Deploy to production - ensure all endpoints operational

2025-11-12 08:17:28 -08:00
parent b421d2964c
commit f1c61c8339
171 changed files with 50830 additions and 42363 deletions
--- a/docs/QUICK_START_DEPLOYMENT.md
+++ b/docs/QUICK_START_DEPLOYMENT.md
@@ -0,0 +1,283 @@
+# 🚀 Quick Start Deployment Guide
+
+This guide provides a step-by-step process to set up all prerequisites and deploy the Miracles In Motion application to production.
+
+## Prerequisites
+
+- Azure subscription with Contributor or Owner role
+- Azure CLI installed and configured
+- Cloudflare account (for DNS/CDN)
+- Stripe account (for payments)
+- Domain name registered (miraclesinmotion.org)
+
+## Step 1: Azure Setup
+
+### 1.1 Login to Azure
+
+```bash
+az login
+az account set --subscription "Your Subscription ID"
+```
+
+### 1.2 Create Resource Group
+
+```bash
+az group create \
+  --name rg-miraclesinmotion-prod \
+  --location eastus2
+```
+
+### 1.3 Deploy Infrastructure
+
+```bash
+cd infrastructure
+
+# Update main-production.parameters.json with your values
+# Then deploy:
+az deployment group create \
+  --resource-group rg-miraclesinmotion-prod \
+  --template-file main-production.bicep \
+  --parameters main-production.parameters.json \
+  --parameters stripePublicKey="pk_live_YOUR_KEY"
+```
+
+## Step 2: MS Entra (Azure AD) Setup
+
+### 2.1 Run Setup Script
+
+**PowerShell (Windows):**
+```powershell
+.\scripts\setup-azure-entra.ps1 `
+  -StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
+  -AzureResourceGroup "rg-miraclesinmotion-prod"
+```
+
+**Bash (Linux/Mac):**
+```bash
+chmod +x scripts/setup-azure-entra.sh
+./scripts/setup-azure-entra.sh
+```
+
+### 2.2 Configure Authentication in Azure Portal
+
+1. Navigate to **Static Web App** → **Authentication**
+2. Click **Add identity provider**
+3. Select **Microsoft**
+4. Enter your App Registration ID (from setup script)
+5. Save
+
+### 2.3 Assign Users to Roles
+
+1. Go to **Microsoft Entra ID** → **App registrations** → Your app
+2. Go to **App roles**
+3. Assign users to Admin, Volunteer, or Resource roles
+
+## Step 3: Cloudflare Setup
+
+### 3.1 Run Setup Script
+
+**PowerShell (Windows):**
+```powershell
+.\scripts\setup-cloudflare.ps1 `
+  -Domain "miraclesinmotion.org" `
+  -StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
+  -AzureResourceGroup "rg-miraclesinmotion-prod" `
+  -CloudflareApiToken "YOUR_CLOUDFLARE_API_TOKEN"
+```
+
+**Bash (Linux/Mac):**
+```bash
+chmod +x scripts/setup-cloudflare.sh
+export STATIC_WEB_APP_NAME="YOUR_STATIC_WEB_APP_NAME"
+export AZURE_RESOURCE_GROUP="rg-miraclesinmotion-prod"
+./scripts/setup-cloudflare.sh
+```
+
+### 3.2 Verify DNS Propagation
+
+Wait 24-48 hours for DNS propagation, then verify:
+
+```bash
+dig miraclesinmotion.org
+dig www.miraclesinmotion.org
+```
+
+## Step 4: Stripe Configuration
+
+### 4.1 Get Stripe Keys
+
+1. Go to [Stripe Dashboard](https://dashboard.stripe.com)
+2. Navigate to **Developers** → **API keys**
+3. Copy your **Publishable key** and **Secret key**
+
+### 4.2 Configure Webhooks
+
+1. Go to **Developers** → **Webhooks**
+2. Click **+ Add endpoint**
+3. Set URL: `https://miraclesinmotion.org/api/webhooks/stripe`
+4. Select events: `payment_intent.succeeded`, `payment_intent.payment_failed`
+5. Copy the **Webhook signing secret**
+
+### 4.3 Store Secrets in Key Vault
+
+```bash
+KEY_VAULT_NAME="YOUR_KEY_VAULT_NAME"
+
+az keyvault secret set \
+  --vault-name $KEY_VAULT_NAME \
+  --name "stripe-publishable-key" \
+  --value "pk_live_YOUR_KEY"
+
+az keyvault secret set \
+  --vault-name $KEY_VAULT_NAME \
+  --name "stripe-secret-key" \
+  --value "sk_live_YOUR_KEY"
+
+az keyvault secret set \
+  --vault-name $KEY_VAULT_NAME \
+  --name "stripe-webhook-secret" \
+  --value "whsec_YOUR_SECRET"
+```
+
+## Step 5: Environment Configuration
+
+### 5.1 Create Environment File
+
+```bash
+cp env.production.template .env.production
+```
+
+### 5.2 Update Environment Variables
+
+Edit `.env.production` with your actual values:
+
+- Azure Client ID (from Step 2)
+- Azure Tenant ID (from Step 2)
+- Stripe keys (from Step 4)
+- Cosmos DB endpoint
+- Application Insights connection string
+- Key Vault URL
+- SignalR connection string
+
+## Step 6: Verify Prerequisites
+
+### 6.1 Run Deployment Checklist
+
+**PowerShell:**
+```powershell
+.\scripts\deployment-checklist.ps1 `
+  -ResourceGroupName "rg-miraclesinmotion-prod" `
+  -StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
+  -FunctionAppName "YOUR_FUNCTION_APP_NAME"
+```
+
+This will verify:
+- ✅ Azure CLI and login
+- ✅ Resource group exists
+- ✅ Static Web App exists
+- ✅ Function App exists
+- ✅ Key Vault exists
+- ✅ Cosmos DB exists
+- ✅ Application Insights exists
+- ✅ Azure AD App Registration exists
+- ✅ Cloudflare DNS configured
+- ✅ Stripe keys configured
+- ✅ Environment variables configured
+
+## Step 7: Deploy Application
+
+### 7.1 Build Application
+
+```bash
+npm install --legacy-peer-deps
+npm run build
+```
+
+### 7.2 Deploy to Azure
+
+```powershell
+.\deploy-production-full.ps1 `
+  -ResourceGroupName "rg-miraclesinmotion-prod" `
+  -CustomDomain "miraclesinmotion.org" `
+  -StripePublicKey "pk_live_YOUR_KEY"
+```
+
+## Step 8: Post-Deployment Verification
+
+### 8.1 Verify Application
+
+1. Navigate to `https://miraclesinmotion.org`
+2. Test authentication flow
+3. Test donation flow
+4. Verify API endpoints
+5. Check Application Insights for errors
+
+### 8.2 Verify Security
+
+1. Check SSL certificate is valid
+2. Verify HTTPS redirects work
+3. Test role-based access control
+4. Verify secrets are stored in Key Vault
+
+### 8.3 Verify Performance
+
+1. Check page load times
+2. Verify CDN is working (Cloudflare)
+3. Check API response times
+4. Monitor Application Insights
+
+## Troubleshooting
+
+### Authentication Not Working
+
+- Verify app registration redirect URIs include your domain
+- Check Static Web App authentication configuration in Azure Portal
+- Verify user roles are assigned in Azure AD
+- Check browser console for errors
+
+### DNS Not Resolving
+
+- Verify nameservers are updated at domain registrar
+- Wait 24-48 hours for DNS propagation
+- Check Cloudflare DNS records
+- Verify CNAME records point to correct Azure endpoint
+
+### SSL Certificate Issues
+
+- Verify Cloudflare SSL mode is "Full (strict)"
+- Check Azure Static Web App custom domain configuration
+- Wait for SSL certificate provisioning (up to 24 hours)
+
+### Stripe Webhook Not Working
+
+- Verify webhook endpoint URL is correct
+- Check webhook signing secret
+- Verify Function App is receiving webhook events
+- Check Function App logs for errors
+
+## Next Steps
+
+After successful deployment:
+
+1. Set up monitoring and alerts
+2. Configure backup and disaster recovery
+3. Set up CI/CD pipeline
+4. Schedule regular security audits
+5. Set up performance monitoring
+6. Configure log retention policies
+7. Set up cost alerts
+
+## Support
+
+For issues or questions:
+
+- Check [DEPLOYMENT_PREREQUISITES.md](./DEPLOYMENT_PREREQUISITES.md) for detailed documentation
+- Review Azure Portal logs
+- Check Application Insights for errors
+- Contact the development team
+
+---
+
+**Last Updated**: January 2025
+**Maintained by**: Miracles In Motion Development Team
+