# üöÄ Azure Deployment Interactive Setup

**Date:** October 19, 2025  
**Goal:** Configure Azure credentials and deploy EduMind.AI  
**Estimated Time:** 45 minutes

This notebook guides you through each deployment step with automated checks and progress tracking.

## üìã Prerequisites

- ‚úÖ Azure CLI installed
- ‚úÖ GitHub CLI installed
- ‚è≥ Active Azure subscription
- ‚è≥ GitHub repository access

## Setup: Import Required Libraries

In [1]:
import subprocess
import json
import os
import time
from datetime import datetime
from IPython.display import display, Markdown, HTML

# Helper functions
def run_command(cmd, capture_output=True):
    """Run shell command and return output"""
    try:
        result = subprocess.run(
            cmd,
            shell=True,
            capture_output=capture_output,
            text=True,
            timeout=300
        )
        return result.stdout.strip(), result.stderr.strip(), result.returncode
    except Exception as e:
        return "", str(e), 1

def show_status(message, status="info"):
    """Display formatted status message"""
    icons = {"success": "‚úÖ", "error": "‚ùå", "warning": "‚ö†Ô∏è", "info": "‚ÑπÔ∏è"}
    colors = {"success": "green", "error": "red", "warning": "orange", "info": "blue"}
    display(HTML(f'<p style="color: {colors[status]};">{icons[status]} {message}</p>'))

def show_progress(step, total):
    """Show progress bar"""
    percent = (step / total) * 100
    display(HTML(f'''
        <div style="background: #ddd; border-radius: 5px; padding: 3px;">
            <div style="background: #4CAF50; width: {percent}%; height: 20px; border-radius: 5px; text-align: center; color: white;">
                Step {step}/{total} ({percent:.0f}%)
            </div>
        </div>
    '''))

# Global state
deployment_state = {
    "subscription_id": None,
    "client_id": None,
    "tenant_id": None,
    "start_time": datetime.now(),
    "completed_steps": []
}

print("‚úÖ Setup complete! Ready to begin deployment.")

‚úÖ Setup complete! Ready to begin deployment.


## Step 1: Verify Tools Installation (1 min)

Let's check that Azure CLI and GitHub CLI are properly installed.

In [2]:
show_progress(1, 6)

# Check Azure CLI
az_version, _, az_code = run_command("az --version | head -1")
if az_code == 0:
    show_status(f"Azure CLI: {az_version}", "success")
else:
    show_status("Azure CLI not found!", "error")

# Check GitHub CLI
gh_version, _, gh_code = run_command("gh --version | head -1")
if gh_code == 0:
    show_status(f"GitHub CLI: {gh_version}", "success")
else:
    show_status("GitHub CLI not found!", "error")

if az_code == 0 and gh_code == 0:
    deployment_state["completed_steps"].append("tools_verified")
    show_status("All tools verified!", "success")
else:
    show_status("Please install missing tools before continuing.", "error")

## Step 2: Azure Login & Get Subscription (5 min)

**Action Required:** Run `az login` in your terminal if not already logged in.

In [4]:
show_progress(2, 6)

# Check if already logged in
account_info, err, code = run_command("az account show --query '{subscription:name, user:user.name}' -o json")

if code == 0:
    account = json.loads(account_info)
    show_status(f"Logged in as: {account['user']}", "success")
    show_status(f"Subscription: {account['subscription']}", "info")
    
    # Get subscription ID
    sub_id, _, _ = run_command("az account show --query id -o tsv")
    deployment_state["subscription_id"] = sub_id
    
    print(f"\nüìã Subscription ID: {sub_id}")
    deployment_state["completed_steps"].append("azure_login")
else:
    show_status("Not logged in to Azure. Please run: az login", "warning")
    print("\nRun this in your terminal:")
    print("  az login")
    print("\nThen re-run this cell.")


üìã Subscription ID: 9c75eb67-102e-4062-9580-67420c90fd1d


## Step 3: Create Service Principal for GitHub Actions (5 min)

This creates an identity that GitHub Actions can use to deploy to Azure.

In [7]:
show_progress(3, 6)

if not deployment_state.get("subscription_id"):
    show_status("Please complete Step 2 first!", "error")
else:
    show_status("Creating service principal...", "info")
    
    # # Create service principal (using new method without --sdk-auth)
    # sp_name = f"edumind-ai-github-deployer-{int(time.time())}"
    # cmd = f'''
    # az ad sp create-for-rbac \
    #   --name "{sp_name}" \
    #   --role contributor \
    #   --scopes /subscriptions/{deployment_state["subscription_id"]}
    # '''
    
