@polymorphism-tech/morph-spec 2.4.0 → 3.0.0

package/src/commands/deploy.js

@@ -0,0 +1,780 @@
+/**
+ * MORPH-SPEC Deploy Command
+ * Azure Container Apps deployment orchestrator with playbook-driven approach
+ */
+
+import fs from 'fs';
+import path from 'path';
+import ora from 'ora';
+import chalk from 'chalk';
+import { execSync, exec } from 'child_process';
+import { logger } from '../utils/logger.js';
+import * as CostCalculator from '../lib/cost-calculator.js';
+
+// ============================================================================
+// Configuration Detection
+// ============================================================================
+
+/**
+ * Find appsettings.json files in project
+ * @param {string} projectPath - Root path to search
+ * @returns {string[]} - Array of appsettings file paths
+ */
+export function findAppSettingsFiles(projectPath = '.') {
+  const files = [];
+  const patterns = ['appsettings.json', 'appsettings.*.json'];
+
+  function searchDir(dir) {
+    try {
+      const entries = fs.readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+
+        // Skip node_modules, bin, obj, .git
+        if (entry.isDirectory() && !['node_modules', 'bin', 'obj', '.git', '.morph'].includes(entry.name)) {
+          searchDir(fullPath);
+        } else if (entry.isFile() && patterns.some(p =>
+          entry.name === 'appsettings.json' || entry.name.match(/^appsettings\..+\.json$/)
+        )) {
+          files.push(fullPath);
+        }
+      }
+    } catch (err) {
+      // Ignore permission errors
+    }
+  }
+
+  searchDir(projectPath);
+  return files;
+}
+
+/**
+ * Find Program.cs files in project
+ * @param {string} projectPath - Root path to search
+ * @returns {string[]} - Array of Program.cs paths
+ */
+export function findProgramCsFiles(projectPath = '.') {
+  const files = [];
+
+  function searchDir(dir) {
+    try {
+      const entries = fs.readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+
+        if (entry.isDirectory() && !['node_modules', 'bin', 'obj', '.git'].includes(entry.name)) {
+          searchDir(fullPath);
+        } else if (entry.isFile() && entry.name === 'Program.cs') {
+          files.push(fullPath);
+        }
+      }
+    } catch (err) {
+      // Ignore permission errors
+    }
+  }
+
+  searchDir(projectPath);
+  return files;
+}
+
+/**
+ * Parse appsettings.json and extract configuration paths
+ * @param {string} filePath - Path to appsettings.json
+ * @returns {Object} - Parsed configuration with paths
+ */
+export function parseAppSettings(filePath) {
+  const content = fs.readFileSync(filePath, 'utf-8');
+  const config = JSON.parse(content);
+  const paths = [];
+
+  function extractPaths(obj, prefix = '') {
+    for (const [key, value] of Object.entries(obj)) {
+      const currentPath = prefix ? `${prefix}:${key}` : key;
+
+      if (typeof value === 'object' && value !== null && !Array.isArray(value)) {
+        extractPaths(value, currentPath);
+      } else {
+        paths.push({
+          configPath: currentPath,
+          envVar: currentPath.replace(/:/g, '__').toUpperCase(),
+          value: typeof value === 'string' && value.includes('your-') ? '(placeholder)' :
+                 typeof value === 'string' && value.length > 50 ? '(long-value)' : value,
+          isSecret: key.toLowerCase().includes('secret') ||
+                    key.toLowerCase().includes('password') ||
+                    key.toLowerCase().includes('key') ||
+                    key.toLowerCase().includes('connection') ||
+                    currentPath.toLowerCase().includes('connectionstrings')
+        });
+      }
+    }
+  }
+
+  extractPaths(config);
+  return { file: filePath, paths };
+}
+
+/**
+ * Detect Blazor Server patterns in Program.cs
+ * @param {string} filePath - Path to Program.cs
+ * @returns {Object} - Detection results
+ */
