1c335e8daa
new workflow joins the tailnet via tailscale oauth then triggers the coolify deploy endpoint. path filter scoped to web app + every package transpiled into it, so broker/cli/docs changes skip it. concurrency group coalesces rapid pushes. requires three repo secrets: COOLIFY_TOKEN, TS_OAUTH_CLIENT_ID, TS_OAUTH_SECRET (the OAuth client needs the devices:write scope and the tag:ci tag in tailnet ACL tagOwners). inline coolify token removed from CLAUDE.md — it now references the repo secret. broker deploy is unchanged: it runs through the gitea-vps webhook. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2.3 KiB
2.3 KiB