devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove redundant steps
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-29 13:59:55 -04:00
parent 70407d7f35
commit f0e67a5e08
1 changed files with 82 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

196
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -788,39 +788,7 @@ Your Harbor registry is now configured with the following access model:
- ✅ **Role-based access control**: Different user roles (admin, developer, guest)
- ✅ **Audit logs**: Complete trail of all operations
### Step 6: Test Harbor Setup
#### 6.1 Verify Harbor Installation
```bash
# Check if all Harbor containers are running
cd /opt/APP_NAME/harbor
docker compose ps
# Test Harbor API (HTTPS)
curl -k https://localhost/api/v2.0/health
# Test Harbor UI (HTTPS)
curl -k -I https://localhost
# Expected output: HTTP/1.1 200 OK
```
**Important**: All Harbor services should show as "Up" in the `docker compose ps` output. The health check should return a JSON response indicating all services are healthy.
#### 6.2 Test Docker Login
```bash
# Test Docker login to Harbor
docker login YOUR_CI_CD_IP
# Enter: ci-user and your-secure-password
```
**Expected output**: `Login Succeeded` message.
**If you get certificate errors**: Make sure you've completed Step 5.1.1 (Configure Docker to Trust Harbor Registry) and restarted Docker.
#### 6.3 Troubleshooting Common Issues
#### 5.13 Troubleshooting Common Harbor Issues
**Certificate Issues**:
```bash
@ -863,15 +831,15 @@ sudo update-ca-certificates
sudo systemctl restart docker
```
### Step 7: Set Up SSH for Production Communication
### Step 6: Set Up SSH for Production Communication
#### 7.1 Generate SSH Key Pair
#### 6.1 Generate SSH Key Pair
```bash
ssh-keygen -t ed25519 -C "ci-cd-server" -f ~/.ssh/id_ed25519 -N ""
```
#### 7.2 Create SSH Config
#### 6.2 Create SSH Config
```bash
cat > ~/.ssh/config << 'EOF'
@ -886,9 +854,9 @@ EOF
chmod 600 ~/.ssh/config
```
### Step 8: Install Forgejo Actions Runner
### Step 7: Install Forgejo Actions Runner
#### 8.1 Download Runner
#### 7.1 Download Runner
```bash
cd ~
@ -897,7 +865,7 @@ chmod +x forgejo-runner-0.2.11-linux-amd64
sudo mv forgejo-runner-0.2.11-linux-amd64 /usr/local/bin/forgejo-runner
```
#### 8.2 Create Systemd Service
#### 7.2 Create Systemd Service
```bash
sudo tee /etc/systemd/system/forgejo-runner.service > /dev/null << 'EOF'
@ -918,14 +886,14 @@ WantedBy=multi-user.target
EOF
```
#### 8.3 Enable Service
#### 7.3 Enable Service
```bash
sudo systemctl daemon-reload
sudo systemctl enable forgejo-runner.service
```
#### 8.4 Test Runner Configuration
#### 7.4 Test Runner Configuration
```bash
# Check if the runner is running
@ -953,9 +921,9 @@ forgejo-runner list
- Check network: Ensure the runner can reach your Forgejo instance
- Restart service: `sudo systemctl restart forgejo-runner.service`
### Step 9: Set Up Monitoring and Cleanup
### Step 8: Set Up Monitoring and Cleanup
#### 9.1 Monitoring Script
#### 8.1 Monitoring Script
**Important**: The repository includes a pre-configured monitoring script in the `scripts/` directory that can be used for both CI/CD and production monitoring.
@ -979,7 +947,7 @@ chmod +x scripts/monitor.sh
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information.
#### 9.2 Cleanup Script
#### 8.2 Cleanup Script
**Important**: The repository includes a pre-configured cleanup script in the `scripts/` directory that can be used for both CI/CD and production cleanup operations.
