Orleans improvements (#6)

* namespace fixes + remove skills definitios from Actors project * add waf context to actors * deploy to Azure WIP * add bicep for gh-flow and cosmos * azure deploy fixes * azure deploy WIP
microsoft · Oct 26, 2023 · f423e15 · f423e15
1 parent 12bf4fe
commit f423e15
Show file tree

Hide file tree

Showing 61 changed files with 786 additions and 327 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -4,4 +4,10 @@ RUN apt-get update && apt-get install -y xz-utils nodejs npm
 
 RUN curl -fsSL https://aka.ms/install-azd.sh | bash
 
+RUN curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | \
+  sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null && \
+  echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | \
+  sudo tee /etc/apt/sources.list.d/ngrok.list && \
+  sudo apt update && sudo apt install ngrok
+
 RUN npm i -g azure-functions-core-tools@4 --unsafe-perm true
diff --git a/.dockerignore b/.dockerignore
@@ -11,6 +11,7 @@
 **/*.*proj.user
 **/*.dbmdl
 **/*.jfm
+**/azds.yaml
 **/bin
 **/charts
 **/docker-compose*
@@ -22,4 +23,4 @@
 **/secrets.dev.yaml
 **/values.dev.yaml
 LICENSE
-README.md
+README.md
diff --git a/azure.yaml b/azure.yaml
@@ -1,8 +1,10 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
 
