@polymorphism-tech/morph-spec 1.0.2 → 2.0.0

package/content/.azure/pipelines/prod-pipeline.yml

@@ -0,0 +1,319 @@
+# ==============================================================================
+# MORPH-SPEC - Production Pipeline
+# Deployment to Azure Container Apps with manual approval and always-on
+# ==============================================================================
+
+trigger:
+  branches:
+    include:
+      - main
+      - master
+
+pr: none  # No PR builds for prod
+
+variables:
+  - template: pipeline-variables.yml
+  - name: environment
+    value: 'prod'
+  - name: resourceGroupName
+    value: 'rg-$(APP_NAME)-prod'
+  - name: containerAppName
+    value: 'ca-$(APP_NAME)-prod'
+  - name: hostingType
+    value: 'containerapp'
+  - name: parametersFile
+    value: 'content/.morph/templates/infra/parameters.prod.json'
+  - name: imageName
+    value: '$(APP_NAME)'
+  - name: imageFullName
+    value: '$(containerRegistry)/$(imageName):$(imageTag)'
+
+stages:
+  # ===========================================================================
+  # STAGE 1: Build & Test
+  # ===========================================================================
+  - stage: Build
+    displayName: 'Build & Test'
+    jobs:
+      - job: BuildJob
+        displayName: 'Build .NET Application'
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - checkout: self
+            fetchDepth: 1
+
+          - template: templates/build-dotnet.yml
+            parameters:
+              dotnetVersion: $(dotnetVersion)
+              buildConfiguration: $(buildConfiguration)
+              runTests: true
+              publishArtifact: false
+
+  # ===========================================================================
+  # STAGE 2: Security Scan
+  # ===========================================================================
+  - stage: SecurityScan
+    displayName: 'Security Scan'
+    dependsOn: Build
+    condition: succeeded()
+    jobs:
+      - job: SecurityScanJob
+        displayName: 'Run Security Scans'
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - checkout: self
+            fetchDepth: 1
+
+          - task: DotNetCoreCLI@2
+            displayName: 'Restore packages'
+            inputs:
+              command: 'restore'
+
+          - task: PowerShell@2
+            displayName: 'Check for vulnerable packages'
+            inputs:
+              targetType: 'inline'
+              script: |
+                Write-Host "🔍 Scanning for vulnerable NuGet packages..."
+                dotnet list package --vulnerable --include-transitive
+
+                if ($LASTEXITCODE -ne 0) {
+                  Write-Warning "⚠️ Vulnerable packages found. Review before deploying to production."
+                }
+
+  # ===========================================================================
+  # STAGE 3: Deploy Infrastructure
+  # ===========================================================================
+  - stage: DeployInfra
+    displayName: 'Deploy Infrastructure'
+    dependsOn: SecurityScan
+    condition: succeeded()
+    jobs:
+      - deployment: DeployInfraJob
+        displayName: 'Deploy Bicep Templates'
+        pool:
+          vmImage: 'ubuntu-latest'
+        environment: 'production'  # Requires manual approval in Azure DevOps
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                  fetchDepth: 1
+
+                - template: templates/infra-deploy.yml
+                  parameters:
+                    azureSubscription: 'Azure-Prod-Connection'
+                    resourceGroupName: $(resourceGroupName)
+                    location: $(azureLocation)
+                    environment: $(environment)
+                    appName: $(APP_NAME)
+                    hostingType: $(hostingType)
+                    bicepTemplateFile: $(bicepTemplateFile)
+                    parametersFile: $(parametersFile)
+
+  # ===========================================================================
+  # STAGE 4: Build and Push Container
+  # ===========================================================================
+  - stage: BuildContainer
+    displayName: 'Build Container'
+    dependsOn: DeployInfra
+    condition: succeeded()
+    jobs:
+      - job: BuildContainerJob
+        displayName: 'Build and Push Docker Image'
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - checkout: self
+            fetchDepth: 1
+
+          - task: Docker@2
+            displayName: 'Build and push container'
+            inputs:
+              containerRegistry: 'ACR-Connection'
+              repository: '$(imageName)'
+              command: 'buildAndPush'
+              Dockerfile: '$(dockerfilePath)'
+              tags: |
+                $(imageTag)
+                prod-latest
+                $(Build.BuildId)
+
+          - task: AzureCLI@2
+            displayName: 'Scan image for vulnerabilities (Microsoft Defender)'
+            continueOnError: false  # Fail on vulnerabilities in prod
+            inputs:
+              azureSubscription: 'Azure-Prod-Connection'
+              scriptType: 'bash'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                echo "🔍 Scanning image for vulnerabilities..."