@ -1006,7 +974,7 @@ chmod +x scripts/cleanup.sh
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, dry-run mode, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate cleanup operations.
#### 9.3 Test Cleanup Script
#### 8.3 Test Cleanup Script
```bash
# Create some test images to clean up
@ -1044,7 +1012,7 @@ docker network ls
- Check registry access: `cd /opt/APP_NAME/registry && docker compose ps`
- Run manually: `bash -x scripts/cleanup.sh`
#### 9.4 Set Up Automated Cleanup
#### 8.4 Set Up Automated Cleanup
```bash
# Create a cron job to run cleanup daily at 3 AM using the repository script
@ -1060,7 +1028,7 @@ crontab -l
- **Logging**: All cleanup output is logged to `/tmp/cleanup.log`
- **What it cleans**: Unused Docker images, volumes, networks, and Harbor images
### Step 10: Configure Firewall
### Step 9: Configure Firewall
```bash
sudo ufw --force enable
@ -1075,23 +1043,23 @@ sudo ufw allow 443/tcp # Harbor registry (public read access)
- **SSH**: Restricted to your IP addresses
- **All other ports**: Blocked
### Step 11: Test CI/CD Setup
### Step 10: Test CI/CD Setup
#### 11.1 Test Docker Installation
#### 10.1 Test Docker Installation
```bash
docker --version
docker compose --version
```
#### 11.2 Check Harbor Status
#### 10.2 Check Harbor Status
```bash
cd /opt/APP_NAME/registry
docker compose ps
```
#### 11.3 Test Harbor Access
#### 10.3 Test Harbor Access
```bash
# Test Harbor API
@ -1101,7 +1069,7 @@ curl -k https://localhost:8080/api/v2.0/health
curl -k -I https://localhost
```
#### 11.4 Get Public Key for Production Server
#### 10.4 Get Public Key for Production Server
```bash
cat ~/.ssh/id_ed25519.pub
@ -1113,15 +1081,15 @@ cat ~/.ssh/id_ed25519.pub
## Part 2: Production Linode Setup
### Step 12: Initial System Setup
### Step 11: Initial System Setup
#### 12.1 Update the System
#### 11.1 Update the System
```bash
sudo apt update && sudo apt upgrade -y
```
#### 12.2 Configure Timezone
#### 11.2 Configure Timezone
```bash
# Configure timezone interactively
@ -1135,7 +1103,7 @@ date
**Expected output**: After selecting your timezone, the `date` command should show the current date and time in your selected timezone.
#### 12.3 Configure /etc/hosts
#### 11.3 Configure /etc/hosts
```bash
# Add localhost entries for both IPv4 and IPv6
@ -1156,7 +1124,7 @@ cat /etc/hosts
**Expected output**: The `/etc/hosts` file should show entries for `127.0.0.1`, `::1`, and your Linode's actual IP addresses all mapping to `localhost`.
