fix: self-hosted deploy workflow + gematria NATS broadcast

[blackboxprogramming]

Fixes:

1. Replace broken blackroad-deploy reusable workflow with self-contained wrangler deploy
2. NATS server now running on gematria (159.65.43.12:4222) - public internet-accessible
3. Broadcast workflow updated to try gematria NATS before LAN octavia

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 88c824fcb0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Fail deploy job when wrangler is unavailable

The else path treats a missing wrangler binary as a successful run ("skipping worker deploy"), which means pushes to main can complete without deploying anything and without raising an error. Since this workflow now owns production deploys, any runner drift (or a new runner missing wrangler) will silently halt releases instead of signaling a broken deploy pipeline.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Propagate wrangler deploy failures

The deploy command is wrapped with || true, so Cloudflare auth errors, invalid configs, or API failures are ignored and the workflow still reports success. This removes failure visibility for production deployments and makes the pipeline green even when every worker deploy attempt actually failed.

Useful? React with 👍 / 👎.

[Copilot]

Pull request overview

Updates the repository’s deployment automation by replacing a reusable Cloudflare deploy workflow with an in-repo, self-hosted runner workflow that attempts to deploy Workers via wrangler.

Changes:

• Replace blackroad-deploy reusable workflow with a self-hosted job that runs wrangler deploy.
• Add workflow_dispatch to allow manual deploy runs.
• Add basic status logging for deploy completion.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

while read f; do will treat backslashes and whitespace in paths unexpectedly. Use while IFS= read -r f; do to safely handle any path values returned from find.

Suggested change

	find . -name "wrangler.toml" -not -path "*/node_modules/*" | head -5 | while read f; do
	find . -name "wrangler.toml" -not -path "*/node_modules/*" | head -5 | while IFS= read -r f; do

[Copilot]

If wrangler isn't installed on the self-hosted runner, this step logs a message and skips deployment but the workflow still reports "Deploy complete". For reliability, consider installing Wrangler in the workflow (or failing fast with a clear error) so deploys don't silently become no-ops when the runner image changes.

Suggested change

	if command -v wrangler >/dev/null 2>&1; then
	echo "✅ Wrangler available"
	# Deploy any wrangler.toml found
	find . -name "wrangler.toml" -not -path "*/node_modules/*" | head -5 | while read f; do
	dir=$(dirname "$f")
	echo "Deploying $dir..."
	(cd "$dir" && wrangler deploy --env production 2>&1 | tail -3) || true
	done
	else
	echo "ℹ️ Wrangler not on this runner, skipping worker deploy"
	fi
	if ! command -v wrangler >/dev/null 2>&1; then
	echo "ℹ️ Wrangler not found, installing via npm..."
	npm install -g wrangler@latest
	fi
	echo "✅ Wrangler available"
	# Deploy any wrangler.toml found
	find . -name "wrangler.toml" -not -path "*/node_modules/*" | head -5 | while read f; do
	dir=$(dirname "$f")
	echo "Deploying $dir..."
	(cd "$dir" && wrangler deploy --env production 2>&1 | tail -3) || true
	done

[Copilot]

PR description mentions "gematria NATS broadcast" and updating a broadcast workflow, but this PR diff only changes the Cloudflare deploy workflow. Either the description needs to be updated to match the actual changes, or the missing NATS/broadcast changes need to be included.

[Copilot]

continue-on-error: true means this workflow can report success even when deployments fail. For a deploy pipeline this is usually unsafe; consider removing it (or scoping it to non-production / manual runs) so failures are visible and can block merges/releases.

Suggested change

continue-on-error: true

[Copilot]

The deploy command is wrapped with a pipeline and || true, which will mask failures (and without set -o pipefail, the pipeline exit status is from tail). This can result in silently skipping broken deploys; consider enabling set -euo pipefail and letting wrangler deploy fail the step (and avoid truncating logs so failures are diagnosable).

Suggested change

	export PATH=$HOME/npm-global/bin:$HOME/.local/bin:$PATH
	if command -v wrangler >/dev/null 2>&1; then
	echo "✅ Wrangler available"
	# Deploy any wrangler.toml found
	find . -name "wrangler.toml" -not -path "*/node_modules/*" | head -5 | while read f; do
	dir=$(dirname "$f")
	echo "Deploying $dir..."
	(cd "$dir" && wrangler deploy --env production 2>&1 | tail -3) || true
	set -euo pipefail
	export PATH=$HOME/npm-global/bin:$HOME/.local/bin:$PATH
	if command -v wrangler >/dev/null 2>&1; then
	echo "✅ Wrangler available"
	# Deploy any wrangler.toml found
	find . -name "wrangler.toml" -not -path "*/node_modules/*" | head -5 | while read -r f; do
	dir=$(dirname "$f")
	echo "Deploying $dir..."
	(cd "$dir" && wrangler deploy --env production)

[Copilot]

head -5 will deploy at most 5 wrangler.toml projects; any additional Workers will be silently skipped. If the repo can contain more than 5 Wrangler projects, remove the limit or make it explicit/configurable so deployments are complete.

Suggested change

	find . -name "wrangler.toml" -not -path "*/node_modules/*" | head -5 | while read f; do
	find . -name "wrangler.toml" -not -path "*/node_modules/*" | while read f; do