mirror of
https://github.com/azaion/detections-semantic.git
synced 2026-04-23 00:56:37 +00:00
Sync .cursor from detections
This commit is contained in:
@@ -20,7 +20,7 @@ Plan and document the full deployment lifecycle: check deployment status and env
|
||||
|
||||
## Core Principles
|
||||
|
||||
- **Docker-first**: every component runs in a container; local dev, integration tests, and production all use Docker
|
||||
- **Docker-first**: every component runs in a container; local dev, blackbox tests, and production all use Docker
|
||||
- **Infrastructure as code**: all deployment configuration is version-controlled
|
||||
- **Observability built-in**: logging, metrics, and tracing are part of the deployment plan, not afterthoughts
|
||||
- **Environment parity**: dev, staging, and production environments mirror each other as closely as possible
|
||||
@@ -32,12 +32,12 @@ Plan and document the full deployment lifecycle: check deployment status and env
|
||||
|
||||
Fixed paths:
|
||||
|
||||
- PLANS_DIR: `_docs/02_plans/`
|
||||
- DOCUMENT_DIR: `_docs/02_document/`
|
||||
- DEPLOY_DIR: `_docs/04_deploy/`
|
||||
- REPORTS_DIR: `_docs/04_deploy/reports/`
|
||||
- SCRIPTS_DIR: `scripts/`
|
||||
- ARCHITECTURE: `_docs/02_plans/architecture.md`
|
||||
- COMPONENTS_DIR: `_docs/02_plans/components/`
|
||||
- ARCHITECTURE: `_docs/02_document/architecture.md`
|
||||
- COMPONENTS_DIR: `_docs/02_document/components/`
|
||||
|
||||
Announce the resolved paths to the user before proceeding.
|
||||
|
||||
@@ -45,18 +45,18 @@ Announce the resolved paths to the user before proceeding.
|
||||
|
||||
### Required Files
|
||||
|
||||
| File | Purpose |
|
||||
|------|---------|
|
||||
| `_docs/00_problem/problem.md` | Problem description and context |
|
||||
| `_docs/00_problem/restrictions.md` | Constraints and limitations |
|
||||
| `_docs/01_solution/solution.md` | Finalized solution |
|
||||
| `PLANS_DIR/architecture.md` | Architecture from plan skill |
|
||||
| `PLANS_DIR/components/` | Component specs |
|
||||
| File | Purpose | Required |
|
||||
|------|---------|----------|
|
||||
| `_docs/00_problem/problem.md` | Problem description and context | Greenfield only |
|
||||
| `_docs/00_problem/restrictions.md` | Constraints and limitations | Greenfield only |
|
||||
| `_docs/01_solution/solution.md` | Finalized solution | Greenfield only |
|
||||
| `DOCUMENT_DIR/architecture.md` | Architecture (from plan or document skill) | Always |
|
||||
| `DOCUMENT_DIR/components/` | Component specs | Always |
|
||||
|
||||
### Prerequisite Checks (BLOCKING)
|
||||
|
||||
1. `architecture.md` exists — **STOP if missing**, run `/plan` first
|
||||
2. At least one component spec exists in `PLANS_DIR/components/` — **STOP if missing**
|
||||
2. At least one component spec exists in `DOCUMENT_DIR/components/` — **STOP if missing**
|
||||
3. Create DEPLOY_DIR, REPORTS_DIR, and SCRIPTS_DIR if they do not exist
|
||||
4. If DEPLOY_DIR already contains artifacts, ask user: **resume from last checkpoint or start fresh?**
|
||||
|
||||
@@ -157,7 +157,7 @@ At the start of execution, create a TodoWrite with all steps (1 through 7). Upda
|
||||
### Step 2: Containerization
|
||||
|
||||
**Role**: DevOps / Platform engineer
|
||||
**Goal**: Define Docker configuration for every component, local development, and integration test environments
|
||||
**Goal**: Define Docker configuration for every component, local development, and blackbox test environments
|
||||
**Constraints**: Plan only — no Dockerfile creation. Describe what each Dockerfile should contain.
|
||||
|
||||
1. Read architecture.md and all component specs
|
||||
@@ -176,7 +176,7 @@ At the start of execution, create a TodoWrite with all steps (1 through 7). Upda
|
||||
- Any message queues, caches, or external service mocks
|
||||
- Shared network
|
||||
- Environment variable files (`.env`)
|
||||
6. Define `docker-compose.test.yml` for integration tests:
|
||||
6. Define `docker-compose.test.yml` for blackbox tests:
|
||||
- Application components under test
|
||||
- Test runner container (black-box, no internal imports)
|
||||
- Isolated database with seed data
|
||||
@@ -189,7 +189,7 @@ At the start of execution, create a TodoWrite with all steps (1 through 7). Upda
|
||||
- [ ] Non-root user for all containers
|
||||
- [ ] Health checks defined for every service
|
||||
- [ ] docker-compose.yml covers all components + dependencies
|
||||
- [ ] docker-compose.test.yml enables black-box integration testing
|
||||
- [ ] docker-compose.test.yml enables black-box testing
|
||||
- [ ] `.dockerignore` defined
|
||||
|
||||
**Save action**: Write `containerization.md` using `templates/containerization.md`
|
||||
@@ -212,7 +212,7 @@ At the start of execution, create a TodoWrite with all steps (1 through 7). Upda
|
||||
| Stage | Trigger | Steps | Quality Gate |
|
||||
|-------|---------|-------|-------------|
|
||||
| **Lint** | Every push | Run linters per language (black, rustfmt, prettier, dotnet format) | Zero errors |
|
||||
| **Test** | Every push | Unit tests, integration tests, coverage report | 75%+ coverage |
|
||||
| **Test** | Every push | Unit tests, blackbox tests, coverage report | 75%+ coverage (see `.cursor/rules/cursor-meta.mdc` Quality Thresholds) |
|
||||
| **Security** | Every push | Dependency audit, SAST scan (Semgrep/SonarQube), image scan (Trivy) | Zero critical/high CVEs |
|
||||
| **Build** | PR merge to dev | Build Docker images, tag with git SHA | Build succeeds |
|
||||
| **Push** | After build | Push to container registry | Push succeeds |
|
||||
@@ -458,7 +458,7 @@ At the start of execution, create a TodoWrite with all steps (1 through 7). Upda
|
||||
|
||||
- **Implementing during planning**: Steps 1–6 produce documents, not code (Step 7 is the exception — it creates scripts)
|
||||
- **Hardcoding secrets**: never include real credentials in deployment documents or scripts
|
||||
- **Ignoring integration test containerization**: the test environment must be containerized alongside the app
|
||||
- **Ignoring blackbox test containerization**: the test environment must be containerized alongside the app
|
||||
- **Skipping BLOCKING gates**: never proceed past a BLOCKING marker without user confirmation
|
||||
- **Using `:latest` tags**: always pin base image versions
|
||||
- **Forgetting observability**: logging, metrics, and tracing are deployment concerns, not post-deployment additions
|
||||
|
||||
@@ -28,7 +28,7 @@ Save as `_docs/04_deploy/ci_cd_pipeline.md`.
|
||||
|
||||
### Test
|
||||
- Unit tests: [framework and command]
|
||||
- Integration tests: [framework and command, uses docker-compose.test.yml]
|
||||
- Blackbox tests: [framework and command, uses docker-compose.test.yml]
|
||||
- Coverage threshold: 75% overall, 90% critical paths
|
||||
- Coverage report published as pipeline artifact
|
||||
|
||||
@@ -54,7 +54,7 @@ Save as `_docs/04_deploy/ci_cd_pipeline.md`.
|
||||
- Automated rollback on health check failure
|
||||
|
||||
### Smoke Tests
|
||||
- Subset of integration tests targeting staging environment
|
||||
- Subset of blackbox tests targeting staging environment
|
||||
- Validates critical user flows
|
||||
- Timeout: [maximum duration]
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ networks:
|
||||
[shared network]
|
||||
```
|
||||
|
||||
## Docker Compose — Integration Tests
|
||||
## Docker Compose — Blackbox Tests
|
||||
|
||||
```yaml
|
||||
# docker-compose.test.yml structure
|
||||
|
||||
@@ -0,0 +1,114 @@
|
||||
# Deployment Scripts Documentation Template
|
||||
|
||||
Save as `_docs/04_deploy/deploy_scripts.md`.
