Acceptance Criteria: - Triggers on push to main after CI passes - SSHs to VPS and pulls latest Docker image - Runs docker compose pull and docker compose up -d - Runs migrations post-deploy - Fails loudly if migrations fail - Old container runs until new one is healthy - Secrets needed: VPS_HOST VPS_USER VPS_SSH_KEY VPS_PORT
Acceptance Criteria: