From 79966d21300bbff1b9f9f2dcbd7d52c7856af66d Mon Sep 17 00:00:00 2001
From: yuming <yuming@baijia.com>
Date: Mon, 11 May 2026 23:43:52 +0800
Subject: [PATCH] =?UTF-8?q?fix(ci):=20=E5=BD=BB=E5=BA=95=E6=B8=85=E7=A9=BA?=
 =?UTF-8?q?=20Docker=20daemon=20=E4=BB=A3=E7=90=86=EF=BC=8C=E9=81=BF?=
 =?UTF-8?q?=E5=85=8D=E6=8B=89=E9=95=9C=E5=83=8F=E8=B5=B0=20socks5=20?=
 =?UTF-8?q?=E8=A2=AB=20reset?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

之前只写了空 daemon.json，但 dockerd 仍会继承环境里的
HTTPS_PROXY=socks5://192.168.1.119:1080，导致拉 daocloud
镜像源时被 socks 代理拒绝。

三处同时置空：
1) systemd drop-in：覆盖 dockerd 启动环境变量
2) /etc/docker/daemon.json：显式声明 proxies 全空
3) /root/.docker/config.json：清空 client 端代理

装完 docker 后强制重启 daemon 让新配置生效。
应用容器内部 socks5 配置完全不动。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yml | 41 +++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index ce31db4..9ef042d 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -18,14 +18,51 @@ jobs:
     steps:
       - name: 安装 Docker CLI
         run: |
-          # 先写干净的 daemon.json，让 Docker 启动时就读到无代理配置
+          # === 彻底清零 Docker 代理，避免 daemon 拉 daocloud 时走 socks5 被 reset ===
+          # 局域网 socks5 代理（192.168.1.119:1080）只供应用容器内部使用，
+          # 这里把 daemon 自己的代理一律置空，让它直连国内 docker mirror。
+          # 1) systemd drop-in：dockerd 启动时强制覆盖环境变量为空
+          mkdir -p /etc/systemd/system/docker.service.d
+          cat > /etc/systemd/system/docker.service.d/no-proxy.conf <<'EOF'
+          [Service]
+          Environment="HTTP_PROXY="
+          Environment="HTTPS_PROXY="
+          Environment="NO_PROXY=*"
+          EOF
+          # 2) daemon.json 显式声明空 proxies（双保险，覆盖任何外部继承）
           mkdir -p /etc/docker
-          echo '{}' > /etc/docker/daemon.json
+          cat > /etc/docker/daemon.json <<'EOF'
+          {
+            "proxies": {
+              "http-proxy": "",
+              "https-proxy": "",
+              "no-proxy": "*"
+            }
+          }
+          EOF
+          # 3) docker 客户端配置：影响 docker build/buildx 自身走的代理
+          mkdir -p /root/.docker
+          cat > /root/.docker/config.json <<'EOF'
+          {
+            "proxies": {
+              "default": {
+                "httpProxy": "",
+                "httpsProxy": "",
+                "noProxy": "*"
+              }
+            }
+          }
+          EOF
           # 替换 Debian 源为清华镜像，避免国内连 deb.debian.org 超时
           sed -i 's|deb.debian.org|mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true
           sed -i 's|security.debian.org|mirrors.tuna.tsinghua.edu.cn/debian-security|g' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true
           apt-get update -qq
           apt-get install -y -qq docker.io
+          # 装完之后让 daemon 重新读上面三处配置；不同启动方式都试一遍
+          systemctl daemon-reload 2>/dev/null || true
+          systemctl restart docker 2>/dev/null || service docker restart 2>/dev/null || true
+          # 给 daemon 一点时间就绪，否则紧接着 docker build 会连不上 socket
+          sleep 3
 
       - name: 拉取代码
         uses: actions/checkout@v4