d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Legal Office seal and complete Azure CDN deployment

Browse Source 
- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS
This commit is contained in:
defiQUG
2025-11-12 22:03:42 -08:00
parent 8649ad4124
commit 92cc41d26d
258 changed files with 16021 additions and 1260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

318
docs/deployment/AUTOMATION_SUMMARY.md
View File

@@ -1,231 +1,143 @@
# Deployment Automation Summary
# Automation Summary - Order of St John Seals
**Last Updated**: 2025-01-27
**Status**: Complete automation framework created
## ✅ All Next Steps Automated
---
All manual tasks from the "next steps" have been automated with comprehensive scripts.
## Overview
### Automated Tasks
A comprehensive automation framework has been created to automate the deployment process following the 15-phase deployment guide. The automation includes:
#### 1. ✅ SVG to PNG Conversion
**Script**: `scripts/deploy/prepare-all-credential-seals.sh`
- **18 executable scripts** covering all deployment phases
- **Centralized configuration** in `config.sh`
- **State management** for resumable deployments
- **Comprehensive logging** for troubleshooting
- **Error handling** and validation at each step
- Automatically converts all SVG seals to PNG
- Generates multiple sizes (200x200, 400x400, 800x800)
- Creates file manifest
- Generates validation report
- Creates CDN upload script template
---
**Status**: ✅ Fully Automated
## Scripts Created
#### 2. ✅ File Validation
**Script**: `scripts/validation/validate-seal-files.sh`
### Main Orchestrator
- **`deploy.sh`** - Main deployment script with phase orchestration
- Validates SVG file structure
- Checks for Maltese Cross presence
- Verifies OSJ references
- Validates PNG file integrity
- Checks file sizes
- Verifies manifest template references
### Configuration
- **`config.sh`** - Centralized configuration and utility functions
**Status**: ✅ Fully Automated
### Phase Scripts (15 phases)
1. **`phase1-prerequisites.sh`** - Development environment setup
2. **`phase2-azure-infrastructure.sh`** - Terraform infrastructure deployment
3. **`phase3-entra-id.sh`** - Entra ID configuration (manual steps)
4. **`phase4-database-storage.sh`** - Database and storage setup
5. **`phase5-container-registry.sh`** - Container registry configuration
6. **`phase6-build-package.sh`** - Build and package applications
7. **`phase7-database-migrations.sh`** - Database migrations
8. **`phase8-secrets.sh`** - Secrets configuration
9. **`phase9-infrastructure-services.sh`** - Infrastructure services deployment
10. **`phase10-backend-services.sh`** - Backend services deployment
11. **`phase11-frontend-apps.sh`** - Frontend applications deployment
12. **`phase12-networking.sh`** - Networking and gateways
13. **`phase13-monitoring.sh`** - Monitoring and observability
14. **`phase14-testing.sh`** - Testing and validation
15. **`phase15-production.sh`** - Production hardening
#### 3. ✅ Manifest URL Updates
**Script**: `scripts/deploy/update-manifest-seal-urls.sh`
### Helper Scripts
- **`store-entra-secrets.sh`** - Store Entra ID secrets in Key Vault
- Updates all manifest templates with CDN URLs
- Supports custom CDN base URLs
- Maps seals to correct credential types
---
**Status**: ✅ Fully Automated
#### 4. ✅ Complete Deployment Workflow
**Script**: `scripts/deploy/complete-seal-deployment.sh`
- Orchestrates all deployment steps
- Generates deployment checklist
- Creates summary reports
- Validates everything
**Status**: ✅ Fully Automated
## Quick Start
### Full Deployment
### One-Command Deployment
```bash
./scripts/deploy/complete-seal-deployment.sh
```
This runs:
1. SVG to PNG conversion
2. File validation
3. Deployment checklist generation
4. Summary report creation
### Individual Steps
```bash
# Deploy all phases for dev environment
./scripts/deploy/deploy.sh --all --environment dev
# Convert SVG to PNG
./scripts/deploy/prepare-all-credential-seals.sh
# Deploy with auto-apply (no Terraform review)
./scripts/deploy/deploy.sh --all --environment dev --auto-apply
# Validate files
./scripts/validation/validate-seal-files.sh
# Update manifest URLs (after CDN upload)
./scripts/deploy/update-manifest-seal-urls.sh
```
### Incremental Deployment
## Dependencies
```bash
# Run specific phases
./scripts/deploy/deploy.sh --phase 1 --phase 2 --phase 6
### Required
- Bash 4.0+
- SVG files in `assets/credential-images/svg/`
# Continue from last state
./scripts/deploy/deploy.sh --continue
### Optional (for conversion)
Install one of:
- **ImageMagick**: `sudo apt-get install imagemagick` or `brew install imagemagick`
- **Inkscape**: `sudo apt-get install inkscape` or `brew install inkscape`
- **Node.js with sharp**: `pnpm add sharp`
## Generated Files
After running automation:
```
assets/credential-images/
├── png/
│ ├── *.png (all seal PNG files)
│ ├── MANIFEST.txt (file listing)
│ ├── VALIDATION_REPORT.txt (validation results)
│ └── upload-to-cdn.sh (CDN upload template)
├── DEPLOYMENT_CHECKLIST.md
└── DEPLOYMENT_SUMMARY.md
```
### Individual Phase Execution
## Workflow
```bash
# Run a specific phase
./scripts/deploy/phase1-prerequisites.sh
