Refactor CI/CD into a staged deployment pipeline with versioning, database testing, and approval gates (#12)

* Refactored staging deploy into own file

* Added flag for disabling disk cleanup

* Created production deploy workflow

* Added making the GCP function public

* Setup eval-prod environment

* Removed protections on deploy, left on release

* Removed make public

* Added some notes to the README

* Added GCP deployment note to README

* Changed name normalisation to be only for GCP

* Added issue template

* Added write function name if aws

* Enabled normlise for AWS

* Added version tagging to GCP build

* Added AWS to need version and fixed bug with GCP Build

* Fixed version tagging issue

* Added lfs support

* Added lfs

* Disabled normalise for AWS

* Added requirement for staging to pass before prod can be deployed

* Added database testing

* Switched endpoint to be a secret

* Changed test needs

* Fixed column issue

* Removed test logic

* Added new secrets for DB testing

* Fixed typo

* Made read config.json more robust

* Renamed run-tests to run-database tests

* Simplified conditional expressions in deploy workflow

* Switched deployment workflow to use commit SHA instead of branch for release steps

* Added manual approval step for production deployment on test failures

* Added always to the gate

* Refined production deployment conditions

* Added the random seed as input for database testing

* Added `request_delay` and `max_concurrency` inputs to deploy workflow

* Refined manual approval message for production deployment on test failures

* Removed unicode character

* Added `sql_limit` input to deploy workflow

Author: m-messer

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,2 @@
+blank_issues_enabled: false
+contact_links: []

.github/ISSUE_TEMPLATE/release-request.yml

@@ -0,0 +1,53 @@
+name: "Release Request"
+description: "Request a deployment by specifying the evaluation function, changes, target commit/branch, and test confirmation."
+title: "Release Request"
+labels:
+  - release
+  - deployment
+assignees: []
+body:
+  - type: textarea
+    id: description_of_changes
+    attributes:
+      label: Description of changes
+      description: "Summarize what is changing and why. Include links to PRs, issues, or changelogs."
+      placeholder: |
+        - What changed:
+        - Why:
+        - Related PRs/Issues: #123, #456
+      render: markdown
+    validations:
+      required: true
+
+  - type: input
+    id: branch_to_deploy
+    attributes:
+      label: Branch to deploy
+      description: |
+        Specify Branch name to deploy.
+      placeholder: "e.g., release/2025-09-29"
+    validations:
+      required: true
+
+  - type: dropdown
+    id: version-bump
+    attributes:
+      label: "🚀 What kind of update is this?"
+      description: "Tell us how significant this change is. This helps us set the correct new version number."
+      options:
+        - "Patch: A small fix for a bug. It won't break anything for existing users. (e.g., 1.2.3 ➔ 1.2.4)"
+        - "Minor: Adds a new feature, but doesn't change how existing ones work. A safe update. (e.g., 1.2.3 ➔ 1.3.0)"
+        - "Major: A big change that alters existing features. Users may need to update their work to adapt. (e.g., 1.2.3 ➔ 2.0.0)"
+      default: 0
+    validations:
+      required: true
+
+  - type: markdown
+    attributes:
+      value: |
+        ---
+        ### ⚡ Click the Link Below to Run the Workflow
+        
+        Clicking the link will take you to the Actions page. You will need to click the **"Run workflow"** button there to start the process.
+        
+        ## [➡️ Go to Workflow Run Page](../actions/workflows/production-deploy.yml)

.github/workflows/build.yml

@@ -30,6 +30,11 @@ on:
         type: string
         description: "Specify build platforms. Takes precedence over `build-arm`."
         required: false
+      lfs:
+        type: boolean
+        description: "Support git LFS"
+        default: false
+        required: false
     secrets:
       build-secrets:
         description: "The Docker secrets to use for the build"
@@ -51,6 +56,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          lfs: ${{inputs.lfs}}
 
       - name: Set up QEMU
         if: inputs.build-arm && github.ref_name == github.event.repository.default_branch