@factiii/stack 0.1.25 → 0.1.27

package/dist/plugins/pipelines/factiii/workflows/factiii-dev-sync.yml

@@ -1,181 +0,0 @@
-name: Factiii Dev Sync
-
-# Generated by @factiii/stack v{VERSION}
-# DEV/TESTING ONLY - Deploys locally built infrastructure for testing beta features
-# This workflow receives infrastructure changes and deploys them to servers
-# Use: npx factiii dev-sync
-#
-# ⚠️ WARNING: This is for developing @factiii/stack itself, not for app deployments
-# Only use this when testing new infrastructure features before releasing them
-
-on:
-  workflow_dispatch:
-    inputs:
-      environment:
-        description: 'Environment to sync'
-        required: true
-        type: choice
-        options:
-          - staging
-          - prod
-      release_id:
-        description: 'GitHub Release ID containing artifact'
-        required: true
-        type: string
-      asset_id:
-        description: 'Release Asset ID for infrastructure tarball'
-        required: true
-        type: string
-      deploy:
-        description: 'Deploy after syncing'
-        required: false
-        type: boolean
-        default: false
-
-jobs:
-  dev-sync:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Install yq
-        run: |
-          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
-          sudo chmod +x /usr/local/bin/yq
-
-      - name: Read config
-        id: config
-        run: |
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "❌ stack.yml or factiii.yml not found"
-            exit 1
-          fi
-          
-          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
-          
-          if [ "${{ inputs.environment }}" == "staging" ]; then
-            HOST=$(yq eval '.staging.domain // ""' "$CONFIG_FILE")
-            SSH_USER=$(yq eval '.staging.ssh_user // "ubuntu"' "$CONFIG_FILE")
-          else
-            HOST=$(yq eval '.prod.domain // ""' "$CONFIG_FILE")
-            SSH_USER=$(yq eval '.prod.ssh_user // "ubuntu"' "$CONFIG_FILE")
-          fi
-          
-          echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
-          echo "host=$HOST" >> $GITHUB_OUTPUT
-          echo "ssh_user=$SSH_USER" >> $GITHUB_OUTPUT
-
-      - name: Check if environment configured
-        id: check_env
-        run: |
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          if [ "${{ inputs.environment }}" == "staging" ]; then
-            HAS_ENV=$(yq eval '.staging != null' "$CONFIG_FILE")
-          else
-            HAS_ENV=$(yq eval '.prod != null' "$CONFIG_FILE")
-          fi
-          
-          echo "has_env=$HAS_ENV" >> $GITHUB_OUTPUT
-          
-          if [ "$HAS_ENV" != "true" ]; then
-            echo "⏭️  ${{ inputs.environment }} not configured in config"
-            exit 1
-          fi
-
-      - name: Setup SSH
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          SSH_KEY: ${{ inputs.environment == 'staging' && secrets.STAGING_SSH || secrets.PROD_SSH }}
-        run: |
-          if [ -z "$SSH_KEY" ]; then
-            echo "❌ Missing ${{ inputs.environment == 'staging' && 'STAGING_SSH' || 'PROD_SSH' }} secret"
-            exit 1
-          fi
-          
-          mkdir -p ~/.ssh
-          echo "$SSH_KEY" > ~/.ssh/deploy_key
-          chmod 600 ~/.ssh/deploy_key
-
-      - name: Download infrastructure artifact from release
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          RELEASE_ID: ${{ inputs.release_id }}
-          ASSET_ID: ${{ inputs.asset_id }}
-        run: |
-          echo "⚠️  DEV SYNC MODE - Using infrastructure from local build"
-          echo "   This syncs uncommitted infrastructure changes for testing"
-          echo "   Release ID: $RELEASE_ID"
-          echo "   Asset ID: $ASSET_ID"
-          
-          echo "📦 Downloading infrastructure artifact..."
