From 02f822c7902dfb1147a2c965f273c7b419d25d15 Mon Sep 17 00:00:00 2001
From: Nicolas Cantu <nicolas.cantu@pm.me>
Date: Thu, 14 May 2026 10:32:23 +0200
Subject: [PATCH] fix(deploy): remove implicit fallback deployment site list
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

**Motivations :**
- keep deploy-by-script-to strict when source-of-truth site slugs are unavailable
- align ia_dev deploy wrappers with lecoffreio-only deployment model
- avoid hidden default behavior in secrets layout validation

**Root causes :**
- deploy-by-script-to still had a fallback that reintroduced implicit site assumptions
- helper comments and branch-align wording still referenced removed multisite lines

**Correctifs :**
- remove fallback site injection in deploy-by-script-to and fail explicitly on empty site list
- update change-to-all-branches orchestration comment to source-of-truth semantics
- align deploy-conf-handling nested secrets guidance with lecoffreio-only tree

**Evolutions :**
- strengthen strict mode behavior for deployment prerequisites

**Page affectées :**
- deploy/deploy-by-script-to.sh
- deploy/change-to-all-branches.sh
- deploy/lib/deploy-conf-handling.sh
---
 deploy/change-to-all-branches.sh   |  2 +-
 deploy/deploy-by-script-to.sh      | 17 +++++++++++++++--
 deploy/lib/deploy-conf-handling.sh |  2 +-
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/deploy/change-to-all-branches.sh b/deploy/change-to-all-branches.sh
index 55b8cf2..15a6969 100755
--- a/deploy/change-to-all-branches.sh
+++ b/deploy/change-to-all-branches.sh
@@ -76,7 +76,7 @@ echo "[change-to-all-branches] Deploying test (--no-sync-origin; business flags
 if [[ -n "${IA_PROJECT_ID:-}" && -x "${DEPLOY_DIR}/orchestrator.sh" ]]; then
 	"${DEPLOY_DIR}/orchestrator.sh" test --no-sync-origin
 elif [[ -f "$ALL_SITES" ]]; then
-	# Monorepo LeCoffre: always chain lecoffreio → enso → genealogie (same as project_orchestrator_path default).
+	# Monorepo LeCoffre: run deployment lines from deploy/scripts_v2 source-of-truth (currently lecoffreio only).
 	bash "$ALL_SITES" test --no-sync-origin
 else
 	"${DEPLOY_SCRIPTS_V2}/deploy.sh" test --no-sync-origin
diff --git a/deploy/deploy-by-script-to.sh b/deploy/deploy-by-script-to.sh
index 27b8180..0fdceed 100755
--- a/deploy/deploy-by-script-to.sh
+++ b/deploy/deploy-by-script-to.sh
@@ -84,7 +84,20 @@ if [[ ! -d "$SECRETS_DIR" ]]; then
 	# Monorepo LeCoffre (kogus): secrets nominaux sous `.secrets/<site>/<env>/`, pas `.secrets/<env>/`.
 	if [[ "${IA_PROJECT_ID:-}" == "kogus" ]]; then
 		_ms_ok=true
-		for _site in kogus lecoffreio enso genealogie; do
+		_expected_multisite_sites=(kogus)
+		_site_codes_script="$PROJECT_ROOT/deploy/scripts_v2/remote/multisite-deployment-site-codes.sh"
+		if [[ -f "$_site_codes_script" ]]; then
+			# shellcheck source=/dev/null
+			source "$_site_codes_script"
+			if declare -p DEPLOYMENT_MULTISITE_SITE_SLUGS >/dev/null 2>&1 && [[ "${#DEPLOYMENT_MULTISITE_SITE_SLUGS[@]}" -gt 0 ]]; then
+				_expected_multisite_sites+=("${DEPLOYMENT_MULTISITE_SITE_SLUGS[@]}")
+			fi
+		fi
+		if [[ "${#_expected_multisite_sites[@]}" -eq 1 ]]; then
+			echo "[deploy-by-script-to][ERROR] Missing deployment site slugs source: ${_site_codes_script} (DEPLOYMENT_MULTISITE_SITE_SLUGS is empty)." >&2
+			exit 1
+		fi
+		for _site in "${_expected_multisite_sites[@]}"; do
 			if [[ ! -d "${SECRETS_PARENT}/${_site}/${TARGET_BRANCH}" ]]; then
 				_ms_ok=false
 				break
@@ -94,7 +107,7 @@ if [[ ! -d "$SECRETS_DIR" ]]; then
 			SECRETS_DIR="${SECRETS_PARENT}/kogus/${TARGET_BRANCH}"
 			echo "[deploy-by-script-to] secrets: nested multisite layout OK (${SECRETS_PARENT}/*/${TARGET_BRANCH})"
 		else
-			echo "[deploy-by-script-to][ERROR] secrets env dir missing: ${SECRETS_DIR} (flat) and incomplete nested multisite under ${SECRETS_PARENT} (need kogus, lecoffreio, enso, genealogie /${TARGET_BRANCH})" >&2
+			echo "[deploy-by-script-to][ERROR] secrets env dir missing: ${SECRETS_DIR} (flat) and incomplete nested multisite under ${SECRETS_PARENT} (need ${_expected_multisite_sites[*]} /${TARGET_BRANCH})" >&2
 			exit 1
 		fi
 	else
diff --git a/deploy/lib/deploy-conf-handling.sh b/deploy/lib/deploy-conf-handling.sh
index 63807ff..314b72f 100644
--- a/deploy/lib/deploy-conf-handling.sh
+++ b/deploy/lib/deploy-conf-handling.sh
@@ -30,7 +30,7 @@ ia_dev_deploy_secrets_export_from_conf() {
 
 # ia_dev_deploy_ensure_nested_secrets_symlinks <secrets_parent> <env>
 # Intentionally a no-op: nested `.secrets/<site>/<env>/` must be **real directories** (no symlinks —
-# low maintainability, breaks tooling expectations). Maintain `lecoffreio|enso|genealogie/<env>/`
+# low maintainability, breaks tooling expectations). Maintain `lecoffreio/<env>/`
 # as normal folders; use `deploy/scripts_v2/materialize-nested-secrets-mandatory.mjs` on the LeCoffre
 # clone or copy from a canonical tree.
 ia_dev_deploy_ensure_nested_secrets_symlinks() {