devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix section numering

Browse source
This commit is contained in:
continuist 2025-07-04 22:20:09 -04:00
parent 11b0715f71
commit eb208a49f4
1 changed files with 39 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

93
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -55,11 +55,11 @@ This guide covers setting up a complete Continuous Integration/Continuous Deploy
## Quick Start ## Quick Start
1. **Set up CI/CD Linode** (Steps 1-14) 1. **Set up CI/CD Linode** (Steps 1-9)
2. **Set up Production Linode** (Steps 15-27) 2. **Set up Production Linode** (Steps 10-19)
3. **Configure SSH key exchange** (Step 28) 3. **Configure SSH key exchange** (Step 17)
4. **Set up Forgejo repository secrets** (Step 29) 4. **Set up Forgejo repository secrets** (Step 20)
5. **Test the complete pipeline** (Step 30) 5. **Test the complete pipeline** (Step 21)
## What's Included ## What's Included
@ -1212,13 +1212,13 @@ curl -k -I https://localhost
### Step 10: Initial System Setup ### Step 10: Initial System Setup
#### 11.1 Update the System #### 10.1 Update the System
```bash ```bash
sudo apt update && sudo apt upgrade -y sudo apt update && sudo apt upgrade -y
``` ```
#### 11.2 Configure Timezone #### 10.2 Configure Timezone
```bash ```bash
# Configure timezone interactively # Configure timezone interactively
@ -1232,7 +1232,7 @@ date
**Expected output**: After selecting your timezone, the `date` command should show the current date and time in your selected timezone. **Expected output**: After selecting your timezone, the `date` command should show the current date and time in your selected timezone.
#### 11.3 Configure /etc/hosts #### 10.3 Configure /etc/hosts
```bash ```bash
# Add localhost entries for both IPv4 and IPv6 # Add localhost entries for both IPv4 and IPv6
@ -1253,7 +1253,7 @@ cat /etc/hosts
**Expected output**: The `/etc/hosts` file should show entries for `127.0.0.1`, `::1`, and your Linode's actual IP addresses all mapping to `localhost`. **Expected output**: The `/etc/hosts` file should show entries for `127.0.0.1`, `::1`, and your Linode's actual IP addresses all mapping to `localhost`.
#### 11.4 Install Essential Packages #### 10.4 Install Essential Packages
```bash ```bash
sudo apt install -y \ sudo apt install -y \
@ -1273,7 +1273,7 @@ sudo apt install -y \
### Step 11: Create Users ### Step 11: Create Users
#### 12.1 Create the PROD_SERVICE_USER User #### 11.1 Create the PROD_SERVICE_USER User
```bash ```bash
# Create dedicated group for the production service account # Create dedicated group for the production service account
@ -1284,16 +1284,7 @@ sudo useradd -r -g PROD_SERVICE_USER -s /bin/bash -m -d /home/PROD_SERVICE_USER
echo "PROD_SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd echo "PROD_SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd
``` ```
#### 12.2 Create the PROD_DEPLOY_USER User #### 11.2 Verify Users
```bash
# Create production deployment user
sudo useradd -m -s /bin/bash PROD_DEPLOY_USER
sudo usermod -aG sudo PROD_DEPLOY_USER
echo "PROD_DEPLOY_USER:$(openssl rand -base64 32)" | sudo chpasswd
```
#### 12.3 Verify Users
```bash ```bash
sudo su - PROD_SERVICE_USER sudo su - PROD_SERVICE_USER
@ -1309,7 +1300,7 @@ exit
### Step 12: Install Docker ### Step 12: Install Docker
#### 13.1 Add Docker Repository #### 12.1 Add Docker Repository
```bash ```bash
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
@ -1317,13 +1308,13 @@ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docke
sudo apt update sudo apt update
``` ```
#### 13.2 Install Docker Packages #### 12.2 Install Docker Packages
```bash ```bash
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
``` ```
#### 13.3 Configure Docker for Production Service Account #### 12.3 Configure Docker for Production Service Account
```bash ```bash
sudo usermod -aG docker PROD_SERVICE_USER sudo usermod -aG docker PROD_SERVICE_USER
@ -1378,13 +1369,13 @@ sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/APP_NAME/nginx/ssl
### Step 16: Clone Repository and Set Up Application Files ### Step 16: Clone Repository and Set Up Application Files
#### 17.1 Switch to PROD_SERVICE_USER User #### 16.1 Switch to PROD_SERVICE_USER User
```bash ```bash
sudo su - PROD_SERVICE_USER sudo su - PROD_SERVICE_USER
``` ```
#### 17.2 Clone Repository #### 16.2 Clone Repository
```bash ```bash
cd /opt/APP_NAME cd /opt/APP_NAME
@ -1397,7 +1388,7 @@ git clone https://your-forgejo-instance/your-username/APP_NAME.git .
**Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path. **Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path.
#### 17.3 Create Environment File #### 16.3 Create Environment File
The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file: The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file:
@ -1423,7 +1414,7 @@ EOF
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password.