    # sp_output, sp_err, sp_code = run_command(cmd)

    
    # created the app manually

    app_name = "edumind-ai-github"
    secret_name = "github_writer"

    sp_data = {
        "appId": "a3f4ea08-64fc-4912-9f80-72f4c57d54ad",
        "tenant": "16b3c013-d300-468d-ac64-7eda0820b6d3,",
        "password": "Ts88Q~o_ofQS5rvevUlUGKMWESmJzQuvJh4qFdst"
    }
    try:
        deployment_state["client_id"] = sp_data["appId"]
        deployment_state["tenant_id"] = sp_data["tenant"]
        deployment_state["client_secret"] = sp_data["password"]
        
        show_status("Service Principal created successfully!", "success")
        print("\nüìã Credentials (SAVE THESE - you won't see them again!):")
        print(f"  AZURE_CLIENT_ID: {sp_data['appId']}")
        print(f"  AZURE_TENANT_ID: {sp_data['tenant']}")
        print(f"  AZURE_SUBSCRIPTION_ID: {deployment_state['subscription_id']}")
        print(f"  AZURE_CLIENT_SECRET: {sp_data['password']}")
        print(f"\n‚ö†Ô∏è  IMPORTANT: Copy these values NOW! The secret cannot be retrieved later.")
        
        deployment_state["completed_steps"].append("sp_created")
    except json.JSONDecodeError:
        show_status("Failed to parse service principal output", "error")
    else:
        show_status(f"Failed to create service principal", "error")
        print("\nüí° If you see a conditional access error, you may need to:")
        print("   1. Contact your Azure admin to create the service principal")
        print("   2. Or use Azure Portal to create it manually:")
        print("      - Go to Azure Active Directory > App registrations > New registration")
        print("      - Create app, then create a client secret")
        print("      - Assign 'Contributor' role at subscription level")


üìã Credentials (SAVE THESE - you won't see them again!):
  AZURE_CLIENT_ID: a3f4ea08-64fc-4912-9f80-72f4c57d54ad
  AZURE_TENANT_ID: 16b3c013-d300-468d-ac64-7eda0820b6d3,
  AZURE_SUBSCRIPTION_ID: 9c75eb67-102e-4062-9580-67420c90fd1d
  AZURE_CLIENT_SECRET: Ts88Q~o_ofQS5rvevUlUGKMWESmJzQuvJh4qFdst

‚ö†Ô∏è  IMPORTANT: Copy these values NOW! The secret cannot be retrieved later.



üí° If you see a conditional access error, you may need to:
   1. Contact your Azure admin to create the service principal
   2. Or use Azure Portal to create it manually:
      - Go to Azure Active Directory > App registrations > New registration
      - Create app, then create a client secret
      - Assign 'Contributor' role at subscription level


## Step 4: Add GitHub Secrets (10 min)

**Two options:**

### Option A: Manual (Recommended for first time)
1. Go to: https://github.com/johnazariah/edumind-ai/settings/secrets/actions
2. Click "New repository secret"
3. Add these three secrets with values from Step 3:
   - `AZURE_CLIENT_ID`
   - `AZURE_TENANT_ID`
   - `AZURE_SUBSCRIPTION_ID`

### Option B: Automated (using GitHub CLI)

In [8]:
show_progress(4, 6)

# Check GitHub authentication
gh_auth, _, gh_code = run_command("gh auth status 2>&1")

if "Logged in" not in gh_auth:
    show_status("Not logged in to GitHub. Run: gh auth login", "warning")
else:
    show_status("GitHub authenticated", "success")
    
    # Option to set secrets automatically (if user has credentials)
    print("\n‚ö†Ô∏è  IMPORTANT: Setting secrets requires the values from Step 3.")
    print("\nYou can either:")
    print("  A) Set them manually in GitHub UI (recommended)")
    print("  B) Use the commands below in your terminal:\n")
    
    if deployment_state.get("client_id"):
        print(f"  gh secret set AZURE_CLIENT_ID --body '{deployment_state['client_id']}'")
        print(f"  gh secret set AZURE_TENANT_ID --body '{deployment_state['tenant_id']}'")
        print(f"  gh secret set AZURE_SUBSCRIPTION_ID --body '{deployment_state['subscription_id']}'")
    
    # Verify secrets are set
    print("\nAfter setting secrets, verify with:")
    print("  gh secret list")
    
    secrets_output, _, _ = run_command("gh secret list")
    if "AZURE_CLIENT_ID" in secrets_output:
        show_status("GitHub secrets configured!", "success")
        deployment_state["completed_steps"].append("secrets_set")
    else:
        show_status("Secrets not yet configured", "warning")

## Step 5: Trigger Deployment (2 min)

Let's trigger the GitHub Actions workflow to deploy to Azure.