-          
-          # Download release asset using GitHub API
-          curl -L \
-            -H "Accept: application/octet-stream" \
-            -H "Authorization: Bearer $GITHUB_TOKEN" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            "https://api.github.com/repos/${{ github.repository }}/releases/assets/$ASSET_ID" \
-            -o infrastructure.tar.gz
-          
-          # Verify download
-          if [ ! -f infrastructure.tar.gz ]; then
-            echo "❌ Failed to download artifact"
-            exit 1
-          fi
-          
-          SIZE=$(du -h infrastructure.tar.gz | cut -f1)
-          echo "✅ Downloaded artifact ($SIZE)"
-
-      - name: Deploy infrastructure to server
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          HOST: ${{ steps.config.outputs.host }}
-          USER: ${{ steps.config.outputs.ssh_user }}
-          DEPLOY: ${{ inputs.deploy }}
-          REPO_NAME: ${{ steps.config.outputs.repo_name }}
-          ENVIRONMENT: ${{ inputs.environment }}
-        run: |
-          if [ -z "$HOST" ]; then
-            echo "❌ Missing domain in config: $ENVIRONMENT.domain"
-            exit 1
-          fi
-          
-          echo "🚀 Syncing infrastructure to $ENVIRONMENT ($HOST)..."
-          
-          # Copy infrastructure to server
-          echo "📤 Uploading infrastructure package..."
-          scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no infrastructure.tar.gz "$USER@$HOST:/tmp/"
-          
-          # Extract and setup on server
-          echo "📦 Extracting infrastructure on server..."
-          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "$USER@$HOST" \
-            "export PATH=\"/opt/homebrew/bin:/usr/local/bin:\$PATH\" && \
-             echo \"📦 Setting up infrastructure...\" && \
-             mkdir -p ~/.factiii/infrastructure && \
-             cd ~/.factiii/infrastructure && \
-             tar -xzf /tmp/infrastructure.tar.gz && \
-             rm /tmp/infrastructure.tar.gz && \
-             echo \"\" && \
-             echo \"📋 Verifying version...\" && \
-             VERSION=\$(cat package.json | grep '\"version\"' | head -1 | sed 's/.*: \"\(.*\)\".*/\1/') && \
-             echo \"   Version: \$VERSION\" && \
-             echo \"\" && \
-             echo \"✅ Infrastructure synced successfully\""
-          
-          # Optionally deploy
-          if [ "$DEPLOY" == "true" ]; then
-            echo ""
-            echo "🚀 Deploying to $ENVIRONMENT..."
-            ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "$USER@$HOST" \
-              "export PATH=\"/opt/homebrew/bin:/usr/local/bin:\$PATH\" && \
-               cd ~/.factiii/$REPO_NAME && \
-               GITHUB_ACTIONS=true node ~/.factiii/infrastructure/bin/factiii deploy --$ENVIRONMENT"
-          fi
-          
-          rm -f ~/.ssh/deploy_key
-          echo ""
-          echo "✅ Dev sync complete!"