+export function detectBlazorServer(filePath) {
+  const content = fs.readFileSync(filePath, 'utf-8');
+
+  const patterns = {
+    interactiveServer: /\.AddInteractiveServerComponents\s*\(/,
+    serverSideBlazor: /\.AddServerSideBlazor\s*\(/,
+    razorComponents: /\.AddRazorComponents\s*\(\)\.AddInteractiveServerComponents\s*\(/,
+    blazorHub: /\.MapBlazorHub\s*\(/,
+    signalR: /\.AddSignalR\s*\(/
+  };
+
+  const detected = {};
+  for (const [name, pattern] of Object.entries(patterns)) {
+    detected[name] = pattern.test(content);
+  }
+
+  const isBlazorServer = detected.interactiveServer ||
+                          detected.serverSideBlazor ||
+                          detected.razorComponents ||
+                          detected.blazorHub;
+
+  return {
+    isBlazorServer,
+    requiresStickySessions: isBlazorServer,
+    patterns: detected
+  };
+}
+
+/**
+ * Detect authentication patterns in Program.cs
+ * @param {string} filePath - Path to Program.cs
+ * @returns {Object} - Auth detection results
+ */
+export function detectAuthentication(filePath) {
+  const content = fs.readFileSync(filePath, 'utf-8');
+
+  const patterns = {
+    azureAd: /\.AddMicrosoftIdentityWebApp\s*\(|GetSection\s*\(\s*["']AzureAd["']\s*\)/,
+    clerk: /Clerk|ClerkOptions|AddClerk/i,
+    identity: /\.AddIdentity\s*\(|\.AddDefaultIdentity\s*\(/,
+    jwt: /\.AddJwtBearer\s*\(/,
+    cookie: /\.AddCookie\s*\(/
+  };
+
+  const detected = {};
+  for (const [name, pattern] of Object.entries(patterns)) {
+    detected[name] = pattern.test(content);
+  }
+
+  return {
+    hasAuth: Object.values(detected).some(v => v),
+    providers: detected
+  };
+}
+
+/**
+ * Detect Hangfire patterns
+ * @param {string} filePath - Path to Program.cs
+ * @returns {boolean} - Whether Hangfire is detected
+ */
+export function detectHangfire(filePath) {
+  const content = fs.readFileSync(filePath, 'utf-8');
+  return /AddHangfire\s*\(|UseHangfireDashboard\s*\(/i.test(content);
+}
+
+/**
+ * Generate complete configuration mapping
+ * @param {string} projectPath - Root path
+ * @returns {Object} - Complete configuration analysis
+ */
+export function detectProjectConfig(projectPath = '.') {
+  const appSettingsFiles = findAppSettingsFiles(projectPath);
+  const programCsFiles = findProgramCsFiles(projectPath);
+
+  const configs = appSettingsFiles.map(f => parseAppSettings(f));
+
+  let blazorServer = { isBlazorServer: false, requiresStickySessions: false };
+  let auth = { hasAuth: false, providers: {} };
+  let hangfire = false;
+
+  for (const file of programCsFiles) {
+    const blazorResult = detectBlazorServer(file);
+    if (blazorResult.isBlazorServer) {
+      blazorServer = blazorResult;
+    }
+
+    const authResult = detectAuthentication(file);
+    if (authResult.hasAuth) {
+      auth = authResult;
+    }
+
+    if (detectHangfire(file)) {
+      hangfire = true;
+    }
+  }
+
+  // Consolidate all config paths
+  const allPaths = [];
+  const seen = new Set();
+
+  for (const config of configs) {
+    for (const p of config.paths) {
+      if (!seen.has(p.configPath)) {
+        seen.add(p.configPath);
+        allPaths.push(p);
+      }
+    }
+  }
+
+  return {
+    appSettingsFiles,
+    programCsFiles,
+    configs: allPaths,
+    blazorServer,
+    auth,
+    hangfire,
+    envVarsMapping: allPaths.map(p => ({
+      configPath: p.configPath,
+      envVar: p.envVar,
+      isSecret: p.isSecret,
+      type: p.isSecret ? 'Secret' : 'Plain'
+    }))
+  };
+}
+
+/**
+ * Generate environment variables mapping for display
+ * @param {Object} config - Project configuration
+ * @returns {string} - Formatted mapping table
+ */
+export function generateEnvVarsMapping(config) {
+  const secrets = config.envVarsMapping.filter(e => e.isSecret);
+  const plain = config.envVarsMapping.filter(e => !e.isSecret);
+
+  let output = '\n## Environment Variables Mapping\n\n';
+
