# CI/CD Pipeline Setup Complete ✅ ## Overview Complete CI/CD pipeline configured using: - **Woodpecker CI**: Build and test automation - **Kaniko**: containerd-compatible image builder - **Harbor Registry**: Container image storage - **ArgoCD**: GitOps-based deployment ## Pipeline Architecture ``` GitHub Push → Woodpecker CI → Kaniko Build → Harbor Registry → ArgoCD → Kubernetes ``` ## Components ### 1. Woodpecker CI Pipeline (`.woodpecker.yml`) #### Pipeline Steps: 1. **Frontend Lint & Test** - Runs on: `push`, `pull_request` - Path: `bugulma/frontend/**` - Commands: `yarn install`, `yarn lint`, `yarn test` 2. **Frontend Build** (Kaniko) - Runs on: `push` to `master` - Path: `bugulma/frontend/**` - Builds: `registry.bk.glpx.pro/turash/turash-frontend:latest` and `:${CI_COMMIT_SHA}` - Uses containerd-compatible Kaniko executor 3. **Backend Lint & Test** - Runs on: `push`, `pull_request` - Path: `bugulma/backend/**` - Commands: `go vet`, `go test`, coverage 4. **Backend Build** (Kaniko) - Runs on: `push` to `master` - Path: `bugulma/backend/**` - Builds: `registry.bk.glpx.pro/turash/turash-backend:latest` and `:${CI_COMMIT_SHA}` - Uses containerd-compatible Kaniko executor 5. **Deploy to Staging** (Optional - ArgoCD handles this automatically) - Runs on: `push` to `master` - Path: `bugulma/**`, `k8s/**` - Manual kubectl deployment (can be disabled if using ArgoCD only) 6. **E2E Tests** - Runs on: `push` to `master` - Path: `bugulma/frontend/**` - Uses Playwright for end-to-end testing 7. **Failure Notification** - Runs on: Any failure - Logs failure information ### 2. Harbor Container Registry - **URL**: https://registry.bk.glpx.pro - **Registry**: `registry.bk.glpx.pro` - **Project**: `turash` - **Credentials**: Configured in Woodpecker secrets ### 3. ArgoCD GitOps - **Backend Application**: `turash-backend` - **Frontend Application**: `turash-frontend` - **Sync Policy**: Automated with self-heal - **Source**: `https://github.com/SamyRai/turash.git` - **Path**: `k8s/` - **Target Revision**: `HEAD` (updates automatically) ## Required Secrets ### Woodpecker Secrets Configure these secrets in Woodpecker for repository `SamyRai/turash`: ```bash # Docker registry credentials (for Harbor) woodpecker-cli repo secret add SamyRai/turash \ --name docker_username \ --value admin woodpecker-cli repo secret add SamyRai/turash \ --name docker_password \ --value "YOUR_HARBOR_PASSWORD" # Kubernetes token (optional, only if using manual deploy step) woodpecker-cli repo secret add SamyRai/turash \ --name kube_token \ --value "YOUR_KUBERNETES_TOKEN" ``` **Current Status**: - ✅ `docker_username`: Configured - ✅ `docker_password`: Configured - ⚠️ `kube_token`: Not configured (optional if using ArgoCD only) ### Harbor Credentials - **Username**: `admin` - **Password**: See `k8s/registry/harbor-secrets.yaml.template` ## Deployment Flow ### Automatic Deployment (Recommended) 1. **Developer pushes to `master` branch** 2. **Woodpecker triggers pipeline**: - Lints and tests code - Builds Docker images with Kaniko - Pushes images to Harbor registry 3. **ArgoCD detects changes**: - Monitors Git repository - Detects new image tags in Kubernetes manifests - Automatically syncs and deploys to Kubernetes ### Manual Deployment (Optional) The `deploy-staging` step in Woodpecker can manually deploy using kubectl, but this is redundant if ArgoCD is configured with automated sync. ## Image Tagging Strategy Images are tagged with: - `latest`: Always points to the latest build - `${CI_COMMIT_SHA}`: Specific commit SHA for traceability Kubernetes deployments should reference specific SHA tags for production: ```yaml image: registry.bk.glpx.pro/turash/turash-backend:abc123def456 ``` ## Verification ### Check Woodpecker Pipeline ```bash # List pipelines woodpecker-cli pipeline ls SamyRai/turash # View latest pipeline woodpecker-cli pipeline last SamyRai/turash # View pipeline logs woodpecker-cli pipeline logs SamyRai/turash ``` ### Check Harbor Registry ```bash # Login to Harbor docker login registry.bk.glpx.pro -u admin -p "PASSWORD" # List images curl -u admin:PASSWORD https://registry.bk.glpx.pro/api/v2.0/projects/turash/repositories # Or via Harbor UI open https://registry.bk.glpx.pro ``` ### Check ArgoCD Applications ```bash # List applications argocd app list # Get application status argocd app get turash-backend argocd app get turash-frontend # View application sync status argocd app sync turash-backend ``` ### Check Kubernetes Deployments ```bash # Check pods kubectl get pods -n turash # Check deployments kubectl get deployments -n turash # Check services kubectl get svc -n turash # Check ingress kubectl get ingress -n turash ``` ## Troubleshooting ### Pipeline Fails to Build 1. **Check Kaniko logs**: Verify Dockerfile and build context 2. **Check registry access**: Ensure Harbor credentials are correct 3. **Check secrets**: Verify `docker_username` and `docker_password` are set ### Images Not Deploying 1. **Check ArgoCD sync status**: `argocd app get turash-backend` 2. **Check image pull secrets**: Ensure Harbor registry secret is configured 3. **Check image tags**: Verify deployment manifests reference correct tags ### ArgoCD Not Syncing 1. **Check repository access**: Ensure ArgoCD can access GitHub repository 2. **Check application status**: `argocd app get turash-backend` 3. **Check sync policy**: Verify automated sync is enabled ## Next Steps 1. ✅ **Pipeline configured** - Woodpecker CI with Kaniko 2. ✅ **Registry configured** - Harbor with containerd support 3. ✅ **GitOps configured** - ArgoCD with automated sync 4. ⚠️ **Optional**: Configure `kube_token` secret if using manual deploy step 5. 🔄 **Test pipeline**: Push a commit to trigger the pipeline 6. 🔄 **Verify deployment**: Check ArgoCD sync and Kubernetes pods ## Key Features - ✅ **containerd-compatible**: Uses Kaniko instead of Docker - ✅ **No privileged mode**: Kaniko doesn't require privileged containers - ✅ **Automated deployment**: ArgoCD handles GitOps deployments - ✅ **Multi-architecture**: Ready for ARM64 and AMD64 (if needed) - ✅ **Caching**: Kaniko cache enabled for faster builds - ✅ **Security**: Secrets managed via Woodpecker secret store