devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove extra docker-compose installation step

Browse source
This commit is contained in:
continuist 2025-07-04 22:33:49 -04:00
parent eb208a49f4
commit cf402855ab
1 changed files with 50 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -56,10 +56,10 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy
## Quick Start ## Quick Start
1. **Set up CI/CD Linode** (Steps 1-9) 1. **Set up CI/CD Linode** (Steps 1-9)
2. **Set up Production Linode** (Steps 10-19) 2. **Set up Production Linode** (Steps 10-18)
3. **Configure SSH key exchange** (Step 17) 3. **Configure SSH key exchange** (Step 16)
4. **Set up Forgejo repository secrets** (Step 20) 4. **Set up Forgejo repository secrets** (Step 19)
5. **Test the complete pipeline** (Step 21) 5. **Test the complete pipeline** (Step 20)
## What's Included ## What's Included
@ -1320,16 +1320,9 @@ sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker PROD_SERVICE_USER sudo usermod -aG docker PROD_SERVICE_USER
``` ```
### Step 13: Install Docker Compose ### Step 13: Configure Security
```bash #### 13.1 Configure Firewall
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
```
### Step 14: Configure Security
#### 14.1 Configure Firewall
```bash ```bash
sudo ufw --force enable sudo ufw --force enable
@ -1342,16 +1335,16 @@ sudo ufw allow 3000/tcp
sudo ufw allow 3001/tcp sudo ufw allow 3001/tcp
``` ```
#### 14.2 Configure Fail2ban #### 13.2 Configure Fail2ban
```bash ```bash
sudo systemctl enable fail2ban sudo systemctl enable fail2ban
sudo systemctl start fail2ban sudo systemctl start fail2ban
``` ```
### Step 15: Create Application Directory ### Step 14: Create Application Directory
#### 15.1 Create Directory Structure #### 14.1 Create Directory Structure
```bash ```bash
sudo mkdir -p /opt/APP_NAME sudo mkdir -p /opt/APP_NAME
@ -1360,22 +1353,22 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME
**Note**: Replace `APP_NAME` with your actual application name. This directory name can be controlled via the `APP_NAME` secret in your Forgejo repository settings. If you set the `APP_NAME` secret to `myapp`, the deployment directory will be `/opt/myapp`. **Note**: Replace `APP_NAME` with your actual application name. This directory name can be controlled via the `APP_NAME` secret in your Forgejo repository settings. If you set the `APP_NAME` secret to `myapp`, the deployment directory will be `/opt/myapp`.
#### 15.2 Create SSL Directory (Optional - for domain users) #### 14.2 Create SSL Directory (Optional - for domain users)
```bash ```bash
sudo mkdir -p /opt/APP_NAME/nginx/ssl sudo mkdir -p /opt/APP_NAME/nginx/ssl
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl
``` ```
### Step 16: Clone Repository and Set Up Application Files ### Step 15: Clone Repository and Set Up Application Files
#### 16.1 Switch to PROD_SERVICE_USER User #### 15.1 Switch to PROD_SERVICE_USER User
```bash ```bash
sudo su - PROD_SERVICE_USER sudo su - PROD_SERVICE_USER
``` ```
#### 16.2 Clone Repository #### 15.2 Clone Repository
```bash ```bash
cd /opt/APP_NAME cd /opt/APP_NAME
@ -1388,7 +1381,7 @@ git clone https://your-forgejo-instance/your-username/APP_NAME.git .
**Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path. **Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path.
#### 16.3 Create Environment File #### 15.3 Create Environment File
The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file: The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file:
@ -1414,7 +1407,7 @@ EOF
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password.
#### 16.4 Configure Docker for Harbor Access #### 15.4 Configure Docker for Harbor Access
```bash ```bash
# Add the CI/CD Harbor registry to Docker's insecure registries # Add the CI/CD Harbor registry to Docker's insecure registries
@ -1431,9 +1424,9 @@ sudo systemctl restart docker
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
### Step 17: Set Up SSH Key Authentication ### Step 16: Set Up SSH Key Authentication
#### 17.1 Add CI/CD Public Key #### 16.1 Add CI/CD Public Key
```bash ```bash
# Create .ssh directory for PROD_SERVICE_USER # Create .ssh directory for PROD_SERVICE_USER
@ -1447,7 +1440,7 @@ chmod 600 ~/.ssh/authorized_keys
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode). **Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
#### 17.2 Test SSH Connection #### 16.2 Test SSH Connection
From the CI/CD Linode, test the SSH connection: From the CI/CD Linode, test the SSH connection:
@ -1457,11 +1450,11 @@ ssh production
**Expected output**: You should be able to SSH to the production server without a password prompt. **Expected output**: You should be able to SSH to the production server without a password prompt.
