Merge branch 'Azure-Samples:main' into main

Author: Aryan-CC

.devcontainer/devcontainer.json

@@ -10,9 +10,17 @@
             "version": "latest",
             "ppa": "false"
         },
-        "ghcr.io/devcontainers/features/azure-cli:1": {},
+        "ghcr.io/devcontainers/features/azure-cli:1": {
+            "extensions": [
+                "account",
+                "containerapp",
+                "serviceconnector-passwordless"
+            ],
+            "installBicep": true
+        },
         "ghcr.io/devcontainers/features/terraform:1": {},
-        "ghcr.io/devcontainers/features/docker-in-docker:1": {}
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+        "ghcr.io/azure/azure-dev/azd:latest": {}
     },
     "containerEnv": {
         "JAVA_HOME": "/usr/lib/jvm/msopenjdk-current"
@@ -33,7 +41,7 @@
     // "forwardPorts": [],
 
     // Use 'postCreateCommand' to run commands after the container is created.
-    // "postCreateCommand": "java -version",
+    "postCreateCommand": "./.devcontainer/postCreateCommand.sh",
 
     // Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
     "remoteUser": "vscode"

.devcontainer/postCreateCommand.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+azd config set alpha.deployment.stacks on
+
+DEV_ENV_FILE="\$HOME/.dev-environment"
+
+cat <<EOT >> "$HOME/.bashrc"
+
+# auto load
+if [[ -f "$DEV_ENV_FILE" ]]; then
+    source "$DEV_ENV_FILE"
+fi
+
+saveenv() {
+    # Check if var_save is set
+    declare -p | grep -v "declare -[a-z]*r" > "$DEV_ENV_FILE"
+}
+
+clearenv() {
+    echo "" > "$DEV_ENV_FILE"
+}
+
+EOT

.github/workflows/azure-dev.yml

@@ -0,0 +1,73 @@
+name: Azd Automation
+on:
+  workflow_dispatch:
+
+# Set up permissions for deploying with secretless Azure federated credentials
+# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+      AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+      AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install azd
+        uses: Azure/setup-azd@v1.0.0
+
+      - name: Install Az extensions
+        run: |
+          az extension add --upgrade -n containerapp --allow-preview true
+          az extension add --upgrade -n serviceconnector-passwordless --allow-preview true
+          az version
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v2
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+          cache: maven
+
+      - name: Log in with Azure (Federated Credentials)
+        run: |
+          azd auth login \
+            --client-id ${{env.AZURE_CLIENT_ID}} \
+            --federated-credential-provider "github" \
+            --tenant-id ${{env.AZURE_TENANT_ID}}
+
+      - name: Azure login
+        uses: azure/login@v2
+        with:
+          client-id: ${{env.AZURE_CLIENT_ID}}
+          tenant-id: ${{env.AZURE_TENANT_ID}}
+          subscription-id: ${{env.AZURE_SUBSCRIPTION_ID}}
+
+      - name: Set environment name with timestamp
+        id: set_env_name
+        run: |
+          current_time=$(date +%m%d%H%M)
+          azure_env_name="${{ env.AZURE_ENV_NAME }}-$current_time"
+          echo "AZURE_ENV_NAME=$azure_env_name" >> $GITHUB_ENV
+          echo "azure_env_name is $azure_env_name"
+        shell: bash
+        env:
+          AZURE_ENV_NAME: ${{ env.AZURE_ENV_NAME }}
+
+      - name: Provision
+        run: |
+          azd up --no-prompt
+
+      - name: Show azd environments
+        run: |
+          azd env list
+          azd env get-values

.github/workflows/maven-build.yml

@@ -18,11 +18,13 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
+
     - name: Set up JDK 17
       uses: actions/setup-java@v2
       with:
         java-version: '17'
         distribution: 'adopt'
         cache: maven
+
     - name: Build with Maven
       run: mvn -B package --file src/pom.xml

.github/workflows/validation-sample-workflow.yml

@@ -0,0 +1,32 @@
+name: Validation Sample Workflow
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+  pull-requests: write
+
+jobs:
+  template_validation_job:
+    runs-on: ubuntu-latest
+    name: template validation
+    steps:
+      - uses: actions/checkout@v4
+
+      # https://github.com/microsoft/template-validation-action
+      - uses: microsoft/template-validation-action@v0.3.2
+        id: validation
+        with:
+          validateAzd: true
+          useDevContainer: true
+        env:
+          AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+          AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+          AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+          AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: print result
+        run: cat ${{ steps.validation.outputs.resultFile }}

LICENSE.md

@@ -1,21 +1,21 @@
-    MIT License
+MIT License
 
-    Copyright (c) Microsoft Corporation.
+Copyright (c) Microsoft Corporation.
 
