From 7ebc9e11ea09fcd590003d6f72b3fb6fdf2a676a Mon Sep 17 00:00:00 2001 From: Losita <2810873701@qq.com> Date: Mon, 11 May 2026 20:24:40 +0800 Subject: [PATCH] fix:fix workflow --- .gitea/workflows/release-offline.yml | 30 +++++++++++++++++--- deploy/server-maibot/README_DEPLOY_STEPS.txt | 12 ++++++-- 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/release-offline.yml b/.gitea/workflows/release-offline.yml index 5ff4229a..a22a8c0f 100644 --- a/.gitea/workflows/release-offline.yml +++ b/.gitea/workflows/release-offline.yml @@ -3,14 +3,21 @@ name: offline-release on: workflow_dispatch: +permissions: + contents: read + jobs: package-and-deploy: runs-on: build-host steps: - name: Prepare local worktree env: - MAIBOT_REPO_URL: http://127.0.0.1:3000/${{ gitea.repository }}.git MAIBOT_REPO_SHA: ${{ gitea.sha }} + MAIBOT_REPO_REF: ${{ gitea.ref }} + MAIBOT_REPOSITORY: ${{ gitea.repository }} + MAIBOT_SERVER_URL: ${{ gitea.server_url }} + MAIBOT_REPO_URL: ${{ vars.MAIBOT_REPO_URL }} + GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} shell: bash run: | set -euo pipefail @@ -20,14 +27,29 @@ jobs: rm -rf "$worktree" mkdir -p "$worktree_root" + printf 'MAIBOT_WORKTREE=%s\n' "$worktree" >> "$GITHUB_ENV" - git clone --no-checkout "$MAIBOT_REPO_URL" "$worktree" - git -C "$worktree" checkout --force "$MAIBOT_REPO_SHA" + repo_url="${MAIBOT_REPO_URL:-${MAIBOT_SERVER_URL%/}/${MAIBOT_REPOSITORY}.git}" + auth_header="Authorization: token ${GITEA_TOKEN}" + + echo "Resolving repository source: $repo_url" + git -c http.lowSpeedLimit=1 \ + -c http.lowSpeedTime=30 \ + -c http.extraHeader="$auth_header" \ + ls-remote "$repo_url" "$MAIBOT_REPO_REF" + + git init "$worktree" + git -C "$worktree" remote add origin "$repo_url" + git -C "$worktree" \ + -c http.lowSpeedLimit=1 \ + -c http.lowSpeedTime=30 \ + -c http.extraHeader="$auth_header" \ + fetch --depth=1 origin "$MAIBOT_REPO_SHA" + git -C "$worktree" checkout --force FETCH_HEAD git -C "$worktree" clean -dffx app_tag="$(git -C "$worktree" rev-parse --short=12 HEAD)" printf 'APP_TAG=%s\n' "$app_tag" >> "$GITHUB_ENV" - printf 'MAIBOT_WORKTREE=%s\n' "$worktree" >> "$GITHUB_ENV" - name: Stage release directory shell: bash diff --git a/deploy/server-maibot/README_DEPLOY_STEPS.txt b/deploy/server-maibot/README_DEPLOY_STEPS.txt index 6124450d..c8ab00aa 100644 --- a/deploy/server-maibot/README_DEPLOY_STEPS.txt +++ b/deploy/server-maibot/README_DEPLOY_STEPS.txt @@ -22,18 +22,26 @@ Gitea workflow: Current pipeline mode: - single-host release on the repo-level `build-host` runner -- clones from local Gitea HTTP on `127.0.0.1:3000` +- fetches the source commit from the workflow repository itself +- defaults to `${gitea.server_url}/${gitea.repository}.git` +- can override the clone URL with the repository variable `MAIBOT_REPO_URL` +- authenticates Git over HTTP(S) with the built-in `GITEA_TOKEN` +- performs a shallow fetch of the triggering commit instead of a full clone - stages source into `/srv/maibot/releases/` - builds `maibot-offline:` from the staged release using local base image `maibot-offline:latest` - tags the same image back to `maibot-offline:latest` - deploys from `/root/maibot-offline` with `docker compose up -d` Optional environment overrides for the workflow runtime: +- `MAIBOT_REPO_URL` - `MAIBOT_RELEASE_ROOT` - `MAIBOT_RUNTIME_ROOT` - `MAIBOT_BASE_IMAGE` -No repository secrets are required for the default same-host pipeline. +Runner connectivity note: +- if the runner cannot access `${gitea.server_url}` directly, set `MAIBOT_REPO_URL` to a runner-reachable HTTPS clone URL +- for private repositories, the workflow uses the built-in `GITEA_TOKEN`, so no extra personal access token secret is needed +- the repository or owner Actions settings must allow the job token to read repository contents Bootstrap note: - `deploy/server-maibot/Dockerfile.offline` is only for the first bootstrap or for refreshing the runtime base image.