webmaster/minio-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
minio-storage/.gitea/workflows/README.md
Frank John Begornia c9d417bf14
All checks were successful
Deploy MinIO Production / deploy (push) Successful in 32s
Details
Initial MinIO setup with CI/CD
2026-01-06 09:47:50 +08:00

350 lines
6.8 KiB
Markdown
Raw Permalink Blame History

# MinIO Storage - Gitea Actions
This directory contains automated CI/CD workflows for MinIO deployment and maintenance.
## Workflows
### 1. `deploy.yml` - Production Deployment
**Trigger:** Push to `main` or `master` branch
**What it does:**
- Uploads docker-compose.prod.yml to server
- Creates/updates MinIO production container
- Sets up buckets automatically
- Performs health checks
**Deployment location:** `/var/www/apps/minio-storage`
**Access:**
- S3 API: https://minio.crewsportswear.com
- Console: https://console.crewsportswear.com
---
### 2. `deploy-dev.yml` - Development Deployment
**Trigger:** Push to `dev` branch
**What it does:**
- Deploys MinIO to development environment
- Uses default credentials (minioadmin/minioadmin123)
- Exposed on ports 9000/9001
- Sets up development buckets
**Deployment location:** `/var/www/apps/minio-storage-dev`
**Access:**
- S3 API: http://dev.crewsportswear.com:9000
- Console: http://dev.crewsportswear.com:9001
---
### 3. `backup.yml` - Automated Backups
**Trigger:**
- Daily at 2 AM (cron: `0 2 * * *`)
- Manual via workflow_dispatch
**What it does:**
- Backs up all MinIO buckets
- Compresses backups (.tar.gz)
- Stores in `/var/backups/minio/`
- Keeps last 7 days of backups
- Verifies backup completion
**Manual trigger:**
```bash
# Via Gitea UI: Actions → Backup MinIO Buckets → Run Workflow
```
---
## Required Secrets
Configure these in your Gitea repository settings:
**Settings → Secrets → Actions**
| Secret | Description | Example |
|--------|-------------|---------|
| `DEPLOY_SSH_KEY` | Private SSH key for deployment | `-----BEGIN OPENSSH PRIVATE KEY-----...` |
| `DEPLOY_HOST` | Production server hostname/IP | `123.45.67.89` or `server.example.com` |
| `DEPLOY_USER` | SSH username on server | `deploy` or `ubuntu` |
### Generate SSH Key
```bash
# On your local machine
ssh-keygen -t ed25519 -C "gitea-minio-deploy" -f ~/.ssh/gitea_minio_deploy
# Copy public key to server
ssh-copy-id -i ~/.ssh/gitea_minio_deploy.pub user@server
# Copy private key content to Gitea secret
cat ~/.ssh/gitea_minio_deploy
```
---
## Deployment Process
### Production Deployment
1. **Make changes** to docker-compose.prod.yml or setup scripts
2. **Commit and push** to `main` branch:
```bash
git add .
git commit -m "Update MinIO configuration"
git push origin main
```
3. **Watch workflow** in Gitea: Repository → Actions
4. **Verify deployment:**
```bash
curl https://minio.crewsportswear.com/minio/health/live
# Should return: OK
```
### Development Deployment
1. **Create/switch to dev branch:**
```bash
git checkout -b dev
```
2. **Push changes:**
```bash
git push origin dev
```
3. **Access dev environment:**
- Console: http://dev.crewsportswear.com:9001
### Manual Workflow Trigger
You can manually trigger any workflow:
1. Go to: **Repository → Actions**
2. Select workflow (e.g., "Deploy MinIO Production")
3. Click **"Run Workflow"**
4. Select branch
5. Click **"Run Workflow"** button
---
## First-Time Setup
### 1. Configure Server
Ensure your server has:
- Docker and Docker Compose installed
- Networks created: `traefik-public`, `crew-app-net`
- Traefik running (for production HTTPS)
```bash
# On server
docker network create traefik-public
docker network create crew-app-net
```
### 2. Configure Gitea Secrets
Add the three required secrets (see table above).
