From d7c33c642548596311ad9a6b25f923c71ea49a6f Mon Sep 17 00:00:00 2001 From: Harsh-Microsoft Date: Thu, 16 Oct 2025 18:39:58 +0530 Subject: [PATCH 1/7] Refactor deployment scripts: rename postdeploy to postprovision and streamline output variables --- azure.yaml | 24 +++--------------------- infra/main.bicep | 2 +- infra/scripts/post_deployment.sh | 2 -- 3 files changed, 4 insertions(+), 24 deletions(-) diff --git a/azure.yaml b/azure.yaml index 60d6ade8..d153b099 100644 --- a/azure.yaml +++ b/azure.yaml @@ -11,30 +11,12 @@ metadata: name: content-processinge@1.0 hooks: - postdeploy: + postprovision: posix: shell: sh - run: | - echo "🧭 Web App Details:" - echo "✅ Name: $CONTAINER_WEB_APP_NAME" - echo "🌐 Endpoint: https://$CONTAINER_WEB_APP_FQDN" - echo "🔗 Portal URL: https://portal.azure.com/#resource/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$AZURE_RESOURCE_GROUP/providers/Microsoft.App/containerApps/$CONTAINER_WEB_APP_NAME" - - echo "🧭 API App Details:" - echo "✅ Name: $CONTAINER_API_APP_NAME" - echo "🌐 Endpoint: https://$CONTAINER_API_APP_FQDN" - echo "🔗 Portal URL: https://portal.azure.com/#resource/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$AZURE_RESOURCE_GROUP/providers/Microsoft.App/containerApps/$CONTAINER_API_APP_NAME" + run: sed -i 's/\r$//' ./infra/scripts/post_deployment.sh; ./infra/scripts/post_deployment.sh interactive: true windows: shell: pwsh - run: | - Write-Host "🧭 Web App Details:" - Write-Host "✅ Name: $env:CONTAINER_WEB_APP_NAME" - Write-Host "🌐 Endpoint: https://$env:CONTAINER_WEB_APP_FQDN" - Write-Host "🔗 Portal URL: https://portal.azure.com/#resource/subscriptions/$env:AZURE_SUBSCRIPTION_ID/resourceGroups/$env:AZURE_RESOURCE_GROUP/providers/Microsoft.App/containerApps/$env:CONTAINER_WEB_APP_NAME" -ForegroundColor Cyan - - Write-Host "🧭 API App Details:" - Write-Host "✅ Name: $env:CONTAINER_API_APP_NAME" - Write-Host "🌐 Endpoint: https://$env:CONTAINER_API_APP_FQDN" - Write-Host "🔗 Portal URL: https://portal.azure.com/#resource/subscriptions/$env:AZURE_SUBSCRIPTION_ID/resourceGroups/$env:AZURE_RESOURCE_GROUP/providers/Microsoft.App/containerApps/$env:CONTAINER_API_APP_NAME" -ForegroundColor Cyan + run: ./infra/scripts/post_deployment.ps1 interactive: true diff --git a/infra/main.bicep b/infra/main.bicep index 6873190d..a139dc40 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1367,4 +1367,4 @@ output CONTAINER_REGISTRY_NAME string = avmContainerRegistry.outputs.name output CONTAINER_REGISTRY_LOGIN_SERVER string = avmContainerRegistry.outputs.loginServer @description('The resource group the resources were deployed into.') -output resourceGroupName string = resourceGroup().name +output AZURE_RESOURCE_GROUP string = resourceGroup().name diff --git a/infra/scripts/post_deployment.sh b/infra/scripts/post_deployment.sh index 8b2cf2c7..e34399d1 100644 --- a/infra/scripts/post_deployment.sh +++ b/infra/scripts/post_deployment.sh @@ -5,8 +5,6 @@ set -e echo "🔍 Fetching container app info from azd environment..." -echo "Started at: $(date)" - # Load values from azd env CONTAINER_WEB_APP_NAME=$(azd env get-value CONTAINER_WEB_APP_NAME) CONTAINER_WEB_APP_FQDN=$(azd env get-value CONTAINER_WEB_APP_FQDN) From 6d232610a40b4d19a0c17e4bc02c6f490751058c Mon Sep 17 00:00:00 2001 From: Harsh-Microsoft Date: Thu, 16 Oct 2025 19:34:08 +0530 Subject: [PATCH 2/7] Add enablePurgeProtection parameter to Bicep and JSON templates --- infra/main.bicep | 5 ++++- infra/main.json | 29 +++++++++++++++-------------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index a139dc40..368d37b6 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -79,6 +79,9 @@ param enableRedundancy bool = false @description('Optional. Enable scalability for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false.') param enableScalability bool = false +@description('Optional. Enable purge protection. Defaults to false.') +param enablePurgeProtection bool = false + @description('Optional. Tags to be applied to the resources.') param tags