From b2aec2837151d86c26fff30e844e899bd676cd01 Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 20:18:42 +0000 Subject: [PATCH 01/16] - Update project setup instructions and dependencies - Update GitHub client ID and secret in .env.example file - Defined web service in root compose.yml - Defined initial Azure bicep file - added bicep plugin to devcontainer - defined new GitHub workflow --- .devcontainer/devcontainer.json | 3 +- .env.example | 4 +- .github/workflows/azure-infra.yml | 31 +++++++++++ CONTRIBUTING.md | 90 ++++++++++++++++++++++++++++++- README.md | 1 - azure/bicep/main.bicep | 65 ++++++++++++++++++++++ compose.yml | 12 +++++ nuxt.config.ts | 4 +- 8 files changed, 203 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/azure-infra.yml create mode 100644 azure/bicep/main.bicep diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 2a6ca334..36090375 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -25,7 +25,8 @@ "Vue.volar", "EditorConfig.EditorConfig", "github.vscode-github-actions", - "AlexShen.classdiagram-ts" + "AlexShen.classdiagram-ts", + "ms-azuretools.vscode-bicep" ] } } diff --git a/.env.example b/.env.example index d3d716af..a8402842 100644 --- a/.env.example +++ b/.env.example @@ -3,7 +3,7 @@ POSTGRES_PASSWORD: postgres POSTGRES_HOST: localhost POSTGRES_PORT: 5432 POSTGRES_DB: cathedral -GITHUB_CLIENT_ID: Ov23lij8q5YhcosEjIzQ -GITHUB_CLIENT_SECRET: 27c98b69344086c13bc15290e1a8b8c86a910d58 +GH_CLIENT_ID: Ov23lij8q5YhcosEjIzQ +GH_CLIENT_SECRET: 27c98b69344086c13bc15290e1a8b8c86a910d58 AUTH_SECRET: e792b76a-2573-45d4-a39b-3b8db5712f9c AUTH_ORIGIN: http://localhost:3000 \ No newline at end of file diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml new file mode 100644 index 00000000..6080c9bc --- /dev/null +++ b/.github/workflows/azure-infra.yml @@ -0,0 +1,31 @@ +name: Deploy Azure Infrastructure + +permissions: + id-token: write + contents: read + +on: + deployment: + +jobs: + bicep-deploy: + environment: azure-prod + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Login to Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Deploy Bicep + uses: azure/arm-deploy@v1 + with: + subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + resourceGroupName: ${{ secrets.AZURE_RG }} + template: ./azure/bicep/main.bicep + parameters: 'environment=prod ' + scope: 'resourcegroup' + failOnStdErr: true diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d3299ba3..bc298e57 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1 +1,89 @@ -## Database +## Getting Started + +### Prerequisites + +- [VS Code](https://code.visualstudio.com/) + - `choco install vscode` +- WSL2 + - [WSL2 Installation Guide](https://docs.microsoft.com/en-us/windows/wsl/install) +- [Docker Desktop](https://www.docker.com/products/docker-desktop/) + - `choco install docker-desktop` +- [pgAdmin](https://www.pgadmin.org/) + - `choco install pgadmin4` + +## Project Setup + +1. Start Docker Desktop. +2. Open the project in VS Code. +3. The project should automatically detect the `.devcontainer` folder and ask you to reopen the project in a container. Before doing so, Copy the `.env.example` file to `.env` and fill in the necessary values. +4. Reopen the project in the dev container. (You can also do this by clicking on the blue button in the bottom left corner of the window.) +5. The project will now start downloading the necessary dependencies and setting up the environment. + 1. Docker images + 2. Node modules + 3. VS Code extensions + +## Database population + +There are a number of commands defined in `package.json` that can be run to populate the database with data: + +1. `npm run orm-create-db` +2. `npm run orm-run-pending-migrations` +3. `npm run orm-seed-users` +4. `npm run orm-seed-roles` + +## Running the project + +The project can be run in debug mode via: `npm run dev` + +A production build can be run via: `npm run build` followed by `npm run preview` + +## Application Infrastructure + +The application is built using the