Merge pull request #1173 from pikasTech/fix/1148-d518-bootstrap-workspace-owner

fix(agentrun): bootstrap source workspace as owner
This commit is contained in:
Lyon
2026-06-28 00:27:20 +08:00
committed by GitHub
+53 -23
View File
@@ -498,18 +498,48 @@ export function yamlLaneSourceBootstrapSubmitScript(spec: AgentRunLaneSpec): str
`bootstrap_branch=${shQuote(bootstrap)}`,
`state_dir=${shQuote(stateDir)}`,
"mkdir -p \"$state_dir\" \"$(dirname \"$workspace\")\"",
"case \"$remote\" in",
" git@*:*)",
" mkdir -p \"$HOME/.ssh\"",
" chmod 700 \"$HOME/.ssh\" 2>/dev/null || true",
" export GIT_SSH_COMMAND=${GIT_SSH_COMMAND:-ssh -o StrictHostKeyChecking=accept-new}",
" ;;",
" ssh://*)",
" mkdir -p \"$HOME/.ssh\"",
" chmod 700 \"$HOME/.ssh\" 2>/dev/null || true",
" export GIT_SSH_COMMAND=${GIT_SSH_COMMAND:-ssh -o StrictHostKeyChecking=accept-new}",
"git_user=''",
"git_home=''",
"case \"$workspace\" in",
" /home/*/*)",
" git_user=${workspace#/home/}",
" git_user=${git_user%%/*}",
" git_home=/home/$git_user",
" if ! id \"$git_user\" >/dev/null 2>&1; then git_user=''; git_home=''; fi",
" ;;",
"esac",
"if [ -n \"$git_user\" ]; then chown \"$git_user:$git_user\" \"$(dirname \"$workspace\")\" 2>/dev/null || true; fi",
"case \"$remote\" in",
" git@*:*)",
" if [ -n \"$git_user\" ] && [ -f \"$git_home/.ssh/id_ed25519\" ]; then",
" if [ -z \"${GIT_SSH_COMMAND:-}\" ]; then GIT_SSH_COMMAND=\"ssh -i $git_home/.ssh/id_ed25519 -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$git_home/.ssh/known_hosts\"; fi",
" export GIT_SSH_COMMAND",
" else",
" mkdir -p \"$HOME/.ssh\"",
" chmod 700 \"$HOME/.ssh\" 2>/dev/null || true",
" if [ -z \"${GIT_SSH_COMMAND:-}\" ]; then GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=accept-new\"; fi",
" export GIT_SSH_COMMAND",
" fi",
" ;;",
" ssh://*)",
" if [ -n \"$git_user\" ] && [ -f \"$git_home/.ssh/id_ed25519\" ]; then",
" if [ -z \"${GIT_SSH_COMMAND:-}\" ]; then GIT_SSH_COMMAND=\"ssh -i $git_home/.ssh/id_ed25519 -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$git_home/.ssh/known_hosts\"; fi",
" export GIT_SSH_COMMAND",
" else",
" mkdir -p \"$HOME/.ssh\"",
" chmod 700 \"$HOME/.ssh\" 2>/dev/null || true",
" if [ -z \"${GIT_SSH_COMMAND:-}\" ]; then GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=accept-new\"; fi",
" export GIT_SSH_COMMAND",
" fi",
" ;;",
"esac",
"git_cmd() {",
" if [ -n \"$git_user\" ]; then",
" sudo -u \"$git_user\" env HOME=\"$git_home\" GIT_SSH_COMMAND=\"$GIT_SSH_COMMAND\" git \"$@\"",
" else",
" git \"$@\"",
" fi",
"}",
"job_id=\"source-bootstrap-$(date +%s)-$$\"",
"status_file=\"$state_dir/$job_id.json\"",
"stdout_file=\"$state_dir/$job_id.stdout.log\"",
@@ -525,28 +555,28 @@ export function yamlLaneSourceBootstrapSubmitScript(spec: AgentRunLaneSpec): str
"NODE",
" fi; exit \"$code\"; }",
" trap write_failed_status EXIT",
" if [ -d \"$workspace/.git\" ] && git -C \"$workspace\" rev-parse --git-dir >/dev/null 2>&1; then",
" if [ -d \"$workspace/.git\" ] && git_cmd -C \"$workspace\" rev-parse --git-dir >/dev/null 2>&1; then",
" :",
" else",
" rm -rf \"$workspace\"",
" git clone --no-checkout \"$remote\" \"$workspace\"",
" git_cmd clone --no-checkout \"$remote\" \"$workspace\"",
" fi",
" cd \"$workspace\"",
" git remote set-url origin \"$remote\" || git remote add origin \"$remote\"",
" git fetch origin \"$bootstrap_branch\" \"$branch\" || git fetch origin \"$bootstrap_branch\"",
" if git rev-parse --verify \"refs/remotes/origin/$branch^{commit}\" >/dev/null 2>&1; then",
" git checkout -B \"$branch\" \"refs/remotes/origin/$branch\"",
" git_cmd remote set-url origin \"$remote\" || git_cmd remote add origin \"$remote\"",
" git_cmd fetch origin \"$bootstrap_branch\" \"$branch\" || git_cmd fetch origin \"$bootstrap_branch\"",
" if git_cmd rev-parse --verify \"refs/remotes/origin/$branch^{commit}\" >/dev/null 2>&1; then",
" git_cmd checkout -B \"$branch\" \"refs/remotes/origin/$branch\"",
" else",
" git checkout -B \"$branch\" \"refs/remotes/origin/$bootstrap_branch\"",
" git_cmd checkout -B \"$branch\" \"refs/remotes/origin/$bootstrap_branch\"",
" fi",
" if [ -f deploy/deploy.json ]; then rm deploy/deploy.json; fi",
" git add -A deploy/deploy.json 2>/dev/null || true",
" if ! git diff --quiet --cached -- deploy/deploy.json 2>/dev/null; then",
" git -c user.email=agentrun@unidesk.local -c user.name='UniDesk AgentRun Ops' commit -m 'chore: remove service deploy json truth'",
" git_cmd add -A deploy/deploy.json 2>/dev/null || true",
" if ! git_cmd diff --quiet --cached -- deploy/deploy.json 2>/dev/null; then",
" git_cmd -c user.email=agentrun@unidesk.local -c user.name='UniDesk AgentRun Ops' commit -m 'chore: remove service deploy json truth'",
" fi",
" git push -u origin \"$branch\"",
" source_commit=$(git rev-parse HEAD)",
" status_short=$(git status --short)",
" git_cmd push -u origin \"$branch\"",
" source_commit=$(git_cmd rev-parse HEAD)",
" status_short=$(git_cmd status --short)",
" SOURCE_COMMIT=\"$source_commit\" STATUS_SHORT=\"$status_short\" JOB_ID=\"$job_id\" WORKSPACE=\"$workspace\" BRANCH=\"$branch\" node <<'NODE' > \"$status_file\"",
"console.log(JSON.stringify({ ok: process.env.STATUS_SHORT === '', status: 'succeeded', jobId: process.env.JOB_ID, workspace: process.env.WORKSPACE, branch: process.env.BRANCH, sourceCommit: process.env.SOURCE_COMMIT, workspaceClean: process.env.STATUS_SHORT === '', statusShort: process.env.STATUS_SHORT || null, removedServiceDeployJson: true, valuesPrinted: false }));",
"NODE",