Merge pull request #14 from seesharprun/rework

Rework

.github/workflows/azure-dev.yml

@@ -0,0 +1,46 @@
+# Run when commits are pushed to main
+on:
+  workflow_dispatch:
+  push:
+    # Run when commits are pushed to mainline branch (main or master)
+    # Set this to the mainline branch you are using
+    branches:
+      - main
+
+# Set up permissions for deploying with secretless Azure federated credentials
+# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
+permissions:
+  id-token: write
+  contents: read
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+      AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+      AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install azd
+        uses: Azure/[email protected]
+      - name: Log in with Azure (Federated Credentials)
+        run: |
+          azd auth login `
+            --client-id "$Env:AZURE_CLIENT_ID" `
+            --federated-credential-provider "github" `
+            --tenant-id "$Env:AZURE_TENANT_ID"
+        shell: pwsh
+
+
+      - name: Provision Infrastructure
+        run: azd provision --no-prompt
+        env:
+          AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }}
+
+      - name: Deploy Application
+        run: azd deploy --no-prompt

infra/app/database.bicep

@@ -10,36 +10,31 @@ param appPrincipalId string
 @description('Id of the user principals to assign database and application roles.')
 param userPrincipalId string = ''
 
-var database = {
-  name: 'cosmicworks' // Based on AdventureWorksLT data set
-}
-
-var containers = [
-  {
-    name: 'products' // Set of products
-    partitionKeyPaths: [
-      '/category' // Partition on the product category
-    ]
-    autoscale: true // Scale at the container level
-    throughput: 1000 // Enable autoscale with a minimum of 100 RUs and a maximum of 1,000 RUs
-  }
-]
-
 module cosmosDbAccount 'br/public:avm/res/document-db/database-account:0.6.1' = {
   name: 'cosmos-db-account'
   params: {
     name: accountName
     location: location
+    locations: [
+      {
+        failoverPriority: 0
+        locationName: location
+        isZoneRedundant: false
+      }
+    ]
     tags: tags
     disableKeyBasedMetadataWriteAccess: true
     disableLocalAuth: true
+    capabilitiesToAdd: [
+      'EnableServerless'
+    ]
     sqlRoleDefinitions: [
       {
         name: 'nosql-data-plane-contributor'
         dataAction: [
-          'Microsoft.DocumentDB/databaseAccounts/readMetadata' // Read account metadata
-          'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*' // Create items
-          'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*' // Manage items      
+          'Microsoft.DocumentDB/databaseAccounts/readMetadata'
+          'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
+          'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*'     
         ]
       }
     ]
@@ -55,18 +50,18 @@ module cosmosDbAccount 'br/public:avm/res/document-db/database-account:0.6.1' =
     )
     sqlDatabases: [
       {
-        name: database.name
+        name: 'cosmicworks'
         containers: [
-          for container in containers: {
-            name: container.name
-            paths: container.partitionKeyPaths
-            autoscaleSettingsMaxThroughput: container.throughput
+          {
+            name: 'products'
+            paths: [
+              '/category'
+            ]
           }
         ]
       }
     ]
   }
 }
 
-output name string = cosmosDbAccount.outputs.name
 output endpoint string = cosmosDbAccount.outputs.endpoint

infra/app/identity.bicep

@@ -13,7 +13,6 @@ module userAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-id
   }
 }
 
-output name string = userAssignedIdentity.outputs.name
 output resourceId string = userAssignedIdentity.outputs.resourceId
 output principalId string = userAssignedIdentity.outputs.principalId
 output clientId string = userAssignedIdentity.outputs.clientId

infra/app/registry.bicep

@@ -32,5 +32,4 @@ module registryUserAssignment 'br/public:avm/ptn/authorization/resource-role-ass
   }
 }
 
-output name string = containerRegistry.outputs.name
 output endpoint string = containerRegistry.outputs.loginServer

infra/app/web.bicep

@@ -45,7 +45,13 @@ module containerAppsApp 'br/public:avm/res/app/container-app:0.9.0' = {
     tags: union(tags, { 'azd-service-name': serviceTag })
     ingressTargetPort: 8080
     ingressExternal: true
-    ingressTransport: 'auto'
+    ingressTransport: 'http'
+    corsPolicy: {
+      allowCredentials: true
+      allowedOrigins: [
+        '*'
+      ]
+    }
     managedIdentities: {
       systemAssigned: false
       userAssignedResourceIds: [
@@ -69,8 +75,8 @@ module containerAppsApp 'br/public:avm/res/app/container-app:0.9.0' = {
         image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
         name: 'web-front-end'
         resources: {
-          cpu: '0.25'
-          memory: '0.5Gi'
+          cpu: '1'
+          memory: '2Gi'
         }
         env: [
           {
@@ -86,7 +92,3 @@ module containerAppsApp 'br/public:avm/res/app/container-app:0.9.0' = {
     ]
   }
 }
-
-output endpoint string = 'https://${containerAppsApp.outputs.fqdn}'
-output envName string = containerAppsApp.outputs.name
-output systemAssignedManagedIdentityPrincipalId string = containerAppsApp.outputs.systemAssignedMIPrincipalId

infra/main.bicep

@@ -1,4 +1,4 @@
-targetScope = 'subscription'
+targetScope = 'resourceGroup'
 
