Synchronize repo from Repoman

.devcontainer/Dockerfile

@@ -1,5 +1,5 @@
-ARG VARIANT=bullseye
-FROM --platform=amd64 mcr.microsoft.com/vscode/devcontainers/base:0-${VARIANT}
+ARG IMAGE=bullseye
+FROM --platform=amd64 mcr.microsoft.com/devcontainers/${IMAGE}
 RUN curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg \
     && mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg \
     && sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/debian/$(lsb_release -rs | cut -d'.' -f 1)/prod $(lsb_release -cs) main" > /etc/apt/sources.list.d/dotnetdev.list' \

.devcontainer/devcontainer.json

@@ -3,19 +3,11 @@
     "build": {
         "dockerfile": "Dockerfile",
         "args": {
-            "VARIANT": "bullseye"
+            "IMAGE": "javascript-node:16"
         }
     },
     "features": {
-        "ghcr.io/devcontainers/features/docker-from-docker:1": {
-            "version": "20.10"
-        },
-        "ghcr.io/devcontainers/features/github-cli:1": {
-            "version": "2"
-        },
-        "ghcr.io/devcontainers/features/node:1": {
-            "version": "16",
-            "nodeGypDependencies": false
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {
         }
     },
     "customizations": {
@@ -38,7 +30,7 @@
         3100
     ],
     "postCreateCommand": "",
-    "remoteUser": "vscode",
+    "remoteUser": "node",
     "hostRequirements": {
         "memory": "8gb"
     }

.github/workflows/azure-dev.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Log in with Azure (Federated Credentials)
         if: ${{ env.AZURE_CLIENT_ID != '' }}
         run: |
-          azd login `
+          azd auth login `
             --client-id "$Env:AZURE_CLIENT_ID" `
             --federated-credential-provider "github" `
             --tenant-id "$Env:AZURE_TENANT_ID"
@@ -39,7 +39,7 @@ jobs:
           $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
           Write-Host "::add-mask::$($info.clientSecret)"
 
-          azd login `
+          azd auth login `
             --client-id "$($info.clientId)" `
             --client-secret "$($info.clientSecret)" `
             --tenant-id "$($info.tenantId)"

.vscode/tasks.json

@@ -13,7 +13,7 @@
         {
             "label": "Restore Web",
             "type": "shell",
-            "command": "azd restore --service web",
+            "command": "azd restore web",
             "presentation": {
                 "reveal": "silent"
             },
@@ -48,7 +48,7 @@
         {
             "label": "Restore API",
             "type": "shell",
-            "command": "azd restore --service api",
+            "command": "azd restore api",
             "presentation": {
                 "reveal": "silent"
             },

README.md

@@ -27,7 +27,7 @@ A complete ToDo application that includes everything you need to build, deploy,
 
 Let's jump in and get the ToDo app up and running in Azure. When you are finished, you will have a fully functional web app deployed on Azure. In later steps, you'll see how to setup a pipeline and monitor the application.
 
-<img src="assets/web.png" width="75%" alt="Screenshot of deployed ToDo app">
+!["Screenshot of deployed ToDo app"](assets/web.png)
 
 <sup>Screenshot of the deployed ToDo app</sup>
 
@@ -44,17 +44,25 @@ The following prerequisites are required to use this application. Please ensure
 The fastest way for you to get this application up and running on Azure is to use the `azd up` command. This single command will create and configure all necessary Azure resources - including access policies and roles for your account and service-to-service communication with Managed Identities.
 
 1. Open a terminal, create a new empty folder, and change into it.
-1. Run the following command to initialize the project, provision Azure resources, and deploy the application code.
+2. Run the following command to initialize the project.
 
 ```bash
-azd up --template todo-nodejs-mongo-swa-func
+azd init --template todo-nodejs-mongo-swa-func
 ```
 
-You will be prompted for the following information:
+This command will clone the code to your current folder and prompt you for the following information:
 
 - `Environment Name`: This will be used as a prefix for the resource group that will be created to hold all Azure resources. This name should be unique within your Azure subscription.
+
+3. Run the following command to package a deployable copy of your application, provision the template's infrastructure to Azure and also deploy the application code to those newly provisioned resources.
+
+```bash
+azd up
+```
+
+This command will prompt you for the following information:
+
 - `Azure Location`: The Azure location where your resources will be deployed.
-- `Azure Subscription`: The Azure Subscription where your resources will be deployed.
 
 > NOTE: This template may only be used used with following Azure locations:
 >
@@ -66,7 +74,9 @@ You will be prompted for the following information:
 >
 > If you attempt to use the template with an unsupported region, the provision step will fail.
 
