devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix section numering

Browse source
This commit is contained in:
continuist 2025-07-04 22:20:09 -04:00
parent 11b0715f71
commit eb208a49f4
1 changed files with 39 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

93
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -55,11 +55,11 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy
## Quick Start
1. **Set up CI/CD Linode** (Steps 1-14)
2. **Set up Production Linode** (Steps 15-27)
3. **Configure SSH key exchange** (Step 28)
4. **Set up Forgejo repository secrets** (Step 29)
5. **Test the complete pipeline** (Step 30)
1. **Set up CI/CD Linode** (Steps 1-9)
2. **Set up Production Linode** (Steps 10-19)
3. **Configure SSH key exchange** (Step 17)
4. **Set up Forgejo repository secrets** (Step 20)
5. **Test the complete pipeline** (Step 21)
## What's Included
@ -1212,13 +1212,13 @@ curl -k -I https://localhost
### Step 10: Initial System Setup
#### 11.1 Update the System
#### 10.1 Update the System
```bash
sudo apt update && sudo apt upgrade -y
```
#### 11.2 Configure Timezone
#### 10.2 Configure Timezone
```bash
# Configure timezone interactively
@ -1232,7 +1232,7 @@ date
**Expected output**: After selecting your timezone, the `date` command should show the current date and time in your selected timezone.
#### 11.3 Configure /etc/hosts
#### 10.3 Configure /etc/hosts
```bash
# Add localhost entries for both IPv4 and IPv6
@ -1253,7 +1253,7 @@ cat /etc/hosts
**Expected output**: The `/etc/hosts` file should show entries for `127.0.0.1`, `::1`, and your Linode's actual IP addresses all mapping to `localhost`.
#### 11.4 Install Essential Packages
#### 10.4 Install Essential Packages
```bash
sudo apt install -y \
@ -1273,7 +1273,7 @@ sudo apt install -y \
### Step 11: Create Users
#### 12.1 Create the PROD_SERVICE_USER User
#### 11.1 Create the PROD_SERVICE_USER User
```bash
# Create dedicated group for the production service account
@ -1284,16 +1284,7 @@ sudo useradd -r -g PROD_SERVICE_USER -s /bin/bash -m -d /home/PROD_SERVICE_USER
echo "PROD_SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd
```
#### 12.2 Create the PROD_DEPLOY_USER User
```bash
# Create production deployment user
sudo useradd -m -s /bin/bash PROD_DEPLOY_USER
sudo usermod -aG sudo PROD_DEPLOY_USER
echo "PROD_DEPLOY_USER:$(openssl rand -base64 32)" | sudo chpasswd
```
#### 12.3 Verify Users
#### 11.2 Verify Users
```bash
sudo su - PROD_SERVICE_USER
@ -1309,7 +1300,7 @@ exit
### Step 12: Install Docker
#### 13.1 Add Docker Repository
#### 12.1 Add Docker Repository
```bash
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
@ -1317,13 +1308,13 @@ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docke
sudo apt update
```
#### 13.2 Install Docker Packages
#### 12.2 Install Docker Packages
```bash
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
```
#### 13.3 Configure Docker for Production Service Account
#### 12.3 Configure Docker for Production Service Account
```bash
sudo usermod -aG docker PROD_SERVICE_USER
@ -1378,13 +1369,13 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl
### Step 16: Clone Repository and Set Up Application Files
#### 17.1 Switch to PROD_SERVICE_USER User
#### 16.1 Switch to PROD_SERVICE_USER User
```bash
sudo su - PROD_SERVICE_USER
```
#### 17.2 Clone Repository
#### 16.2 Clone Repository
```bash
cd /opt/APP_NAME
@ -1397,7 +1388,7 @@ git clone https://your-forgejo-instance/your-username/APP_NAME.git .
**Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path.
#### 17.3 Create Environment File
#### 16.3 Create Environment File
The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file:
@ -1423,7 +1414,7 @@ EOF
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password.
