Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
I
img-manager
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Ivan Lan
img-manager
Commits
93a73348
Commit
93a73348
authored
Mar 11, 2025
by
Ivan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
feat: update entrypoint
parent
ccdaa62a
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
50 additions
and
41 deletions
+50
-41
Dockerfile
Dockerfile
+3
-2
docker-entrypoint
bin/docker-entrypoint
+44
-36
deploy.yml
config/deploy.yml
+3
-3
No files found.
Dockerfile
View file @
93a73348
...
...
@@ -52,12 +52,13 @@ VOLUME ["/root/.ssh", "/rails/code", "/rails/storage", "/rails/public/uploads",
COPY
bin/docker-entrypoint /rails/bin/
RUN
chmod
+x /rails/bin/docker-entrypoint
#
Run and own only the runtime files as a non-root user for security
#
为rails用户准备环境,但仍使用root运行(为了访问SSH密钥)
RUN
groupadd
--system
--gid
1000 rails
&&
\
useradd rails
--uid
1000
--gid
1000
--create-home
--shell
/bin/bash
&&
\
chown
-R
rails:rails /rails
USER
1000:1000
# 注释掉USER指令,使用root用户运行
# USER 1000:1000
# Entrypoint pulls code, installs dependencies, and prepares the application
ENTRYPOINT
["/rails/bin/docker-entrypoint"]
...
...
bin/docker-entrypoint
View file @
93a73348
...
...
@@ -37,47 +37,55 @@ sleep 5
# 设置SSH配置以解决Host key verification failed问题
echo
"Setting up SSH configuration..."
#
确保.ssh目录存在并具有正确的权限
mkdir
-p
~/.ssh
chmod
700 ~/.ssh
#
打印当前用户和环境
echo
"Current user:
$(
whoami
)
"
echo
"Home directory:
$HOME
"
# 如果存在挂载的SSH目录,确保我们可以使用其中的密钥
if
[
-d
"/root/.ssh"
]
;
then
echo
"Found mounted SSH directory, configuring access..."
# 复制SSH密钥到当前用户的.ssh目录
cp
-f
/root/.ssh/id_
*
~/.ssh/ 2>/dev/null
||
echo
"No SSH keys found in mounted directory"
cp
-f
/root/.ssh/config ~/.ssh/ 2>/dev/null
||
echo
"No SSH config found in mounted directory"
# 确保密钥文件有正确的权限
chmod
600 ~/.ssh/id_
*
2>/dev/null
||
echo
"No SSH keys to chmod"
# 如果存在known_hosts文件,也复制它
if
[
-f
"/root/.ssh/known_hosts"
]
;
then
cp
-f
/root/.ssh/known_hosts ~/.ssh/
else
# 如果没有known_hosts文件,创建一个空文件
touch
~/.ssh/known_hosts
fi
# 禁用StrictHostKeyChecking以自动接受新的host keys
if
[
!
-f
"~/.ssh/config"
]
;
then
echo
"Creating SSH config to disable strict host key checking..."
cat
>
~/.ssh/config
<<
'
EOL
'
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
# 检查SSH密钥目录
echo
"Checking SSH keys directory..."
ls
-la
/root/.ssh/
||
echo
"No SSH keys directory found"
# 检查密钥文件权限
echo
"Checking SSH key permissions..."
find /root/.ssh
-type
f
-name
"id_*"
-exec
ls
-la
{}
\;
||
echo
"No SSH keys found"
# 确保密钥有正确的权限
echo
"Setting correct permissions on SSH keys..."
find /root/.ssh
-type
f
-name
"id_*"
-exec
chmod
600
{}
\;
||
echo
"No SSH keys to chmod"
# 创建一个更详细的SSH脚本,显示调试信息
mkdir
-p
/tmp/git-ssh
cat
>
/tmp/git-ssh/ssh.sh
<<
'
EOL
'
#!/bin/bash
echo "[SSH Debug] Command: ssh
$@
" >&2
ssh -v -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "
$@
"
EOL
chmod
600 ~/.ssh/config
fi
fi
# 设置执行权限
chmod
+x /tmp/git-ssh/ssh.sh
# 设置GIT_SSH环境变量
export
GIT_SSH
=
"/tmp/git-ssh/ssh.sh"
echo
"GIT_SSH set to:
$GIT_SSH
"
# 测试SSH连接
echo
"Testing SSH connection to Git repository host..."
GIT_HOST
=
$(
echo
"
${
GIT_REPOSITORY
}
"
|
sed
-E
's/.*@([^:]+):.*/\1/'
)
if
[
"
${
GIT_HOST
}
"
!=
"
${
GIT_REPOSITORY
}
"
]
;
then
echo
"Detected Git host:
${
GIT_HOST
}
"
ssh
-T
-o
StrictHostKeyChecking
=
no
-o
UserKnownHostsFile
=
/dev/null
${
GIT_HOST
}
2>&1
||
echo
"SSH connection test completed with non-zero exit code, but we'll continue anyway"
# 从 Git 仓库地址中提取完整的用户和主机信息
GIT_USER_HOST
=
$(
echo
"
${
GIT_REPOSITORY
}
"
|
sed
-E
's/(.*):.*/\1/'
)
if
[
"
${
GIT_USER_HOST
}
"
!=
"
${
GIT_REPOSITORY
}
"
]
;
then
echo
"Detected Git user and host:
${
GIT_USER_HOST
}
"
# 显示当前的SSH密钥
echo
"Available SSH keys:"
ls
-la
/root/.ssh/
# 测试SSH连接,使用完整的用户@主机格式
ssh
-T
-o
StrictHostKeyChecking
=
no
-o
UserKnownHostsFile
=
/dev/null
${
GIT_USER_HOST
}
2>&1
||
{
echo
"SSH connection test failed with error code:
$?
"
echo
"This may cause Git operations to fail, but we'll continue anyway"
}
fi
# Check if code directory is empty or if we need to clone/pull the repository
...
...
config/deploy.yml
View file @
93a73348
...
...
@@ -40,8 +40,8 @@ registry:
env
:
secret
:
-
RAILS_MASTER_KEY
# Add Git credentials
if needed
for private repositories
#
- GIT_CREDENTIALS
# Add Git credentials for private repositories
-
GIT_CREDENTIALS
clear
:
# Git repository configuration
GIT_REPOSITORY
:
git@git.tallty.com:mumumumushu/img-manager.git
...
...
@@ -101,7 +101,7 @@ volumes:
-
"
/root/img_manager/logs:/rails/log"
# Tmp directory for pids and other temporary files
-
"
/root/img_manager/tmp:/rails/tmp"
-
"
/root/.ssh:/
home/rails
/.ssh"
-
"
/root/.ssh:/
root
/.ssh"
# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment