chore(debug): add visible central input and decision logs

Print run_build/run_quality/run_deploy values and gate decisions in workflow logs for runtime diagnosis when debug endpoint is unavailable.

Made-with: Cursor

.gitea/workflows/build.yml

@@ -0,0 +1,61 @@
+# Standalone build workflow. Central CI inlines these steps in ci.yml because WDIPL-Runner
+# does not forward reusable-workflow outputs to the parent reliably.
+name: Build
+
+on:
+  workflow_call:
+    inputs:
+      tech_stack:
+        type: string
+        required: true
+      build_command:
+        type: string
+        required: false
+      # Snapshot from parent needs.meta.outputs.cs so later jobs read needs.build.outputs.cs
+      # (WDIPL-Runner clears needs.meta.outputs after the first reusable child completes.)
+      ci_steps:
+        type: string
+        required: true
+      skip_node_compile:
+        type: string
+        required: false
+
+    outputs:
+      cs:
+        description: ci_steps snapshot for parent sonar/deploy if
+        value: ${{ jobs.build.outputs.cs }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      cs: ${{ inputs.ci_steps }}
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      # 🟢 NODE / REACT / NESTJS
+      - name: Setup Node
+        if: inputs.tech_stack == 'node' || inputs.tech_stack == 'react' || inputs.tech_stack == 'nestjs'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+
+      - name: Build (Node / React / NestJS)
+        if: inputs.tech_stack == 'node' || inputs.tech_stack == 'react' || inputs.tech_stack == 'nestjs'
+        run: |
+          if [ "${{ inputs.skip_node_compile }}" = "true" ]; then
+            echo "TEMP: skip npm install / npm run build (skip_node_compile=true)"
+            exit 0
+          fi
+          if [ -n "${{ inputs.build_command }}" ]; then
+            set -xe
+            echo "Running custom build command"
+            ${{ inputs.build_command }}
+          else
+            set -xe
+            npm install
+            npm run build
+          fi
+          