-

package/dist/plugins/pipelines/factiii/workflows/factiii-fix.yml

@@ -1,178 +0,0 @@
-name: Factiii Fix
-
-# Generated by @factiii/stack v{VERSION}
-# INFRASTRUCTURE: Fix server issues via CLI
-# Run: npx factiii fix (triggers this workflow)
-# Runs on configured environments in parallel using matrix strategy
-
-on:
-  workflow_dispatch:
-    inputs:
-      environment:
-        description: 'Environment to fix'
-        required: true
-        type: choice
-        options:
-          - all
-          - staging
-          - prod
-        default: all
-
-jobs:
-  setup:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Install yq
-        run: |
-          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
-          sudo chmod +x /usr/local/bin/yq
-
-      - name: Determine environments
-        id: set-matrix
-        run: |
-          ENVS="[]"
-
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          if [ "${{ inputs.environment }}" == "all" ]; then
-            HAS_STAGING=$(yq eval '.staging != null' "$CONFIG_FILE")
-            HAS_PROD=$(yq eval '.prod != null' "$CONFIG_FILE")
-
-            if [ "$HAS_STAGING" == "true" ] && [ "$HAS_PROD" == "true" ]; then
-              ENVS='["staging", "prod"]'
-            elif [ "$HAS_STAGING" == "true" ]; then
-              ENVS='["staging"]'
-            elif [ "$HAS_PROD" == "true" ]; then
-              ENVS='["prod"]'
-            fi
-          else
-            ENVS='["${{ inputs.environment }}"]'
-          fi
-
-          echo "matrix={\"environment\":$ENVS}" >> $GITHUB_OUTPUT
-
-  fix:
-    needs: setup
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.setup.outputs.matrix) }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Install yq
-        run: |
-          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
-          sudo chmod +x /usr/local/bin/yq
-
-      - name: Read config
-        id: config
-        env:
-          ENVIRONMENT: ${{ matrix.environment }}
-        run: |
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "❌ stack.yml or factiii.yml not found"
-            exit 1
-          fi
-
-          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
-          HOST=$(yq eval ".$ENVIRONMENT.domain // \"\"" "$CONFIG_FILE")
-          SSH_USER=$(yq eval ".$ENVIRONMENT.ssh_user // \"ubuntu\"" "$CONFIG_FILE")
-
-          echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
-          echo "host=$HOST" >> $GITHUB_OUTPUT
-          echo "ssh_user=$SSH_USER" >> $GITHUB_OUTPUT
-
-      - name: Check if environment configured
-        id: check_env
-        env:
-          ENVIRONMENT: ${{ matrix.environment }}
-        run: |
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          HAS_ENV=$(yq eval ".$ENVIRONMENT != null" "$CONFIG_FILE")
-          echo "has_env=$HAS_ENV" >> $GITHUB_OUTPUT
-
-          if [ "$HAS_ENV" != "true" ]; then
-            echo "⏭️  $ENVIRONMENT not configured"
-            exit 0
-          fi
-
-      - name: Check SSH secret
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          ENVIRONMENT: ${{ matrix.environment }}
-          SSH_KEY: ${{ matrix.environment == 'staging' && secrets.STAGING_SSH || secrets.PROD_SSH }}
-        run: |
-          if [ -z "$SSH_KEY" ]; then
-            SECRET_NAME="${ENVIRONMENT^^}_SSH"
-            echo "❌ ${SECRET_NAME} secret not found"
-            echo "Add it at: https://github.com/${{ github.repository }}/settings/secrets/actions"
-            exit 1
-          fi
-          echo "✅ SSH secret exists for $ENVIRONMENT"
-
-      - name: Setup SSH
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          SSH_KEY: ${{ matrix.environment == 'staging' && secrets.STAGING_SSH || secrets.PROD_SSH }}
-        run: |
-          mkdir -p ~/.ssh
-          echo "$SSH_KEY" > ~/.ssh/deploy_key
-          chmod 600 ~/.ssh/deploy_key
-
-      - name: Bootstrap Node.js (one-time)
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          HOST: ${{ steps.config.outputs.host }}
-          USER: ${{ steps.config.outputs.ssh_user }}
-        run: |
-          echo "🔍 Checking Node.js on server..."
-          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "$USER@$HOST" \
-            'if ! command -v node &> /dev/null; then
-               echo "📦 Installing Node.js...";
-               if [ -f /opt/homebrew/bin/brew ] || [ -f /usr/local/bin/brew ]; then
-                 export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH";
-                 brew install node;
-               else
-                 curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs;
-               fi;
-             else
-               echo "✅ Node.js already installed";
-             fi'
-
-      - name: Fix via SSH
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          HOST: ${{ steps.config.outputs.host }}
-          USER: ${{ steps.config.outputs.ssh_user }}
-          REPO_NAME: ${{ steps.config.outputs.repo_name }}
-          ENVIRONMENT: ${{ matrix.environment }}
-        run: |
-          if [ -z "$HOST" ]; then
-            echo "❌ Missing domain in config: $ENVIRONMENT.domain"
-            exit 1
-          fi
-          
-          echo "🔧 Fixing $ENVIRONMENT ($HOST)..."