following primary technologies: + +- [Nuxt.js](https://nuxtjs.org/) + - [TypeScript](https://www.typescriptlang.org/) + - [PrimeVue](https://primevue.org/) + - [PrimeFlex](https://primeflex.org/) + - [Zod](https://zod.dev/) +- [Nuxt Auth](https://auth.sidebase.io/) + - Which may be replaced by a native Nuxt.js feature in the future (Nuxt 5?) +- [Node.js](http://nodejs.org/) +- [MikroORM](https://mikro-orm.io/) +- [PostgreSQL](https://www.postgresql.org/) + +## Application Architecture + +The application is a monolith following a layers architecture. The application is split into the following layers: + +### Server + +- domain + - Entities & Value Objects +- data + - models (used by MikroORM) +- api + - This is currently blending the application and infrastructure layers. This will be refactored in the future by separating the application and infrastructure layers. + +### Client + +- pages +- components +- layouts + +## CI/CD Notes + +The Infrastructure is managed by Azure Bicep. The CI/CD pipeline is managed by GitHub Actions. +Communication between GitHub and Azure is managed by OpenID Connect. + +- [Configuration details](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-github-actions?tabs=CLI%2Copenid) + - [Supporting details](https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Cwindows#use-the-azure-login-action-with-openid-connect) +- [GitHub Environment details](https://docs.github.com/en/actions/administering-github-actions/managing-environments-for-deployment) + +## Troubleshooting + +Most issues can be resolved by restarting the dev container. This can be done by closinng and reopening VSCode. Don't do this too quickly. When VSCode is closed, the Docker containers take some time to stop. + +If you are still having issues, try deleting the containers and images and restarting the dev container. + +If you run into issues related to npm install hanging ([Known bug](https://github.com/npm/cli/issues/4028)). You can try running `npm install` on each dependency individually. For example: `npm install @mikro-orm/core`, `npm install nuxt`, etc. This is a worst case scenario and seems to surface intermittently. The bug is potentially related to IPV6. \ No newline at end of file diff --git a/README.md b/README.md index 7f3928fe..21cba71e 100644 --- a/README.md +++ b/README.md @@ -1,2 +1 @@ # Cathedral - diff --git a/azure/bicep/main.bicep b/azure/bicep/main.bicep new file mode 100644 index 00000000..f27a261d --- /dev/null +++ b/azure/bicep/main.bicep @@ -0,0 +1,65 @@ +targetScope = 'resourceGroup' + +@allowed(['dev', 'prod']) +param environment string = 'dev' +param location string = resourceGroup().location +param name string = 'final-hill-cathedral' +// param dockerComposeFile string + +// Dummy for testing +resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { + name: toLower('stg-${name}-${environment}') + location: location + sku: { + name: 'Standard_LRS' + } + kind: 'StorageV2' + properties: { + supportsHttpsTrafficOnly: true + } +} + +output storageEndpoint object = stg.properties.primaryEndpoints + +// resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = { +// name: toLower('plan-${name}-${environment}') +// location: location +// kind: 'linux' +// sku: { +// name: 'B2' +// tier: 'Basic' +// size: 'B2' +// family: 'B' +// capacity: 1 +// } +// properties: { +// reserved: true +// } +// } + +// resource appService 'Microsoft.Web/sites@2023-12-01' = { +// name: toLower('app-${name}-${environment}') +// kind: 'app,linux,container' +// location: location +// properties: { +// serverFarmId: appServicePlan.id +// httpsOnly: true +// reserved: true +// clientAffinityEnabled: false +// publicNetworkAccess: 'Enabled' +// siteConfig: { +// // Possible values obtainable from: +// // az webapp list-runtimes --os linux +// linuxFxVersion: 'COMPOSE|${base64(dockerComposeFile)}' +// ftpsState: 'Disabled' +// http20Enabled: true +// appSettings: [ +// // https://learn.microsoft.com/en-us/azure/app-service/configure-custom-container?tabs=debian&pivots=container-linux#use-persistent-shared-storage +// { +// name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE' +// value: 'true' +// } +// ] +// } +// } +// } diff --git a/compose.yml b/compose.yml index 3860b99c..da57d618 100644 --- a/compose.yml +++ b/compose.yml @@ -11,6 +11,18 @@ services: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_DB: ${POSTGRES_DB} + web: + image: node:22.5.1-bookworm + depends_on: + - db + restart: unless-stopped + # mounts the workspace folder from the local source tree into the Dev Container. + # volumes: + # - .:/workspace/cathedral:cached + # Overrides default command so things don't shut down after the process ends. + command: /bin/sh -c "while sleep 1000; do :; done" + # puts the Dev Container on the same network as the database, so that it can access it on localhost + network_mode: service:db volumes: postgres-data: diff --git a/nuxt.config.ts b/nuxt.config.ts index 1a0f51ea..e2154493 100644 --- a/nuxt.config.ts +++ b/nuxt.config.ts @@ -59,8 +59,8 @@ export default defineNuxtConfig({ }, runtimeConfig: { authSecret: process.env.AUTH_SECRET, - githubClientId: process.env.GITHUB_CLIENT_ID, - githubClientSecret: process.env.GITHUB_CLIENT_SECRET + githubClientId: process.env.GH_CLIENT_ID, + githubClientSecret: process.env.GH_CLIENT_SECRET }, // https://nuxt.com/modules/security security: { From 324a312af78037d51c3630fdaa42f910828c627f Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 20:27:15 +0000 Subject: [PATCH 02/16] Updated azure infra to trigger on workflow dispatch --- .github/workflows/azure-infra.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 6080c9bc..13a03266 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -5,7 +5,8 @@ permissions: contents: read on: - deployment: + workflow_dispatch: + # deployment: jobs: bicep-deploy: From 6e695e5fb265ba49c89f7375aeae88f5f0dae91b Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 20:59:36 +0000 Subject: [PATCH 03/16] chore: Update Azure infrastructure workflow to include validation step and what-if deployment --- .github/workflows/azure-infra.yml | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 13a03266..3a8a45a6 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -9,7 +9,32 @@ on: # deployment: jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Login to Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Lint Bicep + run: | + az bicep build ./azure/bicep/main.bicep + - name: Run what-if + uses: azure/arm-deploy@v1 + with: + subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + resourceGroupName: ${{ secrets.AZURE_RG }} + template: ./azure/bicep/main.bicep + parameters: 'environment=prod ' + scope: 'resourcegroup' + failOnStdErr: false + additionalArguments: --what-if bicep-deploy: + needs: validate environment: azure-prod runs-on: ubuntu-latest steps: @@ -24,9 +49,10 @@ jobs: - name: Deploy Bicep uses: azure/arm-deploy@v1 with: + deploymentName: ${{ github.run_number }} subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep parameters: 'environment=prod ' scope: 'resourcegroup' - failOnStdErr: true + failOnStdErr: false From 794d49ed13e2dd15c5ce20f9506128ff7608230e Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 21:12:39 +0000 Subject: [PATCH 04/16] - Update Azure infrastructure workflow to use latest version of Azure login action - specified environment for validation step --- .github/workflows/azure-infra.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 3a8a45a6..a0fa1d69 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -11,11 +11,12 @@ on: jobs: validate: runs-on: ubuntu-latest + environment: azure-prod steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Login to Azure - uses: azure/login@v1 + uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -39,9 +40,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Login to Azure - uses: azure/login@v1 + uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} From 8a4cf610f9ca37437a30614aead47d146f2b0abf Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 21:36:29 +0000 Subject: [PATCH 05/16] - Updated action/checkout version - bugfixed `az bicep build` --- .github/workflows/azure-infra.yml | 6 +++--- .github/workflows/build-release.yml | 2 +- .github/workflows/build.