From ff56d0f6fd178ea1ef7e4ad3588abcf1504fac30 Mon Sep 17 00:00:00 2001
From: Keenan <keenandhanani@gmail.com>
Date: Thu, 14 May 2026 09:19:15 -0400
Subject: [PATCH 1/2] chore: prod migration

---
 pipelines/deploy_pr.yaml | 91 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 pipelines/deploy_pr.yaml

diff --git a/pipelines/deploy_pr.yaml b/pipelines/deploy_pr.yaml
new file mode 100644
index 00000000..9edf6ee0
--- /dev/null
+++ b/pipelines/deploy_pr.yaml
@@ -0,0 +1,91 @@
+trigger: none
+
+parameters:
+  - name: Image
+    displayName: Build Container Image
+    type: string
+    default: "prod"
+    values:
+      # - dev
+      - prod
+
+variables:
+  registry: "hcsccrrc.azurecr.io"
+  repository: "nsp/sdse-spib-hopic-pr"
+  tag: "$(Build.SourceVersion)"
+  appName: was-spib-sdse-hopic-pr
+  subscription: SPIB-SDSE-HOPIC-CICDLZSP-PR
+  resourceGroup: rg-spib-sdse-hopic-pr
+  envars: >
+      DB_HOST=pgsql-spib-sdse-hopic-pr.postgres.database.azure.com
+      DB_PORT=5432
+      DB_SSLMODE=require
+      SECRET_KEY='@Microsoft.KeyVault(SecretUri=https://kvspibsdsehopicpr.vault.azure.net/secrets/hopic-django-secret-key/)'
+      WEBSITES_PORT=8000
+      LATEST_COMMIT_SHA=$(Build.SourceVersion)
+      ALLOWED_HOSTS=was-spib-sdse-hopic-pr.azurewebsites.net
+      CSRF_TRUSTED_ORIGINS=https://was-spib-sdse-hopic-pr.azurewebsites.net
+      DB_NAME=hopicdbx
+      DB_PASSWORD='@Microsoft.KeyVault(SecretUri=https://kvspibsdsehopicpr.vault.azure.net/secrets/hopicapp-pgsql-password/)'
+      DB_USER=hopicapp
+      ENV=pr
+      AZCOPY_AUTO_LOGIN_TYPE=MSI
+
+
+pool:
+  name: spib-sdse-hopic-agents-pr
+
+jobs:
+  - job: Deploy_PR
+    steps:
+      - script: |
+          sudo apt-get update
+          sudo apt-get install unzip
+        displayName: "Install Unzip"
+
+      - script: |
+          sudo apt install -y docker.io
+          sudo apt install docker-buildx
+          sudo systemctl start docker
+          sudo usermod -aG docker $(id -un)
+          sudo chmod 666 /var/run/docker.sock
+        displayName: "Install and Configure Docker"
+
+      - script: |
+          curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+        displayName: "Install AZ CLI"
+
+      - task: AzureCLI@2
+        displayName: "Login to ACR"
+        inputs:
+          azureSubscription: $(subscription)
+          scriptType: bash
+          scriptLocation: inlineScript
+          inlineScript: |
+            az --version
+            az acr login --name hcsccrrc   
+      
+      - ${{ if eq(parameters.Image, 'prod')}}:
+        - script: |
+            docker build -t $(registry)/$(repository):$(tag) -f server/Dockerfile.prod .
+            docker push $(registry)/$(repository):$(tag)
+          displayName: "Build and Push $(repository) Image"
+
+      - task: AzureWebAppContainer@1
+        displayName: "Install $(repository) into $(appName)"
+        inputs:
+          azureSubscription: "$(subscription)"
+          appName: "$(appName)"
+          deployToSlotOrASE: true
+          resourceGroupName: "$(resourceGroup)"
+          containers: "$(registry)/$(repository):$(tag)"
+          containerCommand: "gunicorn --bind 0.0.0.0:8000 server.wsgi --timeout 1000"
+
+      - task: AzureCLI@2
+        displayName: "AppSettings for $(appName)"
+        inputs:
+          azureSubscription: $(subscription)
+          scriptType: bash
+          scriptLocation: inlineScript
+          inlineScript: |
+            az webapp config appsettings set -g $(resourceGroup) -n $(appName) --settings ${{ variables.envars }}

From e925040315d91f6b82e5be919b0898bd10393ca3 Mon Sep 17 00:00:00 2001
From: Keenan <keenandhanani@gmail.com>
Date: Thu, 14 May 2026 09:28:37 -0400
Subject: [PATCH 2/2] use dt for push to acr

---
 pipelines/deploy_pr.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pipelines/deploy_pr.yaml b/pipelines/deploy_pr.yaml
index 9edf6ee0..a4c3329b 100644
--- a/pipelines/deploy_pr.yaml
+++ b/pipelines/deploy_pr.yaml
@@ -15,6 +15,7 @@ variables:
   tag: "$(Build.SourceVersion)"
   appName: was-spib-sdse-hopic-pr
   subscription: SPIB-SDSE-HOPIC-CICDLZSP-PR
+  acrSubscription: SPIB-SDSE-HOPIC-CICDLZSP-DT
   resourceGroup: rg-spib-sdse-hopic-pr
   envars: >
       DB_HOST=pgsql-spib-sdse-hopic-pr.postgres.database.azure.com
@@ -58,7 +59,7 @@ jobs:
       - task: AzureCLI@2
         displayName: "Login to ACR"
         inputs:
-          azureSubscription: $(subscription)
+          azureSubscription: $(acrSubscription)
           scriptType: bash
           scriptLocation: inlineScript
           inlineScript: |