- Remove container blocks causing Docker-in-Docker permission issues
- Use actions/checkout@v4 instead of manual git cloning
- Use actions/setup-python@v5 and actions/setup-node@v4 for clean environments
- Remove nsenter workarounds and mount complexity
- Fix volume paths to use /volume1/docker/* directly
- Add /volume1/docker/claude-dev to runner valid_volumes config
This eliminates 20+ commits of permission/namespace hacks by letting
workflows run directly in the runner's environment which already has
Docker access and proper volume mounts configured.
Delete any existing claude-dev container before compose up so name conflicts do not block CI deployment.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create /claude-dev-runtime before writing previous-image.txt so post-build record step does not fail when the bind path is absent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop the server2 preload stage and rely on direct docker build pulls to avoid long-running preload stream stalls in CI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop chmod on the read-only mounted server2 SSH key so preload can execute without failing the workflow before the SSH attempt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mount a read-only SSH key into the claude-dev deploy runner container and use it explicitly for server2 preload so the fast-path image transfer can authenticate.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Treat server2 preload as best-effort so missing SSH keys do not fail deployment; fall back to normal registry pull during image build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the runner-only host alias with an explicit SSH user@host so the preload step can resolve and stream the base image tar reliably.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch claude-dev to node:20-bookworm-slim and preload the base image from server2 in CI to avoid slow pulls on the NAS runner.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Limit workflow path triggers to each workflow file, add concurrency groups to cancel outdated runs, and checkout the exact triggering SHA for deterministic deploys.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Define claude-dev capabilities as a tested contract and deploy immutable tags only after smoke checks so daily tooling upgrades remain CI-first and rollback-safe.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>