resourceInput<'Microsoft.Resources/resourceGroups@2025-04-01'>.tags = { app: 'Content Processing Solution Accelerator' @@ -987,7 +990,7 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6 params: { name: 'appcs-${solutionSuffix}' location: resourceGroupLocation - enablePurgeProtection: false + enablePurgeProtection: enablePurgeProtection tags: { app: solutionSuffix location: resourceGroupLocation diff --git a/infra/main.json b/infra/main.json index fb5a9690..f4ba19ed 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "14259315155038248870" + "templateHash": "5583509537249625128" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -154,6 +154,13 @@ "description": "Optional. Enable scalability for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false." } }, + "enablePurgeProtection": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Enable purge protection. Defaults to false." + } + }, "tags": { "type": "object", "metadata": { @@ -20454,7 +20461,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "16080670397776921948" + "templateHash": "251116960322750261" }, "name": "Key Vault Module" }, @@ -20625,13 +20632,7 @@ "enableTelemetry": { "value": "[parameters('enableTelemetry')]" }, - "diagnosticSettings": { - "value": [ - { - "workspaceResourceId": "[parameters('logAnalyticsWorkspaceResourceId')]" - } - ] - }, + "diagnosticSettings": "[if(empty(parameters('logAnalyticsWorkspaceResourceId')), createObject('value', null()), createObject('value', createArray(createObject('workspaceResourceId', parameters('logAnalyticsWorkspaceResourceId')))))]", "networkAcls": { "value": "[parameters('networkAcls')]" } @@ -32967,8 +32968,8 @@ "avmContainerApp", "avmContainerApp_API", "avmManagedIdentity", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]", "virtualNetwork" ] }, @@ -38710,8 +38711,8 @@ "avmContainerApp", "avmManagedIdentity", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "logAnalyticsWorkspace", "virtualNetwork" @@ -41050,8 +41051,8 @@ "dependsOn": [ "avmContainerApp", "avmManagedIdentity", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "virtualNetwork" ] }, @@ -50947,7 +50948,7 @@ "value": "[parameters('resourceGroupLocation')]" }, "enablePurgeProtection": { - "value": false + "value": "[parameters('enablePurgeProtection')]" }, "tags": { "value": { @@ -58243,7 +58244,7 @@ }, "value": "[reference('avmContainerRegistry').outputs.loginServer.value]" }, - "resourceGroupName": { + "AZURE_RESOURCE_GROUP": { "type": "string", "metadata": { "description": "The resource group the resources were deployed into." From c46593d5c3eb5686e1de1cf235d845b41a9b8376 Mon Sep 17 00:00:00 2001 From: Harsh-Microsoft Date: Fri, 17 Oct 2025 12:23:22 +0530 Subject: [PATCH 3/7] Update API endpoint retrieval to handle potential null values and adjust dependency scope in Cognitive Services module --- infra/main.bicep | 2 +- infra/main.json | 6 +++--- infra/modules/account/main.bicep | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index 368d37b6..f93f2bc6 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1103,7 +1103,7 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6 } { name: 'APP_AI_PROJECT_ENDPOINT' - value: avmAiServices.outputs.aiProjectInfo.apiEndpoint + value: avmAiServices.outputs.aiProjectInfo.?apiEndpoint ?? '' } { name: 'APP_COSMOS_CONNSTR' diff --git a/infra/main.json b/infra/main.json index f4ba19ed..74578c69 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "5583509537249625128" + "templateHash": "10090938439711679479" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -38710,10 +38710,10 @@ "dependsOn": [ "avmContainerApp", "avmManagedIdentity", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "logAnalyticsWorkspace", "virtualNetwork" ] @@ -51067,7 +51067,7 @@ }, { "name": "APP_AI_PROJECT_ENDPOINT", - "value": "[reference('avmAiServices').outputs.aiProjectInfo.value.apiEndpoint]" + "value": "[coalesce(tryGet(reference('avmAiServices').outputs.aiProjectInfo.value, 'apiEndpoint'), '')]" }, { "name": "APP_COSMOS_CONNSTR", diff --git a/infra/modules/account/main.bicep