+  if (secrets.length > 0) {
+    output += '### Secrets (require user input)\n';
+    output += '| Config Path | Environment Variable | Type |\n';
+    output += '|-------------|---------------------|------|\n';
+    secrets.forEach(s => {
+      output += `| ${s.configPath} | ${s.envVar} | Secret |\n`;
+    });
+    output += '\n';
+  }
+
+  if (plain.length > 0) {
+    output += '### Plain Values\n';
+    output += '| Config Path | Environment Variable |\n';
+    output += '|-------------|---------------------|\n';
+    plain.slice(0, 10).forEach(p => {
+      output += `| ${p.configPath} | ${p.envVar} |\n`;
+    });
+    if (plain.length > 10) {
+      output += `| ... and ${plain.length - 10} more |\n`;
+    }
+    output += '\n';
+  }
+
+  return output;
+}
+
+// ============================================================================
+// Prerequisites Validation
+// ============================================================================
+
+/**
+ * Validate all prerequisites for deployment
+ * @returns {Object} - Validation results
+ */
+export function validatePrerequisites() {
+  const checks = [];
+
+  // Azure CLI
+  try {
+    const azVersion = execSync('az --version', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+    const versionMatch = azVersion.match(/azure-cli\s+(\d+\.\d+\.\d+)/);
+    checks.push({
+      name: 'Azure CLI',
+      passed: true,
+      version: versionMatch ? versionMatch[1] : 'unknown',
+      message: `Azure CLI ${versionMatch ? versionMatch[1] : ''} installed`
+    });
+  } catch {
+    checks.push({
+      name: 'Azure CLI',
+      passed: false,
+      message: 'Azure CLI not found',
+      fix: 'Download from: https://aka.ms/installazurecliwindows'
+    });
+  }
+
+  // Azure Login
+  try {
+    const account = execSync('az account show --output json', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+    const accountInfo = JSON.parse(account);
+    checks.push({
+      name: 'Azure Login',
+      passed: true,
+      subscription: accountInfo.name,
+      subscriptionId: accountInfo.id,
+      message: `Logged in to ${accountInfo.name}`
+    });
+  } catch {
+    checks.push({
+      name: 'Azure Login',
+      passed: false,
+      message: 'Not logged in to Azure',
+      fix: 'Run: az login --tenant <TENANT-ID>'
+    });
+  }
+
+  // Docker
+  try {
+    execSync('docker info', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+    const dockerVersion = execSync('docker --version', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+    checks.push({
+      name: 'Docker',
+      passed: true,
+      message: dockerVersion.trim()
+    });
+  } catch {
+    checks.push({
+      name: 'Docker',
+      passed: false,
+      message: 'Docker not running',
+      fix: 'Start Docker Desktop'
+    });
+  }
+
+  // .NET SDK
+  try {
+    const dotnetVersion = execSync('dotnet --version', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+    checks.push({
+      name: '.NET SDK',
+      passed: true,
+      version: dotnetVersion.trim(),
+      message: `.NET ${dotnetVersion.trim()} installed`
+    });
+  } catch {
+    checks.push({
+      name: '.NET SDK',
+      passed: false,
+      message: '.NET SDK not found',
+      fix: 'Download from: https://dot.net/download'
+    });
+  }
+
+  // dotnet-ef
+  try {
+    const efList = execSync('dotnet tool list --global', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+    const hasEf = efList.includes('dotnet-ef');
+    if (hasEf) {
+      checks.push({
+        name: 'dotnet-ef',
+        passed: true,
+        message: 'EF Core tools installed'
+      });
+    } else {
+      throw new Error('Not found');
+    }
+  } catch {
+    checks.push({
+      name: 'dotnet-ef',
+      passed: false,
+      message: 'EF Core tools not found',
+      fix: 'Run: dotnet tool install --global dotnet-ef'
+    });
+  }
+
+  // Bicep files
+  const hasBicep = fs.existsSync('infra/main.bicep');
+  checks.push({
+    name: 'Bicep templates',
+    passed: hasBicep,
+    message: hasBicep ? 'infra/main.bicep found' : 'No Bicep templates found',
+    fix: hasBicep ? null : 'Run: /morph-infra init'
+  });
+
+  // Dockerfile
+  const hasDockerfile = fs.existsSync('Dockerfile');
+  checks.push({
+    name: 'Dockerfile',
+    passed: hasDockerfile,
+    message: hasDockerfile ? 'Dockerfile found' : 'No Dockerfile found',
+    fix: hasDockerfile ? null : 'Create Dockerfile for the project'
+  });
+
+  return {
+    allPassed: checks.every(c => c.passed),
+    checks
+  };
+}
+
+/**
+ * Validate password for special characters
+ * @param {string} password - Password to validate
+ * @returns {Object} - Validation result
+ */
+export function validatePassword(password) {
+  const specialChars = /[!@#$%^&*()+=\[\]{}|;:'",<>?/\\`~]/;
+  const hasSpecial = specialChars.test(password);
+
+  return {
+    valid: !hasSpecial && password.length >= 16,
+    hasSpecialChars: hasSpecial,
+    length: password.length,
+    warnings: [
+      hasSpecial ? 'Contains special characters that may cause escape issues' : null,
+      password.length < 16 ? 'Password should be at least 16 characters' : null
+    ].filter(Boolean)
+  };
+}
+
+// ============================================================================
+// Rollback Functions
+// ============================================================================
+
+/**
+ * List available revisions for rollback
+ * @param {string} appName - Container App name
+ * @param {string} resourceGroup - Resource group name
+ * @returns {string[]} - List of revision names
+ */
+export function listRevisions(appName, resourceGroup) {
+  try {
+    const result = execSync(
+      `az containerapp revision list --name ${appName} --resource-group ${resourceGroup} --query "[].{name:name,active:properties.active,traffic:properties.trafficWeight,created:properties.createdTime}" -o json`,
+      { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }
+    );
+    return JSON.parse(result);
+  } catch (error) {
+    throw new Error(`Failed to list revisions: ${error.message}`);
+  }
+}
+
+/**
+ * Execute rollback to previous revision
+ * @param {string} appName - Container App name
+ * @param {string} resourceGroup - Resource group name
+ * @param {string} revision - Target revision name
+ */
+export function executeRollback(appName, resourceGroup, revision) {
+  try {
+    execSync(
+      `az containerapp revision activate --name ${appName} --resource-group ${resourceGroup} --revision ${revision}`,
+      { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }
+    );
+    return { success: true, revision };
+  } catch (error) {
+    throw new Error(`Rollback failed: ${error.message}`);
+  }
+}
+
+// ============================================================================
+// Azure DevOps Pipeline Generation
+// ============================================================================
+
+/**
+ * Generate Azure DevOps pipeline YAML
+ * @param {Object} options - Pipeline options
+ * @returns {string} - YAML content
+ */
+export function generatePipelineYaml(options = {}) {
+  const {
+    projectName = 'myapp',
+    acrName = 'myacr',
+    environments = ['dev', 'staging', 'prod']
+  } = options;
+
+  let yaml = `# Azure DevOps Pipeline for ${projectName}
+# Generated by MORPH-SPEC Azure Deploy Specialist
+
+trigger:
+  branches:
+    include:
+      - main
+      - develop
+
+pr:
+  branches:
+    include:
+      - main
+
+variables:
+  - group: 'deploy-secrets'
+  - name: projectName
+    value: '${projectName}'
+  - name: acrName
+    value: '${acrName}'
+
+stages:
+  - stage: Build
+    displayName: 'Build and Push Docker Image'
+    jobs:
+      - job: BuildAndPush
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          - task: Docker@2
