feat: add production setup script for gitops workflow
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
This commit is contained in:
harkon
72
scripts/setup-prod.sh
Executable file
72
scripts/setup-prod.sh
Executable file
@@ -0,0 +1,72 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Production Setup Script
|
||||||
|
# Wraps existing scripts to work in the production environment context
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Colors
|
||||||
|
GREEN='\033[0;32m'
|
||||||
|
BLUE='\033[0;34m'
|
||||||
|
NC='\033[0m'
|
||||||
|
|
||||||
|
# Ensure we are in the project root
|
||||||
|
cd "$(dirname "$0")/.."
|
||||||
|
|
||||||
|
# 1. Generate Secrets if needed
|
||||||
|
# We point generate-secrets to the production env file
|
||||||
|
if [ ! -f "infra/environments/production/.env" ] || grep -q "CHANGE_ME" "infra/environments/production/.env"; then
|
||||||
|
echo -e "${BLUE}🔐 Generating production secrets...${NC}"
|
||||||
|
|
||||||
|
# Temporarily symlink production env to where generate-secrets expects it (if needed)
|
||||||
|
# But generate-secrets.sh writes to infra/environments/local/.env by default.
|
||||||
|
# We will modify generate-secrets.sh to accept an output file argument or just move it after.
|
||||||
|
|
||||||
|
# Actually, let's just run it and move the result if it doesn't support args,
|
||||||
|
# OR better, let's just use sed to update the existing production .env in place using the logic from generate-secrets
|
||||||
|
# But re-using the script is better.
|
||||||
|
|
||||||
|
# Let's try to run generate-secrets.sh and see if we can redirect output.
|
||||||
|
# Looking at generate-secrets.sh, it writes to infra/environments/local/.env
|
||||||
|
|
||||||
|
# Workaround: Backup local .env, run script, move result to prod, restore local
|
||||||
|
if [ -f "infra/environments/local/.env" ]; then
|
||||||
|
cp "infra/environments/local/.env" "infra/environments/local/.env.bak"
|
||||||
|
fi
|
||||||
|
|
||||||
|
./scripts/generate-secrets.sh
|
||||||
|
|
||||||
|
mv "infra/environments/local/.env" "infra/environments/production/.env"
|
||||||
|
|
||||||
|
if [ -f "infra/environments/local/.env.bak" ]; then
|
||||||
|
mv "infra/environments/local/.env.bak" "infra/environments/local/.env"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Update DOMAIN in production .env
|
||||||
|
sed -i 's/DOMAIN=local.lan/DOMAIN=app.harkon.co.uk/g' "infra/environments/production/.env"
|
||||||
|
sed -i 's/EMAIL=admin@local.lan/EMAIL=admin@harkon.co.uk/g' "infra/environments/production/.env"
|
||||||
|
|
||||||
|
echo -e "${GREEN}✅ Production secrets generated in infra/environments/production/.env${NC}"
|
||||||
|
else
|
||||||
|
echo -e "${GREEN}✅ Production secrets already exist${NC}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 2. Setup Authentik
|
||||||
|
# We need to export the production env vars so the scripts pick them up
|
||||||
|
set -a
|
||||||
|
source "infra/environments/production/.env"
|
||||||
|
set +a
|
||||||
|
|
||||||
|
# Override specific variables for the scripts
|
||||||
|
export ENV_FILE="infra/environments/production/.env"
|
||||||
|
export DOMAIN="app.harkon.co.uk"
|
||||||
|
export BOOTSTRAP_FILE="infra/base/authentik/bootstrap-prod.yaml"
|
||||||
|
|
||||||
|
echo -e "${BLUE}🔧 Running Authentik Setup for Production...${NC}"
|
||||||
|
|
||||||
|
# Run complete-authentik-setup (gets token)
|
||||||
|
./scripts/complete-authentik-setup.sh
|
||||||
|
|
||||||
|
# Run setup-authentik (imports blueprint)
|
||||||
|
./scripts/setup-authentik.sh
|
||||||
|
|
||||||
|
echo -e "${GREEN}🎉 Production setup complete!${NC}"
|
||||||
Reference in New Issue
Block a user