+                # Add your security scanning tool here (e.g., Trivy, Defender for Containers)
+                # az acr scan --name $(ACR_NAME) --image $(imageName):$(imageTag)
+
+  # ===========================================================================
+  # STAGE 5: Deploy to Production (Blue-Green)
+  # ===========================================================================
+  - stage: DeployApp
+    displayName: 'Deploy to Production'
+    dependsOn: BuildContainer
+    condition: succeeded()
+    jobs:
+      - deployment: DeployAppJob
+        displayName: 'Deploy Container App'
+        pool:
+          vmImage: 'ubuntu-latest'
+        environment: 'production'  # Requires manual approval
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                  fetchDepth: 1
+
+                # Create new revision
+                - template: templates/deploy-container-app.yml
+                  parameters:
+                    azureSubscription: 'Azure-Prod-Connection'
+                    containerAppName: $(containerAppName)
+                    resourceGroupName: $(resourceGroupName)
+                    containerRegistry: $(containerRegistry)
+                    imageName: $(imageName)
+                    imageTag: $(imageTag)
+                    acrServiceConnection: 'ACR-Connection'
+                    healthCheckUrl: '/health'
+                    healthCheckTimeout: 300
+
+                # Wait before activating
+                - task: PowerShell@2
+                  displayName: 'Monitor new revision (5 min)'
+                  inputs:
+                    targetType: 'inline'
+                    script: |
+                      Write-Host "⏳ Monitoring new revision for 5 minutes before activating..."
+                      Start-Sleep -Seconds 300
+                      Write-Host "✅ Monitoring period complete"
+
+  # ===========================================================================
+  # STAGE 6: Smoke Tests in Production
+  # ===========================================================================
+  - stage: SmokeTests
+    displayName: 'Production Smoke Tests'
+    dependsOn: DeployApp
+    condition: succeeded()
+    jobs:
+      - job: SmokeTestsJob
+        displayName: 'Run Production Smoke Tests'
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - task: AzureCLI@2
+            displayName: 'Get Container App URL'
+            name: getUrl
+            inputs:
+              azureSubscription: 'Azure-Prod-Connection'
+              scriptType: 'bash'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                FQDN=$(az containerapp show \
+                  --name $(containerAppName) \
+                  --resource-group $(resourceGroupName) \
+                  --query properties.configuration.ingress.fqdn -o tsv)
+
+                APP_URL="https://$FQDN"
+                echo "##vso[task.setvariable variable=appUrl]$APP_URL"
+                echo "Production URL: $APP_URL"
+
+          - task: PowerShell@2
+            displayName: 'Critical smoke tests'
+            inputs:
+              targetType: 'inline'
+              script: |
+                $appUrl = "$(appUrl)"
+
+                Write-Host "🧪 Running CRITICAL smoke tests in PRODUCTION"
+                Write-Host "URL: $appUrl"
+
+                $criticalEndpoints = @(
+                  @{Path="/health"; Description="Health Check"},
+                  @{Path="/health/ready"; Description="Readiness Check"},
+                  @{Path="/"; Description="Home Page"}
+                )
+
+                $failed = $false
+                foreach ($endpoint in $criticalEndpoints) {
+                  $url = "$appUrl$($endpoint.Path)"
+                  try {
+                    $response = Invoke-WebRequest -Uri $url -UseBasicParsing -TimeoutSec 10
+                    Write-Host "✅ $($endpoint.Description): $($response.StatusCode)"
+                  }
+                  catch {
+                    Write-Error "❌ $($endpoint.Description) FAILED: $_"
+                    $failed = $true
+                  }
+                }
+
+                if ($failed) {
+                  Write-Error "❌ CRITICAL: Smoke tests failed in production!"