### Step 18: Set Up Forgejo Runner for Production Deployment ### Step 17: Set Up Forgejo Runner for Production Deployment
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
#### 18.1 Install Forgejo Runner #### 17.1 Install Forgejo Runner
```bash ```bash
# Download the latest Forgejo runner # Download the latest Forgejo runner
@ -1477,7 +1470,7 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner
forgejo-runner --version forgejo-runner --version
``` ```
#### 18.2 Set Up Runner Directory for PROD_SERVICE_USER #### 17.2 Set Up Runner Directory for PROD_SERVICE_USER
```bash ```bash
# Create runner directory owned by PROD_SERVICE_USER # Create runner directory owned by PROD_SERVICE_USER
@ -1485,14 +1478,14 @@ sudo mkdir -p /opt/forgejo-runner
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner
``` ```
#### 18.3 Get Registration Token #### 17.3 Get Registration Token
1. Go to your Forgejo repository 1. Go to your Forgejo repository
2. Navigate to **Settings → Actions → Runners** 2. Navigate to **Settings → Actions → Runners**
3. Click **"New runner"** 3. Click **"New runner"**
4. Copy the registration token 4. Copy the registration token
#### 18.4 Register the Production Runner #### 17.4 Register the Production Runner
```bash ```bash
# Switch to PROD_SERVICE_USER # Switch to PROD_SERVICE_USER
@ -1512,9 +1505,9 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner
sudo chmod 600 /opt/forgejo-runner/.runner sudo chmod 600 /opt/forgejo-runner/.runner
``` ```
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 18.3. **Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 17.3.
#### 18.5 Create Systemd Service #### 17.5 Create Systemd Service
```bash ```bash
# Create systemd service file # Create systemd service file
@ -1545,7 +1538,7 @@ sudo systemctl start forgejo-runner.service
sudo systemctl status forgejo-runner.service sudo systemctl status forgejo-runner.service
``` ```
#### 18.6 Test Runner Configuration #### 17.6 Test Runner Configuration
```bash ```bash
# Check if the runner is running # Check if the runner is running
@ -1572,7 +1565,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
The production runner will automatically handle the deployment process when you push to the main branch. The production runner will automatically handle the deployment process when you push to the main branch.
#### 18.7 Understanding the Production Docker Compose Setup #### 17.7 Understanding the Production Docker Compose Setup
The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups: The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups:
@ -1597,16 +1590,16 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
4. Waits for all services to be healthy 4. Waits for all services to be healthy
5. Verifies the deployment was successful 5. Verifies the deployment was successful
### Step 19: Test Production Setup ### Step 18: Test Production Setup
#### 19.1 Test Docker Installation #### 18.1 Test Docker Installation
```bash ```bash
docker --version docker --version
docker compose --version docker compose --version
``` ```
#### 19.2 Test Harbor Access #### 18.2 Test Harbor Access
```bash ```bash
# Test pulling an image from the CI/CD Harbor registry # Test pulling an image from the CI/CD Harbor registry
@ -1615,14 +1608,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
#### 19.3 Test Application Deployment #### 18.3 Test Application Deployment
```bash ```bash
cd /opt/APP_NAME cd /opt/APP_NAME
docker compose up -d docker compose up -d
``` ```
#### 19.4 Verify Application Status #### 18.4 Verify Application Status
```bash ```bash
docker compose ps docker compose ps
@ -1639,7 +1632,7 @@ curl http://localhost:3001/health
## Part 3: Final Configuration and Testing ## Part 3: Final Configuration and Testing
### Step 20: Configure Forgejo Repository Secrets ### Step 19: Configure Forgejo Repository Secrets
Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**: Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**:
@ -1657,15 +1650,15 @@ Go to your Forgejo repository and add these secrets in **Settings → Secrets an
- `DOMAIN`: Your domain name (e.g., `example.com`) - `DOMAIN`: Your domain name (e.g., `example.com`)
- `EMAIL`: Your email for SSL certificate notifications - `EMAIL`: Your email for SSL certificate notifications
