diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md index aa2dcca..f033908 100644 --- a/CI_CD_PIPELINE_SETUP_GUIDE.md +++ b/CI_CD_PIPELINE_SETUP_GUIDE.md @@ -56,10 +56,9 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy ## Quick Start 1. **Set up CI/CD Linode** (Steps 1-9) -2. **Set up Production Linode** (Steps 10-16) -3. **Configure SSH key exchange** (Step 14) -4. **Set up Forgejo repository secrets** (Step 18) -5. **Test the complete pipeline** (Step 19) +2. **Set up Production Linode** (Steps 10-15) +3. **Set up Forgejo repository secrets** (Step 17) +4. **Test the complete pipeline** (Step 18) ## What's Included @@ -1339,37 +1338,11 @@ sudo systemctl restart docker **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. -### Step 14: Set Up SSH Key Authentication - -#### 14.1 Add CI/CD Public Key - -```bash -# Create .ssh directory for PROD_SERVICE_USER -mkdir -p ~/.ssh -chmod 700 ~/.ssh - -# Add the CI/CD public key (copy from CI/CD Linode) -echo "YOUR_CI_CD_PUBLIC_KEY" >> ~/.ssh/authorized_keys -chmod 600 ~/.ssh/authorized_keys -``` - -**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode). - -#### 14.2 Test SSH Connection - -From the CI/CD Linode, test the SSH connection: - -```bash -ssh production -``` - -**Expected output**: You should be able to SSH to the production server without a password prompt. - -### Step 15: Set Up Forgejo Runner for Production Deployment +### Step 14: Set Up Forgejo Runner for Production Deployment **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. -#### 15.1 Install Forgejo Runner +#### 14.1 Install Forgejo Runner ```bash # Download the latest Forgejo runner @@ -1385,7 +1358,7 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner forgejo-runner --version ``` -#### 15.2 Set Up Runner Directory for PROD_SERVICE_USER +#### 14.2 Set Up Runner Directory for PROD_SERVICE_USER ```bash # Create runner directory owned by PROD_SERVICE_USER @@ -1393,14 +1366,14 @@ sudo mkdir -p /opt/forgejo-runner sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner ``` -#### 15.3 Get Registration Token +#### 14.3 Get Registration Token 1. Go to your Forgejo repository 2. Navigate to **Settings → Actions → Runners** 3. Click **"New runner"** 4. Copy the registration token -#### 15.4 Register the Production Runner +#### 14.4 Register the Production Runner ```bash # Switch to PROD_SERVICE_USER @@ -1420,9 +1393,9 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner sudo chmod 600 /opt/forgejo-runner/.runner ``` -**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 15.3. +**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 14.3. -#### 15.5 Create Systemd Service +#### 14.5 Create Systemd Service ```bash # Create systemd service file @@ -1453,7 +1426,7 @@ sudo systemctl start forgejo-runner.service sudo systemctl status forgejo-runner.service ``` -#### 15.6 Test Runner Configuration +#### 14.6 Test Runner Configuration ```bash # Check if the runner is running @@ -1480,7 +1453,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager The production runner will automatically handle the deployment process when you push to the main branch. -#### 15.7 Understanding the Production Docker Compose Setup +#### 14.7 Understanding the Production Docker Compose Setup The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups: @@ -1505,9 +1478,9 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo 4. Waits for all services to be healthy 5. Verifies the deployment was successful -### Step 16: Configure Security +### Step 15: Configure Security -#### 16.1 Configure Firewall +#### 15.1 Configure Firewall ```bash sudo ufw --force enable @@ -1520,23 +1493,23 @@ sudo ufw allow 3000/tcp sudo ufw allow 3001/tcp ``` -#### 16.2 Configure Fail2ban +#### 15.2 Configure Fail2ban ```bash sudo systemctl enable fail2ban sudo systemctl start fail2ban ``` -### Step 17: Test Production Setup +### Step 16: Test Production Setup -#### 17.1 Test Docker Installation +#### 16.1 Test Docker Installation ```bash docker --version docker compose --version ``` -#### 17.2 Test Harbor Access +#### 16.2 Test Harbor Access ```bash # Test pulling an image from the CI/CD Harbor registry @@ -1545,14 +1518,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. -#### 17.3 Test Application Deployment +#### 16.3 Test Application Deployment ```bash cd /opt/APP_NAME docker compose up -d ``` -#### 17.4 Verify Application Status +#### 16.4 Verify Application Status ```bash docker compose ps