Upd service prestart

.gitignore

@@ -3,4 +3,7 @@
 **/.DS_Store
 **/*.rpm
 **/*.deb
-**/*-registry.yml
+**/*-registry.yml
+CLAUDE.md
+.claude
+testdata

Dockerfile

@@ -91,7 +91,7 @@ SHELL ["/bin/bash", "-c"]
 
 RUN mkdir -p \
       ${CSGHUB_HOME}/{LICENSES,bin} \
-      ${CSGHUB_EMBEDDED}/{bin,lib,sv} \
+      ${CSGHUB_EMBEDDED}/{bin,lib,sv,etc} \
       ${CSGHUB_SRV_HOME}/{registry,nats,temporal,temporal_ui,casdoor,dnsmasq,consul,server,portal,prometheus,loki}/bin
 
 ## Install Runit Service Daemon
@@ -128,33 +128,37 @@ COPY --from=gitaly /usr/local/. ${CSGHUB_SRV_HOME}/gitaly/
 COPY --from=gitlab-shell /srv/gitlab-shell/. ${CSGHUB_SRV_HOME}/gitlab_shell/
 
 ## Install Temporal & Temporal-ui
-COPY --from=temporal ${CSGHUB_HOME}/etc/temporal/. ${CSGHUB_HOME}/etc/temporal/
+COPY --from=temporal ${CSGHUB_HOME}/etc/temporal/. ${CSGHUB_EMBEDDED}/etc/temporal/
 COPY --from=temporal ${CSGHUB_SRV_HOME}/temporal/. ${CSGHUB_SRV_HOME}/temporal/
-COPY --from=temporal ${CSGHUB_HOME}/etc/temporal_ui/. ${CSGHUB_HOME}/etc/temporal_ui/
+COPY --from=temporal ${CSGHUB_HOME}/etc/temporal_ui/. ${CSGHUB_EMBEDDED}/etc/temporal_ui/
 COPY --from=temporal ${CSGHUB_SRV_HOME}/temporal_ui/. ${CSGHUB_SRV_HOME}/temporal_ui/
 
 # Using 8182 as temporal-ui default listen port
-RUN sed -i 's/8080/8182/g' ${CSGHUB_HOME}/etc/temporal_ui/config-template.yaml
+RUN sed -i 's/8080/8182/g' ${CSGHUB_EMBEDDED}/etc/temporal_ui/config-template.yaml
+
+# Remap temporal internal paths from component image to new embedded location
+RUN find ${CSGHUB_EMBEDDED}/etc/temporal -type f -exec sed -i 's|/opt/csghub/etc/temporal|/opt/csghub/embedded/etc/temporal|g' {} \;
 
 ## Install NATS
 COPY --from=nats /nats-server ${CSGHUB_SRV_HOME}/nats/bin/
 
 ## Install Casdoor
 COPY --from=casdoor /server ${CSGHUB_SRV_HOME}/casdoor/bin/casdoor
-COPY --from=casdoor /web ${CSGHUB_HOME}/etc/casdoor/web
+COPY --from=casdoor /web ${CSGHUB_EMBEDDED}/etc/casdoor/web
 
 ## Install Nginx
-COPY --from=nginx /opt/csghub/. /opt/csghub/
-COPY ./opt/csghub/etc/nginx/. /opt/csghub/etc/nginx/
+COPY --from=nginx /opt/csghub/embedded/sv/nginx/. /opt/csghub/embedded/sv/nginx/
+COPY --from=nginx /opt/csghub/etc/nginx/. /opt/csghub/embedded/etc/nginx/
+COPY ./opt/csghub/embedded/etc/nginx/. /opt/csghub/embedded/etc/nginx/
 
 ## Install csghub-server
 ENV GIN_MODE=release
 
 COPY --from=server /starhub-bin/starhub ${CSGHUB_SRV_HOME}/server/bin/csghub-server
-COPY --from=server /starhub-bin/. ${CSGHUB_HOME}/etc/server/
+COPY --from=server /starhub-bin/. ${CSGHUB_EMBEDDED}/etc/server/
 COPY --from=server /root/.duckdb ${CSGHUB_SRV_HOME}/server/.duckdb
 
