the_order/scripts/deploy

Deployment Automation Scripts

Automated deployment scripts for The Order following the deployment guide.

Overview

This directory contains automated scripts for deploying The Order to Azure/Kubernetes. The scripts follow the 15-phase deployment guide and can be run individually or as a complete deployment.

Sankofa Phoenix / Proxmox: for LAN operations, scripts build and sync portal-public to CT 10090 at 192.168.11.180:3000, refresh HAProxy 10210 at 192.168.11.39:80, and verify https://the-order.sankofa.nexus (and Phoenix at https://phoenix.sankofa.nexus).

Quick Start

# Deploy all phases for dev environment
./scripts/deploy/deploy.sh --all --environment dev

# Deploy specific phases
./scripts/deploy/deploy.sh --phase 1 --phase 2 --phase 6

# Continue from last saved state
./scripts/deploy/deploy.sh --continue

# Deploy with auto-apply (no Terraform review)
./scripts/deploy/deploy.sh --all --auto-apply

Configuration

Configuration is managed in config.sh. Key variables:

• ENVIRONMENT: Deployment environment (dev, stage, prod)
• AZURE_REGION: Azure region (default: westeurope)
• ACR_NAME: Azure Container Registry name
• AKS_NAME: AKS cluster name
• KEY_VAULT_NAME: Azure Key Vault name

Set via environment variables or edit config.sh:

export ENVIRONMENT=prod
export AZURE_REGION=westeurope
export ACR_NAME=theorderacr
./scripts/deploy/deploy.sh --all

Phase Scripts

Phase 1: Prerequisites

• Checks all required tools
• Verifies Azure login
• Installs dependencies
• Builds packages

./scripts/deploy/phase1-prerequisites.sh

Phase 2: Azure Infrastructure

• Runs Azure setup scripts
• Registers resource providers
• Deploys Terraform infrastructure
• Configures Kubernetes access

./scripts/deploy/phase2-azure-infrastructure.sh

Phase 3: Entra ID Configuration

• Manual steps required (Azure Portal)
• Helper script to store secrets: store-entra-secrets.sh

Phase 6: Build & Package

• Builds all packages and applications
• Creates Docker images
• Pushes to Azure Container Registry
• Signs images with Cosign (if available)

./scripts/deploy/phase6-build-package.sh

Phase 7: Database Migrations

• Runs database schema migrations
• Verifies database connection

./scripts/deploy/phase7-database-migrations.sh

Phase 10: Backend Services

• Deploys backend services to Kubernetes
• Verifies deployments
• Tests health endpoints

./scripts/deploy/phase10-backend-services.sh

Usage Examples

Full Deployment

# Development environment
./scripts/deploy/deploy.sh --all --environment dev

# Staging environment
./scripts/deploy/deploy.sh --all --environment stage

# Production (with confirmation)
./scripts/deploy/deploy.sh --all --environment prod

Incremental Deployment

# Run prerequisites and infrastructure
./scripts/deploy/deploy.sh --phase 1 --phase 2

# Build and package
./scripts/deploy/deploy.sh --phase 6

# Deploy services
./scripts/deploy/deploy.sh --phase 10 --phase 11

Skip Phases

# Skip build (if already built)
./scripts/deploy/deploy.sh --all --skip-build

# Skip specific phase
./scripts/deploy/deploy.sh --all --skip 3 --skip 8

Continue from Failure

# If deployment fails, continue from last state
./scripts/deploy/deploy.sh --continue

State Management

Deployment state is saved in .deployment/${ENVIRONMENT}.state. This allows:

• Resuming from last completed phase
• Tracking deployment progress
• Debugging failed deployments

Logging

All deployment logs are saved to logs/deployment-YYYYMMDD-HHMMSS.log.

View logs:

tail -f logs/deployment-*.log

Manual Steps

Some phases require manual steps:

• Phase 3: Entra ID configuration (Azure Portal)
• Phase 8: Secrets configuration (use helper scripts)
• Phase 12: DNS configuration
• Phase 13: Monitoring dashboard setup

See docs/deployment/DEPLOYMENT_GUIDE.md for detailed instructions.

Helper Scripts

Store Entra ID Secrets

After completing Entra ID setup in Azure Portal:

./scripts/deploy/store-entra-secrets.sh

This will prompt for:

• Tenant ID
• Client ID
• Client Secret
• Credential Manifest ID

And store them in Azure Key Vault.

Troubleshooting

Check Deployment State

cat .deployment/dev.state

View Logs

tail -f logs/deployment-*.log

Verify Proxmox Order stack (Sankofa)

ssh root@192.168.11.11 "pct status 10090 && pct status 10210"
curl -fsS http://192.168.11.180:3000/api/health
curl -fsS -H 'Host: the-order.sankofa.nexus' http://192.168.11.39/api/health
curl -fsS https://the-order.sankofa.nexus/api/health

Verify Kubernetes Access

kubectl cluster-info
kubectl get nodes

Verify Azure Access

az account show
az aks list

Re-run Failed Phase

./scripts/deploy/deploy.sh --phase <phase-number>

Environment-Specific Configuration

Create environment-specific config files:

# .deployment/dev.env
export ENVIRONMENT=dev
export AKS_NAME=the-order-dev-aks
export KEY_VAULT_NAME=the-order-dev-kv

Source before deployment:

source .deployment/dev.env
./scripts/deploy/deploy.sh --all

Integration with CI/CD

The scripts can be integrated into CI/CD pipelines:

# .github/workflows/deploy.yml
- name: Deploy to Dev
  run: |
    ./scripts/deploy/deploy.sh --all --environment dev --auto-apply
  env:
    AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}

Security Notes

• Never commit secrets to repository
• Use Azure Key Vault for all secrets
• Enable RBAC for all resources
• Review Terraform plans before applying
• Use managed identities where possible

Next Steps

After deployment:

1. Verify all services are running: kubectl get pods -n the-order-${ENV}
2. Test health endpoints
3. Configure monitoring dashboards
4. Set up alerts
5. Review security settings

See docs/deployment/DEPLOYMENT_GUIDE.md for complete deployment instructions.