fix: trying to fix auto-pulls 21 !

2026-02-27 05:57:26 +02:00
parent 7183987924
commit 0ac58f868e
4 changed files with 9 additions and 42 deletions
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,15 +1,7 @@
 FROM python:3.11-slim

 RUN apt-get update && apt-get install -y --no-install-recommends \
-    git \
-    curl \
-    && curl -fsSL https://download.docker.com/linux/static/stable/x86_64/docker-27.5.1.tgz \
-    | tar -xz --strip-components=1 -C /usr/local/bin docker/docker \
-    && curl -fsSL "https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64" \
-    -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose \
-    && mkdir -p /usr/local/lib/docker/cli-plugins \
-    && ln -s /usr/local/bin/docker-compose /usr/local/lib/docker/cli-plugins/docker-compose \
+    systemctl \
    && rm -rf /var/lib/apt/lists/*

 WORKDIR /app
--- a/backend/admin/router.py
+++ b/backend/admin/router.py
@@ -42,36 +42,13 @@ async def deploy(request: Request):

    logger.info("Auto-deploy triggered via Gitea webhook")

-    project_path = settings.deploy_project_path
-    # Write a deploy script to the host filesystem (via the mounted project path)
-    # then execute it with nsenter into the host's PID namespace so it runs as
-    # a host process — not a container child — and survives container restarts.
-    script_path = f"{project_path}/deploy.sh"
-    log_path = f"{project_path}/deploy.log"
-    script = (
-        f"#!/bin/sh\n"
-        f"exec > {log_path} 2>&1\n"
-        f"echo \"Deploy started at $(date)\"\n"
-        f"git config --global --add safe.directory {project_path}\n"
-        f"cd {project_path}\n"
-        f"git fetch origin main\n"
-        f"git reset --hard origin/main\n"
-        f"docker-compose up -d --build\n"
-        f"echo \"Deploy finished at $(date)\"\n"
-    )
-
-    with open(script_path, "w") as f:
-        f.write(script)
-
-    # nsenter into host PID namespace (PID 1 = host init) so the process
-    # is owned by the host and survives this container restarting.
-    trigger_cmd = f"chmod +x {script_path} && nsenter -t 1 -m -u -i -n -p -- sh -c 'nohup {script_path} &'"
-
+    # Trigger the host-side systemd service which runs as the bellsystems user.
+    # This avoids running git/docker as root inside the container.
    await asyncio.create_subprocess_shell(
-        trigger_cmd,
+        "systemctl start bellsystems-deploy",
        stdout=asyncio.subprocess.DEVNULL,
        stderr=asyncio.subprocess.DEVNULL,
    )

-    logger.info("Auto-deploy triggered on host via nsenter")
+    logger.info("Auto-deploy triggered via systemd")
    return {"ok": True, "message": "Deploy started"}