The previous version short-circuited with 'nothing to do' when local
HEAD already matched the target — which is wrong on the first deploy
(no container yet) and inconvenient when re-running after a manual
fix. Now:
* Auto-proceeds when no container is running for the web service.
* Accepts --force to rebuild + restart at the same revision.
* Skips the empty changelog section when CURRENT == TARGET.
- deploy.sh dev|prod with --dry-run, auto-rollback if /health fails
within 60s; checkpoint saved to .last_deploy_rollback before reset
- deploy/rollback.sh last|<sha> with the same Docker compose dance
- deploy/health-check.sh — curl wrapper for monitoring/oncall
- deploy/apache-{dev,prod}.conf — Location blocks proxying /hm-aiqc/
to gunicorn on 127.0.0.1:5050 with X-Script-Name set so wsgi.py's
ReverseProxied middleware emits prefixed URLs
- deploy/.env.{dev,prod}.example — starter envs with Azure SSO config
