fix: resolve all CI review blockers for forgejo admin bootstrap (#1069)
All checks were successful
All checks were successful
This commit is contained in:
dev-qwen2
parent
a7bcb96935
commit
95bacbbfa4
3 changed files with 28 additions and 23 deletions
|
|
@ -1057,7 +1057,7 @@ _disinto_init_nomad() {
|
||||||
echo "Error: deploy.sh must run as root and sudo is not installed" >&2
|
echo "Error: deploy.sh must run as root and sudo is not installed" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
sudo -n -- "${deploy_cmd[@]}" || exit $?
|
sudo -n --preserve-env=FORGE_ADMIN_PASS,FORGE_TOKEN,FORGE_URL -- "${deploy_cmd[@]}" || exit $?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Post-deploy: bootstrap Forgejo admin user after forgejo deployment
|
# Post-deploy: bootstrap Forgejo admin user after forgejo deployment
|
||||||
|
|
@ -1073,7 +1073,7 @@ _disinto_init_nomad() {
|
||||||
echo "Error: forgejo-bootstrap.sh must run as root and sudo is not installed" >&2
|
echo "Error: forgejo-bootstrap.sh must run as root and sudo is not installed" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
sudo -n -- "$bootstrap_script" || exit $?
|
sudo -n --preserve-env=FORGE_ADMIN_PASS,FORGE_TOKEN,FORGE_URL -- "$bootstrap_script" || exit $?
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "warning: forgejo-bootstrap.sh not found or not executable" >&2
|
echo "warning: forgejo-bootstrap.sh not found or not executable" >&2
|
||||||
|
|
|
||||||
|
|
@ -263,12 +263,12 @@ for job_name in "${JOBS[@]}"; do
|
||||||
if ! _wait_job_running "$job_name" "$job_timeout"; then
|
if ! _wait_job_running "$job_name" "$job_timeout"; then
|
||||||
log "WARNING: deployment for job '${job_name}' did not reach successful state — continuing with remaining jobs"
|
log "WARNING: deployment for job '${job_name}' did not reach successful state — continuing with remaining jobs"
|
||||||
FAILED_JOBS+=("$job_name")
|
FAILED_JOBS+=("$job_name")
|
||||||
fi
|
else
|
||||||
|
# 5. Run post-deploy scripts (only if job reached healthy state)
|
||||||
# 5. Run post-deploy scripts
|
|
||||||
if ! _run_post_deploy "$job_name"; then
|
if ! _run_post_deploy "$job_name"; then
|
||||||
die "post-deploy script failed for job '${job_name}'"
|
die "post-deploy script failed for job '${job_name}'"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ "$DRY_RUN" -eq 1 ]; then
|
if [ "$DRY_RUN" -eq 1 ]; then
|
||||||
|
|
|
||||||
|
|
@ -95,7 +95,7 @@ fi
|
||||||
if [ -z "$FORGE_TOKEN" ]; then
|
if [ -z "$FORGE_TOKEN" ]; then
|
||||||
log "reading FORGE_TOKEN from Vault at kv/disinto/shared/forge/token"
|
log "reading FORGE_TOKEN from Vault at kv/disinto/shared/forge/token"
|
||||||
_hvault_default_env
|
_hvault_default_env
|
||||||
token_raw="$(hvault_get_or_empty "kv/data/disinto/shared/forge/token" 2>/dev/null) || true"
|
token_raw="$(hvault_get_or_empty "kv/data/disinto/shared/forge/token" 2>/dev/null)" || true
|
||||||
if [ -n "$token_raw" ]; then
|
if [ -n "$token_raw" ]; then
|
||||||
FORGE_TOKEN="$(printf '%s' "$token_raw" | jq -r '.data.data.token // empty' 2>/dev/null)" || true
|
FORGE_TOKEN="$(printf '%s' "$token_raw" | jq -r '.data.data.token // empty' 2>/dev/null)" || true
|
||||||
fi
|
fi
|
||||||
|
|
@ -105,29 +105,34 @@ if [ -z "$FORGE_TOKEN" ]; then
|
||||||
log "forge token loaded from Vault"
|
log "forge token loaded from Vault"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ── Step 1/2: Check if admin user already exists ─────────────────────────────
|
# ── Step 1/3: Check if admin user already exists ─────────────────────────────
|
||||||
log "── Step 1/2: check if admin user '${FORGE_ADMIN_USER}' exists ──"
|
log "── Step 1/3: check if admin user '${FORGE_ADMIN_USER}' exists ──"
|
||||||
|
|
||||||
# Search for the user via the public API (no auth needed for search)
|
|
||||||
user_search_raw=$(curl -sf --max-time 10 \
|
|
||||||
"${FORGE_URL}/api/v1/users/search?q=${FORGE_ADMIN_USER}&limit=1" 2>/dev/null) || {
|
|
||||||
# If search fails (e.g., Forgejo not ready yet), we'll handle it
|
|
||||||
log "warning: failed to search users (Forgejo may not be ready yet)"
|
|
||||||
user_search_raw=""
|
|
||||||
}
|
|
||||||
|
|
||||||
|
# Use exact match via GET /api/v1/users/{username} (returns 404 if absent)
|
||||||
|
user_lookup_raw=$(curl -sf --max-time 10 \
|
||||||
|
"${FORGE_URL}/api/v1/users/${FORGE_ADMIN_USER}" 2>/dev/null) || {
|
||||||
|
# 404 means user doesn't exist
|
||||||
|
if [ $? -eq 7 ]; then
|
||||||
|
log "admin user '${FORGE_ADMIN_USER}' not found"
|
||||||
admin_user_exists=false
|
admin_user_exists=false
|
||||||
user_id=""
|
user_id=""
|
||||||
|
else
|
||||||
|
# Other curl errors (e.g., network, Forgejo down)
|
||||||
|
log "warning: failed to lookup user (Forgejo may not be ready yet)"
|
||||||
|
admin_user_exists=false
|
||||||
|
user_id=""
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
if [ -n "$user_search_raw" ]; then
|
if [ -n "$user_lookup_raw" ]; then
|
||||||
user_id=$(printf '%s' "$user_search_raw" | jq -r '.data[0].id // empty' 2>/dev/null) || true
|
|
||||||
if [ -n "$user_id" ]; then
|
|
||||||
admin_user_exists=true
|
admin_user_exists=true
|
||||||
|
user_id=$(printf '%s' "$user_lookup_raw" | jq -r '.id // empty' 2>/dev/null) || true
|
||||||
|
if [ -n "$user_id" ]; then
|
||||||
log "admin user '${FORGE_ADMIN_USER}' already exists (user_id: ${user_id})"
|
log "admin user '${FORGE_ADMIN_USER}' already exists (user_id: ${user_id})"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ── Step 2/2: Create admin user if needed ────────────────────────────────────
|
# ── Step 2/3: Create admin user if needed ────────────────────────────────────
|
||||||
if [ "$admin_user_exists" = false ]; then
|
if [ "$admin_user_exists" = false ]; then
|
||||||
log "creating admin user '${FORGE_ADMIN_USER}'"
|
log "creating admin user '${FORGE_ADMIN_USER}'"
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue