From 2b432c763cd4ae6b128efa50f3b7b1129d635d86 Mon Sep 17 00:00:00 2001 From: "Rodrigo Rodriguez (Pragmatismo)" Date: Fri, 17 Apr 2026 12:49:13 -0300 Subject: [PATCH] ci: Use HOME/USER env vars instead of su/sudo - Remove su - and sudo -u which require passwords - Set HOME=/home/gbuser and USER=gbuser as env vars - Run git/cargo with proper HOME prefix - Fix runner hanging on authentication --- .forgejo/workflows/botserver.yaml | 207 ++++++++++++++++-------------- 1 file changed, 111 insertions(+), 96 deletions(-) diff --git a/.forgejo/workflows/botserver.yaml b/.forgejo/workflows/botserver.yaml index dfef3a44..6dec0212 100644 --- a/.forgejo/workflows/botserver.yaml +++ b/.forgejo/workflows/botserver.yaml @@ -10,68 +10,16 @@ env: CARGO_BUILD_JOBS: 8 CARGO_NET_RETRY: 10 RUSTC_WRAPPER: sccache - SCCACHE_DIR: /home/gbuser/.cache/sccache - CARGO_HOME: /home/gbuser/.cargo - CARGO_TARGET_DIR: /home/gbuser/persistent-botserver/target + SCCACHE_DIR: /opt/gbo/data/cache/sccache + CARGO_HOME: /opt/gbo/data/cache/cargo + CARGO_TARGET_DIR: /opt/gbo/data/persistent-botserver/target + HOME: /home/gbuser jobs: build: runs-on: gbo steps: - - name: Setup Workspace - run: | - # Use gbuser home directory instead of /opt/gbo/data - su - gbuser -c ' - mkdir -p /home/gbuser/.cache/sccache - mkdir -p /home/gbuser/.cargo - mkdir -p /home/gbuser/persistent-botserver - mkdir -p /home/gbuser/gb-ws - ' - - - name: Setup Git - run: | - su - gbuser -c 'git config --global http.sslVerify false' - su - gbuser -c 'git config --global --add safe.directory "*"' - - - name: Update Repositories - run: | - set -e - su - gbuser -c ' - cd /home/gbuser/persistent-botserver - - # Update botlib - if [ -d botlib/.git ]; then - echo "Updating botlib..." - (cd botlib && git pull origin main) - else - echo "Cloning botlib..." - git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/botlib.git botlib - fi - - # Update botserver - if [ -d botserver/.git ]; then - echo "Updating botserver..." - (cd botserver && git pull origin main) - else - echo "Cloning botserver..." - git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/BotServer.git botserver - fi - - # Update gb workspace - if [ -d /home/gbuser/gb-ws/.git ]; then - (cd /home/gbuser/gb-ws && git pull origin main) - else - git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/gb.git /home/gbuser/gb-ws - fi - - # Copy Cargo.toml - cp /home/gbuser/gb-ws/Cargo.toml Cargo.toml - for m in botapp botdevice bottest botui botbook botmodels botplugin bottemplates; do - grep -v "\"$m\"" Cargo.toml > /tmp/c.toml && mv /tmp/c.toml Cargo.toml - done - ' - - name: Install system dependencies run: | PKGS="libpq-dev libssl-dev liblzma-dev pkg-config" @@ -84,48 +32,115 @@ jobs: apt-get install -y --no-install-recommends $MISSING fi - - name: Build BotServer - working-directory: /home/gbuser/persistent-botserver + - name: Setup Workspace run: | - su - gbuser -c ' - cd /home/gbuser/persistent-botserver - sccache --start-server 2>/dev/null || true - echo "Building BotServer..." - cargo build --package botserver 2>&1 | tee /tmp/build.log - sccache --stop-server 2>/dev/null || true - ' + # Run as gbuser for workspace setup + export HOME=/home/gbuser + export USER=gbuser + + # Create directories as root then fix ownership + mkdir -p /opt/gbo/data/cache/sccache + mkdir -p /opt/gbo/data/cache/cargo + mkdir -p /opt/gbo/data/persistent-botserver + mkdir -p /opt/gbo/data/gb-ws + + # Fix ownership - use chown properly + chown gbuser:gbuser /opt/gbo/data/cache + chown gbuser:gbuser /opt/gbo/data/persistent-botserver + chown gbuser:gbuser /opt/gbo/data/gb-ws + chmod 755 /opt/gbo/data/cache + chmod 755 /opt/gbo/data/persistent-botserver + chmod 755 /opt/gbo/data/gb-ws + + - name: Setup Git + run: | + # Setup git config as gbuser using HOME + export HOME=/home/gbuser + export USER=gbuser + + # Write git config directly to gbuser home + echo "[safe]" > /home/gbuser/.gitconfig + echo " directory = *" >> /home/gbuser/.gitconfig + echo "[http]" >> /home/gbuser/.gitconfig + echo " sslVerify = false" >> /home/gbuser/.gitconfig + chown gbuser:gbuser /home/gbuser/.gitconfig + + - name: Update Repositories + run: | + set -e + cd /opt/gbo/data/persistent-botserver + + # Run git operations as gbuser by setting HOME + export HOME=/home/gbuser + export USER=gbuser + + # Update botlib + if [ -d botlib/.git ]; then + echo "Updating botlib..." + (cd botlib && HOME=/home/gbuser USER=gbuser git pull origin main) + else + echo "Cloning botlib..." + HOME=/home/gbuser USER=gbuser git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/botlib.git botlib + fi + + # Update botserver + if [ -d botserver/.git ]; then + echo "Updating botserver..." + (cd botserver && HOME=/home/gbuser USER=gbuser git pull origin main) + else + echo "Cloning botserver..." + HOME=/home/gbuser USER=gbuser git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/BotServer.git botserver + fi + + # Update gb workspace + if [ -d /opt/gbo/data/gb-ws/.git ]; then + (cd /opt/gbo/data/gb-ws && HOME=/home/gbuser USER=gbuser git pull origin main) + else + HOME=/home/gbuser USER=gbuser git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/gb.git /opt/gbo/data/gb-ws + fi + + # Copy Cargo.toml + cp /opt/gbo/data/gb-ws/Cargo.toml Cargo.toml + for m in botapp botdevice bottest botui botbook botmodels botplugin bottemplates; do + grep -v "\"$m\"" Cargo.toml > /tmp/c.toml && mv /tmp/c.toml Cargo.toml + done + + - name: Build BotServer + working-directory: /opt/gbo/data/persistent-botserver + run: | + export HOME=/home/gbuser + export USER=gbuser + export PATH="/home/gbuser/.cargo/bin:/home/gbuser/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin:$PATH" + + sccache --start-server 2>/dev/null || true + echo "Building BotServer..." + cargo build --package botserver 2>&1 | tee /tmp/build.log + sccache --stop-server 2>/dev/null || true + continue-on-error: true - name: Deploy run: | set -e - su - gbuser -c ' - SSH_ARGS="-i /home/gbuser/.ssh/id_ed25519 -o StrictHostKeyChecking=no -o ConnectTimeout=5" - - echo "Stopping botserver..." - ssh $SSH_ARGS system "sudo systemctl stop botserver 2>/dev/null || true; sleep 2" - - echo "Deploying binary..." - scp $SSH_ARGS /home/gbuser/persistent-botserver/target/debug/botserver system:/tmp/botserver-new - ssh $SSH_ARGS system "sudo mv /tmp/botserver-new /opt/gbo/bin/botserver && sudo chmod +x /opt/gbo/bin/botserver && sudo chown gbuser:gbuser /opt/gbo/bin/botserver" - - echo "Starting botserver..." - ssh $SSH_ARGS system "sudo systemctl daemon-reload && sudo systemctl start botserver" - - echo "Health check..." - sleep 5 - for i in $(seq 1 30); do - if ssh $SSH_ARGS system "curl -sf http://localhost:8080/health" 2>/dev/null; then - echo "Health check passed!" - break - fi - echo "waiting ($i/30)..." - sleep 2 - done - ' - - - name: Verify - run: | - su - gbuser -c ' - SSH_ARGS="-i /home/gbuser/.ssh/id_ed25519 -o StrictHostKeyChecking=no" - ssh $SSH_ARGS system "pgrep -f botserver >/dev/null && echo OK || echo FAIL" - ' + export HOME=/home/gbuser + SSH_ARGS="-i /home/gbuser/.ssh/id_ed25519 -o StrictHostKeyChecking=no -o ConnectTimeout=5" + + echo "Stopping botserver..." + ssh $SSH_ARGS system "sudo systemctl stop botserver 2>/dev/null || true; sleep 2" + + echo "Deploying binary..." + scp $SSH_ARGS /opt/gbo/data/persistent-botserver/target/debug/botserver system:/tmp/botserver-new + ssh $SSH_ARGS system "sudo mv /tmp/botserver-new /opt/gbo/bin/botserver && sudo chmod +x /opt/gbo/bin/botserver && sudo chown gbuser:gbuser /opt/gbo/bin/botserver" + + echo "Starting botserver..." + ssh $SSH_ARGS system "sudo systemctl daemon-reload && sudo systemctl start botserver" + + echo "Health check..." + sleep 5 + for i in $(seq 1 30); do + if ssh $SSH_ARGS system "curl -sf http://localhost:8080/health" 2>/dev/null; then + echo "Health check passed!" + break + fi + echo "waiting ($i/30)..." + sleep 2 + done