-> NOTE: This may take a while to complete as it executes three commands: `azd init` (initializes environment), `azd provision` (provisions Azure resources), and `azd deploy` (deploys application code). You will see a progress indicator as it provisions and deploys your application.
+- `Azure Subscription`: The Azure Subscription where your resources will be deployed.
+
+> NOTE: This may take a while to complete as it executes three commands: `azd package` (packages a deployable copy of your application), `azd provision` (provisions Azure resources), and `azd deploy` (deploys application code). You will see a progress indicator as it packages, provisions and deploys your application.
 
 When `azd up` is complete it will output the following URLs:
 
@@ -81,7 +91,7 @@ Click the web application URL to launch the ToDo app. Create a new collection an
 > NOTE:
 >
 > - The `azd up` command will create Azure resources that will incur costs to your Azure subscription. You can clean up those resources manually via the Azure portal or with the `azd down` command.
-> - You can call `azd up` as many times as you like to both provision and deploy your solution, but you only need to provide the `--template` parameter the first time you call it to get the code locally. Subsequent `azd up` calls do not require the template parameter. If you do provide the parameter, all your local source code will be overwritten if you agree to overwrite when prompted.
+> - You can call `azd up` as many times as you like to both provision and deploy your solution.
 > - You can always create a new environment with `azd env new`.
 
 ### Application Architecture
@@ -96,7 +106,7 @@ This application utilizes the following Azure resources:
 
 Here's a high level architecture diagram that illustrates these components. Notice that these are all contained within a single [resource group](https://docs.microsoft.com/azure/azure-resource-manager/management/manage-resource-groups-portal), that will be created for you when you create the resources.
 
-<img src="assets/resources.png" width="60%" alt="Application architecture diagram"/>
+!["Application architecture diagram"](assets/resources.png)
 
 > This template provisions resources to an Azure subscription that you will select upon provisioning them. Please refer to the [Pricing calculator for Microsoft Azure](https://azure.microsoft.com/pricing/calculator/) and, if needed, update the included Azure resource definitions found in `infra/main.bicep` to suit your needs.
 
@@ -204,7 +214,7 @@ And then execute `azd up` to provision and deploy. No worries if you already did
 
 Here's the high level architecture diagram when APIM is used:
 
-<img src="assets/resources-with-apim.png" width="60%" alt="Application architecture diagram with APIM"/>
+!["Application architecture diagram with APIM"](assets/resources-with-apim.png)
 
 The frontend will be configured to make API requests through APIM instead of calling the backend directly, so that the following flow gets executed:
 

azure.yaml

@@ -9,6 +9,18 @@ services:
     dist: build
     language: js
     host: staticwebapp
+    hooks:
+      predeploy:
+        posix:
+          shell: sh
+          run: node entrypoint.js -o ./build/env-config.js
+          continueOnError: false
+          interactive: false
+        windows:
+          shell: pwsh
+          run: node entrypoint.js -o ./build/env-config.js
+          continueOnError: false
+          interactive: false
   api:
     project: ./src/api
     language: js

infra/core/ai/cognitiveservices.bicep

@@ -0,0 +1,38 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+@description('The custom subdomain name used to access the API. Defaults to the value of the name parameter.')
+param customSubDomainName string = name
+param deployments array = []
+param kind string = 'OpenAI'
+param publicNetworkAccess string = 'Enabled'
+param sku object = {
+  name: 'S0'
+}
+
+resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: kind
+  properties: {
+    customSubDomainName: customSubDomainName
+    publicNetworkAccess: publicNetworkAccess
+  }
+  sku: sku
+}
+
+@batchSize(1)
+resource deployment 'Microsoft.CognitiveServices/accounts/deployments@2022-10-01' = [for deployment in deployments: {
+  parent: account
+  name: deployment.name
+  properties: {
+    model: deployment.model
+    raiPolicyName: contains(deployment, 'raiPolicyName') ? deployment.raiPolicyName : null
+    scaleSettings: deployment.scaleSettings
+  }
+}]
+
+output endpoint string = account.properties.endpoint
+output id string = account.id
+output name string = account.name

infra/core/host/appservice-appsettings.bicep

@@ -0,0 +1,15 @@
+@description('The name of the app service resource within the current resource group scope')
+param name string
+
+@description('The app settings to be applied to the app service')
+param appSettings object
+
+resource appService 'Microsoft.Web/sites@2022-03-01' existing = {
+  name: name
+}
+
+resource settings 'Microsoft.Web/sites/config@2022-03-01' = {
+  name: 'appsettings'
+  parent: appService
+  properties: appSettings
+}

