devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changed Part 2 to use Forgejo runner to clone application

Browse source
This commit is contained in:
continuist 2025-07-04 22:51:36 -04:00
parent cf402855ab
commit 7cc06431da
1 changed files with 45 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

153
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -56,10 +56,10 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy
## Quick Start ## Quick Start
1. **Set up CI/CD Linode** (Steps 1-9) 1. **Set up CI/CD Linode** (Steps 1-9)
2. **Set up Production Linode** (Steps 10-18) 2. **Set up Production Linode** (Steps 10-16)
3. **Configure SSH key exchange** (Step 16) 3. **Configure SSH key exchange** (Step 14)
4. **Set up Forgejo repository secrets** (Step 19) 4. **Set up Forgejo repository secrets** (Step 18)
5. **Test the complete pipeline** (Step 20) 5. **Test the complete pipeline** (Step 19)
## What's Included ## What's Included
@ -1320,94 +1320,9 @@ sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker PROD_SERVICE_USER sudo usermod -aG docker PROD_SERVICE_USER
``` ```
### Step 13: Configure Security ### Step 13: Configure Docker for Harbor Access
#### 13.1 Configure Firewall **Important**: The Production Linode needs to be able to pull Docker images from the Harbor registry on the CI/CD Linode.
```bash
sudo ufw --force enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 3000/tcp
sudo ufw allow 3001/tcp
```
#### 13.2 Configure Fail2ban
```bash
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
```
### Step 14: Create Application Directory
#### 14.1 Create Directory Structure
```bash
sudo mkdir -p /opt/APP_NAME
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME
```
**Note**: Replace `APP_NAME` with your actual application name. This directory name can be controlled via the `APP_NAME` secret in your Forgejo repository settings. If you set the `APP_NAME` secret to `myapp`, the deployment directory will be `/opt/myapp`.
#### 14.2 Create SSL Directory (Optional - for domain users)
```bash
sudo mkdir -p /opt/APP_NAME/nginx/ssl
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl
```
### Step 15: Clone Repository and Set Up Application Files
#### 15.1 Switch to PROD_SERVICE_USER User
```bash
sudo su - PROD_SERVICE_USER
```
#### 15.2 Clone Repository
```bash
cd /opt/APP_NAME
git clone https://your-forgejo-instance/your-username/APP_NAME.git .
```
**Important**: The repository includes a pre-configured `nginx/nginx.conf` file that handles both SSL and non-SSL scenarios, with proper security headers, rate limiting, and CORS configuration. This file will be automatically used by the Docker Compose setup.
**Important**: The repository also includes a pre-configured `.forgejo/workflows/ci.yml` file that handles the complete CI/CD pipeline including testing, building, and deployment. This workflow is already set up to work with the private registry and production deployment.
**Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path.
#### 15.3 Create Environment File
The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file:
```bash
cat > /opt/APP_NAME/.env << 'EOF'
# Production Environment Variables
POSTGRES_PASSWORD=your_secure_password_here
REGISTRY=YOUR_CI_CD_IP:8080
IMAGE_NAME=APP_NAME
IMAGE_TAG=latest
# Database Configuration
POSTGRES_DB=sharenet
POSTGRES_USER=sharenet
DATABASE_URL=postgresql://sharenet:your_secure_password_here@postgres:5432/sharenet
# Application Configuration
NODE_ENV=production
RUST_LOG=info
RUST_BACKTRACE=1
EOF
```
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password.
#### 15.4 Configure Docker for Harbor Access
```bash ```bash
# Add the CI/CD Harbor registry to Docker's insecure registries # Add the CI/CD Harbor registry to Docker's insecure registries
@ -1424,9 +1339,9 @@ sudo systemctl restart docker
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
### Step 16: Set Up SSH Key Authentication ### Step 14: Set Up SSH Key Authentication
#### 16.1 Add CI/CD Public Key #### 14.1 Add CI/CD Public Key
```bash ```bash
# Create .ssh directory for PROD_SERVICE_USER # Create .ssh directory for PROD_SERVICE_USER
@ -1440,7 +1355,7 @@ chmod 600 ~/.ssh/authorized_keys
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode). **Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
#### 16.2 Test SSH Connection #### 14.2 Test SSH Connection
From the CI/CD Linode, test the SSH connection: From the CI/CD Linode, test the SSH connection:
@ -1450,11 +1365,11 @@ ssh production
**Expected output**: You should be able to SSH to the production server without a password prompt. **Expected output**: You should be able to SSH to the production server without a password prompt.
