mirror of
https://github.com/SamyRai/turash.git
synced 2025-12-26 23:01:33 +00:00
c56ded5d56
- Replace docker-buildx plugin with Kaniko executor - Remove privileged mode requirement - Fix all Woodpecker linting errors - Update ArgoCD applications to use master branch - Add frontend Dockerfile and nginx config - Add comprehensive CI/CD setup documentation
232 lines
6.3 KiB
Markdown
232 lines
6.3 KiB
Markdown
# CI/CD Pipeline Setup Complete ✅
|
|
|
|
## Overview
|
|
|
|
Complete CI/CD pipeline configured using:
|
|
- **Woodpecker CI**: Build and test automation
|
|
- **Kaniko**: containerd-compatible image builder
|
|
- **Harbor Registry**: Container image storage
|
|
- **ArgoCD**: GitOps-based deployment
|
|
|
|
## Pipeline Architecture
|
|
|
|
```
|
|
GitHub Push → Woodpecker CI → Kaniko Build → Harbor Registry → ArgoCD → Kubernetes
|
|
```
|
|
|
|
## Components
|
|
|
|
### 1. Woodpecker CI Pipeline (`.woodpecker.yml`)
|
|
|
|
#### Pipeline Steps:
|
|
|
|
1. **Frontend Lint & Test**
|
|
- Runs on: `push`, `pull_request`
|
|
- Path: `bugulma/frontend/**`
|
|
- Commands: `yarn install`, `yarn lint`, `yarn test`
|
|
|
|
2. **Frontend Build** (Kaniko)
|
|
- Runs on: `push` to `master`
|
|
- Path: `bugulma/frontend/**`
|
|
- Builds: `registry.bk.glpx.pro/turash/turash-frontend:latest` and `:${CI_COMMIT_SHA}`
|
|
- Uses containerd-compatible Kaniko executor
|
|
|
|
3. **Backend Lint & Test**
|
|
- Runs on: `push`, `pull_request`
|
|
- Path: `bugulma/backend/**`
|
|
- Commands: `go vet`, `go test`, coverage
|
|
|
|
4. **Backend Build** (Kaniko)
|
|
- Runs on: `push` to `master`
|
|
- Path: `bugulma/backend/**`
|
|
- Builds: `registry.bk.glpx.pro/turash/turash-backend:latest` and `:${CI_COMMIT_SHA}`
|
|
- Uses containerd-compatible Kaniko executor
|
|
|
|
5. **Deploy to Staging** (Optional - ArgoCD handles this automatically)
|
|
- Runs on: `push` to `master`
|
|
- Path: `bugulma/**`, `k8s/**`
|
|
- Manual kubectl deployment (can be disabled if using ArgoCD only)
|
|
|
|
6. **E2E Tests**
|
|
- Runs on: `push` to `master`
|
|
- Path: `bugulma/frontend/**`
|
|
- Uses Playwright for end-to-end testing
|
|
|
|
7. **Failure Notification**
|
|
- Runs on: Any failure
|
|
- Logs failure information
|
|
|
|
### 2. Harbor Container Registry
|
|
|
|
- **URL**: https://registry.bk.glpx.pro
|
|
- **Registry**: `registry.bk.glpx.pro`
|
|
- **Project**: `turash`
|
|
- **Credentials**: Configured in Woodpecker secrets
|
|
|
|
### 3. ArgoCD GitOps
|
|
|
|
- **Backend Application**: `turash-backend`
|
|
- **Frontend Application**: `turash-frontend`
|
|
- **Sync Policy**: Automated with self-heal
|
|
- **Source**: `https://github.com/SamyRai/turash.git`
|
|
- **Path**: `k8s/`
|
|
- **Target Revision**: `HEAD` (updates automatically)
|
|
|
|
## Required Secrets
|
|
|
|
### Woodpecker Secrets
|
|
|
|
Configure these secrets in Woodpecker for repository `SamyRai/turash`:
|
|
|
|
```bash
|
|
# Docker registry credentials (for Harbor)
|
|
woodpecker-cli repo secret add SamyRai/turash \
|
|
--name docker_username \
|
|
--value admin
|
|
|
|
woodpecker-cli repo secret add SamyRai/turash \
|
|
--name docker_password \
|
|
--value "YOUR_HARBOR_PASSWORD"
|
|
|
|
# Kubernetes token (optional, only if using manual deploy step)
|
|
woodpecker-cli repo secret add SamyRai/turash \
|
|
--name kube_token \
|
|
--value "YOUR_KUBERNETES_TOKEN"
|
|
```
|
|
|
|
**Current Status**:
|
|
- ✅ `docker_username`: Configured
|
|
- ✅ `docker_password`: Configured
|
|
- ⚠️ `kube_token`: Not configured (optional if using ArgoCD only)
|
|
|
|
### Harbor Credentials
|
|
|
|
- **Username**: `admin`
|
|
- **Password**: See `k8s/registry/harbor-secrets.yaml.template`
|
|
|
|
## Deployment Flow
|
|
|
|
### Automatic Deployment (Recommended)
|
|
|
|
1. **Developer pushes to `master` branch**
|
|
2. **Woodpecker triggers pipeline**:
|
|
- Lints and tests code
|
|
- Builds Docker images with Kaniko
|
|
- Pushes images to Harbor registry
|
|
3. **ArgoCD detects changes**:
|
|
- Monitors Git repository
|
|
- Detects new image tags in Kubernetes manifests
|
|
- Automatically syncs and deploys to Kubernetes
|
|
|
|
### Manual Deployment (Optional)
|
|
|
|
The `deploy-staging` step in Woodpecker can manually deploy using kubectl, but this is redundant if ArgoCD is configured with automated sync.
