From f733cd7d5bc65960f35d62cb675c73543e9b5f7a Mon Sep 17 00:00:00 2001
From: Vincent <vincent@rigolet.tech>
Date: Sat, 21 Mar 2026 21:57:10 +0100
Subject: [PATCH] deploy : change ssh setting

---
 .env.example                |  2 +-
 .gitea/workflows/deploy.yml | 39 ++++++++++++++++++++++++-------------
 2 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/.env.example b/.env.example
index 0285167..a4cc020 100644
--- a/.env.example
+++ b/.env.example
@@ -11,7 +11,7 @@ DEBUG=false
 # --- Base de données PostgreSQL ---
 POSTGRES_DB=auditshield
 POSTGRES_USER=auditshield
-POSTGRES_PASSWORD=changeme-strong-password
+POSTGRES_PASSWORD=AuditShield!
 
 # Construit automatiquement par docker-compose, à définir manuellement en dev local :
 DATABASE_URL=postgresql://auditshield:changeme-strong-password@localhost:5432/auditshield
diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 5feb4f3..7e56ee4 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -24,18 +24,29 @@ jobs:
             echo "PROJECT_PATH=/volume1/docker/auditshield-dev" >> $GITHUB_OUTPUT
           fi
 
-      - name: Deploy to NAS
-        uses: appleboy/ssh-action@v1
-        with:
-          host: ${{ secrets.NAS_HOST }}
-          username: ${{ secrets.NAS_USER }}
-          key: ${{ secrets.NAS_SSH_KEY }}
-          script: |
-            mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.NAS_SSH_KEY }}" > ~/.ssh/nas_key
+          chmod 600 ~/.ssh/nas_key
+          ssh-keyscan -p 22 ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts
+
+      - name: Copy files to NAS
+        run: |
+          ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} "mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}"
+          rsync -avz --exclude='.git' --exclude='node_modules' --exclude='.env' \
+            -e "ssh -i ~/.ssh/nas_key" \
+            ./ root@${{ secrets.NAS_HOST }}:${{ steps.env.outputs.PROJECT_PATH }}/
+
+      - name: Copy env file
+        run: |
+          ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} \
+            "cd ${{ steps.env.outputs.PROJECT_PATH }} && cp .env.example .env 2>/dev/null || true"
+
+      - name: Deploy
+        run: |
+          ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} << 'ENDSSH'
             cd ${{ steps.env.outputs.PROJECT_PATH }}
-            git clone https://gitea.rigolet.tech/vincent/auditshield.git . 2>/dev/null || git pull
-            cp .env.example .env 2>/dev/null || true
-            sudo docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans
-            sudo docker image prune -f
-
-
+            /usr/local/bin/docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans
+            /usr/local/bin/docker image prune -f
+          ENDSSH