 @minLength(1)
 @maxLength(64)
@@ -23,21 +23,14 @@ param containerAppsAppName string = ''
 param serviceName string = 'web'
 
 var abbreviations = loadJsonContent('abbreviations.json')
-var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
+var resourceToken = toLower(uniqueString(resourceGroup().id, environmentName, location))
 var tags = {
   'azd-env-name': environmentName
   repo: 'https://github.com/azure-samples/cosmos-db-nosql-java-quickstart'
 }
 
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = {
-  name: environmentName
-  location: location
-  tags: tags
-}
-
 module identity 'app/identity.bicep' = {
   name: 'identity'
-  scope: resourceGroup
   params: {
     identityName: '${abbreviations.userAssignedIdentity}-${resourceToken}'
     location: location
@@ -47,7 +40,6 @@ module identity 'app/identity.bicep' = {
 
 module database 'app/database.bicep' = {
   name: 'database'
-  scope: resourceGroup
   params: {
     accountName: !empty(cosmosDbAccountName) ? cosmosDbAccountName : '${abbreviations.cosmosDbAccount}-${resourceToken}'
     location: location
@@ -59,7 +51,6 @@ module database 'app/database.bicep' = {
 
 module registry 'app/registry.bicep' = {
   name: 'registry'
-  scope: resourceGroup
   params: {
     registryName: !empty(containerRegistryName) ? containerRegistryName : '${abbreviations.containerRegistry}${resourceToken}'
     location: location
@@ -69,7 +60,6 @@ module registry 'app/registry.bicep' = {
 
 module web 'app/web.bicep' = {
   name: serviceName
-  scope: resourceGroup
   params: {
     workspaceName: !empty(logWorkspaceName) ? logWorkspaceName : '${abbreviations.logAnalyticsWorkspace}-${resourceToken}'
     envName: !empty(containerAppsEnvName) ? containerAppsEnvName : '${abbreviations.containerAppsEnv}-${resourceToken}'
@@ -83,13 +73,5 @@ module web 'app/web.bicep' = {
   }
 }
 
-// Database outputs
 output AZURE_COSMOS_DB_NOSQL_ENDPOINT string = database.outputs.endpoint
-
-// Container outputs
 output AZURE_CONTAINER_REGISTRY_ENDPOINT string = registry.outputs.endpoint
-output AZURE_CONTAINER_REGISTRY_NAME string = registry.outputs.name
-
-// Application outputs
-output AZURE_CONTAINER_APP_ENDPOINT string = web.outputs.endpoint
-output AZURE_CONTAINER_ENVIRONMENT_NAME string = web.outputs.envName

readme.md

@@ -12,86 +12,39 @@ products:
 
 # Quickstart: Azure Cosmos DB for NoSQL client library for Java
 
-This is a simple Spring Web application to illustrate common basic usage of Azure Cosmos DB for NoSQL's client library for Java. This sample application accesses an existing account, database, and container using the [`azure-spring-data-cosmos`](https://mvnrepository.com/artifact/com.azure/azure-spring-data-cosmos) and [`azure-identity`](https://mvnrepository.com/artifact/com.azure/azure-identity) packages from Maven. Modify the source code and leverage the Infrastructure as Code (IaC) Bicep assets to get up and running quickly.
-
-When you are finished, you will have a fully functional web application deployed to Azure.
-
-![Screenshot of the deployed web application.](assets/web.png)
+This is a simple Spring Web application to illustrate common basic usage of Azure Cosmos DB for NoSQL's client library for Java. This sample application accesses an existing account, database, and container using the [`azure-spring-data-cosmos`](https://mvnrepository.com/artifact/com.azure/azure-spring-data-cosmos) and [`azure-identity`](https://mvnrepository.com/artifact/com.azure/azure-identity) packages from Maven.
 