|
|
|
|
## Image Tagging Strategy
|
|
|
|
Images are tagged with:
|
|
- `latest`: Always points to the latest build
|
|
- `${CI_COMMIT_SHA}`: Specific commit SHA for traceability
|
|
|
|
Kubernetes deployments should reference specific SHA tags for production:
|
|
```yaml
|
|
image: registry.bk.glpx.pro/turash/turash-backend:abc123def456
|
|
```
|
|
|
|
## Verification
|
|
|
|
### Check Woodpecker Pipeline
|
|
|
|
```bash
|
|
# List pipelines
|
|
woodpecker-cli pipeline ls SamyRai/turash
|
|
|
|
# View latest pipeline
|
|
woodpecker-cli pipeline last SamyRai/turash
|
|
|
|
# View pipeline logs
|
|
woodpecker-cli pipeline logs SamyRai/turash <pipeline-number>
|
|
```
|
|
|
|
### Check Harbor Registry
|
|
|
|
```bash
|
|
# Login to Harbor
|
|
docker login registry.bk.glpx.pro -u admin -p "PASSWORD"
|
|
|
|
# List images
|
|
curl -u admin:PASSWORD https://registry.bk.glpx.pro/api/v2.0/projects/turash/repositories
|
|
|
|
# Or via Harbor UI
|
|
open https://registry.bk.glpx.pro
|
|
```
|
|
|
|
### Check ArgoCD Applications
|
|
|
|
```bash
|
|
# List applications
|
|
argocd app list
|
|
|
|
# Get application status
|
|
argocd app get turash-backend
|
|
argocd app get turash-frontend
|
|
|
|
# View application sync status
|
|
argocd app sync turash-backend
|
|
```
|
|
|
|
### Check Kubernetes Deployments
|
|
|
|
```bash
|
|
# Check pods
|
|
kubectl get pods -n turash
|
|
|
|
# Check deployments
|
|
kubectl get deployments -n turash
|
|
|
|
# Check services
|
|
kubectl get svc -n turash
|
|
|
|
# Check ingress
|
|
kubectl get ingress -n turash
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
### Pipeline Fails to Build
|
|
|
|
1. **Check Kaniko logs**: Verify Dockerfile and build context
|
|
2. **Check registry access**: Ensure Harbor credentials are correct
|
|
3. **Check secrets**: Verify `docker_username` and `docker_password` are set
|
|
|
|
### Images Not Deploying
|
|
|
|
1. **Check ArgoCD sync status**: `argocd app get turash-backend`
|
|
2. **Check image pull secrets**: Ensure Harbor registry secret is configured
|
|
3. **Check image tags**: Verify deployment manifests reference correct tags
|
|
|
|
### ArgoCD Not Syncing
|
|
|
|
1. **Check repository access**: Ensure ArgoCD can access GitHub repository
|
|
2. **Check application status**: `argocd app get turash-backend`
|
|
3. **Check sync policy**: Verify automated sync is enabled
|
|
|
|
## Next Steps
|
|
|
|
1. ✅ **Pipeline configured** - Woodpecker CI with Kaniko
|
|
2. ✅ **Registry configured** - Harbor with containerd support
|
|
3. ✅ **GitOps configured** - ArgoCD with automated sync
|
|
4. ⚠️ **Optional**: Configure `kube_token` secret if using manual deploy step
|
|
5. 🔄 **Test pipeline**: Push a commit to trigger the pipeline
|
|
6. 🔄 **Verify deployment**: Check ArgoCD sync and Kubernetes pods
|
|
|
|
## Key Features
|
|
|
|
- ✅ **containerd-compatible**: Uses Kaniko instead of Docker
|
|
- ✅ **No privileged mode**: Kaniko doesn't require privileged containers
|
|
- ✅ **Automated deployment**: ArgoCD handles GitOps deployments
|
|
- ✅ **Multi-architecture**: Ready for ARM64 and AMD64 (if needed)
|
|
- ✅ **Caching**: Kaniko cache enabled for faster builds
|
|
- ✅ **Security**: Secrets managed via Woodpecker secret store
|
|
|