Infrastructure Guide
Deployment workflows, git conventions, testing tools, and credential requirements for sempers.com.
Environments
| Environment | URL | Purpose | Password Protected |
|---|---|---|---|
| PROD | sempers.com | Live production site | No |
| QA | qa.sempers.com | Pre-production testing | Yes |
| ENG | eng.sempers.com | Feature development/testing | Yes |
Network Stack: Cloudflare (free tier) sits in front of SiteGround hosting. See CLOUDFLARE_SETUP_INSTRUCTIONS.md for Cloudflare configuration details.
Git Workflow
Branch Naming & Auto-Deploy Triggers
| Pattern | Purpose | Auto-Deploys To | Workflow |
|---|---|---|---|
fix/* |
Bug fixes | – | Normal |
content/* |
Content updates | – | Normal |
feature/* |
New features | – | Either |
refactor/* |
Code refactoring | ENG | Big Changes |
master |
Integration branch | QA | Both |
Rules:
- Never commit directly to
master(see CLAUDE.md) - Create descriptive branch names like
feature/descriptionorfix/description - Commit after each logical change with descriptive messages
Workflow A: Normal Changes (Bug Fixes, Content Updates)
Branch ──> Local Tests ──> Merge to master ──> QA Tests ──> PROD Deploy
must pass must pass
- Create short-lived branch from master (e.g.,
fix/contact-form-validation) - Make changes, run local tests
- If tests pass, merge to master
- Push triggers automatic QA deployment
- Run regression tests on QA
- If tests pass, manually deploy to production
Workflow B: Big Changes (Refactors, Redesigns)
Branch ──> Local Tests ──> ENG Deploy ──> ENG Tests ──> Merge to master ──> QA Tests ──> PROD Deploy
must pass must pass must pass
- Create feature/refactor branch from master
- Make changes, run local tests
- Deploy to ENG (auto-deploys for
refactor/*branches) - Run regression tests on ENG
- If tests pass, merge to master
- Push triggers automatic QA deployment
- Run regression tests on QA
- If tests pass, manually deploy to production
CI/CD Pipelines (GitHub Actions)
Deploy to ENG – .github/workflows/deploy-eng.yml
Trigger: Auto on push to refactor/** branches, or manual.
Deploy to QA – .github/workflows/ci.yml
Trigger: Auto on push to master.
Deploy to Production – .github/workflows/deploy-production.yml
Trigger: Manual only (type “deploy” to confirm).
# Deploy to production from command line
gh workflow run deploy-production.yml -f confirm=deploy
# Monitor deployments
gh run list --limit 3
All three workflows: build with Eleventy, run local tests, rsync to server, run regression tests against the deployed environment.
SSH & Server Details
| Setting | Value |
|---|---|
| SiteGround Direct IP | 35.209.94.229 |
| SSH Port | 18765 |
| Deploy Paths | ~/www/{domain}/public_html/ |
GitHub Actions SSH secrets (QA_SSH_HOST, PROD_SSH_HOST) must use SiteGround’s direct IP, not the domain name (which resolves to Cloudflare).
Credential Requirements
GitHub Secrets
Required in: Repository > Settings > Secrets and variables > Actions
| Secret | Purpose |
|---|---|
SSH_HOST |
SiteGround direct IP |
SSH_USER |
SSH username (dedicated CI/CD account) |
SSH_KEY |
Private SSH key for CI/CD |
SSH_PORT |
18765 |
QA_USER |
HTTP basic auth username for CI |
QA_PASS |
HTTP basic auth password for QA/ENG |
Local Credential Files
| File | Purpose | Permissions |
|---|---|---|
.web-config |
HTTP auth for QA/ENG (QA_USER, QA_PASS) |
600 |
~/.netrc |
SFTP credentials | 600 |
.deploy-config |
SFTP settings (no password) | 644 |
.sftp-config |
SFTP connection info | 600 |
All credential files are gitignored. Passwords must never be visible in terminal output, logs, or command history.
Access Model
| User | Web Access (QA/ENG) | SSH/SFTP Access | Method |
|---|---|---|---|
| Zachary | Yes (own credentials) | Yes | Password vault + SSH keys |
| Claude Code | Yes (own credentials) | Yes | .netrc (mode 600) |
| GitHub Actions | No (uses SSH) | Yes (SSH key) | GitHub Secrets |
Each user has separate credentials – no shared accounts.
Testing Tools
See CLAUDE.md for the full list of test commands. Quick reference:
Playwright Tests
npm test # Run all tests
npm run test:qa # Test QA environment
npm run test:prod # Test production
npm run test:eng # Test ENG environment
npm run test:mobile # Mobile devices only
npm run test:headed # Run with visible browser
npm run test:debug # Debug mode
Visual Comparison (QA vs Production)
npm run visual-compare # Smart default -- only changed pages
npm run visual-compare:all # Full sweep -- all pages
Report: tests/visual-comparison-results/report.html
Running Tests with QA Auth
eval $(grep -E '^QA_' .web-config) && export QA_USER QA_PASS && npm run test:qa
Note: QA_PASS contains special characters. Use eval as shown above – do not use plain source or cut.
Local Development
npx @11ty/eleventy --serve --port 3333
# View at http://localhost:3333
Source files are in /src/ – Eleventy compiles them to /public_html/.
Quick Deploy Checklist
- [ ] Changes committed and pushed to master
- [ ] CI/CD pipeline passed (check GitHub Actions)
- [ ] QA site reviewed at qa.sempers.com
- [ ]
gh workflow run deploy-production.yml -f confirm=deploy - [ ] Production tests pass