Remove sync-name-prefix from Arcane deployment workflow (#24)

Co-authored-by: Claude <noreply@anthropic.com>

Author: nsheaps

.github/workflows/arcane-deploy.yaml

@@ -145,6 +145,14 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Load deploy key from 1Password
+        uses: 1password/load-secrets-action@v2
+        with:
+          export-env: true
+        env:
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+          IAC_ARCANE_DEPLOY_KEY: 'op://heapsinfra/iac-arcane-deploy-key/private key'
+
       - name: Deploy to Arcane
         # TODO: Pin to commit SHA once nsheaps/github-actions has releases.
         #       See: https://github.com/nsheaps/iac/issues/3
@@ -154,9 +162,8 @@ jobs:
           arcane-api-key: ${{ secrets.ARCANE_API_KEY }}
           environment-id: ${{ matrix['environment-id'] }}
           compose-files: ${{ matrix['compose-file'] }}
-          sync-name-prefix: ${{ matrix.host }}
-          auth-type: http
-          git-token: ${{ secrets.GIT_TOKEN }}
+          auth-type: ssh
+          ssh-private-key: ${{ env.IAC_ARCANE_DEPLOY_KEY }}
           branch: main
 
   tag:

README.md

@@ -18,7 +18,7 @@ Stacks are deployed automatically via the [arcane-deploy](https://github.com/nsh
 - **Sync naming**: Files like `hosts/heapsnas/nextcloud/docker-compose.yaml` become sync `heapsnas-nextcloud` in Arcane.
 - **Auto-sync**: Arcane polls for changes every 5 minutes in addition to push-triggered syncs.
 
-Secrets (Arcane API key, git token) are stored as GitHub repository secrets, synced via the [nsheaps/.github](https://github.com/nsheaps/.github) 1Password sync workflow.
+Secrets (Arcane API key, deploy key) are stored as GitHub repository secrets, synced via the [nsheaps/.github](https://github.com/nsheaps/.github) 1Password sync workflow.
 
 #### Adding a new stack