From 833448d4f55fbeb917071469aa7346844b788860 Mon Sep 17 00:00:00 2001 From: continuist Date: Fri, 4 Jul 2025 16:02:56 -0400 Subject: [PATCH] Remove unnecessary Step --- CI_CD_PIPELINE_SETUP_GUIDE.md | 72 +++++++++-------------------------- 1 file changed, 19 insertions(+), 53 deletions(-) diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md index 7d316ca..f225aa1 100644 --- a/CI_CD_PIPELINE_SETUP_GUIDE.md +++ b/CI_CD_PIPELINE_SETUP_GUIDE.md @@ -739,41 +739,7 @@ exit - ✅ Unauthorized push is blocked - ✅ Web UI accessible at `https://YOUR_CI_CD_IP` -### Step 6: Set Up SSH for Production Communication - -#### 6.1 Generate SSH Key Pair - -**Important**: Run this command as the **CI_SERVICE_USER** (not root or CI_DEPLOY_USER). The CI_SERVICE_USER runs the CI pipeline and needs to SSH to the production server for automated deployments. - -```bash -ssh-keygen -t ed25519 -C "CI_SERVICE_USER" -f ~/.ssh/id_ed25519 -N "" -``` - -**What this does**: -- Creates an SSH key pair for secure communication between CI/CD and production servers -- The CI_SERVICE_USER uses this key to SSH to the production server for automated deployments -- The key is stored in the CI_SERVICE_USER's home directory for security - -**Security Note**: The CI_SERVICE_USER runs the CI pipeline and performs deployments, so it needs direct SSH access to the production server. This provides a clean, direct execution path without user switching. - -**Deployment Flow**: When the CI pipeline completes successfully, the CI_SERVICE_USER will automatically SSH to the production server (using this key) to pull the latest images from Harbor and deploy the application stack. - -#### 6.2 Create SSH Config - -```bash -cat > ~/.ssh/config << 'EOF' -Host production - HostName YOUR_PRODUCTION_IP - User PROD_SERVICE_USER - IdentityFile ~/.ssh/id_ed25519 - StrictHostKeyChecking no - UserKnownHostsFile /dev/null -EOF - -chmod 600 ~/.ssh/config -``` - -### Step 7: Install Forgejo Actions Runner +### Step 6: Install Forgejo Actions Runner #### 7.1 Download Runner @@ -1012,7 +978,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager - Check network: Ensure the runner can reach your Forgejo instance - Restart service: `sudo systemctl restart forgejo-runner.service` -### Step 8: Set Up Docker-in-Docker (DinD) for CI Operations +### Step 7: Set Up Docker-in-Docker (DinD) for CI Operations **Important**: This step sets up a Docker-in-Docker container that provides an isolated environment for CI/CD operations, eliminating resource contention with Harbor and simplifying cleanup. @@ -1180,7 +1146,7 @@ chmod +x scripts/monitor.sh **Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information. -### Step 9: Configure Firewall +### Step 8: Configure Firewall ```bash sudo ufw --force enable @@ -1195,7 +1161,7 @@ sudo ufw allow 443/tcp # Harbor registry (public read access) - **SSH**: Restricted to your IP addresses - **All other ports**: Blocked -### Step 10: Test CI/CD Setup +### Step 9: Test CI/CD Setup #### 10.1 Test Docker Installation @@ -1233,7 +1199,7 @@ cat ~/.ssh/id_ed25519.pub ## Part 2: Production Linode Setup -### Step 11: Initial System Setup +### Step 10: Initial System Setup #### 11.1 Update the System @@ -1294,7 +1260,7 @@ sudo apt install -y \ python3-certbot-nginx ``` -### Step 12: Create Users +### Step 11: Create Users #### 12.1 Create the PROD_SERVICE_USER User @@ -1330,7 +1296,7 @@ pwd exit ``` -### Step 13: Install Docker +### Step 12: Install Docker #### 13.1 Add Docker Repository @@ -1352,14 +1318,14 @@ sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin sudo usermod -aG docker PROD_SERVICE_USER ``` -### Step 14: Install Docker Compose +### Step 13: Install Docker Compose ```bash sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose ``` -### Step 15: Configure Security +### Step 14: Configure Security #### 15.1 Configure Firewall @@ -1381,7 +1347,7 @@ sudo systemctl enable fail2ban sudo systemctl start fail2ban ``` -### Step 16: Create Application Directory +### Step 15: Create Application Directory #### 16.1 Create Directory Structure @@ -1399,7 +1365,7 @@ sudo mkdir -p /opt/APP_NAME/nginx/ssl sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl ``` -### Step 17: Clone Repository and Set Up Application Files +### Step 16: Clone Repository and Set Up Application Files #### 17.1 Switch to PROD_SERVICE_USER User @@ -1463,7 +1429,7 @@ sudo systemctl restart docker **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. -### Step 18: Set Up SSH Key Authentication +### Step 17: Set Up SSH Key Authentication #### 18.1 Add CI/CD Public Key @@ -1489,7 +1455,7 @@ ssh production **Expected output**: You should be able to SSH to the production server without a password prompt. -### Step 19: Set Up Forgejo Runner for Production Deployment +### Step 18: Set Up Forgejo Runner for Production Deployment **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. @@ -1635,7 +1601,7 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo 4. Waits for all services to be healthy 5. Verifies the deployment was successful -### Step 20: Test Production Setup +### Step 19: Test Production Setup #### 20.1 Test Docker Installation @@ -1677,7 +1643,7 @@ curl http://localhost:3001/health ## Part 3: Final Configuration and Testing -### Step 21: Configure Forgejo Repository Secrets +### Step 20: Configure Forgejo Repository Secrets Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**: @@ -1695,7 +1661,7 @@ Go to your Forgejo repository and add these secrets in **Settings → Secrets an - `DOMAIN`: Your domain name (e.g., `example.com`) - `EMAIL`: Your email for SSL certificate notifications -### Step 22: Test Complete Pipeline +### Step 21: Test Complete Pipeline #### 22.1 Trigger a Test Build @@ -1755,7 +1721,7 @@ docker compose logs frontend 3. **Database**: Verify database connections 4. **Logs**: Check for any errors in application logs -### Step 23: Set Up SSL/TLS (Optional - Domain Users) +### Step 22: Set Up SSL/TLS (Optional - Domain Users) #### 23.1 Install SSL Certificate @@ -1781,7 +1747,7 @@ sudo crontab -e # 0 12 * * * /usr/bin/certbot renew --quiet ``` -### Step 24: Final Verification +### Step 23: Final Verification #### 24.1 Security Check @@ -1820,7 +1786,7 @@ cd /opt/APP_NAME ./scripts/backup.sh ``` -### Step 25: Documentation and Maintenance +### Step 24: Documentation and Maintenance #### 25.1 Update Documentation