chore: update azd/bicep setup

Azure-Samples · May 16, 2024 · f7dadda · f7dadda
1 parent 8b37a62
commit f7dadda
Show file tree

Hide file tree

Showing 11 changed files with 377 additions and 160 deletions.
diff --git a/azure.yaml b/azure.yaml
@@ -1,8 +1,8 @@
 name: azure-openai-assistant-javascript@1.0.0
 services:
   webapp:
-    project: ./
-    dist: dist
+    project: ./src
+    dist: ../dist
     language: js
     host: staticwebapp
     hooks:
@@ -16,4 +16,13 @@ services:
           shell: sh
           run: npm run build
           interactive: false
-          continueOnError: false
+          continueOnError: false
+    #   postdeploy:
+    #     shell: sh
+    #     run: azd env get-values > .env && npx swa deploy --deployment-token ${DEPLOYMENT_TOKEN} && npm install --only=dev --prefix api
+    #     interactive: false
+    #     continueOnError: false
+  api:
+    project: ./api
+    language: js
+    host: function
diff --git a/infra/core/ai/cognitiveservices.bicep b/infra/core/ai/cognitiveservices.bicep
@@ -27,6 +27,9 @@ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
   location: location
   tags: tags
   kind: kind
+  identity: {
+    type: 'SystemAssigned'
+  }
   properties: {
     customSubDomainName: customSubDomainName
     publicNetworkAccess: publicNetworkAccess
@@ -53,3 +56,4 @@ resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2023-05-01
 output endpoint string = account.properties.endpoint
 output id string = account.id
 output name string = account.name
+output identityPrincipalId string = account.identity.principalId
diff --git a/infra/core/host/appservice-appsettings.bicep b/infra/core/host/appservice-appsettings.bicep
@@ -0,0 +1,17 @@
+metadata description = 'Updates app settings for an Azure App Service.'
+@description('The name of the app service resource within the current resource group scope')
+param name string
+
+@description('The app settings to be applied to the app service')
+@secure()
+param appSettings object
+
+resource appService 'Microsoft.Web/sites@2022-03-01' existing = {
+  name: name
+}
+
+resource settings 'Microsoft.Web/sites/config@2022-03-01' = {
+  name: 'appsettings'
+  parent: appService
+  properties: appSettings
+}
diff --git a/infra/core/host/appservice.bicep b/infra/core/host/appservice.bicep
@@ -0,0 +1,124 @@
+metadata description = 'Creates an Azure App Service in an existing Azure App Service plan.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+// Reference Properties
+param applicationInsightsName string = ''
+param appServicePlanId string
+param keyVaultName string = ''
+param managedIdentity bool = !empty(keyVaultName)
+
+// Runtime Properties
+@allowed([
+  'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom'
+])
+param runtimeName string
+param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}'
+param runtimeVersion string
+
+// Microsoft.Web/sites Properties
+param kind string = 'app,linux'
+
+// Microsoft.Web/sites/config
+param allowedOrigins array = []
+param alwaysOn bool = true
+param appCommandLine string = ''
+@secure()
+param appSettings object = {}
+param clientAffinityEnabled bool = false
+param enableOryxBuild bool = contains(kind, 'linux')
+param functionAppScaleLimit int = -1
+param linuxFxVersion string = runtimeNameAndVersion
+param minimumElasticInstanceCount int = -1
+param numberOfWorkers int = -1
+param scmDoBuildDuringDeployment bool = false
+param use32BitWorkerProcess bool = false
+param ftpsState string = 'FtpsOnly'
+param healthCheckPath string = ''
+
+resource appService 'Microsoft.Web/sites@2022-03-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  properties: {
+    serverFarmId: appServicePlanId
+    siteConfig: {
+      linuxFxVersion: linuxFxVersion
+      alwaysOn: alwaysOn
