Update nodejs-typescript-food-catalog with Azure deployment workflow

samples/nodejs-typescript-food-catalog/.funcignore

@@ -1,10 +1,16 @@
-*.js.map
-*.ts
 .git*
+_storage_emulator
+.tours
 .vscode
+appPackage
+assets
+env
+infra
+scripts
+*.ts
+*.js.map
 local.settings.json
-test
-getting_started.md
-node_modules/@types/
-node_modules/azure-functions-core-tools/
-node_modules/typescript/
+readme.md
+teamsapp.local.yml
+teamsapp.yml
+tsconfig.json

samples/nodejs-typescript-food-catalog/.tours/ttk.tour

@@ -103,17 +103,17 @@
         "line": 35
       },
       {
-        "file": "aad.manifest.json",
+        "file": "infra/entra/entra.manifest.json",
         "description": "This file represents the Microsoft Entra app registration used by the connector.",
         "line": 1
       },
       {
-        "file": "aad.manifest.json",
+        "file": "infra/entra/entra.manifest.json",
         "description": "The `requiredResourceAccess` array contains the permission scopes that are configured on the app registration.\r\n\r\nTo create a connection and ingest items, you'll need:\r\n\r\n- `ExternalConnection.ReadWrite.OwnedBy`\r\n- `ExternalItem.ReadWrite.OwnedBy`",
         "line": 7
       },
       {
-        "file": "aad.manifest.json",
+        "file": "infra/entra/entra.manifest.json",
         "description": "The `identifierUris` array represents the Application URI of the Microsoft Entra app registration and is used in the Teams app manifest.",
         "line": 22
       },

samples/nodejs-typescript-food-catalog/appPackage/manifest.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.16/MicrosoftTeams.schema.json",
-  "version": "1.0.18",
+  "version": "1.0.25",
   "manifestVersion": "1.16",
   "id": "cda3f6a2-4b7e-4f9c-8c0a-3b5b7a9f1d0c",
   "packageName": "com.package.name",
@@ -24,11 +24,11 @@
   },
   "accentColor": "#FFFFFF",
   "validDomains": [
-    "${{NOTIFICATION_ENDPOINT}}"
+    "${{NOTIFICATION_DOMAIN}}"
   ],
   "webApplicationInfo": {
-    "id": "${{AAD_APP_CLIENT_ID}}",
-    "resource": "api://${{AAD_APP_CLIENT_ID}}"
+    "id": "${{ENTRA_APP_CLIENT_ID}}",
+    "resource": "api://${{ENTRA_APP_CLIENT_ID}}"
   },
   "graphConnector": {
     "notificationUrl": "${{NOTIFICATION_ENDPOINT}}/api/notification"

samples/nodejs-typescript-food-catalog/infra/azure.bicep

@@ -7,61 +7,126 @@ param appClientSecret string
 param appTenantId string
 
 // create storage account to store table data
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = {
+resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
   name: resourceBaseName
   location: location
-  kind: 'StorageV2'
   sku: {
     name: 'Standard_LRS'
   }
+  kind: 'StorageV2'
+  properties: {
+    supportsHttpsTrafficOnly: true
+    defaultToOAuthAuthentication: true
+  }
 }
 
 // create app service plan for function app
-resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
+resource hostingPlan 'Microsoft.Web/serverfarms@2021-03-01' = {
   name: resourceBaseName
   location: location
   sku: {
     name: 'Y1'
+    tier: 'Dynamic'
   }
   properties: {}
 }
 
-// create a Function app to host the notification API
-resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
+// create function app
+resource functionApp 'Microsoft.Web/sites@2021-03-01' = {
   name: resourceBaseName
-  kind: 'functionapp'
   location: location
+  kind: 'functionapp'
+  identity: {
+    type: 'SystemAssigned'
+  }
   properties: {
-    serverFarmId: appServicePlan.id
-    httpsOnly: true
+    serverFarmId: hostingPlan.id
     siteConfig: {
       ftpsState: 'FtpsOnly'
+      minTlsVersion: '1.2'
+    }
+    httpsOnly: true
+  }
+}
+
+
+// create azure key vault
+resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' = {
+  name: resourceBaseName
+  location: location
+  properties: {
+    sku: {
+      family: 'A'
+      name: 'standard'
     }
+    tenantId: subscription().tenantId
+    accessPolicies: [
+      {
+        tenantId: subscription().tenantId
+        objectId: functionApp.identity.principalId
+        permissions: {
+          secrets: ['get', 'list']
+        }
+      }
+    ]
   }
 }
 
