♻️ refactor(cd): hardcode non-sensitive config in staging workflow

Reduced GitHub Secrets requirements from 21 to 12 by hardcoding non-sensitive configuration values directly in the workflow file. Changes: - Hardcoded: DB/Redis host/port, STAGING_HOST, STAGING_USER, MANA_SERVICE_URL - Keep as secrets: passwords, API keys, JWT keys, SSH private key - Updated generate-staging-secrets.sh to reflect reduced secret list - Added get-ssh-key.sh helper script for SSH key extraction Benefits: - Fewer secrets to manage in GitHub - Configuration visible in code review - Easier to update non-sensitive values (no UI navigation) - Better separation of config vs secrets 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-22 23:06:41 +02:00 · 2025-12-04 17:11:36 +01:00 · 2025-12-04 17:11:36 +01:00 · 234703a130
commit 234703a130
parent cf2b6aaa2b
3 changed files with 188 additions and 20 deletions
--- a/scripts/get-ssh-key.sh
+++ b/scripts/get-ssh-key.sh
@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Get SSH Private Key Content for GitHub Secret
+
+echo "================================================"
+echo "  SSH PRIVATE KEY FOR STAGING_SSH_KEY"
+echo "================================================"
+echo ""
+echo "Copy the ENTIRE output below (including BEGIN and END lines):"
+echo ""
+echo "================================================"
+
+cat ~/.ssh/hetzner_deploy_key
+
+echo "================================================"
+echo ""
+echo "This is the value for: STAGING_SSH_KEY"
+echo ""