+      ftpsState: ftpsState
+      minTlsVersion: '1.2'
+      appCommandLine: appCommandLine
+      numberOfWorkers: numberOfWorkers != -1 ? numberOfWorkers : null
+      minimumElasticInstanceCount: minimumElasticInstanceCount != -1 ? minimumElasticInstanceCount : null
+      use32BitWorkerProcess: use32BitWorkerProcess
+      functionAppScaleLimit: functionAppScaleLimit != -1 ? functionAppScaleLimit : null
+      healthCheckPath: healthCheckPath
+      cors: {
+        allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins)
+      }
+    }
+    clientAffinityEnabled: clientAffinityEnabled
+    httpsOnly: true
+  }
+
+  identity: { type: managedIdentity ? 'SystemAssigned' : 'None' }
+
+  resource basicPublishingCredentialsPoliciesFtp 'basicPublishingCredentialsPolicies' = {
+    name: 'ftp'
+    properties: {
+      allow: false
+    }
+  }
+
+  resource basicPublishingCredentialsPoliciesScm 'basicPublishingCredentialsPolicies' = {
+    name: 'scm'
+    properties: {
+      allow: false
+    }
+  }
+}
+
+// Updates to the single Microsoft.sites/web/config resources that need to be performed sequentially
+// sites/web/config 'appsettings'
+module configAppSettings 'appservice-appsettings.bicep' = {
+  name: '${name}-appSettings'
+  params: {
+    name: appService.name
+    appSettings: union(appSettings,
+      {
+        SCM_DO_BUILD_DURING_DEPLOYMENT: string(scmDoBuildDuringDeployment)
+        ENABLE_ORYX_BUILD: string(enableOryxBuild)
+      },
+      runtimeName == 'python' && appCommandLine == '' ? { PYTHON_ENABLE_GUNICORN_MULTIWORKERS: 'true'} : {},
+      !empty(applicationInsightsName) ? { APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString } : {},
+      !empty(keyVaultName) ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } : {})
+  }
+}
+
+// sites/web/config 'logs'
+resource configLogs 'Microsoft.Web/sites/config@2022-03-01' = {
+  name: 'logs'
+  parent: appService
+  properties: {
+    applicationLogs: { fileSystem: { level: 'Verbose' } }
+    detailedErrorMessages: { enabled: true }
+    failedRequestsTracing: { enabled: true }
+    httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
+  }
+  dependsOn: [configAppSettings]
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = if (!(empty(keyVaultName))) {
+  name: keyVaultName
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(applicationInsightsName)) {
+  name: applicationInsightsName
+}
+
+output identityPrincipalId string = managedIdentity ? appService.identity.principalId : ''
+output name string = appService.name
+output uri string = 'https://${appService.properties.defaultHostName}'
+output id string = appService.id
diff --git a/infra/core/host/appserviceplan.bicep b/infra/core/host/appserviceplan.bicep
@@ -0,0 +1,22 @@
+metadata description = 'Creates an Azure App Service plan.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param kind string = ''
+param reserved bool = true
+param sku object
+
+resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
+  name: name
+  location: location
+  tags: tags
+  sku: sku
+  kind: kind
+  properties: {
+    reserved: reserved
+  }
+}
+
+output id string = appServicePlan.id
+output name string = appServicePlan.name
diff --git a/infra/core/host/functions.bicep b/infra/core/host/functions.bicep
@@ -0,0 +1,87 @@
+metadata description = 'Creates an Azure Function in an existing Azure App Service plan.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+// Reference Properties
+param applicationInsightsName string = ''
+param appServicePlanId string
+param keyVaultName string = ''
+param managedIdentity bool = !empty(keyVaultName)
+param storageAccountName string
+
+// Runtime Properties
+@allowed([
+  'dotnet', 'dotnetcore', 'dotnet-isolated', 'node', 'python', 'java', 'powershell', 'custom'