-RUN rm ${CSGHUB_HOME}/etc/server/starhub
+RUN rm ${CSGHUB_EMBEDDED}/etc/server/starhub
 
 ## Install csghub-portal
 COPY --from=portal /myapp/csghub-portal ${CSGHUB_SRV_HOME}/portal/bin/
@@ -275,7 +279,7 @@ RUN chmod +x -R /opt/csghub/bin && \
     chmod +x -R /opt/csghub/embedded/sv/**/templates && \
     chmod +x -R /scripts && \
     ln -s /opt/csghub/bin/* /usr/bin/ && \
-    find /opt/csghub/etc/ -type f -name "*.sh" -exec chmod +x {} \;
+    find /opt/csghub/embedded/etc/ -type f -name "*.sh" -exec chmod +x {} \;
 
 EXPOSE 80 443 2222 5000 8000 9000 9001
 ENTRYPOINT ["/scripts/entrypoint.sh"]

README.md

@@ -118,7 +118,7 @@ Omnibus-CSGHub 是 OpenCSG CSGHub 的一键式 Docker Compose 部署方案，让
 
     *Contains all configurable parameters, with minimal modifications typically required under default settings.*
 
-- 默认参数文件 `/opt/csghub/etc/csghub/default.yaml`
+- 默认参数文件 `/opt/csghub/embedded/etc/csghub/default.yaml`
 
     定义了所有参数的默认值。
 

dockerfiles/toolbox/Dockerfile_toolbox

@@ -45,17 +45,14 @@ RUN if grep -q -i -E 'ubuntu|debian' /etc/os-release; then \
 ## Generate ssh key pairs
 RUN ssh-keygen -A
 
-## Install gompalte
-ARG GOMPLATE_VERSION=v4.3.2
+## Install kubectl
 ARG KUBECTL_VERSION=v1.33.0
 ARG TARGETPLATFORM
 RUN case ${TARGETPLATFORM} in \
         "linux/amd64") \
-            wget --no-check-certificate -O ${CSGHUB_EMBEDDED}/bin/gomplate https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_linux-amd64 && \
             wget --no-check-certificate -O ${CSGHUB_EMBEDDED}/bin/kubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl \
             ;; \
         "linux/arm64") \
-            wget --no-check-certificate -O ${CSGHUB_EMBEDDED}/bin/gomplate https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_linux-arm64 && \
             wget --no-check-certificate -O ${CSGHUB_EMBEDDED}/bin/kubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/arm64/kubectl \
             ;; \
         *) \

dockerfiles/toolbox/version-manifests.json

@@ -3,11 +3,10 @@
       {
         "name": "toolbox",
         "description": "Containerized tooling for system operations",
-        "version": "1.3.2",
+        "version": "1.3.3",
         "environments": {
           "OS_RELEASE": "ubuntu:22.04",
-          "TOOLBOX_VERSION": "1.3.2",
-          "GOMPLATE_VERSION": "v4.3.2",
+          "TOOLBOX_VERSION": "1.3.3",
           "KUBECTL_VERSION": "v1.33.0",
           "DNSMASQ_VERSION": "2.91"
         }

ee.Dockerfile

@@ -109,7 +109,7 @@ SHELL ["/bin/bash", "-c"]
 
 RUN mkdir -p \
       ${CSGHUB_HOME}/{LICENSES,bin} \
-      ${CSGHUB_EMBEDDED}/{bin,lib,sv} \
+      ${CSGHUB_EMBEDDED}/{bin,lib,sv,etc} \
       ${CSGHUB_SRV_HOME}/{registry,nats,temporal,temporal_ui,casdoor,dnsmasq,consul,server,portal,prometheus,loki,xnet}/bin
 
 ## Install Runit Service Daemon
@@ -146,30 +146,30 @@ COPY --from=gitaly /usr/local/. ${CSGHUB_SRV_HOME}/gitaly/
 COPY --from=gitlab-shell /srv/gitlab-shell/. ${CSGHUB_SRV_HOME}/gitlab_shell/
 