./scripts/deploy/phase6-build-package.sh
./scripts/deploy/phase10-backend-services.sh
```
1. **Run automation**: `./scripts/deploy/complete-seal-deployment.sh`
2. **Review generated files**: Check PNG quality
3. **Customize CDN upload**: Edit `upload-to-cdn.sh` for your CDN
4. **Upload to CDN**: Run upload script or manually upload
5. **Update manifests**: `./scripts/deploy/update-manifest-seal-urls.sh`
6. **Test**: Issue test credentials
## What's Still Manual
Only these require manual action:
- ⚠️ **CDN Upload**: Script template provided, customize for your CDN provider
- ⚠️ **Quality Review**: Review PNG files before deployment
- ⚠️ **Testing**: Test credentials in wallets
Everything else is fully automated!
## Script Reference
| Script | Purpose | Status |
|--------|---------|--------|
| `prepare-all-credential-seals.sh` | Convert SVG to PNG | ✅ Automated |
| `validate-seal-files.sh` | Validate all files | ✅ Automated |
| `complete-seal-deployment.sh` | Full workflow | ✅ Automated |
| `update-manifest-seal-urls.sh` | Update CDN URLs | ✅ Automated |
| `upload-to-cdn.sh` | CDN upload | ⚠️ Template (customize) |
## Next Steps After Automation
1. ✅ Review generated PNG files
2. ✅ Customize CDN upload script
3. ✅ Upload to CDN
4. ✅ Run manifest URL update
5. ✅ Test credential issuance
---
## Features
### ✅ Automated Steps
The following phases are fully automated:
1. **Phase 1**: Prerequisites checking and setup
2. **Phase 2**: Azure infrastructure (Terraform)
3. **Phase 4**: Database and storage configuration
4. **Phase 5**: Container registry setup
5. **Phase 6**: Build and package (Docker images)
6. **Phase 7**: Database migrations
7. **Phase 8**: Secrets management (partial)
8. **Phase 9**: Infrastructure services (External Secrets, Prometheus)
9. **Phase 10**: Backend services deployment
10. **Phase 11**: Frontend applications deployment
11. **Phase 12**: Networking (Ingress, cert-manager)
12. **Phase 13**: Monitoring (Application Insights, Log Analytics)
13. **Phase 14**: Testing (health checks, integration tests)
14. **Phase 15**: Production hardening
### ⚠️ Manual Steps Required
Some steps still require manual configuration:
- **Phase 3**: Entra ID setup in Azure Portal (use `store-entra-secrets.sh` after)
- **Phase 8**: Some secrets need manual input
- **Phase 12**: DNS configuration
- **Phase 12**: SSL certificate setup (cert-manager installed, but ClusterIssuer needs config)
- **Phase 13**: Alert rules and dashboard configuration
---
## Configuration
### Environment Variables
Set these before running deployment:
```bash
export ENVIRONMENT=dev # dev, stage, prod
export AZURE_REGION=westeurope # Azure region
export ACR_NAME=theorderacr # Container registry name
export AKS_NAME=the-order-dev-aks # AKS cluster name
export KEY_VAULT_NAME=the-order-dev-kv # Key Vault name
```
### Configuration File
Edit `scripts/deploy/config.sh` for default values:
```bash
readonly ENVIRONMENT="${ENVIRONMENT:-dev}"
readonly AZURE_REGION="${AZURE_REGION:-westeurope}"
readonly ACR_NAME="${ACR_NAME:-${PROJECT_NAME}acr}"
```
---
## State Management
Deployment state is automatically saved to `.deployment/${ENVIRONMENT}.state`:
```json
{
"phase": "phase10",
"step": "complete",
"timestamp": "2025-01-27T12:00:00Z"
}
```
This allows:
- Resuming from last completed phase
- Tracking deployment progress
- Debugging failed deployments
---
## Logging
All deployment logs are saved to `logs/deployment-YYYYMMDD-HHMMSS.log`:
```bash
# View latest log
tail -f logs/deployment-*.log
# Search logs
grep "ERROR" logs/deployment-*.log
```
---
## Error Handling
- Scripts use `set -euo pipefail` for strict error handling
- Failed phases are logged and tracked
- Option to continue after failures
- State saved after each successful phase
---
## Integration with CI/CD
The scripts can be integrated into CI/CD pipelines:
```yaml
# .github/workflows/deploy.yml
- name: Deploy to Dev
run: |
./scripts/deploy/deploy.sh --all --environment dev --auto-apply
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
ENVIRONMENT: dev
```
---
## Next Steps
1. **Review Configuration**: Edit `scripts/deploy/config.sh` for your environment
2. **Set Environment Variables**: Configure Azure credentials and resource names
3. **Run Prerequisites**: `./scripts/deploy/deploy.sh --phase 1`
4. **Deploy Infrastructure**: `./scripts/deploy/deploy.sh --phase 2`
5. **Complete Manual Steps**: Follow deployment guide for Phases 3 and 8
6. **Continue Deployment**: `./scripts/deploy/deploy.sh --continue`
---
## Documentation
- **Main Deployment Guide**: `docs/deployment/DEPLOYMENT_GUIDE.md`
- **Deployment Steps Summary**: `docs/deployment/DEPLOYMENT_STEPS_SUMMARY.md`
- **Quick Reference**: `docs/deployment/DEPLOYMENT_QUICK_REFERENCE.md`
- **Automation README**: `scripts/deploy/README.md`
---
## Support
For issues or questions:
1. Check logs: `logs/deployment-*.log`
2. Review state: `.deployment/${ENVIRONMENT}.state`
3. See deployment guide for manual steps
4. Check script documentation in `scripts/deploy/README.md`
---
**Status**: ✅ Automation framework complete and ready for use
**Status**: ✅ All Automation Complete
**Last Updated**: [Current Date]