feat: update entrypoint

93a73348 · Ivan · ccdaa62a · 93a73348 · 93a73348 · 93a73348
Commit 93a73348 authored Mar 11, 2025 by Ivan
Hide whitespace changes
Inline Side-by-side

Showing with 50 additions and 41 deletions

Dockerfile Dockerfile +3 -2

docker-entrypoint bin/docker-entrypoint +44 -36

deploy.yml config/deploy.yml +3 -3

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -52,12 +52,13 @@ VOLUME ["/root/.ssh", "/rails/code", "/rails/storage", "/rails/public/uploads", 
 COPY bin/docker-entrypoint /rails/bin/
 RUN chmod +x /rails/bin/docker-entrypoint

-# Run and own only the runtime files as a non-root user for security
+# 为rails用户准备环境，但仍使用root运行（为了访问SSH密钥）
 RUN groupadd --system --gid 1000 rails && \
    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
    chown -R rails:rails /rails

-USER 1000:1000
+# 注释掉USER指令，使用root用户运行
+# USER 1000:1000

 # Entrypoint pulls code, installs dependencies, and prepares the application
 ENTRYPOINT ["/rails/bin/docker-entrypoint"]

--- a/bin/docker-entrypoint
+++ b/bin/docker-entrypoint
@@ -37,47 +37,55 @@ sleep 5
 # 设置SSH配置以解决Host key verification failed问题
 echo "Setting up SSH configuration..."

-# 确保.ssh目录存在并具有正确的权限
-mkdir -p ~/.ssh
-chmod 700 ~/.ssh
+# 打印当前用户和环境
+echo "Current user: $(whoami)"
+echo "Home directory: $HOME"

-# 如果存在挂载的SSH目录，确保我们可以使用其中的密钥
-if [ -d "/root/.ssh" ]; then
-  echo "Found mounted SSH directory, configuring access..."
-  
-  # 复制SSH密钥到当前用户的.ssh目录
-  cp -f /root/.ssh/id_* ~/.ssh/ 2>/dev/null || echo "No SSH keys found in mounted directory"
-  cp -f /root/.ssh/config ~/.ssh/ 2>/dev/null || echo "No SSH config found in mounted directory"
-  
-  # 确保密钥文件有正确的权限
-  chmod 600 ~/.ssh/id_* 2>/dev/null || echo "No SSH keys to chmod"
-  
-  # 如果存在known_hosts文件，也复制它
-  if [ -f "/root/.ssh/known_hosts" ]; then
-    cp -f /root/.ssh/known_hosts ~/.ssh/
-  else
-    # 如果没有known_hosts文件，创建一个空文件
-    touch ~/.ssh/known_hosts
-  fi
-  
-  # 禁用StrictHostKeyChecking以自动接受新的host keys
-  if [ ! -f "~/.ssh/config" ]; then
-    echo "Creating SSH config to disable strict host key checking..."
-    cat > ~/.ssh/config << 'EOL'
-Host *
-  StrictHostKeyChecking no
-  UserKnownHostsFile=/dev/null
+# 检查SSH密钥目录
+echo "Checking SSH keys directory..."
+ls -la /root/.ssh/ || echo "No SSH keys directory found"
+
+# 检查密钥文件权限
+echo "Checking SSH key permissions..."
+find /root/.ssh -type f -name "id_*" -exec ls -la {} \; || echo "No SSH keys found"
+
+# 确保密钥有正确的权限
+echo "Setting correct permissions on SSH keys..."
+find /root/.ssh -type f -name "id_*" -exec chmod 600 {} \; || echo "No SSH keys to chmod"
+
+# 创建一个更详细的SSH脚本，显示调试信息
+mkdir -p /tmp/git-ssh
+cat > /tmp/git-ssh/ssh.sh << 'EOL'
+#!/bin/bash
+echo "[SSH Debug] Command: ssh $@" >&2
+ssh -v -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$@"
 EOL
-    chmod 600 ~/.ssh/config
-  fi
-fi
+
+# 设置执行权限
+chmod +x /tmp/git-ssh/ssh.sh
+
+# 设置GIT_SSH环境变量
+export GIT_SSH="/tmp/git-ssh/ssh.sh"
+echo "GIT_SSH set to: $GIT_SSH"

 # 测试SSH连接
 echo "Testing SSH connection to Git repository host..."
-GIT_HOST=$(echo "${GIT_REPOSITORY}" | sed -E 's/.*@([^:]+):.*/\1/')
-if [ "${GIT_HOST}" != "${GIT_REPOSITORY}" ]; then
-  echo "Detected Git host: ${GIT_HOST}"
-  ssh -T -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${GIT_HOST} 2>&1 || echo "SSH connection test completed with non-zero exit code, but we'll continue anyway"
+
+# 从 Git 仓库地址中提取完整的用户和主机信息
+GIT_USER_HOST=$(echo "${GIT_REPOSITORY}" | sed -E 's/(.*):.*/\1/')
+
+if [ "${GIT_USER_HOST}" != "${GIT_REPOSITORY}" ]; then
+  echo "Detected Git user and host: ${GIT_USER_HOST}"
+  
+  # 显示当前的SSH密钥
+  echo "Available SSH keys:"
+  ls -la /root/.ssh/
+  
+  # 测试SSH连接，使用完整的用户@主机格式
+  ssh -T -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${GIT_USER_HOST} 2>&1 || {
+    echo "SSH connection test failed with error code: $?"
+    echo "This may cause Git operations to fail, but we'll continue anyway"
+  }
 fi

 # Check if code directory is empty or if we need to clone/pull the repository

--- a/config/deploy.yml
+++ b/config/deploy.yml
@@ -40,8 +40,8 @@ registry:
 env:
  secret:
    - RAILS_MASTER_KEY
-    # Add Git credentials if needed for private repositories
-    # - GIT_CREDENTIALS
+    # Add Git credentials for private repositories
+    - GIT_CREDENTIALS
  clear:
    # Git repository configuration
    GIT_REPOSITORY: git@git.tallty.com:mumumumushu/img-manager.git
@@ -101,7 +101,7 @@ volumes:
  - "/root/img_manager/logs:/rails/log"
  # Tmp directory for pids and other temporary files
  - "/root/img_manager/tmp:/rails/tmp"
-  - "/root/.ssh:/home/rails/.ssh"
+  - "/root/.ssh:/root/.ssh"


 # Bridge fingerprinted assets, like JS and CSS, between versions to avoid