fix: trying to fix auto-pulls 21 !

backend/admin/router.py

@@ -42,36 +42,13 @@ async def deploy(request: Request):
 
     logger.info("Auto-deploy triggered via Gitea webhook")
 
-    project_path = settings.deploy_project_path
-    # Write a deploy script to the host filesystem (via the mounted project path)
-    # then execute it with nsenter into the host's PID namespace so it runs as
-    # a host process — not a container child — and survives container restarts.
-    script_path = f"{project_path}/deploy.sh"
-    log_path = f"{project_path}/deploy.log"
-    script = (
-        f"#!/bin/sh\n"
-        f"exec > {log_path} 2>&1\n"
-        f"echo \"Deploy started at $(date)\"\n"
-        f"git config --global --add safe.directory {project_path}\n"
-        f"cd {project_path}\n"
-        f"git fetch origin main\n"
-        f"git reset --hard origin/main\n"
-        f"docker-compose up -d --build\n"
-        f"echo \"Deploy finished at $(date)\"\n"
-    )
-
-    with open(script_path, "w") as f:
-        f.write(script)
-
-    # nsenter into host PID namespace (PID 1 = host init) so the process
-    # is owned by the host and survives this container restarting.
-    trigger_cmd = f"chmod +x {script_path} && nsenter -t 1 -m -u -i -n -p -- sh -c 'nohup {script_path} &'"
-
+    # Trigger the host-side systemd service which runs as the bellsystems user.
+    # This avoids running git/docker as root inside the container.
     await asyncio.create_subprocess_shell(
-        trigger_cmd,
+        "systemctl start bellsystems-deploy",
         stdout=asyncio.subprocess.DEVNULL,
         stderr=asyncio.subprocess.DEVNULL,
     )
 
-    logger.info("Auto-deploy triggered on host via nsenter")
+    logger.info("Auto-deploy triggered via systemd")
     return {"ok": True, "message": "Deploy started"}