.gitea/workflows/ci.yml

@@ -0,0 +1,183 @@
+name: Central CI
+
+on:
+  workflow_call:
+    inputs:
+      run_build:
+        type: string
+        required: true
+      run_quality:
+        type: string
+        required: true
+      run_deploy:
+        type: string
+        required: true
+      wait_for_quality_gate:
+        type: string
+        required: false
+      tech_stack:
+        type: string
+        required: true
+
+      app_path_beta:
+        type: string
+        required: false
+      app_path_staging:
+        type: string
+        required: false
+      app_path_prod:
+        type: string
+        required: false
+      build_command:
+        type: string
+        required: false
+      pm2_id:
+        type: string
+        required: false
+
+    secrets:
+      SONARQUBE_HOST:
+        required: false
+      SONARQUBE_TOKEN:
+        required: false
+
+      BETA_SERVER_HOST:
+        required: false
+      BETA_SERVER_PORT:
+        required: false
+      BETA_SERVER_USERNAME:
+        required: false
+      BETA_SERVER_PASSWORD:
+        required: false
+      BETA_SERVER_KEY:
+        required: false
+
+      STAGING_SERVER_HOST:
+        required: false
+      STAGING_SERVER_PORT:
+        required: false
+      STAGING_SERVER_USERNAME:
+        required: false
+      STAGING_SERVER_PASSWORD:
+        required: false
+      STAGING_SERVER_KEY:
+        required: false
+
+      PROD_SERVER_HOST:
+        required: false
+      PROD_SERVER_PORT:
+        required: false
+      PROD_SERVER_USERNAME:
+        required: false
+      PROD_SERVER_PASSWORD:
+        required: false
+      PROD_SERVER_KEY:
+        required: false
+
+jobs:
+  build:
+    if: ${{ inputs.run_build == 'true' }}
+    runs-on: ubuntu-latest
+    steps:
+      #region agent log
+      - name: Debug input forwarding for build
+        run: |
+          echo "DBG_CENTRAL_INPUT_RUN_BUILD='${{ inputs.run_build }}'"
+          echo "DBG_CENTRAL_INPUT_RUN_QUALITY='${{ inputs.run_quality }}'"
+          echo "DBG_CENTRAL_INPUT_RUN_DEPLOY='${{ inputs.run_deploy }}'"
+          curl -sS -X POST "http://127.0.0.1:7352/ingest/24143b9f-f549-4429-832c-d0515ce6e2ac" \
+            -H "Content-Type: application/json" \
+            -H "X-Debug-Session-Id: 0ae703" \
+            -d "{\"sessionId\":\"0ae703\",\"runId\":\"${{ github.run_id }}\",\"hypothesisId\":\"H1\",\"location\":\"wdipl-actions/.gitea/workflows/ci.yml:build\",\"message\":\"workflow_call flags at build\",\"data\":{\"run_build\":\"${{ inputs.run_build }}\",\"run_quality\":\"${{ inputs.run_quality }}\",\"run_deploy\":\"${{ inputs.run_deploy }}\"},\"timestamp\":$(date +%s000)}" || true
+      #endregion
+
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Setup Node
+        if: inputs.tech_stack == 'node' || inputs.tech_stack == 'react' || inputs.tech_stack == 'nestjs'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+
+      - name: Build (Node / React / NestJS)
+        if: inputs.tech_stack == 'node' || inputs.tech_stack == 'react' || inputs.tech_stack == 'nestjs'
+        run: |
+          if [ -n "${{ inputs.build_command }}" ]; then
+            set -xe
+            echo "Running custom build command"
+            ${{ inputs.build_command }}
+          else
+            set -xe
+            npm install
+            npm run build
+          fi
+
+  sonar:
+    if: ${{ inputs.run_quality == 'true' }}
+    uses: Rajendra.Reddy/wdipl-actions/.gitea/workflows/quality.yml@d604440af823c664b2c828a3d6a2cc5d23b79141
+    with:
+      project_key: ${{ github.event.repository.name }}
