miracles_in_motion/DEPLOYMENT_SETUP_README.md

# 🚀 Deployment Setup - Complete Prerequisites Guide

This document provides an overview of all the deployment prerequisites and setup scripts that have been created for the Miracles In Motion application.

## 📚 Documentation

### Main Documentation Files

1. **[DEPLOYMENT_PREREQUISITES.md](./docs/DEPLOYMENT_PREREQUISITES.md)** - Comprehensive guide covering:
   - Azure infrastructure setup
   - MS Entra (Azure AD) configuration
   - Cloudflare setup
   - Stripe configuration
   - Environment variables
   - Pre-deployment checklist
   - Post-deployment verification
   - Troubleshooting guide

2. **[QUICK_START_DEPLOYMENT.md](./docs/QUICK_START_DEPLOYMENT.md)** - Step-by-step quick start guide for deployment

## 🛠️ Setup Scripts

### PowerShell Scripts (Windows)

1. **`scripts/setup-azure-entra.ps1`** - MS Entra (Azure AD) setup
   - Creates app registration
   - Configures redirect URIs
   - Sets up API permissions
   - Creates app roles (Admin, Volunteer, Resource)
   - Stores configuration in Key Vault

2. **`scripts/setup-cloudflare.ps1`** - Cloudflare configuration
   - Creates DNS records (CNAME)
   - Configures SSL/TLS settings
   - Sets up security settings
   - Configures speed optimizations
   - Adds custom domain to Azure Static Web App

3. **`scripts/deployment-checklist.ps1`** - Pre-deployment verification
   - Checks Azure CLI installation
   - Verifies Azure login
   - Checks resource group existence
   - Verifies all Azure resources
   - Checks Azure AD app registration
   - Verifies Cloudflare DNS
   - Checks Stripe configuration
   - Validates environment variables

### Bash Scripts (Linux/Mac)

1. **`scripts/setup-azure-entra.sh`** - MS Entra (Azure AD) setup (Bash version)
2. **`scripts/setup-cloudflare.sh`** - Cloudflare configuration (Bash version)

## 📋 Configuration Files

### Infrastructure

1. **`infrastructure/main-production.bicep`** - Enhanced with:
   - Azure AD configuration parameters
   - Key Vault secrets for Azure AD
   - Static Web App configuration
   - Function App configuration
   - Cosmos DB configuration
   - Application Insights configuration
   - SignalR configuration

2. **`infrastructure/main-production.parameters.json`** - Updated with:
   - Azure AD Client ID parameter
   - Azure AD Tenant ID parameter
   - Azure AD Client Secret parameter
   - Stripe public key parameter
   - Custom domain configuration

### Application Configuration

1. **`staticwebapp.config.json`** - Updated with:
   - Role-based route protection
   - Azure AD authentication configuration
   - Security headers
   - Custom domain forwarding

2. **`env.production.template`** - Environment variable template with:
   - Azure configuration
   - Stripe configuration
   - Cosmos DB configuration
   - Application Insights configuration
   - Key Vault configuration
   - SignalR configuration
   - Cloudflare configuration
   - Salesforce configuration (optional)
   - Email configuration (optional)

## 🚀 Quick Start

### 1. Azure Setup

```bash
# Login to Azure
az login

# Create resource group
az group create --name rg-miraclesinmotion-prod --location eastus2

# Deploy infrastructure
cd infrastructure
az deployment group create \
  --resource-group rg-miraclesinmotion-prod \
  --template-file main-production.bicep \
  --parameters main-production.parameters.json
```

### 2. MS Entra Setup

**PowerShell:**
```powershell
.\scripts\setup-azure-entra.ps1 -StaticWebAppName "YOUR_APP_NAME"
```

**Bash:**
```bash
./scripts/setup-azure-entra.sh
```

### 3. Cloudflare Setup

**PowerShell:**
```powershell
.\scripts\setup-cloudflare.ps1 -CloudflareApiToken "YOUR_TOKEN"
```

**Bash:**
```bash
./scripts/setup-cloudflare.sh
```

### 4. Verify Prerequisites

**PowerShell:**
```powershell
.\scripts\deployment-checklist.ps1
```

### 5. Deploy Application

```powershell
.\deploy-production-full.ps1
```

## 📝 Checklist

### Pre-Deployment

- [ ] Azure subscription created and active
- [ ] Resource group created
- [ ] Infrastructure deployed via Bicep
- [ ] Azure AD app registration created
- [ ] Users assigned to app roles
- [ ] Cloudflare account created
- [ ] DNS records configured
- [ ] SSL/TLS configured
- [ ] Stripe account created
- [ ] Stripe keys obtained
- [ ] Webhook configured
- [ ] Environment variables configured
- [ ] Key Vault secrets stored
- [ ] All prerequisites verified

### Post-Deployment

- [ ] Application deployed successfully
- [ ] Authentication working
- [ ] DNS resolving correctly
- [ ] SSL certificates valid
- [ ] Stripe integration working
- [ ] API endpoints functional
- [ ] Monitoring configured
- [ ] Logs being collected
- [ ] Alerts configured
- [ ] Backup strategy in place

## 🔒 Security Best Practices

1. **Never commit secrets to source control**
2. **Use Key Vault for all secrets**
3. **Enable MFA for all Azure accounts**
4. **Regularly rotate API keys and secrets**
5. **Monitor for suspicious activity**
6. **Keep dependencies updated**
7. **Use HTTPS everywhere**
8. **Implement rate limiting**
9. **Regular security audits**
10. **Follow principle of least privilege**

## 🆘 Troubleshooting

### Common Issues

1. **Authentication Not Working**
   - Verify app registration redirect URIs
   - Check Static Web App authentication configuration
   - Verify user roles are assigned
   - Check browser console for errors

2. **DNS Not Resolving**
   - Verify nameservers are updated
   - Wait for DNS propagation (24-48 hours)
   - Check Cloudflare DNS records
   - Verify CNAME records

3. **SSL Certificate Issues**
   - Verify Cloudflare SSL mode is "Full (strict)"
   - Check Azure Static Web App custom domain configuration
   - Wait for SSL certificate provisioning

4. **Stripe Webhook Not Working**
   - Verify webhook endpoint URL
   - Check webhook signing secret
   - Verify Function App is receiving events
   - Check Function App logs

## 📞 Support

For issues or questions:

- Check [DEPLOYMENT_PREREQUISITES.md](./docs/DEPLOYMENT_PREREQUISITES.md) for detailed documentation
- Review Azure Portal logs
- Check Application Insights for errors
- Contact the development team

## 🔄 Updates

This setup has been created with the following updates:

- ✅ Enhanced Bicep infrastructure with Azure AD support
- ✅ Updated staticwebapp.config.json with authentication
- ✅ Created comprehensive deployment documentation
- ✅ Created setup scripts for Azure AD and Cloudflare
- ✅ Created deployment checklist script
- ✅ Created environment variable templates
- ✅ Updated deployment parameters

## 📅 Last Updated

January 2025

## 👥 Maintained By

Miracles In Motion Development Team

---

**Note**: All scripts and configurations have been tested and are ready for production use. Make sure to review and update all placeholder values before deployment.