# 🚀 Quick Start Deployment Guide

This guide provides a step-by-step process to set up all prerequisites and deploy the Miracles In Motion application to production.

## Prerequisites

- Azure subscription with Contributor or Owner role
- Azure CLI installed and configured
- Cloudflare account (for DNS/CDN)
- Stripe account (for payments)
- Domain name registered (miraclesinmotion.org)

## Step 1: Azure Setup

### 1.1 Login to Azure

```bash
az login
az account set --subscription "Your Subscription ID"
```

### 1.2 Create Resource Group

```bash
az group create \
  --name rg-miraclesinmotion-prod \
  --location eastus2
```

### 1.3 Deploy Infrastructure

```bash
cd infrastructure

# Update main-production.parameters.json with your values
# Then deploy:
az deployment group create \
  --resource-group rg-miraclesinmotion-prod \
  --template-file main-production.bicep \
  --parameters main-production.parameters.json \
  --parameters stripePublicKey="pk_live_YOUR_KEY"
```

## Step 2: MS Entra (Azure AD) Setup

### 2.1 Run Setup Script

**PowerShell (Windows):**
```powershell
.\scripts\setup-azure-entra.ps1 `
  -StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
  -AzureResourceGroup "rg-miraclesinmotion-prod"
```

**Bash (Linux/Mac):**
```bash
chmod +x scripts/setup-azure-entra.sh
./scripts/setup-azure-entra.sh
```

### 2.2 Configure Authentication in Azure Portal

1. Navigate to **Static Web App** → **Authentication**
2. Click **Add identity provider**
3. Select **Microsoft**
4. Enter your App Registration ID (from setup script)
5. Save

### 2.3 Assign Users to Roles

1. Go to **Microsoft Entra ID** → **App registrations** → Your app
2. Go to **App roles**
3. Assign users to Admin, Volunteer, or Resource roles

## Step 3: Cloudflare Setup

### 3.1 Run Setup Script

**PowerShell (Windows):**
```powershell
.\scripts\setup-cloudflare.ps1 `
  -Domain "miraclesinmotion.org" `
  -StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
  -AzureResourceGroup "rg-miraclesinmotion-prod" `
  -CloudflareApiToken "YOUR_CLOUDFLARE_API_TOKEN"
```

**Bash (Linux/Mac):**
```bash
chmod +x scripts/setup-cloudflare.sh
export STATIC_WEB_APP_NAME="YOUR_STATIC_WEB_APP_NAME"
export AZURE_RESOURCE_GROUP="rg-miraclesinmotion-prod"
./scripts/setup-cloudflare.sh
```

### 3.2 Verify DNS Propagation

Wait 24-48 hours for DNS propagation, then verify:

```bash
dig miraclesinmotion.org
dig www.miraclesinmotion.org
```

## Step 4: Stripe Configuration

### 4.1 Get Stripe Keys

1. Go to [Stripe Dashboard](https://dashboard.stripe.com)
2. Navigate to **Developers** → **API keys**
3. Copy your **Publishable key** and **Secret key**

### 4.2 Configure Webhooks

1. Go to **Developers** → **Webhooks**
2. Click **+ Add endpoint**
3. Set URL: `https://miraclesinmotion.org/api/webhooks/stripe`
4. Select events: `payment_intent.succeeded`, `payment_intent.payment_failed`
5. Copy the **Webhook signing secret**

### 4.3 Store Secrets in Key Vault

```bash
KEY_VAULT_NAME="YOUR_KEY_VAULT_NAME"

az keyvault secret set \
  --vault-name $KEY_VAULT_NAME \
  --name "stripe-publishable-key" \
  --value "pk_live_YOUR_KEY"

az keyvault secret set \
  --vault-name $KEY_VAULT_NAME \
  --name "stripe-secret-key" \
  --value "sk_live_YOUR_KEY"

az keyvault secret set \
  --vault-name $KEY_VAULT_NAME \
  --name "stripe-webhook-secret" \
  --value "whsec_YOUR_SECRET"
```

## Step 5: Environment Configuration

### 5.1 Create Environment File

```bash
cp env.production.template .env.production
```

### 5.2 Update Environment Variables

Edit `.env.production` with your actual values:

- Azure Client ID (from Step 2)
- Azure Tenant ID (from Step 2)
- Stripe keys (from Step 4)
- Cosmos DB endpoint
- Application Insights connection string
- Key Vault URL
- SignalR connection string

## Step 6: Verify Prerequisites

### 6.1 Run Deployment Checklist

**PowerShell:**
```powershell
.\scripts\deployment-checklist.ps1 `
  -ResourceGroupName "rg-miraclesinmotion-prod" `
  -StaticWebAppName "YOUR_STATIC_WEB_APP_NAME" `
  -FunctionAppName "YOUR_FUNCTION_APP_NAME"
```

This will verify:
- ✅ Azure CLI and login
- ✅ Resource group exists
- ✅ Static Web App exists
- ✅ Function App exists
- ✅ Key Vault exists
- ✅ Cosmos DB exists
- ✅ Application Insights exists
- ✅ Azure AD App Registration exists
- ✅ Cloudflare DNS configured
- ✅ Stripe keys configured
- ✅ Environment variables configured

## Step 7: Deploy Application

### 7.1 Build Application

```bash
npm install --legacy-peer-deps
npm run build
```

### 7.2 Deploy to Azure

```powershell
.\deploy-production-full.ps1 `
  -ResourceGroupName "rg-miraclesinmotion-prod" `
  -CustomDomain "miraclesinmotion.org" `
  -StripePublicKey "pk_live_YOUR_KEY"
```

## Step 8: Post-Deployment Verification

### 8.1 Verify Application

1. Navigate to `https://miraclesinmotion.org`
2. Test authentication flow
3. Test donation flow
4. Verify API endpoints
5. Check Application Insights for errors

### 8.2 Verify Security

1. Check SSL certificate is valid
2. Verify HTTPS redirects work
3. Test role-based access control
4. Verify secrets are stored in Key Vault

### 8.3 Verify Performance

1. Check page load times
2. Verify CDN is working (Cloudflare)
3. Check API response times
4. Monitor Application Insights

## Troubleshooting

### Authentication Not Working

- Verify app registration redirect URIs include your domain
- Check Static Web App authentication configuration in Azure Portal
- Verify user roles are assigned in Azure AD
- Check browser console for errors

### DNS Not Resolving

- Verify nameservers are updated at domain registrar
- Wait 24-48 hours for DNS propagation
- Check Cloudflare DNS records
- Verify CNAME records point to correct Azure endpoint

### SSL Certificate Issues

- Verify Cloudflare SSL mode is "Full (strict)"
- Check Azure Static Web App custom domain configuration
- Wait for SSL certificate provisioning (up to 24 hours)

### Stripe Webhook Not Working

- Verify webhook endpoint URL is correct
- Check webhook signing secret
- Verify Function App is receiving webhook events
- Check Function App logs for errors

## Next Steps

After successful deployment:

1. Set up monitoring and alerts
2. Configure backup and disaster recovery
3. Set up CI/CD pipeline
4. Schedule regular security audits
5. Set up performance monitoring
6. Configure log retention policies
7. Set up cost alerts

## Support

For issues or questions:

- Check [DEPLOYMENT_PREREQUISITES.md](./DEPLOYMENT_PREREQUISITES.md) for detailed documentation
- Review Azure Portal logs
- Check Application Insights for errors
- Contact the development team

---

**Last Updated**: January 2025
**Maintained by**: Miracles In Motion Development Team