|
||||
|
||||
---
|
||||
|
||||
```markdown
|
||||
# [System Name] — Deployment Scripts
|
||||
|
||||
## Overview
|
||||
|
||||
| Script | Purpose | Location |
|
||||
|--------|---------|----------|
|
||||
| `deploy.sh` | Main deployment orchestrator | `scripts/deploy.sh` |
|
||||
| `pull-images.sh` | Pull Docker images from registry | `scripts/pull-images.sh` |
|
||||
| `start-services.sh` | Start all services | `scripts/start-services.sh` |
|
||||
| `stop-services.sh` | Graceful shutdown | `scripts/stop-services.sh` |
|
||||
| `health-check.sh` | Verify deployment health | `scripts/health-check.sh` |
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Docker and Docker Compose installed on target machine
|
||||
- SSH access to target machine (configured via `DEPLOY_HOST`)
|
||||
- Container registry credentials configured
|
||||
- `.env` file with required environment variables (see `.env.example`)
|
||||
|
||||
## Environment Variables
|
||||
|
||||
All scripts source `.env` from the project root or accept variables from the environment.
|
||||
|
||||
| Variable | Required By | Purpose |
|
||||
|----------|------------|---------|
|
||||
| `DEPLOY_HOST` | All (remote mode) | SSH target for remote deployment |
|
||||
| `REGISTRY_URL` | `pull-images.sh` | Container registry URL |
|
||||
| `REGISTRY_USER` | `pull-images.sh` | Registry authentication |
|
||||
| `REGISTRY_PASS` | `pull-images.sh` | Registry authentication |
|
||||
| `IMAGE_TAG` | `pull-images.sh`, `start-services.sh` | Image version to deploy (default: latest git SHA) |
|
||||
| [add project-specific variables] | | |
|
||||
|
||||
## Script Details
|
||||
|
||||
### deploy.sh
|
||||
|
||||
Main orchestrator that runs the full deployment flow.
|
||||
|
||||
**Usage**:
|
||||
- `./scripts/deploy.sh` — Deploy latest version
|
||||
- `./scripts/deploy.sh --rollback` — Rollback to previous version
|
||||
- `./scripts/deploy.sh --help` — Show usage
|
||||
|
||||
**Flow**:
|
||||
1. Validate required environment variables
|
||||
2. Call `pull-images.sh`
|
||||
3. Call `stop-services.sh`
|
||||
4. Call `start-services.sh`
|
||||
5. Call `health-check.sh`
|
||||
6. Report success or failure
|
||||
|
||||
**Rollback**: When `--rollback` is passed, reads the previous image tags saved by `stop-services.sh` and redeploys those versions.
|
||||
|
||||
### pull-images.sh
|
||||
|
||||
**Usage**: `./scripts/pull-images.sh [--help]`
|
||||
|
||||
**Steps**:
|
||||
1. Authenticate with container registry (`REGISTRY_URL`)
|
||||
2. Pull all required images with specified `IMAGE_TAG`
|
||||
3. Verify image integrity via digest check
|
||||
4. Report pull results per image
|
||||
|
||||
### start-services.sh
|
||||
|
||||
**Usage**: `./scripts/start-services.sh [--help]`
|
||||
|
||||
**Steps**:
|
||||
1. Run `docker compose up -d` with the correct env file
|
||||
2. Configure networks and volumes
|
||||
3. Wait for all containers to report healthy state
|
||||
4. Report startup status per service
|
||||
|
||||
### stop-services.sh
|
||||
|
||||
**Usage**: `./scripts/stop-services.sh [--help]`
|
||||
|
||||
**Steps**:
|
||||
1. Save current image tags to `previous_tags.env` (for rollback)
|
||||
2. Stop services with graceful shutdown period (30s)
|
||||
3. Clean up orphaned containers and networks
|
||||
|
||||
### health-check.sh
|
||||
|
||||
**Usage**: `./scripts/health-check.sh [--help]`
|
||||
|
||||
**Checks**:
|
||||
|
||||
| Service | Endpoint | Expected |
|
||||
|---------|----------|----------|
|
||||
| [Component 1] | `http://localhost:[port]/health/live` | HTTP 200 |
|
||||
| [Component 2] | `http://localhost:[port]/health/ready` | HTTP 200 |
|
||||
| [add all services] | | |
|
||||
|
||||
**Exit codes**:
|
||||
- `0` — All services healthy
|
||||
- `1` — One or more services unhealthy
|
||||
|
||||
## Common Script Properties
|
||||
|
||||
All scripts:
|
||||
- Use `#!/bin/bash` with `set -euo pipefail`
|
||||
- Support `--help` flag for usage information
|
||||
- Source `.env` from project root if present
|
||||
- Are idempotent where possible
|
||||
- Support remote execution via SSH when `DEPLOY_HOST` is set
|
||||
```
|
||||
Reference in New Issue
Block a user