fix: Build inside system container to match glibc 2.36

The CI runner host has glibc 2.41 but the system container has glibc 2.36.
Build on the host produces binaries that fail with GLIBC_2.38/2.39 not found.

This workflow transfers source from host to container via tar+ssh, then
builds inside the container where the binary will run, ensuring compatibility.

.forgejo/workflows/botserver.yaml

@@ -9,6 +9,7 @@ on:
 env:
   CARGO_BUILD_JOBS: 4
   CARGO_NET_RETRY: 10
+  PATH: /root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 jobs:
   build:
@@ -20,39 +21,39 @@ jobs:
           git config --global http.sslVerify false
           git config --global --add safe.directory "*"
 
-      - name: Setup Workspace inside container
+      - name: Setup Workspace on host
         run: |
-          echo "=== Setting up workspace inside container ==="
+          mkdir -p /opt/gbo/ci/botserver
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- bash -c '
+          cd /opt/gbo/ci/botserver
-            mkdir -p /opt/gbo/ci/botserver
+          if [ -d botlib/.git ]; then
-            cd /opt/gbo/ci/botserver
+            git -C botlib fetch --depth 1 origin main && git -C botlib checkout FETCH_HEAD
-            # Clone botlib
+          else
-            if [ -d botlib/.git ]; then
+            git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/botlib.git botlib
-              git -C botlib fetch --depth 1 origin main && git -C botlib checkout FETCH_HEAD
+          fi
-            else
+          if [ -d botserver/.git ]; then
-              git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/botlib.git botlib
+            git -C botserver fetch --depth 1 origin main && git -C botserver checkout FETCH_HEAD
-            fi
+          else
-            # Clone botserver
+            git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/BotServer.git botserver
-            if [ -d botserver/.git ]; then
+          fi
-              git -C botserver fetch --depth 1 origin main && git -C botserver checkout FETCH_HEAD
+          git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/gb.git /tmp/gb-ws
-            else
+          cp /tmp/gb-ws/Cargo.toml Cargo.toml
-              git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/BotServer.git botserver
+          for m in botapp botdevice bottest botui botbook botmodels botplugin bottemplates; do
-            fi
+            grep -v "\"$m\"" Cargo.toml > /tmp/c.toml && mv /tmp/c.toml Cargo.toml
-            # Clone gb workspace and get Cargo.toml
+          done
-            git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/gb.git /tmp/gb-ws
+          rm -rf /tmp/gb-ws
-            cp /tmp/gb-ws/Cargo.toml Cargo.toml
+
-            for m in botapp botdevice bottest botui botbook botmodels botplugin bottemplates; do
+      - name: Transfer source to system container
-              grep -v \"\\\"$m\\\"\" Cargo.toml > /tmp/c.toml && mv /tmp/c.toml Cargo.toml
+        run: |
-            done
+          echo "=== Transferring source to container ==="
-            rm -rf /tmp/gb-ws
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "mkdir -p /opt/gbo/ci/botserver"
-            echo \"Workspace setup complete\"
+          tar cf - -C /opt/gbo/ci/botserver botlib botserver Cargo.toml | \
-          '"
+            ssh -o StrictHostKeyChecking=no -o ConnectTimeout=120 -o ServerAliveInterval=10 system "tar xf - -C /opt/gbo/ci/botserver && echo 'Transfer complete'"
 
       - name: Install system dependencies in container
         run: |
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- bash -c '
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "
-            PKGS=\"libpq-dev libssl-dev liblzma-dev pkg-config\"
+            PKGS='libpq-dev libssl-dev liblzma-dev pkg-config'
-            MISSING=\"\"
+            MISSING=''
             for pkg in \$PKGS; do
               dpkg -s \"\$pkg\" >/dev/null 2>&1 || MISSING=\"\$MISSING \$pkg\"
             done
@@ -60,46 +61,54 @@ jobs:
               apt-get update -qq -o Acquire::Retries=3 -o Acquire::http::Timeout=30
               apt-get install -y --no-install-recommends \$MISSING
             else
-              echo \"All system dependencies already installed\"
+              echo 'All system dependencies already installed'
             fi
-          '"
+          "
+
+      - name: Install Rust in container
+        run: |
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "
+            export PATH=/root/.cargo/bin:\$PATH
+            if ! command -v rustup &>/dev/null || [ \$(rustc --version | grep -oP '\d+\.\d+' | head -1 | cut -d. -f1) -lt 1 ]; then
+              curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+            fi
+            rustc --version
+            cargo --version
+          "
 
       - name: Build BotServer inside container
         run: |
-          echo "=== Building BotServer inside container ==="
+          echo "=== Building inside container ==="
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=60 system "incus exec system -- bash -c '
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "
-            cd /opt/gbo/ci/botserver
+            export PATH=/root/.cargo/bin:\$PATH
             export CARGO_BUILD_JOBS=4
+            cd /opt/gbo/ci/botserver
             cargo build -p botserver --features chat 2>&1 | tee /tmp/build.log
             ls -lh target/debug/botserver
-          '"
+          "
 
       - name: Save build log
+        if: always()
         run: |
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- cat /tmp/build.log > /tmp/botserver-build.log" || true
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "cat /tmp/build.log" > /tmp/build.log 2>/dev/null || true
-          cat /tmp/botserver-build.log 2>/dev/null | tail -30 || echo "Build log not available"
+          sudo cp /tmp/build.log /tmp/botserver-$(date +%Y%m%d-%H%M%S).log || true
 
       - name: Deploy BotServer
         run: |
+          set -e
           echo "=== Deploy started ==="
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- bash -c '
+          echo "Step 1: Killing old botserver..."
-            echo \"Step 1: Killing old botserver...\"
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "pgrep -f botserver && killall botserver 2>/dev/null || echo 'No running botserver'"
-            pgrep -f botserver && killall botserver 2>/dev/null || echo \"No running botserver\"
+          echo "Step 2: Copying binary inside container..."
-            sleep 2
+          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "
-            echo \"Step 2: Removing old binary...\"
-            rm -f /opt/gbo/bin/botserver
-            echo \"Step 3: Copying new binary...\"
             cp /opt/gbo/ci/botserver/target/debug/botserver /opt/gbo/bin/botserver
             chmod +x /opt/gbo/bin/botserver
-            echo \"Step 4: Setting permissions...\"
             chown gbuser:gbuser /opt/gbo/bin/botserver
             ls -lh /opt/gbo/bin/botserver
-            echo \"=== Deploy completed ===\"
+          "
-          '"
+          echo "=== Deploy completed ==="
 
       - name: Verify botserver started
         run: |
           sleep 10
-          ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 system "incus exec system -- bash -c '
+          ssh -o StrictHostKeyChecking=no system "pgrep -f botserver && echo 'OK: botserver is running' || (echo 'ERROR: botserver not running' && cat /opt/gbo/logs/error.log | tail -20 && exit 1)"
-            pgrep -f botserver && echo \"OK: botserver is running\" || (echo \"ERROR: botserver not running\" && cat /opt/gbo/logs/error.log | tail -20 && exit 1)
-          '"