+      wait_for_quality_gate: ${{ inputs.wait_for_quality_gate }}
+    secrets:
+      SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
+      SONARQUBE_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+
+  deploy:
+    if: ${{ inputs.run_deploy == 'true' }}
+    uses: Rajendra.Reddy/wdipl-actions/.gitea/workflows/deploy.yml@main
+    with:
+      tech_stack: ${{ inputs.tech_stack }}
+      branch_name: ${{ github.ref_name }}
+      pm2_id: ${{ inputs.pm2_id }}
+      app_path_beta: ${{ inputs.app_path_beta }}
+      app_path_staging: ${{ inputs.app_path_staging }}
+      app_path_prod: ${{ inputs.app_path_prod }}
+    secrets:
+      BETA_SERVER_HOST: ${{ secrets.BETA_SERVER_HOST }}
+      BETA_SERVER_PORT: ${{ secrets.BETA_SERVER_PORT }}
+      BETA_SERVER_USERNAME: ${{ secrets.BETA_SERVER_USERNAME }}
+      BETA_SERVER_PASSWORD: ${{ secrets.BETA_SERVER_PASSWORD }}
+      BETA_SERVER_KEY: ${{ secrets.BETA_SERVER_KEY }}
+
+      STAGING_SERVER_HOST: ${{ secrets.STAGING_SERVER_HOST }}
+      STAGING_SERVER_PORT: ${{ secrets.STAGING_SERVER_PORT }}
+      STAGING_SERVER_USERNAME: ${{ secrets.STAGING_SERVER_USERNAME }}
+      STAGING_SERVER_PASSWORD: ${{ secrets.STAGING_SERVER_PASSWORD }}
+      STAGING_SERVER_KEY: ${{ secrets.STAGING_SERVER_KEY }}
+
+      PROD_SERVER_HOST: ${{ secrets.PROD_SERVER_HOST }}
+      PROD_SERVER_PORT: ${{ secrets.PROD_SERVER_PORT }}
+      PROD_SERVER_USERNAME: ${{ secrets.PROD_SERVER_USERNAME }}
+      PROD_SERVER_PASSWORD: ${{ secrets.PROD_SERVER_PASSWORD }}
+      PROD_SERVER_KEY: ${{ secrets.PROD_SERVER_KEY }}
+
+  quality_gate_debug:
+    if: ${{ always() }}
+    needs: [build, sonar]
+    runs-on: ubuntu-latest
+    steps:
+      #region agent log
+      - name: Debug quality decision result
+        run: |
+          echo "DBG_QUALITY_DECISION run_quality='${{ inputs.run_quality }}' build='${{ needs.build.result }}' sonar='${{ needs.sonar.result }}'"
+          curl -sS -X POST "http://127.0.0.1:7352/ingest/24143b9f-f549-4429-832c-d0515ce6e2ac" \
+            -H "Content-Type: application/json" \
+            -H "X-Debug-Session-Id: 0ae703" \
+            -d "{\"sessionId\":\"0ae703\",\"runId\":\"${{ github.run_id }}\",\"hypothesisId\":\"H2\",\"location\":\"wdipl-actions/.gitea/workflows/ci.yml:quality_gate_debug\",\"message\":\"quality job outcome\",\"data\":{\"run_quality\":\"${{ inputs.run_quality }}\",\"build_result\":\"${{ needs.build.result }}\",\"sonar_result\":\"${{ needs.sonar.result }}\"},\"timestamp\":$(date +%s000)}" || true
+      #endregion
+
+  deploy_gate_debug:
+    if: ${{ always() }}
+    needs: [build, sonar, deploy]
+    runs-on: ubuntu-latest
+    steps:
+      #region agent log
+      - name: Debug deploy decision result
+        run: |
+          echo "DBG_DEPLOY_DECISION run_deploy='${{ inputs.run_deploy }}' build='${{ needs.build.result }}' sonar='${{ needs.sonar.result }}' deploy='${{ needs.deploy.result }}'"
+          curl -sS -X POST "http://127.0.0.1:7352/ingest/24143b9f-f549-4429-832c-d0515ce6e2ac" \
+            -H "Content-Type: application/json" \
+            -H "X-Debug-Session-Id: 0ae703" \
+            -d "{\"sessionId\":\"0ae703\",\"runId\":\"${{ github.run_id }}\",\"hypothesisId\":\"H3\",\"location\":\"wdipl-actions/.gitea/workflows/ci.yml:deploy_gate_debug\",\"message\":\"deploy job outcome\",\"data\":{\"run_deploy\":\"${{ inputs.run_deploy }}\",\"build_result\":\"${{ needs.build.result }}\",\"sonar_result\":\"${{ needs.sonar.result }}\",\"deploy_result\":\"${{ needs.deploy.result }}\"},\"timestamp\":$(date +%s000)}" || true
+      #endregion