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index a0fa1d69..da10d7ae 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -14,7 +14,7 @@ jobs: environment: azure-prod steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Login to Azure uses: azure/login@v2 with: @@ -23,7 +23,7 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Lint Bicep run: | - az bicep build ./azure/bicep/main.bicep + az bicep build --file ./azure/bicep/main.bicep - name: Run what-if uses: azure/arm-deploy@v1 with: @@ -40,7 +40,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Login to Azure uses: azure/login@v2 with: diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index 42b88ed5..5306fff4 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v3 with: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 31def6b9..53644d51 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v3 with: From ffcaca5b93cb94b2eb8312a1901570c2a4be110c Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 21:50:54 +0000 Subject: [PATCH 06/16] Updated azure/arm-deploy version --- .github/workflows/azure-infra.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index da10d7ae..98717b18 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -25,7 +25,7 @@ jobs: run: | az bicep build --file ./azure/bicep/main.bicep - name: Run what-if - uses: azure/arm-deploy@v1 + uses: azure/arm-deploy@v2 with: subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} @@ -48,7 +48,7 @@ jobs: tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Deploy Bicep - uses: azure/arm-deploy@v1 + uses: azure/arm-deploy@v2 with: deploymentName: ${{ github.run_number }} subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} From d961496a222243fd73dee2920bf0e0ecb52ec82a Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 22:19:40 +0000 Subject: [PATCH 07/16] chore: Verify Resource Group existence in Azure infrastructure workflow --- .github/workflows/azure-infra.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 98717b18..3c117eb9 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -21,6 +21,12 @@ jobs: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # Temporary step to verify the resource group + # It exists, but is not being seen by the next step + - name: Verify Resource Group + run: | + az group show --name ${{ secrets.AZURE_RG }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Lint Bicep run: | az bicep build --file ./azure/bicep/main.bicep From 2d77217016264aec5a4c82d0b7f81d2c9fba03d1 Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 22:51:38 +0000 Subject: [PATCH 08/16] - removed debug step from pipeline - update bicep resource name --- .github/workflows/azure-infra.yml | 6 ------ azure/bicep/main.bicep | 6 +++--- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 3c117eb9..98717b18 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -21,12 +21,6 @@ jobs: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # Temporary step to verify the resource group - # It exists, but is not being seen by the next step - - name: Verify Resource Group - run: | - az group show --name ${{ secrets.AZURE_RG }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Lint Bicep run: | az bicep build --file ./azure/bicep/main.bicep diff --git a/azure/bicep/main.bicep b/azure/bicep/main.bicep index f27a261d..50ac95d7 100644 --- a/azure/bicep/main.bicep +++ b/azure/bicep/main.bicep @@ -1,14 +1,14 @@ targetScope = 'resourceGroup' -@allowed(['dev', 'prod']) -param environment string = 'dev' +// @allowed(['dev', 'prod']) +// param environment string = 'dev' param location string = resourceGroup().location param name string = 'final-hill-cathedral' // param dockerComposeFile string // Dummy for testing resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { - name: toLower('stg-${name}-${environment}') + name: toLower('stg-${name}') location: location sku: { name: 'Standard_LRS' From e0c166f3ea6f29f95d4a1536ffea861813886155 Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 22:59:28 +0000 Subject: [PATCH 09/16] chore: Comment out unused parameters in Azure infrastructure workflow --- .github/workflows/azure-infra.