ci: add production smoke test workflow (manual + daily cron)

- New workflow `production Smoke` with workflow_dispatch + daily schedule
  (05:00 UTC). Does NOT run on push/PR.
- Runs smoke-http, guest-onboarding, home-shell, and unauthenticated
  store tests against music-room.huiwings.cn.
- Includes optional SSH health check (if PROD_SSH_* secrets configured).
- Also makes smoke-http testOrgId configurable via PROD_ORG_ID env var
  for cross-environment use (moicen vs huiwings).
- Adds production-remote-check.sh script.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.github/workflows/playwright-production.yml

@@ -0,0 +1,91 @@
+# 正式服（huiwings）E2E 联通性验收
+# 仅手动触发 + 每日定时，不跟随 push/PR 自动执行。
+name: production Smoke
+
+on:
+  workflow_dispatch:
+    inputs:
+      base_url:
+        description: H5 基址
+        required: false
+        default: "https://music-room.huiwings.cn"
+        type: string
+      kc_base_url:
+        description: htykc 反代基址
+        required: false
+        default: "https://admin.huiwings.cn"
+        type: string
+      prod_org_id:
+        description: 正式服机构 ID
+        required: false
+        default: "b79d09b0-0b65-44fb-936c-dcebf01097ba"
+        type: string
+  schedule:
+    # 每天 05:00 UTC（北京时间 13:00）跑一次
+    - cron: "0 5 * * *"
+
+concurrency:
+  group: huike-e2e-production-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  smoke:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: 解析环境变量
+        run: |
+          BASE="${{ inputs.base_url }}"
+          KC="${{ inputs.kc_base_url }}"
+          ORG="${{ inputs.prod_org_id }}"
+          echo "HUIKE_FRONT_BASE_URL=${BASE:-https://music-room.huiwings.cn}" >> "$GITHUB_ENV"
+          echo "KC_BASE_URL=${KC:-https://admin.huiwings.cn}" >> "$GITHUB_ENV"
+          echo "PROD_ORG_ID=${ORG:-b79d09b0-0b65-44fb-936c-dcebf01097ba}" >> "$GITHUB_ENV"
+          echo "Using BASE=$BASE KC=$KC ORG=$ORG"
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+          cache-dependency-path: package-lock.json
+
+      - name: 依赖与 Chromium
+        run: |
+          npm ci
+          npx playwright install chromium --with-deps
+
+      - name: Playwright — 基础联通性与访客测试
+        run: |
+          npx playwright test \
+            tests/smoke-http.spec.ts \
+            tests/guest-onboarding.spec.ts \
+            tests/home-shell.spec.ts \
+            tests/course-package-store.spec.ts \
+            --grep-invert "已登录|权限与预览"
+
+      - name: 正式服 SSH 只读校验（若已配置密钥）
+        env:
+          PROD_SSH_HOST: alchemy-studio.cn
+          SSH_USER: ${{ secrets.PROD_SSH_USER }}
+          SSH_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }}
+          SSH_KNOWN_HOSTS: ${{ secrets.PROD_SSH_KNOWN_HOSTS }}
+        run: |
+          if [ -z "$SSH_USER" ] || [ -z "$SSH_KEY" ]; then
+            echo "PROD_SSH_USER / PROD_SSH_PRIVATE_KEY 未配置，跳过 SSH 校验"
+            exit 0
+          fi
+          set -euo pipefail
+          mkdir -p ~/.ssh
+          chmod 700 ~/.ssh
+          printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
+          printf '%s\n' "$SSH_KEY" > ~/.ssh/prod_ci
+          chmod 600 ~/.ssh/prod_ci
+          ssh -i ~/.ssh/prod_ci \
+            -o StrictHostKeyChecking=yes \
+            -o IdentitiesOnly=yes \
+            "${SSH_USER}@${PROD_SSH_HOST}" \
+            'bash -s' < scripts/production-remote-check.sh