From 1c81fb0b551a4b3f04d82b120c6128d07f8d56a0 Mon Sep 17 00:00:00 2001
From: sinedied <noda@free.fr>
Date: Wed, 20 Sep 2023 17:38:45 +0200
Subject: [PATCH 1/4] chore: add docker in devcontainer

---
 .devcontainer/devcontainer.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 3e0f628c..5207163b 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -11,6 +11,9 @@
     "ghcr.io/devcontainers/features/node:1": {
       "version": "18"
     },
+    "ghcr.io/devcontainers/features/docker-in-docker:1": {
+      "moby": "false"
+    },
     "ghcr.io/devcontainers/features/powershell:1": {},
     "ghcr.io/devcontainers/features/azure-cli:1": {
       "version": "latest",

From 5008f7129fa4ebf219de5ba4c6f581eebb515600 Mon Sep 17 00:00:00 2001
From: Yohan Lasorsa <noda@free.fr>
Date: Wed, 20 Sep 2023 15:59:11 +0000
Subject: [PATCH 2/4] chore: fix docker in devcontainer

---
 .devcontainer/devcontainer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 5207163b..320db4d4 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -12,6 +12,7 @@
       "version": "18"
     },
     "ghcr.io/devcontainers/features/docker-in-docker:1": {
+      "version": 20,
       "moby": "false"
     },
     "ghcr.io/devcontainers/features/powershell:1": {},

From 4c28b25568c0efeb48c26953976a79e73c404db7 Mon Sep 17 00:00:00 2001
From: Yohan Lasorsa <noda@free.fr>
Date: Thu, 21 Sep 2023 09:02:23 +0000
Subject: [PATCH 3/4] ci: add CD pipeline (#3)

---
 .github/workflows/azure-dev.yaml | 68 ++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 .github/workflows/azure-dev.yaml

diff --git a/.github/workflows/azure-dev.yaml b/.github/workflows/azure-dev.yaml
new file mode 100644
index 00000000..9f39b47f
--- /dev/null
+++ b/.github/workflows/azure-dev.yaml
@@ -0,0 +1,68 @@
+name: Deploy on Azure
+on:
+  workflow_dispatch:
+  push:
+    # Run when commits are pushed to mainline branch (main or master)
+    # Set this to the mainline branch you are using
+    branches:
+      - main
+      - master
+
+# GitHub Actions workflow to deploy to Azure using azd
+# To configure required secrets for connecting to Azure, simply run `azd pipeline config`
+
+# Set up permissions for deploying with secretless Azure federated credentials
+# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install azd
+        uses: Azure/setup-azd@v0.1.0
+
+      - name: Install Nodejs
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - name: Log in with Azure (Federated Credentials)
+        if: ${{ env.AZURE_CLIENT_ID != '' }}
+        run: |
+          azd auth login `
+            --client-id "$Env:AZURE_CLIENT_ID" `
+            --federated-credential-provider "github" `
+            --tenant-id "$Env:AZURE_TENANT_ID"
+        shell: pwsh
+
+      - name: Log in with Azure (Client Credentials)
+        if: ${{ env.AZURE_CREDENTIALS != '' }}
+        run: |
+          $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
+          Write-Host "::add-mask::$($info.clientSecret)"
+
+          azd auth login `
+            --client-id "$($info.clientId)" `
+            --client-secret "$($info.clientSecret)" `
+            --tenant-id "$($info.tenantId)"
+        shell: pwsh
+        env:
+          AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Provision and deploy application
+        run: azd up --no-prompt
+        env:
+          AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+          AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+          AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}

From bb13548e531c5d0aa8bb95830efff5ef880ae974 Mon Sep 17 00:00:00 2001
From: Yohan Lasorsa <noda@free.fr>
Date: Thu, 21 Sep 2023 09:06:23 +0000
Subject: [PATCH 4/4] ci(infra): update infra to allow CD

---
 infra/main.bicep           | 19 +++++++++++++++----
 infra/main.parameters.json |  9 +++++++++
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/infra/main.bicep b/infra/main.bicep
index c43e2a0d..8e0705f2 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -38,16 +38,24 @@ param storageSkuName string
 param openAiServiceName string = ''
 param openAiResourceGroupName string = ''
 @description('Location for the OpenAI resource group')
-@allowed(['canadaeast', 'eastus', 'francecentral', 'japaneast', 'northcentralus'])
+@allowed(['australiaeast', 'canadaeast', 'eastus', 'eastus2', 'francecentral', 'japaneast', 'northcentralus', 'swedencentral', 'switzerlandnorth', 'uksouth', 'westeurope'])
 @metadata({
   azd: {
     type: 'location'
   }
 })
 param openAiResourceGroupLocation string
-
 param openAiSkuName string = 'S0'
 
+@description('Location for the Static Web App')
+@allowed(['westus2', 'centralus', 'eastus2', 'westeurope', 'eastasia', 'eastasiastage'])
+@metadata({
+  azd: {
+    type: 'location'
+  }
+})
+param webAppLocation string
+
 param formRecognizerServiceName string = ''
 param formRecognizerResourceGroupName string = ''
 param formRecognizerResourceGroupLocation string = location
@@ -68,9 +76,12 @@ param principalId string = ''
 @description('Use Application Insights for monitoring and performance tracing')
 param useApplicationInsights bool = false
 
+// Only needed for CD due to internal policies restrictions
+param aliasTag string = ''
+
 var abbrs = loadJsonContent('abbreviations.json')
 var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
-var tags = { 'azd-env-name': environmentName }
+var tags = union({ 'azd-env-name': environmentName }, empty(aliasTag) ? {} : { alias: aliasTag })
 
 // Organize resources in a resource group
 resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
@@ -127,7 +138,7 @@ module webApp './core/host/staticwebapp.bicep' = {
   scope: resourceGroup
   params: {
     name: !empty(webAppName) ? webAppName : '${abbrs.webStaticSites}web-${resourceToken}'
-    location: location
+    location: webAppLocation
     tags: union(tags, { 'azd-service-name': webAppName })
   }
 }
diff --git a/infra/main.parameters.json b/infra/main.parameters.json
index ab986597..c85324ac 100644
--- a/infra/main.parameters.json
+++ b/infra/main.parameters.json
@@ -20,9 +20,15 @@
     "openAiResourceGroupName": {
       "value": "${AZURE_OPENAI_RESOURCE_GROUP}"
     },
+    "openAiResourceGroupLocation": {
+      "value": "${AZURE_OPENAI_RESOURCE_GROUP_LOCATION=eastus2}"
+    },
     "openAiSkuName": {
       "value": "S0"
     },
+    "webAppLocation": {
+      "value": "${AZURE_WEBAPP_LOCATION=eastus2}"
+    },
     "formRecognizerServiceName": {
       "value": "${AZURE_FORMRECOGNIZER_SERVICE}"
     },
@@ -61,6 +67,9 @@
     },
     "useApplicationInsights": {
       "value": "${AZURE_USE_APPLICATION_INSIGHTS=false}"
+    },
+    "aliasTag": {
+      "value": "${AZURE_ALIAS}"
     }
   }
 }