turash/docs/CICD_SETUP_COMPLETE.md

CI/CD Pipeline Setup Complete ✅

Overview

Complete CI/CD pipeline configured using:

• Woodpecker CI: Build and test automation
• Kaniko: containerd-compatible image builder
• Harbor Registry: Container image storage
• ArgoCD: GitOps-based deployment

Pipeline Architecture

GitHub Push → Woodpecker CI → Kaniko Build → Harbor Registry → ArgoCD → Kubernetes

Components

1. Woodpecker CI Pipeline (.woodpecker.yml)

Pipeline Steps:

1. Frontend Lint & Test

   • Runs on: push, pull_request
   • Path: bugulma/frontend/**
   • Commands: yarn install, yarn lint, yarn test

2. Frontend Build (Kaniko)

   • Runs on: push to master
   • Path: bugulma/frontend/**
   • Builds: registry.bk.glpx.pro/turash/turash-frontend:latest and :${CI_COMMIT_SHA}
   • Uses containerd-compatible Kaniko executor

3. Backend Lint & Test

   • Runs on: push, pull_request
   • Path: bugulma/backend/**
   • Commands: go vet, go test, coverage

4. Backend Build (Kaniko)

   • Runs on: push to master
   • Path: bugulma/backend/**
   • Builds: registry.bk.glpx.pro/turash/turash-backend:latest and :${CI_COMMIT_SHA}
   • Uses containerd-compatible Kaniko executor

5. Deploy to Staging (Optional - ArgoCD handles this automatically)

   • Runs on: push to master
   • Path: bugulma/**, k8s/**
   • Manual kubectl deployment (can be disabled if using ArgoCD only)

6. E2E Tests

   • Runs on: push to master
   • Path: bugulma/frontend/**
   • Uses Playwright for end-to-end testing

7. Failure Notification

   • Runs on: Any failure
   • Logs failure information

2. Harbor Container Registry

• URL: https://registry.bk.glpx.pro
• Registry: registry.bk.glpx.pro
• Project: turash
• Credentials: Configured in Woodpecker secrets

3. ArgoCD GitOps

• Backend Application: turash-backend
• Frontend Application: turash-frontend
• Sync Policy: Automated with self-heal
• Source: https://github.com/SamyRai/turash.git
• Path: k8s/
• Target Revision: HEAD (updates automatically)

Required Secrets

Woodpecker Secrets

Configure these secrets in Woodpecker for repository SamyRai/turash:

# Docker registry credentials (for Harbor)
woodpecker-cli repo secret add SamyRai/turash \
  --name docker_username \
  --value admin

woodpecker-cli repo secret add SamyRai/turash \
  --name docker_password \
  --value "YOUR_HARBOR_PASSWORD"

# Kubernetes token (optional, only if using manual deploy step)
woodpecker-cli repo secret add SamyRai/turash \
  --name kube_token \
  --value "YOUR_KUBERNETES_TOKEN"

Current Status:

• ✅ docker_username: Configured
• ✅ docker_password: Configured
• ⚠️ kube_token: Not configured (optional if using ArgoCD only)

Harbor Credentials

• Username: admin
• Password: See k8s/registry/harbor-secrets.yaml.template

Deployment Flow

Automatic Deployment (Recommended)

1. Developer pushes to master branch
2. Woodpecker triggers pipeline:
   • Lints and tests code
   • Builds Docker images with Kaniko
   • Pushes images to Harbor registry
3. ArgoCD detects changes:
   • Monitors Git repository
   • Detects new image tags in Kubernetes manifests
   • Automatically syncs and deploys to Kubernetes

Manual Deployment (Optional)

The deploy-staging step in Woodpecker can manually deploy using kubectl, but this is redundant if ArgoCD is configured with automated sync.

Image Tagging Strategy

Images are tagged with:

• latest: Always points to the latest build
• ${CI_COMMIT_SHA}: Specific commit SHA for traceability

Kubernetes deployments should reference specific SHA tags for production:

image: registry.bk.glpx.pro/turash/turash-backend:abc123def456

Verification

Check Woodpecker Pipeline

# List pipelines
woodpecker-cli pipeline ls SamyRai/turash

# View latest pipeline
woodpecker-cli pipeline last SamyRai/turash

# View pipeline logs
woodpecker-cli pipeline logs SamyRai/turash <pipeline-number>

Check Harbor Registry

# Login to Harbor
docker login registry.bk.glpx.pro -u admin -p "PASSWORD"

# List images
curl -u admin:PASSWORD https://registry.bk.glpx.pro/api/v2.0/projects/turash/repositories

# Or via Harbor UI
open https://registry.bk.glpx.pro

Check ArgoCD Applications

# List applications
argocd app list

# Get application status
argocd app get turash-backend
argocd app get turash-frontend

# View application sync status
argocd app sync turash-backend

Check Kubernetes Deployments

# Check pods
kubectl get pods -n turash

# Check deployments
kubectl get deployments -n turash

# Check services
kubectl get svc -n turash

# Check ingress
kubectl get ingress -n turash

Troubleshooting

Pipeline Fails to Build

1. Check Kaniko logs: Verify Dockerfile and build context
2. Check registry access: Ensure Harbor credentials are correct
3. Check secrets: Verify docker_username and docker_password are set

Images Not Deploying

1. Check ArgoCD sync status: argocd app get turash-backend
2. Check image pull secrets: Ensure Harbor registry secret is configured
3. Check image tags: Verify deployment manifests reference correct tags

ArgoCD Not Syncing

1. Check repository access: Ensure ArgoCD can access GitHub repository
2. Check application status: argocd app get turash-backend
3. Check sync policy: Verify automated sync is enabled

Next Steps

1. ✅ Pipeline configured - Woodpecker CI with Kaniko
2. ✅ Registry configured - Harbor with containerd support
3. ✅ GitOps configured - ArgoCD with automated sync
4. ⚠️ Optional: Configure kube_token secret if using manual deploy step
5. 🔄 Test pipeline: Push a commit to trigger the pipeline
6. 🔄 Verify deployment: Check ArgoCD sync and Kubernetes pods

Key Features

• ✅ containerd-compatible: Uses Kaniko instead of Docker
• ✅ No privileged mode: Kaniko doesn't require privileged containers
• ✅ Automated deployment: ArgoCD handles GitOps deployments
• ✅ Multi-architecture: Ready for ARM64 and AMD64 (if needed)
• ✅ Caching: Kaniko cache enabled for faster builds
• ✅ Security: Secrets managed via Woodpecker secret store