Add automatic deployment system

[mitzimare]

Summary

Implements polling-based automatic deployment that detects when the main branch is updated and automatically deploys changes to the host system.

Key Features

• Polling Loop: Checks origin/main every 60 seconds (configurable via AUTO_DEPLOY_POLL_INTERVAL)
• Full Deployment Pipeline:
  • Record current state (for rollback capability)
  • Stash uncommitted changes (non-destructive)
  • Pull latest changes from origin/main
  • Analyze what changed (dependencies, source code, etc.)
  • Install dependencies (if package.json changed)
  • Build TypeScript (if source changed)
  • Restart systemd service
  • Verify service is running
• Real-Time Notifications: Sends deployment progress updates to main chat
• Error Handling: Comprehensive error handling with notifications on failure
• Safety: Read-only git operations, non-destructive stashing, rollback info recorded

Configuration

# Disable auto-deployment (enabled by default)
AUTO_DEPLOY_ENABLED=false

# Change polling interval (default: 60000ms = 1 minute)
AUTO_DEPLOY_POLL_INTERVAL=120000  # Check every 2 minutes

Example Notifications

Successful deployment:

🔄 Deployment started
Current commit: a1b2c3d

📊 Changes detected
• 12 files changed
• Dependencies: No
• Source code: Yes

🔨 Building TypeScript...

🔄 Restarting service...

✅ Deployment successful!
• Previous: a1b2c3d
• Current: e4f5g6h
• Duration: 45.2s

Failed deployment:

❌ Deployment failed!
• Error: Failed to restart service: Unit not found
• Duration: 15.3s
• Manual intervention may be required

Changes

• src/auto-deploy.ts: Core deployment logic and polling loop
• src/index.ts: Wire up auto-deploy on startup (notifies main chat)
• src/config.ts: Add AUTO_DEPLOY_* config, export PROJECT_ROOT and HOME_DIR
• docs/AUTO_DEPLOYMENT.md: Comprehensive documentation (usage, config, troubleshooting, security)

Testing Plan

Once PR #3 is merged:

1. Auto-deployment will be active on the host
2. Merge PR feat: Add Firefox audio support and pre-install Widevine CDM #2 (browser-audio-drm-fixes)
3. Within ~1 minute, auto-deployment should detect the change and deploy it
4. You'll receive notifications in your main chat about the deployment
5. Verify PR feat: Add Firefox audio support and pre-install Widevine CDM #2 changes are live on the host

This PR sets up the infrastructure, and PR #2 will be the first real test of the automation!

Security Considerations

• ✅ Read-only git operations (only fetch/pull)
• ✅ Non-destructive stashing of local changes
• ✅ Rollback information recorded before deployment
• ✅ Service verification after restart
• ❌ No automatic rollback on failure (manual intervention required)
• ❌ Container rebuild not yet automated (Dockerfile changes require manual rebuild)

Future Enhancements

• Automatic rollback on service failure
• Health checks after deployment
• Deployment approval flow (manual confirmation)
• Webhook support (instead of polling)
• Deploy only on git tags (e.g., v1.0.0)
• Container rebuild detection

Documentation

See docs/AUTO_DEPLOYMENT.md for:

• How it works
• Configuration options
• Notification examples
• Security considerations
• Troubleshooting guide
• Manual rollback procedures
• Comparison to manual deployment

[Bootjack]

Polling faster than 1 second is never going to be reasonable, so we don't need millisecond precision here. To make the configuration more obvious and hint at its intent, lets configure by seconds instead

[Bootjack]

Why stop here? We should automate this part, too.

[Bootjack]

When manually validating these steps, I encountered files that were committed to the branch in the container, but were untracked on the host. Pulling from main after the branch was merged caused a conflict and git prevented the pull. How does this automation address that scenario?

[Bootjack]

If we can tell that the npm install/build, docker build, or service restart failed, we should automatically trigger a rollback to the previous commit and rerun everything to build and restart the service from that (theoretically) known-working state.

[Bootjack]

With this in mind, we should default to 2-minute polling. That way any problem with authentication would only burn through half the allotted request rate, worst case.