devaine/CodeRED-Astra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Patch ssh handling for authentication.

Browse source
This commit is contained in:
Christbru 2025-10-18 20:03:27 -05:00
commit f730609f62
2 changed files with 30 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

22
.github/workflows/build-and-deploy.yml vendored
View file

@ -39,6 +39,8 @@ jobs:
context: ./web-app context: ./web-app
push: true push: true
tags: ghcr.io/${{ steps.repo_name.outputs.name }}/web-app:${{ github.sha }} tags: ghcr.io/${{ steps.repo_name.outputs.name }}/web-app:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push Rust engine image ⚙️ - name: Build and push Rust engine image ⚙️
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@ -46,13 +48,31 @@ jobs:
context: ./rust-engine context: ./rust-engine
push: true push: true
tags: ghcr.io/${{ steps.repo_name.outputs.name }}/rust-engine:${{ github.sha }} tags: ghcr.io/${{ steps.repo_name.outputs.name }}/rust-engine:${{ github.sha }}
build-args: |
RUSTUP_TOOLCHAIN=stable
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Prepare SSH key
shell: bash
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# Write private key
printf "%s" "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
# Pre-populate known_hosts to avoid interactive prompt
ssh-keyscan -H "${{ secrets.SERVER_HOST }}" >> ~/.ssh/known_hosts || true
chmod 644 ~/.ssh/known_hosts
- name: Deploy to server via SSH ☁️ - name: Deploy to server via SSH ☁️
uses: appleboy/ssh-action@v1.0.3 uses: appleboy/ssh-action@v1.0.3
with: with:
host: ${{ secrets.SERVER_HOST }} host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USERNAME }} username: ${{ secrets.SERVER_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }} key_path: ~/.ssh/id_rsa
debug: true
script: | script: |
cd /var/www/codered-astra cd /var/www/codered-astra
export GEMINI_API_KEY='${{ secrets.GEMINI_API_KEY }}' export GEMINI_API_KEY='${{ secrets.GEMINI_API_KEY }}'

11
rust-engine/Dockerfile
View file

@ -1,3 +1,4 @@
# syntax=docker/dockerfile:1.7
# rust-engine/Dockerfile # rust-engine/Dockerfile
# --- Stage 1: Builder --- # --- Stage 1: Builder ---
@ -32,14 +33,20 @@ COPY Cargo.toml Cargo.lock ./
RUN mkdir -p src && echo "fn main() { println!(\"cargo cache build\"); }" > src/main.rs RUN mkdir -p src && echo "fn main() { println!(\"cargo cache build\"); }" > src/main.rs
# Fetch and build dependencies (this will be cached until Cargo.toml changes) # Fetch and build dependencies (this will be cached until Cargo.toml changes)
RUN cargo build --release || true RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \
--mount=type=cache,target=/usr/local/cargo/git,sharing=locked \
--mount=type=cache,target=/usr/src/app/target,sharing=locked \
cargo build --release || true
# Now copy the real source and build the final binary # Now copy the real source and build the final binary
COPY src ./src COPY src ./src
# Only remove the dummy main.rs if it exists and is not the real one # Only remove the dummy main.rs if it exists and is not the real one
RUN if grep -q 'cargo cache build' src/main.rs 2>/dev/null; then rm src/main.rs; fi RUN if grep -q 'cargo cache build' src/main.rs 2>/dev/null; then rm src/main.rs; fi
RUN cargo build --release RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \
--mount=type=cache,target=/usr/local/cargo/git,sharing=locked \
--mount=type=cache,target=/usr/src/app/target,sharing=locked \
cargo build --release
# --- Stage 2: Final, small image --- # --- Stage 2: Final, small image ---
FROM debian:bookworm-slim FROM debian:bookworm-slim