devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove extra docker-compose installation step

Browse source
This commit is contained in:
continuist 2025-07-04 22:33:49 -04:00
parent eb208a49f4
commit cf402855ab
1 changed files with 50 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -56,10 +56,10 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy
## Quick Start
1. **Set up CI/CD Linode** (Steps 1-9)
2. **Set up Production Linode** (Steps 10-19)
3. **Configure SSH key exchange** (Step 17)
4. **Set up Forgejo repository secrets** (Step 20)
5. **Test the complete pipeline** (Step 21)
2. **Set up Production Linode** (Steps 10-18)
3. **Configure SSH key exchange** (Step 16)
4. **Set up Forgejo repository secrets** (Step 19)
5. **Test the complete pipeline** (Step 20)
## What's Included
@ -1320,16 +1320,9 @@ sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker PROD_SERVICE_USER
```
### Step 13: Install Docker Compose
### Step 13: Configure Security
```bash
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
```
### Step 14: Configure Security
#### 14.1 Configure Firewall
#### 13.1 Configure Firewall
```bash
sudo ufw --force enable
@ -1342,16 +1335,16 @@ sudo ufw allow 3000/tcp
sudo ufw allow 3001/tcp
```
#### 14.2 Configure Fail2ban
#### 13.2 Configure Fail2ban
```bash
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
```
### Step 15: Create Application Directory
### Step 14: Create Application Directory
#### 15.1 Create Directory Structure
#### 14.1 Create Directory Structure
```bash
sudo mkdir -p /opt/APP_NAME
@ -1360,22 +1353,22 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME
**Note**: Replace `APP_NAME` with your actual application name. This directory name can be controlled via the `APP_NAME` secret in your Forgejo repository settings. If you set the `APP_NAME` secret to `myapp`, the deployment directory will be `/opt/myapp`.
#### 15.2 Create SSL Directory (Optional - for domain users)
#### 14.2 Create SSL Directory (Optional - for domain users)
```bash
sudo mkdir -p /opt/APP_NAME/nginx/ssl
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl
```
### Step 16: Clone Repository and Set Up Application Files
### Step 15: Clone Repository and Set Up Application Files
#### 16.1 Switch to PROD_SERVICE_USER User
#### 15.1 Switch to PROD_SERVICE_USER User
```bash
sudo su - PROD_SERVICE_USER
```
#### 16.2 Clone Repository
#### 15.2 Clone Repository
```bash
cd /opt/APP_NAME
@ -1388,7 +1381,7 @@ git clone https://your-forgejo-instance/your-username/APP_NAME.git .
**Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path.
#### 16.3 Create Environment File
#### 15.3 Create Environment File
The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file:
@ -1414,7 +1407,7 @@ EOF
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password.
#### 16.4 Configure Docker for Harbor Access
#### 15.4 Configure Docker for Harbor Access
```bash
# Add the CI/CD Harbor registry to Docker's insecure registries
@ -1431,9 +1424,9 @@ sudo systemctl restart docker
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
### Step 17: Set Up SSH Key Authentication
### Step 16: Set Up SSH Key Authentication
#### 17.1 Add CI/CD Public Key
#### 16.1 Add CI/CD Public Key
```bash
# Create .ssh directory for PROD_SERVICE_USER
@ -1447,7 +1440,7 @@ chmod 600 ~/.ssh/authorized_keys
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
#### 17.2 Test SSH Connection
#### 16.2 Test SSH Connection
From the CI/CD Linode, test the SSH connection:
@ -1457,11 +1450,11 @@ ssh production
**Expected output**: You should be able to SSH to the production server without a password prompt.
### Step 18: Set Up Forgejo Runner for Production Deployment
### Step 17: Set Up Forgejo Runner for Production Deployment
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
#### 18.1 Install Forgejo Runner
#### 17.1 Install Forgejo Runner
```bash
# Download the latest Forgejo runner
@ -1477,7 +1470,7 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner
forgejo-runner --version
```
#### 18.2 Set Up Runner Directory for PROD_SERVICE_USER
#### 17.2 Set Up Runner Directory for PROD_SERVICE_USER
```bash
# Create runner directory owned by PROD_SERVICE_USER
@ -1485,14 +1478,14 @@ sudo mkdir -p /opt/forgejo-runner
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner
```
#### 18.3 Get Registration Token
#### 17.3 Get Registration Token
1. Go to your Forgejo repository
2. Navigate to **Settings → Actions → Runners**
3. Click **"New runner"**
4. Copy the registration token
#### 18.4 Register the Production Runner
#### 17.4 Register the Production Runner
```bash
# Switch to PROD_SERVICE_USER
@ -1512,9 +1505,9 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner
sudo chmod 600 /opt/forgejo-runner/.runner
```
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 18.3.
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 17.3.
#### 18.5 Create Systemd Service
#### 17.5 Create Systemd Service
```bash
# Create systemd service file
@ -1545,7 +1538,7 @@ sudo systemctl start forgejo-runner.service
sudo systemctl status forgejo-runner.service
```
#### 18.6 Test Runner Configuration
#### 17.6 Test Runner Configuration
```bash
# Check if the runner is running
@ -1572,7 +1565,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
The production runner will automatically handle the deployment process when you push to the main branch.
