Дмитрий
7511f4e537
feat(ci): GitHub Actions deploy workflow for liderra.ru — fundamental fix for dev→prod SSH block
...
Adds .github/workflows/deploy.yml — manual workflow_dispatch trigger that:
1) checkouts requested ref (default main)
2) builds frontend (npm ci + npm run build)
3) tarballs app + db excluding .env/storage/vendor/node_modules/bootstrap-cache
4) ssh-deploys via stored secret LIDERRA_SSH_KEY to ubuntu@111.88.246.137
5) extracts overlay + runs /var/www/liderra/redeploy.sh (composer + migrate + restart)
6) backfills today's snapshot (slepok-stage-2 Task 2.12 Step 3)
7) runs smoke tests (migrate:status, snapshots count, service health, portal http)
Why this is needed:
My dev VM (89.144.17.119) → prod VM (111.88.246.137) traffic
passes TCP-handshake but app-layer banner exchange times out.
Same VPC, SG 0.0.0.0/0, iptables empty, fail2ban clean — drop happens
on YC backbone between specific source/dest pair.
GitHub Actions runners come from Azure IPs, NOT affected by this filter.
One-time setup needed:
GitHub Settings → Secrets → Actions → New secret
Name: LIDERRA_SSH_KEY
Value: content of ~/.ssh/liderra_deploy (private key, full file)
Future deploys: `gh workflow run deploy.yml -f ref=main` from anywhere.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 11:34:07 +03:00