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 98717b18..e411fd59 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -30,7 +30,7 @@ jobs: subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep - parameters: 'environment=prod ' + # parameters: 'environment=prod ' scope: 'resourcegroup' failOnStdErr: false additionalArguments: --what-if @@ -54,6 +54,6 @@ jobs: subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep - parameters: 'environment=prod ' + # parameters: 'environment=prod ' scope: 'resourcegroup' failOnStdErr: false From cb71bf69eb3cf7fcc1d8dd084acfc6173c953ecf Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 23:06:50 +0000 Subject: [PATCH 10/16] refactor: Update Azure Bicep resource name parameter --- azure/bicep/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure/bicep/main.bicep b/azure/bicep/main.bicep index 50ac95d7..d54812fb 100644 --- a/azure/bicep/main.bicep +++ b/azure/bicep/main.bicep @@ -3,12 +3,12 @@ targetScope = 'resourceGroup' // @allowed(['dev', 'prod']) // param environment string = 'dev' param location string = resourceGroup().location -param name string = 'final-hill-cathedral' +param name string = 'cathedral' // param dockerComposeFile string // Dummy for testing resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { - name: toLower('stg-${name}') + name: toLower('st-${name}') location: location sku: { name: 'Standard_LRS' From effe193276d7c82807c26bee2f497ff8ec42ffa1 Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 23:11:37 +0000 Subject: [PATCH 11/16] refactor: Update Azure Bicep resource name parameter size --- azure/bicep/main.bicep | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/azure/bicep/main.bicep b/azure/bicep/main.bicep index d54812fb..4d3ca051 100644 --- a/azure/bicep/main.bicep +++ b/azure/bicep/main.bicep @@ -3,12 +3,14 @@ targetScope = 'resourceGroup' // @allowed(['dev', 'prod']) // param environment string = 'dev' param location string = resourceGroup().location +@minLength(3) +@maxLength(22) param name string = 'cathedral' // param dockerComposeFile string // Dummy for testing resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { - name: toLower('st-${name}') + name: toLower('st${name}') location: location sku: { name: 'Standard_LRS' From 53b7ff78a7aae6e5065566a812b2b548a25af372 Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Thu, 25 Jul 2024 23:47:04 +0000 Subject: [PATCH 12/16] deploying service plan and app service --- .github/workflows/azure-infra.yml | 8 +-- azure/bicep/main.bicep | 86 +++++++++++++------------------ 2 files changed, 38 insertions(+), 56 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 7c2316af..ed4eb46d 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -21,12 +21,6 @@ jobs: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # Temporary step to verify the resource group - # It exists, but is not being seen by the next step - - name: Verify Resource Group - run: | - az group show --name ${{ secrets.AZURE_RG }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - name: Lint Bicep run: | az bicep build --file ./azure/bicep/main.bicep @@ -38,6 +32,7 @@ jobs: template: ./azure/bicep/main.bicep # parameters: 'environment=prod ' scope: 'resourcegroup' + deploymentMode: 'Validate' failOnStdErr: false additionalArguments: --what-if bicep-deploy: @@ -60,6 +55,7 @@ jobs: subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep + deploymentMode: 'Complete' # parameters: 'environment=prod ' scope: 'resourcegroup' failOnStdErr: false diff --git a/azure/bicep/main.bicep b/azure/bicep/main.bicep index 4d3ca051..2f904b43 100644 --- a/azure/bicep/main.bicep +++ b/azure/bicep/main.bicep @@ -8,60 +8,46 @@ param location string = resourceGroup().location param name string = 'cathedral' // param dockerComposeFile string -// Dummy for testing -resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { - name: toLower('st${name}') +resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = { + name: toLower('plan-${name}') location: location + kind: 'linux' sku: { - name: 'Standard_LRS' + name: 'B2' + tier: 'Basic' + size: 'B2' + family: 'B' + capacity: 1 } - kind: 'StorageV2' properties: { - supportsHttpsTrafficOnly: true + reserved: true } } -output storageEndpoint object = stg.properties.primaryEndpoints - -// resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = { -// name: toLower('plan-${name}-${environment}') -// location: location -// kind: 'linux' -// sku: { -// name: 'B2' -// tier: 'Basic' -// size: 'B2' -// family: 'B' -// capacity: 1 -// } -// properties: { -// reserved: true -// } -// } - -// resource appService 'Microsoft.Web/sites@2023-12-01' = { -// name: toLower('app-${name}-${environment}') -// kind: 'app,linux,container' -// location: location -// properties: { -// serverFarmId: appServicePlan.id -// httpsOnly: true -// reserved: true -// clientAffinityEnabled: false -// publicNetworkAccess: 'Enabled' -// siteConfig: { -// // Possible values obtainable from: -// // az webapp list-runtimes --os linux -// linuxFxVersion: 'COMPOSE|${base64(dockerComposeFile)}' -// ftpsState: 'Disabled' -// http20Enabled: true -// appSettings: [ -// // https://learn.microsoft.com/en-us/azure/app-service/configure-custom-container?tabs=debian&pivots=container-linux#use-persistent-shared-storage -// { -// name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE' -// value: 'true' -// } -// ] -// } -// } -// } +resource appService 'Microsoft.Web/sites@2023-12-01' = { + name: toLower('app-${name}') + kind: 'app,linux,container' + location: location + properties: { + serverFarmId: appServicePlan.id + httpsOnly: true + reserved: true + clientAffinityEnabled: false + publicNetworkAccess: 'Enabled' + siteConfig: { + // Possible values obtainable from: + // az webapp list-runtimes --os linux + // linuxFxVersion: 'COMPOSE|${base64(dockerComposeFile)}' + linuxFxVersion: 'COMPOSE|' + ftpsState: 'Disabled' + http20Enabled: true + appSettings: [ + // https://learn.microsoft.com/en-us/azure/app-service/configure-custom-container?tabs=debian&pivots=container-linux#use-persistent-shared-storage + { + name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE' + value: 'true' + } + ] + } + } +} From d60092d20cb5acafd7982945b67b2a776c4cb91d Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Fri, 26 Jul 2024 00:29:30 +0000 Subject: [PATCH 13/16] Added env variables to bicep and workflow --- .github/workflows/azure-infra.yml | 25 +++++++++++--- azure/bicep/main.bicep | 55 +++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 4 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index ed4eb46d..467c7a25 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -30,9 +30,17 @@ jobs: subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep - # parameters: 'environment=prod ' + parameters: | + authOrigin=${{ secrets.AUTH_ORIGIN }} + authSecret=${{ secrets.AUTH_SECRET }} + ghClientId=${{ secrets.GH_CLIENT_ID }} + ghClientSecret=${{ secrets.GH_CLIENT_SECRET }} + postgresDb=${{ secrets.POSTGRES_DB }} + postgresHost=${{ secrets.POSTGRES_HOST }} + postgresPassword=${{ secrets.POSTGRES_PASSWORD }} + postgresPort=${{ secrets.POSTGRES_PORT }} + postgresUser=${{ secrets.POSTGRES_USER }} scope: 'resourcegroup' - deploymentMode: 'Validate' failOnStdErr: false additionalArguments: --what-if bicep-deploy: @@ -51,11 +59,20 @@ jobs: - name: Deploy Bicep uses: azure/arm-deploy@v2 with: - deploymentName: ${{ github.run_number }} + deploymentName: github-${{ github.run_number }} subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep deploymentMode: 'Complete' - # parameters: 'environment=prod ' + parameters: | + authOrigin=${{ secrets.AUTH_ORIGIN }} + authSecret=${{ secrets.AUTH_SECRET }} + ghClientId=${{ secrets.GH_CLIENT_ID }} + ghClientSecret=${{ secrets.GH_CLIENT_SECRET }} + postgresDb=${{ secrets.POSTGRES_DB }} + postgresHost=${{ secrets.POSTGRES_HOST }} + postgresPassword=${{ secrets.POSTGRES_PASSWORD }} + postgresPort=${{ secrets.POSTGRES_PORT }} + postgresUser=${{ secrets.POSTGRES_USER }} scope: 'resourcegroup' failOnStdErr: false diff --git a/azure/bicep/main.bicep b/azure/bicep/main.bicep index 2f904b43..d2a2b9e9 100644 --- a/azure/bicep/main.bicep +++ b/azure/bicep/main.bicep @@ -8,6 +8,25 @@ param location string = resourceGroup().location param name string = 'cathedral' // param dockerComposeFile string +@secure() +param authOrigin string +@secure() +param authSecret string +@secure() +param ghClientId string +@secure() +param ghClientSecret string +@secure() +param postgresDb string +@secure() +param postgresHost string +@secure() +param postgresPassword string +@secure() +param postgresPort string +@secure() +param postgresUser string + resource appServicePlan 'Microsoft.Web/serverfarms@2023-12-01' = { name: toLower('plan-${name}') location: location @@ -47,6 +66,42 @@ resource appService 'Microsoft.Web/sites@2023-12-01' = { name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE' value: 'true' } + { + name: 'AUTH_ORIGIN' + value: authOrigin + } + { + name: 'AUTH_SECRET' + value: authSecret + } + { + name: 'GH_CLIENT_ID' + value: ghClientId + } + { + name: 'GH_CLIENT_SECRET' + value: ghClientSecret + } + { + name: 'POSTGRES_DB' + value: postgresDb + } + { + name: 'POSTGRES_HOST' + value: postgresHost + } + { + name: 'POSTGRES_PASSWORD' + value: postgresPassword + } + { + name: 'POSTGRES_PORT' + value: postgresPort + } + { + name: 'POSTGRES_USER' + value: postgresUser + } ] } } From 6791c81ffbaf7a4505f93a534b56a3680879039b Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Fri, 26 Jul 2024 00:45:36 +0000 Subject: [PATCH 14/16] fixed parameters formatting --- .github/workflows/azure-infra.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 467c7a25..02cff097 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -30,7 +30,7 @@ jobs: subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep - parameters: | + parameters: > authOrigin=${{ secrets.AUTH_ORIGIN }} authSecret=${{ secrets.AUTH_SECRET }} ghClientId=${{ secrets.GH_CLIENT_ID }} @@ -64,7 +64,7 @@ jobs: resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep deploymentMode: 'Complete' - parameters: | + parameters: > authOrigin=${{ secrets.AUTH_ORIGIN }} authSecret=${{ secrets.AUTH_SECRET }} ghClientId=${{ secrets.GH_CLIENT_ID }} From c9702a0d90b4e2a1ee950bbc52f155a060317f47 Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Fri, 26 Jul 2024 13:30:08 +0000 Subject: [PATCH 15/16] Provided compose.yml to bicep template for Azure deployment --- .github/workflows/azure-infra.yml | 14 ++++++++++++-- .github/workflows/build-release.yml | 6 ------ .github/workflows/build.yml | 6 ------ azure/bicep/main.bicep | 6 +++--- 4 files changed, 15 insertions(+), 17 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index faddf73d..7986ef1f 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -24,6 +24,10 @@ jobs: - name: Lint Bicep run: | az bicep build --file ./azure/bicep/main.bicep + - name: Convert compose.yml to base64 + id: convert-compose + run: | + base64 ./compose.yml > compose.base64 - name: Run what-if uses: azure/arm-deploy@v2 with: @@ -40,8 +44,9 @@ jobs: postgresPassword=${{ secrets.POSTGRES_PASSWORD }} postgresPort=${{ secrets.POSTGRES_PORT }} postgresUser=${{ secrets.POSTGRES_USER }} + dockerComposeFile=$(cat compose.base64) scope: 'resourcegroup' - deploymentMode: 'Validate' + deploymentMode: 'Incremental' failOnStdErr: false additionalArguments: --what-if bicep-deploy: @@ -57,6 +62,10 @@ jobs: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Convert compose.yml to base64 + id: convert-compose + run: | + base64 ./compose.yml > compose.base64 - name: