Add Gitea live redeploy workflow

.gitea/workflows/deploy-live.yml

@@ -0,0 +1,43 @@
+name: Deploy Explorer Live
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main, master]
+    paths:
+      - '.gitea/workflows/deploy-live.yml'
+      - 'backend/**'
+      - 'config/**'
+      - 'deployment/**'
+      - 'docs/**'
+      - 'frontend/**'
+      - 'scripts/**'
+      - 'package.json'
+      - 'package-lock.json'
+      - 'Makefile'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Validate live deploy assets
+        run: |
+          test -f scripts/deploy-explorer-config-to-vmid5000.sh
+          test -f scripts/deploy-explorer-ai-to-vmid5000.sh
+          test -f scripts/deploy-next-frontend-to-vmid5000.sh
+          test -f deployment/LIVE_DEPLOYMENT_MAP.md
+
+      - name: Trigger explorer-live deployment
+        run: |
+          SHA="$(git rev-parse HEAD)"
+          BRANCH="${GITHUB_REF_NAME:-}"
+          if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
+            BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+          fi
+          curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \
+            -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"explorer-live\"}"

deployment/README.md

@@ -20,6 +20,7 @@ That file reflects the live split deployment now in production:
 - Frontend deploy: [`scripts/deploy-next-frontend-to-vmid5000.sh`](../scripts/deploy-next-frontend-to-vmid5000.sh)
 - Config deploy: [`scripts/deploy-explorer-config-to-vmid5000.sh`](../scripts/deploy-explorer-config-to-vmid5000.sh)
 - Explorer config/API deploy: [`scripts/deploy-explorer-ai-to-vmid5000.sh`](../scripts/deploy-explorer-ai-to-vmid5000.sh)
+- Gitea live redeploy action: [`.gitea/workflows/deploy-live.yml`](../.gitea/workflows/deploy-live.yml), target `explorer-live`
 - RPC/API-key edge enforcement: [`ACCESS_EDGE_ENFORCEMENT_RUNBOOK.md`](./ACCESS_EDGE_ENFORCEMENT_RUNBOOK.md)
 - Public health audit: [`scripts/check-explorer-health.sh`](../scripts/check-explorer-health.sh)
 - Full public smoke: [`check-explorer-e2e.sh`](../../scripts/verify/check-explorer-e2e.sh)

scripts/deploy-next-frontend-to-vmid5000.sh

@@ -9,6 +9,7 @@ set -euo pipefail
 
 VMID="${VMID:-5000}"
 FRONTEND_PORT="${FRONTEND_PORT:-3000}"
+FORCE_REMOTE_PCT="${FORCE_REMOTE_PCT:-0}"
 SERVICE_NAME="solacescanscout-frontend"
 APP_ROOT="/opt/solacescanscout/frontend"
 PROXMOX_R630_02="${PROXMOX_HOST_R630_02:-192.168.11.12}"
@@ -53,7 +54,7 @@ push_into_vmid() {
   local destination_path="$2"
   local perms="${3:-0644}"
 
-  if [[ -f /proc/1/cgroup ]] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then
+  if [[ "$FORCE_REMOTE_PCT" != "1" ]] && [[ -f /proc/1/cgroup ]] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then
     install -D -m "$perms" "$source_path" "$destination_path"
   elif command -v pct >/dev/null 2>&1; then
     pct push "$VMID" "$source_path" "$destination_path" --perms "$perms"
@@ -68,7 +69,7 @@ push_into_vmid() {
 run_in_vmid() {
   local command="$1"
 
-  if [[ -f /proc/1/cgroup ]] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then
+  if [[ "$FORCE_REMOTE_PCT" != "1" ]] && [[ -f /proc/1/cgroup ]] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then
     bash -lc "$command"
   elif command -v pct >/dev/null 2>&1; then
     pct exec "$VMID" -- bash -lc "$command"