4040
4141echo "Creating .env file..."
4242echo "Press Enter to use default values shown in brackets"
43- echo ""
44- echo "NOTE: 'dev' and 'prod' are protected environments (CI/CD only)."
45- echo " Use your initials or a personal name for local development."
46- echo ""
4743
48- DEFAULT_ENV=$(whoami | tr -cd '[:alnum:]')
49- read -p "Environment name [$DEFAULT_ENV]: " ENV
50- ENV=${ENV:-$DEFAULT_ENV}
51- ENV=$(echo "$ENV" | tr -cd '[:alnum:]')
44+ read -p "Environment name (e.g., your initials) [dev]: " ENV
45+ ENV=${ENV:-dev}
5246
5347read -p "Datadog API Key: " DD_API_KEY
5448read -p "Datadog Site [datadoghq.eu]: " DD_SITE
@@ -168,88 +162,9 @@ run = "./scripts/test-services.sh --max-retries 5 --retry-delay 10"
168162# COMMIT_SHA=abc123 npx cdk deploy (from infra/aws directory)
169163# =============================================================================
170164
171- # =============================================================================
172- # aws: AWS deployment tasks
173- #
174- # Deployment modes are controlled via the DEPLOY_MODE environment variable:
175- # - local: Build containers from local Dockerfiles (DEPLOY_MODE=local)
176- # - release: Pull prebuilt images from GHCR tagged "latest" (DEPLOY_MODE=release)
177- # - (unset): Falls back to COMMIT_SHA env var, or "latest" if not set
178- #
179- # DEPLOY_MODE is NOT stored in .env, so it propagates naturally through
180- # subprocess calls. CDK's SharedProps reads DEPLOY_MODE and sets the
181- # appropriate image tag. Services can define their own aws:deploy:local
182- # and aws:deploy:release tasks that set DEPLOY_MODE and delegate to aws:deploy.
183- #
184- # To deploy a specific tagged version from the registry (e.g., a CI-built
185- # image), set COMMIT_SHA to the desired tag and run aws:deploy directly
186- # without setting DEPLOY_MODE. For example:
187- # COMMIT_SHA=abc123 npx cdk deploy (from infra/aws directory)
188- #
189- # PROTECTED ENVIRONMENTS:
190- # The 'dev' and 'prod' environments are protected and can ONLY be deployed
191- # to from CI/CD pipelines. Local deployments to these environments will be
192- # blocked by the aws:guard task. This ensures:
193- # - Production stability (no accidental local deployments)
194- # - Consistent deployment process through CI/CD
195- # - Audit trail for all production changes
196- #
197- # For local development, use a personal environment name (e.g., your initials).
198- # CI/CD pipelines are detected via standard environment variables:
199- # - CI=true (generic, set by most CI systems)
200- # - GITHUB_ACTIONS=true (GitHub Actions)
201- # - GITLAB_CI=true (GitLab CI)
202- # - CIRCLECI=true (CircleCI)
203- # - JENKINS_URL (Jenkins)
204- # =============================================================================
205-
206- # Guard task to prevent local deployments to protected environments (dev/prod)
207- # This task is automatically run as a dependency of aws:deploy:* tasks
208- [tasks ."aws:guard" ]
209- description = " Guard against deploying to protected environments locally"
210- hide = true
211- run = """
212- # Protected environment names - only CI/CD can deploy to these
213- PROTECTED_ENVS="dev prod"
214-
215- for protected in $PROTECTED_ENVS; do
216- if [ "$ENV" = "$protected" ]; then
217- # Check for common CI environment variables
218- # Most CI systems set at least one of these
219- if [ -n "$CI" ] || [ -n "$GITHUB_ACTIONS" ] || [ -n "$GITLAB_CI" ] || [ -n "$CIRCLECI" ] || [ -n "$JENKINS_URL" ]; then
220- echo "CI environment detected - allowing deployment to '$ENV'"
221- exit 0
222- fi
223-
224- echo ""
225- echo "=========================================="
226- echo " DEPLOYMENT BLOCKED"
227- echo "=========================================="
228- echo ""
229- echo " Cannot deploy to '$ENV' from a local machine."
230- echo ""
231- echo " The '$ENV' environment is protected and can only"
232- echo " be deployed to through CI/CD pipelines."
233- echo ""
234- echo " For local development, please use a personal"
235- echo " environment name (e.g., your initials):"
236- echo ""
237- echo " 1. Delete or edit your .env file"
238- echo " 2. Run: mise run env:setup"
239- echo " 3. Enter a personal environment name"
240- echo ""
241- echo "=========================================="
242- echo ""
243- exit 1
244- fi
245- done
246-
247- echo "Environment '$ENV' is not protected - proceeding with deployment"
248- """
249-
250165[tasks ."aws:deploy:local" ]
251166description = " Deploy to AWS (build containers locally)"
252- depends = [" env:setup" , " aws:guard " ]
167+ depends = [" env:setup" ]
253168env = { DEPLOY_MODE = " local" }
254169run = """
255170echo "=== Deploying Stickerlandia to AWS: $ENV (DEPLOY_MODE=$DEPLOY_MODE) ==="
@@ -264,7 +179,7 @@ echo "=== Deployment complete! ==="
264179
265180[tasks ."aws:deploy:release" ]
266181description = " Deploy to AWS using prebuilt GHCR images"
267- depends = [" env:setup" , " aws:guard " ]
182+ depends = [" env:setup" ]
268183env = { DEPLOY_MODE = " release" }
269184run = """
270185echo "=== Deploying Stickerlandia to AWS: $ENV (DEPLOY_MODE=$DEPLOY_MODE) ==="
@@ -279,7 +194,7 @@ echo "=== Deployment complete! ==="
279194
280195[tasks ."aws:down" ]
281196description = " Destroy all AWS stacks"
282- depends = [" //shared:aws:down" , " aws:guard " ]
197+ depends = [" //shared:aws:down" ]
283198run = """
284199echo '=== Cleaning up CDK context cache ==='
285200find . -name 'cdk.context.json' -type f -delete
0 commit comments