ci: add non-docker production deployment workflow

.github/workflows/deploy-prod.yml

@@ -0,0 +1,82 @@
+name: deploy-prod-non-docker
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+concurrency:
+  group: wx-service-prod
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23.x'
+
+      - name: Download modules
+        run: go mod download
+
+      - name: Build linux binary
+        run: |
+          mkdir -p tmp
+          CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w" -o tmp/wx_service ./cmd/api
+
+      - name: Prepare SSH
+        env:
+          SSH_KEY: ${{ secrets.PROD_SSH_KEY }}
+          HOST: ${{ secrets.PROD_HOST }}
+          PORT: ${{ secrets.PROD_PORT }}
+        run: |
+          set -e
+          if [ -z "$SSH_KEY" ] || [ -z "$HOST" ]; then
+            echo "Missing required secrets: PROD_SSH_KEY / PROD_HOST"
+            exit 1
+          fi
+          mkdir -p ~/.ssh
+          chmod 700 ~/.ssh
+          printf '%s\n' "$SSH_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -p "${PORT:-22}" "$HOST" >> ~/.ssh/known_hosts
+
+      - name: Upload binary to server
+        env:
+          HOST: ${{ secrets.PROD_HOST }}
+          PORT: ${{ secrets.PROD_PORT }}
+          USER: ${{ secrets.PROD_USER }}
+        run: |
+          set -e
+          REMOTE_BIN="/tmp/wx_service-${GITHUB_SHA}"
+          scp -P "${PORT:-22}" tmp/wx_service "${USER:-root}@${HOST}:${REMOTE_BIN}"
+
+      - name: Deploy on server
+        env:
+          HOST: ${{ secrets.PROD_HOST }}
+          PORT: ${{ secrets.PROD_PORT }}
+          USER: ${{ secrets.PROD_USER }}
+        run: |
+          set -e
+          REMOTE_BIN="/tmp/wx_service-${GITHUB_SHA}"
+          ssh -p "${PORT:-22}" "${USER:-root}@${HOST}" \
+            "APP_DIR='/www/wwwroot/wx_service' \
+             DIST_DIR='/www/wwwroot/wx_service/dist' \
+             SOURCE_BIN='${REMOTE_BIN}' \
+             RELEASE_ID='${GITHUB_SHA}' \
+             SERVICE_NAME='wx_service' \
+             RUN_USER='www' \
+             RUN_GROUP='www' \
+             PORT='8080' \
+             SYNC_CODE='true' \
+             DEPLOY_REF='${GITHUB_SHA}' \
+             INSTALL_SERVICE='true' \
+             bash -s" < scripts/ops/deploy_binary.sh