#### 12.4 Install Essential Packages
#### 11.4 Install Essential Packages
```bash
sudo apt install -y \
@ -1174,9 +1142,9 @@ sudo apt install -y \
python3-certbot-nginx
```
### Step 13: Create Users
### Step 12: Create Users
#### 13.1 Create the SERVICE_USER User
#### 12.1 Create the SERVICE_USER User
```bash
# Create dedicated group for the service account
@ -1187,7 +1155,7 @@ sudo useradd -r -g SERVICE_USER -s /bin/bash -m -d /home/SERVICE_USER SERVICE_US
echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd
```
#### 13.2 Create the DEPLOY_USER User
#### 12.2 Create the DEPLOY_USER User
```bash
# Create deployment user
@ -1196,7 +1164,7 @@ sudo usermod -aG sudo DEPLOY_USER
echo "DEPLOY_USER:$(openssl rand -base64 32)" | sudo chpasswd
```
#### 13.3 Verify Users
#### 12.3 Verify Users
```bash
sudo su - SERVICE_USER
@ -1210,9 +1178,9 @@ pwd
exit
```
### Step 14: Install Docker
### Step 13: Install Docker
#### 14.1 Add Docker Repository
#### 13.1 Add Docker Repository
```bash
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
@ -1220,28 +1188,28 @@ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docke
sudo apt update
```
#### 14.2 Install Docker Packages
#### 13.2 Install Docker Packages
```bash
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
```
#### 14.3 Configure Docker for Service Account
#### 13.3 Configure Docker for Service Account
```bash
sudo usermod -aG docker SERVICE_USER
```
### Step 15: Install Docker Compose
### Step 14: Install Docker Compose
```bash
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
```
### Step 16: Configure Security
### Step 15: Configure Security
#### 16.1 Configure Firewall
#### 15.1 Configure Firewall
```bash
sudo ufw --force enable
@ -1254,16 +1222,16 @@ sudo ufw allow 3000/tcp
sudo ufw allow 3001/tcp
```
#### 16.2 Configure Fail2ban
#### 15.2 Configure Fail2ban
```bash
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
```
### Step 17: Create Application Directory
### Step 16: Create Application Directory
#### 17.1 Create Directory Structure
#### 16.1 Create Directory Structure
```bash
sudo mkdir -p /opt/APP_NAME
@ -1272,22 +1240,22 @@ sudo chown SERVICE_USER:SERVICE_USER /opt/APP_NAME
**Note**: Replace `APP_NAME` with your actual application name. This directory name can be controlled via the `APP_NAME` secret in your Forgejo repository settings. If you set the `APP_NAME` secret to `myapp`, the deployment directory will be `/opt/myapp`.
#### 17.2 Create SSL Directory (Optional - for domain users)
#### 16.2 Create SSL Directory (Optional - for domain users)
```bash
sudo mkdir -p /opt/APP_NAME/nginx/ssl
sudo chown SERVICE_USER:SERVICE_USER /opt/APP_NAME/nginx/ssl
```
### Step 18: Clone Repository and Set Up Application Files
### Step 17: Clone Repository and Set Up Application Files
#### 18.1 Switch to SERVICE_USER User
#### 17.1 Switch to SERVICE_USER User
```bash
sudo su - SERVICE_USER
```
#### 18.2 Clone Repository
#### 17.2 Clone Repository
```bash
cd /opt/APP_NAME
@ -1300,7 +1268,7 @@ git clone https://your-forgejo-instance/your-username/APP_NAME.git .
**Note**: Replace `your-forgejo-instance` and `your-username/APP_NAME` with your actual Forgejo instance URL and repository path.
#### 18.3 Create Environment File
#### 17.3 Create Environment File
The repository doesn't include a `.env.example` file for security reasons. The CI/CD pipeline will create the `.env` file dynamically during deployment. However, for manual testing or initial setup, you can create a basic `.env` file:
@ -1326,7 +1294,7 @@ EOF
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and `your_secure_password_here` with a strong password.
#### 18.4 Configure Docker for Harbor Access
#### 17.4 Configure Docker for Harbor Access
```bash
# Add the CI/CD Harbor registry to Docker's insecure registries
@ -1343,9 +1311,9 @@ sudo systemctl restart docker
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
### Step 19: Set Up SSH Key Authentication
### Step 18: Set Up SSH Key Authentication
#### 19.1 Add CI/CD Public Key
#### 18.1 Add CI/CD Public Key
```bash
# Create .ssh directory for SERVICE_USER
@ -1359,7 +1327,7 @@ chmod 600 ~/.ssh/authorized_keys
**Important**: Replace `YOUR_CI_CD_PUBLIC_KEY` with the public key from the CI/CD Linode (the output from `cat ~/.ssh/id_ed25519.pub` on the CI/CD Linode).