+            displayName: 'Build and Push'
+            inputs:
+              containerRegistry: 'acr-service-connection'
+              repository: '\$(projectName)'
+              command: 'buildAndPush'
+              Dockerfile: '**/Dockerfile'
+              tags: |
+                \$(Build.BuildId)
+                latest
+
+`;
+
+  // Add deployment stages for each environment
+  for (const env of environments) {
+    const condition = env === 'prod'
+      ? `and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))`
+      : env === 'staging'
+      ? `and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))`
+      : `succeeded()`;
+
+    yaml += `
+  - stage: Deploy${env.charAt(0).toUpperCase() + env.slice(1)}
+    displayName: 'Deploy to ${env.toUpperCase()}'
+    dependsOn: Build
+    condition: ${condition}
+    jobs:
+      - deployment: DeployTo${env.charAt(0).toUpperCase() + env.slice(1)}
+        displayName: 'Deploy to ${env}'
+        pool:
+          vmImage: 'ubuntu-latest'
+        environment: '${env}'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - task: AzureCLI@2
+                  displayName: 'Deploy Container App'
+                  inputs:
+                    azureSubscription: 'azure-service-connection'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      npx @polymorphism-tech/morph-spec deploy ${env} --auto \\
+                        --sql-password "\$(SqlPassword${env.charAt(0).toUpperCase() + env.slice(1)})" \\
+                        --skip-confirmation
+
+`;
+  }
+
+  return yaml;
+}
+
+// ============================================================================
+// Main Command
+// ============================================================================
+
+/**
+ * Main deploy command
+ * @param {string} environment - Target environment (dev, staging, prod)
+ * @param {Object} options - CLI options
+ */
+export async function deployCommand(environment, options) {
+  logger.header('MORPH-SPEC Azure Deploy Specialist');
+  logger.blank();
+
+  // Validate environment
+  const validEnvs = ['dev', 'staging', 'prod'];
+  if (environment && !validEnvs.includes(environment)) {
+    logger.error(`Invalid environment: ${environment}`);
+    logger.dim(`  Valid options: ${validEnvs.join(', ')}`);
+    process.exit(1);
+  }
+
+  // Handle special commands
+  if (options.rollback) {
+    return handleRollback(options);
+  }
+
+  if (options.generatePipeline) {
+    return handleGeneratePipeline(options);
+  }
+
+  // Default: analyze project
+  if (!environment) {
+    return analyzeProject(options);
+  }
+
+  // Full deploy flow
+  return executeDeployFlow(environment, options);
+}
+
+/**
+ * Analyze project configuration
+ */
+async function analyzeProject(options) {
+  logger.info('Analyzing project configuration...');
+  logger.blank();
+
+  const spinner = ora('Detecting configuration...').start();
+
+  try {
+    const config = detectProjectConfig('.');
+    spinner.succeed('Configuration detected');
+    logger.blank();
+
+    // Prerequisites
+    logger.header('Prerequisites');
+    const prereqs = validatePrerequisites();
+    prereqs.checks.forEach(check => {
+      if (check.passed) {
+        logger.success(`  ${check.name}: ${check.message}`);
+      } else {
+        logger.error(`  ${check.name}: ${check.message}`);
+        if (check.fix) {
+          logger.dim(`    Fix: ${check.fix}`);
+        }
+      }
+    });
+    logger.blank();
+
+    // Configuration files
+    logger.header('Configuration Files');
+    logger.dim(`  appsettings.json files: ${config.appSettingsFiles.length}`);
+    config.appSettingsFiles.forEach(f => logger.dim(`    - ${f}`));
+    logger.dim(`  Program.cs files: ${config.programCsFiles.length}`);
+    logger.blank();
+
+    // Blazor Server
+    if (config.blazorServer.isBlazorServer) {
+      logger.header('Blazor Server Detected');