+])
+param runtimeName string
+param runtimeNameAndVersion string = '${runtimeName}|${runtimeVersion}'
+param runtimeVersion string
+
+// Function Settings
+@allowed([
+  '~4', '~3', '~2', '~1'
+])
+param extensionVersion string = '~4'
+
+// Microsoft.Web/sites Properties
+param kind string = 'functionapp,linux'
+
+// Microsoft.Web/sites/config
+param allowedOrigins array = []
+param alwaysOn bool = true
+param appCommandLine string = ''
+@secure()
+param appSettings object = {}
+param clientAffinityEnabled bool = false
+param enableOryxBuild bool = contains(kind, 'linux')
+param functionAppScaleLimit int = -1
+param linuxFxVersion string = runtimeNameAndVersion
+param minimumElasticInstanceCount int = -1
+param numberOfWorkers int = -1
+param scmDoBuildDuringDeployment bool = true
+param use32BitWorkerProcess bool = false
+param healthCheckPath string = ''
+
+module functions 'appservice.bicep' = {
+  name: '${name}-functions'
+  params: {
+    name: name
+    location: location
+    tags: tags
+    allowedOrigins: allowedOrigins
+    alwaysOn: alwaysOn
+    appCommandLine: appCommandLine
+    applicationInsightsName: applicationInsightsName
+    appServicePlanId: appServicePlanId
+    appSettings: union(appSettings, {
+        AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storage.name};AccountKey=${storage.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}'
+        FUNCTIONS_EXTENSION_VERSION: extensionVersion
+        FUNCTIONS_WORKER_RUNTIME: runtimeName
+      })
+    clientAffinityEnabled: clientAffinityEnabled
+    enableOryxBuild: enableOryxBuild
+    functionAppScaleLimit: functionAppScaleLimit
+    healthCheckPath: healthCheckPath
+    keyVaultName: keyVaultName
+    kind: kind
+    linuxFxVersion: linuxFxVersion
+    managedIdentity: managedIdentity
+    minimumElasticInstanceCount: minimumElasticInstanceCount
+    numberOfWorkers: numberOfWorkers
+    runtimeName: runtimeName
+    runtimeVersion: runtimeVersion
+    runtimeNameAndVersion: runtimeNameAndVersion
+    scmDoBuildDuringDeployment: scmDoBuildDuringDeployment
+    use32BitWorkerProcess: use32BitWorkerProcess
+  }
+}
+
+resource storage 'Microsoft.Storage/storageAccounts@2021-09-01' existing = {
+  name: storageAccountName
+}
+
+output identityPrincipalId string = managedIdentity ? functions.outputs.identityPrincipalId : ''
+output name string = functions.outputs.name
+output uri string = functions.outputs.uri
+output id string = functions.outputs.id
diff --git a/infra/core/host/staticwebapp.bicep b/infra/core/host/staticwebapp.bicep
@@ -1,11 +1,12 @@
 metadata description = 'Creates an Azure Static Web Apps instance.'
 param name string
+param rg string
 param location string = resourceGroup().location
 param tags object = {}
 
 param sku object = {
-  name: 'Free'
-  tier: 'Free'
+  name: 'Standard'
+  tier: 'Standard'
 }
 
 resource web 'Microsoft.Web/staticSites@2023-01-01' = {
@@ -16,7 +17,27 @@ resource web 'Microsoft.Web/staticSites@2023-01-01' = {
   properties: {
     provider: 'Custom'
   }
+  identity: {
+    type: 'SystemAssigned'
+  }
 }
 
+// resource backendResourceId 'Microsoft.Web/sites@2021-03-01' existing = {
+//   name: name
+//   scope: resourceGroup(rg)
+// }
+
+// resource swamv_ui_backend_functions 'Microsoft.Web/staticSites/linkedBackends@2022-03-01' = {
+//   parent: web
+//   name: 'swa_backend_functions'
+//   properties: {
+//     backendResourceId: backendResourceId.id
+//     region: location
+//   }
+// }
+
 output name string = web.name
 output uri string = 'https://${web.properties.defaultHostname}'
+output identityPrincipalId string = web.identity.principalId
+#disable-next-line outputs-should-not-contain-secrets
+output DEPLOYMENT_TOKEN string = web.listSecrets(web.apiVersion).properties.apiKey