the_order/scripts/deploy/README.md

# Deployment Automation Scripts

Automated deployment scripts for The Order following the deployment guide.

## Overview

This directory contains automated scripts for deploying The Order to Azure/Kubernetes. The scripts follow the 15-phase deployment guide and can be run individually or as a complete deployment.

## Quick Start

```bash
# Deploy all phases for dev environment
./scripts/deploy/deploy.sh --all --environment dev

# Deploy specific phases
./scripts/deploy/deploy.sh --phase 1 --phase 2 --phase 6

# Continue from last saved state
./scripts/deploy/deploy.sh --continue

# Deploy with auto-apply (no Terraform review)
./scripts/deploy/deploy.sh --all --auto-apply
```

## Configuration

Configuration is managed in `config.sh`. Key variables:

- `ENVIRONMENT`: Deployment environment (dev, stage, prod)
- `AZURE_REGION`: Azure region (default: westeurope)
- `ACR_NAME`: Azure Container Registry name
- `AKS_NAME`: AKS cluster name
- `KEY_VAULT_NAME`: Azure Key Vault name

Set via environment variables or edit `config.sh`:

```bash
export ENVIRONMENT=prod
export AZURE_REGION=westeurope
export ACR_NAME=theorderacr
./scripts/deploy/deploy.sh --all
```

## Phase Scripts

### Phase 1: Prerequisites
- Checks all required tools
- Verifies Azure login
- Installs dependencies
- Builds packages

```bash
./scripts/deploy/phase1-prerequisites.sh
```

### Phase 2: Azure Infrastructure
- Runs Azure setup scripts
- Registers resource providers
- Deploys Terraform infrastructure
- Configures Kubernetes access

```bash
./scripts/deploy/phase2-azure-infrastructure.sh
```

### Phase 3: Entra ID Configuration
- **Manual steps required** (Azure Portal)
- Helper script to store secrets: `store-entra-secrets.sh`

### Phase 6: Build & Package
- Builds all packages and applications
- Creates Docker images
- Pushes to Azure Container Registry
- Signs images with Cosign (if available)

```bash
./scripts/deploy/phase6-build-package.sh
```

### Phase 7: Database Migrations
- Runs database schema migrations
- Verifies database connection

```bash
./scripts/deploy/phase7-database-migrations.sh
```

### Phase 10: Backend Services
- Deploys backend services to Kubernetes
- Verifies deployments
- Tests health endpoints

```bash
./scripts/deploy/phase10-backend-services.sh
```

## Usage Examples

### Full Deployment

```bash
# Development environment
./scripts/deploy/deploy.sh --all --environment dev

# Staging environment
./scripts/deploy/deploy.sh --all --environment stage

# Production (with confirmation)
./scripts/deploy/deploy.sh --all --environment prod
```

### Incremental Deployment

```bash
# Run prerequisites and infrastructure
./scripts/deploy/deploy.sh --phase 1 --phase 2

# Build and package
./scripts/deploy/deploy.sh --phase 6

# Deploy services
./scripts/deploy/deploy.sh --phase 10 --phase 11
```

### Skip Phases

```bash
# Skip build (if already built)
./scripts/deploy/deploy.sh --all --skip-build

# Skip specific phase
./scripts/deploy/deploy.sh --all --skip 3 --skip 8
```

### Continue from Failure

```bash
# If deployment fails, continue from last state
./scripts/deploy/deploy.sh --continue
```

## State Management

Deployment state is saved in `.deployment/${ENVIRONMENT}.state`. This allows:

- Resuming from last completed phase
- Tracking deployment progress
- Debugging failed deployments

## Logging

All deployment logs are saved to `logs/deployment-YYYYMMDD-HHMMSS.log`.

View logs:
```bash
tail -f logs/deployment-*.log
```

## Manual Steps

Some phases require manual steps:

- **Phase 3**: Entra ID configuration (Azure Portal)
- **Phase 8**: Secrets configuration (use helper scripts)
- **Phase 12**: DNS configuration
- **Phase 13**: Monitoring dashboard setup

See `docs/deployment/DEPLOYMENT_GUIDE.md` for detailed instructions.

## Helper Scripts

### Store Entra ID Secrets

After completing Entra ID setup in Azure Portal:

```bash
./scripts/deploy/store-entra-secrets.sh
```

This will prompt for:
- Tenant ID
- Client ID
- Client Secret
- Credential Manifest ID

And store them in Azure Key Vault.

## Troubleshooting

### Check Deployment State

```bash
cat .deployment/dev.state
```

### View Logs

```bash
tail -f logs/deployment-*.log
```

### Verify Kubernetes Access

```bash
kubectl cluster-info
kubectl get nodes
```

### Verify Azure Access

```bash
az account show
az aks list
```

### Re-run Failed Phase

```bash
./scripts/deploy/deploy.sh --phase <phase-number>
```

## Environment-Specific Configuration

Create environment-specific config files:

```bash
# .deployment/dev.env
export ENVIRONMENT=dev
export AKS_NAME=the-order-dev-aks
export KEY_VAULT_NAME=the-order-dev-kv
```

Source before deployment:

```bash
source .deployment/dev.env
./scripts/deploy/deploy.sh --all
```

## Integration with CI/CD

The scripts can be integrated into CI/CD pipelines:

```yaml
# .github/workflows/deploy.yml
- name: Deploy to Dev
  run: |
    ./scripts/deploy/deploy.sh --all --environment dev --auto-apply
  env:
    AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
```

## Security Notes

- Never commit secrets to repository
- Use Azure Key Vault for all secrets
- Enable RBAC for all resources
- Review Terraform plans before applying
- Use managed identities where possible

## Next Steps

After deployment:

1. Verify all services are running: `kubectl get pods -n the-order-${ENV}`
2. Test health endpoints
3. Configure monitoring dashboards
4. Set up alerts
5. Review security settings

See `docs/deployment/DEPLOYMENT_GUIDE.md` for complete deployment instructions.