diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml new file mode 100644 index 0000000..0536905 --- /dev/null +++ b/.github/workflows/azure-dev.yml @@ -0,0 +1,46 @@ +# Run when commits are pushed to main +on: + workflow_dispatch: + push: + # Run when commits are pushed to mainline branch (main or master) + # Set this to the mainline branch you are using + branches: + - main + +# Set up permissions for deploying with secretless Azure federated credentials +# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication +permissions: + id-token: write + contents: read + + +jobs: + build: + runs-on: ubuntu-latest + env: + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Install azd + uses: Azure/setup-azd@v1.0.0 + - name: Log in with Azure (Federated Credentials) + run: | + azd auth login ` + --client-id "$Env:AZURE_CLIENT_ID" ` + --federated-credential-provider "github" ` + --tenant-id "$Env:AZURE_TENANT_ID" + shell: pwsh + + + - name: Provision Infrastructure + run: azd provision --no-prompt + env: + AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }} + + - name: Deploy Application + run: azd deploy --no-prompt diff --git a/infra/app/database.bicep b/infra/app/database.bicep index afc3eac..297349a 100644 --- a/infra/app/database.bicep +++ b/infra/app/database.bicep @@ -10,36 +10,31 @@ param appPrincipalId string @description('Id of the user principals to assign database and application roles.') param userPrincipalId string = '' -var database = { - name: 'cosmicworks' // Based on AdventureWorksLT data set -} - -var containers = [ - { - name: 'products' // Set of products - partitionKeyPaths: [ - '/category' // Partition on the product category - ] - autoscale: true // Scale at the container level - throughput: 1000 // Enable autoscale with a minimum of 100 RUs and a maximum of 1,000 RUs - } -] - module cosmosDbAccount 'br/public:avm/res/document-db/database-account:0.6.1' = { name: 'cosmos-db-account' params: { name: accountName location: location + locations: [ + { + failoverPriority: 0 + locationName: location + isZoneRedundant: false + } + ] tags: tags disableKeyBasedMetadataWriteAccess: true disableLocalAuth: true + capabilitiesToAdd: [ + 'EnableServerless' + ] sqlRoleDefinitions: [ { name: 'nosql-data-plane-contributor' dataAction: [ - 'Microsoft.DocumentDB/databaseAccounts/readMetadata' // Read account metadata - 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*' // Create items - 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*' // Manage items + 'Microsoft.DocumentDB/databaseAccounts/readMetadata' + 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*' + 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*' ] } ] @@ -55,12 +50,13 @@ module cosmosDbAccount 'br/public:avm/res/document-db/database-account:0.6.1' = ) sqlDatabases: [ { - name: database.name + name: 'cosmicworks' containers: [ - for container in containers: { - name: container.name - paths: container.partitionKeyPaths - autoscaleSettingsMaxThroughput: container.throughput + { + name: 'products' + paths: [ + '/category' + ] } ] } @@ -68,5 +64,4 @@ module cosmosDbAccount 'br/public:avm/res/document-db/database-account:0.6.1' = } } -output name string = cosmosDbAccount.outputs.name output endpoint string = cosmosDbAccount.outputs.endpoint diff --git a/infra/app/identity.bicep b/infra/app/identity.bicep index 14ddd91..c4c6b0b 100644 --- a/infra/app/identity.bicep +++ b/infra/app/identity.bicep @@ -13,7 +13,6 @@ module userAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-id } } -output name string = userAssignedIdentity.outputs.name output resourceId string = userAssignedIdentity.outputs.resourceId output principalId string = userAssignedIdentity.outputs.principalId output clientId string = userAssignedIdentity.outputs.clientId diff --git a/infra/app/registry.bicep b/infra/app/registry.bicep index 2243bb9..4013b70 100644 --- a/infra/app/registry.bicep +++ b/infra/app/registry.bicep @@ -32,5 +32,4 @@ module registryUserAssignment 'br/public:avm/ptn/authorization/resource-role-ass } } -output name string = containerRegistry.outputs.name output endpoint string = containerRegistry.outputs.loginServer diff --git a/infra/app/web.bicep b/infra/app/web.bicep index ec41dc5..7de741d 100644 --- a/infra/app/web.bicep +++ b/infra/app/web.bicep @@ -45,7 +45,13 @@ module containerAppsApp 'br/public:avm/res/app/container-app:0.9.0' = { tags: union(tags, { 'azd-service-name': serviceTag }) ingressTargetPort: 8080 ingressExternal: true - ingressTransport: 'auto' + ingressTransport: 'http' + corsPolicy: { + allowCredentials: true + allowedOrigins: [ + '*' + ] + } managedIdentities: { systemAssigned: false userAssignedResourceIds: [ @@ -69,8 +75,8 @@ module