wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity

fix(cd): use absolute ssh key paths
All checks were successful
Code Review / ai-code-review (push) Successful in 10s
Details

Browse Source
This commit is contained in:
OG T
2026-05-06 13:25:45 +08:00
parent 2c2bf9d665
commit 8ae7789e93
2 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.gitea/workflows/cd.yaml
View File

@@ -445,10 +445,10 @@ jobs:
run: |
# S1/S2: 統一命名 deploy_key改用 ssh-keyscan比 StrictHostKeyChecking=no 更安全)
mkdir -p ~/.ssh
echo "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
echo "$SSH_PRIVATE_KEY" > "${HOME}/.ssh/deploy_key"
chmod 600 "${HOME}/.ssh/deploy_key"
ssh-keyscan -T 5 "${{ env.K8S_SSH_HOST }}" > ~/.ssh/known_hosts 2>/dev/null
SSH_OPTS="-i ~/.ssh/deploy_key -o BatchMode=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=${HOME}/.ssh/known_hosts -o ConnectTimeout=10"
SSH_OPTS="-i ${HOME}/.ssh/deploy_key -o BatchMode=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=${HOME}/.ssh/known_hosts -o ConnectTimeout=10"
ssh $SSH_OPTS "wooo@${{ env.K8S_SSH_HOST }}" << SECRETS
set -e
K8S_API_SERVER="${{ env.K8S_API_SERVER }}"
@@ -683,10 +683,10 @@ jobs:
GITEA_TOKEN: ${{ secrets.CD_PUSH_TOKEN }}
run: |
mkdir -p ~/.ssh
echo "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
echo "$SSH_PRIVATE_KEY" > "${HOME}/.ssh/deploy_key"
chmod 600 "${HOME}/.ssh/deploy_key"
ssh-keyscan -T 5 "${{ env.K8S_SSH_HOST }}" > ~/.ssh/known_hosts 2>/dev/null
SSH_OPTS="-i ~/.ssh/deploy_key -o BatchMode=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=${HOME}/.ssh/known_hosts -o ConnectTimeout=10"
SSH_OPTS="-i ${HOME}/.ssh/deploy_key -o BatchMode=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=${HOME}/.ssh/known_hosts -o ConnectTimeout=10"
IMAGE_TAG="${{ github.sha }}"
HARBOR=192.168.0.110:5000
@@ -808,26 +808,26 @@ jobs:
SSH_KEY_188: ${{ secrets.DEPLOY_SSH_KEY_188 }}
run: |
mkdir -p ~/.ssh
echo "$SSH_KEY_188" > ~/.ssh/deploy_key_188
chmod 600 ~/.ssh/deploy_key_188
echo "$SSH_KEY_188" > "${HOME}/.ssh/deploy_key_188"
chmod 600 "${HOME}/.ssh/deploy_key_188"
ssh-keyscan 192.168.0.188 >> ~/.ssh/known_hosts 2>/dev/null
# 同步 docker-health-monitor.sh
scp -i ~/.ssh/deploy_key_188 \
scp -i "${HOME}/.ssh/deploy_key_188" \
scripts/ops/docker-health-monitor.sh \
ollama@192.168.0.188:~/awoooi-ops/docker-health-monitor.sh \
&& echo "✅ docker-health-monitor.sh 已同步" \
|| echo "⚠️ docker-health-monitor.sh 同步失敗"
# 同步 pg-backup.sh
scp -i ~/.ssh/deploy_key_188 \
scp -i "${HOME}/.ssh/deploy_key_188" \
scripts/ops/pg-backup.sh \
ollama@192.168.0.188:~/awoooi-ops/pg-backup.sh \
&& echo "✅ pg-backup.sh 已同步" \
|| echo "⚠️ pg-backup.sh 同步失敗"
# 確保執行權限
ssh -i ~/.ssh/deploy_key_188 ollama@192.168.0.188 \
ssh -i "${HOME}/.ssh/deploy_key_188" ollama@192.168.0.188 \
"chmod +x ~/awoooi-ops/docker-health-monitor.sh ~/awoooi-ops/pg-backup.sh && echo '✅ 權限設定完成'" \
|| echo "⚠️ 權限設定失敗"

12
docs/LOGBOOK.md
View File

@@ -1,3 +1,15 @@
## 2026-05-06 | Gitea CD SSH key path no longer expands to /root
**背景**`2c2bf9d6` 的 CD `build-and-deploy``Inject K8s Secrets` 失敗runner 先把 deploy key 寫到 `${HOME}/.ssh/deploy_key`,但 `ssh -i ~/.ssh/deploy_key` 由 OpenSSH 展開成 `/root/.ssh/deploy_key`,導致 `Permission denied`
**本次修補**
- `.gitea/workflows/cd.yaml` 的 K8s deploy SSH_OPTS 改用 `${HOME}/.ssh/deploy_key` 絕對展開。
- 同步修正 188 ops script 同步步驟的 `deploy_key_188` path避免同類環境差異再次出現。
**驗證**
- `rg "SSH_OPTS=|~/.ssh/deploy_key" .gitea/workflows/cd.yaml` 確認 K8s SSH_OPTS 已無 `~` path。
- 待下一輪 CD 重新跑 `build-and-deploy``post-deploy-checks`
## 2026-05-06 | AwoooP approval and MCP Gate 5 stop importing aioredis
**背景**:整合計畫 P0-L 指出 AwoooP approval token service 與 MCP Gate 5 還在 runtime import `aioredis`;這會讓 approval / gateway path 在 Python 3.11+ 或套件漂移時直接壞掉,也繞過既有 Redis pool 管理。