txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5e38292d2ef5c14d8e4882e2f74a6be17812cb04
cv-site/DEPLOYMENT_SETUP.md
T
root 5e38292d2e Add GitHub Actions deployment workflow 
- Add deployment workflow with test, build, and deploy jobs
- Add testing workflow for PRs
- Add deployment scripts (deploy, healthcheck, rollback)
- Add systemd service configuration
- Update Makefile with CI/CD targets
- Add comprehensive deployment documentation
2025-10-30 12:19:57 +00:00

321 lines
8.6 KiB
Markdown
Raw Blame History

# Deployment Setup Guide
This guide will help you configure GitHub Actions for automatic deployment of your CV site.
## Overview
The deployment system is now fully configured with:
- ✅ GitHub Actions workflows (`.github/workflows/`)
- ✅ Deployment scripts (`scripts/`)
- ✅ Systemd service configuration (`config/systemd/cv.service`)
- ✅ Updated Makefile with CI/CD targets
## Required GitHub Secrets
To enable automatic deployment, you need to configure these secrets in your GitHub repository:
Go to: **Settings → Secrets and variables → Actions → New repository secret**
### Essential Secrets
| Secret Name | Value | Description |
|------------|-------|-------------|
| `SSH_PRIVATE_KEY` | Your private SSH key | Used to connect to the production server |
| `SSH_HOST` | `localhost` or your server IP | Production server hostname |
| `SSH_USER` | `txeo` | SSH username for deployment |
| `SSH_PORT` | `22` (default) | SSH port (optional if using default) |
### Optional Secrets
| Secret Name | Description |
|------------|-------------|
| `SLACK_WEBHOOK` | Slack webhook URL for deployment notifications |
## Setting Up SSH Key for GitHub Actions
Since this machine is both the development and production server, you need to set up SSH access for GitHub Actions to deploy here.
### Option 1: Deploy to localhost (Recommended for same-machine setup)
If GitHub Actions will run on the same machine, you can use localhost:
```bash
# Generate a deployment key (reusable for all projects)
ssh-keygen -t ed25519 -C "github-actions-deployment" -f ~/.ssh/github-deploy -N ""
# Add the public key to authorized_keys
cat ~/.ssh/github-deploy.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
# Copy the private key to add to GitHub Secrets (use this for ALL projects)
cat ~/.ssh/github-deploy
# Copy the entire output (including BEGIN and END lines)
```
**GitHub Secrets Configuration:**
- `SSH_PRIVATE_KEY`: (paste the private key output from above)
- `SSH_HOST`: `localhost` or `127.0.0.1`
- `SSH_USER`: `txeo`
- `SSH_PORT`: `22`
### Option 2: Deploy from GitHub hosted runners
If using GitHub's hosted runners to deploy to this server:
```bash
# Generate a deployment key (reusable for all projects)
ssh-keygen -t ed25519 -C "github-actions-deployment" -f ~/.ssh/github-deploy -N ""
# Add the public key to authorized_keys
cat ~/.ssh/github-deploy.pub >> ~/.ssh/authorized_keys
# Get your public IP address
curl ifconfig.me
# Copy the private key (use this for ALL projects)
cat ~/.ssh/github-deploy
```
**GitHub Secrets Configuration:**
- `SSH_PRIVATE_KEY`: (paste the private key output)
- `SSH_HOST`: (your public IP from `curl ifconfig.me`)
- `SSH_USER`: `txeo`
- `SSH_PORT`: `22`
## Reusing Secrets Across Multiple Projects
**Important**: If you have multiple projects deploying to the same server, use **one shared SSH key** for all of them.
### Why One Shared Key?
**Advantages:**
- **Simpler management** - One key to rotate/update instead of multiple
- **Same access level** - All projects deploy as the same user anyway
- **Easier setup** - Generate once, reuse everywhere
- **Standard practice** - CI/CD systems typically use one deploy key per server
**You don't need separate keys because:**
- All projects deploy to the same server
- All projects use the same user account (`txeo`)
- Separation is already handled by different deployment paths and services
### Shared Secrets (Same for All 3+ Projects)
Copy these exact same values to all your project repositories:
- `SSH_PRIVATE_KEY` - The `~/.ssh/github-deploy` key you generated once
- `SSH_HOST` - Same server (localhost or your IP)
- `SSH_USER` - Same user (`txeo`)
- `SSH_PORT` - Same SSH port (`22`)
- `SLACK_WEBHOOK` - Same notification channel (optional)
### Project-Specific Configuration
Only change these in each project's `.github/workflows/deploy.yml` (in the `env` section):
| Project | APP_NAME | SERVICE_NAME | DEPLOY_PATH | PORT |
|---------|----------|--------------|-------------|------|
| CV Site | cv-server | cv | /home/txeo/Git/yo/cv | 1999 |
| Project 2 | project2-server | project2 | /home/txeo/Git/yo/project2 | 2000 |
| Project 3 | project3-server | project3 | /home/txeo/Git/yo/project3 | 2001 |
### Setup Process
1. **Generate SSH key once** on the server:
```bash
ssh-keygen -t ed25519 -C "github-actions-deployment" -f ~/.ssh/github-deploy -N ""
cat ~/.ssh/github-deploy.pub >> ~/.ssh/authorized_keys
```
2. **Copy the key** for use in all projects:
```bash
cat ~/.ssh/github-deploy
```
3. **Add to each repository's GitHub Secrets** (same values):
- Repository 1 (cv) → Add secrets
- Repository 2 (project2) → Add **same** secrets
- Repository 3 (project3) → Add **same** secrets
4. **Customize each workflow** by editing only the `env` section in `deploy.yml`
## Service Configuration
The systemd service configuration has been created at:
- **Template**: `config/systemd/cv.service`
- **Active service**: `/etc/systemd/system/cv.service`
### Update the Active Service (if needed)
If you want to use the new service template with better security settings:
```bash
# Update the systemd service
make update-service
# Or manually:
sudo cp config/systemd/cv.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl restart cv
sudo systemctl status cv
```
## Testing the Deployment Locally
Before pushing to GitHub, you can test the deployment scripts locally:
```bash
# Build the binary
make ci-build
# Test the deployment script
cd build
tar -czf cv-server-test.tar.gz cv-server
cd ..
mv build/cv-server-test.tar.gz ./cv-server.new
chmod +x scripts/deploy.sh
./scripts/deploy.sh cv-server cv
# Check service status
systemctl status cv
# Test health check
make health-check
```
## Deployment Workflow
Once configured, the deployment works automatically:
1. **Push to main branch** → Triggers deployment
2. **Run tests** → Ensures code quality
3. **Build binary** → Creates production binary
4. **Deploy to server** → Uploads and installs new version
5. **Health check** → Verifies deployment success
6. **Send notification** → (if Slack webhook configured)
### Manual Deployment
You can also trigger deployment manually:
1. Go to **Actions** tab in GitHub
2. Select **Deploy CV Site to Production**
3. Click **Run workflow**
4. Choose options (e.g., skip tests)
5. Click **Run workflow**
## Rollback
If a deployment fails or you need to rollback:
```bash
# View available backups
./scripts/rollback.sh cv-server cv
# Rollback to the most recent version
./scripts/rollback.sh cv-server cv latest
# Rollback to specific version (e.g., version #2)
./scripts/rollback.sh cv-server cv 2
```
## Monitoring
### Check Service Status
```bash
# Service status
systemctl status cv
# View logs
journalctl -u cv -f
# View recent logs
journalctl -u cv -n 50 --no-pager
```
### Check Application Health
```bash
# Local health check
curl http://localhost:1999/health
# Public health check
curl https://juan.andres.morenorub.io/health
# Or use the make target
make health-check
```
## File Structure
```
cv/
├── .github/
│ └── workflows/
│ ├── deploy.yml # Main deployment workflow
│ └── test.yml # Testing workflow
├── scripts/
│ ├── deploy.sh # Deployment script
│ ├── healthcheck.sh # Health check script
│ └── rollback.sh # Rollback script
├── config/
│ └── systemd/
│ └── cv.service # Systemd service template
├── backups/ # (created during deployment)
│ └── cv-server.* # Binary backups
└── Makefile # Build and deployment targets
```
## Troubleshooting
### Deployment Fails with SSH Error
```bash
# Test SSH connection
ssh -p 22 txeo@localhost "echo 'SSH works'"
# Check SSH key permissions
ls -la ~/.ssh/github-deploy
# Should show: -rw------- (600)
```
### Service Won't Start
```bash
# Check service logs
sudo journalctl -u cv -n 50
# Test binary manually
./cv-server
# Check port availability
sudo netstat -tlnp | grep 1999
```
### Health Check Fails
```bash
# Check if service is running
systemctl is-active cv
# Test health endpoint
curl -v http://localhost:1999/health
# Check firewall
sudo ufw status
```
## Next Steps
1. **Add GitHub Secrets** as documented above
2. **Push to main branch** to trigger first deployment
3. **Monitor the deployment** in GitHub Actions tab
4. **Verify deployment** by checking https://juan.andres.morenorub.io
## Support
For issues or questions:
- Check GitHub Actions logs in the **Actions** tab
- Review systemd logs: `journalctl -u cv -f`
- Review the main deployment guide: `GITHUB_ACTIONS_DEPLOYMENT_GUIDE.md`
Reference in New Issue View Git Blame Copy Permalink