Kv

.dockerignore

@@ -0,0 +1,27 @@
+**/__pycache__
+**/.venv
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/bin
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md

.github/workflows/container.yml

@@ -0,0 +1,64 @@
+name: Deploy Container App to Azure
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  REGISTRY_LOGIN_SERVER: annacr.azurecr.io
+  IMAGE_BASE_NAME: annaimage
+  WEBAPP_NAME: annawebapp
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    outputs:
+      image-version: ${{ steps.image-version.outputs.version }}
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@main
+
+    - name: Login to Azure
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+
+
+    - name: Login to ACR
+      uses: azure/docker-login@v1
+      with:
+        login-server: ${{ env.REGISTRY_LOGIN_SERVER }}
+        username: ${{ secrets.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_PASSWORD }}
+
+    - name: Set image version
+      id: image-version
+      run: echo "version=${GITHUB_REF#refs/heads/}-$(date +'%Y.%m.%d.%H.%M')" >> $GITHUB_OUTPUT
+
+
+    - name: Build and Push Docker Image
+      run: |
+        docker build . -t ${{ env.REGISTRY_LOGIN_SERVER }}/${{env.IMAGE_BASE_NAME}}:${{ steps.image-version.outputs.version }}
+        docker build . -t ${{ env.REGISTRY_LOGIN_SERVER }}/${{env.IMAGE_BASE_NAME}}:${{ github.ref_name }}-latest
+        docker push ${{ env.REGISTRY_LOGIN_SERVER }}/${{env.IMAGE_BASE_NAME}}:${{ steps.image-version.outputs.version }}
+        docker push ${{ env.REGISTRY_LOGIN_SERVER }}/${{env.IMAGE_BASE_NAME}}:${{ github.ref_name }}-latest
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    steps:
+    - name: Login to Azure
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: Deploy Docker Image to Azure Web App
+      uses: azure/webapps-deploy@v3
+      with:
+        app-name: ${{ env.WEBAPP_NAME }}
+        images: |
+          ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_BASE_NAME }}:${{ needs.build-and-push.outputs.image-version }}
+
+

.github/workflows/deployinfra.yml

@@ -0,0 +1,42 @@
+name: Deploy to Development
+
+on:
+    workflow_dispatch:
+    push:
+        branches:
+            - main
+
+env:
+  RESOURCE_GROUP_DEV: BCSAI2024-DEVOPS-STUDENTS-A-DEV
+  SUBSCRIPTION_ID_DEV: e0b9cada-61bc-4b5a-bd7a-52c606726b3b
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Bicep linter
+        run: az bicep build --file ./main.bicep 
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build
+    environment:
+      name: 'Development deployment'
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: azure/login@v2
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+      - name: deploy
+        uses: azure/arm-deploy@v2
+        with:
+          subscriptionId: ${{ env.SUBSCRIPTION_ID_DEV }}
+          resourceGroupName: ${{ env.RESOURCE_GROUP_DEV }}
+          template: ./main.bicep
+          parameters: >
+            ./parameters.bicepparam
+
+

.vscode/launch.json

@@ -0,0 +1,40 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Python Debugger: Flask",
+            "type": "debugpy",
+            "request": "launch",
+            "module": "flask",
+            "env": {
+                "FLASK_APP": "app.py",
+                "FLASK_DEBUG": "1"
+            },
+            "args": [
+                "run",
+                "--no-debugger",
+                "--no-reload"
+            ],
+            "jinja": true,
+            "autoStartBrowser": false
+        },
+        {
+            "name": "Docker: Python - Flask",
+            "type": "docker",
+            "request": "launch",
+            "preLaunchTask": "docker-run: debug",
+            "python": {
+                "pathMappings": [
+                    {
+                        "localRoot": "${workspaceFolder}",
+                        "remoteRoot": "/app"
+                    }
+                ],
+                "projectType": "flask"
+            }
+        }
+    ]
+}

.vscode/tasks.json

@@ -0,0 +1,40 @@
+{
+	"version": "2.0.0",
+	"tasks": [
+		{
+			"type": "docker-build",
+			"label": "docker-build",
+			"platform": "python",
+			"dockerBuild": {
+				"tag": "msdocspythonflaskwebappquickstart1:latest",
+				"dockerfile": "${workspaceFolder}/Dockerfile",
+				"context": "${workspaceFolder}",
+				"pull": true
+			}
+		},
+		{
+			"type": "docker-run",
+			"label": "docker-run: debug",
+			"dependsOn": [
+				"docker-build"
+			],
+			"dockerRun": {
+				"env": {
+					"FLASK_APP": "app.py"
+				}
+			},
+			"python": {
+				"args": [
+					"run",
+					"--no-debugger",
+					"--no-reload",
+					"--host",
+					"0.0.0.0",
+					"--port",
+					"5000"
+				],
+				"module": "flask"
+			}
+		}
+	]
+}

