Epic 8: Deployment Configuration

[devin-ai-integration]

Summary

Implements all 4 tickets for Epic 8: Deployment Configuration for the eShopLegacyMVC .NET to Java migration. All artifacts are code-only — no actual Azure resources are provisioned or deployed.

NM-167: Dockerfile for Spring Boot application (PR #89)

• Multi-stage Dockerfile: eclipse-temurin:21-jdk (build) → eclipse-temurin:21-jre-alpine (runtime)
• Build stage runs mvn package -DskipTests with dependency caching
• Runtime stage: non-root user, exposes port 8080
• HEALTHCHECK with curl -f http://localhost:8080/actuator/health
• .dockerignore excludes build output, IDE files, docs, CI/CD configs, scripts

NM-168: GitHub Actions CI/CD workflow (PR #90)

• .github/workflows/deploy.yml triggered on push to main and migration/complete-java-migration
• Build & test job: JDK 21, Maven cache, ./mvnw clean verify, Spotless check
• Test results published via dorny/test-reporter, JaCoCo coverage uploaded
• Docker build & push to GHCR with full-SHA tags
• Staging deploy via appleboy/ssh-action with GHCR authentication (auto-deploy)
• Health check polling /actuator/health for {"status":"UP"}
• Production deploy with GitHub Environment protection rules (manual approval gate)

NM-169: Deployment documentation and setup scripts (PR #91)

• DEPLOYMENT.md: full architecture docs (pipeline flow, GitHub Environments/Secrets, Azure VM prerequisites, env var config, DNS guidance, monitoring)
• scripts/setup-vm.sh: idempotent VM setup accepting staging or production argument (Docker install, app dirs, env file template)
• docker-compose.yml: local development with app + SQL Server

NM-170: Rollback plan and cutover procedure (PR #93)

• CUTOVER.md rewritten for Azure VM deployment model
• Rollback plan: steps to revert to .NET application
• Cutover checklist: DNS switch, database migration verification, smoke tests
• Database rollback: Flyway undo migrations or backup/restore
• Traffic switching: single-VM and blue-green approaches
• Monitoring checklist: Actuator health, Micrometer/Prometheus metrics
• Communication plan: stakeholder notifications timeline

Post-merge fixes (Devin Review feedback)

• Fixed Docker image tag mismatch in deploy.yml — use full SHA for GHCR tags (PR NM-168: Create GitHub Actions CI/CD workflow for Azure VM deployment #90 feedback)
• Fixed setup-vm.sh to accept environment argument staging|production (PR NM-169: Create Azure VM deployment documentation and setup scripts #91 feedback)
• Added GHCR docker login to staging/production deploy jobs on remote VMs (PR Epic 8: Deployment Configuration #96 feedback)
• Fixed DEPLOYMENT.md docker-compose docs — SPRING_PROFILES_ACTIVE=prod required to override mock profile (PR Epic 8: Deployment Configuration #96 feedback)

Review & Testing Checklist for Human

• Verify docker build -t eshop-catalog . succeeds from eShopLegacyMVC-SpringBoot/
• Validate .github/workflows/deploy.yml with actionlint
• Review DEPLOYMENT.md against your Azure VM setup
• Run shellcheck scripts/setup-vm.sh
• Confirm GitHub Environments (staging, production) and required secrets are provisioned before first deployment
• Review CUTOVER.md rollback procedures against organizational processes

Notes

All Epic 8 deliverables are code-only. No Azure resources are provisioned. Required GitHub Secrets: STAGING_VM_HOST, PROD_VM_HOST, VM_USERNAME, VM_SSH_KEY, STAGING_URL, PROD_URL.

Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/f4ae048dadcc4460a1f9d79a49342199
Requested by: @mbatchelor81

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 7 additional findings in Devin Review.

[devin-ai-integration]

🔴 Ingress rewrite-target annotation rewrites all request paths to /, breaking all application routes

The rewrite-target: / annotation in k8s/ingress.yml:10 combined with path: / and pathType: Prefix causes the nginx ingress controller to rewrite ALL incoming request paths to just / before forwarding to the backend. This means requests to /catalog/details/1, /api/brands, /actuator/health, and every other application endpoint will all arrive at the backend as GET /, effectively breaking all routing except the root page.

The application has many routes (/catalog/create, /catalog/edit/{id}, /catalog/delete/{id}, /items/{catalogItemId}/pic, /api/brands, /api/files, /actuator/health, etc. as seen in the controller mappings). None of these would be reachable through the ingress.

Suggested change

	nginx.ingress.kubernetes.io/rewrite-target: /
	nginx.ingress.kubernetes.io/ssl-redirect: "true"

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

This k8s/ingress.yml file is pre-existing — it was added by a prior session's commit (9c28176) that's already in the branch history before Epic 8 work began. Epic 8 replaced the K8s-focused deployment approach with Azure VM SSH-based deployment. The K8s manifests are legacy artifacts from that prior approach and were not modified in this epic.

That said, the observation about rewrite-target: / is correct — if these K8s manifests were ever used, the annotation would break routing. Worth addressing if K8s deployment is revisited in the future.