devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create registry config.yml as SERVICE_USER too
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-28 13:58:02 -04:00
parent 02569c8cf4
commit a4ef13b5dd
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -440,6 +440,9 @@ sudo chown SERVICE_USER:SERVICE_USER /opt/registry
#### 4.2 Create Registry Configuration #### 4.2 Create Registry Configuration
```bash ```bash
# Switch to SERVICE_USER (registry directory owner)
sudo su - SERVICE_USER
cat > /opt/registry/config.yml << 'EOF' cat > /opt/registry/config.yml << 'EOF'
version: 0.1 version: 0.1
log: log:
@ -468,6 +471,9 @@ health:
interval: 10s interval: 10s
threshold: 3 threshold: 3
EOF EOF
# Exit SERVICE_USER shell
exit
``` ```
**What this configuration does:** **What this configuration does:**
@ -476,6 +482,8 @@ EOF
- **Security Headers**: Protects against common web vulnerabilities - **Security Headers**: Protects against common web vulnerabilities
- **No Secret Key**: The `secret` field was unnecessary and has been removed - **No Secret Key**: The `secret` field was unnecessary and has been removed
**Security Note**: We switch to SERVICE_USER because the registry directory is owned by SERVICE_USER, maintaining proper file ownership and security.
#### 4.3 Create Authentication File #### 4.3 Create Authentication File
```bash ```bash
@ -499,8 +507,6 @@ exit
**Note**: Pull operations are public and don't require authentication, but push operations require these credentials. **Note**: Pull operations are public and don't require authentication, but push operations require these credentials.
**Security Note**: We switch to SERVICE_USER because the registry directory is owned by SERVICE_USER, maintaining proper file ownership and security.
#### 4.4 Create Docker Compose for Registry #### 4.4 Create Docker Compose for Registry
```bash ```bash