- Build images but skip push
- Run Ansible with --check flag (no changes made)
- Renamed workflow to indicate dry run mode
This lets us verify credentials and workflow before enabling real deploys.
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
- Triggers on merge to main
- Uses Doppler for secrets management
- Builds and pushes Docker images to GCP Artifact Registry
- Runs Ansible playbook to deploy to production
Required GitHub secrets:
- DOPPLER_TOKEN: Service token for Doppler ttl-sh project
- SSH_PRIVATE_KEY: Private key for SSH access to production server
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>