Commit 93a73348 by Ivan

feat: update entrypoint

parent ccdaa62a
......@@ -52,12 +52,13 @@ VOLUME ["/root/.ssh", "/rails/code", "/rails/storage", "/rails/public/uploads",
COPY bin/docker-entrypoint /rails/bin/
RUN chmod +x /rails/bin/docker-entrypoint
# Run and own only the runtime files as a non-root user for security
# 为rails用户准备环境,但仍使用root运行(为了访问SSH密钥)
RUN groupadd --system --gid 1000 rails && \
useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
chown -R rails:rails /rails
USER 1000:1000
# 注释掉USER指令,使用root用户运行
# USER 1000:1000
# Entrypoint pulls code, installs dependencies, and prepares the application
ENTRYPOINT ["/rails/bin/docker-entrypoint"]
......
......@@ -37,47 +37,55 @@ sleep 5
# 设置SSH配置以解决Host key verification failed问题
echo "Setting up SSH configuration..."
# 确保.ssh目录存在并具有正确的权限
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# 打印当前用户和环境
echo "Current user: $(whoami)"
echo "Home directory: $HOME"
# 如果存在挂载的SSH目录,确保我们可以使用其中的密钥
if [ -d "/root/.ssh" ]; then
echo "Found mounted SSH directory, configuring access..."
# 复制SSH密钥到当前用户的.ssh目录
cp -f /root/.ssh/id_* ~/.ssh/ 2>/dev/null || echo "No SSH keys found in mounted directory"
cp -f /root/.ssh/config ~/.ssh/ 2>/dev/null || echo "No SSH config found in mounted directory"
# 确保密钥文件有正确的权限
chmod 600 ~/.ssh/id_* 2>/dev/null || echo "No SSH keys to chmod"
# 如果存在known_hosts文件,也复制它
if [ -f "/root/.ssh/known_hosts" ]; then
cp -f /root/.ssh/known_hosts ~/.ssh/
else
# 如果没有known_hosts文件,创建一个空文件
touch ~/.ssh/known_hosts
fi
# 禁用StrictHostKeyChecking以自动接受新的host keys
if [ ! -f "~/.ssh/config" ]; then
echo "Creating SSH config to disable strict host key checking..."
cat > ~/.ssh/config << 'EOL'
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
# 检查SSH密钥目录
echo "Checking SSH keys directory..."
ls -la /root/.ssh/ || echo "No SSH keys directory found"
# 检查密钥文件权限
echo "Checking SSH key permissions..."
find /root/.ssh -type f -name "id_*" -exec ls -la {} \; || echo "No SSH keys found"
# 确保密钥有正确的权限
echo "Setting correct permissions on SSH keys..."
find /root/.ssh -type f -name "id_*" -exec chmod 600 {} \; || echo "No SSH keys to chmod"
# 创建一个更详细的SSH脚本,显示调试信息
mkdir -p /tmp/git-ssh
cat > /tmp/git-ssh/ssh.sh << 'EOL'
#!/bin/bash
echo "[SSH Debug] Command: ssh $@" >&2
ssh -v -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$@"
EOL
chmod 600 ~/.ssh/config
fi
fi
# 设置执行权限
chmod +x /tmp/git-ssh/ssh.sh
# 设置GIT_SSH环境变量
export GIT_SSH="/tmp/git-ssh/ssh.sh"
echo "GIT_SSH set to: $GIT_SSH"
# 测试SSH连接
echo "Testing SSH connection to Git repository host..."
GIT_HOST=$(echo "${GIT_REPOSITORY}" | sed -E 's/.*@([^:]+):.*/\1/')
if [ "${GIT_HOST}" != "${GIT_REPOSITORY}" ]; then
echo "Detected Git host: ${GIT_HOST}"
ssh -T -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${GIT_HOST} 2>&1 || echo "SSH connection test completed with non-zero exit code, but we'll continue anyway"
# 从 Git 仓库地址中提取完整的用户和主机信息
GIT_USER_HOST=$(echo "${GIT_REPOSITORY}" | sed -E 's/(.*):.*/\1/')
if [ "${GIT_USER_HOST}" != "${GIT_REPOSITORY}" ]; then
echo "Detected Git user and host: ${GIT_USER_HOST}"
# 显示当前的SSH密钥
echo "Available SSH keys:"
ls -la /root/.ssh/
# 测试SSH连接,使用完整的用户@主机格式
ssh -T -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${GIT_USER_HOST} 2>&1 || {
echo "SSH connection test failed with error code: $?"
echo "This may cause Git operations to fail, but we'll continue anyway"
}
fi
# Check if code directory is empty or if we need to clone/pull the repository
......
......@@ -40,8 +40,8 @@ registry:
env:
secret:
- RAILS_MASTER_KEY
# Add Git credentials if needed for private repositories
# - GIT_CREDENTIALS
# Add Git credentials for private repositories
- GIT_CREDENTIALS
clear:
# Git repository configuration
GIT_REPOSITORY: git@git.tallty.com:mumumumushu/img-manager.git
......@@ -101,7 +101,7 @@ volumes:
- "/root/img_manager/logs:/rails/log"
# Tmp directory for pids and other temporary files
- "/root/img_manager/tmp:/rails/tmp"
- "/root/.ssh:/home/rails/.ssh"
- "/root/.ssh:/root/.ssh"
# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment