fix(deploy): resolve nested kogus multisite secrets path for pprod/prod connectDB scp

Support .secrets/kogus/<env>/ when flat .secrets/<env> is absent for deploy-by-script-to.

Made-with: Cursor

deploy/deploy-by-script-to.sh

@@ -81,8 +81,26 @@ fi
 SECRETS_PARENT="${SECRETS_BASE:-${LECOFFRE_SECRETS_BASE:-$PROJECT_ROOT/.secrets}}"
 SECRETS_DIR="${SECRETS_PARENT}/${TARGET_BRANCH}"
 if [[ ! -d "$SECRETS_DIR" ]]; then
-	echo "[deploy-by-script-to][ERROR] secrets env dir missing: ${SECRETS_DIR} (set SECRETS_BASE or deploy.secrets_path in conf)" >&2
-	exit 1
+	# Monorepo LeCoffre (kogus): secrets nominaux sous `.secrets/<site>/<env>/`, pas `.secrets/<env>/`.
+	if [[ "${IA_PROJECT_ID:-}" == "kogus" ]]; then
+		_ms_ok=true
+		for _site in kogus lecoffreio enso genealogie; do
+			if [[ ! -d "${SECRETS_PARENT}/${_site}/${TARGET_BRANCH}" ]]; then
+				_ms_ok=false
+				break
+			fi
+		done
+		if [[ "$_ms_ok" == "true" ]]; then
+			SECRETS_DIR="${SECRETS_PARENT}/kogus/${TARGET_BRANCH}"
+			echo "[deploy-by-script-to] secrets: nested multisite layout OK (${SECRETS_PARENT}/*/${TARGET_BRANCH})"
+		else
+			echo "[deploy-by-script-to][ERROR] secrets env dir missing: ${SECRETS_DIR} (flat) and incomplete nested multisite under ${SECRETS_PARENT} (need kogus, lecoffreio, enso, genealogie /${TARGET_BRANCH})" >&2
+			exit 1
+		fi
+	else
+		echo "[deploy-by-script-to][ERROR] secrets env dir missing: ${SECRETS_DIR} (set SECRETS_BASE or deploy.secrets_path in conf)" >&2
+		exit 1
+	fi
 fi
 if [[ "$HOST_STAYS_ON_TEST" == "true" ]]; then
 	echo "[deploy-by-script-to] Step 2: secrets/${TARGET_BRANCH} OK (${SECRETS_DIR}) ; host stays on test (deploy.host_stays_on_test)"