infra/core/host/appservice.bicep

@@ -63,17 +63,6 @@ resource appService 'Microsoft.Web/sites@2022-03-01' = {
 
   identity: { type: managedIdentity ? 'SystemAssigned' : 'None' }
 
-  resource configAppSettings 'config' = {
-    name: 'appsettings'
-    properties: union(appSettings,
-      {
-        SCM_DO_BUILD_DURING_DEPLOYMENT: string(scmDoBuildDuringDeployment)
-        ENABLE_ORYX_BUILD: string(enableOryxBuild)
-      },
-      !empty(applicationInsightsName) ? { APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString } : {},
-      !empty(keyVaultName) ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } : {})
-  }
-
   resource configLogs 'config' = {
     name: 'logs'
     properties: {
@@ -82,9 +71,20 @@ resource appService 'Microsoft.Web/sites@2022-03-01' = {
       failedRequestsTracing: { enabled: true }
       httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
     }
-    dependsOn: [
-      configAppSettings
-    ]
+  }
+}
+
+module config 'appservice-appsettings.bicep' = if (!empty(appSettings)) {
+  name: '${name}-appSettings'
+  params: {
+    name: appService.name
+    appSettings: union(appSettings,
+      {
+        SCM_DO_BUILD_DURING_DEPLOYMENT: string(scmDoBuildDuringDeployment)
+        ENABLE_ORYX_BUILD: string(enableOryxBuild)
+      },
+      !empty(applicationInsightsName) ? { APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString } : {},
+      !empty(keyVaultName) ? { AZURE_KEY_VAULT_ENDPOINT: keyVault.properties.vaultUri } : {})
   }
 }
 

infra/core/host/appserviceplan.bicep

@@ -18,3 +18,4 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
 }
 
 output id string = appServicePlan.id
+output name string = appServicePlan.name

infra/core/host/container-app.bicep

@@ -2,9 +2,9 @@ param name string
 param location string = resourceGroup().location
 param tags object = {}
 
-param containerAppsEnvironmentName string = ''
+param containerAppsEnvironmentName string
 param containerName string = 'main'
-param containerRegistryName string = ''
+param containerRegistryName string
 param env array = []
 param external bool = true
 param imageName string
@@ -71,6 +71,7 @@ resource containerRegistry 'Microsoft.ContainerRegistry/registries@2022-02-01-pr
   name: containerRegistryName
 }
 
+output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
 output identityPrincipalId string = managedIdentity ? app.identity.principalId : ''
 output imageName string = imageName
 output name string = app.name

infra/core/host/container-apps-environment.bicep

@@ -23,4 +23,5 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10
   name: logAnalyticsWorkspaceName
 }
 
+output defaultDomain string = containerAppsEnvironment.properties.defaultDomain
 output name string = containerAppsEnvironment.name

infra/core/host/container-apps.bicep

@@ -2,9 +2,9 @@ param name string
 param location string = resourceGroup().location
 param tags object = {}
 
-param containerAppsEnvironmentName string = ''
-param containerRegistryName string = ''
-param logAnalyticsWorkspaceName string = ''
+param containerAppsEnvironmentName string
+param containerRegistryName string
+param logAnalyticsWorkspaceName string
 
 module containerAppsEnvironment 'container-apps-environment.bicep' = {
   name: '${name}-container-apps-environment'
@@ -25,6 +25,7 @@ module containerRegistry 'container-registry.bicep' = {
   }
 }
 
+output defaultDomain string = containerAppsEnvironment.outputs.defaultDomain
 output environmentName string = containerAppsEnvironment.outputs.name
 output registryLoginServer string = containerRegistry.outputs.loginServer
 output registryName string = containerRegistry.outputs.name

infra/core/networking/cdn-endpoint.bicep

@@ -0,0 +1,51 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+@description('The name of the CDN profile resource')
+@minLength(1)
+param cdnProfileName string
+
+@description('Delivery policy rules')
+param deliveryPolicyRules array = []
+
+@description('The origin URL for the endpoint')
+@minLength(1)
+param originUrl string
+
+resource endpoint 'Microsoft.Cdn/profiles/endpoints@2022-05-01-preview' = {
+  parent: cdnProfile
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    originHostHeader: originUrl
+    isHttpAllowed: false
+    isHttpsAllowed: true
+    queryStringCachingBehavior: 'UseQueryString'
+    optimizationType: 'GeneralWebDelivery'
+    origins: [
+      {
+        name: replace(originUrl, '.', '-')
+        properties: {
+          hostName: originUrl
+          originHostHeader: originUrl
+          priority: 1
+          weight: 1000
+          enabled: true
+        }
+      }
+    ]
+    deliveryPolicy: {
+      rules: deliveryPolicyRules
+    }
+  }
+}
+
+resource cdnProfile 'Microsoft.Cdn/profiles@2022-05-01-preview' existing = {
+  name: cdnProfileName
+}
+
+output id string = endpoint.id
+output name string = endpoint.name
+output uri string = 'https://${endpoint.properties.hostName}'