Merge branch 'main' into feature/swap-to-tricep-for-iac

.github/workflows/app.yml

@@ -47,6 +47,12 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Test bicep
+        uses: Azure/cli@v2
+        with:
+          inlineScript: |
+            az bicep build --file ./infrastructure/main.bicep --stdout
+
       - name: Build container images
         run: |
           docker build . --file Dockerfile --tag ${{ secrets.ACR_LOGIN_SERVER }}/$IMAGE_NAME:${{needs.versionize.outputs.semver}}
@@ -87,7 +93,6 @@ jobs:
       - name: Deploy bicep
         uses: Azure/cli@v2
         with:
-          azcliversion: 2.66.0
           inlineScript: |
             az deployment sub create \
               --location westeurope \

infrastructure/app.bicep

@@ -1,4 +1,15 @@
-import { Context } from 'types.bicep'
+import { Context } from 'br/Tricep:types:latest'
+import { with_name } from 'br/Tricep:common/context:latest'
+import { with_managed_identity } from 'br/Tricep:common/identity:latest'
+import {
+  container_app_environment
+  container_app
+  container
+  with_public_access
+  with_app_logs
+  with_auto_scaling
+  with_environment
+} from 'br/Tricep:recommended/app/container-app:latest'
 
 targetScope = 'resourceGroup'
 
@@ -9,50 +20,26 @@ param registryUrl string
 
 var appName = 'app'
 
-resource environment 'Microsoft.App/managedEnvironments@2024-03-01' = {
+var environmentConfig = container_app_environment(with_name(context, appName), [])
-  name: 'cea-${context.locationAbbreviation}-${context.environment}-${context.projectName}'
+var appConfig = container_app(
-  location: context.location
+  context,
-  properties: {
+  [
-    appLogsConfiguration: {
+    container({
-      destination: 'azure-monitor'
+      name: '${context.project}-${appName}'
+      image: '${registryUrl}/${context.project}-${appName}:${version}'
+    })
+  ],
+  [
+    with_managed_identity()
+    with_environment(environment.id)
+    with_auto_scaling(0, 1, {
+      ruleName: {
+        concurrentRequests: '10'
       }
-    peerAuthentication: {
+    })
-      mtls: {
+    with_public_access({
-        enabled: false
+      port: 3000
-      }
+      cors: {
-    }
-    peerTrafficConfiguration: {
-      encryption: {
-        enabled: false
-      }
-    }
-  }
-}
-
-resource app 'Microsoft.App/containerApps@2024-03-01' = {
-  name: 'ca-${context.locationAbbreviation}-${context.environment}-${context.projectName}-app'
-  location: context.location
-  identity: {
-    type: 'SystemAssigned'
-  }
-  properties: {
-    environmentId: environment.id
-
-    configuration: {
-      activeRevisionsMode: 'Single'
-
-      ingress: {
-        external: true
-        targetPort: 3000
-        transport: 'auto'
-        allowInsecure: false
-        traffic: [
-          {
-            weight: 100
-            latestRevision: true
-          }
-        ]
-        corsPolicy: {
         allowedOrigins: [
           // 'https://localhost:3000'
           '*'
@@ -62,7 +49,10 @@ resource app 'Microsoft.App/containerApps@2024-03-01' = {
         allowedMethods: ['Get, POST']
         maxAge: 0
       }
-      }
+    })
+    {
+      properties: {
+        configuration: {
           registries: [
             {
               identity: 'system'
@@ -70,32 +60,22 @@ resource app 'Microsoft.App/containerApps@2024-03-01' = {
             }
           ]
         }
+      }
+    }
+  ]
+)
 
-    template: {
+resource environment 'Microsoft.App/managedEnvironments@2024-03-01' = {
-      containers: [
+  name: environmentConfig.name
-        {
+  location: environmentConfig.location
-          image: '${registryUrl}/${context.projectName}-${appName}:${version}'
+  tags: environmentConfig.tags
-          name: '${context.projectName}-${appName}'
+  properties: environmentConfig.properties
-          resources: {
-            cpu: json('0.25')
-            memory: '0.5Gi'
-          }
-        }
-      ]
-      scale: {
-        minReplicas: 1
-        maxReplicas: 2
-        rules: [
-          {
-            name: 'http-rule'
-            http: {
-              metadata: {
-                concurrentRequests: '50'
-              }
-            }
-          }
-        ]
-      }
-    }
 }
+
+resource app 'Microsoft.App/containerApps@2024-03-01' = {
+  name: appConfig.name
+  location: appConfig.location
+  tags: appConfig.tags
+  identity: appConfig.identity
+  properties: appConfig.properties
 }

