fix: Build inside system container to match glibc 2.36

The CI runner host has glibc 2.41 but the system container has glibc 2.36.
Build on the host produces binaries that fail with GLIBC_2.38/2.39 not found.

This workflow transfers source from host to container via tar+ssh, then
builds inside the container where the binary will run, ensuring compatibility.

.forgejo/workflows/botserver.yaml

@@ -9,6 +9,7 @@ on:
 env:
   CARGO_BUILD_JOBS: 4
   CARGO_NET_RETRY: 10
+  PATH: /root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 jobs:
   build:
@@ -20,39 +21,39 @@ jobs:
           git config --global http.sslVerify false
           git config --global --add safe.directory "*"
 
-      - name: Setup Workspace inside container
+      - name: Setup Workspace on host
         run: |
-          echo "=== Setting up workspace inside container ==="
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- bash -c '
-            mkdir -p /opt/gbo/ci/botserver
-            cd /opt/gbo/ci/botserver
-            # Clone botlib
-            if [ -d botlib/.git ]; then
-              git -C botlib fetch --depth 1 origin main && git -C botlib checkout FETCH_HEAD
-            else
-              git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/botlib.git botlib
-            fi
-            # Clone botserver
-            if [ -d botserver/.git ]; then
-              git -C botserver fetch --depth 1 origin main && git -C botserver checkout FETCH_HEAD
-            else
-              git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/BotServer.git botserver
-            fi
-            # Clone gb workspace and get Cargo.toml
-            git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/gb.git /tmp/gb-ws
-            cp /tmp/gb-ws/Cargo.toml Cargo.toml
-            for m in botapp botdevice bottest botui botbook botmodels botplugin bottemplates; do
-              grep -v \"\\\"$m\\\"\" Cargo.toml > /tmp/c.toml && mv /tmp/c.toml Cargo.toml
-            done
-            rm -rf /tmp/gb-ws
-            echo \"Workspace setup complete\"
-          '"
+          mkdir -p /opt/gbo/ci/botserver
+          cd /opt/gbo/ci/botserver
+          if [ -d botlib/.git ]; then
+            git -C botlib fetch --depth 1 origin main && git -C botlib checkout FETCH_HEAD
+          else
+            git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/botlib.git botlib
+          fi
+          if [ -d botserver/.git ]; then
+            git -C botserver fetch --depth 1 origin main && git -C botserver checkout FETCH_HEAD
+          else
+            git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/BotServer.git botserver
+          fi
+          git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/gb.git /tmp/gb-ws
+          cp /tmp/gb-ws/Cargo.toml Cargo.toml
+          for m in botapp botdevice bottest botui botbook botmodels botplugin bottemplates; do
+            grep -v "\"$m\"" Cargo.toml > /tmp/c.toml && mv /tmp/c.toml Cargo.toml
+          done
+          rm -rf /tmp/gb-ws
+
+      - name: Transfer source to system container
+        run: |
+          echo "=== Transferring source to container ==="
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "mkdir -p /opt/gbo/ci/botserver"
+          tar cf - -C /opt/gbo/ci/botserver botlib botserver Cargo.toml | \
+            ssh -o StrictHostKeyChecking=no -o ConnectTimeout=120 -o ServerAliveInterval=10 system "tar xf - -C /opt/gbo/ci/botserver && echo 'Transfer complete'"
 
       - name: Install system dependencies in container
         run: |
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- bash -c '
-            PKGS=\"libpq-dev libssl-dev liblzma-dev pkg-config\"
-            MISSING=\"\"
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "
+            PKGS='libpq-dev libssl-dev liblzma-dev pkg-config'
+            MISSING=''
             for pkg in \$PKGS; do
               dpkg -s \"\$pkg\" >/dev/null 2>&1 || MISSING=\"\$MISSING \$pkg\"
             done
@@ -60,46 +61,54 @@ jobs:
               apt-get update -qq -o Acquire::Retries=3 -o Acquire::http::Timeout=30
               apt-get install -y --no-install-recommends \$MISSING
             else
-              echo \"All system dependencies already installed\"
+              echo 'All system dependencies already installed'
             fi
-          '"
+          "
+
+      - name: Install Rust in container
+        run: |
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "
+            export PATH=/root/.cargo/bin:\$PATH
+            if ! command -v rustup &>/dev/null || [ \$(rustc --version | grep -oP '\d+\.\d+' | head -1 | cut -d. -f1) -lt 1 ]; then
+              curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+            fi
+            rustc --version
+            cargo --version
+          "
 
       - name: Build BotServer inside container
         run: |
-          echo "=== Building BotServer inside container ==="
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=60 system "incus exec system -- bash -c '
-            cd /opt/gbo/ci/botserver
+          echo "=== Building inside container ==="
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "
+            export PATH=/root/.cargo/bin:\$PATH
             export CARGO_BUILD_JOBS=4
+            cd /opt/gbo/ci/botserver
             cargo build -p botserver --features chat 2>&1 | tee /tmp/build.log
             ls -lh target/debug/botserver
-          '"
+          "
 
       - name: Save build log
+        if: always()
         run: |
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- cat /tmp/build.log > /tmp/botserver-build.log" || true
-          cat /tmp/botserver-build.log 2>/dev/null | tail -30 || echo "Build log not available"
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "cat /tmp/build.log" > /tmp/build.log 2>/dev/null || true
+          sudo cp /tmp/build.log /tmp/botserver-$(date +%Y%m%d-%H%M%S).log || true
 
       - name: Deploy BotServer
         run: |
+          set -e
           echo "=== Deploy started ==="
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- bash -c '
-            echo \"Step 1: Killing old botserver...\"
-            pgrep -f botserver && killall botserver 2>/dev/null || echo \"No running botserver\"
-            sleep 2
-            echo \"Step 2: Removing old binary...\"
-            rm -f /opt/gbo/bin/botserver
-            echo \"Step 3: Copying new binary...\"
+          echo "Step 1: Killing old botserver..."
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "pgrep -f botserver && killall botserver 2>/dev/null || echo 'No running botserver'"
+          echo "Step 2: Copying binary inside container..."
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "
             cp /opt/gbo/ci/botserver/target/debug/botserver /opt/gbo/bin/botserver
             chmod +x /opt/gbo/bin/botserver
-            echo \"Step 4: Setting permissions...\"
             chown gbuser:gbuser /opt/gbo/bin/botserver
             ls -lh /opt/gbo/bin/botserver
-            echo \"=== Deploy completed ===\"
-          '"
+          "
+          echo "=== Deploy completed ==="
 
       - name: Verify botserver started
         run: |
           sleep 10
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- bash -c '
-            pgrep -f botserver && echo \"OK: botserver is running\" || (echo \"ERROR: botserver not running\" && cat /opt/gbo/logs/error.log | tail -20 && exit 1)
-          '"
+          ssh -o StrictHostKeyChecking=no system "pgrep -f botserver && echo 'OK: botserver is running' || (echo 'ERROR: botserver not running' && cat /opt/gbo/logs/error.log | tail -20 && exit 1)"