FEAT: Deployment automation for isolated GUI instances#1655
FEAT: Deployment automation for isolated GUI instances#1655varunj-msft wants to merge 2 commits intomicrosoft:mainfrom
Conversation
| BICEP_TEMPLATE = INFRA_DIR / "main.bicep" | ||
|
|
||
|
|
||
| def run_az( |
There was a problem hiding this comment.
I will say that on the surface it seem a little counter-intuitive to run the AZ CLI via Python. There's an underlying azure-sdk that we could call directly. You might have weighed pros and cons of that, of course.
The reason I'm not even really against it is that I joined a project that operated like this several years ago and it turned out to be pretty robust. That said, curious to hear your thoughts on the topic @varunj-msft
There was a problem hiding this comment.
so I went with az CLI because it was already a prerequisite in the README and the script directly automates the same manual az commands so it's easy to debug by running them individually. also avoids pulling in azure-mgmt-*/msgraph-sdk dependencies just for a deployment script. tradeoff is less type safety, but for an ops script that runs once per instance I think the simplicity wins
| BICEP_TEMPLATE = INFRA_DIR / "main.bicep" | ||
|
|
||
|
|
||
| def run_az( |
There was a problem hiding this comment.
This method is defined twice in this PR in two different files. So is run_az_json
There was a problem hiding this comment.
Yep, they're intentionally slightly different! deploy_instance.py's run_az_json raises on failure while teardown_instance.py's returns None (since teardown needs to gracefully handle resources that may already be gone). run_az itself is identical though. I considered an infra/az_helpers.py but wanted to keep both scripts self-contained and independently runnable without introducing a package structure to infra/
romanlutz
left a comment
romanlutz
left a comment
There was a problem hiding this comment.
Works for me. I would like broader agreement with the rest of the team on the az CLI choice, though.
2 participants
Description
Adds deployment automation scripts and templates for spinning up isolated CoPyRIT GUI instances for external teams (CELA, model ops, partners).
New files:
infra/deploy_instance.py — Automates full instance deployment: resource group, Entra app registration + API scope + group claims, Azure SQL server + database, Key Vault + .env secret upload, Bicep deployment, SPA redirect URI, and RBAC role assignments. Includes --dry-run mode, KV name length validation, and retry with backoff for RBAC propagation.
infra/teardown_instance.py — Tears down an instance by deleting the resource group and optionally the Entra app registration.
infra/parameters.demo.json — Bicep parameter template for manual deployments.
infra/env.demo.template — .env template with all required and optional target env vars documented.
No changes to existing files. No Bicep or application code modifications.
Tests and Documentation
No unit tests — these are CLI deployment scripts that wrap az commands and are validated via --dry-run mode and mocked end-to-end flows. Deployment guide (infra/DEPLOY_NEW_INSTANCE.md) will follow in a subsequent PR.
No JupyText changes needed — no doc notebooks affected.