 ### Prerequisites
 
-> This template will create infrastructure and deploy code to Azure. If you don't have an Azure Subscription, you can sign up for a [free account here](https://azure.microsoft.com/free/). Make sure you have the contributor role in the Azure subscription.
-
-The following prerequisites are required to use this application. Please ensure that you have them all installed locally.
-
+- [Docker](https://www.docker.com/)
 - [Azure Developer CLI](https://aka.ms/azd-install)
-- [Java 21 or newer](https://www.oracle.com/java/technologies/downloads/)
+- [Java 21](https://www.oracle.com/java/technologies/downloads/)
 
 ### Quickstart
 
-To learn how to get started with any template, follow the steps in [this quickstart](https://learn.microsoft.com/azure/cosmos-db/nosql/quickstart-java) with this template (`cosmos-db-nosql-java-quickstart`).
-
-This quickstart will show you how to authenticate on Azure, initialize using a template, provision infrastructure and deploy code on Azure via the following commands:
-
-```bash
-# Log in to azd. Only required once per-install.
-azd auth login
-
-# First-time project setup. Initialize a project in the current directory, using this template.
-# Omit the --template argument if you are running in a development container.
-azd init --template cosmos-db-nosql-java-quickstart
-
-# Provision and deploy to Azure
-azd up
-```
-
-### Application Architecture
-
-This application utilizes the following Azure resources:
-
-- [**Azure Container Registry**](https://learn.microsoft.com/azure/container-registry/)
-    - This services hosts the container image.
-- [**Azure Container Apps**](https://learn.microsoft.com/azure/container-apps/)
-    - This service hosts the Spring Web application.
-- [**Azure Cosmos DB for NoSQL**](https://learn.microsoft.com/azure/cosmos-db/) 
-    - This service stores the NoSQL data.
-
-Here's a high level architecture diagram that illustrates these components. Notice that these are all contained within a single **resource group**, that will be created for you when you create the resources.
-
-```mermaid
-%%{ init: { 'theme': 'base', 'themeVariables': { 'background': '#243A5E', 'primaryColor': '#50E6FF', 'primaryBorderColor': '#243A5E', 'tertiaryBorderColor': '#50E6FF', 'tertiaryColor': '#243A5E', 'fontFamily': 'Segoe UI', 'lineColor': '#FFFFFF', 'primaryTextColor': '#243A5E', 'tertiaryTextColor': '#FFFFFF' } }}%%
-flowchart TB
-    subgraph web-app[Azure Container Apps]
-        app-framework([Java 21 - Spring Web])
-    end
-    subgraph cosmos-db[Azure Cosmos DB]
-        subgraph database-cosmicworks[Database: cosmicworks]
-            subgraph container-products[Container: products]
-                prd-yamba[Product: Yamba Surfboard]
-                prd-kiama-classic[Product: Kiama Classic Surfboard]
-            end
-        end
-    end
-    web-app --> cosmos-db
-```
-
-### Cost of provisioning and deploying this template
-
-This template provisions resources to an Azure subscription that you will select upon provisioning them. Refer to the [Pricing calculator for Microsoft Azure](https://azure.microsoft.com/pricing/calculator/) to estimate the cost you might incur when this template is running on Azure and, if needed, update the included Azure resource definitions found in [`infra/main.bicep`](infra/main.bicep) to suit your needs.
-
-### Application Code
+1. Log in to Azure Developer CLI.
 
-This template is structured to follow the [Azure Developer CLI](https://aka.ms/azure-dev/overview). You can learn more about `azd` architecture in [the official documentation](https://learn.microsoft.com/azure/developer/azure-developer-cli/make-azd-compatible?pivots=azd-create#understand-the-azd-architecture).
+    ```bash
+    azd auth login
+    ```
 
-### Next Steps
+    > [!TIP]
+    > This is only required once per-install.
 
-At this point, you have a complete application deployed on Azure. But there is much more that the Azure Developer CLI can do. These next steps will introduce you to additional commands that will make creating applications on Azure much easier. Using the Azure Developer CLI, you can setup your pipelines, monitor your application, test and debug locally.
+1. Initialize this template (`cosmos-db-nosql-go-quickstart`) using `azd init`
 
-- [`azd pipeline config`](https://learn.microsoft.com/azure/developer/azure-developer-cli/configure-devops-pipeline?tabs=GitHub) - to configure a CI/CD pipeline (using GitHub Actions or Azure DevOps) to deploy your application whenever code is pushed to the main branch. 
+    ```bash
+    azd init --template cosmos-db-nosql-go-quickstart
+    ```
 
-- [Run and Debug Locally](https://learn.microsoft.com/azure/developer/azure-developer-cli/debug?pivots=ide-vs-code) - using Visual Studio Code and the Azure Developer CLI extension
+1. Ensure that **Docker** is running in your environment.
 
-- [`azd down`](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference#azd-down) - to delete all the Azure resources created with this template 
+1. Use `azd up` to provision your Azure infrastructure and deploy the web application to Azure.
 
+    ```bash
+    azd up
+    ```
 
+1. Observed the deployed web application
 
+    ![Screenshot of the deployed web application.](assets/web.png)