ci: add SSH key support and fix release workflow issues

README.md

@@ -64,45 +64,81 @@ The whole contraption lives on my home network and the VPS reaches it through a
 
 ## 🌳 Git Workflow Madness
 
-This repo follows a three-branch strategy with automated promotions because manually managing branches is for chumps:
+This repo follows a three-branch strategy with some absolutely bonkers automated promotions because manually managing branches is for chumps:
 
 - **`dev`** - Where the magic happens! All new features and fixes go here
-- **`staging`** - Integration testing playground, auto-promoted from develop daily Monday-Friday at 13:00 UTC/05:00 AM PST
-- **`main`** - Production branch, gets promoted from staging weekly on Mondays at 12:00 UTC/04:00 AM PST
+- **`staging`** - Integration testing playground, auto-promoted from dev daily at 13:00 UTC via scheduler
+- **`main`** - Production branch, gets promoted from staging weekly on Sundays at 14:00 UTC via scheduler
 
 ### The Repository Setup
 
 We're running a bit of a funky setup here:
-- **Primary repo:** Self-hosted Forgejo instance (because it's more fun that way!)
-- **Mirror:** GitHub (push-only mirror for CI/CD and visibility)
-- **CI/CD:** GitHub Actions (triggered by the mirror's pushes or scheduled)
+- **Primary repo:** Git origin (configurable - can be self-hosted, GitHub, etc.)
+- **GitHub Mirror:** Optional push-only mirror for CI/CD and visibility
+- **CI/CD:** GitHub Actions (triggered by pushes or scheduled workflows)
 
-So the workflow is: push to Forgejo origin → auto-mirrors to GitHub → GitHub Actions does the heavy lifting.
+So the workflow is: push to Git origin → (optional mirror to GitHub) → GitHub Actions does the heavy lifting.
 
 ### Branch Promotion Dance 💃
 
-**Daily (develop → staging):**
-- Checks if develop has new commits since last staging update
-- Validates that the latest build actually passed
-- Fast-forward merge to staging (keeps history clean)
-- Supports `[skip ci]` in commit messages for any oopsies or boo-boos
+**Daily (dev → staging):**
+- Robot overlord wakes up at 13:00 UTC every day
+- Checks if dev has new commits (because we're not animals)  
+- Actually validates the build passed via GitHub API (fancy!)
+- Fast-forward merge to staging (keeps git history from becoming spaghetti)
+- Supports `[skip ci]` in commit messages for when you inevitably break something
+- Manual "YOLO deploy anyway" button available
 
 **Weekly (staging → main):**
-- Runs semantic-release on staging for proper versioning
-- Fast-forward merge to main for production release
-- Some branch rebasing gymnastics to keep develop up-to-date
-- Also supports `[skip ci]`
+- Sunday funday at 14:00 UTC for production releases
+- Runs semantic-release for proper versioning (we're not completely chaotic)
+- Some gnarly branch gymnastics to keep everything synchronized
+- SSH-signed commits because we pretend to care about security
+- Manual panic button also available
+
+### 🤖 The 5-Workflow CI/CD Circus
+
+Because apparently one workflow wasn't enough, we've got a whole circus of automation:
+
+1. **`build.yml`** - The overachiever that builds everything
+   - Gets triggered by basically anything that moves
+   - Smart enough to skip builds when we already did the work (lazy efficiency!)
+   - Hoards artifacts for 2 days like a digital packrat
+   - Has more caching layers than a wedding cake
+
+2. **`deploy.yml`** - The deployment minion (does what it's told)
+   - Gets bossed around by the other workflows
+   - Juggles blue-green deployments without dropping anything
+   - Speaks fluent SSH and WireGuard
+   - Downloads artifacts faster than you can say "containerization"
+
+3. **`stage.yml`** - The daily grind automation
+   - Wakes up every day to promote dev → staging
+   - Actually checks if builds passed (responsible adult behavior)
+   - Signs commits with SSH keys because we're fancy like that
+   - Has a "force" option for when things go sideways
+
+4. **`release.yml`** - The weekly release party host  
+   - Shows up every Sunday with semantic versioning
+   - Does some serious git branch yoga to keep everything aligned
+   - Maintains that linear history we all pretend to care about
+
+5. **`scheduler-*.yml`** - The workflow orchestrators
+   - Exists because GitHub has weird scheduling quirks
+   - Makes sure the right code runs from the right branch
+   - Basically the puppet masters of this whole operation
 
 ## 🚢 Deployment Shenanigans
 
-Any (automated) pushes to `staging` or `main` branches to trigger blue-green staging and production deployments! Easy peasy lemon squeezy!
+Pushes to `staging` or `main` branches trigger some absolutely wild blue-green deployment wizardry with more caching than your browser history!
 
 ### Blue-Green Magic ✨
-1. **Build Phase:** Build new containers and validate
-2. **Deploy Phase:** Health check the newbies
-3. **Switch Phase:** HAProxy config update and traffic switcheroo
-4. **Cleanup Phase:** Nuke old containers from high orbit
-5. **Moon Phases:** 🌑 🌒 🌓 🌔 🌝 🌖 🌗 🌘 🌚
+1. **Build Phase:** Smart enough to skip rebuilding stuff we already built (because efficiency is sexy)
+2. **Deploy Phase:** Download cached goodies and poke the new containers to make sure they're alive
+3. **Switch Phase:** HAProxy does the old switcheroo faster than a shell game
+4. **Cleanup Phase:** Yeet the old containers into the digital void
+5. **Artifact Hoarding:** Keeps build artifacts for 30 days like a digital packrat with commitment issues
+6. **Moon Phases:** 🌑 🌒 🌓 🌔 🌝 🌖 🌗 🌘 🌚 (for spiritual alignment)
 
 ### GitHub Secrets Setup
 Deployments generate the needed .env from GitHub secrets, so make sure to slap some secrets up first!