From 7c3bc54b0eb7b11a5026133971a5e7d7f9d2e36b Mon Sep 17 00:00:00 2001 From: continuist Date: Sat, 28 Jun 2025 22:31:47 -0400 Subject: [PATCH] Refactor Step 5 and use correct user --- CI_CD_PIPELINE_SETUP_GUIDE.md | 39 ++++------------------------------- 1 file changed, 4 insertions(+), 35 deletions(-) diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md index de85a77..936b647 100644 --- a/CI_CD_PIPELINE_SETUP_GUIDE.md +++ b/CI_CD_PIPELINE_SETUP_GUIDE.md @@ -421,9 +421,6 @@ sudo chown -R SERVICE_USER:SERVICE_USER APP_NAME/ # Verify the registry folder exists ls -la /opt/APP_NAME/registry/ - -# Exit DEPLOY_USER shell -exit ``` **Important**: Replace `your-forgejo-instance`, `your-username`, and `APP_NAME` with your actual Forgejo instance URL, username, and application name. @@ -467,9 +464,6 @@ sudo chown SERVICE_USER:SERVICE_USER /opt/registry #### 5.2 Generate SSL Certificates ```bash -# Switch to SERVICE_USER (registry directory owner) -sudo su - SERVICE_USER - # Create system SSL directory for registry certificates sudo mkdir -p /etc/ssl/registry @@ -483,9 +477,6 @@ sudo openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/registry/registry.key - # Set proper permissions sudo chmod 600 /etc/ssl/registry/registry.key sudo chmod 644 /etc/ssl/registry/registry.crt - -# Exit SERVICE_USER shell -exit ``` **Important**: The certificate is now generated in the system SSL directory `/etc/ssl/registry/` with your actual CI/CD Linode IP address automatically. @@ -493,18 +484,12 @@ exit #### 5.3 Create Authentication File ```bash -# Switch to SERVICE_USER (registry directory owner) -sudo su - SERVICE_USER - # Create system auth directory for registry authentication sudo mkdir -p /etc/registry/auth # Create htpasswd file for authentication (required for push operations only) sudo htpasswd -Bbn push-user "$(openssl rand -base64 32)" > /tmp/auth.htpasswd sudo mv /tmp/auth.htpasswd /etc/registry/auth/auth.htpasswd - -# Exit SERVICE_USER shell -exit ``` **What this does**: Creates user credentials for registry authentication in the system auth directory. @@ -512,23 +497,7 @@ exit **Note**: Pull operations are public and don't require authentication, but push operations require these credentials. -#### 5.4 Create Docker Compose for Registry - -```bash -# Switch to SERVICE_USER (registry directory owner) -sudo su - SERVICE_USER - -# The registry configuration files are already available in the cloned repository -# at /opt/APP_NAME/registry/ -# No file copying is needed - we'll use the files directly from the repository - -# Exit SERVICE_USER shell -exit -``` - -**Important**: The repository should be cloned in the previous step (3.1) to `/opt/APP_NAME/`. The registry configuration files are used directly from the repository. - -#### 5.5 Update Configuration with Actual IP Address +#### 5.4 Update Configuration with Actual IP Address ```bash # Switch to SERVICE_USER (registry directory owner) @@ -550,14 +519,14 @@ exit **Important**: This step replaces all instances of `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address in both the docker-compose.yml and nginx.conf files in the repository. -#### 5.6 Install Required Tools +#### 5.5 Install Required Tools ```bash # Install htpasswd utility sudo apt install -y apache2-utils ``` -#### 5.7 Start Registry +#### 5.6 Start Registry ```bash # Switch to SERVICE_USER (registry directory owner) @@ -570,7 +539,7 @@ docker compose up -d exit ``` -#### 5.8 Test Registry Setup +#### 5.7 Test Registry Setup ```bash # Check if containers are running