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE

LabTips.md

@@ -1,7 +1,7 @@
 ---
 title: 'Lab Tips and troubleshooting'
-layout: default
-nav_order: 13
+layout: home
+nav_order: 14
 ---
 
 # A couple of tips when you run this lab

README.md

@@ -1,35 +1,138 @@
-# Lab: Deploying and running Java Applications in Azure Container Apps
+# Deploying and running Java Applications with AI in Azure Container Apps
 
-This lab teaches you how to deploy the [Spring Petclinic Microservices](https://github.com/Azure-Samples/java-microservices-aca-lab/tree/main/src) application to Azure container apps and integrate it with additional Azure services.
+[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/Azure-Samples/java-microservices-aca-lab)
+[![Open in Dev Containers](https://img.shields.io/static/v1?style=for-the-badge&label=Dev%20Containers&message=Open&color=blue&logo=visualstudiocode)](https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/azure-samples/java-microservices-aca-lab)
 
-## Modules
+This project shows how to deploy the [Spring Petclinic Microservices](https://github.com/Azure-Samples/java-microservices-aca-lab/tree/main/src) application with OpenAI to [Azure Container Apps](https://learn.microsoft.com/azure/container-apps/overview) and integrate it with additional Azure services, also some samples for Azure Container Apps features.
 
-This lab has modules on:
+[Features](#features) • [Gettting Started](#getting-started) • [Guidance](#guidance)
 
-* Plan a Java application migration to Azure Container Apps
-* Migrate a Spring Apps microservices application to Azure Container Apps
-* Enable monitoring and end-to-end tracing
-* Secure application secrets.
-* Protect endpoints using Web Application Firewalls
-* Secure MySQL database and Key Vault using a Private Endpoint
+![main page](./images/api-gateway-main.png)
 
-The lab is available as GitHub pages [here](https://azure-samples.github.io/java-microservices-aca-lab/)
+## Important Security Notice
+
+This template, the application code and configuration it contains, has been built to showcase Microsoft Azure specific services and tools. We strongly advise our customers not to make this code part of their production environments without implementing or enabling additional security features.  
+
+For a more comprehensive list of best practices and security recommendations for Intelligent Applications, visit [Azure security best practices and patterns](https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns), [Azure security baseline for Intelligent Recommendations](https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/intelligent-recommendations-security-baseline)
+
+## Features
+
+The following technologies are part of the project:
+
+* Java 17
+* Maven
+* [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/)
+* [Azure Developer CLI (azd)](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/)
+
+This project provides the following features:
+
+* A [Spring Petclinic Microservices](https://github.com/Azure-Samples/java-microservices-aca-lab/tree/main/src) deployment on Azure Container Apps with AI chat agent.
+* Azure Container Apps java components ([eureka server](https://learn.microsoft.com/en-us/azure/container-apps/java-eureka-server-usage) /[config server](https://learn.microsoft.com/en-us/azure/container-apps/java-config-server-usage) / [spring boot admin](https://learn.microsoft.com/en-us/azure/container-apps/java-admin-for-spring-usage)) support.
+* [Bicep files](https://docs.microsoft.com/azure/azure-resource-manager/bicep/) for provisioning Azure resources, including Azure OpenAI, Azure Container Apps, Azure Database for MySQL - Flexible Server, Azure Container Registry, Azure Log Analytics, Azure Application Insights and RBAC roles. See [Deploy to Azure automatically](https://azure-samples.github.io/java-microservices-aca-lab/docs/06_lab_automation/06_openlab_automation.html).
+* Best practices to build [more secure](https://azure-samples.github.io/java-microservices-aca-lab/docs/07_lab_security/07_openlab_security_aca.html), [more reliable](https://azure-samples.github.io/java-microservices-aca-lab/docs/10_lab_reliable_application/10_reliable_java_aca.html) and [more flexible](https://azure-samples.github.io/java-microservices-aca-lab/docs/11_lab_scale/11_openlab_scale_aca.html) java apps on Azure Container Apps.
+* AI chat agent to take advantage of large-scale, generative AI models with deep understandings of language and code to enable new reasoning and comprehension capabilities. See [Integrate with Azure OpenAI](https://azure-samples.github.io/java-microservices-aca-lab/docs/05_lab_openai/05_openlab_openai_aca.html)
+
+![Screenshot of the chat app](./images/acalab-ai-chat.png)
+
+### Architecture Diagram
+
+![Architecture Diagram](./images/acalab-overview.png)
 