-          
-          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ServerAliveInterval=60 -o ServerAliveCountMax=5 "$USER@$HOST" \
-            "export PATH=\"/opt/homebrew/bin:/usr/local/bin:\$PATH\" && \
-             REPO_DIR=\"\$HOME/.factiii/$REPO_NAME\" && \
-             if [ -d \"\$REPO_DIR\" ]; then \
-               cd \"\$REPO_DIR\" && \
-               export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && \
-               GITHUB_ACTIONS=true npx factiii fix --$ENVIRONMENT; \
-             else \
-               echo \"❌ Repo directory not found at \$REPO_DIR\"; \
-               echo \"Run deployment first to clone the repository\"; \
-               exit 1; \
-             fi"
-          
-          rm -f ~/.ssh/deploy_key
-          echo "✅ $ENVIRONMENT fix complete!"

package/dist/plugins/pipelines/factiii/workflows/factiii-pr-check.yml

@@ -1,106 +0,0 @@
-name: Factiii PR Check
-
-# Generated by @factiii/stack v{VERSION}
-# Validates server/client/mobile builds when PR opens to main.
-# SSH to staging, run builds, report status to GitHub.
-
-on:
-  pull_request:
-    branches:
-      - main
-
-jobs:
-  pr-check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Install yq
-        run: |
-          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
-          sudo chmod +x /usr/local/bin/yq
-
-      - name: Read config
-        id: config
-        run: |
-          CONFIG_FILE="stack.yml"
-          if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "❌ stack.yml or factiii.yml not found"
-            exit 1
-          fi
-
-          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
-          HOST=$(yq eval '.staging.domain // ""' "$CONFIG_FILE")
-          SSH_USER=$(yq eval '.staging.ssh_user // "ubuntu"' "$CONFIG_FILE")
-
-          echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
-          echo "host=$HOST" >> $GITHUB_OUTPUT
-          echo "ssh_user=$SSH_USER" >> $GITHUB_OUTPUT
-
-      - name: Check if staging configured
-        id: check_staging
-        run: |
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          HAS_STAGING=$(yq eval '.staging != null' "$CONFIG_FILE")
-          echo "has_staging=$HAS_STAGING" >> $GITHUB_OUTPUT
-
-          if [ "$HAS_STAGING" != "true" ]; then
-            echo "⏭️  Staging not configured - skipping PR check"
-            exit 0
-          fi
-
-      - name: Setup SSH
-        if: steps.check_staging.outputs.has_staging == 'true'
-        env:
-          SSH_KEY: ${{ secrets.STAGING_SSH }}
-        run: |
-          if [ -z "$SSH_KEY" ]; then
-            echo "❌ Missing STAGING_SSH secret"
-            exit 1
-          fi
-
-          mkdir -p ~/.ssh
-          echo "$SSH_KEY" > ~/.ssh/deploy_key
-          chmod 600 ~/.ssh/deploy_key
-
-      - name: Run PR check on staging
-        if: steps.check_staging.outputs.has_staging == 'true'
-        env:
-          HOST: ${{ steps.config.outputs.host }}
-          USER: ${{ steps.config.outputs.ssh_user }}
-          REPO_NAME: ${{ steps.config.outputs.repo_name }}
-          COMMIT_HASH: ${{ github.event.pull_request.head.sha }}
-          BRANCH: ${{ github.event.pull_request.head.ref }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          if [ -z "$HOST" ]; then
-            echo "❌ Missing staging.domain in config"
-            exit 1
-          fi
-
-          echo "🔍 Running PR check on staging ($HOST)..."