### Step 21: Test Complete Pipeline ### Step 20: Test Complete Pipeline
#### 21.1 Trigger a Test Build #### 20.1 Trigger a Test Build
1. **Make a small change** to your repository (e.g., update a comment or add a test file) 1. **Make a small change** to your repository (e.g., update a comment or add a test file)
2. **Commit and push** the changes to trigger the CI/CD pipeline 2. **Commit and push** the changes to trigger the CI/CD pipeline
3. **Monitor the build** in your Forgejo repository → Actions tab 3. **Monitor the build** in your Forgejo repository → Actions tab
#### 21.2 Verify Pipeline Steps #### 20.2 Verify Pipeline Steps
The pipeline should execute these steps in order: The pipeline should execute these steps in order:
@ -1678,7 +1671,7 @@ The pipeline should execute these steps in order:
7. **Push to Registry**: Push images to Harbor registry from DinD 7. **Push to Registry**: Push images to Harbor registry from DinD
8. **Deploy to Production**: Deploy to production server 8. **Deploy to Production**: Deploy to production server
#### 21.3 Check Harbor #### 20.3 Check Harbor
```bash ```bash
# On CI/CD Linode # On CI/CD Linode
@ -1692,7 +1685,7 @@ curl -k https://localhost:8080/v2/public/backend/tags/list
curl -k https://localhost:8080/v2/public/frontend/tags/list curl -k https://localhost:8080/v2/public/frontend/tags/list
``` ```
#### 21.4 Verify Production Deployment #### 20.4 Verify Production Deployment
```bash ```bash
# On Production Linode # On Production Linode
@ -1710,16 +1703,16 @@ docker compose logs backend
docker compose logs frontend docker compose logs frontend
``` ```
#### 21.5 Test Application Functionality #### 20.5 Test Application Functionality
1. **Frontend**: Visit your production URL (IP or domain) 1. **Frontend**: Visit your production URL (IP or domain)
2. **Backend API**: Test API endpoints 2. **Backend API**: Test API endpoints
3. **Database**: Verify database connections 3. **Database**: Verify database connections
4. **Logs**: Check for any errors in application logs 4. **Logs**: Check for any errors in application logs
### Step 22: Set Up SSL/TLS (Optional - Domain Users) ### Step 21: Set Up SSL/TLS (Optional - Domain Users)
#### 22.1 Install SSL Certificate #### 21.1 Install SSL Certificate
If you have a domain pointing to your Production Linode: If you have a domain pointing to your Production Linode:
@ -1731,7 +1724,7 @@ sudo certbot --nginx -d your-domain.com
sudo certbot certificates sudo certbot certificates
``` ```
#### 22.2 Configure Auto-Renewal #### 21.2 Configure Auto-Renewal
```bash ```bash
# Test auto-renewal # Test auto-renewal
@ -1743,9 +1736,9 @@ sudo crontab -e
# 0 12 * * * /usr/bin/certbot renew --quiet # 0 12 * * * /usr/bin/certbot renew --quiet
``` ```
### Step 23: Final Verification ### Step 22: Final Verification
#### 23.1 Security Check #### 22.1 Security Check
```bash ```bash
# Check firewall status # Check firewall status
@ -1758,7 +1751,7 @@ sudo systemctl status fail2ban
sudo grep "PasswordAuthentication" /etc/ssh/sshd_config sudo grep "PasswordAuthentication" /etc/ssh/sshd_config
``` ```
#### 23.2 Performance Check #### 22.2 Performance Check
```bash ```bash
# Check system resources # Check system resources
@ -1771,7 +1764,7 @@ df -h
docker system df docker system df
``` ```
#### 23.3 Backup Verification #### 22.3 Backup Verification
```bash ```bash
# Test backup script # Test backup script
@ -1782,16 +1775,16 @@ cd /opt/APP_NAME
./scripts/backup.sh ./scripts/backup.sh
``` ```
### Step 24: Documentation and Maintenance ### Step 23: Documentation and Maintenance
#### 24.1 Update Documentation #### 23.1 Update Documentation
1. **Update README.md** with deployment information 1. **Update README.md** with deployment information
2. **Document environment variables** and their purposes 2. **Document environment variables** and their purposes
3. **Create troubleshooting guide** for common issues 3. **Create troubleshooting guide** for common issues
4. **Document backup and restore procedures** 4. **Document backup and restore procedures**
#### 24.2 Set Up Monitoring Alerts #### 23.2 Set Up Monitoring Alerts
```bash ```bash
# Set up monitoring cron job # Set up monitoring cron job
@ -1801,7 +1794,7 @@ cd /opt/APP_NAME
tail -f /tmp/monitor.log tail -f /tmp/monitor.log
``` ```
#### 24.3 Regular Maintenance Tasks #### 23.3 Regular Maintenance Tasks
**Daily:** **Daily:**
- Check application logs for errors - Check application logs for errors