deploy : change ssh setting

2026-03-21 21:57:10 +01:00
parent b2b1a3a0a0
commit f733cd7d5b
2 changed files with 26 additions and 15 deletions
--- a/.env.example
+++ b/.env.example
@@ -11,7 +11,7 @@ DEBUG=false
 # --- Base de données PostgreSQL ---
 POSTGRES_DB=auditshield
 POSTGRES_USER=auditshield
-POSTGRES_PASSWORD=changeme-strong-password
+POSTGRES_PASSWORD=AuditShield!

 # Construit automatiquement par docker-compose, à définir manuellement en dev local :
 DATABASE_URL=postgresql://auditshield:changeme-strong-password@localhost:5432/auditshield
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -24,18 +24,29 @@ jobs:
            echo "PROJECT_PATH=/volume1/docker/auditshield-dev" >> $GITHUB_OUTPUT
          fi

-      - name: Deploy to NAS
-        uses: appleboy/ssh-action@v1
-        with:
-          host: ${{ secrets.NAS_HOST }}
-          username: ${{ secrets.NAS_USER }}
-          key: ${{ secrets.NAS_SSH_KEY }}
-          script: |
-            mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.NAS_SSH_KEY }}" > ~/.ssh/nas_key
+          chmod 600 ~/.ssh/nas_key
+          ssh-keyscan -p 22 ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts
+
+      - name: Copy files to NAS
+        run: |
+          ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} "mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}"
+          rsync -avz --exclude='.git' --exclude='node_modules' --exclude='.env' \
+            -e "ssh -i ~/.ssh/nas_key" \
+            ./ root@${{ secrets.NAS_HOST }}:${{ steps.env.outputs.PROJECT_PATH }}/
+
+      - name: Copy env file
+        run: |
+          ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} \
+            "cd ${{ steps.env.outputs.PROJECT_PATH }} && cp .env.example .env 2>/dev/null || true"
+
+      - name: Deploy
+        run: |
+          ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} << 'ENDSSH'
            cd ${{ steps.env.outputs.PROJECT_PATH }}
-            git clone https://gitea.rigolet.tech/vincent/auditshield.git . 2>/dev/null || git pull
-            cp .env.example .env 2>/dev/null || true
-            sudo docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans
-            sudo docker image prune -f
-
-
+            /usr/local/bin/docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans
+            /usr/local/bin/docker image prune -f
+          ENDSSH