feat: Update deployment scripts for system and desktop containers; adjust paths and configurations

2025-06-19 20:24:27 -03:00 · 2025-06-19 20:24:27 -03:00 · 5d31d7fd36
commit 5d31d7fd36
parent 6067e78c18
3 changed files with 46 additions and 30 deletions
--- a/.forgejo/workflows/node.yaml
+++ b/.forgejo/workflows/node.yaml
@ -16,11 +16,6 @@ jobs:
    - uses: actions/checkout@v4
    - name: Install Rust
      uses: msrd0/rust-toolchain@v1
      with:
        toolchain: stable
    - name: Run build
      run: cargo build --workspace --release --locked
@ -29,4 +24,5 @@ jobs:
        sudo cp ./target/release/gbserver /opt/gbo/bin/system
        sudo chmod +x /opt/gbo/bin/system/gbserver
-        sudo systemctl restart gbserver
+        sudo systemctl restart gbserver
--- a/gb-infra/src/templates/opt/gbo/tenants/default/alm-ci/alm-ci.sh
+++ b/gb-infra/src/templates/opt/gbo/tenants/default/alm-ci/alm-ci.sh
@ -20,7 +20,7 @@ mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS" || exit 1
 chmod -R 750 "$HOST_BASE" || exit 1
 # Launch container
-if ! lxc launch "$CONTAINER_IMAGE" "$CONTAINER_NAME"; then
+if ! lxc launch "$CONTAINER_IMAGE" "$CONTAINER_NAME" -c security.privileged=true; then
    echo "Failed to launch container"
    exit 1
 fi
@ -38,7 +38,7 @@ done
 lxc exec "$CONTAINER_NAME" -- bash -c "
 set -e
-useradd --system --no-create-home --shell /bin/false gbuser
+useradd --system --no-create-home --shell /bin/false $CONTAINER_NAME
 # Update and install dependencies
 apt-get update && apt-get install -y wget git || { echo 'Package installation failed'; exit 1; }
@ -72,22 +72,29 @@ sudo apt install -y \
 export OPENCV4NODEJS_DISABLE_AUTOBUILD=1
 export OPENCV_LIB_DIR=/usr/lib/x86_64-linux-gnu
 # Install Node.js 22.x
 curl -fsSL https://deb.nodesource.com/setup_22.x | sudo bash -
 sudo apt install -y nodejs
 sudo apt install -y curl gnupg ca-certificates git
 sudo apt-get install -y \
    apt-transport-https \
    software-properties-common \
    gnupg \
    wget \
    unzip \
    tar 
 # Install Node.js 22.x
 curl -fsSL https://deb.nodesource.com/setup_22.x | sudo bash -
 sudo apt install -y nodejs
 # Install rust 1.85
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain 1.85.1 -y
 source ~/.cargo/env
 rustc --version
 # Install Xvfb and other dependencies
 sudo apt install -y xvfb libgbm-dev
 # Create directories
 mkdir -p \"$BIN_PATH\" /opt/gbo/data /opt/gbo/conf /opt/gbo/logs || { echo 'Directory creation failed'; exit 1; }
@ -104,13 +111,14 @@ cd \"$BIN_PATH\"
    --token \"$PARAM_ALM_CI_TOKEN\" \\
    --labels \"$ALM_CI_LABELS\" || { echo 'Runner registration failed'; exit 1; }
-chown -R gbuser:gbuser /opt/gbo/data /opt/gbo/conf /opt/gbo/logs /opt/gbo/bin
+chown -R $CONTAINER_NAME:$CONTAINER_NAME /opt/gbo/bin /opt/gbo/data /opt/gbo/conf /opt/gbo/logs
 "
 # Set permissions
 echo "[CONTAINER] Setting permissions..."
-EMAIL_UID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -u gbuser)
+EMAIL_UID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -u $CONTAINER_NAME)
-EMAIL_GID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -g gbuser)
+EMAIL_GID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -g $CONTAINER_NAME)
 HOST_EMAIL_UID=$((100000 + EMAIL_UID))
 HOST_EMAIL_GID=$((100000 + EMAIL_GID))
 sudo chown -R "$HOST_EMAIL_UID:$HOST_EMAIL_GID" "$HOST_BASE"
@ -121,15 +129,6 @@ lxc config device add "$CONTAINER_NAME" almdata disk source="$HOST_DATA" path=/o
 lxc config device add "$CONTAINER_NAME" almconf disk source="$HOST_CONF" path=/opt/gbo/conf || exit 1
 lxc config device add "$CONTAINER_NAME" almlogs disk source="$HOST_LOGS" path=/opt/gbo/logs || exit 1
 LXC_BOT="/opt/gbo/tenants/$PARAM_TENANT/bot/data"
 LXC_PROXY="/opt/gbo/tenants/$PARAM_TENANT/proxy/data/websites"
 LXC_GB6="/opt/gbo/tenants/$PARAM_TENANT/system/bin"
 lxc config device add "$CONTAINER_NAME" almbot disk source="$LXC_BOT" path=/opt/gbo/bin/bot
 lxc config device add "$CONTAINER_NAME" almproxy disk source="$LXC_PROXY" path=/opt/gbo/bin/proxy 
 lxc config device add "$CONTAINER_NAME" almsystem disk source="$LXC_GB6" path=/opt/gbo/bin/system || exit 1
 lxc exec "$CONTAINER_NAME" -- bash -c "
 # Create systemd service
@ -140,11 +139,12 @@ After=network.target
 [Service]
 Type=simple
-User=root
+User=$CONTAINER_NAME
-Group=root
+Group=$CONTAINER_NAME
 WorkingDirectory=$BIN_PATH
 ExecStart=$BIN_PATH/forgejo-runner daemon
 Restart=always
 StandardOutput=append:/opt/gbo/logs/output.log
 StandardError=append:/opt/gbo/logs/error.log
 [Install]
 WantedBy=multi-user.target
@ -155,3 +155,12 @@ systemctl daemon-reload || { echo 'daemon-reload failed'; exit 1; }
 systemctl enable alm-ci || { echo 'enable service failed'; exit 1; }
 systemctl start alm-ci || { echo 'start service failed'; exit 1; }
 "
 LXC_BOT="/opt/gbo/tenants/$PARAM_TENANT/bot/data"
 LXC_PROXY="/opt/gbo/tenants/$PARAM_TENANT/proxy/data/websites"
 LXC_SYSTEM="/opt/gbo/tenants/$PARAM_TENANT/system/bin"
 lxc config device add "$CONTAINER_NAME" almbot disk source="$LXC_BOT" path=/opt/gbo/bin/bot
 lxc config device add "$CONTAINER_NAME" almproxy disk source="$LXC_PROXY" path=/opt/gbo/bin/proxy 
 lxc config device add "$CONTAINER_NAME" almsystem disk source="$LXC_SYSTEM" path=/opt/gbo/bin/syst  em || exit 1
--- a/gb-infra/src/templates/opt/gbo/tenants/default/shared/scripts/startup.sh
+++ b/gb-infra/src/templates/opt/gbo/tenants/default/shared/scripts/startup.sh
@ -0,0 +1,11 @@
 #!/bin/bash
 # Disable shell timeout
 sed -i '/TMOUT/d' /etc/profile /etc/bash.bashrc /etc/profile.d/*
 echo 'export TMOUT=0' > /etc/profile.d/notimeout.sh
 chmod +x /etc/profile.d/notimeout.sh
 sed -i '/pam_exec.so/s/quiet/quiet set_timeout=0/' /etc/pam.d/sshd 2>/dev/null
 source /etc/profile