From e59892f9b427a931d480ffe2cba84c23c5fafdbd Mon Sep 17 00:00:00 2001 From: "Rodrigo Rodriguez (Pragmatismo)" Date: Fri, 17 Apr 2026 12:03:47 -0300 Subject: [PATCH] ci: Use su - instead of sudo -u for runner compatibility - Replace sudo with su - gbuser -c for proper user switching - Simplify permission handling with chown/chmod as root - Use su - for all gbuser operations --- .forgejo/workflows/botserver.yaml | 143 ++++++++++++++++-------------- 1 file changed, 74 insertions(+), 69 deletions(-) diff --git a/.forgejo/workflows/botserver.yaml b/.forgejo/workflows/botserver.yaml index 052b7843..6e026cc6 100644 --- a/.forgejo/workflows/botserver.yaml +++ b/.forgejo/workflows/botserver.yaml @@ -10,7 +10,6 @@ env: CARGO_BUILD_JOBS: 8 CARGO_NET_RETRY: 10 RUSTC_WRAPPER: sccache - # Diretórios persistentes para cache entre builds SCCACHE_DIR: /opt/gbo/data/cache/sccache CARGO_HOME: /opt/gbo/data/cache/cargo CARGO_TARGET_DIR: /opt/gbo/data/persistent-botserver/target @@ -23,60 +22,61 @@ jobs: steps: - name: Setup Persistent Directories run: | - # Criar diretórios persistentes para cache (owned by gbuser) - sudo mkdir -p /opt/gbo/data/cache/sccache - sudo mkdir -p /opt/gbo/data/cache/cargo - sudo mkdir -p /opt/gbo/data/persistent-botserver - sudo mkdir -p /opt/gbo/data/gb-ws - # Fix permissions for gbuser - sudo chown -R gbuser:gbuser /opt/gbo/data/cache - sudo chown -R gbuser:gbuser /opt/gbo/data/persistent-botserver - sudo chown -R gbuser:gbuser /opt/gbo/data/gb-ws - sudo chmod -R 755 /opt/gbo/data/cache - sudo chmod -R 755 /opt/gbo/data/persistent-botserver - sudo chmod -R 755 /opt/gbo/data/gb-ws + # Run as root initially to set up directories + mkdir -p /opt/gbo/data/cache/sccache + mkdir -p /opt/gbo/data/cache/cargo + mkdir -p /opt/gbo/data/persistent-botserver + mkdir -p /opt/gbo/data/gb-ws + chown -R gbuser:gbuser /opt/gbo/data/cache + chown -R gbuser:gbuser /opt/gbo/data/persistent-botserver + chown -R gbuser:gbuser /opt/gbo/data/gb-ws + chmod -R 755 /opt/gbo/data/cache + chmod -R 755 /opt/gbo/data/persistent-botserver + chmod -R 755 /opt/gbo/data/gb-ws - - name: Setup Git + - name: Setup Git Config run: | - sudo -u gbuser git config --global http.sslVerify false - sudo -u gbuser git config --global --add safe.directory "*" + su - gbuser -c 'git config --global http.sslVerify false' + su - gbuser -c 'git config --global --add safe.directory "*"' - - name: Update Workspace (Git Pull) + - name: Update Workspace run: | set -e - WORKSPACE="/opt/gbo/data/persistent-botserver" - sudo -u gbuser bash -c " - cd $WORKSPACE + su - gbuser -c ' + WORKSPACE="/opt/gbo/data/persistent-botserver" + cd "$WORKSPACE" - # Atualizar botlib (git pull) + # Update botlib if [ -d botlib/.git ]; then - echo 'Updating botlib...' + echo "Updating botlib..." cd botlib && git pull origin main && cd .. else - echo 'Cloning botlib...' + echo "Cloning botlib..." git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/botlib.git botlib fi - # Atualizar botserver (git pull) + # Update botserver if [ -d botserver/.git ]; then - echo 'Updating botserver...' + echo "Updating botserver..." cd botserver && git pull origin main && cd .. else - echo 'Cloning botserver...' + echo "Cloning botserver..." git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/BotServer.git botserver fi - # Atualizar workspace Cargo.toml do gb + # Update gb workspace if [ -d /opt/gbo/data/gb-ws/.git ]; then - cd /opt/gbo/data/gb-ws && git pull origin main && cd $WORKSPACE + cd /opt/gbo/data/gb-ws && git pull origin main && cd "$WORKSPACE" else git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/gb.git /opt/gbo/data/gb-ws fi + + # Copy Cargo.toml cp /opt/gbo/data/gb-ws/Cargo.toml Cargo.toml for m in botapp botdevice bottest botui botbook botmodels botplugin bottemplates; do - grep -v \"\"$m\"\" Cargo.toml > /tmp/c.toml && mv /tmp/c.toml Cargo.toml + grep -v "\"$m\"" Cargo.toml > /tmp/c.toml && mv /tmp/c.toml Cargo.toml done - " + ' - name: Install system dependencies run: | @@ -86,25 +86,25 @@ jobs: dpkg -s "$pkg" >/dev/null 2>&1 || MISSING="$MISSING $pkg" done if [ -n "$MISSING" ]; then - sudo apt-get update -qq -o Acquire::Retries=3 -o Acquire::http::Timeout=30 - sudo apt-get install -y --no-install-recommends $MISSING + apt-get update -qq -o Acquire::Retries=3 -o Acquire::http::Timeout=30 + apt-get install -y --no-install-recommends $MISSING else echo "All system dependencies already installed" fi - - name: Clean up old artifacts + - name: Clean old artifacts run: | - # Limpar apenas arquivos antigos do target, não todo o diretório - sudo -u gbuser find /opt/gbo/data/persistent-botserver/target -name "*.rlib" -type f -mtime +7 -delete 2>/dev/null || true + su - gbuser -c 'find /opt/gbo/data/persistent-botserver/target -name "*.rlib" -type f -mtime +7 -delete 2>/dev/null || true' - - name: Build BotServer (Incremental) + - name: Build BotServer working-directory: /opt/gbo/data/persistent-botserver run: | - sudo -u gbuser bash -c " + su - gbuser -c " + cd /opt/gbo/data/persistent-botserver sccache --start-server 2>/dev/null || true BOTSERVER_BUILD_DATE=\"$(date -u '+%Y-%m-%dT%H:%M:%SZ')\" - BOTSERVER_COMMIT=\"$(git -C botserver rev-parse --short HEAD 2>/dev/null || echo unknown)\" - echo \"Building BotServer (commit: $BOTSERVER_COMMIT)...\" + BOTSERVER_COMMIT=\"$(su - gbuser -c \"cd /opt/gbo/data/persistent-botserver/botserver && git rev-parse --short HEAD 2>/dev/null || echo unknown\")\" + echo \"Building BotServer (commit: \$BOTSERVER_COMMIT)...\" cargo build --package botserver 2>&1 | tee /tmp/build.log sccache --stop-server 2>/dev/null || true " @@ -112,43 +112,48 @@ jobs: - name: Save build log run: | - sudo cp /tmp/build.log /tmp/build-output.log 2>/dev/null || true + cp /tmp/build.log /tmp/build-output.log 2>/dev/null || true + chown gbuser:gbuser /tmp/build-output.log 2>/dev/null || true - name: Deploy via SSH to system container run: | set -e - SSH_ARGS="-i /home/gbuser/.ssh/id_ed25519 -o StrictHostKeyChecking=no -o ConnectTimeout=5" - - echo "=== Deploy started ===" - - echo "Step 1: Stopping botserver..." - sudo -u gbuser ssh $SSH_ARGS system "sudo systemctl stop botserver 2>/dev/null || true; sleep 2; pkill -9 botserver 2>/dev/null || true; echo 'OK: botserver stopped'" - - echo "Step 2: Transferring binary..." - sudo -u gbuser scp $SSH_ARGS /opt/gbo/data/persistent-botserver/target/debug/botserver system:/tmp/botserver-new - sudo -u gbuser ssh $SSH_ARGS system "sudo mv /tmp/botserver-new /opt/gbo/bin/botserver && sudo chmod +x /opt/gbo/bin/botserver && sudo chown gbuser:gbuser /opt/gbo/bin/botserver && echo 'Binary deployed'" - - echo "Step 3: Starting botserver..." - sudo -u gbuser ssh $SSH_ARGS system "sudo systemctl daemon-reload && sudo systemctl start botserver && echo 'Botserver started'" - - echo "Step 4: Health check..." - sleep 5 - for i in $(seq 1 30); do - if sudo -u gbuser ssh $SSH_ARGS system "curl -sf http://localhost:8080/health" 2>/dev/null; then - echo "Health check passed!" - break - fi - echo "waiting ($i/30)..." - sleep 2 - done - - echo "=== Deploy completed ===" + su - gbuser -c ' + SSH_ARGS="-i /home/gbuser/.ssh/id_ed25519 -o StrictHostKeyChecking=no -o ConnectTimeout=5" + echo "=== Deploy started ===" + + echo "Step 1: Stopping botserver..." + ssh $SSH_ARGS system "sudo systemctl stop botserver 2>/dev/null || true; sleep 2; pkill -9 botserver 2>/dev/null || true; echo OK: botserver stopped" + + echo "Step 2: Transferring binary..." + scp $SSH_ARGS /opt/gbo/data/persistent-botserver/target/debug/botserver system:/tmp/botserver-new + ssh $SSH_ARGS system "sudo mv /tmp/botserver-new /opt/gbo/bin/botserver && sudo chmod +x /opt/gbo/bin/botserver && sudo chown gbuser:gbuser /opt/gbo/bin/botserver && echo Binary deployed" + + echo "Step 3: Starting botserver..." + ssh $SSH_ARGS system "sudo systemctl daemon-reload && sudo systemctl start botserver && echo Botserver started" + + echo "Step 4: Health check..." + sleep 5 + for i in $(seq 1 30); do + if ssh $SSH_ARGS system "curl -sf http://localhost:8080/health" 2>/dev/null; then + echo "Health check passed!" + break + fi + echo "waiting ($i/30)..." + sleep 2 + done + + echo "=== Deploy completed ===" + ' - name: Verify botserver started run: | - SSH_ARGS="-i /home/gbuser/.ssh/id_ed25519 -o StrictHostKeyChecking=no -o ConnectTimeout=5" - sudo -u gbuser ssh $SSH_ARGS system "pgrep -f botserver >/dev/null && echo 'OK: botserver running' || echo 'WARNING: check status'" + su - gbuser -c ' + SSH_ARGS="-i /home/gbuser/.ssh/id_ed25519 -o StrictHostKeyChecking=no -o ConnectTimeout=5" + ssh $SSH_ARGS system "pgrep -f botserver >/dev/null && echo OK: botserver running || echo WARNING: check status" + ' - name: Save deploy log run: | - echo "Deploy completed at $(date)" | sudo tee /tmp/deploy.log + echo "Deploy completed at $(date)" > /tmp/deploy.log + chown gbuser:gbuser /tmp/deploy.log