### Step 17: Set Up Forgejo Runner for Production Deployment ### Step 15: Set Up Forgejo Runner for Production Deployment
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
#### 17.1 Install Forgejo Runner #### 15.1 Install Forgejo Runner
```bash ```bash
# Download the latest Forgejo runner # Download the latest Forgejo runner
@ -1470,7 +1385,7 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner
forgejo-runner --version forgejo-runner --version
``` ```
#### 17.2 Set Up Runner Directory for PROD_SERVICE_USER #### 15.2 Set Up Runner Directory for PROD_SERVICE_USER
```bash ```bash
# Create runner directory owned by PROD_SERVICE_USER # Create runner directory owned by PROD_SERVICE_USER
@ -1478,14 +1393,14 @@ sudo mkdir -p /opt/forgejo-runner
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner
``` ```
#### 17.3 Get Registration Token #### 15.3 Get Registration Token
1. Go to your Forgejo repository 1. Go to your Forgejo repository
2. Navigate to **Settings → Actions → Runners** 2. Navigate to **Settings → Actions → Runners**
3. Click **"New runner"** 3. Click **"New runner"**
4. Copy the registration token 4. Copy the registration token
#### 17.4 Register the Production Runner #### 15.4 Register the Production Runner
```bash ```bash
# Switch to PROD_SERVICE_USER # Switch to PROD_SERVICE_USER
@ -1505,9 +1420,9 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner
sudo chmod 600 /opt/forgejo-runner/.runner sudo chmod 600 /opt/forgejo-runner/.runner
``` ```
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 17.3. **Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 15.3.
#### 17.5 Create Systemd Service #### 15.5 Create Systemd Service
```bash ```bash
# Create systemd service file # Create systemd service file
@ -1538,7 +1453,7 @@ sudo systemctl start forgejo-runner.service
sudo systemctl status forgejo-runner.service sudo systemctl status forgejo-runner.service
``` ```
#### 17.6 Test Runner Configuration #### 15.6 Test Runner Configuration
```bash ```bash
# Check if the runner is running # Check if the runner is running
@ -1565,7 +1480,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
The production runner will automatically handle the deployment process when you push to the main branch. The production runner will automatically handle the deployment process when you push to the main branch.
#### 17.7 Understanding the Production Docker Compose Setup #### 15.7 Understanding the Production Docker Compose Setup
The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups: The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups:
@ -1590,16 +1505,38 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
4. Waits for all services to be healthy 4. Waits for all services to be healthy
5. Verifies the deployment was successful 5. Verifies the deployment was successful
### Step 18: Test Production Setup ### Step 16: Configure Security
#### 18.1 Test Docker Installation #### 16.1 Configure Firewall
```bash
sudo ufw --force enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 3000/tcp
sudo ufw allow 3001/tcp
```
#### 16.2 Configure Fail2ban
```bash
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
```
### Step 17: Test Production Setup
#### 17.1 Test Docker Installation
```bash ```bash
docker --version docker --version
docker compose --version docker compose --version
``` ```
#### 18.2 Test Harbor Access #### 17.2 Test Harbor Access
```bash ```bash
# Test pulling an image from the CI/CD Harbor registry # Test pulling an image from the CI/CD Harbor registry
@ -1608,14 +1545,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
#### 18.3 Test Application Deployment #### 17.3 Test Application Deployment
```bash ```bash
cd /opt/APP_NAME cd /opt/APP_NAME
docker compose up -d docker compose up -d
``` ```
#### 18.4 Verify Application Status #### 17.4 Verify Application Status
```bash ```bash
docker compose ps docker compose ps