containerAppsApp 'br/public:avm/res/app/container-app:0.9.0' = { image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' name: 'web-front-end' resources: { - cpu: '0.25' - memory: '0.5Gi' + cpu: '1' + memory: '2Gi' } env: [ { @@ -86,7 +92,3 @@ module containerAppsApp 'br/public:avm/res/app/container-app:0.9.0' = { ] } } - -output endpoint string = 'https://${containerAppsApp.outputs.fqdn}' -output envName string = containerAppsApp.outputs.name -output systemAssignedManagedIdentityPrincipalId string = containerAppsApp.outputs.systemAssignedMIPrincipalId diff --git a/infra/main.bicep b/infra/main.bicep index 0f5df6c..95c3c7d 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1,4 +1,4 @@ -targetScope = 'subscription' +targetScope = 'resourceGroup' @minLength(1) @maxLength(64) @@ -23,21 +23,14 @@ param containerAppsAppName string = '' param serviceName string = 'web' var abbreviations = loadJsonContent('abbreviations.json') -var resourceToken = toLower(uniqueString(subscription().id, environmentName, location)) +var resourceToken = toLower(uniqueString(resourceGroup().id, environmentName, location)) var tags = { 'azd-env-name': environmentName repo: 'https://github.com/azure-samples/cosmos-db-nosql-java-quickstart' } -resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { - name: environmentName - location: location - tags: tags -} - module identity 'app/identity.bicep' = { name: 'identity' - scope: resourceGroup params: { identityName: '${abbreviations.userAssignedIdentity}-${resourceToken}' location: location @@ -47,7 +40,6 @@ module identity 'app/identity.bicep' = { module database 'app/database.bicep' = { name: 'database' - scope: resourceGroup params: { accountName: !empty(cosmosDbAccountName) ? cosmosDbAccountName : '${abbreviations.cosmosDbAccount}-${resourceToken}' location: location @@ -59,7 +51,6 @@ module database 'app/database.bicep' = { module registry 'app/registry.bicep' = { name: 'registry' - scope: resourceGroup params: { registryName: !empty(containerRegistryName) ? containerRegistryName : '${abbreviations.containerRegistry}${resourceToken}' location: location @@ -69,7 +60,6 @@ module registry 'app/registry.bicep' = { module web 'app/web.bicep' = { name: serviceName - scope: resourceGroup params: { workspaceName: !empty(logWorkspaceName) ? logWorkspaceName : '${abbreviations.logAnalyticsWorkspace}-${resourceToken}' envName: !empty(containerAppsEnvName) ? containerAppsEnvName : '${abbreviations.containerAppsEnv}-${resourceToken}' @@ -83,13 +73,5 @@ module web 'app/web.bicep' = { } } -// Database outputs output AZURE_COSMOS_DB_NOSQL_ENDPOINT string = database.outputs.endpoint - -// Container outputs output AZURE_CONTAINER_REGISTRY_ENDPOINT string = registry.outputs.endpoint -output AZURE_CONTAINER_REGISTRY_NAME string = registry.outputs.name - -// Application outputs -output AZURE_CONTAINER_APP_ENDPOINT string = web.outputs.endpoint -output AZURE_CONTAINER_ENVIRONMENT_NAME string = web.outputs.envName diff --git a/readme.md b/readme.md index 185a27d..c737199 100644 --- a/readme.md +++ b/readme.md @@ -12,86 +12,39 @@ products: # Quickstart: Azure Cosmos DB for NoSQL client library for Java -This is a simple Spring Web application to illustrate common basic usage of Azure Cosmos DB for NoSQL's client library for Java. This sample application accesses an existing account, database, and container using the [`azure-spring-data-cosmos`](https://mvnrepository.com/artifact/com.azure/azure-spring-data-cosmos) and [`azure-identity`](https://mvnrepository.com/artifact/com.azure/azure-identity) packages from Maven. Modify the source code and leverage the Infrastructure as Code (IaC) Bicep assets to get up and running quickly. - -When you are finished, you will have a fully functional web application deployed to Azure. - -![Screenshot of the deployed web application.](assets/web.png) +This is a simple Spring Web application to illustrate common basic usage of Azure Cosmos DB for NoSQL's client library for Java. This sample application accesses an existing account, database, and container using the [`azure-spring-data-cosmos`](https://mvnrepository.com/artifact/com.azure/azure-spring-data-cosmos) and [`azure-identity`](https://mvnrepository.com/artifact/com.azure/azure-identity) packages from Maven. ### Prerequisites -> This template will create infrastructure and deploy code to Azure. If you don't have an Azure Subscription, you can sign up for a [free account here](https://azure.microsoft.com/free/). Make sure you have the contributor role in the Azure subscription. - -The following prerequisites are required to use this application. Please ensure that you have them all installed locally. - +- [Docker](https://www.docker.com/) - [Azure