Deploy Bicep uses: azure/arm-deploy@v2 with: @@ -64,7 +73,7 @@ jobs: subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} resourceGroupName: ${{ secrets.AZURE_RG }} template: ./azure/bicep/main.bicep - deploymentMode: 'Complete' + deploymentMode: 'Incremental' parameters: > authOrigin=${{ secrets.AUTH_ORIGIN }} authSecret=${{ secrets.AUTH_SECRET }} @@ -75,5 +84,6 @@ jobs: postgresPassword=${{ secrets.POSTGRES_PASSWORD }} postgresPort=${{ secrets.POSTGRES_PORT }} postgresUser=${{ secrets.POSTGRES_USER }} + dockerComposeFile=$(cat compose.base64) scope: 'resourcegroup' failOnStdErr: false diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index 5306fff4..5b2c7fb2 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -38,12 +38,6 @@ jobs: key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - # Below is temporary due to - # Maybe related to using devcontainer locally? - # - name: Delete node_modules and package-lock.json - # run: | - # rm -rf node_modules - # rm package-lock.json - name: Install dependencies run: npm install - name: Typecheck diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 53644d51..e654111e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,12 +26,6 @@ jobs: key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - # Below is temporary due to - # Maybe related to using devcontainer locally? - # - name: Delete node_modules and package-lock.json - # run: | - # rm -rf node_modules - # rm package-lock.json - name: Install dependencies run: npm install - name: Typecheck diff --git a/azure/bicep/main.bicep b/azure/bicep/main.bicep index d2a2b9e9..e515bd4a 100644 --- a/azure/bicep/main.bicep +++ b/azure/bicep/main.bicep @@ -6,7 +6,7 @@ param location string = resourceGroup().location @minLength(3) @maxLength(22) param name string = 'cathedral' -// param dockerComposeFile string +param dockerComposeFile string @secure() param authOrigin string @@ -56,8 +56,8 @@ resource appService 'Microsoft.Web/sites@2023-12-01' = { siteConfig: { // Possible values obtainable from: // az webapp list-runtimes --os linux - // linuxFxVersion: 'COMPOSE|${base64(dockerComposeFile)}' - linuxFxVersion: 'COMPOSE|' + linuxFxVersion: 'COMPOSE|${base64(dockerComposeFile)}' + // linuxFxVersion: 'COMPOSE|' ftpsState: 'Disabled' http20Enabled: true appSettings: [ From 7de3acdf49ba161e5fe8aa9539eb9f58a4fd6e51 Mon Sep 17 00:00:00 2001 From: Michael Haufe Date: Fri, 26 Jul 2024 13:45:53 +0000 Subject: [PATCH 16/16] bugfixed bicep dockerComposeFileparameter --- .github/workflows/azure-infra.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/azure-infra.yml b/.github/workflows/azure-infra.yml index 7986ef1f..032f6940 100644 --- a/.github/workflows/azure-infra.yml +++ b/.github/workflows/azure-infra.yml @@ -25,9 +25,10 @@ jobs: run: | az bicep build --file ./azure/bicep/main.bicep - name: Convert compose.yml to base64 - id: convert-compose + id: convert_compose run: | base64 ./compose.yml > compose.base64 + dockerComposeFile=$(cat compose.base64) - name: Run what-if uses: azure/arm-deploy@v2 with: @@ -44,7 +45,7 @@ jobs: postgresPassword=${{ secrets.POSTGRES_PASSWORD }} postgresPort=${{ secrets.POSTGRES_PORT }} postgresUser=${{ secrets.POSTGRES_USER }} - dockerComposeFile=$(cat compose.base64) + dockerComposeFile=${{ steps.convert_compose.outputs.dockerComposeFile }} scope: 'resourcegroup' deploymentMode: 'Incremental' failOnStdErr: false @@ -63,9 +64,10 @@ jobs: tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Convert compose.yml to base64 - id: convert-compose + id: convert_compose run: | base64 ./compose.yml > compose.base64 + dockerComposeFile=$(cat compose.base64) - name: Deploy Bicep uses: azure/arm-deploy@v2 with: @@ -84,6 +86,6 @@ jobs: postgresPassword=${{ secrets.POSTGRES_PASSWORD }} postgresPort=${{ secrets.POSTGRES_PORT }} postgresUser=${{ secrets.POSTGRES_USER }} - dockerComposeFile=$(cat compose.base64) + dockerComposeFile=${{ steps.convert_compose.outputs.dockerComposeFile }} scope: 'resourcegroup' failOnStdErr: false