Add Personal Access Token authentication for private repo deployment

- Use DEPLOY_TOKEN secret for git authentication
- Fix environment variable passing in SSH action
- Required for private repository access during deployment

.github/workflows/ci-cd.yml

@@ -187,11 +187,36 @@ jobs:
         host: ${{ secrets.PROD_HOST }}
         username: ${{ secrets.PROD_USERNAME }}
         key: ${{ secrets.PROD_SSH_KEY }}
+        envs: DEPLOY_TOKEN
         script: |
           cd /opt/stiftung
           
-          # Pull latest changes (using HTTPS)
+          # Pull latest changes using Personal Access Token
-          git pull https://github.com/remmerinio/stiftung-management-system.git main
+          git pull https://$DEPLOY_TOKEN@github.com/remmerinio/stiftung-management-system.git main
+          
+          # Copy production docker compose file
+          cp deploy-production/docker-compose.prod.yml docker-compose.yml
+          
+          # Stop containers
+          docker-compose down
+          
+          # Start containers with rebuild
+          docker-compose up -d --build
+          
+          # Wait for containers to be ready
+          echo "Waiting for containers to start..."
+          sleep 30
+          
+          # Run migrations
+          docker-compose exec -T web python manage.py migrate
+          
+          # Collect static files
+          docker-compose exec -T web python manage.py collectstatic --noinput
+          
+          # Show container status
+          docker-compose ps
+      env:
+        DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
           
           # Copy production docker compose file
           cp deploy-production/docker-compose.prod.yml docker-compose.yml