devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove unneeded SSH setup step

Browse source
This commit is contained in:
continuist 2025-07-04 22:57:27 -04:00
parent 7cc06431da
commit 3fc060bb64
1 changed files with 20 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -56,10 +56,9 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy
## Quick Start ## Quick Start
1. **Set up CI/CD Linode** (Steps 1-9) 1. **Set up CI/CD Linode** (Steps 1-9)
2. **Set up Production Linode** (Steps 10-16) 2. **Set up Production Linode** (Steps 10-15)
3. **Configure SSH key exchange** (Step 14) 3. **Set up Forgejo repository secrets** (Step 17)
4. **Set up Forgejo repository secrets** (Step 18) 4. **Test the complete pipeline** (Step 18)
5. **Test the complete pipeline** (Step 19)
## What's Included ## What's Included
@ -1339,37 +1338,11 @@ sudo systemctl restart docker
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
### Step 14: Set Up SSH Key Authentication ### Step 14: Set Up Forgejo Runner for Production Deployment
#### 14.1 Add CI/CD Public Key
```bash
# Create .ssh directory for PROD_SERVICE_USER
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# Add the CI/CD public key (copy from CI/CD Linode)
echo "YOUR_CI_CD_PUBLIC_KEY" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
```
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
#### 14.2 Test SSH Connection
From the CI/CD Linode, test the SSH connection:
```bash
ssh production
```
**Expected output**: You should be able to SSH to the production server without a password prompt.
### Step 15: Set Up Forgejo Runner for Production Deployment
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
#### 15.1 Install Forgejo Runner #### 14.1 Install Forgejo Runner
```bash ```bash
# Download the latest Forgejo runner # Download the latest Forgejo runner
@ -1385,7 +1358,7 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner
forgejo-runner --version forgejo-runner --version
``` ```
#### 15.2 Set Up Runner Directory for PROD_SERVICE_USER #### 14.2 Set Up Runner Directory for PROD_SERVICE_USER
```bash ```bash
# Create runner directory owned by PROD_SERVICE_USER # Create runner directory owned by PROD_SERVICE_USER
@ -1393,14 +1366,14 @@ sudo mkdir -p /opt/forgejo-runner
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner
``` ```
#### 15.3 Get Registration Token #### 14.3 Get Registration Token
1. Go to your Forgejo repository 1. Go to your Forgejo repository
2. Navigate to **Settings → Actions → Runners** 2. Navigate to **Settings → Actions → Runners**
3. Click **"New runner"** 3. Click **"New runner"**
4. Copy the registration token 4. Copy the registration token
#### 15.4 Register the Production Runner #### 14.4 Register the Production Runner
```bash ```bash
# Switch to PROD_SERVICE_USER # Switch to PROD_SERVICE_USER
@ -1420,9 +1393,9 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner
sudo chmod 600 /opt/forgejo-runner/.runner sudo chmod 600 /opt/forgejo-runner/.runner
``` ```
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 15.3. **Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 14.3.
#### 15.5 Create Systemd Service #### 14.5 Create Systemd Service
```bash ```bash
# Create systemd service file # Create systemd service file
@ -1453,7 +1426,7 @@ sudo systemctl start forgejo-runner.service
sudo systemctl status forgejo-runner.service sudo systemctl status forgejo-runner.service
``` ```
#### 15.6 Test Runner Configuration #### 14.6 Test Runner Configuration
```bash ```bash
# Check if the runner is running # Check if the runner is running
@ -1480,7 +1453,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
The production runner will automatically handle the deployment process when you push to the main branch. The production runner will automatically handle the deployment process when you push to the main branch.
#### 15.7 Understanding the Production Docker Compose Setup #### 14.7 Understanding the Production Docker Compose Setup
The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups: The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups:
@ -1505,9 +1478,9 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
4. Waits for all services to be healthy 4. Waits for all services to be healthy
5. Verifies the deployment was successful 5. Verifies the deployment was successful
### Step 16: Configure Security ### Step 15: Configure Security
#### 16.1 Configure Firewall #### 15.1 Configure Firewall
```bash ```bash
sudo ufw --force enable sudo ufw --force enable
@ -1520,23 +1493,23 @@ sudo ufw allow 3000/tcp
sudo ufw allow 3001/tcp sudo ufw allow 3001/tcp
``` ```
#### 16.2 Configure Fail2ban #### 15.2 Configure Fail2ban
```bash ```bash
sudo systemctl enable fail2ban sudo systemctl enable fail2ban
sudo systemctl start fail2ban sudo systemctl start fail2ban
``` ```
### Step 17: Test Production Setup ### Step 16: Test Production Setup
#### 17.1 Test Docker Installation #### 16.1 Test Docker Installation
```bash ```bash
docker --version docker --version
docker compose --version docker compose --version
``` ```
#### 17.2 Test Harbor Access #### 16.2 Test Harbor Access
```bash ```bash
# Test pulling an image from the CI/CD Harbor registry # Test pulling an image from the CI/CD Harbor registry
@ -1545,14 +1518,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
#### 17.3 Test Application Deployment #### 16.3 Test Application Deployment
```bash ```bash
cd /opt/APP_NAME cd /opt/APP_NAME
docker compose up -d docker compose up -d
``` ```
#### 17.4 Verify Application Status #### 16.4 Verify Application Status
```bash ```bash
docker compose ps docker compose ps