cim_summary/backend/scripts/pre-deploy-check.sh

#!/bin/bash
# Pre-deployment validation script
# Checks for environment variable conflicts before deploying Firebase Functions

set -e

echo "🔍 Pre-deployment validation..."

# List of secrets that should NOT be in .env
SECRETS=(
  "ANTHROPIC_API_KEY"
  "OPENAI_API_KEY"
  "OPENROUTER_API_KEY"
  "DATABASE_URL"
  "SUPABASE_SERVICE_KEY"
  "SUPABASE_ANON_KEY"
  "EMAIL_PASS"
)

CONFLICTS=0

if [ -f .env ]; then
  echo "Checking .env file for secret conflicts..."
  
  for secret in "${SECRETS[@]}"; do
    if grep -q "^${secret}=" .env; then
      echo "⚠️  CONFLICT: ${secret} is in .env but should only be a Firebase Secret"
      CONFLICTS=$((CONFLICTS + 1))
    fi
  done
  
  if [ $CONFLICTS -gt 0 ]; then
    echo ""
    echo "❌ Found ${CONFLICTS} conflict(s). Please remove these from .env:"
    echo ""
    echo "For local development, use: npm run sync-secrets"
    echo "This will temporarily add secrets to .env for local testing."
    echo ""
    echo "To fix now, run: npm run clean-env-secrets"
    exit 1
  fi
else
  echo "✅ No .env file found (this is fine for deployment)"
fi

echo "✅ Pre-deployment check passed!"
exit 0