7413e9d6d2
- Add Docker socket permission check - Implement fallback to sudo for docker commands - Handle admin user Docker access limitations - Add conditional logic for docker vs sudo docker-compose Resolves: Docker socket permission denied errors 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
72 lines
2.3 KiB
YAML
72 lines
2.3 KiB
YAML
name: Deploy to NAS (rsync)
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup SSH key
|
|
uses: webfactory/ssh-agent@v0.9.0
|
|
with:
|
|
ssh-private-key: ${{ secrets.NAS_SSH_KEY_ADMIN }}
|
|
|
|
- name: Check SSH key loaded
|
|
run: ssh-add -l
|
|
|
|
- name: Add NAS host to known_hosts
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
ssh-keyscan -p ${{ secrets.NAS_PORT }} ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts
|
|
|
|
- name: Test SSH connection
|
|
run: |
|
|
ssh -o StrictHostKeyChecking=no -p ${{ secrets.NAS_PORT }} \
|
|
${{ secrets.NAS_USER }}@${{ secrets.NAS_HOST }} echo "SSH connection successful"
|
|
|
|
- name: Test directory access
|
|
run: |
|
|
ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
|
|
"ls -la /volume1/homes/admin/ && whoami && pwd"
|
|
|
|
- name: Create target directory if not exists
|
|
run: |
|
|
ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
|
|
"mkdir -p /volume1/homes/admin/nginx-infra && ls -la /volume1/homes/admin/nginx-infra"
|
|
|
|
- name: Test rsync availability
|
|
run: |
|
|
ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
|
|
"which rsync && rsync --version"
|
|
|
|
- name: Alternative deployment via tar and SSH
|
|
run: |
|
|
tar czf - . | ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
|
|
"cd /volume1/homes/admin/nginx-infra && tar xzf -"
|
|
|
|
- name: Check Docker permissions
|
|
run: |
|
|
ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
|
|
"ls -la /var/run/docker.sock && groups"
|
|
|
|
- name: Remote docker-compose up
|
|
run: |
|
|
ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} << 'EOF'
|
|
cd /volume1/homes/admin/nginx-infra
|
|
|
|
# Try with sudo if direct access fails
|
|
if ! docker ps > /dev/null 2>&1; then
|
|
echo "Using sudo for docker commands..."
|
|
sudo docker-compose up -d --build
|
|
else
|
|
echo "Direct docker access available..."
|
|
docker-compose up -d --build
|
|
fi
|
|
EOF |