#### 19.2 Test SSH Connection
#### 18.2 Test SSH Connection
From the CI/CD Linode, test the SSH connection:
@ -1369,16 +1337,16 @@ ssh production
**Expected output**: You should be able to SSH to the production server without a password prompt.
### Step 20: Test Production Setup
### Step 19: Test Production Setup
#### 20.1 Test Docker Installation
#### 19.1 Test Docker Installation
```bash
docker --version
docker compose --version
```
#### 20.2 Test Harbor Access
#### 19.2 Test Harbor Access
```bash
# Test pulling an image from the CI/CD Harbor registry
@ -1387,14 +1355,14 @@ docker pull YOUR_CI_CD_IP:8080/public/backend:latest
**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address.
#### 20.3 Test Application Deployment
#### 19.3 Test Application Deployment
```bash
cd /opt/APP_NAME
docker compose up -d
```
#### 20.4 Verify Application Status
#### 19.4 Verify Application Status
```bash
docker compose ps
@ -1411,9 +1379,9 @@ curl http://localhost:3001/health
## Part 3: Final Configuration and Testing
### Step 21: Configure Forgejo Repository Secrets
### Step 20: Configure Forgejo Repository Secrets
#### 21.1 Required Repository Secrets
#### 20.1 Required Repository Secrets
Go to your Forgejo repository and add these secrets in **Settings → Secrets and Variables → Actions**:
@ -1429,16 +1397,16 @@ Go to your Forgejo repository and add these secrets in **Settings → Secrets an
- `DOMAIN`: Your domain name (e.g., `example.com`)
- `EMAIL`: Your email for SSL certificate notifications
#### 21.2 Configure Forgejo Actions Runner
#### 20.2 Configure Forgejo Actions Runner
##### 21.2.1 Get Runner Token
##### 20.2.1 Get Runner Token
1. Go to your Forgejo repository
2. Navigate to **Settings → Actions → Runners**
3. Click **"New runner"**
4. Copy the registration token
##### 21.2.2 Configure Runner
##### 20.2.2 Configure Runner
```bash
# Switch to DEPLOY_USER on CI/CD Linode
@ -1457,14 +1425,14 @@ forgejo-runner register \
--no-interactive
```
##### 21.2.3 Start Runner
##### 20.2.3 Start Runner
```bash
sudo systemctl start forgejo-runner.service
sudo systemctl status forgejo-runner.service
```
##### 21.2.4 Test Runner Configuration
##### 20.2.4 Test Runner Configuration
```bash
# Check if the runner is running
@ -1492,9 +1460,9 @@ forgejo-runner list
- Check network: Ensure the runner can reach your Forgejo instance
- Restart service: `sudo systemctl restart forgejo-runner.service`
### Step 22: Set Up Monitoring and Cleanup
### Step 21: Set Up Monitoring and Cleanup
#### 22.1 Monitoring Script
#### 21.1 Monitoring Script
**Important**: The repository includes a pre-configured monitoring script in the `scripts/` directory that can be used for both CI/CD and production monitoring.
@ -1518,7 +1486,7 @@ chmod +x scripts/monitor.sh
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate monitoring information.
#### 22.2 Cleanup Script
#### 21.2 Cleanup Script
**Important**: The repository includes a pre-configured cleanup script in the `scripts/` directory that can be used for both CI/CD and production cleanup operations.
@ -1545,7 +1513,7 @@ chmod +x scripts/cleanup.sh
**Note**: The repository script is more comprehensive and includes proper error handling, colored output, dry-run mode, and support for both CI/CD and production environments. It automatically detects the environment and provides appropriate cleanup operations.
