From 7b9f73a6571e68fae05d8b033fab766a99675e15 Mon Sep 17 00:00:00 2001 From: shenlan Date: Wed, 3 Sep 2025 14:46:47 +0800 Subject: [PATCH] fix: use rsync secrets for sync workflows --- .github/workflows/sync-otel-collector.yml | 17 ++++++++++------- .github/workflows/sync-xray-core.yml | 17 ++++++++++------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/.github/workflows/sync-otel-collector.yml b/.github/workflows/sync-otel-collector.yml index 3050e51..08e7cef 100644 --- a/.github/workflows/sync-otel-collector.yml +++ b/.github/workflows/sync-otel-collector.yml @@ -25,7 +25,8 @@ jobs: env: GH_REPO: open-telemetry/opentelemetry-collector-releases GH_TOKEN: ${{ github.token }} # 用内置 token,无需自建 PAT - RSYNC_SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }} + RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }} VPS_HOST: ${{ secrets.VPS_HOST }} REMOTE_ROOT: /data/update-server/otelcol-contrib DEFAULT_TAG: v0.133.0 @@ -82,7 +83,7 @@ jobs: run: | set -euo pipefail REMOTE_DIR="${REMOTE_ROOT}/${TAG}" - if ssh -i ~/.ssh/id_rsa "root@${VPS_HOST}" "test -d '${REMOTE_DIR}'"; then + if ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" "test -d '${REMOTE_DIR}'"; then echo "exists=true" >> "$GITHUB_OUTPUT" echo "Remote already has ${REMOTE_DIR}, skip whole sync." else @@ -106,7 +107,8 @@ jobs: env: GH_REPO: open-telemetry/opentelemetry-collector-releases GH_TOKEN: ${{ github.token }} # 继续使用内置 token - RSYNC_SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }} + RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }} VPS_HOST: ${{ secrets.VPS_HOST }} REMOTE_ROOT: /data/update-server/otelcol-contrib TAG: ${{ needs.prep.outputs.tag }} @@ -160,10 +162,10 @@ jobs: run: | set -euo pipefail REMOTE_DIR="${REMOTE_ROOT}/${TAG}" - ssh -i ~/.ssh/id_rsa "root@${VPS_HOST}" "mkdir -p '${REMOTE_DIR}'" + ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" "mkdir -p '${REMOTE_DIR}'" echo "Rsync releases/${TAG}/${{ steps.has_asset.outputs.asset }} -> ${VPS_HOST}:${REMOTE_DIR}/" rsync -av -e "ssh -i ~/.ssh/id_rsa" \ - "releases/${TAG}/${{ steps.has_asset.outputs.asset }}" "root@${VPS_HOST}:${REMOTE_DIR}/" + "releases/${TAG}/${{ steps.has_asset.outputs.asset }}" "${RSYNC_SSH_USER}@${VPS_HOST}:${REMOTE_DIR}/" retention: name: Remote retention (keep latest 10 v0.*) @@ -171,7 +173,8 @@ jobs: if: needs.prep.outputs.exists == 'false' # 只有新增版本时才清理 runs-on: ubuntu-latest env: - RSYNC_SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }} + RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }} VPS_HOST: ${{ secrets.VPS_HOST }} REMOTE_ROOT: /data/update-server/otelcol-contrib steps: @@ -186,7 +189,7 @@ jobs: - name: Prune old versions on remote (keep 10) run: | set -euo pipefail - ssh -i ~/.ssh/id_rsa "root@${VPS_HOST}" bash -lc ' + ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" bash -lc ' set -euo pipefail cd "'"${REMOTE_ROOT}"'" || exit 0 keep=10 diff --git a/.github/workflows/sync-xray-core.yml b/.github/workflows/sync-xray-core.yml index 8c90528..5932290 100644 --- a/.github/workflows/sync-xray-core.yml +++ b/.github/workflows/sync-xray-core.yml @@ -20,7 +20,8 @@ jobs: env: GH_REPO: XTLS/Xray-core GH_TOKEN: ${{ github.token }} # 用内置 token,无需自建 PAT - RSYNC_SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }} + RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }} VPS_HOST: ${{ secrets.VPS_HOST }} REMOTE_ROOT: /data/update-server/xray-core outputs: @@ -72,7 +73,7 @@ jobs: set -euo pipefail TAG='${{ steps.latest.outputs.tag }}' REMOTE_DIR="${REMOTE_ROOT}/${TAG}" - if ssh -i ~/.ssh/id_rsa "root@${VPS_HOST}" "test -d '${REMOTE_DIR}'"; then + if ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" "test -d '${REMOTE_DIR}'"; then echo "exists=true" >> "$GITHUB_OUTPUT" echo "Remote already has ${REMOTE_DIR}, skip whole sync." else @@ -92,7 +93,8 @@ jobs: env: GH_REPO: XTLS/Xray-core GH_TOKEN: ${{ github.token }} # 继续使用内置 token - RSYNC_SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }} + RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }} VPS_HOST: ${{ secrets.VPS_HOST }} REMOTE_ROOT: /data/update-server/xray-core TAG: ${{ needs.prep.outputs.tag }} @@ -144,10 +146,10 @@ jobs: run: | set -euo pipefail REMOTE_DIR="${REMOTE_ROOT}/${TAG}" - ssh -i ~/.ssh/id_rsa "root@${VPS_HOST}" "mkdir -p '${REMOTE_DIR}'" + ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" "mkdir -p '${REMOTE_DIR}'" echo "Rsync releases/${TAG}/${{ matrix.asset }} -> ${VPS_HOST}:${REMOTE_DIR}/" rsync -av -e "ssh -i ~/.ssh/id_rsa" \ - "releases/${TAG}/${{ matrix.asset }}" "root@${VPS_HOST}:${REMOTE_DIR}/" + "releases/${TAG}/${{ matrix.asset }}" "${RSYNC_SSH_USER}@${VPS_HOST}:${REMOTE_DIR}/" retention: name: Remote retention (keep latest 10 v25.*) @@ -155,7 +157,8 @@ jobs: if: needs.prep.outputs.exists == 'false' # 只有新增版本时才清理 runs-on: ubuntu-latest env: - RSYNC_SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }} + RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }} VPS_HOST: ${{ secrets.VPS_HOST }} REMOTE_ROOT: /data/update-server/xray-core steps: @@ -170,7 +173,7 @@ jobs: - name: Prune old versions on remote (keep 10) run: | set -euo pipefail - ssh -i ~/.ssh/id_rsa "root@${VPS_HOST}" bash -lc ' + ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" bash -lc ' set -euo pipefail cd "'"${REMOTE_ROOT}"'" || exit 0 keep=10