devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove unnecessary Step

Browse source
This commit is contained in:
continuist 2025-07-04 16:02:56 -04:00
parent 14b6eaeffa
commit 833448d4f5
1 changed files with 19 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -739,41 +739,7 @@ exit
- ✅ Unauthorized push is blocked - ✅ Unauthorized push is blocked
- ✅ Web UI accessible at `https://YOUR_CI_CD_IP` - ✅ Web UI accessible at `https://YOUR_CI_CD_IP`
### Step 6: Set Up SSH for Production Communication ### Step 6: Install Forgejo Actions Runner
#### 6.1 Generate SSH Key Pair
**Important**: Run this command as the **CI_SERVICE_USER** (not root or CI_DEPLOY_USER). The CI_SERVICE_USER runs the CI pipeline and needs to SSH to the production server for automated deployments.
```bash
ssh-keygen -t ed25519 -C "CI_SERVICE_USER" -f ~/.ssh/id_ed25519 -N ""
```
**What this does**:
- Creates an SSH key pair for secure communication between CI/CD and production servers
- The CI_SERVICE_USER uses this key to SSH to the production server for automated deployments
- The key is stored in the CI_SERVICE_USER's home directory for security
**Security Note**: The CI_SERVICE_USER runs the CI pipeline and performs deployments, so it needs direct SSH access to the production server. This provides a clean, direct execution path without user switching.
**Deployment Flow**: When the CI pipeline completes successfully, the CI_SERVICE_USER will automatically SSH to the production server (using this key) to pull the latest images from Harbor and deploy the application stack.
#### 6.2 Create SSH Config
```bash
cat > ~/.ssh/config << 'EOF'
Host production
HostName YOUR_PRODUCTION_IP
User PROD_SERVICE_USER
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chmod 600 ~/.ssh/config
```
### Step 7: Install Forgejo Actions Runner
#### 7.1 Download Runner #### 7.1 Download Runner
@ -1012,7 +978,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
- Check network: Ensure the runner can reach your Forgejo instance - Check network: Ensure the runner can reach your Forgejo instance
- Restart service: `sudo systemctl restart forgejo-runner.service` - Restart service: `sudo systemctl restart forgejo-runner.service`
### Step 8: Set Up Docker-in-Docker (DinD) for CI Operations ### Step 7: Set Up Docker-in-Docker (DinD) for CI Operations
**Important**: This step sets up a Docker-in-Docker container that provides an isolated environment for CI/CD operations, eliminating resource contention with Harbor and simplifying cleanup. **Important**: This step sets up a Docker-in-Docker container that provides an isolated environment for CI/CD operations, eliminating resource contention with Harbor and simplifying cleanup.
@ -1180,7 +1146,7 @@ chmod +x scripts/monitor.sh
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information. **Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information.
### Step 9: Configure Firewall ### Step 8: Configure Firewall
```bash ```bash
sudo ufw --force enable sudo ufw --force enable
@ -1195,7 +1161,7 @@ sudo ufw allow 443/tcp # Harbor registry (public read access)
- **SSH**: Restricted to your IP addresses - **SSH**: Restricted to your IP addresses
- **All other ports**: Blocked - **All other ports**: Blocked
### Step 10: Test CI/CD Setup ### Step 9: Test CI/CD Setup
#### 10.1 Test Docker Installation #### 10.1 Test Docker Installation
@ -1233,7 +1199,7 @@ cat ~/.ssh/id_ed25519.pub
## Part 2: Production Linode Setup ## Part 2: Production Linode Setup
### Step 11: Initial System Setup ### Step 10: Initial System Setup
#### 11.1 Update the System #### 11.1 Update the System
@ -1294,7 +1260,7 @@ sudo apt install -y \
python3-certbot-nginx python3-certbot-nginx
``` ```
### Step 12: Create Users ### Step 11: Create Users
#### 12.1 Create the PROD_SERVICE_USER User #### 12.1 Create the PROD_SERVICE_USER User
@ -1330,7 +1296,7 @@ pwd
exit exit