+                  exit 1
+                }
+
+                Write-Host "✅ All critical smoke tests passed!"
+
+          - task: AzureCLI@2
+            displayName: 'Monitor metrics'
+            inputs:
+              azureSubscription: 'Azure-Prod-Connection'
+              scriptType: 'bash'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                echo "📊 Production Deployment Metrics:"
+
+                # Get replica count
+                REPLICAS=$(az containerapp revision list \
+                  --name $(containerAppName) \
+                  --resource-group $(resourceGroupName) \
+                  --query "[?properties.active].properties.replicas" -o tsv)
+
+                echo "Active Replicas: $REPLICAS"
+
+                # Show active revisions
+                az containerapp revision list \
+                  --name $(containerAppName) \
+                  --resource-group $(resourceGroupName) \
+                  --query "[?properties.active].{Name:name, Traffic:properties.trafficWeight, Replicas:properties.replicas}" \
+                  --output table
+
+          - task: AzureCLI@2
+            displayName: 'Deployment summary'
+            inputs:
+              azureSubscription: 'Azure-Prod-Connection'
+              scriptType: 'bash'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                echo "╔════════════════════════════════════════════════════════════════╗"
+                echo "║          PRODUCTION DEPLOYMENT SUCCESSFUL                      ║"
+                echo "╚════════════════════════════════════════════════════════════════╝"
+                echo ""
+                echo "🌐 Application URL: $(appUrl)"
+                echo "📊 Environment: $(environment)"
+                echo "🐳 Container Image: $(imageFullName)"
+                echo "💰 Hosting: Container Apps (always-on) - ~$10-20/month"
+                echo "📦 Resource Group: $(resourceGroupName)"
+                echo "🏷️  Version: $(imageTag)"
+                echo ""
+                echo "⚠️  IMPORTANT:"
+                echo "  1. Monitor Application Insights for errors"
+                echo "  2. Watch for performance degradation"
+                echo "  3. Have rollback plan ready"
+                echo "  4. Monitor costs in Azure Portal"
+                echo ""
+                echo "🔄 Rollback command (if needed):"
+                echo "  az containerapp revision activate \\"
+                echo "    --name $(containerAppName) \\"
+                echo "    --resource-group $(resourceGroupName) \\"
+                echo "    --revision <PREVIOUS_REVISION_NAME>"
+                echo ""

package/content/.azure/pipelines/staging-pipeline.yml

@@ -0,0 +1,234 @@
+# ==============================================================================
+# MORPH-SPEC - Staging Pipeline
+# Deployment to Azure Container Apps with scale-to-zero
+# ==============================================================================
+
+trigger:
+  branches:
+    include:
+      - staging
+
+pr:
+  branches:
+    include:
+      - staging
+
+variables:
+  - template: pipeline-variables.yml
+  - name: environment
+    value: 'staging'
+  - name: resourceGroupName
+    value: 'rg-$(APP_NAME)-staging'
+  - name: containerAppName
+    value: 'ca-$(APP_NAME)-staging'
+  - name: hostingType
+    value: 'containerapp'
+  - name: parametersFile
+    value: 'content/.morph/templates/infra/parameters.staging.json'
+  - name: imageName
+    value: '$(APP_NAME)'
+  - name: imageFullName
+    value: '$(containerRegistry)/$(imageName):$(imageTag)'
+
+stages:
+  # ===========================================================================
+  # STAGE 1: Build
+  # ===========================================================================
+  - stage: Build
+    displayName: 'Build & Test'
+    jobs:
+      - job: BuildJob
+        displayName: 'Build .NET Application'
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - checkout: self
+            fetchDepth: 1
+
+          - template: templates/build-dotnet.yml
+            parameters:
+              dotnetVersion: $(dotnetVersion)
+              buildConfiguration: $(buildConfiguration)
+              runTests: true
+              publishArtifact: false  # Don't need artifact for containers
+
+  # ===========================================================================
+  # STAGE 2: Deploy Infrastructure
+  # ===========================================================================
+  - stage: DeployInfra
+    displayName: 'Deploy Infrastructure'
+    dependsOn: Build
+    condition: succeeded()
+    jobs:
+      - deployment: DeployInfraJob
+        displayName: 'Deploy Bicep Templates'
+        pool:
+          vmImage: 'ubuntu-latest'
+        environment: 'staging'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                  fetchDepth: 1
+
+                - template: templates/infra-deploy.yml
+                  parameters:
