diff --git a/deploy/lib/README.md b/deploy/lib/README.md index 59037f3..5f105b8 100644 --- a/deploy/lib/README.md +++ b/deploy/lib/README.md @@ -17,7 +17,13 @@ Project-specific logic (Prisma, systemd unit names, remote app layout, LeCoffre Shared contract for all managed projects: allowed envs (`test` \| `pprod` \| `prod`), validation helpers. Sourced by **`deploy.sh`** and **`orchestrator.sh`**. Extend only with an explicit decision (new env = conf + doc migration). -Quality gates and longer sequences that are identical across projects should be added here (or in small `deploy/lib/deploy-*.sh` peers) over time — not in project repos. +**Boundary** : any step **strictly identical** for every project belongs here or in a sibling `deploy/lib/deploy-*.sh`. The project orchestrator under `repository_root` only sequences **project-specific** scripts (e.g. `_lib/deploy-phase-*.sh`). + +Quality gates and longer sequences that are identical across projects should be added here or in peers — not in project repos. + +## `deploy-conf-handling.sh` + +Shared **conf.json** handling: `jq` requirement, `deploy.secrets_path` → `SECRETS_BASE` / `LECOFFRE_SECRETS_BASE`, optional exports `IA_DEV_DEPLOY_REPO_ROOT` and `IA_DEV_DEPLOY_ENV` for project scripts. Sourced by **`orchestrator.sh`**. Add new generic `deploy.*` reads here. ## Orchestration (`../orchestrator.sh`, `../deploy.sh`) diff --git a/deploy/lib/deploy-conf-handling.sh b/deploy/lib/deploy-conf-handling.sh new file mode 100644 index 0000000..d74047e --- /dev/null +++ b/deploy/lib/deploy-conf-handling.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +# ia_dev — conf.json handling identical for every managed project (jq, secrets_path → SECRETS_BASE). +# Add here any new deploy.* field that must be read the same way for all projects. +# Do not put project-specific paths, hostnames, or phase ordering here beyond generic keys. + +# ia_dev_deploy_require_jq — exit 1 if jq missing (e.g. log_tag="[orchestrator]") +ia_dev_deploy_require_jq() { + local tag="${1:-[ia_dev][deploy]}" + if ! command -v jq >/dev/null 2>&1; then + echo "${tag}[ERROR] jq is required to read deploy.* from conf.json" >&2 + exit 1 + fi +} + +# ia_dev_deploy_secrets_export_from_conf — export SECRETS_BASE + LECOFFRE_SECRETS_BASE when deploy.secrets_path is a directory +ia_dev_deploy_secrets_export_from_conf() { + local conf="${1:?}" + local secrets_path + secrets_path="$(jq -r '.deploy.secrets_path // empty' "$conf")" + if [[ -n "$secrets_path" && "$secrets_path" != "null" && -d "$secrets_path" ]]; then + export SECRETS_BASE="$secrets_path" + export LECOFFRE_SECRETS_BASE="$secrets_path" + fi +} + +# ia_dev_deploy_export_runtime_context — optional hints for project orchestrator scripts +ia_dev_deploy_export_runtime_context() { + local repo="${1:?}" + local env="${2:?}" + export IA_DEV_DEPLOY_REPO_ROOT="$repo" + export IA_DEV_DEPLOY_ENV="$env" +} diff --git a/deploy/lib/deploy-methodology.sh b/deploy/lib/deploy-methodology.sh index 4efea5a..f24d4cf 100644 --- a/deploy/lib/deploy-methodology.sh +++ b/deploy/lib/deploy-methodology.sh @@ -1,7 +1,13 @@ #!/usr/bin/env bash # Shared deploy methodology for all ia_dev–managed projects: environments, quality bar, ordering contract. # Sourced by ia_dev/deploy/deploy.sh and ia_dev/deploy/orchestrator.sh — no project-specific paths here. -# Project-specific sequencing lives only in the repository's project orchestrator (deploy.project_orchestrator_path). +# +# Boundary (approved workflow): +# - Everything strictly identical across projects (allowed envs, shared tooling checks, shared conf.json +# field handling) lives in deploy-methodology.sh and siblings under deploy/lib/ (e.g. deploy-conf-handling.sh). +# - The repository’s project orchestrator (deploy.project_orchestrator_path) only sequences project-specific +# work (e.g. LeCoffre: _lib/deploy-phase-*.sh, remote layout, Prisma, systemd unit names). +# When a step is candidate for hoisting, move it here or into a small deploy/lib/*.sh peer; shrink the project script. # Environments are fixed across projects; extend only with an explicit decision and conf migration. IA_DEV_DEPLOY_ENVS=(test pprod prod) diff --git a/deploy/orchestrator.sh b/deploy/orchestrator.sh index 9ac6722..54a014c 100755 --- a/deploy/orchestrator.sh +++ b/deploy/orchestrator.sh @@ -14,6 +14,8 @@ _ORCH_TAG="[orchestrator]" # shellcheck source=lib/deploy-methodology.sh source "${DEPLOY_DIR}/lib/deploy-methodology.sh" +# shellcheck source=lib/deploy-conf-handling.sh +source "${DEPLOY_DIR}/lib/deploy-conf-handling.sh" if [[ -z "${IA_PROJECT_ID:-}" ]]; then echo "${_ORCH_TAG}[ERROR] IA_PROJECT_ID is not set" >&2 @@ -40,16 +42,9 @@ if [[ -z "$CONF" || ! -f "$CONF" ]]; then exit 1 fi -if ! command -v jq >/dev/null 2>&1; then - echo "${_ORCH_TAG}[ERROR] jq is required to read deploy.* from conf.json" >&2 - exit 1 -fi - -SECRETS_PATH_CFG="$(jq -r '.deploy.secrets_path // empty' "$CONF")" -if [[ -n "$SECRETS_PATH_CFG" && "$SECRETS_PATH_CFG" != "null" && -d "$SECRETS_PATH_CFG" ]]; then - export SECRETS_BASE="$SECRETS_PATH_CFG" - export LECOFFRE_SECRETS_BASE="$SECRETS_PATH_CFG" -fi +ia_dev_deploy_require_jq "${_ORCH_TAG}" +ia_dev_deploy_secrets_export_from_conf "$CONF" +ia_dev_deploy_export_runtime_context "$REPO_ROOT" "${1:-}" DEPLOY_SCRIPT_PATH="$(jq -r '.deploy.deploy_script_path // empty' "$CONF")" PROJECT_ORCH_REL="$(jq -r '.deploy.project_orchestrator_path // empty' "$CONF")"