3b294e2e82
- deploy.yml: on push to main, builds linux/arm64 image, pushes to Gitea registry, deploys via SSH kubectl set image - ci.yml: gate to PRs targeting main only - finance-api deployment: imagePullPolicy Always so SHA-tagged images are always pulled on rollout Requires GitHub Actions secrets: GITEA_REGISTRY_PASSWORD, VPS_HOST, VPS_USER, VPS_SSH_KEY. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>