cce-platform/.env.prod.example at main · Azm-Tech/cce-platform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# CCE production environment file (Sub-10c)
# ===========================================================================
# Copy this file to C:\ProgramData\CCE\.env.prod on the deployment host,
# fill in real values, then lock it down:
#   icacls C:\ProgramData\CCE\.env.prod /inheritance:r /grant:r "Administrators:R" "<deploy-user>:R"
#
# deploy.ps1 -Environment prod reads this file. validate-env.ps1
# rejects placeholder values (anything matching <set-me>, <github-org-or-user>,
# Strong!Passw0rd, etc.) at deploy time.

# ─── Image refs (drives rollback via image-tag pinning) ─────────────────────
CCE_REGISTRY_OWNER=<github-org-or-user>     # e.g. moenergy-cce
CCE_IMAGE_TAG=app-v1.0.0                    # release tag, full SHA, or "latest"

# ─── Database ───────────────────────────────────────────────────────────────
INFRA_SQL=Server=host.docker.internal,1433;Database=CCE;User Id=cce_app;Password=<set-me>;TrustServerCertificate=True;Encrypt=True

# ─── Cache / queue ──────────────────────────────────────────────────────────
INFRA_REDIS=host.docker.internal:6379

# ─── Identity (Entra ID — Sub-11; multi-tenant + Microsoft Graph) ──────────
# Tenant + provisioner app for infra/entra/apply-app-registration.ps1.
# (Provisioner app is separate from the runtime CCE app — split privilege.)
ENTRA_TENANT_ID=<set-me>
ENTRA_PROVISIONER_CLIENT_ID=<set-me>
ENTRA_PROVISIONER_CLIENT_SECRET=<set-me>

# Runtime CCE app — populated AFTER apply-app-registration.ps1 first run.
ENTRA_CLIENT_ID=<set-me>
ENTRA_CLIENT_SECRET=<set-me>
ENTRA_AUDIENCE=api://<runtime-app-client-id>
ENTRA_GRAPH_TENANT_ID=<set-me>
ENTRA_GRAPH_TENANT_DOMAIN=cce.onmicrosoft.com

# Hostname-to-redirect-URI mapping (consumed by apply-app-registration.ps1
# manifest substitution step).
HOSTNAME_PORTAL_TEST=taqah-portal-test.example.com
HOSTNAME_PORTAL_PREPROD=taqah-portal-preprod.example.com
HOSTNAME_PORTAL_PROD=taqah-portal.example.com
HOSTNAME_PORTAL_DR=taqah-portal-dr.example.com
HOSTNAME_CMS_TEST=taqah-cms-test.example.com
HOSTNAME_CMS_PREPROD=taqah-cms-preprod.example.com
HOSTNAME_CMS_PROD=taqah-cms.example.com
HOSTNAME_CMS_DR=taqah-cms-dr.example.com

# ─── IIS reverse proxy (Phase 02 consumes) ──────────────────────────────────
# Either thumbprint of imported cert OR PFX path + password, not both.
IIS_CERT_THUMBPRINT=                        # e.g. A1B2C3D4...
IIS_CERT_PFX_PATH=                          # e.g. C:\ProgramData\CCE\certs\cce-prod.pfx
IIS_CERT_PFX_PASSWORD=                      # required if IIS_CERT_PFX_PATH set
IIS_HOSTNAMES=CCE-ext,CCE-admin-Panel,api.CCE,Api.CCE-admin-Panel

# ─── Assistant (Anthropic LLM) ──────────────────────────────────────────────
ASSISTANT_PROVIDER=anthropic                # or "stub" to disable
ANTHROPIC_API_KEY=<set-me>                  # required when provider=anthropic

# ─── Observability ──────────────────────────────────────────────────────────
LOG_LEVEL=Information
SENTRY_DSN=                                 # leave blank to disable
SENTRY_ENVIRONMENT=production               # MUST match -Environment
SENTRY_RELEASE=app-v1.0.0                   # SHOULD match CCE_IMAGE_TAG

# ─── Migration behaviour ────────────────────────────────────────────────────
MIGRATE_ON_DEPLOY=true                      # set false to skip migrator service
MIGRATE_SEED_REFERENCE=true                 # seed reference data alongside migrate

# ─── Auto-rollback (Phase 04 consumes) ──────────────────────────────────────
AUTO_ROLLBACK=false                         # prod: false; test/preprod: true

# ─── Backup automation (Phase 03 consumes) ─────────────────────────────────
BACKUP_UNC_HOST=backup-server.cce.local
BACKUP_UNC_SHARE=cce-backups
BACKUP_UNC_USER=<set-me>
BACKUP_UNC_PASSWORD=<set-me>
BACKUP_RETENTION_DAYS_FULL=7
BACKUP_RETENTION_DAYS_DIFF=7
BACKUP_RETENTION_HOURS_LOG=24

# ─── Optional: ghcr.io auth (otherwise rely on existing docker login session) ─
CCE_GHCR_TOKEN=                             # PAT with read:packages

# ─── Required-key catalogue (deploy.ps1 + validate-env.ps1 enforce) ────────
#   CCE_REGISTRY_OWNER, CCE_IMAGE_TAG, INFRA_SQL, INFRA_REDIS,
#   ENTRA_TENANT_ID, ENTRA_PROVISIONER_CLIENT_ID,
#   ENTRA_PROVISIONER_CLIENT_SECRET, ENTRA_CLIENT_ID, ENTRA_CLIENT_SECRET,
#   ENTRA_AUDIENCE, ENTRA_GRAPH_TENANT_ID, ENTRA_GRAPH_TENANT_DOMAIN,
#   HOSTNAME_PORTAL_TEST, HOSTNAME_PORTAL_PREPROD, HOSTNAME_PORTAL_PROD,
#   HOSTNAME_PORTAL_DR, HOSTNAME_CMS_TEST, HOSTNAME_CMS_PREPROD,
#   HOSTNAME_CMS_PROD, HOSTNAME_CMS_DR, SENTRY_ENVIRONMENT, BACKUP_UNC_HOST,
#   BACKUP_UNC_SHARE, BACKUP_UNC_USER, BACKUP_UNC_PASSWORD.
#   ANTHROPIC_API_KEY required only when ASSISTANT_PROVIDER=anthropic.
#   IIS_CERT_THUMBPRINT or IIS_CERT_PFX_PATH+PASSWORD must be set (one of).