diff --git a/.forgejo/workflows/node.yaml b/.forgejo/workflows/node.yaml index 8f2b803..2267e69 100644 --- a/.forgejo/workflows/node.yaml +++ b/.forgejo/workflows/node.yaml @@ -16,11 +16,6 @@ jobs: - uses: actions/checkout@v4 - - name: Install Rust - uses: msrd0/rust-toolchain@v1 - with: - toolchain: stable - - name: Run build run: cargo build --workspace --release --locked @@ -29,4 +24,5 @@ jobs: sudo cp ./target/release/gbserver /opt/gbo/bin/system sudo chmod +x /opt/gbo/bin/system/gbserver - sudo systemctl restart gbserver \ No newline at end of file + sudo systemctl restart gbserver + \ No newline at end of file diff --git a/gb-infra/src/templates/opt/gbo/tenants/default/alm-ci/alm-ci.sh b/gb-infra/src/templates/opt/gbo/tenants/default/alm-ci/alm-ci.sh index 160fe85..e80a72c 100644 --- a/gb-infra/src/templates/opt/gbo/tenants/default/alm-ci/alm-ci.sh +++ b/gb-infra/src/templates/opt/gbo/tenants/default/alm-ci/alm-ci.sh @@ -20,7 +20,7 @@ mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS" || exit 1 chmod -R 750 "$HOST_BASE" || exit 1 # Launch container -if ! lxc launch "$CONTAINER_IMAGE" "$CONTAINER_NAME"; then +if ! lxc launch "$CONTAINER_IMAGE" "$CONTAINER_NAME" -c security.privileged=true; then echo "Failed to launch container" exit 1 fi @@ -38,7 +38,7 @@ done lxc exec "$CONTAINER_NAME" -- bash -c " set -e -useradd --system --no-create-home --shell /bin/false gbuser +useradd --system --no-create-home --shell /bin/false $CONTAINER_NAME # Update and install dependencies apt-get update && apt-get install -y wget git || { echo 'Package installation failed'; exit 1; } @@ -72,22 +72,29 @@ sudo apt install -y \ export OPENCV4NODEJS_DISABLE_AUTOBUILD=1 export OPENCV_LIB_DIR=/usr/lib/x86_64-linux-gnu -# Install Node.js 22.x -curl -fsSL https://deb.nodesource.com/setup_22.x | sudo bash - -sudo apt install -y nodejs - sudo apt install -y curl gnupg ca-certificates git +sudo apt-get install -y \ + apt-transport-https \ + software-properties-common \ + gnupg \ + wget \ + unzip \ + tar + # Install Node.js 22.x curl -fsSL https://deb.nodesource.com/setup_22.x | sudo bash - sudo apt install -y nodejs +# Install rust 1.85 +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain 1.85.1 -y +source ~/.cargo/env +rustc --version + + # Install Xvfb and other dependencies sudo apt install -y xvfb libgbm-dev - - - # Create directories mkdir -p \"$BIN_PATH\" /opt/gbo/data /opt/gbo/conf /opt/gbo/logs || { echo 'Directory creation failed'; exit 1; } @@ -104,13 +111,14 @@ cd \"$BIN_PATH\" --token \"$PARAM_ALM_CI_TOKEN\" \\ --labels \"$ALM_CI_LABELS\" || { echo 'Runner registration failed'; exit 1; } -chown -R gbuser:gbuser /opt/gbo/data /opt/gbo/conf /opt/gbo/logs /opt/gbo/bin +chown -R $CONTAINER_NAME:$CONTAINER_NAME /opt/gbo/bin /opt/gbo/data /opt/gbo/conf /opt/gbo/logs + " # Set permissions echo "[CONTAINER] Setting permissions..." -EMAIL_UID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -u gbuser) -EMAIL_GID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -g gbuser) +EMAIL_UID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -u $CONTAINER_NAME) +EMAIL_GID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -g $CONTAINER_NAME) HOST_EMAIL_UID=$((100000 + EMAIL_UID)) HOST_EMAIL_GID=$((100000 + EMAIL_GID)) sudo chown -R "$HOST_EMAIL_UID:$HOST_EMAIL_GID" "$HOST_BASE" @@ -121,15 +129,6 @@ lxc config device add "$CONTAINER_NAME" almdata disk source="$HOST_DATA" path=/o lxc config device add "$CONTAINER_NAME" almconf disk source="$HOST_CONF" path=/opt/gbo/conf || exit 1 lxc config device add "$CONTAINER_NAME" almlogs disk source="$HOST_LOGS" path=/opt/gbo/logs || exit 1 -LXC_BOT="/opt/gbo/tenants/$PARAM_TENANT/bot/data" -LXC_PROXY="/opt/gbo/tenants/$PARAM_TENANT/proxy/data/websites" -LXC_GB6="/opt/gbo/tenants/$PARAM_TENANT/system/bin" - -lxc config device add "$CONTAINER_NAME" almbot disk source="$LXC_BOT" path=/opt/gbo/bin/bot -lxc config device add "$CONTAINER_NAME" almproxy disk source="$LXC_PROXY" path=/opt/gbo/bin/proxy -lxc config device add "$CONTAINER_NAME" almsystem disk source="$LXC_GB6" path=/opt/gbo/bin/system || exit 1 - - lxc exec "$CONTAINER_NAME" -- bash -c " # Create systemd service @@ -140,11 +139,12 @@ After=network.target [Service] Type=simple -User=root -Group=root -WorkingDirectory=$BIN_PATH +User=$CONTAINER_NAME +Group=$CONTAINER_NAME ExecStart=$BIN_PATH/forgejo-runner daemon Restart=always +StandardOutput=append:/opt/gbo/logs/output.log +StandardError=append:/opt/gbo/logs/error.log [Install] WantedBy=multi-user.target @@ -155,3 +155,12 @@ systemctl daemon-reload || { echo 'daemon-reload failed'; exit 1; } systemctl enable alm-ci || { echo 'enable service failed'; exit 1; } systemctl start alm-ci || { echo 'start service failed'; exit 1; } " + + +LXC_BOT="/opt/gbo/tenants/$PARAM_TENANT/bot/data" +LXC_PROXY="/opt/gbo/tenants/$PARAM_TENANT/proxy/data/websites" +LXC_SYSTEM="/opt/gbo/tenants/$PARAM_TENANT/system/bin" + +lxc config device add "$CONTAINER_NAME" almbot disk source="$LXC_BOT" path=/opt/gbo/bin/bot +lxc config device add "$CONTAINER_NAME" almproxy disk source="$LXC_PROXY" path=/opt/gbo/bin/proxy +lxc config device add "$CONTAINER_NAME" almsystem disk source="$LXC_SYSTEM" path=/opt/gbo/bin/syst em || exit 1 diff --git a/gb-infra/src/templates/opt/gbo/tenants/default/shared/scripts/startup.sh b/gb-infra/src/templates/opt/gbo/tenants/default/shared/scripts/startup.sh new file mode 100644 index 0000000..33debfb --- /dev/null +++ b/gb-infra/src/templates/opt/gbo/tenants/default/shared/scripts/startup.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# Disable shell timeout + +sed -i '/TMOUT/d' /etc/profile /etc/bash.bashrc /etc/profile.d/* +echo 'export TMOUT=0' > /etc/profile.d/notimeout.sh +chmod +x /etc/profile.d/notimeout.sh +sed -i '/pam_exec.so/s/quiet/quiet set_timeout=0/' /etc/pam.d/sshd 2>/dev/null +source /etc/profile + + \ No newline at end of file