.gitea/workflows/deploy.yml

@@ -1,32 +1,61 @@
+name: Deploy
+
 on:
   workflow_call:
     inputs:
-      host:
+      tech_stack:
         required: true
         type: string
-      username:
-        required: true
-        type: string
-      port:
-        required: true
-        type: number
-      project_folder:
-        required: true
-        type: string
-      pm2_id:
-        required: false
-        type: string
       branch_name:
         required: true
         type: string
-      tech:
-        required: true
+
+      app_path_beta:
+        required: false
+        type: string
+      app_path_staging:
+        required: false
+        type: string
+      app_path_prod:
+        required: false
+        type: string
+
+      pm2_id:
+        required: false
         type: string
 
     secrets:
-      password:
+      BETA_SERVER_HOST:
         required: false
-      key:
+      BETA_SERVER_PORT:
+        required: false
+      BETA_SERVER_USERNAME:
+        required: false
+      BETA_SERVER_PASSWORD:
+        required: false
+      BETA_SERVER_KEY:
+        required: false
+
+      STAGING_SERVER_HOST:
+        required: false
+      STAGING_SERVER_PORT:
+        required: false
+      STAGING_SERVER_USERNAME:
+        required: false
+      STAGING_SERVER_PASSWORD:
+        required: false
+      STAGING_SERVER_KEY:
+        required: false
+
+      PROD_SERVER_HOST:
+        required: false
+      PROD_SERVER_PORT:
+        required: false
+      PROD_SERVER_USERNAME:
+        required: false
+      PROD_SERVER_PASSWORD:
+        required: false
+      PROD_SERVER_KEY:
         required: false
 
