IaC - Staging + Prod #2413
IaC - Staging + Prod #2413
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces Infrastructure as Code (IaC) using Azure Bicep templates to deploy the SSW Rules application infrastructure to both staging and production environments. It replaces manual resource configuration with automated, versioned infrastructure deployment.
Changes:
- Added Bicep templates for deploying Azure Container Registry, App Services, Application Insights, and Log Analytics Workspace
- Created PowerShell deployment script with environment-specific configuration
- Updated GitHub Actions workflows to dynamically provision infrastructure before building and deploying containers
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| infra/main.bicep | Main orchestration template that deploys all Azure resources and configures role assignments |
| infra/modules/logAnalytics.bicep | Module for provisioning Log Analytics Workspace with configurable retention |
| infra/modules/appInsights.bicep | Module for creating Application Insights linked to Log Analytics |
| infra/modules/containerRegistry.bicep | Module for deploying Azure Container Registry with managed identity support |
| infra/modules/appService.bicep | Module for creating App Service with container configuration and optional deployment slots |
| infra/modules/acrRoleAssignment.bicep | Module for assigning ACR roles to managed identities |
| infra/deploy.ps1 | PowerShell script that orchestrates the Bicep deployment with environment-specific naming |
| .github/workflows/build-artifacts.yml | Updated to accept ACR name and image name as parameters instead of using variables |
| .github/workflows/build-and-deploy.yml | Added infrastructure deployment job that runs before build and deploy stages |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| serverFarmId: appServicePlanId | ||
| httpsOnly: true | ||
| siteConfig: union(baseSiteConfig, { | ||
| linuxFxVersion: 'DOCKER|${containerRegistryName}.azurecr.io/ssw-rules:${environment}' |
There was a problem hiding this comment.
The Docker image name 'ssw-rules' is hardcoded in the linuxFxVersion property. Consider making this configurable by adding a parameter for the image name, which would make the module more reusable and consistent with the workflow where 'image_name' is now passed as a parameter (set to 'rules' in build-and-deploy.yml line 89). This discrepancy between 'ssw-rules' in the Bicep template and 'rules' in the workflow could lead to deployment issues.
| } | ||
| properties: { | ||
| adminUserEnabled: adminUserEnabled | ||
| publicNetworkAccess: 'Enabled' |
There was a problem hiding this comment.
The Container Registry is configured with 'publicNetworkAccess: Enabled' which allows public access to the registry. While this may be intentional for ease of deployment, consider whether this aligns with your security requirements. For production environments, you might want to restrict access using Private Endpoints or configure firewall rules to limit access to specific IP ranges or Azure services only.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
jakebayliss
had a problem deploying
to
production
GitHub Actions
Failure
jakebayliss
had a problem deploying
to
production
GitHub Actions
Failure
jakebayliss
had a problem deploying
to
production
GitHub Actions
Failure
Description
Clean commit based on #2409
IaC to deploy both Staging and Prod resource to SSW.Rules.Staging and SSW.Rules resource groups.
This deploys: