diff --git a/backend/package.json b/backend/package.json index 4cfe0dc..dcb7ae3 100644 --- a/backend/package.json +++ b/backend/package.json @@ -15,7 +15,10 @@ "db:migrate": "ts-node src/scripts/setup-database.ts", "db:seed": "ts-node src/models/seed.ts", "db:setup": "npm run db:migrate && node scripts/setup_supabase.js", - "deploy:firebase": "npm run build && firebase deploy --only functions", + "pre-deploy-check": "bash scripts/pre-deploy-check.sh", + "clean-env-secrets": "bash scripts/clean-env-secrets.sh", + "deploy:firebase": "npm run pre-deploy-check && npm run build && firebase deploy --only functions", + "deploy:firebase:force": "npm run build && firebase deploy --only functions", "deploy:cloud-run": "npm run build && gcloud run deploy cim-processor-backend --source . --region us-central1 --platform managed --allow-unauthenticated", "deploy:docker": "npm run build && docker build -t cim-processor-backend . && docker run -p 8080:8080 cim-processor-backend", "docker:build": "docker build -t cim-processor-backend .", @@ -23,6 +26,7 @@ "emulator": "firebase emulators:start --only functions", "emulator:ui": "firebase emulators:start --only functions --ui", "sync:config": "./scripts/sync-firebase-config.sh", + "sync-secrets": "ts-node src/scripts/sync-firebase-secrets-to-env.ts", "diagnose": "ts-node src/scripts/comprehensive-diagnostic.ts", "test:linkage": "ts-node src/scripts/test-linkage.ts", "test:postgres": "ts-node src/scripts/test-postgres-connection.ts", diff --git a/backend/scripts/clean-env-secrets.sh b/backend/scripts/clean-env-secrets.sh new file mode 100755 index 0000000..343cb0c --- /dev/null +++ b/backend/scripts/clean-env-secrets.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Remove secrets from .env file that should only be Firebase Secrets +# This prevents conflicts during deployment + +set -e + +if [ ! -f .env ]; then + echo "No .env file found" + exit 0 +fi + +# List of secrets to remove from .env +SECRETS=( + "ANTHROPIC_API_KEY" + "OPENAI_API_KEY" + "OPENROUTER_API_KEY" + "DATABASE_URL" + "SUPABASE_SERVICE_KEY" + "SUPABASE_ANON_KEY" + "EMAIL_PASS" +) + +echo "๐Ÿงน Cleaning secrets from .env file..." + +BACKUP_FILE=".env.pre-clean-$(date +%Y%m%d-%H%M%S).bak" +cp .env "$BACKUP_FILE" +echo "๐Ÿ“‹ Backup created: $BACKUP_FILE" + +REMOVED=0 +for secret in "${SECRETS[@]}"; do + if grep -q "^${secret}=" .env; then + # Remove the line (including commented versions) + sed -i.tmp "/^#*${secret}=/d" .env + rm -f .env.tmp + echo " โœ… Removed ${secret}" + REMOVED=$((REMOVED + 1)) + fi +done + +if [ $REMOVED -gt 0 ]; then + echo "" + echo "โœ… Removed ${REMOVED} secret(s) from .env" + echo "๐Ÿ’ก For local development, use: npm run sync-secrets" +else + echo "โœ… No secrets found in .env (already clean)" + rm "$BACKUP_FILE" +fi + diff --git a/backend/scripts/pre-deploy-check.sh b/backend/scripts/pre-deploy-check.sh new file mode 100755 index 0000000..c8c3361 --- /dev/null +++ b/backend/scripts/pre-deploy-check.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Pre-deployment validation script +# Checks for environment variable conflicts before deploying Firebase Functions + +set -e + +echo "๐Ÿ” Pre-deployment validation..." + +# List of secrets that should NOT be in .env +SECRETS=( + "ANTHROPIC_API_KEY" + "OPENAI_API_KEY" + "OPENROUTER_API_KEY" + "DATABASE_URL" + "SUPABASE_SERVICE_KEY" + "SUPABASE_ANON_KEY" + "EMAIL_PASS" +) + +CONFLICTS=0 + +if [ -f .env ]; then + echo "Checking .env file for secret conflicts..." + + for secret in "${SECRETS[@]}"; do + if grep -q "^${secret}=" .env; then + echo "โš ๏ธ CONFLICT: ${secret} is in .env but should only be a Firebase Secret" + CONFLICTS=$((CONFLICTS + 1)) + fi + done + + if [ $CONFLICTS -gt 0 ]; then + echo "" + echo "โŒ Found ${CONFLICTS} conflict(s). Please remove these from .env:" + echo "" + echo "For local development, use: npm run sync-secrets" + echo "This will temporarily add secrets to .env for local testing." + echo "" + echo "To fix now, run: npm run clean-env-secrets" + exit 1 + fi +else + echo "โœ… No .env file found (this is fine for deployment)" +fi + +echo "โœ… Pre-deployment check passed!" +exit 0 +