testing

adskyiproger · adskyiproger · commit 58adf8ca7022 · 2025-10-12T12:12:27.000+03:00
diff --git a/github-runner/node-runner.sh b/github-runner/node-runner.sh
@@ -16,9 +16,9 @@ set -o errtrace     # Trap ERR in functions and subshells
 trap 'echo "❌ Script failed on line $LINENO with exit code $?"' ERR
 
 # --- DEFAULTS ---
-RUNNER_NAME="$(hostname)-runner"
 RUNNER_DIR="/opt/github-runner"
-
+RUNAS_USER="provision"
+RUNAS_GROUP="application"
 # --- USAGE ---
 usage() {
   echo "Usage: $0 [OPTIONS]"
@@ -62,7 +62,7 @@ done
 [[ "${SCOPE}" == "repo" && -z "${REPO_NAME:-}" ]] && read -rp "Repository name: " REPO_NAME
 [[ -z "${GITHUB_TOKEN:-}" ]] && read -rsp "GitHub token (no echo): " GITHUB_TOKEN && echo
 [[ -z "${SCOPE:-}" ]] && read -rp "Scope (repo|org) [repo]: " SCOPE && SCOPE="${SCOPE:-repo}"
-
+[[ -z "${RUNNER_NAME:-}" ]] && RUNNER_NAME="$(hostname)-runner"
 
 # --- Add runner labels ---
 LABELS="self-hosted,linux,node,${ENV}"
@@ -125,8 +125,8 @@ REG_TOKEN=$(curl -s -X POST \
   "${REG_URL}" | jq -r .token)
 
 # --- CONFIGURE RUNNER ---
-echo "[+] Configuring runner..."
-sudo -u $RUNAS_USER ./config.sh \
+echo "[+] Configuring runner ${RUNNER_NAME}..."
+./config.sh \
   --unattended \
   --url "${RUNNER_SCOPE}" \
   --token "${REG_TOKEN}" \
@@ -136,8 +136,22 @@ sudo -u $RUNAS_USER ./config.sh \
 
 # --- SETUP SYSTEMD SERVICE ---
 echo "[+] Installing systemd service..."
-export SUDO_USER=$RUNAS_USER
+
 sudo ./svc.sh install
+
+# Detect the systemd service name
+SERVICE_FILE_PATH=$(ls /etc/systemd/system/actions.runner.*.service 2>/dev/null | head -n1)
+
+if [[ -n "$SERVICE_FILE_PATH" ]]; then
+  echo "[+] Updating systemd unit to run as ${RUNAS_USER}:${RUNAS_GROUP}..."
+  sudo sed -i "s/^User=.*/User=${RUNAS_USER}/" "$SERVICE_FILE_PATH"
+  sudo sed -i "s/^Group=.*/Group=${RUNAS_GROUP}/" "$SERVICE_FILE_PATH"
+  sudo systemctl daemon-reload
+else
+  echo "⚠️ Could not find service file automatically — please verify installation."
+fi
+
+
 sudo ./svc.sh start
 
 echo "✅ Runner '${RUNNER_NAME}' is installed and started!"
diff --git a/scripts/bootstrap/create-provision-user.sh b/scripts/bootstrap/create-provision-user.sh
@@ -86,7 +86,7 @@ if [[ -n "$sudo_access" ]]; then
     log "✅ User '$USER_NAME' already has full sudo access."
 else
     log "🚀 Granting full sudo access to user '$USER_NAME'..."
-    log "${USER_NAME} ALL=(ALL:ALL) ALL" | sudo tee /etc/sudoers.d/$USER_NAME > /dev/null
+    log "${USER_NAME} ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/$USER_NAME > /dev/null
     sudo chmod 0440 /etc/sudoers.d/$USER_NAME
 fi
 
@@ -105,8 +105,13 @@ else
         sudo -u $USER_NAME ssh-keygen -t ed25519 -f /home/$USER_NAME/.ssh/id_ed25519 -N "" -C "${USER_NAME}@$(hostname)"
     fi
 fi
+
+if [ -f /home/$USER_NAME/.ssh/id_ed25519.pub ]; then
 log "
 ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ Store the following public key for later usage ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
 ⚙️  $USER_NAME SSH key pair public key (add on worker nodes if needed):
 "
 sudo cat /home/$USER_NAME/.ssh/id_ed25519.pub
+fi
+
+echo "✅ User/Group setup completed."
diff --git a/scripts/bootstrap/opencrvs-bootstrap.sh b/scripts/bootstrap/opencrvs-bootstrap.sh
@@ -11,6 +11,14 @@ MIN_UBUNTU_VERSION="24.04"
 # --- Helper Functions --- #
 abort() { echo "ERROR: $1"; exit 1; }
 
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --ssh-public-key) SSH_PUBLIC_KEY="$2"; shift 2 ;;
+    -h|--help) usage ;;
+    *) echo "Unknown option: $1"; usage ;;
+  esac
+done
+
 check_ubuntu_version() {
     echo "Checking Ubuntu version..."
     UBUNTU_VERSION=$(lsb_release -rs)
