openclaw/openclaw-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ecf5eaaaf792959e8a2912951cd08a6391007fbe
openclaw-deploy/scripts/bootstrap-gitea-openclaw.sh

137 lines
3.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
# Bootstrap a dedicated Gitea user for OpenClaw on a local Dockerized Gitea host.
#
# What it does:
# - ensures an SSH keypair exists locally
# - creates the Gitea user via `gitea admin user create` inside the container
# - generates an API token for that user
# - uploads the SSH public key via the Gitea API
# - writes/updates an SSH config entry for easy git access
#
# Requirements:
# - local Docker access
# - running container named `gitea`
# - curl, python3, ssh-keygen
# - host reachability to the Gitea HTTP URL and SSH port
#
# Example:
# ./scripts/bootstrap-gitea-openclaw.sh \
# --username openclaw \
# --email openclaw@git.an2.io \
# --fullname OpenClaw \
# --http-url https://git.an2.io \
# --ssh-host git.an2.io \
# --ssh-port 222
USERNAME="openclaw"
EMAIL="openclaw@git.an2.io"
FULLNAME="OpenClaw"
HTTP_URL="https://git.an2.io"
SSH_HOST="git.an2.io"
SSH_PORT="222"
SSH_KEY_PATH="${HOME}/.ssh/id_gitea_openclaw"
SSH_HOST_ALIAS="gitea"
CONTAINER_NAME="gitea"
ACCESS_TOKEN_NAME="openclaw-bootstrap"
ACCESS_TOKEN_SCOPES="all"
usage() {
cat <<EOF2
Usage: $0 [options]
Options:
--username <name>
--email <email>
--fullname <name>
--http-url <url>
--ssh-host <host>
--ssh-port <port>
--ssh-key-path <path>
--ssh-host-alias <alias>
--container-name <name>
--token-name <name>
--token-scopes <scopes>
EOF2
}
while [[ $# -gt 0 ]]; do
case "$1" in
--username) USERNAME="$2"; shift 2 ;;
--email) EMAIL="$2"; shift 2 ;;
--fullname) FULLNAME="$2"; shift 2 ;;
--http-url) HTTP_URL="$2"; shift 2 ;;
--ssh-host) SSH_HOST="$2"; shift 2 ;;
--ssh-port) SSH_PORT="$2"; shift 2 ;;
--ssh-key-path) SSH_KEY_PATH="$2"; shift 2 ;;
--ssh-host-alias) SSH_HOST_ALIAS="$2"; shift 2 ;;
--container-name) CONTAINER_NAME="$2"; shift 2 ;;
--token-name) ACCESS_TOKEN_NAME="$2"; shift 2 ;;
--token-scopes) ACCESS_TOKEN_SCOPES="$2"; shift 2 ;;
-h|--help) usage; exit 0 ;;
*) echo "Unknown option: $1" >&2; usage; exit 1 ;;
esac
done
need_cmd() {
command -v "$1" >/dev/null 2>&1 || { echo "Missing command: $1" >&2; exit 1; }
}
need_cmd docker
need_cmd curl
need_cmd python3
need_cmd ssh-keygen
mkdir -p "$(dirname "$SSH_KEY_PATH")"
if [[ ! -f "$SSH_KEY_PATH" ]]; then
ssh-keygen -t ed25519 -f "$SSH_KEY_PATH" -C "${USERNAME}@${SSH_HOST}" -N ''
fi
if sudo docker exec --user git "$CONTAINER_NAME" gitea admin user list | awk 'NR>1 {print $2}' | grep -qx "$USERNAME"; then
echo "User $USERNAME already exists"
else
sudo docker exec --user git "$CONTAINER_NAME" gitea admin user create \
--username "$USERNAME" \
--fullname "$FULLNAME" \
--email "$EMAIL" \
--random-password \
--must-change-password=false
fi
TOKEN=$(sudo docker exec --user git "$CONTAINER_NAME" gitea admin user generate-access-token \
--username "$USERNAME" \
--token-name "$ACCESS_TOKEN_NAME" \
--raw \
--scopes "$ACCESS_TOKEN_SCOPES")
echo "Generated token for $USERNAME (store this securely):"
echo "$TOKEN"
PUB_JSON=$(python3 - <<PY
import json
print(json.dumps(open('${SSH_KEY_PATH}.pub').read().strip()))
PY
)
curl -fsS -X POST "${HTTP_URL%/}/api/v1/user/keys" \
-H "Authorization: token ${TOKEN}" \
-H 'Content-Type: application/json' \
--data "{\"title\":\"${USERNAME}@$(hostname)\",\"key\":${PUB_JSON}}" >/tmp/gitea-key-result.json || true
mkdir -p "${HOME}/.ssh"
touch "${HOME}/.ssh/config"
chmod 600 "${HOME}/.ssh/config"
if ! grep -q "^Host ${SSH_HOST_ALIAS}$" "${HOME}/.ssh/config"; then
cat >> "${HOME}/.ssh/config" <<EOF2
Host ${SSH_HOST_ALIAS}
HostName ${SSH_HOST}
Port ${SSH_PORT}
User git
IdentityFile ${SSH_KEY_PATH}
IdentitiesOnly yes
EOF2
fi
ssh -o StrictHostKeyChecking=accept-new -T "${SSH_HOST_ALIAS}" || true
Reference in New Issue View Git Blame Copy Permalink