b/infra/modules/account/main.bicep index de41138c..925bfaee 100644 --- a/infra/modules/account/main.bicep +++ b/infra/modules/account/main.bicep @@ -269,6 +269,7 @@ module cognitive_service_dependencies './modules/dependencies.bicep' = if(!useEx sku: sku tags: tags } + scope: resourceGroup() } module existing_cognitive_service_dependencies './modules/dependencies.bicep' = if(useExistingService) { From 17d36125046eb9bf7befe3cbb8b822d60bfbe40f Mon Sep 17 00:00:00 2001 From: Harsh-Microsoft Date: Fri, 17 Oct 2025 13:04:00 +0530 Subject: [PATCH 4/7] Rename AI services module file and update reference in main Bicep template --- infra/main.bicep | 2 +- infra/modules/account/{main.bicep => aiservice.bicep} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename infra/modules/account/{main.bicep => aiservice.bicep} (100%) diff --git a/infra/main.bicep b/infra/main.bicep index f93f2bc6..da7342b4 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -490,7 +490,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = { } // // ========== AI Foundry and related resources ========== // -module avmAiServices 'modules/account/main.bicep' = { +module avmAiServices 'modules/account/aiservice.bicep' = { name: take('module.ai-services.${solutionSuffix}', 64) params: { name: 'aif-${solutionSuffix}' diff --git a/infra/modules/account/main.bicep b/infra/modules/account/aiservice.bicep similarity index 100% rename from infra/modules/account/main.bicep rename to infra/modules/account/aiservice.bicep From afd49c355e76b6a8ff65a5a4e330924cc436395a Mon Sep 17 00:00:00 2001 From: Harsh-Microsoft Date: Fri, 17 Oct 2025 15:33:52 +0530 Subject: [PATCH 5/7] Add 'useDevContainer' option to Azure template validation step --- .github/workflows/azure-dev.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/azure-dev.yaml b/.github/workflows/azure-dev.yaml index 3a812c9d..2492fa00 100644 --- a/.github/workflows/azure-dev.yaml +++ b/.github/workflows/azure-dev.yaml @@ -22,6 +22,8 @@ jobs: - name: Validate Azure Template uses: microsoft/template-validation-action@v0.4.3 id: validation + with: + useDevContainer: false env: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} From 48ec6a57588764116ff28457e7999fdecee2f1e3 Mon Sep 17 00:00:00 2001 From: Harsh-Microsoft Date: Fri, 17 Oct 2025 16:20:03 +0530 Subject: [PATCH 6/7] Fix postprovision hook to explicitly use bash for script execution on posix systems --- azure.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure.yaml b/azure.yaml index d153b099..860ace84 100644 --- a/azure.yaml +++ b/azure.yaml @@ -14,7 +14,7 @@ hooks: postprovision: posix: shell: sh - run: sed -i 's/\r$//' ./infra/scripts/post_deployment.sh; ./infra/scripts/post_deployment.sh + run: sed -i 's/\r$//' ./infra/scripts/post_deployment.sh; bash ./infra/scripts/post_deployment.sh interactive: true windows: shell: pwsh From 997bedd60b51568d583dfb59dac497ef1bfaeb7d Mon Sep 17 00:00:00 2001 From: Harsh-Microsoft Date: Fri, 17 Oct 2025 18:08:18 +0530 Subject: [PATCH 7/7] remove unnecessary scope from aiservice.bicep --- infra/main.json | 4 ++-- infra/modules/account/aiservice.bicep | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/infra/main.json b/infra/main.json index 74578c69..0a8fa3d0 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "10090938439711679479" + "templateHash": "15543709728547763503" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -38710,10 +38710,10 @@ "dependsOn": [ "avmContainerApp", "avmManagedIdentity", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "logAnalyticsWorkspace", "virtualNetwork" ] diff --git a/infra/modules/account/aiservice.bicep b/infra/modules/account/aiservice.bicep index 925bfaee..de41138c 100644 --- a/infra/modules/account/aiservice.bicep +++ b/infra/modules/account/aiservice.bicep @@ -269,7 +269,6 @@ module cognitive_service_dependencies './modules/dependencies.bicep' = if(!useEx sku: sku tags: tags } - scope: resourceGroup() } module existing_cognitive_service_dependencies './modules/dependencies.bicep' = if(useExistingService) {