-name: sk-dev-team
+name: ai-dev-team
 services:
-  sk-func:
-    project: ./src/apps/gh-flow-df
-    language: dotnet
-    host: function
+  gh-flow:
+    project: ./src/apps/gh-flow
+    language: csharp
+    host: containerapp
+    docker:
+      context: ../../../
diff --git a/infra/abbreviations.json b/infra/abbreviations.json
@@ -7,5 +7,8 @@
     "resourcesResourceGroups": "rg-",
     "storageStorageAccounts": "st",
     "webServerFarms": "plan-",
-    "webSitesFunctions": "func-"
+    "webSitesFunctions": "func-",
+    "appContainerApps": "ca-",
+    "managedIdentityUserAssignedIdentities": "id-",
+    "documentDBDatabaseAccounts":"cosmos-"
 }
diff --git a/infra/app/db.bicep b/infra/app/db.bicep
@@ -0,0 +1,46 @@
+param accountName string
+param location string = resourceGroup().location
+param tags object = {}
+
+param containers array = [
+  {
+    name: 'reminders'
+    id: 'reminders'
+    partitionKey: '/id'
+  }
+  {
+    name: 'persistence'
+    id: 'persistence'
+    partitionKey: '/id'
+  }
+  {
+    name: 'clustering'
+    id: 'clustering'
+    partitionKey: '/id'
+  }
+]
+
+param databaseName string = ''
+param principalIds array = []
+
+// Because databaseName is optional in main.bicep, we make sure the database name is set here.
+var defaultDatabaseName = 'Todo'
+var actualDatabaseName = !empty(databaseName) ? databaseName : defaultDatabaseName
+
+module cosmos '../core/database/cosmos/sql/cosmos-sql-db.bicep' = {
+  name: 'cosmos-sql'
+  params: {
+    accountName: accountName
+    location: location
+    tags: tags
+    containers: containers
+    databaseName: actualDatabaseName
+    principalIds: principalIds
+  }
+}
+
+output accountName string = cosmos.outputs.accountName
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output databaseName string = cosmos.outputs.databaseName
+output endpoint string = cosmos.outputs.endpoint
+output roleDefinitionId string = cosmos.outputs.roleDefinitionId
diff --git a/infra/app/gh-flow.bicep b/infra/app/gh-flow.bicep
@@ -0,0 +1,164 @@
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param applicationInsightsName string
+param identityName string
+param serviceName string = 'gh-flow'
+param sandboxImage string = 'mcr.microsoft.com/dotnet/sdk:7.0'
+
+
+param containerAppsEnvironmentName string
+param containerRegistryName string
+param storageAccountName string
+param cosmosAccountName string
+
+@secure()
+param githubAppKey string
+param githubAppId string
+param githubAppInstallationId string
+param rgName string
+param aciShare string
+param openAIServiceType string
+param openAIServiceId string
+param openAIDeploymentId string
+param openAIEmbeddingId string
+param openAIEndpoint string
+@secure()
+param openAIKey string
+param qdrantEndpoint string
+
+resource ghFlowIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: identityName
+  location: location
+}
+
+resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing = {
+  name: applicationInsightsName
+}
+
+resource storage 'Microsoft.Storage/storageAccounts@2021-09-01' existing = {
+  name: storageAccountName
+}
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
+  name: cosmosAccountName
+}
+
+var contributorRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+
+resource rgContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, resourceGroup().id, contributorRole)
+  properties: {
+    roleDefinitionId: contributorRole
+    principalType: 'ServicePrincipal'
+    principalId: app.outputs.identityPrincipalId
+  }
+}
+
+module app '../core/host/container-app.bicep' = {
+  name: '${serviceName}-ghflow'
+  params: {
+    name: name
+    location: location
+    tags: union(tags, { 'azd-service-name': serviceName })
+    identityType: 'UserAssigned'
+    identityName: ghFlowIdentity.name
+    containerAppsEnvironmentName: containerAppsEnvironmentName
+    containerRegistryName: containerRegistryName
+    containerCpuCoreCount: '2.0'
+    containerMemory: '4.0Gi'
+    env: [
+      {
+        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
+        value: applicationInsights.properties.ConnectionString
+      }
+      {
+        name: 'SANDBOX_IMAGE'
+        value: sandboxImage
+      }
+      {
+        name: 'GithubOptions__AppKey'
+        value: githubAppKey
+      }
+      {
+        name: 'GithubOptions__AppId'
+        value: githubAppId
+      }
+      {
+        name: 'GithubOptions__InstallationId'
+        value: githubAppInstallationId
+      }
+      {
+        name: 'AzureOptions__SubscriptionId'
+        value: subscription().subscriptionId
+      }
+      {
+        name: 'AzureOptions__Location'
+        value: location
+      }
+      {
+        name: 'AzureOptions__ManagedIdentity'
+        value: ghFlowIdentity.properties.clientId
+      }
+      {
+        name: 'AzureOptions__ContainerInstancesResourceGroup'
+        value: rgName
+      }
+      {
+        name: 'AzureOptions__FilesAccountKey'
+        value: storage.listKeys().keys[0].value
+      }
+      {
+        name: 'AzureOptions__FilesShareName'
+        value: aciShare
+      }
+      {