#### 17.4 Configure Docker for Harbor Access #### 16.4 Configure Docker for Harbor Access
```bash ```bash
# Add the CI/CD Harbor registry to Docker's insecure registries # Add the CI/CD Harbor registry to Docker's insecure registries
@ -1442,7 +1433,7 @@ sudo systemctl restart docker
### Step 17: Set Up SSH Key Authentication ### Step 17: Set Up SSH Key Authentication
#### 18.1 Add CI/CD Public Key #### 17.1 Add CI/CD Public Key
```bash ```bash
# Create .ssh directory for PROD_SERVICE_USER # Create .ssh directory for PROD_SERVICE_USER
@ -1456,7 +1447,7 @@ chmod 600 ~/.ssh/authorized_keys
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode). **Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
#### 18.2 Test SSH Connection #### 17.2 Test SSH Connection
From the CI/CD Linode, test the SSH connection: From the CI/CD Linode, test the SSH connection:
@ -1470,7 +1461,7 @@ ssh production
**Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`. **Important**: The Production Linode needs a Forgejo runner to execute the deployment job from the CI/CD workflow. This runner will pull images from Harbor and deploy using `docker-compose.prod.yml`.
#### 19.1 Install Forgejo Runner #### 18.1 Install Forgejo Runner
```bash ```bash
# Download the latest Forgejo runner # Download the latest Forgejo runner
@ -1486,32 +1477,26 @@ sudo mv forgejo-runner /usr/bin/forgejo-runner
forgejo-runner --version forgejo-runner --version
``` ```
#### 19.2 Create Runner User and Directory #### 18.2 Set Up Runner Directory for PROD_SERVICE_USER
```bash ```bash
# Create dedicated user for the runner # Create runner directory owned by PROD_SERVICE_USER
sudo useradd -r -s /bin/bash -m -d /home/forgejo-runner forgejo-runner
# Create runner directory
sudo mkdir -p /opt/forgejo-runner sudo mkdir -p /opt/forgejo-runner
sudo chown forgejo-runner:forgejo-runner /opt/forgejo-runner sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner
# Add runner user to docker group
sudo usermod -aG docker forgejo-runner
``` ```
#### 19.3 Get Registration Token #### 18.3 Get Registration Token
1. Go to your Forgejo repository 1. Go to your Forgejo repository
2. Navigate to **Settings → Actions → Runners** 2. Navigate to **Settings → Actions → Runners**
3. Click **"New runner"** 3. Click **"New runner"**
4. Copy the registration token 4. Copy the registration token
#### 19.4 Register the Production Runner #### 18.4 Register the Production Runner
```bash ```bash
# Switch to runner user # Switch to PROD_SERVICE_USER
sudo su - forgejo-runner sudo su - PROD_SERVICE_USER
# Register the runner with production label # Register the runner with production label
forgejo-runner register \ forgejo-runner register \
@ -1522,14 +1507,14 @@ forgejo-runner register \
--no-interactive --no-interactive
# Copy configuration to system location # Copy configuration to system location
sudo cp /home/forgejo-runner/.runner /opt/forgejo-runner/.runner sudo cp /home/PROD_SERVICE_USER/.runner /opt/forgejo-runner/.runner
sudo chown forgejo-runner:forgejo-runner /opt/forgejo-runner/.runner sudo chown PROD_SERVICE_USER:PROD_SERVICE_USER /opt/forgejo-runner/.runner
sudo chmod 600 /opt/forgejo-runner/.runner sudo chmod 600 /opt/forgejo-runner/.runner
``` ```
**Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 19.3. **Important**: Replace `your-forgejo-instance` with your actual Forgejo instance URL and `YOUR_REGISTRATION_TOKEN` with the token you copied from Step 18.3.
#### 19.5 Create Systemd Service #### 18.5 Create Systemd Service
```bash ```bash
# Create systemd service file # Create systemd service file
@ -1540,7 +1525,7 @@ After=network.target docker.service
[Service] [Service]
Type=simple Type=simple
User=forgejo-runner User=PROD_SERVICE_USER
WorkingDirectory=/opt/forgejo-runner WorkingDirectory=/opt/forgejo-runner
ExecStart=/usr/bin/forgejo-runner daemon ExecStart=/usr/bin/forgejo-runner daemon
Restart=always Restart=always
@ -1560,7 +1545,7 @@ sudo systemctl start forgejo-runner.service
sudo systemctl status forgejo-runner.service sudo systemctl status forgejo-runner.service
``` ```
#### 19.6 Test Runner Configuration #### 18.6 Test Runner Configuration
```bash ```bash
# Check if the runner is running # Check if the runner is running
@ -1587,7 +1572,7 @@ sudo journalctl -u forgejo-runner.service -f --no-pager
The production runner will automatically handle the deployment process when you push to the main branch. The production runner will automatically handle the deployment process when you push to the main branch.
#### 19.7 Understanding the Production Docker Compose Setup #### 18.7 Understanding the Production Docker Compose Setup
The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups: The `docker-compose.prod.yml` file is specifically designed for production deployment and differs from development setups:
@ -1614,14 +1599,14 @@ The `docker-compose.prod.yml` file is specifically designed for production deplo
### Step 19: Test Production Setup ### Step 19: Test Production Setup
#### 20.1 Test Docker Installation #### 19.1 Test Docker Installation
```bash ```bash
docker --version docker --version
docker compose --version docker compose --version
``` ```
#### 20.2 Test Harbor Access #### 19.2 Test Harbor Access
```bash ```bash
# Test pulling an image from the CI/CD Harbor registry # Test pulling an image from the CI/CD Harbor registry
@ -1630,14 +1615,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address. **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
#### 20.3 Test Application Deployment #### 19.3 Test Application Deployment
```bash ```bash
cd /opt/APP_NAME cd /opt/APP_NAME
docker compose up -d docker compose up -d
``` ```
#### 20.4 Verify Application Status #### 19.4 Verify Application Status
```bash ```bash
docker compose ps docker compose ps