+      logger.warn('  Sticky sessions REQUIRED for Blazor Server');
+      logger.dim('  Will be configured automatically during deploy');
+      logger.blank();
+    }
+
+    // Authentication
+    if (config.auth.hasAuth) {
+      logger.header('Authentication Detected');
+      Object.entries(config.auth.providers).forEach(([provider, detected]) => {
+        if (detected) {
+          logger.dim(`  - ${provider}`);
+        }
+      });
+      logger.blank();
+    }
+
+    // Hangfire
+    if (config.hangfire) {
+      logger.header('Hangfire Detected');
+      logger.dim('  Background jobs will be configured');
+      logger.blank();
+    }
+
+    // Environment Variables
+    logger.header('Environment Variables');
+    const secrets = config.envVarsMapping.filter(e => e.isSecret);
+    const plain = config.envVarsMapping.filter(e => !e.isSecret);
+    logger.dim(`  Secrets: ${secrets.length}`);
+    logger.dim(`  Plain: ${plain.length}`);
+    logger.blank();
+
+    if (secrets.length > 0) {
+      logger.header('Secrets Required (will prompt during deploy)');
+      secrets.forEach(s => {
+        logger.dim(`  - ${s.configPath} -> ${s.envVar}`);
+      });
+      logger.blank();
+    }
+
+    // JSON output
+    if (options.json) {
+      console.log(JSON.stringify({
+        prerequisites: prereqs,
+        configuration: config
+      }, null, 2));
+    }
+
+    // Next steps
+    logger.header('Next Steps');
+    if (!prereqs.allPassed) {
+      logger.warn('  1. Fix prerequisites issues listed above');
+    }
+    logger.dim('  1. Run: morph-spec deploy dev');
+    logger.dim('  2. Provide secrets when prompted');
+    logger.dim('  3. Confirm what-if before deploy');
+    logger.blank();
+
+  } catch (error) {
+    spinner.fail('Analysis failed');
+    logger.error(error.message);
+    process.exit(1);
+  }
+}
+
+/**
+ * Handle rollback command
+ */
+async function handleRollback(options) {
+  logger.header('Rollback');
+  logger.warn('Rollback functionality requires interactive mode');
+  logger.dim('  Use: /morph-deploy --rollback in Claude Code');
+  logger.blank();
+  process.exit(0);
+}
+
+/**
+ * Handle pipeline generation
+ */
+async function handleGeneratePipeline(options) {
+  logger.header('Generate Azure DevOps Pipeline');
+  logger.blank();
+
+  const yaml = generatePipelineYaml({
+    projectName: options.projectName || 'myapp',
+    acrName: options.acrName || 'myacr',
+    environments: ['dev', 'staging', 'prod']
+  });
+
+  const outputPath = 'azure-pipelines.yml';
+  fs.writeFileSync(outputPath, yaml);
+
+  logger.success(`Pipeline generated: ${outputPath}`);
+  logger.blank();
+  logger.dim('Next steps:');
+  logger.dim('  1. Review and customize the generated pipeline');
+  logger.dim('  2. Create service connections in Azure DevOps');
+  logger.dim('  3. Create variable group "deploy-secrets" with your secrets');
+  logger.dim('  4. Commit and push to trigger the pipeline');
+  logger.blank();
+}
+
+/**
+ * Execute full deploy flow
+ */
+async function executeDeployFlow(environment, options) {
+  logger.info(`Starting deploy to ${environment.toUpperCase()}...`);
+  logger.blank();
+
+  if (options.auto) {
+    logger.warn('Running in AUTO mode (CI/CD)');
+    logger.blank();
+  }
+
+  // This is primarily for analysis - full deployment is orchestrated by Claude
+  // using the slash command /morph-deploy which has interactive capabilities
+
+  logger.warn('Full deployment requires interactive mode');
+  logger.dim('  Use: /morph-deploy ' + environment + ' in Claude Code');
+  logger.blank();
+  logger.dim('  The slash command provides:');
+  logger.dim('  - Interactive secret collection');
+  logger.dim('  - What-if confirmation');
+  logger.dim('  - Progress tracking');
+  logger.dim('  - Automatic rollback on failure');
+  logger.blank();
+
+  if (options.dryRun) {
+    logger.info('Dry run completed. No changes made.');
+  }
+}