################

steps:    
- name: 编译
  image: maven:3-jdk-11
  pull: if-not-exists
  volumes:
  - name: mvnCache
    path: /root/.m2  
  commands:
  - mvn compile -DskipTests=true -Dmaven.javadoc.skip=true -B -V
  - echo 'STATUS ALL FINISHED!'
  
#  - echo 'STATUS mvn package FINISHED!'
#  - cp xxxxx.jar unionbuildCache
#  - cp Dockerfile ...
#  - cp run.sh build/run.sh


#- name: build-java-app
#  image: docker.io/kameshsampath/drone-java-maven-plugin:v1.0.0
#  pull: if-not-exists

##################################### quality ##################################
# Sonar 代码质量，包含 FindBugs、PMD等

# Fortity 代码安全扫描 收费

# pom 漏洞扫描
# SonarQube https://github.com/mibexsoftware/sonar-bitbucket-plugin
# OWASP ZAP
# Brakeman
# CodeClimate
# Coverity
# Klocwork
# PMD
# SonarLint
# FindBugs 官网 15年停更
# 代码规范：Alibaba Java Coding Guidelines、checkStyle



# https://juejin.cn/post/6844904018297225224
#- name: sonar-scan
#    image: newtmitch/sonar-scanner:4.0.0-alpine
#    environment:
#    SONAR_TOKEN:
#    from_secret: sonar_token
#    GITHUB_ACCESS_TOKEN_FOR_SONARQUBE:
#    from_secret: github_access_token_for_sonarqube
#    commands:
#      - >
#    sonar-scanner
#    -Dsonar.host.url=https://sonarqube.company-beta.com/
#    -Dsonar.login=?SONAR_TOKEN
#    -Dsonar.projectKey=smcp-service-BE
#    -Dsonar.projectName=smcp-service-BE
#    -Dsonar.projectVersion=${DRONE_BUILD_NUMBER}
#    -Dsonar.sources=src/main/java
#    -Dsonar.tests=src/test/java
#    -Dsonar.language=java
#    -Dsonar.java.coveragePlugin=jacoco
#    -Dsonar.modules=smcp-api,smcp-web
#    -Dsonar.java.binaries=target
#    -Dsonar.projectBaseDir=.
#    -Dsonar.analysis.mode=preview
#    -Dsonar.github.repository=Today_Group/SMCP-Service
#    -Dsonar.github.oauth=?GITHUB_ACCESS_TOKEN_FOR_SONARQUBE
#    -Dsonar.github.pullRequest=${DRONE_PULL_REQUEST}
#    -Dsonar.github.disableInlineComments=false
#    when:
#    event:
#      - pull_request
#    branch:
#      - develop
#      
#      # post sonarscan result back to git PR (not in preview mode)
#      - name: sonar-scan-feedback
#    image: newtmitch/sonar-scanner:4.0.0-alpine
#    environment:
#    SONAR_TOKEN:
#    from_secret: sonar_token
#    GITHUB_ACCESS_TOKEN_FOR_SONARQUBE:
#    from_secret: github_access_token_for_sonarqube
#    commands:
#      - >
#    sonar-scanner
#    -Dsonar.host.url=https://sonarqube.company-beta.com/
#    -Dsonar.login=?SONAR_TOKEN
#    -Dsonar.projectKey=smcp-service-BE
#    -Dsonar.projectName=smcp-service-BE
#    -Dsonar.projectVersion=${DRONE_BUILD_NUMBER}
#    -Dsonar.sources=src/main/java
#    -Dsonar.tests=src/test/java
#    -Dsonar.language=java
#    -Dsonar.java.coveragePlugin=jacoco
#    -Dsonar.modules=smcp-api,smcp-web
#    -Dsonar.java.binaries=target
#    -Dsonar.projectBaseDir=.
#    -Dsonar.analysis.gitRepo=Today_Group/SMCP-Service
#    -Dsonar.analysis.pullRequest=${DRONE_PULL_REQUEST}
#    when:
#    event:
#      - pull_request
#    branch:
#      - develop
##################################### NOTIFY ####################################

---
kind: pipeline
type: docker
name: notify

# 以下内容不再需要clone代码
clone:
  disable: true

steps:
- name: 钉钉通知
  image: guoxudongdocker/drone-dingtalk
  settings:
    token: 178f267b9b16b168e0a0afb223b3d41f3a58e62180ab5288aa576db02965dd72
    type: markdown  
#5f6c32b36e771df227b1ccb8898325158e12d851ae61982d1ec225a1aa58e251

- name: dingtalk
  image: lddsb/drone-dingtalk-message
  settings:
    token: 178f267b9b16b168e0a0afb223b3d41f3a58e62180ab5288aa576db02965dd72
    type: markdown
    success_color: 008000
    failure_color: FF0000
    success_pic: http://82.157.141.169:16666/avatars/1
    msg_at_mobiles: 15858193327
    
- name: email-notify
  image: drillster/drone-email
  settings:
    # true 只发送给指定邮件收件人  false: 只发给流水线触发人
    recipients_only: true
    recipients:
      from_secret: email_sender
    subject: "Drone build: [{{ build.status }}] {{ repo.name }} ({{ repo.branch }}) #{{ build.number }}"
    host: smtp.qq.com
    port: 465
    username: 
      from_secret: email_sender
    password: 
      from_secret: email_pwd
    from: 
      from_secret: email_sender
    
    
- name: wechat notify
  image: lizheming/drone-wechat
  settings:
    corpid: ww01cb42e24566126d
    corp_secret: un_CtWqThxc11MKWPK5SNWsFEgU9MkI7MIjvyvV9KjA
    agent_id: 1000002
    to_tag: ${DRONE_REPO_NAME}
    msg_url: ${DRONE_BUILD_LINK}
    safe: 1
    btn_txt: more
    title: ${DRONE_REPO_NAME}
    message: >
      {%if success %}
        build {{build.number}} succeeded. Good job.
      {% else %}
        build {{build.number}} failed. Fix me please.
      {% endif %}

- name: wechat
  image: clem109/drone-wechat
  settings:
    corpid: ww01cb42e24566126d
    corp_secret: un_CtWqThxc11MKWPK5SNWsFEgU9MkI7MIjvyvV9KjA
    agent_id: 1000002
    title: ${DRONE_REPO_NAME}
    description: "Build Number: ${DRONE_BUILD_NUMBER} failed. ${DRONE_COMMIT_AUTHOR} please fix. Check the results here: ${DRONE_BUILD_LINK} "
    msg_url: ${DRONE_BUILD_LINK}
    btn_txt: bt
    
#- name: webhook
#  image: plugins/webhook
#  settings:
#    username: myusername
#    password: mypassword
#    urls: https://oapi.dingtalk.com/robot/send?access_token=
#    content_type: application/json
#    template: |
#        {
#          "msgtype": "markdown",
#          "markdown": {
#              "content": "{{#success build.status}}✅{{else}}❌{{/success}}**{{ repo.owner }}/{{ repo.name }}** (Build #{{build.number}})\n
#                          >**构建结果**: {{ build.status }}
#                          >**构建详情**: [点击查看]({{ build.link }})
#                          >**代码分支**: {{ build.branch }}
#                          >**提交标识**: {{ build.commit }}
#                          >**提交发起**: {{ build.author }}
#                          >**提交信息**: {{ build.message }}
#        "
#          }
#        }
    
volumes:
- name: mvnCache
  host:
    path: /tmp/cache/.m2

trigger:
  branch:
  - master    
  event:
  - push
  
# 构建完了在执行通知
depends_on: [default]