ahdoawhfo/IPTables-Management
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Drop apt, pull shellcheck from GitHub releases

Browse Source 
act_runner's job containers live on a temporary bridge network that
does not inherit the runner's own egress path, so apt-get against
Canonical mirrors can time out even on a US host. Remove the apt step,
rely on the tools baked into gitea/runner-images, and fetch the
shellcheck static binary over HTTPS when it is missing.

Also add a short network diagnostics step to make future egress
issues obvious at a glance.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
ahdoawhfo
2026-04-17 13:54:15 +08:00
parent a741fa1e16
commit e4ef47c901
1 changed files with 41 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
.gitea/workflows/release.yml
View File

@@ -45,53 +45,60 @@ jobs:
with:
fetch-depth: 0
- name: Install toolchain (only what's missing)
- name: Network diagnostics
run: |
set +e
echo "=== DNS ==="
cat /etc/resolv.conf 2>/dev/null | head -5 || true
echo "=== Route ==="
ip route 2>/dev/null | head -3 || true
echo "=== Egress probe (5s connect timeout) ==="
for url in \
https://github.com \
https://objects.githubusercontent.com \
https://mirrors.aliyun.com \
http://archive.ubuntu.com \
http://security.ubuntu.com \
; do
code=$(curl -sS -o /dev/null -w '%{http_code}' -m 5 --connect-timeout 5 "$url" || echo TIMEOUT)
printf ' %-45s -> %s\n' "$url" "$code"
done
- name: Ensure required tools (shellcheck via GitHub release)
run: |
set -euo pipefail
MISSING=()
for tool in shellcheck jq curl tar sha256sum; do
command -v "$tool" >/dev/null 2>&1 || MISSING+=("$tool")
# 镜像 gitea/runner-images:ubuntu-latest 已自带 curl / jq / tar / sha256sum。
# 唯一通常缺失的是 shellcheck从 GitHub releases 拉静态二进制即可,不走 apt。
for tool in curl jq tar sha256sum; do
command -v "$tool" >/dev/null || {
echo "::error::基础工具 $tool 不在 PATH 中,镜像异常。请更换 runner 镜像。" >&2
exit 1
}
done
if [[ ${#MISSING[@]} -eq 0 ]]; then
echo "所有工具已就绪,跳过安装。"
if command -v shellcheck >/dev/null 2>&1; then
echo "shellcheck 已就绪:$(shellcheck --version | awk '/^version:/{print $2}')"
exit 0
fi
echo "需要安装: ${MISSING[*]}"
SC_VER=v0.10.0
case "$(uname -m)" in
x86_64) SC_ARCH=x86_64 ;;
aarch64) SC_ARCH=aarch64 ;;
*) echo "::error::不支持的架构: $(uname -m)" >&2; exit 1 ;;
esac
URL="https://github.com/koalaman/shellcheck/releases/download/${SC_VER}/shellcheck-${SC_VER}.linux.${SC_ARCH}.tar.xz"
echo "下载 $URL"
curl -fsSL --retry 3 --connect-timeout 15 -o /tmp/shellcheck.tar.xz "$URL"
tar -xJf /tmp/shellcheck.tar.xz -C /tmp
if [[ $EUID -ne 0 ]] && command -v sudo >/dev/null 2>&1; then
SUDO=sudo
else
SUDO=
fi
# 切换到阿里云镜像以避开 archive.ubuntu.com / security.ubuntu.com 出境超时。
if [[ -f /etc/apt/sources.list.d/ubuntu.sources ]]; then
$SUDO sed -i \
-e 's|http://archive.ubuntu.com/ubuntu|https://mirrors.aliyun.com/ubuntu|g' \
-e 's|http://security.ubuntu.com/ubuntu|https://mirrors.aliyun.com/ubuntu|g' \
/etc/apt/sources.list.d/ubuntu.sources
fi
if [[ -f /etc/apt/sources.list ]]; then
$SUDO sed -i \
-e 's|http://archive.ubuntu.com/ubuntu|https://mirrors.aliyun.com/ubuntu|g' \
-e 's|http://security.ubuntu.com/ubuntu|https://mirrors.aliyun.com/ubuntu|g' \
/etc/apt/sources.list
fi
# 实际安装的包名映射coreutils 提供 sha256sum
PKGS=()
for tool in "${MISSING[@]}"; do
case "$tool" in
sha256sum) PKGS+=(coreutils) ;;
*) PKGS+=("$tool") ;;
esac
done
$SUDO apt-get update -qq
DEBIAN_FRONTEND=noninteractive $SUDO apt-get install -y -qq --no-install-recommends \
"${PKGS[@]}" ca-certificates
$SUDO install -m 0755 "/tmp/shellcheck-${SC_VER}/shellcheck" /usr/local/bin/shellcheck
shellcheck --version | awk '/^version:/{print "shellcheck 已安装:" $2}'
- name: Run shellcheck
run: |