From eb208a49f4589ed394b713b50f0e1c3930325f4d Mon Sep 17 00:00:00 2001 From: continuist Date: Fri, 4 Jul 2025 22:20:09 -0400 Subject: [PATCH] Fix section numering --- CI_CD_PIPELINE_SETUP_GUIDE.md | 93 +++++++++++++++-------------------- 1 file changed, 39 insertions(+), 54 deletions(-) diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md index 20bd01e..a4fcfa3 100644 --- a/CI_CD_PIPELINE_SETUP_GUIDE.md +++ b/CI_CD_PIPELINE_SETUP_GUIDE.md @@ -55,11 +55,11 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy ## Quick Start -1. **Set up CI/CD Linode** (Steps 1-14) -2. **Set up Production Linode** (Steps 15-27) -3. **Configure SSH key exchange** (Step 28) -4. **Set up Forgejo repository secrets** (Step 29) -5. **Test the complete pipeline** (Step 30) +1. **Set up CI/CD Linode** (Steps 1-9) +2. **Set up Production Linode** (Steps 10-19) +3. **Configure SSH key exchange** (Step 17) +4. **Set up Forgejo repository secrets** (Step 20) +5. **Test the complete pipeline** (Step 21) ## What's Included @@ -1212,13 +1212,13 @@ curl -k -I https://localhost ### Step 10: Initial System Setup -#### 11.1 Update the System +#### 10.1 Update the System ```bash sudo apt update && sudo apt upgrade -y ``` -#### 11.2 Configure Timezone +#### 10.2 Configure Timezone ```bash # Configure timezone interactively @@ -1232,7 +1232,7 @@ date **Expected output**: After selecting your timezone, the `date` command should show the current date and time in your selected timezone. -#### 11.3 Configure /etc/hosts +#### 10.3 Configure /etc/hosts ```bash # Add localhost entries for both IPv4 and IPv6 @@ -1253,7 +1253,7 @@ cat /etc/hosts **Expected output**: The `/etc/hosts` file should show entries for `127.0.0.1`, `::1`, and your Linode's actual IP addresses all mapping to `localhost`. -#### 11.4 Install Essential Packages +#### 10.4 Install Essential Packages ```bash sudo apt install -y \ @@ -1273,7 +1273,7 @@ sudo apt install -y \ ### Step 11: Create Users -#### 12.1 Create the PROD_SERVICE_USER User +#### 11.1 Create the PROD_SERVICE_USER User ```bash # Create dedicated group for the production service account @@ -1284,16 +1284,7 @@ sudo useradd -r -g PROD_SERVICE_USER -s /bin/bash -m -d /home/PROD_SERVICE_USER echo "PROD_SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd ``` -#### 12.2 Create the PROD_DEPLOY_USER User - -```bash -# Create production deployment user -sudo useradd -m -s /bin/bash PROD_DEPLOY_USER -sudo usermod -aG sudo PROD_DEPLOY_USER -echo "PROD_DEPLOY_USER:$(openssl rand -base64 32)" | sudo chpasswd -``` - -#### 12.3 Verify Users +#### 11.2 Verify Users ```bash sudo su - PROD_SERVICE_USER @@ -1309,7 +1300,7 @@ exit ### Step 12: Install Docker -#### 13.1 Add Docker Repository +#### 12.1 Add Docker Repository ```bash curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg @@ -1317,13 +1308,13 @@ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docke sudo apt update ``` -#### 13.2 Install Docker Packages +#### 12.2 Install Docker Packages ```bash sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin ``` -#### 13.3 Configure Docker for Production Service Account +#### 12.3 Configure Docker for Production Service Account ```bash sudo usermod -aG docker PROD_SERVICE_USER @@ -1378,13 +1369,13 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl ### Step 16: Clone Repository and Set Up Application Files -#### 17.1 Switch to PROD_SERVICE_USER User +#### 16.1 Switch to PROD_SERVICE_USER User ```bash sudo su - PROD_SERVICE_USER ``` -#### 17.2 Clone Repository +#### 16.2 Clone Repository ```bash cd /opt/APP_NAME @@ -1397,7 +1388,7 @@ git clone https://your-forgejo-instance/your-username/APP_NAME.git . **Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path. -#### 17.3 Create Environment File +#### 16.3 Create Environment File The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file: @@ -1423,7 +1414,7 @@ EOF **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password. -#### 17.4 Configure Docker for Harbor Access +#### 16.4 Configure Docker for Harbor Access ```bash # Add the CI/CD Harbor registry to Docker's insecure registries @@ -1442,7 +1433,7 @@ sudo systemctl restart docker ### Step 17: Set Up SSH Key Authentication -#### 18.1 Add CI/CD Public Key +#### 17.1 Add CI/CD Public Key ```bash # Create .ssh directory for PROD_SERVICE_USER @@ -1456,7 +1447,7 @@ chmod 600 ~/.ssh/authorized_keys **Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode). -#### 18.2 Test SSH Connection +#### 17.2 Test SSH Connection From the CI/CD Linode, test the SSH connection: @@ -1470,7 +1461,7 @@ ssh production **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. -#### 19.1 Install Forgejo Runner +#### 18.1 Install Forgejo Runner ```bash # Download the latest Forgejo runner @@ -1486,32 +1477,26 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner forgejo-runner --version ``` -#### 19.2 Create Runner User and Directory +#### 18.2 Set Up Runner Directory for PROD_SERVICE_USER ```bash -# Create dedicated user for the runner -sudo useradd -r -s /bin/bash -m -d /home/forgejo-runner forgejo-runner - -# Create runner directory +# Create runner directory owned by PROD_SERVICE_USER sudo mkdir -p /opt/forgejo-runner -sudo chown forgejo-runner:forgejo-runner /opt/forgejo-runner - -# Add runner user to docker group -sudo usermod -aG docker forgejo-runner +sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner ``` -#### 19.3 Get Registration Token +#### 18.3 Get Registration Token 1. Go to your Forgejo repository 2. Navigate to **Settings → Actions → Runners** 3. Click **"New runner"** 4. Copy the registration token -#### 19.4 Register the Production Runner +#### 18.4 Register the Production Runner ```bash -# Switch to runner user -sudo su - forgejo-runner +# Switch to PROD_SERVICE_USER +sudo su - PROD_SERVICE_USER # Register the runner with production label forgejo-runner register \ @@ -1522,14 +1507,14 @@ forgejo-runner register \ --no-interactive # Copy configuration to system location -sudo cp /home/forgejo-runner/.runner /opt/forgejo-runner/.runner -sudo chown forgejo-runner:forgejo-runner /opt/forgejo-runner/.runner +sudo cp /home/PROD_SERVICE_USER/.runner /opt/forgejo-runner/.runner +sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner sudo chmod 600 /opt/forgejo-runner/.runner ``` -**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 19.3. +**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 18.3. -#### 19.5 Create Systemd Service +#### 18.5 Create Systemd Service ```bash # Create systemd service file @@ -1540,7 +1525,7 @@ After=network.target docker.service [Service] Type=simple -User=forgejo-runner +User=PROD_SERVICE_USER WorkingDirectory=/opt/forgejo-runner ExecStart=/usr/bin/forgejo-runner daemon Restart=always @@ -1560,7 +1545,7 @@ sudo systemctl start forgejo-runner.service sudo systemctl status forgejo-runner.service ``` -#### 19.6 Test Runner Configuration +#### 18.6 Test Runner Configuration ```bash # Check if the runner is running @@ -1587,7 +1572,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager The production runner will automatically handle the deployment process when you push to the main branch. -#### 19.7 Understanding the Production Docker Compose Setup +#### 18.7 Understanding the Production Docker Compose Setup The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups: @@ -1614,14 +1599,14 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo ### Step 19: Test Production Setup -#### 20.1 Test Docker Installation +#### 19.1 Test Docker Installation ```bash docker --version docker compose --version ``` -#### 20.2 Test Harbor Access +#### 19.2 Test Harbor Access ```bash # Test pulling an image from the CI/CD Harbor registry @@ -1630,14 +1615,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. -#### 20.3 Test Application Deployment +#### 19.3 Test Application Deployment ```bash cd /opt/APP_NAME docker compose up -d ``` -#### 20.4 Verify Application Status +#### 19.4 Verify Application Status ```bash docker compose ps