 jobs:
@@ -34,49 +63,104 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Deploy via SSH
+
+      # 🔹 BETA / TESTING
+      - name: Deploy Beta/Testing
+        if: inputs.branch_name == 'beta' || inputs.branch_name == 'testing'
         uses: appleboy/ssh-action@v1
         with:
-          host: ${{ inputs.host }}
-          username: ${{ inputs.username }}
-          password: ${{ secrets.password }}
-          key: ${{ secrets.key }}
-          port: ${{ inputs.port }}
+          host: ${{ secrets.BETA_SERVER_HOST }}
+          username: ${{ secrets.BETA_SERVER_USERNAME }}
+          port: ${{ secrets.BETA_SERVER_PORT }}
+          password: ${{ secrets.BETA_SERVER_PASSWORD }}
+          key: ${{ secrets.BETA_SERVER_KEY }}
 
           script: |
             set -xe
-
-            cd ${{ inputs.project_folder }}
+            cd ${{ inputs.app_path_beta }}
 
             git fetch
             git reset --hard origin/${{ inputs.branch_name }}
             git pull origin ${{ inputs.branch_name }}
 
-            echo "Installing deps"
-            npm install
-
-            echo "Running tech-specific steps"
-            case "${{ inputs.tech }}" in
-              node)
-                npm i 
-                npx prisma generate
-                npx prisma migrate deploy
-                npm run build
-                pm2 reload ${{ inputs.pm2_id }}
+            case "${{ inputs.tech_stack }}" in
+              node|react|nestjs)
+                npm install
+                npm run build || true
+                pm2 reload ${{ inputs.pm2_id }} || true
                 ;;
-              nestjs)
-                npm i 
-                npx prisma generate
-                npx prisma migrate deploy
-                npm run build
-                pm2 reload ${{ inputs.pm2_id }}
+              docker)
+                docker compose up -d --build
                 ;;
-              python)
-                docker-compose up -d --build
-                ;;      
               *)
                 echo "Unknown tech"
                 ;;
             esac
 
-            
+
+      # 🔹 STAGING
+      - name: Deploy Staging
+        if: inputs.branch_name == 'staging'
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.STAGING_SERVER_HOST }}
+          username: ${{ secrets.STAGING_SERVER_USERNAME }}
+          port: ${{ secrets.STAGING_SERVER_PORT }}
+          password: ${{ secrets.STAGING_SERVER_PASSWORD }}
+          key: ${{ secrets.STAGING_SERVER_KEY }}
+
+          script: |
+            set -xe
+            cd ${{ inputs.app_path_staging }}
+
+            git fetch
+            git reset --hard origin/${{ inputs.branch_name }}
+            git pull origin ${{ inputs.branch_name }}
+
+            case "${{ inputs.tech_stack }}" in
+              node|react|nestjs)
+                npm install
+                npm run build || true
+                pm2 reload ${{ inputs.pm2_id }} || true
+                ;;
+              docker)
+                docker compose up -d --build
+                ;;
+              *)
+                echo "Unknown tech"
+                ;;
+            esac
+
+
+      # 🔹 PRODUCTION
+      - name: Deploy Production
+        if: inputs.branch_name == 'main' || inputs.branch_name == 'prod'
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.PROD_SERVER_HOST }}
+          username: ${{ secrets.PROD_SERVER_USERNAME }}
+          port: ${{ secrets.PROD_SERVER_PORT }}
+          password: ${{ secrets.PROD_SERVER_PASSWORD }}
+          key: ${{ secrets.PROD_SERVER_KEY }}
+
+          script: |
+            set -xe
+            cd ${{ inputs.app_path_prod }}
+
+            git fetch
+            git reset --hard origin/${{ inputs.branch_name }}
+            git pull origin ${{ inputs.branch_name }}
+
+            case "${{ inputs.tech_stack }}" in
+              node|react|nestjs)
+                npm install
+                npm run build || true
+                pm2 reload ${{ inputs.pm2_id }} || true
+                ;;
+              docker)
+                docker compose up -d --build
+                ;;
+              *)
+                echo "Unknown tech"
+                ;;
+            esac

