92cc41d26d
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll) - Create legal-office-manifest-template.json for Legal Office credentials - Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation - Complete Azure CDN infrastructure deployment: - Resource group, storage account, and container created - 17 PNG seal files uploaded to Azure Blob Storage - All manifest templates updated with Azure URLs - Configuration files generated (azure-cdn-config.env) - Add comprehensive Azure CDN setup scripts and documentation - Fix manifest URL generation to prevent double slashes - Verify all seals accessible via HTTPS
Deployment Automation Scripts
Automated deployment scripts for The Order following the deployment guide.
Overview
This directory contains automated scripts for deploying The Order to Azure/Kubernetes. The scripts follow the 15-phase deployment guide and can be run individually or as a complete deployment.
Quick Start
# Deploy all phases for dev environment
./scripts/deploy/deploy.sh --all --environment dev
# Deploy specific phases
./scripts/deploy/deploy.sh --phase 1 --phase 2 --phase 6
# Continue from last saved state
./scripts/deploy/deploy.sh --continue
# Deploy with auto-apply (no Terraform review)
./scripts/deploy/deploy.sh --all --auto-apply
Configuration
Configuration is managed in config.sh. Key variables:
ENVIRONMENT: Deployment environment (dev, stage, prod)AZURE_REGION: Azure region (default: westeurope)ACR_NAME: Azure Container Registry nameAKS_NAME: AKS cluster nameKEY_VAULT_NAME: Azure Key Vault name
Set via environment variables or edit config.sh:
export ENVIRONMENT=prod
export AZURE_REGION=westeurope
export ACR_NAME=theorderacr
./scripts/deploy/deploy.sh --all
Phase Scripts
Phase 1: Prerequisites
- Checks all required tools
- Verifies Azure login
- Installs dependencies
- Builds packages
./scripts/deploy/phase1-prerequisites.sh
Phase 2: Azure Infrastructure
- Runs Azure setup scripts
- Registers resource providers
- Deploys Terraform infrastructure
- Configures Kubernetes access
./scripts/deploy/phase2-azure-infrastructure.sh
Phase 3: Entra ID Configuration
- Manual steps required (Azure Portal)
- Helper script to store secrets:
store-entra-secrets.sh
Phase 6: Build & Package
- Builds all packages and applications
- Creates Docker images
- Pushes to Azure Container Registry
- Signs images with Cosign (if available)
./scripts/deploy/phase6-build-package.sh
Phase 7: Database Migrations
- Runs database schema migrations
- Verifies database connection
./scripts/deploy/phase7-database-migrations.sh
Phase 10: Backend Services
- Deploys backend services to Kubernetes
- Verifies deployments
- Tests health endpoints
./scripts/deploy/phase10-backend-services.sh
Usage Examples
Full Deployment
# Development environment
./scripts/deploy/deploy.sh --all --environment dev
# Staging environment
./scripts/deploy/deploy.sh --all --environment stage
# Production (with confirmation)
./scripts/deploy/deploy.sh --all --environment prod
Incremental Deployment
# Run prerequisites and infrastructure
./scripts/deploy/deploy.sh --phase 1 --phase 2
# Build and package
./scripts/deploy/deploy.sh --phase 6
# Deploy services
./scripts/deploy/deploy.sh --phase 10 --phase 11
Skip Phases
# Skip build (if already built)
./scripts/deploy/deploy.sh --all --skip-build
# Skip specific phase
./scripts/deploy/deploy.sh --all --skip 3 --skip 8
Continue from Failure
# If deployment fails, continue from last state
./scripts/deploy/deploy.sh --continue
State Management
Deployment state is saved in .deployment/${ENVIRONMENT}.state. This allows:
- Resuming from last completed phase
- Tracking deployment progress
- Debugging failed deployments
Logging
All deployment logs are saved to logs/deployment-YYYYMMDD-HHMMSS.log.
View logs:
tail -f logs/deployment-*.log
Manual Steps
Some phases require manual steps:
- Phase 3: Entra ID configuration (Azure Portal)
- Phase 8: Secrets configuration (use helper scripts)
- Phase 12: DNS configuration
- Phase 13: Monitoring dashboard setup
See docs/deployment/DEPLOYMENT_GUIDE.md for detailed instructions.
Helper Scripts
Store Entra ID Secrets
After completing Entra ID setup in Azure Portal:
./scripts/deploy/store-entra-secrets.sh
This will prompt for:
- Tenant ID
- Client ID
- Client Secret
- Credential Manifest ID
And store them in Azure Key Vault.
Troubleshooting
Check Deployment State
cat .deployment/dev.state
View Logs
tail -f logs/deployment-*.log
Verify Kubernetes Access
kubectl cluster-info
kubectl get nodes
Verify Azure Access
az account show
az aks list
Re-run Failed Phase
./scripts/deploy/deploy.sh --phase <phase-number>
Environment-Specific Configuration
Create environment-specific config files:
# .deployment/dev.env
export ENVIRONMENT=dev
export AKS_NAME=the-order-dev-aks
export KEY_VAULT_NAME=the-order-dev-kv
Source before deployment:
source .deployment/dev.env
./scripts/deploy/deploy.sh --all
Integration with CI/CD
The scripts can be integrated into CI/CD pipelines:
# .github/workflows/deploy.yml
- name: Deploy to Dev
run: |
./scripts/deploy/deploy.sh --all --environment dev --auto-apply
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
Security Notes
- Never commit secrets to repository
- Use Azure Key Vault for all secrets
- Enable RBAC for all resources
- Review Terraform plans before applying
- Use managed identities where possible
Next Steps
After deployment:
- Verify all services are running:
kubectl get pods -n the-order-${ENV} - Test health endpoints
- Configure monitoring dashboards
- Set up alerts
- Review security settings
See docs/deployment/DEPLOYMENT_GUIDE.md for complete deployment instructions.