From 76b19cd33a092e21e73e3dcd5af04ad2958ab8b7 Mon Sep 17 00:00:00 2001
From: Kyle Pope <kyle.a.pope@outlook.com>
Date: Wed, 18 Mar 2026 11:38:28 +0800
Subject: [PATCH] Fix CI/CD deploy: mount host DEPLOY_PATH for compose access

The job container can't access the host filesystem directly.
Spawn a docker:cli container that mounts the host's DEPLOY_PATH
(where docker-compose.yaml and .env live) and runs compose commands.

Requires DEPLOY_PATH variable in Gitea (e.g. /home/user/.../UMBRA).
When moving to a new host, only the Gitea variable needs updating.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index cf6cd26..3f176b9 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -36,8 +36,19 @@ jobs:
 
       - name: Deploy
         run: |
-          docker compose pull backend frontend
-          docker compose up -d --remove-orphans
+          # Spawn a short-lived container that mounts the host deploy path
+          # and runs compose commands against the host Docker daemon.
+          # DEPLOY_PATH is a Gitea variable — update it when moving hosts.
+          docker run --rm \
+            --network host \
+            --security-opt label:disable \
+            -v /var/run/docker.sock:/var/run/docker.sock \
+            -v ${{ vars.DEPLOY_PATH }}:/deploy \
+            -w /deploy \
+            docker:cli sh -c "
+              docker compose pull backend frontend &&
+              docker compose up -d --remove-orphans
+            "
 
       - name: Health check
         run: |