From cf402855ab9d72a6b3f408eb057036083835d40c Mon Sep 17 00:00:00 2001 From: continuist Date: Fri, 4 Jul 2025 22:33:49 -0400 Subject: [PATCH] Remove extra docker-compose installation step --- CI_CD_PIPELINE_SETUP_GUIDE.md | 107 ++++++++++++++++------------------ 1 file changed, 50 insertions(+), 57 deletions(-) diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md index a4fcfa3..84fa0ca 100644 --- a/CI_CD_PIPELINE_SETUP_GUIDE.md +++ b/CI_CD_PIPELINE_SETUP_GUIDE.md @@ -56,10 +56,10 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy ## Quick Start 1. **Set up CI/CD Linode** (Steps 1-9) -2. **Set up Production Linode** (Steps 10-19) -3. **Configure SSH key exchange** (Step 17) -4. **Set up Forgejo repository secrets** (Step 20) -5. **Test the complete pipeline** (Step 21) +2. **Set up Production Linode** (Steps 10-18) +3. **Configure SSH key exchange** (Step 16) +4. **Set up Forgejo repository secrets** (Step 19) +5. **Test the complete pipeline** (Step 20) ## What's Included @@ -1320,16 +1320,9 @@ sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin sudo usermod -aG docker PROD_SERVICE_USER ``` -### Step 13: Install Docker Compose +### Step 13: Configure Security -```bash -sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose -sudo chmod +x /usr/local/bin/docker-compose -``` - -### Step 14: Configure Security - -#### 14.1 Configure Firewall +#### 13.1 Configure Firewall ```bash sudo ufw --force enable @@ -1342,16 +1335,16 @@ sudo ufw allow 3000/tcp sudo ufw allow 3001/tcp ``` -#### 14.2 Configure Fail2ban +#### 13.2 Configure Fail2ban ```bash sudo systemctl enable fail2ban sudo systemctl start fail2ban ``` -### Step 15: Create Application Directory +### Step 14: Create Application Directory -#### 15.1 Create Directory Structure +#### 14.1 Create Directory Structure ```bash sudo mkdir -p /opt/APP_NAME @@ -1360,22 +1353,22 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME **Note**: Replace `APP_NAME` with your actual application name. This directory name can be controlled via the `APP_NAME` secret in your Forgejo repository settings. If you set the `APP_NAME` secret to `myapp`, the deployment directory will be `/opt/myapp`. -#### 15.2 Create SSL Directory (Optional - for domain users) +#### 14.2 Create SSL Directory (Optional - for domain users) ```bash sudo mkdir -p /opt/APP_NAME/nginx/ssl sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl ``` -### Step 16: Clone Repository and Set Up Application Files +### Step 15: Clone Repository and Set Up Application Files -#### 16.1 Switch to PROD_SERVICE_USER User +#### 15.1 Switch to PROD_SERVICE_USER User ```bash sudo su - PROD_SERVICE_USER ``` -#### 16.2 Clone Repository +#### 15.2 Clone Repository ```bash cd /opt/APP_NAME @@ -1388,7 +1381,7 @@ git clone https://your-forgejo-instance/your-username/APP_NAME.git . **Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path. -#### 16.3 Create Environment File +#### 15.3 Create Environment File The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file: @@ -1414,7 +1407,7 @@ EOF **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password. -#### 16.4 Configure Docker for Harbor Access +#### 15.4 Configure Docker for Harbor Access ```bash # Add the CI/CD Harbor registry to Docker's insecure registries @@ -1431,9 +1424,9 @@ sudo systemctl restart docker **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. -### Step 17: Set Up SSH Key Authentication +### Step 16: Set Up SSH Key Authentication -#### 17.1 Add CI/CD Public Key +#### 16.1 Add CI/CD Public Key ```bash # Create .ssh directory for PROD_SERVICE_USER @@ -1447,7 +1440,7 @@ chmod 600 ~/.ssh/authorized_keys **Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode). -#### 17.2 Test SSH Connection +#### 16.2 Test SSH Connection From the CI/CD Linode, test the SSH connection: @@ -1457,11 +1450,11 @@ ssh production **Expected output**: You should be able to SSH to the production server without a password prompt. -### Step 18: Set Up Forgejo Runner for Production Deployment +### Step 17: Set Up Forgejo Runner for Production Deployment **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. -#### 18.1 Install Forgejo Runner +#### 17.1 Install Forgejo Runner ```bash # Download the latest Forgejo runner @@ -1477,7 +1470,7 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner forgejo-runner --version ``` -#### 18.2 Set Up Runner Directory for PROD_SERVICE_USER +#### 17.2 Set Up Runner Directory for PROD_SERVICE_USER ```bash # Create runner directory owned by PROD_SERVICE_USER @@ -1485,14 +1478,14 @@ sudo mkdir -p /opt/forgejo-runner sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner ``` -#### 18.3 Get Registration Token +#### 17.3 Get Registration Token 1. Go to your Forgejo repository 2. Navigate to **Settings → Actions → Runners** 3. Click **"New runner"** 4. Copy the registration token -#### 18.4 Register the Production Runner +#### 17.4 Register the Production Runner ```bash # Switch to PROD_SERVICE_USER @@ -1512,9 +1505,9 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner sudo chmod 600 /opt/forgejo-runner/.runner ``` -**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 