diff --git a/.agent/workflows/gitbucket_api.md b/.agent/workflows/gitbucket_api.md new file mode 100644 index 0000000..875e900 --- /dev/null +++ b/.agent/workflows/gitbucket_api.md @@ -0,0 +1,76 @@ +--- +description: How to manage GitBucket repository resources (Issues, PRs, Content) using the API +--- + +## Overview +GitBucket provides a GitHub v3 compatible API at `https://gitbucket.jerxie.com/api/v3`. Antigravity AI uses a Personal Access Token to authenticate. + +## Core API Usage + +### Setting Up Authentication +The token must be provided in the `Authorization` header: +`Authorization: token ` + +### Examples: + +#### 1. Create an Issue +```bash +curl -H "Authorization: token " \ + -X POST -d '{"title": "Issue Title", "body": "Issue Description"}' \ + https://gitbucket.jerxie.com/api/v3/repos/yangyangxie/cortex-hub/issues +``` + +#### 2. Create a Pull Request +```bash +curl -H "Authorization: token " \ + -X POST -d '{"title": "PR Title", "base": "master", "head": "feature-branch", "body": "PR Description"}' \ + https://gitbucket.jerxie.com/api/v3/repos/yangyangxie/cortex-hub/pulls +``` + +#### 3. List Releases +```bash +curl -H "Authorization: token " \ + https://gitbucket.jerxie.com/api/v3/repos/yangyangxie/cortex-hub/releases +``` + +### Using Snippets (Gists) as a Secret Store +GitBucket's Snippet feature works primarily via **Git** or **Raw Web Access**. The standard GitHub JSON API for gists is currently not active on this instance. + +#### Accessing Secrets (Read) +Use `curl` to fetch raw file content directly: +```bash +curl -L https://gitbucket.jerxie.com/gist/yangyangxie//raw/master/ +``` + +#### Manipulating Secrets (Write/Update) +Every Snippet is a standard Git repository. You can clone, edit, and push changes back: +```bash +# Clone the snippet +git clone https://yangyangxie:@gitbucket.jerxie.com/git/gist/yangyangxie/.git secret-repo + +# Update secret +cd secret-repo +echo "new-secret-value" > config.json +git add . && git commit -m "update secret" +git push origin master +``` + +## Snippet Vault Pattern +Use a **Private Snippet** as a simple "Vault" for your project. + +### Implementation Example (Bash) +```bash +# Pull and source secrets +GITBUCKET_TOKEN="YOUR_TOKEN" +SNIPPET_ID="YOUR_SNIPPET_ID" +TMP_DIR=$(mktemp -d) +git clone "https://user:${GITBUCKET_TOKEN}@gitbucket.jerxie.com/git/gist/user/${SNIPPET_ID}.git" "$TMP_DIR" +source "$TMP_DIR/.env" +rm -rf "$TMP_DIR" +``` + +## Security Best Practices +- **Private Only**: Never store credentials in "Public" or "Secret" snippets. +- **Rotation**: Update the snippet regularly; agents will automatically pick up the new values. +- **Cleanup**: Always delete temporary directories used for cloning secrets. +- **Token Scope**: Ensure the Personal Access Token has `repo` and `gist` scopes (if applicable). diff --git a/deploy_remote.sh b/deploy_remote.sh index 51154d6..c1f905b 100755 --- a/deploy_remote.sh +++ b/deploy_remote.sh @@ -1,15 +1,50 @@ #!/bin/bash # Description: Automates deployment from the local environment to the production host 192.168.68.113 -HOST="${REMOTE_HOST:-192.168.68.113}" -USER="${REMOTE_USER:-axieyangb}" -PASS="${REMOTE_PASS:-MySecurePassword}" +# Credentials - Can be set via ENV or fetched from GitBucket +HOST="${REMOTE_HOST}" +USER="${REMOTE_USER}" +PASS="${REMOTE_PASS}" + +# If credentials are missing, try to fetch from GitBucket Private Snippet +if [ -z "$PASS" ] || [ -z "$HOST" ]; then + # Load token/id from local env if present + if [ -f "/app/.env.gitbucket" ]; then + source "/app/.env.gitbucket" + fi + + GITBUCKET_TOKEN="${GITBUCKET_TOKEN}" + SNIPPET_ID="${DEPLOYMENT_SNIPPET_ID}" + + if [ -n "$GITBUCKET_TOKEN" ] && [ -n "$SNIPPET_ID" ]; then + echo "Secrets not provided in environment. Attempting to fetch from GitBucket..." + + TMP_SECRETS=$(mktemp -d) + if git clone "https://yangyangxie:${GITBUCKET_TOKEN}@gitbucket.jerxie.com/git/gist/yangyangxie/${SNIPPET_ID}.git" "$TMP_SECRETS" &> /dev/null; then + if [ -f "$TMP_SECRETS/.env.production" ]; then + source "$TMP_SECRETS/.env.production" + HOST="${REMOTE_HOST:-$HOST}" + USER="${REMOTE_USER:-$USER}" + PASS="${REMOTE_PASSWORD:-$PASS}" + echo "Successfully loaded credentials from GitBucket." + fi + else + echo "Failed to fetch secrets from GitBucket." + fi + rm -rf "$TMP_SECRETS" +fi + +# Fallback defaults if still not set +HOST="${HOST:-192.168.68.113}" +USER="${USER:-axieyangb}" + +# System Paths REMOTE_TMP="/tmp/cortex-hub/" REMOTE_PROJ="/home/coder/project/cortex-hub" -if [ "$PASS" = "MySecurePassword" ]; then - echo "Error: Please set the REMOTE_PASS environment variable before deploying." - echo "Example: REMOTE_PASS='your_password' ./remote_deploy.sh" +if [ -z "$PASS" ]; then + echo "Error: REMOTE_PASS not found and could not be fetched from GitBucket." + echo "Please set REMOTE_PASS or GITBUCKET_TOKEN environment variables." exit 1 fi