``` ```
### Step 13: Install Docker ### Step 12: Install Docker
#### 13.1 Add Docker Repository #### 13.1 Add Docker Repository
@ -1352,14 +1318,14 @@ sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker PROD_SERVICE_USER sudo usermod -aG docker PROD_SERVICE_USER
``` ```
### Step 14: Install Docker Compose ### Step 13: Install Docker Compose
```bash ```bash
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose
``` ```
### Step 15: Configure Security ### Step 14: Configure Security
#### 15.1 Configure Firewall #### 15.1 Configure Firewall
@ -1381,7 +1347,7 @@ sudo systemctl enable fail2ban
sudo systemctl start fail2ban sudo systemctl start fail2ban
``` ```
### Step 16: Create Application Directory ### Step 15: Create Application Directory
#### 16.1 Create Directory Structure #### 16.1 Create Directory Structure
@ -1399,7 +1365,7 @@ sudo mkdir -p /opt/APP_NAME/nginx/ssl
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl
``` ```
### Step 17: Clone Repository and Set Up Application Files ### Step 16: Clone Repository and Set Up Application Files
#### 17.1 Switch to PROD_SERVICE_USER User #### 17.1 Switch to PROD_SERVICE_USER User
@ -1463,7 +1429,7 @@ sudo systemctl restart docker
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
### Step 18: Set Up SSH Key Authentication ### Step 17: Set Up SSH Key Authentication
#### 18.1 Add CI/CD Public Key #### 18.1 Add CI/CD Public Key
@ -1489,7 +1455,7 @@ ssh production
**Expected output**: You should be able to SSH to the production server without a password prompt. **Expected output**: You should be able to SSH to the production server without a password prompt.
### Step 19: Set Up Forgejo Runner for Production Deployment ### Step 18: Set Up Forgejo Runner for Production Deployment
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
@ -1635,7 +1601,7 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
4. Waits for all services to be healthy 4. Waits for all services to be healthy
5. Verifies the deployment was successful 5. Verifies the deployment was successful
### Step 20: Test Production Setup ### Step 19: Test Production Setup
#### 20.1 Test Docker Installation #### 20.1 Test Docker Installation
@ -1677,7 +1643,7 @@ curl http://localhost:3001/health
## Part 3: Final Configuration and Testing ## Part 3: Final Configuration and Testing
### Step 21: Configure Forgejo Repository Secrets ### Step 20: Configure Forgejo Repository Secrets
Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**: Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**:
@ -1695,7 +1661,7 @@ Go to your Forgejo repository and add these secrets in **Settings → Secrets an
- `DOMAIN`: Your domain name (e.g., `example.com`) - `DOMAIN`: Your domain name (e.g., `example.com`)
- `EMAIL`: Your email for SSL certificate notifications - `EMAIL`: Your email for SSL certificate notifications
### Step 22: Test Complete Pipeline ### Step 21: Test Complete Pipeline
#### 22.1 Trigger a Test Build #### 22.1 Trigger a Test Build
@ -1755,7 +1721,7 @@ docker compose logs frontend
3. **Database**: Verify database connections 3. **Database**: Verify database connections
4. **Logs**: Check for any errors in application logs 4. **Logs**: Check for any errors in application logs
### Step 23: Set Up SSL/TLS (Optional - Domain Users) ### Step 22: Set Up SSL/TLS (Optional - Domain Users)
#### 23.1 Install SSL Certificate #### 23.1 Install SSL Certificate
@ -1781,7 +1747,7 @@ sudo crontab -e
# 0 12 * * * /usr/bin/certbot renew --quiet # 0 12 * * * /usr/bin/certbot renew --quiet
``` ```
### Step 24: Final Verification ### Step 23: Final Verification
#### 24.1 Security Check #### 24.1 Security Check
@ -1820,7 +1786,7 @@ cd /opt/APP_NAME
./scripts/backup.sh ./scripts/backup.sh
``` ```
### Step 25: Documentation and Maintenance ### Step 24: Documentation and Maintenance
#### 25.1 Update Documentation #### 25.1 Update Documentation