-
-          GITHUB_TOKEN_B64=$(echo -n "$GITHUB_TOKEN" | base64 -w 0)
-          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "$USER@$HOST" \
-            "export PATH=\"/opt/homebrew/bin:/usr/local/bin:\$PATH\" && \
-             export GITHUB_TOKEN=\$(echo \"$GITHUB_TOKEN_B64\" | base64 -d) && \
-             export GITHUB_ACTIONS=true COMMIT_HASH=$COMMIT_HASH BRANCH=$BRANCH PR_NUMBER=$PR_NUMBER && \
-             REPO_DIR=\"\$HOME/.factiii/$REPO_NAME\" && \
-             if [ -d \"\$REPO_DIR\" ]; then \
-               cd \"\$REPO_DIR\" && npx factiii pr-check --staging; \
-             else \
-               echo \"❌ Repo not found at \$REPO_DIR\"; exit 1; \
-             fi"
-
-          EXIT_CODE=$?
-          rm -f ~/.ssh/deploy_key
-
-          if [ $EXIT_CODE -eq 0 ]; then
-            echo "✅ PR check passed"
-          else
-            echo "❌ PR check failed"
-            exit $EXIT_CODE
-          fi

package/dist/plugins/pipelines/factiii/workflows/factiii-scan.yml

@@ -1,183 +0,0 @@
-name: Factiii Scan
-
-# Generated by @factiii/stack v{VERSION}
-# INFRASTRUCTURE: Scan servers for issues via CLI
-# Run: npx factiii scan (triggers this workflow for remote environments)
-# Runs on configured environments in parallel using matrix strategy
-
-on:
-  workflow_dispatch:
-    inputs:
-      environment:
-        description: 'Environment to scan'
-        required: true
-        type: choice
-        options:
-          - all
-          - staging
-          - prod
-        default: all
-
-jobs:
-  setup:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Install yq
-        run: |
-          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
-          sudo chmod +x /usr/local/bin/yq
-
-      - name: Determine environments
-        id: set-matrix
-        run: |
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "matrix={\"environment\":[]}" >> $GITHUB_OUTPUT
-            echo "❌ stack.yml or factiii.yml not found"
-            exit 1
-          fi
-          ENVS="[]"
-          
-          if [ "${{ inputs.environment }}" == "all" ]; then
-            HAS_STAGING=$(yq eval '.staging != null' "$CONFIG_FILE")
-            HAS_PROD=$(yq eval '.prod != null' "$CONFIG_FILE")
-            
-            if [ "$HAS_STAGING" == "true" ] && [ "$HAS_PROD" == "true" ]; then
-              ENVS='["staging", "prod"]'
-            elif [ "$HAS_STAGING" == "true" ]; then
-              ENVS='["staging"]'
-            elif [ "$HAS_PROD" == "true" ]; then
-              ENVS='["prod"]'
-            fi
-          else
-            ENVS='["${{ inputs.environment }}"]'
-          fi
-          
-          echo "matrix={\"environment\":$ENVS}" >> $GITHUB_OUTPUT
-
-  scan:
-    needs: setup
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.setup.outputs.matrix) }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Install yq
-        run: |
-          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
-          sudo chmod +x /usr/local/bin/yq
-
-      - name: Read config
-        id: config
-        env:
-          ENVIRONMENT: ${{ matrix.environment }}
-        run: |
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "❌ stack.yml or factiii.yml not found"
-            exit 1
-          fi
-          
-          REPO_NAME=$(yq eval '.name' "$CONFIG_FILE")
-          HOST=$(yq eval ".$ENVIRONMENT.domain // \"\"" "$CONFIG_FILE")
-          SSH_USER=$(yq eval ".$ENVIRONMENT.ssh_user // \"ubuntu\"" "$CONFIG_FILE")
-          
-          echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT
-          echo "host=$HOST" >> $GITHUB_OUTPUT