.gitea/workflows/quality.yml

@@ -0,0 +1,44 @@
+name: SonarQube Analysis
+
+on:
+  workflow_call:
+    inputs:
+      project_key:
+        type: string
+        required: true
+      wait_for_quality_gate:
+        type: string
+        required: false
+        default: 'false'
+
+    secrets:
+      SONARQUBE_HOST:
+        required: true
+      SONARQUBE_TOKEN:
+        required: true
+
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+
+    container:
+      image: sonarsource/sonar-scanner-cli:12.0.0.3214_8.0.1
+      options: --user root
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      # Pass URL/token via env (scanner reads SONAR_HOST_URL / SONAR_TOKEN). Keeps secrets out of
+      # the rewritten run script and avoids WDIPL-Runner still resolving wrong secret names in -D lines.
+      - name: Run SonarQube Scan
+        env:
+          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
+          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+        run: |
+          sonar-scanner \
+            -Dsonar.projectKey=${{ inputs.project_key }} \
+            -Dsonar.projectName=${{ inputs.project_key }} \
+            -Dsonar.sources=. \
+            -Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
+            -Dsonar.qualitygate.wait=${{ inputs.wait_for_quality_gate == true || inputs.wait_for_quality_gate == 'true' }}

.gitea/workflows/qualitytest.yml

@@ -7,9 +7,9 @@ on:
         required: true
         type: string
     secrets:
-      SONAR_HOST_URL:
+      SONARQUBE_HOST:
         required: true
-      SONAR_TOKEN:
+      SONARQUBE_TOKEN:
         required: true
 
 jobs:
@@ -24,12 +24,13 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Run SonarQube Scan (with Quality Gate)
+        env:
+          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
+          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
         run: |
           sonar-scanner \
             -Dsonar.projectKey=${{ inputs.project_key }} \
             -Dsonar.projectName=${{ inputs.project_key }} \
             -Dsonar.sources=. \
-            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
-            -Dsonar.token=${{ secrets.SONAR_TOKEN }} \
             -Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
             -Dsonar.qualitygate.wait=false

actions/sonar/action.yml

@@ -0,0 +1,49 @@
+name: "SonarQube Scan"
+description: "Run SonarQube scan with Quality Gate enforcement"
+
+inputs:
+  sonar_host_url:
+    required: true
+
+  sonar_token:
+    required: true
+
+  wait_for_quality_gate:
+    required: false
+    default: "true"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set Project Key (from repo name)
+      shell: bash
+      run: |
+        echo "PROJECT_KEY=${{ gitea.event.repository.name }}" >> $GITHUB_ENV
+
+    - name: Debug Info
+      shell: bash
+      run: |
+        echo "Project Key: $PROJECT_KEY"
+        echo "Wait for Quality Gate: ${{ inputs.wait_for_quality_gate }}"
+
+    - name: Run Sonar Scanner
+      shell: bash
+      run: |
+        if [ "${{ inputs.wait_for_quality_gate }}" = "true" ]; then
+          sonar-scanner \
+            -Dsonar.projectKey=$PROJECT_KEY \
+            -Dsonar.projectName=$PROJECT_KEY \
+            -Dsonar.sources=. \
+            -Dsonar.host.url=${{ inputs.sonar_host_url }} \
+            -Dsonar.token=${{ inputs.sonar_token }} \
+            -Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
+            -Dsonar.qualitygate.wait=true
+        else
+          sonar-scanner \
+            -Dsonar.projectKey=$PROJECT_KEY \
+            -Dsonar.projectName=$PROJECT_KEY \
+            -Dsonar.sources=. \
+            -Dsonar.host.url=${{ inputs.sonar_host_url }} \
+            -Dsonar.token=${{ inputs.sonar_token }} \
+            -Dsonar.exclusions=node_modules/**,dist/**,coverage/**
+        fi