Developer CLI](https://aka.ms/azd-install) -- [Java 21 or newer](https://www.oracle.com/java/technologies/downloads/) +- [Java 21](https://www.oracle.com/java/technologies/downloads/) ### Quickstart -To learn how to get started with any template, follow the steps in [this quickstart](https://learn.microsoft.com/azure/cosmos-db/nosql/quickstart-java) with this template (`cosmos-db-nosql-java-quickstart`). - -This quickstart will show you how to authenticate on Azure, initialize using a template, provision infrastructure and deploy code on Azure via the following commands: - -```bash -# Log in to azd. Only required once per-install. -azd auth login - -# First-time project setup. Initialize a project in the current directory, using this template. -# Omit the --template argument if you are running in a development container. -azd init --template cosmos-db-nosql-java-quickstart - -# Provision and deploy to Azure -azd up -``` - -### Application Architecture - -This application utilizes the following Azure resources: - -- [**Azure Container Registry**](https://learn.microsoft.com/azure/container-registry/) - - This services hosts the container image. -- [**Azure Container Apps**](https://learn.microsoft.com/azure/container-apps/) - - This service hosts the Spring Web application. -- [**Azure Cosmos DB for NoSQL**](https://learn.microsoft.com/azure/cosmos-db/) - - This service stores the NoSQL data. - -Here's a high level architecture diagram that illustrates these components. Notice that these are all contained within a single **resource group**, that will be created for you when you create the resources. - -```mermaid -%%{ init: { 'theme': 'base', 'themeVariables': { 'background': '#243A5E', 'primaryColor': '#50E6FF', 'primaryBorderColor': '#243A5E', 'tertiaryBorderColor': '#50E6FF', 'tertiaryColor': '#243A5E', 'fontFamily': 'Segoe UI', 'lineColor': '#FFFFFF', 'primaryTextColor': '#243A5E', 'tertiaryTextColor': '#FFFFFF' } }}%% -flowchart TB - subgraph web-app[Azure Container Apps] - app-framework([Java 21 - Spring Web]) - end - subgraph cosmos-db[Azure Cosmos DB] - subgraph database-cosmicworks[Database: cosmicworks] - subgraph container-products[Container: products] - prd-yamba[Product: Yamba Surfboard] - prd-kiama-classic[Product: Kiama Classic Surfboard] - end - end - end - web-app --> cosmos-db -``` - -### Cost of provisioning and deploying this template - -This template provisions resources to an Azure subscription that you will select upon provisioning them. Refer to the [Pricing calculator for Microsoft Azure](https://azure.microsoft.com/pricing/calculator/) to estimate the cost you might incur when this template is running on Azure and, if needed, update the included Azure resource definitions found in [`infra/main.bicep`](infra/main.bicep) to suit your needs. - -### Application Code +1. Log in to Azure Developer CLI. -This template is structured to follow the [Azure Developer CLI](https://aka.ms/azure-dev/overview). You can learn more about `azd` architecture in [the official documentation](https://learn.microsoft.com/azure/developer/azure-developer-cli/make-azd-compatible?pivots=azd-create#understand-the-azd-architecture). + ```bash + azd auth login + ``` -### Next Steps + > [!TIP] + > This is only required once per-install. -At this point, you have a complete application deployed on Azure. But there is much more that the Azure Developer CLI can do. These next steps will introduce you to additional commands that will make creating applications on Azure much easier. Using the Azure Developer CLI, you can setup your pipelines, monitor your application, test and debug locally. +1. Initialize this template (`cosmos-db-nosql-go-quickstart`) using `azd init` -- [`azd pipeline config`](https://learn.microsoft.com/azure/developer/azure-developer-cli/configure-devops-pipeline?tabs=GitHub) - to configure a CI/CD pipeline (using GitHub Actions or Azure DevOps) to deploy your application whenever code is pushed to the main branch. + ```bash + azd init --template cosmos-db-nosql-go-quickstart + ``` -- [Run and Debug Locally](https://learn.microsoft.com/azure/developer/azure-developer-cli/debug?pivots=ide-vs-code) - using Visual Studio Code and the Azure Developer CLI extension +1. Ensure that **Docker** is running in your environment. -- [`azd down`](https://learn.microsoft.com/azure/developer/azure-developer-cli/reference#azd-down) - to delete all the Azure resources created with this template +1. Use `azd up` to provision your Azure infrastructure and deploy the web application to Azure. + ```bash + azd up + ``` +1. Observed the deployed web application + ![Screenshot of the deployed web application.](assets/web.png)