chore(CI): Add Github actions workflow for production deployment with manual approval

[YeagerAI-Bulat]

Fixes #731

What

• Added a GitHub Actions workflow for deploying to production using Ansible on GCP VM: https://github.com/yeagerai/genlayer-simulator-infra/blob/main/.github/workflows/deploy-prod.yml
• Implemented a manual approval step with approver validation.
• Configured the workflow to utilize secrets for sensitive operations (e.g., SSH keys, SSL certificates, and API tokens).
• Ensured concurrency control to prevent overlapping deployments.
• Cleaned up sensitive data post-deployment for security.

Why

• To enable controlled and secure production deployments with a manual review step to mitigate risks.
• To improve the deployment process by automating setup and cleanup tasks.
• To ensure proper usage of secrets for security-sensitive operations.

Testing done

• Validated workflow syntax using the GitHub Actions linter.
• Confirmed the presence of all required secrets in the repository.
• Manually tested Ansible playbook execution in a development and staging environment.

Decisions made

• Decided to include a manual approval step to enforce deployment reviews.
• Used a confirmation input (I confirm) in the workflow to prevent accidental deployments.
• Chose to clean up sensitive files (e.g., credentials and certificates) post-deployment for enhanced security.

Checks

• I have tested this code
• I have reviewed my own PR
• I have created an issue for this PR
• I have set a descriptive PR title compliant with conventional commits

Reviewing tips

• Review the secrets usage carefully to ensure no sensitive information is exposed.
• Verify the manual approval mechanism for usability and security.
• Check that the Ansible playbook handles production deployment correctly.

User facing release notes

• Added a new production deployment workflow with a manual approval process.
• Ensures secure handling of deployment credentials, SSH keys, and SSL certificates.
• Prevents overlapping deployments with concurrency control.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[AgustinRamiroDiaz]

@YeagerAI-Bulat Have you tested the curl request? I'm searching docs for this and I've found:

• https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflow_dispatch
• https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event

And none of them have the same syntax as the command you've pasted

Nit: could we use the gh cli as in https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#providing-inputs? I think it's easier to understand than curl commands

gh workflow run run-tests.yml -f logLevel=warning -f tags=false -f environment=staging

[AgustinRamiroDiaz]

shouldn't this point to the infra repo? like

Suggested change

	https://api.github.com/repos/yeagerai/genlayer-studio/dispatches \
	https://api.github.com/repos/yeagerai/genlayer-simulator-infra/dispatches \

[AgustinRamiroDiaz]

@YeagerAI-Bulat do we have a staging environment to also add the trigger for it?