diff --git a/.github/workflows/app.yml b/.github/workflows/app.yml index 047f085..46c7739 100644 --- a/.github/workflows/app.yml +++ b/.github/workflows/app.yml @@ -47,6 +47,12 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Test bicep + uses: Azure/cli@v2 + with: + inlineScript: | + az bicep build --file ./infrastructure/main.bicep --stdout + - name: Build container images run: | docker build . --file Dockerfile --tag ${{ secrets.ACR_LOGIN_SERVER }}/$IMAGE_NAME:${{needs.versionize.outputs.semver}} @@ -87,7 +93,6 @@ jobs: - name: Deploy bicep uses: Azure/cli@v2 with: - azcliversion: 2.66.0 inlineScript: | az deployment sub create \ --location westeurope \ diff --git a/infrastructure/app.bicep b/infrastructure/app.bicep index 714568a..1e4ca7c 100644 --- a/infrastructure/app.bicep +++ b/infrastructure/app.bicep @@ -1,4 +1,15 @@ -import { Context } from 'types.bicep' +import { Context } from 'br/Tricep:types:latest' +import { with_name } from 'br/Tricep:common/context:latest' +import { with_managed_identity } from 'br/Tricep:common/identity:latest' +import { + container_app_environment + container_app + container + with_public_access + with_app_logs + with_auto_scaling + with_environment +} from 'br/Tricep:recommended/app/container-app:latest' targetScope = 'resourceGroup' @@ -9,93 +20,62 @@ param registryUrl string var appName = 'app' +var environmentConfig = container_app_environment(with_name(context, appName), []) +var appConfig = container_app( + context, + [ + container({ + name: '${context.project}-${appName}' + image: '${registryUrl}/${context.project}-${appName}:${version}' + }) + ], + [ + with_managed_identity() + with_environment(environment.id) + with_auto_scaling(0, 1, { + ruleName: { + concurrentRequests: '10' + } + }) + with_public_access({ + port: 3000 + cors: { + allowedOrigins: [ + // 'https://localhost:3000' + '*' + ] + allowCredentials: true + allowedHeaders: ['*'] + allowedMethods: ['Get, POST'] + maxAge: 0 + } + }) + { + properties: { + configuration: { + registries: [ + { + identity: 'system' + server: registryUrl + } + ] + } + } + } + ] +) + resource environment 'Microsoft.App/managedEnvironments@2024-03-01' = { - name: 'cea-${context.locationAbbreviation}-${context.environment}-${context.projectName}' - location: context.location - properties: { - appLogsConfiguration: { - destination: 'azure-monitor' - } - peerAuthentication: { - mtls: { - enabled: false - } - } - peerTrafficConfiguration: { - encryption: { - enabled: false - } - } - } + name: environmentConfig.name + location: environmentConfig.location + tags: environmentConfig.tags + properties: environmentConfig.properties } resource app 'Microsoft.App/containerApps@2024-03-01' = { - name: 'ca-${context.locationAbbreviation}-${context.environment}-${context.projectName}-app' - location: context.location - identity: { - type: 'SystemAssigned' - } - properties: { - environmentId: environment.id - - configuration: { - activeRevisionsMode: 'Single' - - ingress: { - external: true - targetPort: 3000 - transport: 'auto' - allowInsecure: false - traffic: [ - { - weight: 100 - latestRevision: true - } - ] - corsPolicy: { - allowedOrigins: [ - // 'https://localhost:3000' - '*' - ] - allowCredentials: true - allowedHeaders: ['*'] - allowedMethods: ['Get, POST'] - maxAge: 0 - } - } - registries: [ - { - identity: 'system' - server: registryUrl - } - ] - } - - template: { - containers: [ - { - image: '${registryUrl}/${context.projectName}-${appName}:${version}' - name: '${context.projectName}-${appName}' - resources: { - cpu: json('0.25') - memory: '0.5Gi' - } - } - ] - scale: { - minReplicas: 1 - maxReplicas: 2 - rules: [ - { - name: 'http-rule' - http: { - metadata: { - concurrentRequests: '50' - } - } - } - ] - } - } - } + name: appConfig.name + location: appConfig.location + tags: appConfig.tags + identity: appConfig.identity + properties: appConfig.properties } diff --git a/infrastructure/bicepconfig.json b/infrastructure/bicepconfig.json index 09945bd..9812ce7 100644 --- a/infrastructure/bicepconfig.json +++ b/infrastructure/bicepconfig.json @@ -1,11 +1,18 @@ { "experimentalFeaturesEnabled": { - "assertions": true, - "testFramework": true, - "extensibility": true, - "resourceDerivedTypes": true, - "resourceTypedParamsAndOutputs": true, - "sourceMapping": true, - "symbolicNameCodegen": true + "resourceTypedParamsAndOutputs": true + }, + "moduleAliases": { + "br": { + "Tricep": { + "registry": "acreuwprdtricep.azurecr.io" + } + } + }, + "cloud": { + "currentProfile": "AzureCloud", + "credentialPrecedence": [ + "AzureCLI" + ] } } \ No newline at end of file diff --git a/infrastructure/main.bicep b/infrastructure/main.bicep index 6e207c5..31d0d79 100644 --- a/infrastructure/main.bicep +++ b/infrastructure/main.bicep @@ -1,8 +1,8 @@ -import { Context } from 'types.bicep' +import { create_context } from 'br/Tricep:common/context:latest' +import { resource_group } from 'br/Tricep:recommended/resources/resource-group:latest' targetScope = 'subscription' -param locationAbbreviation string param location string param environment string param projectName string @@ -11,17 +11,21 @@ param version string param registryUrl string param deployedAt string = utcNow('yyyyMMdd') -var context = { - locationAbbreviation: locationAbbreviation +var context = create_context({ + project: projectName + nameConventionTemplate: '$type-$environment-$location-$project' location: location environment: environment - projectName: projectName deployedAt: deployedAt -} + tenant: tenant() + tags: {} +}) + +var resourceGroupConfig = resource_group(context, []) resource calqueResourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = { - name: 'rg-${locationAbbreviation}-${environment}-${projectName}' - location: location + name: resourceGroupConfig.name + location: resourceGroupConfig.location } module monitoring 'monitoring.bicep' = { diff --git a/infrastructure/monitoring.bicep b/infrastructure/monitoring.bicep index f057cd0..202f16c 100644 --- a/infrastructure/monitoring.bicep +++ b/infrastructure/monitoring.bicep @@ -1,11 +1,18 @@ -import { Context } from 'types.bicep' +import { Context } from 'br/Tricep:types:latest' +import { with_managed_identity } from 'br/Tricep:common/identity:latest' +import { log_analytics } from 'br/Tricep:recommended/operational-insights/log-analytics:latest' targetScope = 'resourceGroup' param context Context -// resource monitoring 'Microsoft.___/___@___' = { -// name: '___-${context.locationAbbreviation}-${context.environment}-${context.projectName}' -// location: context.location -// properties: {} -// } +var logAnalyticsConfig = log_analytics(context, [ + with_managed_identity() +]) + +resource monitoring 'Microsoft.OperationalInsights/workspaces@2023-09-01' = { + name: logAnalyticsConfig.name + location: logAnalyticsConfig.location + tags: logAnalyticsConfig.tags + properties: logAnalyticsConfig.properties +} diff --git a/infrastructure/params/prd.bicepparam b/infrastructure/params/prd.bicepparam index 5d93d34..06404bf 100644 --- a/infrastructure/params/prd.bicepparam +++ b/infrastructure/params/prd.bicepparam @@ -1,6 +1,5 @@ using '../main.bicep' -param locationAbbreviation = 'euw' param location = 'westeurope' param environment = 'prd' param projectName = 'calque' diff --git a/infrastructure/registry.bicep b/infrastructure/registry.bicep index a13abbf..1b45c5d 100644 --- a/infrastructure/registry.bicep +++ b/infrastructure/registry.bicep @@ -1,23 +1,29 @@ -import { Context } from 'types.bicep' +import { Context } from 'br/Tricep:types:latest' +import { with_managed_identity } from 'br/Tricep:common/identity:latest' +import { container_registry } from 'br/Tricep:recommended/container-registry/container-registry:latest' targetScope = 'resourceGroup' param context Context -resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' = { - name: 'acr${context.locationAbbreviation}${context.environment}${context.projectName}' - location: context.location - sku: { - name: 'Basic' - } - identity: { - type: 'SystemAssigned' - } - properties: { - adminUserEnabled: true - dataEndpointEnabled: false - encryption: { - status: 'disabled' +var registryConfig = container_registry(context, [ + with_managed_identity() + { + properties: { + adminUserEnabled: true + dataEndpointEnabled: false + encryption: { + status: 'disabled' + } } } +]) + +resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' = { + name: registryConfig.name + location: registryConfig.location + tags: registryConfig.tags + sku: registryConfig.sku + identity: registryConfig.identity + properties: registryConfig.properties } diff --git a/infrastructure/repro.bicep b/infrastructure/repro.bicep new file mode 100644 index 0000000..965826c --- /dev/null +++ b/infrastructure/repro.bicep @@ -0,0 +1,12 @@ +import { + container + resources_xxs +} from 'br/Tricep:recommended/app/container-app:latest' + +targetScope = 'resourceGroup' + +var container1 = container({ + name: 'name' + image: 'registry/project-app:latest' + resources: resources_xxs +}) diff --git a/infrastructure/types.bicep b/infrastructure/types.bicep deleted file mode 100644 index 768ff80..0000000 --- a/infrastructure/types.bicep +++ /dev/null @@ -1,12 +0,0 @@ -@export() -type Context = { - @minLength(2) - locationAbbreviation: string - @minLength(2) - location: string - @minLength(3) - environment: string - @minLength(2) - projectName: string - deployedAt: string -}