18.3. +**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 17.3. -#### 18.5 Create Systemd Service +#### 17.5 Create Systemd Service ```bash # Create systemd service file @@ -1545,7 +1538,7 @@ sudo systemctl start forgejo-runner.service sudo systemctl status forgejo-runner.service ``` -#### 18.6 Test Runner Configuration +#### 17.6 Test Runner Configuration ```bash # Check if the runner is running @@ -1572,7 +1565,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager The production runner will automatically handle the deployment process when you push to the main branch. -#### 18.7 Understanding the Production Docker Compose Setup +#### 17.7 Understanding the Production Docker Compose Setup The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups: @@ -1597,16 +1590,16 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo 4. Waits for all services to be healthy 5. Verifies the deployment was successful -### Step 19: Test Production Setup +### Step 18: Test Production Setup -#### 19.1 Test Docker Installation +#### 18.1 Test Docker Installation ```bash docker --version docker compose --version ``` -#### 19.2 Test Harbor Access +#### 18.2 Test Harbor Access ```bash # Test pulling an image from the CI/CD Harbor registry @@ -1615,14 +1608,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. -#### 19.3 Test Application Deployment +#### 18.3 Test Application Deployment ```bash cd /opt/APP_NAME docker compose up -d ``` -#### 19.4 Verify Application Status +#### 18.4 Verify Application Status ```bash docker compose ps @@ -1639,7 +1632,7 @@ curl http://localhost:3001/health ## Part 3: Final Configuration and Testing -### Step 20: Configure Forgejo Repository Secrets +### Step 19: Configure Forgejo Repository Secrets Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**: @@ -1657,15 +1650,15 @@ Go to your Forgejo repository and add these secrets in **Settings → Secrets an - `DOMAIN`: Your domain name (e.g., `example.com`) - `EMAIL`: Your email for SSL certificate notifications -### Step 21: Test Complete Pipeline +### Step 20: Test Complete Pipeline -#### 21.1 Trigger a Test Build +#### 20.1 Trigger a Test Build 1. **Make a small change** to your repository (e.g., update a comment or add a test file) 2. **Commit and push** the changes to trigger the CI/CD pipeline 3. **Monitor the build** in your Forgejo repository → Actions tab -#### 21.2 Verify Pipeline Steps +#### 20.2 Verify Pipeline Steps The pipeline should execute these steps in order: @@ -1678,7 +1671,7 @@ The pipeline should execute these steps in order: 7. **Push to Registry**: Push images to Harbor registry from DinD 8. **Deploy to Production**: Deploy to production server -#### 21.3 Check Harbor +#### 20.3 Check Harbor ```bash # On CI/CD Linode @@ -1692,7 +1685,7 @@ curl -k https://localhost:8080/v2/public/backend/tags/list curl -k https://localhost:8080/v2/public/frontend/tags/list ``` -#### 21.4 Verify Production Deployment +#### 20.4 Verify Production Deployment ```bash # On Production Linode @@ -1710,16 +1703,16 @@ docker compose logs backend docker compose logs frontend ``` -#### 21.5 Test Application Functionality +#### 20.5 Test Application Functionality 1. **Frontend**: Visit your production URL (IP or domain) 2. **Backend API**: Test API endpoints 3. **Database**: Verify database connections 4. **Logs**: Check for any errors in application logs -### Step 22: Set Up SSL/TLS (Optional - Domain Users) +### Step 21: Set Up SSL/TLS (Optional - Domain Users) -#### 22.1 Install SSL Certificate +#### 21.1 Install SSL Certificate If you have a domain pointing to your Production Linode: @@ -1731,7 +1724,7 @@ sudo certbot --nginx -d your-domain.com sudo certbot certificates ``` -#### 22.2 Configure Auto-Renewal +#### 21.2 Configure Auto-Renewal ```bash # Test auto-renewal @@ -1743,9 +1736,9 @@ sudo crontab -e # 0 12 * * * /usr/bin/certbot renew --quiet ``` -### Step 23: Final Verification +### Step 22: Final Verification -#### 23.1 Security Check +#### 22.1 Security Check ```bash # Check firewall status @@ -1758,7 +1751,7 @@ sudo systemctl status fail2ban sudo grep "PasswordAuthentication" /etc/ssh/sshd_config ``` -#### 23.2 Performance Check +#### 22.2 Performance Check ```bash # Check system resources @@ -1771,7 +1764,7 @@ df -h docker system df ``` -#### 23.3 Backup Verification +#### 22.3 Backup Verification ```bash # Test backup script @@ -1782,16 +1775,16 @@ cd /opt/APP_NAME ./scripts/backup.sh ``` -### Step 24: Documentation and Maintenance +### Step 23: Documentation and Maintenance -#### 24.1 Update Documentation +#### 23.1 Update Documentation 1. **Update README.md** with deployment information 2. **Document environment variables** and their purposes 3. **Create troubleshooting guide** for common issues 4. **Document backup and restore procedures** -#### 24.2 Set Up Monitoring Alerts +#### 23.2 Set Up Monitoring Alerts ```bash # Set up monitoring cron job @@ -1801,7 +1794,7 @@ cd /opt/APP_NAME tail -f /tmp/monitor.log ``` -#### 24.3 Regular Maintenance Tasks +#### 23.3 Regular Maintenance Tasks **Daily:** - Check application logs for errors