+        name: 'AzureOptions__FilesAccountName'
+        value: storageAccountName
+      }
+      {
+        name: 'AzureOptions__CosmosConnectionString'
+        value: cosmos.listConnectionStrings().connectionStrings[0].connectionString
+      }
+      {
+        name: 'OpenAIOptions__ServiceType'
+        value: openAIServiceType
+      }
+      {
+        name: 'OpenAIOptions__ServiceId'
+        value: openAIServiceId
+      }
+      {
+        name: 'OpenAIOptions__DeploymentOrModelId'
+        value: openAIDeploymentId
+      }
+      {
+        name: 'OpenAIOptions__EmbeddingDeploymentOrModelId'
+        value: openAIEmbeddingId
+      }
+      {
+        name: 'OpenAIOptions__Endpoint'
+        value: openAIEndpoint
+      }
+      {
+        name: 'OpenAIOptions__ApiKey'
+        value: openAIKey
+      }
+      {
+        name: 'QdrantOptions__Endpoint'
+        value: qdrantEndpoint
+      }
+      {
+        name: 'QdrantOptions__VectorSize'
+        value: '1536'
+      }
+    ]
+    targetPort: 5274
+  }
+}
+
+
+output SERVICE_TRANSLATE_API_IDENTITY_PRINCIPAL_ID string = app.outputs.identityPrincipalId
+output SERVICE_TRANSLATE_API_NAME string = app.outputs.name
+output SERVICE_TRANSLATE_API_URI string = app.outputs.uri
diff --git a/infra/core/database/cosmos/cosmos-account.bicep b/infra/core/database/cosmos/cosmos-account.bicep
@@ -0,0 +1,37 @@
+metadata description = 'Creates an Azure Cosmos DB account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+param connectionStringKey string = 'AZURE-COSMOS-CONNECTION-STRING'
+
+@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
+param kind string
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
+  name: name
+  kind: kind
+  location: location
+  tags: tags
+  properties: {
+    consistencyPolicy: { defaultConsistencyLevel: 'Session' }
+    locations: [
+      {
+        locationName: location
+        failoverPriority: 0
+        isZoneRedundant: false
+      }
+    ]
+    databaseAccountOfferType: 'Standard'
+    enableAutomaticFailover: false
+    enableMultipleWriteLocations: false
+    apiProperties: (kind == 'MongoDB') ? { serverVersion: '4.0' } : {}
+    capabilities: [ { name: 'EnableServerless' } ]
+  }
+}
+
+
+output connectionStringKey string = connectionStringKey
+output endpoint string = cosmos.properties.documentEndpoint
+output id string = cosmos.id
+output name string = cosmos.name
diff --git a/infra/core/database/cosmos/sql/cosmos-sql-account.bicep b/infra/core/database/cosmos/sql/cosmos-sql-account.bicep
@@ -0,0 +1,19 @@
+metadata description = 'Creates an Azure Cosmos DB for NoSQL account.'
+param name string
+param location string = resourceGroup().location
+param tags object = {}
+
+module cosmos '../../cosmos/cosmos-account.bicep' = {
+  name: 'cosmos-account'
+  params: {
+    name: name
+    location: location
+    tags: tags
+    kind: 'GlobalDocumentDB'
+  }
+}
+
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output endpoint string = cosmos.outputs.endpoint
+output id string = cosmos.outputs.id
+output name string = cosmos.outputs.name
diff --git a/infra/core/database/cosmos/sql/cosmos-sql-db.bicep b/infra/core/database/cosmos/sql/cosmos-sql-db.bicep
@@ -0,0 +1,72 @@
+metadata description = 'Creates an Azure Cosmos DB for NoSQL account with a database.'
+param accountName string
+param databaseName string
+param location string = resourceGroup().location
+param tags object = {}
+
+param containers array = []
+param principalIds array = []
+
+module cosmos 'cosmos-sql-account.bicep' = {
+  name: 'cosmos-sql-account'
+  params: {
+    name: accountName
+    location: location
+    tags: tags
+  }
+}
+
+resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
+  name: '${accountName}/${databaseName}'
+  properties: {
+    resource: { id: databaseName }
+  }
+
+  resource list 'containers' = [for container in containers: {
+    name: container.name
+    properties: {
+      resource: {
+        id: container.id
+        partitionKey: { paths: [ container.partitionKey ] }
+      }
+      options: {}
+    }
+  }]
+
+  dependsOn: [
+    cosmos
+  ]
+}
+
+module roleDefinition 'cosmos-sql-role-def.bicep' = {
+  name: 'cosmos-sql-role-definition'
+  params: {
+    accountName: accountName
+  }
+  dependsOn: [
+    cosmos
+    database
+  ]
+}
+
+// We need batchSize(1) here because sql role assignments have to be done sequentially
+@batchSize(1)
+module userRole 'cosmos-sql-role-assign.bicep' = [for principalId in principalIds: if (!empty(principalId)) {
+  name: 'cosmos-sql-user-role-${uniqueString(principalId)}'
+  params: {
+    accountName: accountName
+    roleDefinitionId: roleDefinition.outputs.id
+    principalId: principalId
+  }
+  dependsOn: [
+    cosmos
+    database
+  ]
+}]
+
+output accountId string = cosmos.outputs.id
+output accountName string = cosmos.outputs.name
+output connectionStringKey string = cosmos.outputs.connectionStringKey
+output databaseName string = databaseName
+output endpoint string = cosmos.outputs.endpoint
+output roleDefinitionId string = roleDefinition.outputs.id