PowderCoatingLogix/DEPLOYMENT_SCRIPTS_GUIDE.md

# Deployment Scripts Guide

## Recent Security Fixes - No Migration Required ✅

The security fixes we just implemented are **code-only changes** with **no database schema modifications**. You do NOT need to create or run any new migrations for these changes.

### What Changed (Code Only)
- ✅ Security headers added (CSP, HSTS, etc.)
- ✅ Password policy strengthened
- ✅ CORS policy restricted
- ✅ Authorization fixed (CompanyAdminOnly)
- ✅ Path traversal protection enhanced
- ✅ IDOR protection on profile photos
- ✅ Session cookies hardened
- ✅ File upload names use GUIDs
- ✅ Input validation added

**Database Impact**: None - No new tables, columns, or schema changes

---

## Deployment Scripts

### For Development Server (Your Current Situation)

**Quick Start - Just Run the App:**
```bash
cd src\PowderCoating.Web
dotnet watch run
```

That's it! No migrations needed. The code changes are already in place.

---

### Migration Scripts (For Future Use)

When you DO have database changes in the future, use these scripts:

#### Windows (Batch Files)

**1. Check Migrations**
```bash
.\scripts\check-migrations.bat
```
- Lists all migrations in the project
- Shows which are applied vs pending
- Displays database connection info

**2. Apply Migrations**
```bash
.\scripts\apply-migrations.bat
```
- Applies any pending migrations to database
- Asks for confirmation before proceeding
- Shows success/failure message

#### PowerShell (Full Deployment)

**3. Deploy to Dev (Full Script)**
```powershell
.\scripts\deploy-to-dev.ps1
```
- Builds the solution
- Checks for pending migrations
- Applies migrations (with confirmation)
- Shows deployment summary

**Options:**
```powershell
# Preview changes without applying
.\scripts\deploy-to-dev.ps1 -WhatIf

# Skip build step (faster)
.\scripts\deploy-to-dev.ps1 -SkipBuild

# Skip migrations (code-only deploy)
.\scripts\deploy-to-dev.ps1 -SkipMigrations

# Combined
.\scripts\deploy-to-dev.ps1 -SkipBuild -SkipMigrations -WhatIf
```

---

## Manual Migration Commands (Reference)

If you prefer to run commands manually:

### Check for Pending Migrations
```bash
cd src\PowderCoating.Web
dotnet ef migrations list --project ..\PowderCoating.Infrastructure
```

### Apply All Pending Migrations
```bash
cd src\PowderCoating.Web
dotnet ef database update --project ..\PowderCoating.Infrastructure
```

### Apply to Specific Migration
```bash
dotnet ef database update MigrationName --project ..\PowderCoating.Infrastructure
```

### Rollback to Previous Migration
```bash
dotnet ef database update PreviousMigrationName --project ..\PowderCoating.Infrastructure
```

### See Database Info
```bash
dotnet ef dbcontext info --project ..\PowderCoating.Infrastructure
```

---

## When You WILL Need a Migration

You'll need to create a migration when you change:
- Entity properties (add/remove/rename fields)
- Entity relationships (foreign keys)
- Indexes or constraints
- Seed data (in OnModelCreating)

**Example - Adding a new field:**
```csharp
// 1. Update entity
public class Customer : BaseEntity
{
    public string CompanyName { get; set; }
    public string? Website { get; set; }  // NEW FIELD
}

// 2. Create migration
cd src\PowderCoating.Web
dotnet ef migrations add AddWebsiteToCustomer --project ..\PowderCoating.Infrastructure

// 3. Review migration file (check if it looks correct)

// 4. Apply migration
dotnet ef database update --project ..\PowderCoating.Infrastructure
```

---

## Current Database State

**Existing Migrations** (already applied):
- `Initial` - Base schema
- `AddProfilePictureAndSidebarColor` - User profile enhancements
- `AddProfilePictureFilePath` - Filesystem photo storage
- `UpdateJobPhotoEntity` - Job photo improvements
- `AddFileSystemStorageForLogosAndManuals` - Logo/manual storage
- `ConvertEnumsToLookupTables` - Status/priority lookups
- `AddAppointmentScheduling` - Appointments feature

**Pending Migrations**: None (as of this deployment)

---

## Deployment Checklist for Security Fixes

### Development Server (Your Current Task)

- [x] Code changes applied (security fixes)
- [x] AppConstants.Policies updated
- [x] CSP headers fixed (jQuery allowed)
- [ ] Test application: `dotnet watch run`
- [ ] Verify Data Lookups tab loads
- [ ] Verify password policy (12 chars)
- [ ] Test all CRUD operations

**No migrations needed** - Just test the app!

### Production Server (Future Deployment)

See `DEPLOYMENT_CONFIGURATION.md` for full production checklist:
- [ ] Set environment variables (ConnectionStrings, JwtSettings)
- [ ] Update CORS origins to production domain
- [ ] Update AllowedHosts to production domain
- [ ] Enable HTTPS with SSL certificate
- [ ] Run `dotnet ef database update` on production DB
- [ ] Test all functionality
- [ ] Monitor logs for security events

---

## Troubleshooting

### "No migrations found"
**Cause**: You're running from wrong directory
**Fix**: Always run from `src/PowderCoating.Web`

### "Cannot connect to database"
**Cause**: SQL Server not running or connection string wrong
**Fix**:
1. Check SQL Server is running (Windows Services)
2. Verify connection string in `appsettings.Development.json`

### "Migration already applied"
**Cause**: Trying to reapply existing migration
**Fix**: Check `dotnet ef migrations list` - applied migrations show `(Applied)`

### "Build failed before migration"
**Cause**: Code has compilation errors
**Fix**: Run `dotnet build` and fix errors first

---

## Quick Reference

| Task | Command |
|------|---------|
| **Check migrations** | `.\scripts\check-migrations.bat` |
| **Apply migrations** | `.\scripts\apply-migrations.bat` |
| **Full deployment** | `.\scripts\deploy-to-dev.ps1` |
| **Run app** | `cd src\PowderCoating.Web` → `dotnet watch run` |
| **Build only** | `dotnet build` (from root) |
| **List migrations** | `dotnet ef migrations list --project ..\PowderCoating.Infrastructure` |

---

## Summary

✅ **For your current security fixes deployment**: Just run `dotnet watch run` - no migrations needed!

📋 **For future database changes**: Use the migration scripts provided

📖 **For production deployment**: Follow `DEPLOYMENT_CONFIGURATION.md`

🔒 **Security documentation**: See `SECURITY_FIXES_SUMMARY.md`