feat(deploy): add deployment and utility scripts

JustAzul · JustAzul · commit 9e1221a394a1 · 2025-07-15T22:49:57.000-03:00
- Add comprehensive deployment automation scripts
- Include health check and monitoring scripts
- Add performance testing and benchmarking utilities
- Implement rollback and recovery procedures
- Add development and maintenance helpers

Scripts included:
- deploy.sh: Multi-strategy deployment automation
- health-check.sh: Comprehensive service health validation
- rollback.sh: Automated rollback procedures
- setup-monitoring.sh: Monitoring and alerting setup
- performance utilities and benchmarking tools
diff --git a/scripts/dependency_security_check.sh b/scripts/dependency_security_check.sh
@@ -0,0 +1,257 @@
+#!/bin/bash
+# Dependency Security Check Script
+# Comprehensive security audit for Python dependencies
+
+set -euo pipefail
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Script configuration
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
+LOG_FILE="${PROJECT_ROOT}/dependency_audit.log"
+
+# Function to print colored output
+print_status() {
+    echo -e "${BLUE}[INFO]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+print_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+# Function to log messages
+log_message() {
+    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "${LOG_FILE}"
+}
+
+# Function to run dependency audit with pip-audit
+run_pip_audit() {
+    print_status "Running pip-audit vulnerability scan..."
+    log_message "Starting pip-audit scan"
+    
+    if docker compose exec python pip-audit --format=json --output="${LOG_FILE}.pip-audit.json" 2>/dev/null; then
+        print_success "pip-audit scan completed successfully"
+        log_message "pip-audit scan completed successfully"
+        
+        # Check if vulnerabilities were found
+        if [ -f "${LOG_FILE}.pip-audit.json" ]; then
+            vuln_count=$(docker compose exec python jq '.[] | length' "${LOG_FILE}.pip-audit.json" 2>/dev/null || echo "0")
+            if [ "${vuln_count}" -gt 0 ]; then
+                print_warning "Found ${vuln_count} vulnerabilities"
+                log_message "Found ${vuln_count} vulnerabilities with pip-audit"
+                return 1
+            else
+                print_success "No vulnerabilities found with pip-audit"
+            fi
+        fi
+    else
+        print_error "pip-audit scan failed"
+        log_message "pip-audit scan failed"
+        return 1
+    fi
+}
+
+# Function to run safety check
+run_safety_check() {
+    print_status "Running Safety vulnerability scan..."
+    log_message "Starting Safety scan"
+    
+    if docker compose exec python safety check --json --output="${LOG_FILE}.safety.json" 2>/dev/null; then
+        print_success "Safety scan completed successfully"
+        log_message "Safety scan completed successfully"
+        
+        # Check safety results
+        if [ -f "${LOG_FILE}.safety.json" ]; then
+            safety_issues=$(docker compose exec python jq '.vulnerabilities | length' "${LOG_FILE}.safety.json" 2>/dev/null || echo "0")
+            if [ "${safety_issues}" -gt 0 ]; then
+                print_warning "Found ${safety_issues} issues with Safety"
+                log_message "Found ${safety_issues} issues with Safety"
+                return 1
+            else
+                print_success "No issues found with Safety"
+            fi
+        fi
+    else
+        print_warning "Safety scan failed (may require API key for commercial use)"
+        log_message "Safety scan failed"
+    fi
+}
+
+# Function to check for outdated packages
+check_outdated_packages() {
+    print_status "Checking for outdated packages..."
+    log_message "Checking for outdated packages"
+    
+    if docker compose exec python pip list --outdated --format=json > "${LOG_FILE}.outdated.json" 2>/dev/null; then
+        outdated_count=$(jq '. | length' "${LOG_FILE}.outdated.json" 2>/dev/null || echo "0")
+        if [ "${outdated_count}" -gt 0 ]; then
+            print_warning "Found ${outdated_count} outdated packages"
+            log_message "Found ${outdated_count} outdated packages"
+            
+            # Display top outdated packages
+            print_status "Top outdated packages:"
+            jq -r '.[] | "\(.name): \(.version) -> \(.latest_version)"' "${LOG_FILE}.outdated.json" | head -5
+        else
+            print_success "All packages are up to date"
+        fi
+    else
+        print_error "Failed to check for outdated packages"
+        log_message "Failed to check for outdated packages"
+        return 1
+    fi
+}
+
+# Function to generate security report
+generate_security_report() {
+    print_status "Generating security report..."
