brachwise-cicd/readme.md

### Workflow Flow

When code is pushed to a supported branch, the workflow starts on a fresh Ubuntu runner.  
The branch name is read and used to decide the deployment configuration such as server, project folder, authentication method, and PM2 process ID.

Based on the branch, environment variables are set dynamically.  
Non-production branches (`beta`, `testing`, `client`) deploy to the same server using password-based SSH authentication, while `staging` and `production` deploy to separate servers using SSH key authentication.

Only the deployment step matching the selected authentication type runs.  
The workflow connects to the target server, force-syncs the code with the repository, installs dependencies, and restarts the application using PM2.

This ensures the server always runs the exact state of the repository and removes manual deployment steps.


# CI/CD Deployment Workflow – Explained Guide

## Purpose
- Automates deployments
- Eliminates manual server drift

## Branch Logic
- Branch is read from `gitea.ref_name`
- `case` block maps branch to configuration

## Environment Design
- `beta` / `testing` / `client` share a server to reduce cost
- `staging` and `production` are isolated for safety

## Authentication
- Password authentication for non-production
- SSH key authentication for staging and production

## Git Strategy
- `git reset --hard` ensures the repository is the single source of truth

## PM2 Strategy
- PM2 manages long-running processes
- Each environment has a dedicated PM2 ID

## Intentional Exclusions
- No `.env` management
- No PM2 process creation
- No Docker builds


# CI/CD Deployment Workflow – Operational Guide (Script Accurate)

## Trigger
- Runs on push to configured branches
- Branch name controls deployment behavior

## Branches
- main
- beta
- testing
- client
- staging
- production

## Branch to Server Mapping
- `beta` / `testing` / `client` → **BETA server** (password authentication)
- `staging` → **STAGING server** (SSH key authentication)
- `production` → **PRODUCTION server** (SSH key authentication)

## Required Secrets

### BETA (beta / testing / client)
- `BETA_SERVER_HOST`
- `BETA_SERVER_USERNAME`
- `BETA_SERVER_PASSWORD`
- `BETA_SERVER_PORT`

### STAGING
- `STAGING_SERVER_HOST`
- `STAGING_SERVER_USERNAME`
- `STAGING_SERVER_PORT`
- `STAGING_SERVER_KEY`

### PRODUCTION
- `PRODUCTION_SERVER_HOST`
- `PRODUCTION_SERVER_USERNAME`
- `PRODUCTION_SERVER_PORT`
- `PRODUCTION_SERVER_KEY`

## Commands Executed
```bash
git fetch
git reset --hard origin/<branch>
git pull origin <branch>
npm install
pm2 restart <PM2_ID>
-												md file added for reference

											
										
										
											2025-12-14 16:23:13 +00:00
+								### Workflow Flow
 								When code is pushed to a supported branch, the workflow starts on a fresh Ubuntu runner.
 								The branch name is read and used to decide the deployment configuration such as server, project folder, authentication method, and PM2 process ID.
 								Based on the branch, environment variables are set dynamically.
 								Non-production branches (`beta`, `testing`, `client`) deploy to the same server using password-based SSH authentication, while `staging` and `production` deploy to separate servers using SSH key authentication.
 								Only the deployment step matching the selected authentication type runs.
 								The workflow connects to the target server, force-syncs the code with the repository, installs dependencies, and restarts the application using PM2.
 								This ensures the server always runs the exact state of the repository and removes manual deployment steps.
 								# CI/CD Deployment Workflow – Explained Guide
 								## Purpose
 								- Automates deployments
 								- Eliminates manual server drift
 								## Branch Logic
 								- Branch is read from `gitea.ref_name`
 								- `case` block maps branch to configuration
 								## Environment Design
 								- `beta` / `testing` / `client` share a server to reduce cost
 								- `staging` and `production` are isolated for safety
 								## Authentication
 								- Password authentication for non-production
 								- SSH key authentication for staging and production
 								## Git Strategy
 								- `git reset --hard` ensures the repository is the single source of truth
 								## PM2 Strategy
 								- PM2 manages long-running processes
 								- Each environment has a dedicated PM2 ID
 								## Intentional Exclusions
 								- No `.env` management
 								- No PM2 process creation
 								- No Docker builds
 								# CI/CD Deployment Workflow – Operational Guide (Script Accurate)
 								## Trigger
 								- Runs on push to configured branches
 								- Branch name controls deployment behavior
 								## Branches
 								- main
 								- beta
 								- testing
 								- client
 								- staging
 								- production
 								## Branch to Server Mapping
 								- `beta` / `testing` / `client` → **BETA server** (password authentication)
 								- `staging` → **STAGING server** (SSH key authentication)
 								- `production` → **PRODUCTION server** (SSH key authentication)
 								## Required Secrets
 								### BETA (beta / testing / client)
 								- `BETA_SERVER_HOST`
 								- `BETA_SERVER_USERNAME`
 								- `BETA_SERVER_PASSWORD`
 								- `BETA_SERVER_PORT`
 								### STAGING
 								- `STAGING_SERVER_HOST`
 								- `STAGING_SERVER_USERNAME`
 								- `STAGING_SERVER_PORT`
 								- `STAGING_SERVER_KEY`
 								### PRODUCTION
 								- `PRODUCTION_SERVER_HOST`
 								- `PRODUCTION_SERVER_USERNAME`
 								- `PRODUCTION_SERVER_PORT`
 								- `PRODUCTION_SERVER_KEY`
 								## Commands Executed
 								```bash
 								git fetch
 								git reset --hard origin/<branch>
 								git pull origin <branch>
 								npm install
 								pm2 restart <PM2_ID>