Add production CI/CD deployment pipeline

Add GHCR image build/push and SSH-based server deployment workflow, production compose/env templates, and deployment script. Also fix frontend container healthcheck target and extend Docker CI with frontend health verification.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

README.md

@@ -161,7 +161,37 @@ npm run test:frontend
 |----------|---------|-------------|
 | `backend.yml` | Push/PR to backend | Lint → Test → Build (Node 18 & 20) |
 | `frontend.yml` | Push/PR to frontend | Lint → Test → Build (Node 18 & 20) |
-| `docker.yml` | Push/PR to main | Docker Compose build → Backend health check |
+| `docker.yml` | Push/PR to main | Docker Compose build → Backend + Frontend health checks |
+| `deploy.yml` | Push to `main` / manual dispatch | Build + push Docker images to GHCR, then deploy on your server via SSH |
+
+## 🚢 Production Deployment (Own Server)
+
+The repository now includes a full CI/CD path for server deployment:
+
+1. `deploy.yml` builds both images (`cloudlense-backend`, `cloudlense-frontend`) and pushes them to GHCR.
+2. The same workflow uploads `devops/docker-compose.prod.yml` + `devops/scripts/deploy-prod.sh` to your server.
+3. It then pulls the new image tag (`github.sha`) and restarts the stack with Docker Compose.
+
+Server setup once:
+
+```bash
+mkdir -p /opt/cloudlense
+cd /opt/cloudlense
+cp /path/to/repo/devops/.env.production.example .env
+# fill .env with real values
+```
+
+Required GitHub repository secrets for deployment:
+
+| Secret | Description |
+|--------|-------------|
+| `DEPLOY_HOST` | Server hostname or IP |
+| `DEPLOY_PORT` | SSH port (usually `22`) |
+| `DEPLOY_USER` | SSH user with Docker permissions |
+| `DEPLOY_SSH_KEY` | Private SSH key for `DEPLOY_USER` |
+| `DEPLOY_PATH` | Deployment directory on server (e.g. `/opt/cloudlense`) |
+| `GHCR_USERNAME` | GitHub username for GHCR pull |
+| `GHCR_READ_TOKEN` | GitHub token/PAT with `read:packages` |
 
 ## 🔑 Key API Routes