#### 22.3 Test Cleanup Script
#### 21.3 Test Cleanup Script
```bash
# Create some test images to clean up
@ -1583,7 +1551,7 @@ docker network ls
- Check registry access: `cd /opt/APP_NAME/registry && docker compose ps`
- Run manually: `bash -x scripts/cleanup.sh`
#### 22.4 Set Up Automated Cleanup
#### 21.4 Set Up Automated Cleanup
```bash
# Create a cron job to run cleanup daily at 3 AM using the repository script
@ -1599,15 +1567,15 @@ crontab -l
- **Logging**: All cleanup output is logged to `/tmp/cleanup.log`
- **What it cleans**: Unused Docker images, volumes, networks, and Harbor images
### Step 23: Test Complete Pipeline
### Step 22: Test Complete Pipeline
#### 23.1 Trigger a Test Build
#### 22.1 Trigger a Test Build
1. **Make a small change** to your repository (e.g., update a comment or add a test file)
2. **Commit and push** the changes to trigger the CI/CD pipeline
3. **Monitor the build** in your Forgejo repository → Actions tab
#### 23.2 Verify Pipeline Steps
#### 22.2 Verify Pipeline Steps
The pipeline should execute these steps in order:
@ -1619,7 +1587,7 @@ The pipeline should execute these steps in order:
6. **Push to Registry**: Push images to your private registry
7. **Deploy to Production**: Deploy to production server
#### 23.3 Check Harbor
#### 22.3 Check Harbor
```bash
# On CI/CD Linode
@ -1633,7 +1601,7 @@ curl -k https://localhost:8080/v2/public/backend/tags/list
curl -k https://localhost:8080/v2/public/frontend/tags/list
```
#### 23.4 Verify Production Deployment
#### 22.4 Verify Production Deployment
```bash
# On Production Linode
@ -1651,16 +1619,16 @@ docker compose logs backend
docker compose logs frontend
```
#### 23.5 Test Application Functionality
#### 22.5 Test Application Functionality
1. **Frontend**: Visit your production URL (IP or domain)
2. **Backend API**: Test API endpoints
3. **Database**: Verify database connections
4. **Logs**: Check for any errors in application logs
### Step 24: Set Up SSL/TLS (Optional - Domain Users)
### Step 23: Set Up SSL/TLS (Optional - Domain Users)
#### 24.1 Install SSL Certificate
#### 23.1 Install SSL Certificate
If you have a domain pointing to your Production Linode:
@ -1672,7 +1640,7 @@ sudo certbot --nginx -d your-domain.com
sudo certbot certificates
```
#### 24.2 Configure Auto-Renewal
#### 23.2 Configure Auto-Renewal
```bash
# Test auto-renewal
@ -1684,9 +1652,9 @@ sudo crontab -e
# 0 12 * * * /usr/bin/certbot renew --quiet
```
### Step 25: Final Verification
### Step 24: Final Verification
#### 25.1 Security Check
#### 24.1 Security Check
```bash
# Check firewall status
@ -1699,7 +1667,7 @@ sudo systemctl status fail2ban
sudo grep "PasswordAuthentication" /etc/ssh/sshd_config
```
#### 25.2 Performance Check
#### 24.2 Performance Check
```bash
# Check system resources
@ -1712,7 +1680,7 @@ df -h
docker system df
```
#### 25.3 Backup Verification
#### 24.3 Backup Verification
```bash
# Test backup script
@ -1723,16 +1691,16 @@ cd /opt/APP_NAME
./scripts/backup.sh
```
### Step 26: Documentation and Maintenance
### Step 25: Documentation and Maintenance
#### 26.1 Update Documentation
#### 25.1 Update Documentation
1. **Update README.md** with deployment information
2. **Document environment variables** and their purposes
3. **Create troubleshooting guide** for common issues
4. **Document backup and restore procedures**
#### 26.2 Set Up Monitoring Alerts
#### 25.2 Set Up Monitoring Alerts
```bash
# Set up monitoring cron job
@ -1742,7 +1710,7 @@ cd /opt/APP_NAME
tail -f /tmp/monitor.log
```
#### 26.3 Regular Maintenance Tasks
#### 25.3 Regular Maintenance Tasks
**Daily:**
- Check application logs for errors