 ## Install Temporal & Temporal-ui
-COPY --from=temporal ${CSGHUB_HOME}/etc/temporal/. ${CSGHUB_HOME}/etc/temporal/
+COPY --from=temporal ${CSGHUB_HOME}/etc/temporal/. ${CSGHUB_EMBEDDED}/etc/temporal/
 COPY --from=temporal ${CSGHUB_SRV_HOME}/temporal/. ${CSGHUB_SRV_HOME}/temporal/
-COPY --from=temporal ${CSGHUB_HOME}/etc/temporal_ui/. ${CSGHUB_HOME}/etc/temporal_ui/
+COPY --from=temporal ${CSGHUB_HOME}/etc/temporal_ui/. ${CSGHUB_EMBEDDED}/etc/temporal_ui/
 COPY --from=temporal ${CSGHUB_SRV_HOME}/temporal_ui/. ${CSGHUB_SRV_HOME}/temporal_ui/
 
 ## Install NATS
 COPY --from=nats /nats-server ${CSGHUB_SRV_HOME}/nats/bin/
 
 ## Install Casdoor
 COPY --from=casdoor /server ${CSGHUB_SRV_HOME}/casdoor/bin/casdoor
-COPY --from=casdoor /web ${CSGHUB_HOME}/etc/casdoor/web
+COPY --from=casdoor /web ${CSGHUB_EMBEDDED}/etc/casdoor/web
 
 ## Install Nginx
-COPY --from=nginx /opt/csghub/. /opt/csghub/
-#COPY ./opt/csghub/etc/nginx/. /opt/csghub/etc/nginx/
+COPY --from=nginx /opt/csghub/embedded/sv/nginx/. /opt/csghub/embedded/sv/nginx/
+COPY --from=nginx /opt/csghub/etc/nginx/. /opt/csghub/embedded/etc/nginx/
 
 ## Install csghub-server
 ENV GIN_MODE=release
 
 COPY --from=server /starhub-bin/starhub ${CSGHUB_SRV_HOME}/server/bin/csghub-server
-COPY --from=server /starhub-bin/. ${CSGHUB_HOME}/etc/server/
+COPY --from=server /starhub-bin/. ${CSGHUB_EMBEDDED}/etc/server/
 COPY --from=server /root/.duckdb ${CSGHUB_SRV_HOME}/server/.duckdb
 
-RUN rm ${CSGHUB_HOME}/etc/server/starhub
+RUN rm ${CSGHUB_EMBEDDED}/etc/server/starhub
 
 ## Install csghub-portal
 COPY --from=portal /myapp/csghub-portal ${CSGHUB_SRV_HOME}/portal/bin/
@@ -187,16 +187,19 @@ COPY --from=loki /usr/bin/loki ${CSGHUB_SRV_HOME}/loki/bin/
 ## Install csgship-web
 COPY --from=csgship /code/. ${CSGHUB_SRV_HOME}/web/
 COPY --from=billing /app/. ${CSGHUB_SRV_HOME}/billing/bin/
-COPY --from=frontend /usr/share/nginx/html ${CSGHUB_HOME}/etc/nginx/html
+COPY --from=frontend /usr/share/nginx/html ${CSGHUB_EMBEDDED}/etc/nginx/html
 COPY --from=agentic /code/. ${CSGHUB_SRV_HOME}/agentic/
 
 # Using 8182 as temporal-ui default listen port
-RUN sed -i 's/8080/8182/g' ${CSGHUB_HOME}/etc/temporal_ui/config-template.yaml && \
+RUN sed -i 's/8080/8182/g' ${CSGHUB_EMBEDDED}/etc/temporal_ui/config-template.yaml && \
     sed -i -e 's/:8000/:8183/g' \
       -e 's|/code/logs/gunicorn.access.log|/dev/stdout|g' \
       -e 's|/code/|/opt/csghub/embedded/sv/web/|g' \
       ${CSGHUB_EMBEDDED}/sv/web/project/{gunicorn_config.py,uwsgi.ini}
 