+    log_message "Generating security report"
+    
+    cat > "${PROJECT_ROOT}/SECURITY_REPORT.md" << EOF
+# Dependency Security Report
+
+Generated on: $(date '+%Y-%m-%d %H:%M:%S')
+
+## Summary
+
+This report contains the results of automated dependency security scanning using pip-audit and Safety.
+
+## Scan Results
+
+### pip-audit Results
+$(if [ -f "${LOG_FILE}.pip-audit.json" ]; then
+    echo "Vulnerabilities found: $(jq '.[] | length' "${LOG_FILE}.pip-audit.json" 2>/dev/null || echo "0")"
+else
+    echo "No pip-audit results available"
+fi)
+
+### Safety Results
+$(if [ -f "${LOG_FILE}.safety.json" ]; then
+    echo "Issues found: $(jq '.vulnerabilities | length' "${LOG_FILE}.safety.json" 2>/dev/null || echo "0")"
+else
+    echo "No Safety results available"
+fi)
+
+### Outdated Packages
+$(if [ -f "${LOG_FILE}.outdated.json" ]; then
+    echo "Outdated packages: $(jq '. | length' "${LOG_FILE}.outdated.json" 2>/dev/null || echo "0")"
+else
+    echo "No outdated package information available"
+fi)
+
+## Recommendations
+
+1. Review and update outdated packages regularly
+2. Monitor security advisories for dependencies
+3. Use automated dependency update tools like Dependabot
+4. Implement security scanning in CI/CD pipelines
+5. Consider using dependency pinning for critical dependencies
+
+## Next Steps
+
+- Update critical security vulnerabilities immediately
+- Plan regular dependency update cycles
+- Implement automated security monitoring
+- Review and update dependency management policies
+
+EOF
+
+    print_success "Security report generated: ${PROJECT_ROOT}/SECURITY_REPORT.md"
+    log_message "Security report generated"
+}
+
+# Function to fix vulnerabilities automatically
+fix_vulnerabilities() {
+    if [ "${1:-}" = "--fix" ]; then
+        print_status "Attempting to fix vulnerabilities automatically..."
+        log_message "Starting automatic vulnerability fixes"
+        
+        if docker compose exec python pip-audit --fix --dry-run; then
+            print_status "Dry-run successful. Applying fixes..."
+            if docker compose exec python pip-audit --fix; then
+                print_success "Vulnerabilities fixed automatically"
+                log_message "Vulnerabilities fixed automatically"
+            else
+                print_error "Failed to fix vulnerabilities automatically"
+                log_message "Failed to fix vulnerabilities automatically"
+                return 1
+            fi
+        else
+            print_error "Dry-run failed. Manual intervention required"
+            log_message "Automatic fix dry-run failed"
+            return 1
+        fi
+    fi
+}
+
+# Main execution
+main() {
+    print_status "Starting dependency security audit..."
+    log_message "Starting dependency security audit"
+    
+    # Initialize log file
+    echo "Dependency Security Audit Log" > "${LOG_FILE}"
+    echo "Started: $(date '+%Y-%m-%d %H:%M:%S')" >> "${LOG_FILE}"
+    
+    # Change to project directory
+    cd "${PROJECT_ROOT}"
+    
+    # Check if Docker containers are running
+    if ! docker compose ps | grep -q "Up"; then
+        print_status "Starting Docker containers..."
+        docker compose up -d python
+        sleep 10
+    fi
+    
+    # Run security scans
+    exit_code=0
+    
+    run_pip_audit || exit_code=$?
+    run_safety_check || exit_code=$?
+    check_outdated_packages || exit_code=$?
+    
+    # Generate report
+    generate_security_report
+    
+    # Attempt automatic fixes if requested
+    fix_vulnerabilities "$@"
+    
+    # Summary
+    if [ ${exit_code} -eq 0 ]; then
+        print_success "All security scans passed!"
+        log_message "All security scans passed"
+    else
+        print_warning "Security issues found. Please review the report."
+        log_message "Security issues found"
+    fi
+    
+    print_status "Security audit completed. Check ${LOG_FILE} for details."
+    
+    return ${exit_code}
+}
+
+# Handle script arguments
+case "${1:-}" in
+    --help|-h)
+        echo "Usage: $0 [--fix] [--help]"
+        echo "  --fix    Attempt to automatically fix vulnerabilities"
+        echo "  --help   Show this help message"
+        exit 0
+        ;;
+    *)
+        main "$@"
+        ;;
+esac