#### 18.7 Understanding the Production Docker Compose Setup
#### 17.7 Understanding the Production Docker Compose Setup
The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups:
@ -1597,16 +1590,16 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
4. Waits for all services to be healthy
5. Verifies the deployment was successful
### Step 19: Test Production Setup
### Step 18: Test Production Setup
#### 19.1 Test Docker Installation
#### 18.1 Test Docker Installation
```bash
docker --version
docker compose --version
```
#### 19.2 Test Harbor Access
#### 18.2 Test Harbor Access
```bash
# Test pulling an image from the CI/CD Harbor registry
@ -1615,14 +1608,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
#### 19.3 Test Application Deployment
#### 18.3 Test Application Deployment
```bash
cd /opt/APP_NAME
docker compose up -d
```
#### 19.4 Verify Application Status
#### 18.4 Verify Application Status
```bash
docker compose ps
@ -1639,7 +1632,7 @@ curl http://localhost:3001/health
## Part 3: Final Configuration and Testing
### Step 20: Configure Forgejo Repository Secrets
### Step 19: Configure Forgejo Repository Secrets
Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**:
@ -1657,15 +1650,15 @@ Go to your Forgejo repository and add these secrets in **Settings → Secrets an
- `DOMAIN`: Your domain name (e.g., `example.com`)
- `EMAIL`: Your email for SSL certificate notifications
### Step 21: Test Complete Pipeline
### Step 20: Test Complete Pipeline
#### 21.1 Trigger a Test Build
#### 20.1 Trigger a Test Build
1. **Make a small change** to your repository (e.g., update a comment or add a test file)
2. **Commit and push** the changes to trigger the CI/CD pipeline
3. **Monitor the build** in your Forgejo repository → Actions tab
#### 21.2 Verify Pipeline Steps
#### 20.2 Verify Pipeline Steps
The pipeline should execute these steps in order:
@ -1678,7 +1671,7 @@ The pipeline should execute these steps in order:
7. **Push to Registry**: Push images to Harbor registry from DinD
8. **Deploy to Production**: Deploy to production server
#### 21.3 Check Harbor
#### 20.3 Check Harbor
```bash
# On CI/CD Linode
@ -1692,7 +1685,7 @@ curl -k https://localhost:8080/v2/public/backend/tags/list
curl -k https://localhost:8080/v2/public/frontend/tags/list
```
#### 21.4 Verify Production Deployment
#### 20.4 Verify Production Deployment
```bash
# On Production Linode
@ -1710,16 +1703,16 @@ docker compose logs backend
docker compose logs frontend
```
#### 21.5 Test Application Functionality
#### 20.5 Test Application Functionality
1. **Frontend**: Visit your production URL (IP or domain)
2. **Backend API**: Test API endpoints
3. **Database**: Verify database connections
4. **Logs**: Check for any errors in application logs
### Step 22: Set Up SSL/TLS (Optional - Domain Users)
### Step 21: Set Up SSL/TLS (Optional - Domain Users)
#### 22.1 Install SSL Certificate
#### 21.1 Install SSL Certificate
If you have a domain pointing to your Production Linode:
@ -1731,7 +1724,7 @@ sudo certbot --nginx -d your-domain.com
sudo certbot certificates
```
#### 22.2 Configure Auto-Renewal
#### 21.2 Configure Auto-Renewal
```bash
# Test auto-renewal
@ -1743,9 +1736,9 @@ sudo crontab -e
# 0 12 * * * /usr/bin/certbot renew --quiet
```
### Step 23: Final Verification
### Step 22: Final Verification
#### 23.1 Security Check
#### 22.1 Security Check
```bash
# Check firewall status
@ -1758,7 +1751,7 @@ sudo systemctl status fail2ban
sudo grep "PasswordAuthentication" /etc/ssh/sshd_config
```
#### 23.2 Performance Check
#### 22.2 Performance Check
```bash
# Check system resources
@ -1771,7 +1764,7 @@ df -h
docker system df
```
#### 23.3 Backup Verification
#### 22.3 Backup Verification
```bash
# Test backup script
@ -1782,16 +1775,16 @@ cd /opt/APP_NAME
./scripts/backup.sh
```
### Step 24: Documentation and Maintenance
### Step 23: Documentation and Maintenance
#### 24.1 Update Documentation
#### 23.1 Update Documentation
1. **Update README.md** with deployment information
2. **Document environment variables** and their purposes
3. **Create troubleshooting guide** for common issues
4. **Document backup and restore procedures**
#### 24.2 Set Up Monitoring Alerts
#### 23.2 Set Up Monitoring Alerts
```bash
# Set up monitoring cron job
@ -1801,7 +1794,7 @@ cd /opt/APP_NAME
tail -f /tmp/monitor.log
```
#### 24.3 Regular Maintenance Tasks
#### 23.3 Regular Maintenance Tasks
**Daily:**
- Check application logs for errors