Metadata-Version: 2.4
Name: easydeploy_cli
Version: 0.1.0
Summary: Make DevOps easy — one config file, full pipeline automation.
Author-email: Shreya <simranknp1@email.com>
License: MIT
Keywords: devops,ci-cd,automation,deployment,docker,render
Requires-Python: >=3.10
Description-Content-Type: text/markdown

# easydeploy

> **One config file. Full DevOps pipeline.**

`easydeploy` is a Python library that reads a single `devops.yaml` file and automates your entire DevOps process — CI/CD, infrastructure provisioning, container builds, deployments, and monitoring setup.

```bash
pip install easydeploy
easydeploy init          # creates devops.yaml template
easydeploy run           # executes the full pipeline
```

---

## Features

- **Single config file** — everything lives in `devops.yaml`
- **AES-256-GCM vault** — credentials encrypted at rest, safe to commit
- **AWS KMS support** — enterprise key management out of the box
- **Pluggable providers** — AWS, GCP, Azure, GitHub Actions, Docker, Kubernetes
- **Full pipeline orchestration** — lint → test → build → push → deploy → notify
- **CLI + Python API** — use from the terminal or import in your scripts
- **Environment variable overrides** — `ED_PROVIDERS__CLOUD=gcp` overrides any config key

---

## Installation

```bash
# Core (config + vault only)
pip install easydeploy

# With AWS support
pip install "easydeploy[aws]"

# With Kubernetes + Docker
pip install "easydeploy[k8s,docker]"

# Everything
pip install "easydeploy[all]"
```

---

## Quick start

### 1. Create your config

```bash
easydeploy init
# → creates devops.yaml from template
```

### 2. Encrypt your credentials

```bash
export ED_MASTER_PASSWORD="your-master-password"

easydeploy encrypt "ghp_your_github_token"
# → VAULT:enc:dGhpcyBpcyBub3QgYWN0dWFsIGVuY3J5cHRlZA==

# Paste the output into devops.yaml
```

### 3. Fill in devops.yaml

```yaml
credentials:
  aws_access_key: VAULT:enc:abc123==
  aws_secret_key: VAULT:enc:xyz456==
  github_token:   VAULT:enc:def789==
  docker_user:    myusername
  docker_pass:    VAULT:enc:ghi012==

providers:
  cloud:    aws
  region:   us-east-1
  registry: ecr

pipeline:
  stages: [lint, test, build, push, deploy, notify]
  on_failure: rollback

containers:
  image:         myapp
  k8s_namespace: production
  replicas:      3

monitoring:
  tool:        datadog
  alert_email: ops@example.com
```

### 4. Run

```bash
easydeploy run
# [easydeploy] Starting pipeline: lint → test → build → push → deploy → notify
# [easydeploy] ── Stage: lint
# ...
# [easydeploy] Pipeline complete.
```

---

## Python API

```python
from easydeploy import EasyDeploy

# Full pipeline
ed = EasyDeploy("devops.yaml")  # ED_MASTER_PASSWORD env var used automatically
ed.run()

# Individual stages
ed.cicd.lint()
ed.cicd.test()
ed.containers.build_and_push()
ed.infra.provision()
ed.monitoring.setup_alerts()

# Run specific stages only
ed.run(stages=["build", "push", "deploy"])
```

---

## CLI reference

| Command | Description |
|---|---|
| `easydeploy init` | Create a `devops.yaml` template |
| `easydeploy encrypt VALUE` | Encrypt a credential value |
| `easydeploy decrypt VALUE` | Decrypt a `VAULT:enc:` value |
| `easydeploy validate` | Validate config without running |
| `easydeploy run` | Execute full pipeline |
| `easydeploy run --stage build` | Run a single stage |

---

## Vault / credential security

Credentials are encrypted with **AES-256-GCM** using a key derived via **PBKDF2-SHA256** (480,000 iterations, OWASP 2023 recommendation). Each value gets a unique random salt and nonce — encrypting the same value twice produces different ciphertext.

```
Encrypted blob layout:
[ salt (16 bytes) | nonce (12 bytes) | ciphertext + auth tag ]
→ base64 encoded → stored as VAULT:enc:<base64>
```

**Master password delivery options:**

| Method | How |
|---|---|
| Environment variable | `export ED_MASTER_PASSWORD=...` |
| CLI prompt | Prompted automatically if not set |
| AWS KMS | Set `kms_key_id` in config — no password needed |

**Never commit `devops.yaml` with plain-text credentials.** The encrypted file is safe to commit — the `VAULT:enc:` values are meaningless without the master password.

---

## Environment variable overrides

Any config key can be overridden at runtime using `ED_` prefixed env vars. Use double underscore `__` to navigate nested keys:

```bash
ED_PROVIDERS__CLOUD=gcp          # overrides config.providers.cloud
ED_CONTAINERS__REPLICAS=5        # overrides config.containers.replicas
ED_PIPELINE__ON_FAILURE=stop     # overrides config.pipeline.on_failure
```

---

## Supported providers (roadmap)

| Provider | v0.1 | v0.2 | v0.3 |
|---|---|---|---|
| AWS | ✅ | ✅ | ✅ |
| GitHub Actions | ✅ | ✅ | ✅ |
| Docker | ✅ | ✅ | ✅ |
| Kubernetes | stub | ✅ | ✅ |
| Terraform | stub | ✅ | ✅ |
| GCP | — | ✅ | ✅ |
| Azure | — | — | ✅ |
| Datadog | stub | ✅ | ✅ |
| PagerDuty | — | ✅ | ✅ |

---

## Development

```bash
git clone https://github.com/yourusername/easydeploy
cd easydeploy
pip install -e ".[dev]"

# Run tests
pytest

# Lint
ruff check easydeploy/

# Type check
mypy easydeploy/
```

---

## License

MIT