-// set app settings on the Function app
+// add client secret to key vault
+resource appClientSecretVault 'Microsoft.KeyVault/vaults/secrets@2021-06-01-preview' = {
+  parent: keyVault
+  name: 'clientSecret'
+  properties: {
+    value: appClientSecret
+  }
+}
+
+// add storage account connection string to key vault
+resource storageAccountConnectionStringVault 'Microsoft.KeyVault/vaults/secrets@2021-06-01-preview' = {
+  parent: keyVault
+  name: 'storageAccountConnectionString'
+  properties: {
+    value: storageAccountConnectionString
+  }
+}
+
+// set app settings on the function app
 resource siteConfig 'Microsoft.Web/sites/config@2021-02-01' = {
   name: 'appsettings'
   parent: functionApp
     properties: {
+      AzureWebJobsStorage: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=storageAccountConnectionString)'
+      WEBSITE_CONTENTAZUREFILECONNECTIONSTRING: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=storageAccountConnectionString)'
+      WEBSITE_CONTENTSHARE: toLower(resourceBaseName)
       FUNCTIONS_EXTENSION_VERSION: '~4'
+      WEBSITE_NODE_DEFAULT_VERSION: '~18'
+      APPINSIGHTS_INSTRUMENTATIONKEY: applicationInsights.properties.InstrumentationKey
       FUNCTIONS_WORKER_RUNTIME: 'node'
       WEBSITE_RUN_FROM_PACKAGE: '1'
-      WEBSITE_NODE_DEFAULT_VERSION: '~18'
-      AzureWebJobsStorage: storageAccountConnectionString
-      AAD_APP_CLIENT_ID: appClientId
-      AAD_APP_CLIENT_SECRET: appClientSecret
-      AAD_APP_TENANT_ID: appTenantId
+      ENTRA_APP_CLIENT_ID: appClientId
+      ENTRA_APP_CLIENT_SECRET: '@Microsoft.KeyVault(VaultName=${keyVault.name};SecretName=clientSecret)'
+      ENTRA_APP_TENANT_ID: appTenantId
       NOTIFICATION_ENDPOINT: notificationEndpoint
       GRAPH_SCHEMA_STATUS_INTERVAL: '10'
     }
 }
 
+// create application insights resource
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
+  name: resourceBaseName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    Request_Source: 'rest'
+  }
+}
+
 var storageAccountConnectionString = 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}'
 var notificationEndpoint = 'https://${functionApp.properties.defaultHostName}'
 
 // output values to env.dev so they can be used by other actions
 output NOTIFICATION_FUNCTION_RESOURCE_ID string = functionApp.id
 output SECRET_STORAGE_ACCOUNT_CONNECTION_STRING string = storageAccountConnectionString
 output NOTIFICATION_ENDPOINT string = notificationEndpoint
+output NOTIFICATION_DOMAIN string = functionApp.properties.defaultHostName

samples/nodejs-typescript-food-catalog/infra/azure.parameters.json

@@ -6,13 +6,13 @@
       "value": "connector${{RESOURCE_SUFFIX}}"
     },
     "appClientId": {
-      "value": "${{AAD_APP_CLIENT_ID}}"
+      "value": "${{ENTRA_APP_CLIENT_ID}}"
     },
     "appClientSecret": {
-      "value": "${{SECRET_AAD_APP_CLIENT_SECRET}}"
+      "value": "${{SECRET_ENTRA_APP_CLIENT_SECRET}}"
     },
     "appTenantId": {
-      "value": "${{AAD_APP_TENANT_ID}}"
+      "value": "${{ENTRA_APP_TENANT_ID}}"
     }
   }
 }

samples/nodejs-typescript-food-catalog/aad.manifest.json → samples/nodejs-typescript-food-catalog/infra/entra/entra.manifest.json

@@ -1,6 +1,6 @@
 {
-  "id": "${{AAD_APP_OBJECT_ID}}",
-  "appId": "${{AAD_APP_CLIENT_ID}}",
+  "id": "${{ENTRA_APP_OBJECT_ID}}",
+  "appId": "${{ENTRA_APP_CLIENT_ID}}",
   "name": "${{APP_NAME}}-${{TEAMSFX_ENV}}",
   "accessTokenAcceptedVersion": 2,
   "signInAudience": "AzureADMultipleOrgs",
@@ -19,6 +19,6 @@
       ]
     }
   ],
-  "identifierUris": ["api://${{AAD_APP_CLIENT_ID}}"],
+  "identifierUris": ["api://${{ENTRA_APP_CLIENT_ID}}"],
   "replyUrlsWithType": []
 }