#### 17.4 Configure Docker for Harbor Access
#### 16.4 Configure Docker for Harbor Access
```bash
# Add the CI/CD Harbor registry to Docker's insecure registries
@ -1442,7 +1433,7 @@ sudo systemctl restart docker
### Step 17: Set Up SSH Key Authentication
#### 18.1 Add CI/CD Public Key
#### 17.1 Add CI/CD Public Key
```bash
# Create .ssh directory for PROD_SERVICE_USER
@ -1456,7 +1447,7 @@ chmod 600 ~/.ssh/authorized_keys
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
#### 18.2 Test SSH Connection
#### 17.2 Test SSH Connection
From the CI/CD Linode, test the SSH connection:
@ -1470,7 +1461,7 @@ ssh production
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
#### 19.1 Install Forgejo Runner
#### 18.1 Install Forgejo Runner
```bash
# Download the latest Forgejo runner
@ -1486,32 +1477,26 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner
forgejo-runner --version
```
#### 19.2 Create Runner User and Directory
#### 18.2 Set Up Runner Directory for PROD_SERVICE_USER
```bash
# Create dedicated user for the runner
sudo useradd -r -s /bin/bash -m -d /home/forgejo-runner forgejo-runner
# Create runner directory
# Create runner directory owned by PROD_SERVICE_USER
sudo mkdir -p /opt/forgejo-runner
sudo chown forgejo-runner:forgejo-runner /opt/forgejo-runner
# Add runner user to docker group
sudo usermod -aG docker forgejo-runner
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner
```
#### 19.3 Get Registration Token
#### 18.3 Get Registration Token
1. Go to your Forgejo repository
2. Navigate to **Settings → Actions → Runners**
3. Click **"New runner"**
4. Copy the registration token
#### 19.4 Register the Production Runner
#### 18.4 Register the Production Runner
```bash
# Switch to runner user
sudo su - forgejo-runner
# Switch to PROD_SERVICE_USER
sudo su - PROD_SERVICE_USER
# Register the runner with production label
forgejo-runner register \
@ -1522,14 +1507,14 @@ forgejo-runner register \
--no-interactive
# Copy configuration to system location
sudo cp /home/forgejo-runner/.runner /opt/forgejo-runner/.runner
sudo chown forgejo-runner:forgejo-runner /opt/forgejo-runner/.runner
sudo cp /home/PROD_SERVICE_USER/.runner /opt/forgejo-runner/.runner
sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner
sudo chmod 600 /opt/forgejo-runner/.runner
```
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 19.3.
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 18.3.
#### 19.5 Create Systemd Service
#### 18.5 Create Systemd Service
```bash
# Create systemd service file
@ -1540,7 +1525,7 @@ After=network.target docker.service
[Service]
Type=simple
User=forgejo-runner
User=PROD_SERVICE_USER
WorkingDirectory=/opt/forgejo-runner
ExecStart=/usr/bin/forgejo-runner daemon
Restart=always
@ -1560,7 +1545,7 @@ sudo systemctl start forgejo-runner.service
sudo systemctl status forgejo-runner.service
```
#### 19.6 Test Runner Configuration
#### 18.6 Test Runner Configuration
```bash
# Check if the runner is running
@ -1587,7 +1572,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
The production runner will automatically handle the deployment process when you push to the main branch.
#### 19.7 Understanding the Production Docker Compose Setup
#### 18.7 Understanding the Production Docker Compose Setup
The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups:
@ -1614,14 +1599,14 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
### Step 19: Test Production Setup
#### 20.1 Test Docker Installation
#### 19.1 Test Docker Installation
```bash
docker --version
docker compose --version
```
#### 20.2 Test Harbor Access
#### 19.2 Test Harbor Access
```bash
# Test pulling an image from the CI/CD Harbor registry
@ -1630,14 +1615,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
#### 20.3 Test Application Deployment
#### 19.3 Test Application Deployment
```bash
cd /opt/APP_NAME
docker compose up -d
```
#### 20.4 Verify Application Status
#### 19.4 Verify Application Status
```bash
docker compose ps