### 3. Initial Deployment
```bash
# Clone repo
git clone your-gitea-url/minio-storage.git
cd minio-storage
# Push to trigger deployment
git push origin main
```
### 4. Post-Deployment Setup
After first deployment, SSH into server and configure:
```bash
ssh user@server
# Set production credentials
cd /var/www/apps/minio-storage
nano .env
# Update these:
MINIO_ROOT_USER=your_secure_username
MINIO_ROOT_PASSWORD=your_secure_password_32chars
# For secured console, add BasicAuth
htpasswd -nb admin YourPassword
# Copy output to .env:
TRAEFIK_CONSOLE_AUTH='admin:$$apr1$$...'
# Restart
docker compose down && docker compose up -d
```
---
## Monitoring
### Check Deployment Status
```bash
# On server
cd /var/www/apps/minio-storage
# Check container status
docker ps | grep minio
# Check logs
docker logs crew-minio-prod
# View recent deployments
ls -lt /var/www/apps/minio-storage
```
### View Backups
```bash
# On server
ls -lh /var/backups/minio/
# Extract a backup
cd /tmp
tar -xzf /var/backups/minio/minio_backup_YYYYMMDD_HHMMSS.tar.gz
# Restore if needed (see README.md for restore procedure)
```
---
## Troubleshooting
### Deployment Failed
```bash
# Check Gitea Actions logs
# Repository → Actions → Failed workflow → View logs
# Common issues:
# 1. SSH key not added to server authorized_keys
# 2. Server disk space full
# 3. Docker not running on server
```
### Container Not Starting
```bash
ssh user@server
cd /var/www/apps/minio-storage
# Check .env file exists
cat .env
# Check Docker logs
docker logs crew-minio-prod
# Check networks
docker network ls | grep crew-app-net
# Recreate manually
docker compose down
docker compose up -d
```
### Backup Failed
```bash
# Check backup directory permissions
ls -ld /var/backups/minio/
# Check disk space
df -h
# Manual backup
cd /var/www/apps/minio-storage
docker exec crew-minio-prod mc mirror backup/crewsportswear /tmp/manual_backup
```
---
## Workflow Customization
### Change Backup Schedule
Edit `.gitea/workflows/backup.yml`:
```yaml
on:
schedule:
- cron: '0 2 * * *' # Daily 2 AM
# Change to:
- cron: '0 */6 * * *' # Every 6 hours
- cron: '0 0 * * 0' # Weekly on Sunday
```
### Add Post-Deployment Hooks
Edit `.gitea/workflows/deploy.yml`, add step:
```yaml
- name: Notify team
shell: sh
run: |
curl -X POST https://your-webhook-url \
-d "MinIO deployed successfully"
```
### Custom Health Checks
Add to deploy.yml:
```yaml
- name: Test bucket access
shell: sh
run: |
# Test upload
echo "test" > test.txt
curl -X PUT https://minio.crewsportswear.com/crewsportswear/test.txt \
--upload-file test.txt
```
---
## Security Best Practices
1. **Rotate SSH keys** regularly
2. **Use strong MinIO credentials** (32+ characters)
3. **Enable BasicAuth** for console (production)
4. **Monitor backup logs** for failures
5. **Test restore procedure** quarterly
6. **Limit Gitea Actions secrets** access to admins only
---
## Related Documentation
- [Main README](../README.md) - MinIO setup and usage
- [Security Guide](../SECURITY.md) - Security best practices
- [Gitea Actions Docs](https://docs.gitea.com/usage/actions/overview)
---
## Quick Reference
```bash
# View workflows
ls .gitea/workflows/
# Trigger production deploy
git push origin main
# Trigger dev deploy
git push origin dev
# Manual backup (via Gitea UI)
Repository → Actions → Backup MinIO Buckets → Run Workflow
# Check deployment
ssh user@server
docker ps | grep minio
docker logs crew-minio-prod
```
Reference in New Issue View Git Blame Copy Permalink