feat(deploy): SSH key mount, deploy env vars, openssh-client in image

Dockerfile

@@ -1,21 +1,9 @@
 FROM python:3.12-slim
-
-# Install Docker CLI for sibling container launches
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends ca-certificates curl gnupg git && \
-    install -m 0755 -d /etc/apt/keyrings && \
-    curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
-    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \
-    apt-get update && \
-    apt-get install -y --no-install-recommends docker-ce-cli && \
-    rm -rf /var/lib/apt/lists/*
-
 WORKDIR /app
+RUN apt-get update -qq && apt-get install -y -qq openssh-client git && rm -rf /var/lib/apt/lists/*
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
-RUN apt-get update && apt-get install -y --no-install-recommends tini && rm -rf /var/lib/apt/lists/* &&  \
-    git config --global --add safe.directory '*'
-COPY src/ src/
-RUN mkdir -p /app/data/runs
-ENTRYPOINT ["tini", "--"]
+COPY src/ ./src/
+COPY data/ ./data/
+ENV PYTHONPATH=/app
 CMD ["uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8500"]

docker-compose.yml

@@ -12,9 +12,13 @@ services:
       - /usr/bin/node:/usr/bin/node:ro
       - /home/slin/.claude:/home/slin/.claude
       - /home/slin/.claude.json:/home/slin/.claude.json:ro
+      - /home/slin/.orchestrator-ssh:/root/.ssh:ro
     env_file: .env
     environment:
       - ORCH_REPOS_DIR=/repos
       - ORCH_HOST_REPOS_DIR=/home/slin/repos
+      - DEPLOY_SSH_USER=slin
+      - DEPLOY_SSH_HOST=127.0.0.1
+      - DEPLOY_HOOK_SCRIPT=/home/slin/bin/enduro-deploy-hook.sh
     group_add:
       - "999"