+                    azureSubscription: 'Azure-Staging-Connection'
+                    resourceGroupName: $(resourceGroupName)
+                    location: $(azureLocation)
+                    environment: $(environment)
+                    appName: $(APP_NAME)
+                    hostingType: $(hostingType)
+                    bicepTemplateFile: $(bicepTemplateFile)
+                    parametersFile: $(parametersFile)
+
+  # ===========================================================================
+  # STAGE 3: Build and Push Container
+  # ===========================================================================
+  - stage: BuildContainer
+    displayName: 'Build Container'
+    dependsOn: DeployInfra
+    condition: succeeded()
+    jobs:
+      - job: BuildContainerJob
+        displayName: 'Build and Push Docker Image'
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - checkout: self
+            fetchDepth: 1
+
+          - task: Docker@2
+            displayName: 'Build and push container'
+            inputs:
+              containerRegistry: 'ACR-Connection'
+              repository: '$(imageName)'
+              command: 'buildAndPush'
+              Dockerfile: '$(dockerfilePath)'
+              tags: |
+                $(imageTag)
+                staging-latest
+                $(Build.BuildId)
+
+          - task: AzureCLI@2
+            displayName: 'Scan image for vulnerabilities'
+            continueOnError: true
+            inputs:
+              azureSubscription: 'Azure-Staging-Connection'
+              scriptType: 'bash'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                echo "🔍 Scanning image for vulnerabilities..."
+                az acr check-health --name $(ACR_NAME) --yes || true
+
+  # ===========================================================================
+  # STAGE 4: Deploy Container App
+  # ===========================================================================
+  - stage: DeployApp
+    displayName: 'Deploy Container App'
+    dependsOn: BuildContainer
+    condition: succeeded()
+    jobs:
+      - deployment: DeployAppJob
+        displayName: 'Deploy to Container Apps'
+        pool:
+          vmImage: 'ubuntu-latest'
+        environment: 'staging'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                  fetchDepth: 1
+
+                - template: templates/deploy-container-app.yml
+                  parameters:
+                    azureSubscription: 'Azure-Staging-Connection'
+                    containerAppName: $(containerAppName)
+                    resourceGroupName: $(resourceGroupName)
+                    containerRegistry: $(containerRegistry)
+                    imageName: $(imageName)
+                    imageTag: $(imageTag)
+                    acrServiceConnection: 'ACR-Connection'
+                    healthCheckUrl: '/health'
+                    healthCheckTimeout: 300
+
+  # ===========================================================================
+  # STAGE 5: Integration Tests
+  # ===========================================================================
+  - stage: IntegrationTests
+    displayName: 'Integration Tests'
+    dependsOn: DeployApp
+    condition: succeeded()
+    jobs:
+      - job: IntegrationTestsJob
+        displayName: 'Run Integration Tests'
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - task: AzureCLI@2
+            displayName: 'Get Container App URL'
+            name: getUrl
+            inputs:
+              azureSubscription: 'Azure-Staging-Connection'
+              scriptType: 'bash'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                FQDN=$(az containerapp show \
+                  --name $(containerAppName) \
+                  --resource-group $(resourceGroupName) \
+                  --query properties.configuration.ingress.fqdn -o tsv)
+
+                APP_URL="https://$FQDN"
+                echo "##vso[task.setvariable variable=appUrl]$APP_URL"
+                echo "Container App URL: $APP_URL"
+
+          - task: PowerShell@2
+            displayName: 'Run integration tests'
+            inputs:
+              targetType: 'inline'
+              script: |
+                $appUrl = "$(appUrl)"
+
+                Write-Host "🧪 Running integration tests against: $appUrl"
+
+                # Test endpoints
+                $endpoints = @("/", "/health", "/health/ready")
+
+                foreach ($endpoint in $endpoints) {
+                  $url = "$appUrl$endpoint"
+                  try {
+                    $response = Invoke-WebRequest -Uri $url -UseBasicParsing -TimeoutSec 10
+                    Write-Host "✅ $endpoint : $($response.StatusCode)"
+                  }
+                  catch {
+                    Write-Error "❌ $endpoint failed: $_"
+                    exit 1
+                  }
+                }
+
+                Write-Host "✅ All integration tests passed!"
+
+          - task: AzureCLI@2
+            displayName: 'Show deployment summary'
+            inputs:
+              azureSubscription: 'Azure-Staging-Connection'
+              scriptType: 'bash'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                echo "╔════════════════════════════════════════════════════════════════╗"
+                echo "║          STAGING DEPLOYMENT SUCCESSFUL                         ║"
+                echo "╚════════════════════════════════════════════════════════════════╝"
+                echo ""
+                echo "🌐 Application URL: $(appUrl)"
+                echo "📊 Environment: $(environment)"
+                echo "🐳 Container Image: $(imageFullName)"
+                echo "💰 Hosting: Container Apps (scale-to-zero) - ~$5-10/month"
+                echo "📦 Resource Group: $(resourceGroupName)"
+                echo ""
+                echo "💡 Next steps:"
+                echo "  1. Run manual QA tests"
+                echo "  2. Monitor auto-scaling behavior"
+                echo "  3. If stable for 24h, promote to production"
+                echo ""

package/content/.azure/pipelines/templates/build-dotnet.yml

@@ -0,0 +1,75 @@
+# ==============================================================================
+# MORPH-SPEC - Build .NET Template
+# Reusable template for building and testing .NET applications
+# ==============================================================================
+
+parameters:
+  - name: dotnetVersion
+    type: string
+    default: '8.x'
+  - name: buildConfiguration
+    type: string
+    default: 'Release'
+  - name: projectPath
+    type: string
+    default: '**/*.csproj'
+  - name: runTests
+    type: boolean
+    default: true
+  - name: publishArtifact
+    type: boolean
+    default: true
+
+steps:
+  - task: UseDotNetVersion@2
+    displayName: 'Install .NET SDK ${{ parameters.dotnetVersion }}'
+    inputs:
+      version: ${{ parameters.dotnetVersion }}
+      packageType: sdk
+
+  - task: DotNetCoreCLI@2
+    displayName: 'Restore NuGet packages'
+    inputs:
+      command: 'restore'
+      projects: '${{ parameters.projectPath }}'
+      feedsToUse: 'select'
+
+  - task: DotNetCoreCLI@2
+    displayName: 'Build solution'
+    inputs:
+      command: 'build'
+      projects: '${{ parameters.projectPath }}'
+      arguments: '--configuration ${{ parameters.buildConfiguration }} --no-restore'
+
+  - ${{ if eq(parameters.runTests, true) }}:
+    - task: DotNetCoreCLI@2
+      displayName: 'Run unit tests'
+      inputs:
+        command: 'test'
+        projects: '**/*Tests.csproj'
+        arguments: '--configuration ${{ parameters.buildConfiguration }} --no-build --collect:"XPlat Code Coverage" --logger trx'
+        publishTestResults: true
+
+    - task: PublishCodeCoverageResults@1
+      displayName: 'Publish code coverage'
+      condition: succeededOrFailed()
+      inputs:
+        codeCoverageTool: 'Cobertura'
+        summaryFileLocation: '$(Agent.TempDirectory)/**/*coverage.cobertura.xml'
+
+  - ${{ if eq(parameters.publishArtifact, true) }}:
+    - task: DotNetCoreCLI@2
+      displayName: 'Publish application'
+      inputs:
+        command: 'publish'
+        projects: '${{ parameters.projectPath }}'
+        arguments: '--configuration ${{ parameters.buildConfiguration }} --output $(Build.ArtifactStagingDirectory) --no-build'
+        publishWebProjects: true
+        zipAfterPublish: true
+
+    - task: PublishBuildArtifacts@1
+      displayName: 'Publish build artifacts'
+      inputs:
+        PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+        ArtifactName: 'drop'
+        publishLocation: 'Container'