infrastructure/bicepconfig.json

@@ -1,11 +1,18 @@
 {
     "experimentalFeaturesEnabled": {
-        "assertions": true,
+        "resourceTypedParamsAndOutputs": true
-        "testFramework": true,
+    },
-        "extensibility": true,
+    "moduleAliases": {
-        "resourceDerivedTypes": true,
+        "br": {
-        "resourceTypedParamsAndOutputs": true,
+            "Tricep": {
-        "sourceMapping": true,
+                "registry": "acreuwprdtricep.azurecr.io"
-        "symbolicNameCodegen": true
+            }
+        }
+    },
+    "cloud": {
+        "currentProfile": "AzureCloud",
+        "credentialPrecedence": [
+            "AzureCLI"
+        ]
     }
 }

infrastructure/main.bicep

@@ -1,8 +1,8 @@
-import { Context } from 'types.bicep'
+import { create_context } from 'br/Tricep:common/context:latest'
+import { resource_group } from 'br/Tricep:recommended/resources/resource-group:latest'
 
 targetScope = 'subscription'
 
-param locationAbbreviation string
 param location string
 param environment string
 param projectName string
@@ -11,17 +11,21 @@ param version string
 param registryUrl string
 param deployedAt string = utcNow('yyyyMMdd')
 
-var context = {
+var context = create_context({
-  locationAbbreviation: locationAbbreviation
+  project: projectName
+  nameConventionTemplate: '$type-$environment-$location-$project'
   location: location
   environment: environment
-  projectName: projectName
   deployedAt: deployedAt
-}
+  tenant: tenant()
+  tags: {}
+})
+
+var resourceGroupConfig = resource_group(context, [])
 
 resource calqueResourceGroup 'Microsoft.Resources/resourceGroups@2024-07-01' = {
-  name: 'rg-${locationAbbreviation}-${environment}-${projectName}'
+  name: resourceGroupConfig.name
-  location: location
+  location: resourceGroupConfig.location
 }
 
 module monitoring 'monitoring.bicep' = {

infrastructure/monitoring.bicep

@@ -1,11 +1,18 @@
-import { Context } from 'types.bicep'
+import { Context } from 'br/Tricep:types:latest'
+import { with_managed_identity } from 'br/Tricep:common/identity:latest'
+import { log_analytics } from 'br/Tricep:recommended/operational-insights/log-analytics:latest'
 
 targetScope = 'resourceGroup'
 
 param context Context
 
-// resource monitoring 'Microsoft.___/___@___' = {
+var logAnalyticsConfig = log_analytics(context, [
-//   name: '___-${context.locationAbbreviation}-${context.environment}-${context.projectName}'
+  with_managed_identity()
-//   location: context.location
+])
-//   properties: {}
+
-// }
+resource monitoring 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
+  name: logAnalyticsConfig.name
+  location: logAnalyticsConfig.location
+  tags: logAnalyticsConfig.tags
+  properties: logAnalyticsConfig.properties
+}

infrastructure/params/prd.bicepparam

@@ -1,6 +1,5 @@
 using '../main.bicep'
 
-param locationAbbreviation = 'euw'
 param location = 'westeurope'
 param environment = 'prd'
 param projectName = 'calque'

infrastructure/registry.bicep

@@ -1,18 +1,14 @@
-import { Context } from 'types.bicep'
+import { Context } from 'br/Tricep:types:latest'
+import { with_managed_identity } from 'br/Tricep:common/identity:latest'
+import { container_registry } from 'br/Tricep:recommended/container-registry/container-registry:latest'
 
 targetScope = 'resourceGroup'
 
 param context Context
 
-resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' = {
+var registryConfig = container_registry(context, [
-  name: 'acr${context.locationAbbreviation}${context.environment}${context.projectName}'
+  with_managed_identity()
-  location: context.location
+  {
-  sku: {
-    name: 'Basic'
-  }
-  identity: {
-    type: 'SystemAssigned'
-  }
     properties: {
       adminUserEnabled: true
       dataEndpointEnabled: false
@@ -21,3 +17,13 @@ resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' = {
       }
     }
   }
+])
+
+resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' = {
+  name: registryConfig.name
+  location: registryConfig.location
+  tags: registryConfig.tags
+  sku: registryConfig.sku
+  identity: registryConfig.identity
+  properties: registryConfig.properties
+}

infrastructure/repro.bicep

@@ -0,0 +1,12 @@
+import {
+  container
+  resources_xxs
+} from 'br/Tricep:recommended/app/container-app:latest'
+
+targetScope = 'resourceGroup'
+
+var container1 = container({
+  name: 'name'
+  image: 'registry/project-app:latest'
+  resources: resources_xxs
+})

infrastructure/types.bicep

@@ -1,12 +0,0 @@
-@export()
-type Context = {
-  @minLength(2)
-  locationAbbreviation: string
-  @minLength(2)
-  location: string
-  @minLength(3)
-  environment: string
-  @minLength(2)
-  projectName: string
-  deployedAt: string
-}