▶ CHATGPT Reference

🚀 CI/CD Deployment Plan (GitHub Actions + rsync over SSH)

This plan will allow you to push changes from your local repo → GitHub → automatically deploy to your VPS (Nginx + PHP).

1) Server Preparation

Create (or reuse) a dedicated deploy user for deployments.

You already have this user with SSH key access and ownership of /var/www/app, so we’ll just recap:

# as root (only once)
useradd -m -s /bin/bash deploy || true
mkdir -p /var/www/app
chown -R deploy:www-data /var/www/app
chmod -R 775 /var/www/app

# add deploy to www-data group
usermod -aG www-data deploy

# ensure SSH key access works
# (public key already in ~deploy/.ssh/authorized_keys)

About sudo

At this point your deploy user does not have sudo.

That’s fine because:

• You don’t use Composer (no need for global installation).
• You can pre-set ownership/permissions once manually (chown -R deploy:www-data /var/www/app).
• PHP-FPM’s OPcache usually refreshes automatically when files change, so reloading the service is optional.

👉 This means no sudo is required for your CI/CD flow.

We can always add limited sudo later if needed (e.g., for systemctl reload php-fpm).

2) GitHub Secrets

In your repository: