242 lines
7.2 KiB
Bash
Executable File
242 lines
7.2 KiB
Bash
Executable File
# hooks/before_deploy.sh
|
||
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
# Get language setting from environment
|
||
LANG="${ORCHESTRA_LANGUAGE:-en}"
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "[before_deploy] 環境変数チェック、マイグレーションドライラン、ヘルスチェック実行中..."
|
||
else
|
||
echo "[before_deploy] Checking env vars, migrations dry-run, health..."
|
||
fi
|
||
|
||
DEPLOY_ENV="${DEPLOY_ENV:-production}"
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "→ デプロイ対象環境:$DEPLOY_ENV"
|
||
else
|
||
echo "→ Deployment target: $DEPLOY_ENV"
|
||
fi
|
||
|
||
# Environment variable validation
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "→ 必須環境変数の検証中..."
|
||
else
|
||
echo "→ Validating required environment variables..."
|
||
fi
|
||
|
||
REQUIRED_VARS=(
|
||
"DATABASE_URL"
|
||
"API_KEY"
|
||
# Add your required env vars here
|
||
)
|
||
|
||
missing_vars=()
|
||
for var in "${REQUIRED_VARS[@]}"; do
|
||
if [ -z "${!var:-}" ]; then
|
||
missing_vars+=("$var")
|
||
fi
|
||
done
|
||
|
||
if [ ${#missing_vars[@]} -gt 0 ]; then
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "❌ 必須環境変数が不足しています:"
|
||
else
|
||
echo "❌ Missing required environment variables:"
|
||
fi
|
||
printf ' - %s\n' "${missing_vars[@]}"
|
||
exit 1
|
||
fi
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "✅ 全ての必須環境変数が設定されています"
|
||
else
|
||
echo "✅ All required environment variables are set"
|
||
fi
|
||
|
||
# Database migration dry-run
|
||
if [ -f "package.json" ] && grep -q "prisma" package.json; then
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "→ Prismaマイグレーションドライラン実行中..."
|
||
else
|
||
echo "→ Running Prisma migration dry-run..."
|
||
fi
|
||
|
||
npx prisma migrate deploy --dry-run || {
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "❌ データベースマイグレーションドライランが失敗しました。デプロイ前にマイグレーションを確認してください。"
|
||
else
|
||
echo "❌ Database migration dry-run failed. Please review migrations before deploying."
|
||
fi
|
||
exit 1
|
||
}
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "✅ Prismaマイグレーションが検証されました"
|
||
else
|
||
echo "✅ Prisma migrations validated"
|
||
fi
|
||
elif [ -f "manage.py" ]; then
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "→ Djangoマイグレーションチェック実行中..."
|
||
else
|
||
echo "→ Running Django migration check..."
|
||
fi
|
||
|
||
python manage.py migrate --check || {
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "❌ Djangoマイグレーションが適用されていません。デプロイ前にマイグレーションを確認してください。"
|
||
else
|
||
echo "❌ Django migrations are not applied. Please review migrations before deploying."
|
||
fi
|
||
exit 1
|
||
}
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "✅ Djangoマイグレーションが検証されました"
|
||
else
|
||
echo "✅ Django migrations validated"
|
||
fi
|
||
elif command -v alembic &> /dev/null && [ -f "alembic.ini" ]; then
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "→ Alembicマイグレーションチェック実行中..."
|
||
else
|
||
echo "→ Running Alembic migration check..."
|
||
fi
|
||
|
||
alembic check || {
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "❌ Alembicマイグレーションが最新ではありません。デプロイ前にマイグレーションを確認してください。"
|
||
else
|
||
echo "❌ Alembic migrations are not up to date. Please review migrations before deploying."
|
||
fi
|
||
exit 1
|
||
}
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "✅ Alembicマイグレーションが検証されました"
|
||
else
|
||
echo "✅ Alembic migrations validated"
|
||
fi
|
||
else
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "ℹ️ データベースマイグレーションシステムが検出されませんでした。マイグレーションチェックをスキップします。"
|
||
else
|
||
echo "ℹ️ No database migration system detected. Skipping migration check."
|
||
fi
|
||
fi
|
||
|
||
# Health check for staging/production services
|
||
if [ "$DEPLOY_ENV" != "development" ]; then
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "→ デプロイ前ヘルスチェック実行中..."
|
||
else
|
||
echo "→ Performing pre-deployment health check..."
|
||
fi
|
||
|
||
# Check if staging/production API is accessible
|
||
HEALTH_URL="${HEALTH_CHECK_URL:-https://api.example.com/health}"
|
||
|
||
if command -v curl &> /dev/null; then
|
||
if curl -f -s --max-time 10 "$HEALTH_URL" > /dev/null; then
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "✅ 現在のデプロイは正常です:$HEALTH_URL"
|
||
else
|
||
echo "✅ Current deployment is healthy: $HEALTH_URL"
|
||
fi
|
||
else
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "⚠️ 警告:現在のデプロイのヘルスチェックが失敗しました"
|
||
echo " URL:$HEALTH_URL"
|
||
echo " 続行しますか? (y/N)"
|
||
else
|
||
echo "⚠️ Warning: Health check failed for current deployment"
|
||
echo " URL: $HEALTH_URL"
|
||
echo " Continue? (y/N)"
|
||
fi
|
||
read -r response
|
||
if [[ ! "$response" =~ ^[Yy]$ ]]; then
|
||
exit 1
|
||
fi
|
||
fi
|
||
else
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "⚠️ curlが利用できません。ヘルスチェックをスキップします。"
|
||
else
|
||
echo "⚠️ curl not available. Skipping health check."
|
||
fi
|
||
fi
|
||
fi
|
||
|
||
# Build validation
|
||
if [ -f "package.json" ]; then
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "→ 本番ビルドの検証中..."
|
||
else
|
||
echo "→ Validating production build..."
|
||
fi
|
||
|
||
npm run build || {
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "❌ 本番ビルドが失敗しました。"
|
||
else
|
||
echo "❌ Production build failed."
|
||
fi
|
||
exit 1
|
||
}
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "✅ 本番ビルドが成功しました"
|
||
else
|
||
echo "✅ Production build successful"
|
||
fi
|
||
fi
|
||
|
||
# Container image security scan (if using Docker)
|
||
if [ -f "Dockerfile" ] && command -v trivy &> /dev/null; then
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "→ Dockerイメージの脆弱性スキャン中..."
|
||
else
|
||
echo "→ Scanning Docker image for vulnerabilities..."
|
||
fi
|
||
|
||
docker build -t pre-deploy-check:latest . > /dev/null
|
||
trivy image --severity HIGH,CRITICAL --exit-code 1 pre-deploy-check:latest || {
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "❌ Dockerイメージに重大な脆弱性が見つかりました。"
|
||
else
|
||
echo "❌ Critical vulnerabilities found in Docker image."
|
||
fi
|
||
exit 1
|
||
}
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "✅ Dockerイメージセキュリティスキャンが通過しました"
|
||
else
|
||
echo "✅ Docker image security scan passed"
|
||
fi
|
||
fi
|
||
|
||
# Voice notification (Iris announces security checks completion)
|
||
VOICE_SCRIPT="$(dirname "$0")/../mcp-servers/play-voice.sh"
|
||
if [ -f "$VOICE_SCRIPT" ]; then
|
||
"$VOICE_SCRIPT" "iris" "deployment validation" 2>/dev/null || true
|
||
fi
|
||
|
||
if [ "$LANG" = "ja" ]; then
|
||
echo "✅ 全てのデプロイ前チェックが通過しました!$DEPLOY_ENV へのデプロイ準備完了"
|
||
else
|
||
echo "✅ All pre-deployment checks passed! Ready to deploy to $DEPLOY_ENV"
|
||
fi
|
||
|
||
# Auto-commit deployment validation results (Iris)
|
||
AUTO_COMMIT_SCRIPT="$(dirname "$0")/../mcp-servers/auto-commit.sh"
|
||
if [ -f "$AUTO_COMMIT_SCRIPT" ] && [ -x "$AUTO_COMMIT_SCRIPT" ]; then
|
||
"$AUTO_COMMIT_SCRIPT" \
|
||
"chore" \
|
||
"to validate deployment security" \
|
||
"Pass pre-deployment checks (env, migrations, health, build, security scan)" \
|
||
"Iris" 2>/dev/null || true
|
||
fi
|