-          echo "ssh_user=$SSH_USER" >> $GITHUB_OUTPUT
-
-      - name: Check if environment configured
-        id: check_env
-        env:
-          ENVIRONMENT: ${{ matrix.environment }}
-        run: |
-          CONFIG_FILE="stack.yml"; if [ ! -f "$CONFIG_FILE" ]; then CONFIG_FILE="factiii.yml"; fi
-          HAS_ENV=$(yq eval ".$ENVIRONMENT != null" "$CONFIG_FILE")
-          echo "has_env=$HAS_ENV" >> $GITHUB_OUTPUT
-          
-          if [ "$HAS_ENV" != "true" ]; then
-            echo "⏭️  $ENVIRONMENT not configured"
-            exit 0
-          fi
-
-      - name: Check SSH secret
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          ENVIRONMENT: ${{ matrix.environment }}
-          SSH_KEY: ${{ matrix.environment == 'staging' && secrets.STAGING_SSH || secrets.PROD_SSH }}
-        run: |
-          if [ -z "$SSH_KEY" ]; then
-            SECRET_NAME="${ENVIRONMENT^^}_SSH"
-            echo "❌ ${SECRET_NAME} secret not found"
-            echo "Add it at: https://github.com/${{ github.repository }}/settings/secrets/actions"
-            exit 1
-          fi
-          echo "✅ SSH secret exists for $ENVIRONMENT"
-
-      - name: Setup SSH
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          SSH_KEY: ${{ matrix.environment == 'staging' && secrets.STAGING_SSH || secrets.PROD_SSH }}
-        run: |
-          mkdir -p ~/.ssh
-          echo "$SSH_KEY" > ~/.ssh/deploy_key
-          chmod 600 ~/.ssh/deploy_key
-
-      - name: Bootstrap Node.js (one-time)
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          HOST: ${{ steps.config.outputs.host }}
-          USER: ${{ steps.config.outputs.ssh_user }}
-        run: |
-          echo "🔍 Checking Node.js on server..."
-          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "$USER@$HOST" \
-            'if ! command -v node &> /dev/null; then
-               echo "📦 Installing Node.js...";
-               if [ -f /opt/homebrew/bin/brew ] || [ -f /usr/local/bin/brew ]; then
-                 export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH";
-                 brew install node;
-               else
-                 curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs;
-               fi;
-             else
-               echo "✅ Node.js already installed";
-             fi'
-
-      - name: Scan via SSH
-        if: steps.check_env.outputs.has_env == 'true'
-        env:
-          HOST: ${{ steps.config.outputs.host }}
-          USER: ${{ steps.config.outputs.ssh_user }}
-          REPO_NAME: ${{ steps.config.outputs.repo_name }}
-          ENVIRONMENT: ${{ matrix.environment }}
-        run: |
-          if [ -z "$HOST" ]; then
-            echo "❌ Missing domain in config: $ENVIRONMENT.domain"
-            exit 1
-          fi
-          
-          echo "🔍 Scanning $ENVIRONMENT ($HOST)..."
-          
-          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "$USER@$HOST" \
-            "export PATH=\"/opt/homebrew/bin:/usr/local/bin:\$PATH\" && \
-             REPO_DIR=\"\$HOME/.factiii/$REPO_NAME\" && \
-             if [ -d \"\$REPO_DIR\" ]; then \
-               cd \"\$REPO_DIR\" && \
-               export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && \
-               GITHUB_ACTIONS=true npx factiii scan --$ENVIRONMENT; \
-             else \
-               echo \"❌ Repo directory not found at \$REPO_DIR\"; \
-               echo \"Run deployment first to clone the repository\"; \
-               exit 1; \
-             fi"
-          
-          rm -f ~/.ssh/deploy_key
-          echo "✅ $ENVIRONMENT scan complete!"