readme.md

@@ -0,0 +1,216 @@
+# 🚀 CI/CD Setup Guide (For Developers)
+
+This project uses a centralized CI/CD system.
+You only need to configure **1 workflow file + secrets**.
+
+---
+
+# 📁 1. Add Workflow File
+
+Create:
+
+```
+.gitea/workflows/ci.yml
+```
+
+Paste:
+
+```yaml
+name: CI
+
+on:
+  push:
+    branches: [main, beta, staging, testing]
+  pull_request:
+
+jobs:
+  ci:
+    # Prefer a commit SHA from wdipl-actions @main (see "stale reusable workflows" above).
+    uses: http://git.wdipl.com/Rajendra.Reddy/wdipl-actions/.gitea/workflows/ci.yml@main
+
+    with:
+      tech_stack: node
+
+      # Comma-separated: build, sonar, deploy (WDIPL-Runner only forwards one “flag” string reliably).
+      ci_steps: 'build,sonar,deploy'
+      wait_for_quality_gate: 'false'
+
+      app_path_beta: /var/www/app-beta
+      app_path_staging: /var/www/app-staging
+      app_path_prod: /var/www/app-prod
+
+      pm2_id: app
+
+    secrets:
+      SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
+      SONARQUBE_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+
+      BETA_SERVER_HOST: ${{ secrets.BETA_SERVER_HOST }}
+      BETA_SERVER_PORT: ${{ secrets.BETA_SERVER_PORT }}
+      BETA_SERVER_USERNAME: ${{ secrets.BETA_SERVER_USERNAME }}
+      BETA_SERVER_PASSWORD: ${{ secrets.BETA_SERVER_PASSWORD }}
+      BETA_SERVER_KEY: ${{ secrets.BETA_SERVER_KEY }}
+
+      STAGING_SERVER_HOST: ${{ secrets.STAGING_SERVER_HOST }}
+      STAGING_SERVER_PORT: ${{ secrets.STAGING_SERVER_PORT }}
+      STAGING_SERVER_USERNAME: ${{ secrets.STAGING_SERVER_USERNAME }}
+      STAGING_SERVER_PASSWORD: ${{ secrets.STAGING_SERVER_PASSWORD }}
+      STAGING_SERVER_KEY: ${{ secrets.STAGING_SERVER_KEY }}
+
+      PROD_SERVER_HOST: ${{ secrets.PROD_SERVER_HOST }}
+      PROD_SERVER_PORT: ${{ secrets.PROD_SERVER_PORT }}
+      PROD_SERVER_USERNAME: ${{ secrets.PROD_SERVER_USERNAME }}
+      PROD_SERVER_PASSWORD: ${{ secrets.PROD_SERVER_PASSWORD }}
+      PROD_SERVER_KEY: ${{ secrets.PROD_SERVER_KEY }}
+```
+
+---
+
+# 🔐 2. Add Secrets (Repo → Settings → Secrets)
+
+## SonarQube
+
+| Name             | Value                    |
+| ---------------- | ------------------------ |
+| SONARQUBE_HOST   | http://your-sonar-server |
+| SONARQUBE_TOKEN  | your sonar token         |
+
+---
+
+## Beta / Testing Server
+
+| Name                 | Value                      |
+| -------------------- | -------------------------- |
+| BETA_SERVER_HOST     | server IP/domain           |
+| BETA_SERVER_PORT     | 22                         |
+| BETA_SERVER_USERNAME | ssh user (ubuntu/root)     |
+| BETA_SERVER_PASSWORD | password (optional)        |
+| BETA_SERVER_KEY      | private ssh key (optional) |
+
+---
+
+## Staging Server
+
+| Name                    | Value               |
+| ----------------------- | ------------------- |
+| STAGING_SERVER_HOST     | server IP/domain    |
+| STAGING_SERVER_PORT     | 22                  |
+| STAGING_SERVER_USERNAME | ssh user            |
+| STAGING_SERVER_PASSWORD | password (optional) |
+| STAGING_SERVER_KEY      | ssh key (optional)  |
+
+---
+
+## Production Server
+
+| Name                 | Value               |
+| -------------------- | ------------------- |
+| PROD_SERVER_HOST     | server IP/domain    |
+| PROD_SERVER_PORT     | 22                  |
+| PROD_SERVER_USERNAME | ssh user            |
+| PROD_SERVER_PASSWORD | password (optional) |
+| PROD_SERVER_KEY      | ssh key (optional)  |
+
+---
+
+# ⚙️ 3. Variables (Edit in ci.yml)
+
+| Variable              | What to set            |
+| --------------------- | ---------------------- |
+| tech_stack            | node / react / nestjs  |
+| ci_steps              | e.g. `build,sonar,deploy` — **no spaces** (runner has no `replace()`) |
+| wait_for_quality_gate | `'true'` / `'false'` (quoted) |
+| app_path_beta         | path on beta server    |
+| app_path_staging      | path on staging server |
+| app_path_prod         | path on prod server    |
+| pm2_id                | pm2 app name           |
+
+---
+
+# 🌿 4. Branch Behavior
+
+| Branch      | Action               |
+| ----------- | -------------------- |
+| feature/*   | Build + Sonar        |
+| develop     | Build + Sonar        |
+| testing     | Deploy to Beta       |
+| beta        | Deploy to Beta       |
+| staging     | Deploy to Staging    |
+| main / prod | Deploy to Production |
+
+---
+
+# ⚙️ 5. What Happens on Deploy
+
+```bash
+git fetch
+git reset --hard origin/<branch>
+git pull
+
+npm install
+npm run build
+pm2 reload <pm2_id>
+```
+
+---
+
+# WDIPL-Runner: stale reusable workflows (`uses: ...@main`)
+
+The runner caches clones under **`/root/.cache/act/`** (e.g. `Rajendra.Reddy-wdipl-actions@main`). After you change **`wdipl-actions`**, consumers may still execute an **old `ci.yml`** (wrong `if:` / missing `ci_steps`).
+
+Central **`ci.yml`** includes a **`meta` job** that writes `ci_steps` to **`$GITHUB_OUTPUT`** so **`needs.meta.outputs.cs`** stays available for Sonar/Deploy: WDIPL-Runner clears **`inputs.ci_steps`** after the Build reusable workflow runs.
+
+**Fix one of:**
+
+1. Pin **`uses:` to a commit SHA** from `wdipl-actions`, e.g.  
+   `uses: .../ci.yml@08e779fe5701557b6a589308816be97c20d78dbb`  
+   Bump the SHA whenever you change central CI.
+2. On the runner host, delete that cache folder and re-run the workflow.
+3. Upgrade the runner if a newer release fixes cache invalidation.
+
+---
+
+# Gitea MCP + Actions API (Cursor)
+
+Official **gitea-mcp** (and the Go SDK it uses) calls **`GET /api/v1/repos/{owner}/{repo}/actions/runs`** to list workflow runs and job logs.
+
+- **Gitea 1.24.x** exposes **`/actions/tasks`** for the same data but **does not** register **`/actions/runs`** (returns `404 page not found`). Tools like `actions_run_read` → `list_runs` / `list_jobs` will fail until the server is updated or a proxy workaround is applied.
+- **Gitea 1.25+** includes **`ListWorkflowRuns`** at **`/actions/runs`** — upgrade **`git.wdipl.com`** to **1.25 or newer** so MCP can list runs and fetch logs without hacks.
+
+**Reverse-proxy workaround (until upgrade):** map list-runs requests to tasks (response shape is compatible for listing):
+
+```nginx
+# Only for the repository runs list endpoint (no trailing /{run})
+location ~ ^/api/v1/repos/([^/]+)/([^/]+)/actions/runs$ {
+  proxy_pass http://127.0.0.1:3000/api/v1/repos/$1/$2/actions/tasks$is_args$args;
+  # ... usual proxy headers to your Gitea backend
+}
+```
+
+Adjust `proxy_pass` to your Gitea HTTP upstream. Redeploy/reload nginx, then restart Cursor.
+
+**Cursor:** set a user or system environment variable **`GITEA_ACCESS_TOKEN`** (PAT with repo + Actions read scope) and use **`${env:GITEA_ACCESS_TOKEN}`** in `~/.cursor/mcp.json` — do not store tokens in that file.
+
+---
+
+# ⚠️ Notes
+
+* Use **either password OR SSH key**
+* Ensure server has:
+
+  * Node.js
+  * PM2
+* Paths must exist on server
+* Deployment runs only if `ci_steps` includes `deploy` (comma‑bounded token)
+
+---
+
+# ✅ Summary
+
+1. Add `ci.yml`
+2. Add secrets
+3. Set paths
+
+Done.
+
+---