In [None]:
show_progress(5, 6)

if "secrets_set" not in deployment_state["completed_steps"]:
    show_status("Please complete Step 4 first!", "warning")
else:
    show_status("Triggering deployment workflow...", "info")
    
    # Trigger workflow
    trigger_out, trigger_err, trigger_code = run_command(
        "gh workflow run deploy-azure-azd.yml"
    )
    
    if trigger_code == 0:
        show_status("Deployment workflow triggered!", "success")
        
        # Wait a moment for workflow to appear
        time.sleep(3)
        
        # Get latest run
        runs_out, _, _ = run_command(
            "gh run list --workflow=deploy-azure-azd.yml --limit 1 --json databaseId,status,conclusion,url"
        )
        
        try:
            runs = json.loads(runs_out)
            if runs:
                run = runs[0]
                print(f"\nüìä Run ID: {run['databaseId']}")
                print(f"   Status: {run['status']}")
                print(f"   URL: {run['url']}")
                
                deployment_state["run_id"] = run['databaseId']
                deployment_state["completed_steps"].append("workflow_triggered")
        except:
            pass
    else:
        show_status(f"Failed to trigger workflow: {trigger_err}", "error")

## Step 6: Monitor Deployment (10-15 min)

Watch the deployment progress in real-time.

In [None]:
show_progress(6, 6)

if "workflow_triggered" not in deployment_state["completed_steps"]:
    show_status("Please complete Step 5 first!", "warning")
else:
    print("üîç Monitoring deployment...\n")
    
    # Get latest run status
    max_checks = 20  # Check for up to 20 minutes (60s intervals)
    check_interval = 60
    
    for i in range(max_checks):
        runs_out, _, _ = run_command(
            "gh run list --workflow=deploy-azure-azd.yml --limit 1 --json status,conclusion,url"
        )
        
        try:
            runs = json.loads(runs_out)
            if runs:
                run = runs[0]
                status = run['status']
                conclusion = run.get('conclusion', 'pending')
                
                timestamp = datetime.now().strftime("%H:%M:%S")
                
                if status == "completed":
                    if conclusion == "success":
                        show_status(f"[{timestamp}] Deployment completed successfully! üéâ", "success")
                        deployment_state["completed_steps"].append("deployment_success")
                        break
                    else:
                        show_status(f"[{timestamp}] Deployment failed: {conclusion}", "error")
                        print(f"\nView logs: {run['url']}")
                        break
                else:
                    print(f"[{timestamp}] Status: {status}...")
                
                if i < max_checks - 1:
                    time.sleep(check_interval)
        except:
            show_status("Failed to check status", "warning")
            break
    
    # Show final summary
    elapsed = datetime.now() - deployment_state["start_time"]
    print(f"\n‚è±Ô∏è  Total time: {elapsed}")
    print(f"‚úÖ Completed steps: {len(deployment_state['completed_steps'])}/6")

## Summary: Deployment Status

Review the overall deployment status and next steps.

In [None]:
print("="*70)
print("üìä DEPLOYMENT SUMMARY")
print("="*70)

steps_completed = deployment_state["completed_steps"]
total_steps = 6
completion_pct = (len(steps_completed) / total_steps) * 100

print(f"\nCompletion: {completion_pct:.0f}% ({len(steps_completed)}/{total_steps} steps)\n")

step_names = [
    ("tools_verified", "1. Tools Verification"),
    ("azure_login", "2. Azure Login"),
    ("sp_created", "3. Service Principal Created"),
    ("secrets_set", "4. GitHub Secrets Configured"),
    ("workflow_triggered", "5. Workflow Triggered"),
    ("deployment_success", "6. Deployment Successful")
]

for step_key, step_name in step_names:
    status_icon = "‚úÖ" if step_key in steps_completed else "‚è≥"
    print(f"{status_icon} {step_name}")

if deployment_state.get("subscription_id"):
    print(f"\nüìã Configuration:")
    print(f"   Subscription: {deployment_state['subscription_id']}")
    if deployment_state.get("client_id"):
        print(f"   Client ID: {deployment_state['client_id'][:8]}...")

elapsed = datetime.now() - deployment_state["start_time"]
print(f"\n‚è±Ô∏è  Time elapsed: {elapsed}")

if "deployment_success" in steps_completed:
    print("\nüéâ DEPLOYMENT COMPLETE!")
    print("\nNext steps:")
    print("  1. Get deployed URL from GitHub Actions logs")
    print("  2. Test endpoints")
    print("  3. Configure monitoring")
    print("  4. Set up alerts")
elif completion_pct >= 50:
    print("\n‚ö†Ô∏è  Deployment in progress...")
    print("\nCheck status:")
    print("  gh run list --workflow=deploy-azure-azd.yml --limit 1")
else:
    print("\n‚è≥ Setup incomplete")
    print(f"\nContinue from Step {len(steps_completed) + 1}")

print("\n" + "="*70)

## Troubleshooting Commands

Use these if you encounter issues:

In [None]:
print("üîß Troubleshooting Commands:\n")

commands = {
    "List recent workflow runs": "gh run list --workflow=deploy-azure-azd.yml --limit 5",
    "View logs of latest run": "gh run view --log",
    "Cancel a running workflow": "gh run cancel [RUN_ID]",
    "Check GitHub secrets": "gh secret list",
    "Verify Azure login": "az account show",
    "List Azure resources": "az resource list --output table",
    "Check service principal": f"az ad sp show --id {deployment_state.get('client_id', 'CLIENT_ID')}"
}

for desc, cmd in commands.items():
    print(f"  {desc}:")
    print(f"    {cmd}\n")