+# Remap temporal internal paths from component image to new embedded location
+RUN find ${CSGHUB_EMBEDDED}/etc/temporal -type f -exec sed -i 's|/opt/csghub/etc/temporal|/opt/csghub/embedded/etc/temporal|g' {} \;
+
 ENV PATH=$PATH:/opt/csghub/embedded/bin
 RUN if grep -q -i -E 'ubuntu|debian' /etc/os-release; then \
         apt update && \
@@ -303,7 +306,7 @@ RUN chmod +x -R /opt/csghub/bin && \
     chmod +x -R /opt/csghub/embedded/sv/**/templates && \
     chmod +x -R /scripts && \
     ln -s /opt/csghub/bin/* /usr/bin/ && \
-    find /opt/csghub/etc/ -type f -name "*.sh" -exec chmod +x {} \;
+    find /opt/csghub/embedded/etc/ -type f -name "*.sh" -exec chmod +x {} \;
 
 EXPOSE 80 443 2222 5000 8000 9000 9001
 ENTRYPOINT ["/scripts/entrypoint.sh"]

ee/opt/csghub/embedded/etc/billing/config.yaml.sample

@@ -0,0 +1,15 @@
+{{- $natsUser := .nats.auth.user }}
+{{- $natsPassword := .nats.auth.password | default (pbkdf2 $natsUser "opencsg" 2048 8) }}
+{{- $webNats := .web.nats }}
+nats: {{ $webNats.url | default (printf "nats://%s:%s@localhost:4222" $natsUser $natsPassword) }}
+pub:
+  addr: {{ .billing.listen }}
+  key: ''
+sub:
+  streams:
+    - name: accountingNotifyStream
+      consumers:
+        - durable_name: starship-billing-durable-consumer
+  webhook:
+    url: http://127.0.0.1:8001/api/v1/platforms/billing-events/
+    key: 'key'

ee/opt/csghub/etc/csghub/default.yaml → ee/opt/csghub/embedded/etc/csghub/default.yaml

@@ -80,7 +80,7 @@ server:
   ## Casdoor (authentication) Integration
   casdoor:
     endpoint: ""                                               ## Casdoor endpoint
-    certificate: "/opt/csghub/etc/casdoor/token_jwt_key.pem"   ## SSL cert path
+    certificate: "/opt/csghub/embedded/etc/casdoor/token_jwt_key.pem"   ## SSL cert path
     organization_name: "OpenCSG"                               ## Organization name in Casdoor
     application_name: "CSGHub"                                 ## App name in Casdoor
 

ee/opt/csghub/etc/csghub/templates/csghub/csghub.yaml.sample → ee/opt/csghub/embedded/etc/csghub/templates/csghub.yaml.sample

@@ -74,7 +74,7 @@ csghub:
   ## Casdoor (authentication) Integration
   # casdoor:
   #   endpoint: "http://csghub.example.com:8000"                 ## Casdoor endpoint
-  #   certificate: "/opt/csghub/etc/casdoor/token_jwt_key.pem"   ## SSL cert path
+  #   certificate: "/opt/csghub/embedded/etc/casdoor/token_jwt_key.pem"   ## SSL cert path
   #   organization_name: "OpenCSG"                               ## Organization name in Casdoor
   #   application_name: "CSGHub"                                 ## App name in Casdoor
 

ee/opt/csghub/embedded/etc/nginx/html/config.js.sample

@@ -0,0 +1,7 @@
+{{- $csghub := resolveUrl .csghub.external_url }}
+{{- $casdoorEp := resolveEndpoint $csghub.scheme $csghub.host .casdoor.listen "127.0.0.1:8000" }}
+window.envConfig = {
+    VITE_APP_BASE_WEB: {{ (resolveEndpoint $csghub.scheme $csghub.host .csgship.listen.frontend "127.0.0.1:8001").url | squote }},
+    VITE_APP_BASE_API: {{ (resolveEndpoint $csghub.scheme $csghub.host .csgship.listen.api "127.0.0.1:8002").url | squote }},
+    VITE_APP_LOGIN_URL: {{ printf "%s://%s:%s/login/oauth/authorize?client_id=%s&response_type=code&redirect_uri=%s/api/v1/account/casdoor/login/callback&scope=profile&state=casdoor" $csghub.scheme $csghub.host $casdoorEp.port (generateClientId "CSGShip") $csghub.url | squote }}
+};