Setup new workflow for dev and prod

[achyu-dev]

📌 Description

Please provide a concise summary of the changes:

This PR adds a new workflow approach for handling dev and prod deployments

1. Push to dev -> deploy to dev
2. Push to main -> deploy to prod + dev
3. Feature branch: PR to dev, auto triggers (1)
4. Prod sync: triggers (2), syncs branches

🧱 Type of Change

• 🐛 Bug fix – Non-breaking fix for a functional/logic error
• ✨ New feature – Adds functionality without breaking existing APIs
• ⚠️ Breaking change – Introduces backward-incompatible changes (API, schema, etc.)
• 📝 Documentation update – README, docstrings, OpenAPI tags, etc.
• 🧪 Test suite change – Adds/updates unit, functional, or integration tests
• ⚙️ CI/CD pipeline update – Modifies GitHub Actions, pre-commit, or Docker build
• 🧹 Code quality / Refactor – Improves structure, readability, or style (no functional changes)
• 🐢 Performance improvement – Speeds up auth, scraping, or reduces I/O
• 🕵️ Debug/logging enhancement – Adds or improves logging/debug support
• 🔧 Developer tooling – Scripts, benchmarks, local testing improvements
• 🔒 Security fix – Addresses auth/session/data validation vulnerabilities
• 🧰 Dependency update – Updates libraries in requirements.txt, pyproject.toml

🧪 How Has This Been Tested?

Please indicate how you tested your changes. Completing all the relevant items on this list is mandatory

• Unit Tests (tests/unit/)
• Functional Tests (tests/functional/)
• Integration Tests (tests/integration/)
• Manual Testing

⚙️ Test Configuration:

• OS: Pop OS 22.04 LTS
• Docker build tested

✅ Checklist

Please indicate the work items you have carried out. Completing all the relevant items on this list is mandatory. Anything left unchecked will be assumed to be non-relevant

• My code follows the CONTRIBUTING.md guidelines
• I've performed a self-review of my changes
• I've added/updated necessary comments and docstrings
• I've updated relevant docs (README or endpoint docs)
• No new warnings introduced
• I've added tests to cover my changes
• All tests pass locally (scripts/run_tests.py)
• I've run linting and formatting (pre-commit run --all-files)
• Docker image builds and runs correctly
• Changes are backwards compatible (if applicable)
• Feature flags or .env vars updated (if applicable)
• I've tested across multiple environments (if applicable)
• Benchmarks still meet expected performance (scripts/benchmark_auth.py)

🛠️ Affected API Behaviour

Please indicate the areas affected by changes introduced in your PR

• app/app.py – Modified /authenticate route logic
• app/pesu.py – Updated scraping or authentication handling

🧩 Models

• app/models/request.py – Input validation or request schema changes
• app/models/response.py – Authentication response formatting
• app/models/profile.py – Profile extraction logic

🐳 DevOps & Config

• Dockerfile – Changes to base image or build process
• .github/workflows/*.yaml – CI/CD pipeline or deployment updates
• pyproject.toml / requirements.txt – Dependency version changes
• .pre-commit-config.yaml – Linting or formatting hook changes

📊 Benchmarks & Analysis

• scripts/benchmark_auth.py – Performance or latency measurement changes
• scripts/analyze_benchmark.py – Benchmark result analysis changes
• scripts/run_tests.py – Custom test runner logic or behavior updates

📸 Screenshots / API Demos (if applicable)

Add any visual evidence that supports your changes. MANDATORY for breaking changes.

Examples:

• Terminal output from a successful curl request (redact sensitive data)
• Screenshots of Postman/Bruno results
• GIF of the endpoint working in a browser
• JSON payloads (redact sensitive data)

🧠 Additional Notes (if applicable)

Use this space to add any final context or implementation caveats.

Examples:

• Edge cases or limitations to be aware of
• Follow-up work or tech debt to track
• Known compatibility issues (e.g., with certain Python versions)
• Any new issues this PR introduces or makes visible

[Copilot]

Pull Request Overview

This PR introduces a new workflow structure for managing development and production deployments with branch-based deployment automation. The changes streamline the CI/CD pipeline by implementing automatic staging deployments on dev branch pushes and manual production deployments with proper access controls.

• Implements automatic dev branch deployment to staging environment
• Adds manual production deployment workflow with user access controls and dev-to-main branch synchronization
• Updates existing workflows to exclude main/dev branches from certain checks and modernizes action versions

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
.github/workflows/source.yaml	Removes dev→main PR allowance, enforcing fork-only contributions to dev branch
.github/workflows/pre-commit.yaml	Excludes main/dev from triggers, updates actions, and modernizes dependency installation
.github/workflows/lint.yaml	Excludes main/dev from triggers and updates action versions
.github/workflows/docker.yaml	Excludes main/dev from triggers and updates checkout action
.github/workflows/deploy-staging.yaml	New workflow for automatic staging deployment on dev branch pushes
.github/workflows/deploy-prod.yaml	Complete rewrite for manual production deployment with branch sync and access controls

Comments suppressed due to low confidence (1)

.github/workflows/pre-commit.yaml:1

• The environment variable TEST_BRANCH_SHORT_CODE is being removed but there's no indication in the PR that this secret is no longer needed. If this variable is still used by tests or other parts of the codebase, removing it could cause failures.

name: Pre-Commit Checks

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}