Add CI/CD pipeline with Gitea Actions and production deployment

- Production Dockerfiles: backend (gunicorn + uvicorn workers),
  frontend (multi-stage Node build + nginx with API proxy)
- docker-compose.prod.yml: integrates with VPS nginx-proxy via
  VIRTUAL_HOST for auto-TLS at fit.cescalante.dev
- GitHub Actions workflow (Gitea Actions-compatible): builds images
  and deploys on push to main via self-hosted runner
- Make CORS origins configurable via CORS_ORIGINS env var

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend/app/config.py

@@ -6,6 +6,12 @@ class Settings(BaseSettings):
     OPENAI_API_KEY: str | None = None
     SECRET_KEY: str = "changethis"
     ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 8  # 8 days
+    CORS_ORIGINS: str = "http://localhost:5173,http://localhost:5174,http://localhost:3000"
+    VAPID_PRIVATE_KEY: str = ""
+    VAPID_PUBLIC_KEY: str = ""
+    VAPID_MAILTO: str = "mailto:admin@example.com"
+    PUSH_REMINDER_HOUR: int = 9
+    PUSH_REMINDER_MINUTE: int = 0
 
     class Config:
         env_file = ".env"

backend/app/main.py

@@ -4,22 +4,27 @@ from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
 from app.api.v1.api import api_router
+from app.config import settings
 from app.core.ai_config import configure_dspy
 from app.db import init_db
+from app.models import push_subscription  # noqa: F401 — ensures table is created
+from app.scheduler import start_scheduler, stop_scheduler
 
 
 @asynccontextmanager
 async def lifespan(app: FastAPI):
     init_db()
     configure_dspy()
+    start_scheduler()
     yield
+    stop_scheduler()
 
 
 app = FastAPI(title="Healthy Fit API", lifespan=lifespan)
 
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["http://localhost:5173", "http://localhost:5174", "http://localhost:3000"],
+    allow_origins=[o.strip() for o in settings.CORS_ORIGINS.split(",")],
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],