refactor(deploy): hoist shared conf handling to deploy/lib

**Motivations:** - Apply approved boundary: identical steps in ia_dev libs; project orchestrator keeps only specific sequencing **Root causes:** - N/A **Correctifs:** - N/A **Evolutions:** - Add deploy/lib/deploy-conf-handling.sh (jq, secrets_path export, IA_DEV_DEPLOY_* context) - Document boundary in deploy-methodology.sh; orchestrator sources new lib - deploy/lib/README.md: boundary + deploy-conf-handling **Pages affectées:** - deploy/lib/*.sh, deploy/orchestrator.sh, deploy/lib/README.md
2026-03-23 13:23:23 +01:00 · 2026-03-23 13:23:23 +01:00 · d80b240853
commit d80b240853
parent f1c53477b0
4 changed files with 51 additions and 12 deletions
--- a/deploy/lib/README.md
+++ b/deploy/lib/README.md
@ -17,7 +17,13 @@ Project-specific logic (Prisma, systemd unit names, remote app layout, LeCoffre
 Shared contract for all managed projects: allowed envs (`test` \| `pprod` \| `prod`), validation helpers. Sourced by **`deploy.sh`** and **`orchestrator.sh`**. Extend only with an explicit decision (new env = conf + doc migration).
-Quality gates and longer sequences that are identical across projects should be added here (or in small `deploy/lib/deploy-*.sh` peers) over time — not in project repos.
+**Boundary** : any step **strictly identical** for every project belongs here or in a sibling `deploy/lib/deploy-*.sh`. The project orchestrator under `repository_root` only sequences **project-specific** scripts (e.g. `_lib/deploy-phase-*.sh`).
 Quality gates and longer sequences that are identical across projects should be added here or in peers — not in project repos.
 ## `deploy-conf-handling.sh`
 Shared **conf.json** handling: `jq` requirement, `deploy.secrets_path` → `SECRETS_BASE` / `LECOFFRE_SECRETS_BASE`, optional exports `IA_DEV_DEPLOY_REPO_ROOT` and `IA_DEV_DEPLOY_ENV` for project scripts. Sourced by **`orchestrator.sh`**. Add new generic `deploy.*` reads here.
 ## Orchestration (`../orchestrator.sh`, `../deploy.sh`)
--- a/deploy/lib/deploy-conf-handling.sh
+++ b/deploy/lib/deploy-conf-handling.sh
@ -0,0 +1,32 @@
 #!/usr/bin/env bash
 # ia_dev — conf.json handling identical for every managed project (jq, secrets_path → SECRETS_BASE).
 # Add here any new deploy.* field that must be read the same way for all projects.
 # Do not put project-specific paths, hostnames, or phase ordering here beyond generic keys.
 # ia_dev_deploy_require_jq <log_tag> — exit 1 if jq missing (e.g. log_tag="[orchestrator]")
 ia_dev_deploy_require_jq() {
 	local tag="${1:-[ia_dev][deploy]}"
 	if ! command -v jq >/dev/null 2>&1; then
 		echo "${tag}[ERROR] jq is required to read deploy.* from conf.json" >&2
 		exit 1
 	fi
 }
 # ia_dev_deploy_secrets_export_from_conf <conf_path> — export SECRETS_BASE + LECOFFRE_SECRETS_BASE when deploy.secrets_path is a directory
 ia_dev_deploy_secrets_export_from_conf() {
 	local conf="${1:?}"
 	local secrets_path
 	secrets_path="$(jq -r '.deploy.secrets_path // empty' "$conf")"
 	if [[ -n "$secrets_path" && "$secrets_path" != "null" && -d "$secrets_path" ]]; then
 		export SECRETS_BASE="$secrets_path"
 		export LECOFFRE_SECRETS_BASE="$secrets_path"
 	fi
 }
 # ia_dev_deploy_export_runtime_context <repository_root> <env> — optional hints for project orchestrator scripts
 ia_dev_deploy_export_runtime_context() {
 	local repo="${1:?}"
 	local env="${2:?}"
 	export IA_DEV_DEPLOY_REPO_ROOT="$repo"
 	export IA_DEV_DEPLOY_ENV="$env"
 }
--- a/deploy/lib/deploy-methodology.sh
+++ b/deploy/lib/deploy-methodology.sh
@ -1,7 +1,13 @@
 #!/usr/bin/env bash
 # Shared deploy methodology for all ia_dev–managed projects: environments, quality bar, ordering contract.
 # Sourced by ia_dev/deploy/deploy.sh and ia_dev/deploy/orchestrator.sh — no project-specific paths here.
-# Project-specific sequencing lives only in the repository's project orchestrator (deploy.project_orchestrator_path).
+#
 # Boundary (approved workflow):
 # - Everything strictly identical across projects (allowed envs, shared tooling checks, shared conf.json
 #   field handling) lives in deploy-methodology.sh and siblings under deploy/lib/ (e.g. deploy-conf-handling.sh).
 # - The repository’s project orchestrator (deploy.project_orchestrator_path) only sequences project-specific
 #   work (e.g. LeCoffre: _lib/deploy-phase-*.sh, remote layout, Prisma, systemd unit names).
 # When a step is candidate for hoisting, move it here or into a small deploy/lib/*.sh peer; shrink the project script.
 # Environments are fixed across projects; extend only with an explicit decision and conf migration.
 IA_DEV_DEPLOY_ENVS=(test pprod prod)
--- a/deploy/orchestrator.sh
+++ b/deploy/orchestrator.sh
@ -14,6 +14,8 @@ _ORCH_TAG="[orchestrator]"
 # shellcheck source=lib/deploy-methodology.sh
 source "${DEPLOY_DIR}/lib/deploy-methodology.sh"
 # shellcheck source=lib/deploy-conf-handling.sh
 source "${DEPLOY_DIR}/lib/deploy-conf-handling.sh"
 if [[ -z "${IA_PROJECT_ID:-}" ]]; then
 	echo "${_ORCH_TAG}[ERROR] IA_PROJECT_ID is not set" >&2
@ -40,16 +42,9 @@ if [[ -z "$CONF" || ! -f "$CONF" ]]; then
 	exit 1
 fi
-if ! command -v jq >/dev/null 2>&1; then
+ia_dev_deploy_require_jq "${_ORCH_TAG}"
-	echo "${_ORCH_TAG}[ERROR] jq is required to read deploy.* from conf.json" >&2
+ia_dev_deploy_secrets_export_from_conf "$CONF"
-	exit 1
+ia_dev_deploy_export_runtime_context "$REPO_ROOT" "${1:-}"
 fi
 SECRETS_PATH_CFG="$(jq -r '.deploy.secrets_path // empty' "$CONF")"
 if [[ -n "$SECRETS_PATH_CFG" && "$SECRETS_PATH_CFG" != "null" && -d "$SECRETS_PATH_CFG" ]]; then
 	export SECRETS_BASE="$SECRETS_PATH_CFG"
 	export LECOFFRE_SECRETS_BASE="$SECRETS_PATH_CFG"
 fi
 DEPLOY_SCRIPT_PATH="$(jq -r '.deploy.deploy_script_path // empty' "$CONF")"
 PROJECT_ORCH_REL="$(jq -r '.deploy.project_orchestrator_path // empty' "$CONF")"