From 9c1982e6e875c36d404f032906f6356bb8c2a4ba Mon Sep 17 00:00:00 2001
From: "oleg.vodyanov91@gmail.com" <oleg.vodyanov91@gmail.com>
Date: Sun, 26 Oct 2025 15:52:54 +0400
Subject: [PATCH] add jenkins pipeline

---
 pipelines/docbot | 69 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 pipelines/docbot

diff --git a/pipelines/docbot b/pipelines/docbot
new file mode 100644
index 0000000..6e50b59
--- /dev/null
+++ b/pipelines/docbot
@@ -0,0 +1,69 @@
+pipeline {
+  agent { label 'docker' }
+  environment {
+    DOCKER_BUILDKIT = '1'
+    IMAGE_NAME = 'registry.myinstalink.ru/docbot'
+  }
+  stages {
+    stage('Checkout'){ 
+        steps { checkout scm } 
+    }
+    stage('Lint/Test/Sec'){
+      agent { docker { image 'python:3.12-slim' args '-u root' } }
+      steps {
+        sh '''
+          apt-get update && apt-get install -y build-essential libpq-dev curl jq
+          pip install -U pip poetry safety bandit
+          poetry install --no-interaction --no-root
+          poetry run ruff check .
+          poetry run mypy src
+          poetry run pytest -q --maxfail=1 --disable-warnings
+          poetry export -f requirements.txt | safety check --stdin || true
+        '''
+      }
+    }
+    stage('Build & Push'){
+      steps {
+        script {
+          def sha = sh(returnStdout: true, script: 'git rev-parse --short HEAD').trim()
+          def tag = (env.GIT_BRANCH == 'origin/main') ? "main-${sha}" : "dev-${sha}"
+          sh """
+            echo ${REGISTRY_PASS} | docker login registry.myinstalink.ru -u ${REGISTRY_USER} --password-stdin
+            docker build --target runtime -t ${IMAGE_NAME}:${tag} -t ${IMAGE_NAME}:latest .
+            docker push ${IMAGE_NAME}:${tag}
+            docker push ${IMAGE_NAME}:latest
+          """
+        }
+      }
+    }
+    stage('Deploy Dev'){ when { branch 'develop' }
+      steps {
+        sh '''
+          ssh -o StrictHostKeyChecking=no deploy@dev-host \
+            "docker pull ${IMAGE_NAME}:latest && docker compose -f /srv/docbot/docker-compose.dev.yml up -d --remove-orphans"
+        '''
+      }
+    }
+    stage('Deploy Prod'){ when { buildingTag() }
+      steps {
+        sh '''
+          ssh -o StrictHostKeyChecking=no deploy@prod-host '
+            set -euo pipefail
+            ACTIVE=$(readlink /srv/docbot/current || true)
+            TARGET=$([ "$ACTIVE" = "/srv/docbot/blue" ] && echo "green" || echo "blue")
+            docker pull ${IMAGE_NAME}:${GIT_TAG_NAME}
+            sed -e "s|__IMAGE__|${IMAGE_NAME}:${GIT_TAG_NAME}|g" /srv/docbot/${TARGET}/docker-compose.prod.yml.tpl > /srv/docbot/${TARGET}/docker-compose.prod.yml
+            docker compose -f /srv/docbot/${TARGET}/docker-compose.prod.yml up -d --remove-orphans
+            docker compose -f /srv/docbot/${TARGET}/docker-compose.prod.yml run --rm app alembic upgrade head
+            curl -fsS http://127.0.0.1:8080/healthz
+            ln -sfn /srv/docbot/${TARGET} /srv/docbot/current
+            systemctl reload nginx || true
+          '
+        '''
+      }
+    }
+  }
+  post {
+    always { junit 'reports/**/*.xml'; }
+  }
+}