Dockerfile

@@ -0,0 +1,26 @@
+# For more information, please refer to https://aka.ms/vscode-docker-python
+FROM python:3-slim
+
+EXPOSE 5000
+
+# Keeps Python from generating .pyc files in the container
+ENV PYTHONDONTWRITEBYTECODE=1
+
+# Turns off buffering for easier container logging
+ENV PYTHONUNBUFFERED=1
+
+# Install pip requirements
+COPY requirements.txt .
+RUN python -m pip install -r requirements.txt
+
+WORKDIR /app
+COPY . /app
+
+# Creates a non-root user with an explicit UID and adds permission to access the /app folder
+# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
+RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
+USER appuser
+
+# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "app:app"]
+

guniicorn.conf.py

@@ -0,0 +1,14 @@
+# Gunicorn configuration file
+import multiprocessing
+
+max_requests = 1000
+max_requests_jitter = 50
+
+log_file = "-"
+
+bind = "0.0.0.0:50505"
+
+workers = (multiprocessing.cpu_count() * 2) + 1
+threads = workers
+
+timeout = 120

main.bicep

@@ -0,0 +1,77 @@
+@description('Name of the Azure Container Registry')
+param containerRegistryName string
+
+@description('Location of resources')
+param location string
+
+@description('Image name for the container')
+param containerRegistryImageName string
+
+@description('Image version for the container')
+param containerRegistryImageVersion string
+
+@description('Name of the App Service Plan')
+param appServicePlanName string
+
+@description('Name of the Web App')
+param webAppName string
+
+@description('The Key Vault name')
+param keyVaultName string
+@description('The Key Vault SKU')
+param keyVaultSku string
+param enableSoftDelete bool 
+@sys.description('The role assignments for the Key Vault')
+param keyVaultRoleAssignments array 
+var adminPasswordSecretName = 'adminPasswordSecretName'
+var adminUsernameSecretName = 'adminUsernameSecretName'
+
+module keyVault 'modules/kv.bicep' = {
+  name: keyVaultName
+  params: {
+    name: keyVaultName
+    location: location
+    sku: keyVaultSku
+    roleAssignments: keyVaultRoleAssignments
+    enableVaultForDeployment: true
+    enableSoftDelete: enableSoftDelete
+  }
+}
+
+module containerRegistryModule './modules/cr.bicep' = {
+  name: containerRegistryName
+  params: {
+    keyVaultResourceId: keyVault.outputs.resourceId
+    keyVaultSecreNameAdminUsername: adminUsernameSecretName
+    keyVaultSecreNameAdminPassword: adminPasswordSecretName
+    containerRegistryName: containerRegistryName
+    location: location
+
+  }
+}
+
+module appServicePlanModule './modules/apsp.bicep' = {
+  name: appServicePlanName
+  params: {
+    appServicePlanName: appServicePlanName
+    location: location
+  }
+}
+
+resource keyVaultReference 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
+  name: keyVaultName
+  }
+module webAppModule './modules/web.bicep' = {
+  name: webAppName
+  params: {
+    webAppName: webAppName
+    location: location
+    appServicePlanId: appServicePlanModule.outputs.id
+    containerRegistryName: containerRegistryName
+    dockerRegistryImageName: containerRegistryImageName
+    dockerRegistryImageVersion: containerRegistryImageVersion
+    dockerRegistryServerUserName: keyVaultReference.getSecret(adminUsernameSecretName)
+    dockerRegistryServerPassword: keyVaultReference.getSecret(adminPasswordSecretName)
+
+  }
+}

modules/apsp.bicep

@@ -0,0 +1,20 @@
+param appServicePlanName string
+param location string = resourceGroup().location
+
+resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
+  name: appServicePlanName
+  location: location
+  sku: {
+    capacity: 1
+    family: 'B'
+    name: 'B1'
+    size: 'B1'
+    tier: 'Basic'
+  }
+  kind: 'Linux'
+  properties: {
+    reserved: true
+  }
+}
+
+output id string = appServicePlan.id