 ## Getting Started
 
+You have a few options for getting started with this template. 
+
+* [GitHub codespace](#github-codespaces)
+* [Visual Studio Code with remote containers option](#vs-code-dev-containers)
+* [Local Development](#local-environment)
+
+All the steps of this lab have been tested in the GitHub CodeSpace. This is the preferred option for running this lab!
+
+### GitHub Codespaces
+
+* Prepare the environment following the steps in [Using a GitHub codespace](https://azure-samples.github.io/java-microservices-aca-lab/install.html#using-a-github-codespace)
+* Continue with [deploying steps](#deploying)
+
+### VS Code Dev Containers
+
+* Prepare the environment following the steps in [Using Visual Studio Code with remote containers](https://azure-samples.github.io/java-microservices-aca-lab/install.html#using-a-github-codespace)
+* Continue with [deploying steps](#deploying)
+
+### Local Environment
+
+* Prepare the environment following the steps in [Install all the tools on your local machine](https://azure-samples.github.io/java-microservices-aca-lab/install.html#install-all-the-tools-on-your-local-machine)
+* Continue with [deploying steps](#deploying)
+
+### Deploying
+
+Once you've opened the project in [Codespaces](#github-codespaces), in [Dev Containers](#vs-code-dev-containers), or [locally](#local-environment), you can deploy it to Azure.
+
+* Your Azure account must have `Microsoft.Authorization/roleAssignments/write` permissions, such as [Role Based Access Control Administrator](https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#role-based-access-control-administrator-preview), [User Access Administrator](https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#user-access-administrator), or [Owner](https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#owner). If you don't have subscription-level permissions, you must be granted [RBAC](https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#role-based-access-control-administrator-preview) for an existing resource group and [deploy to that existing group](./docs/06_lab_automation/0604.md).
+* Your Azure account also needs `Microsoft.Resources/deployments/write` permissions on the subscription level.
+
+Suggested: Both **Contributor** and **User Access Administrator** roles on the subscription.
+
+1. Login to Azure
+
+   `azd auth login`
+
+   `az login`
+
+1. Provision and deploy all the resources:
+
+   `azd up`
+
+   It will prompt you to provide an `azd` environment name (like "java-ai"), select a subscription from your Azure account, and select a [location where OpenAI is available](#region-availability) (like "eastus2"). Then it will provision the resources in your account and deploy the latest code. If you get an error or timeout with deployment, changing the location can help, as there may be availability constraints for the OpenAI resource.
+
+1. When azd has finished deploying, visit the api-gateway url and begin your experience on AI java apps.
+
+   ```text
+   INFO: Deploy finish succeed!
+   INFO: Api Gateway App url: https://api-gateway.<cluster>.<region>.azurecontainerapps.io
+   INFO: Spring Boot Admin url: https://springbootadmin-azure-java.ext.<cluster>.<region>.azurecontainerapps.io
+   ```
+
+1. When you've made any changes to the app code, you can just run:
+
+   - `azd deploy` for all services
+
+   - `azd deploy -n <service>` for single service
+
+   
+
+## Guidance
+
 ### Prerequisites
 
 For running this lab you will need:
 
-- A GitHub account
-- An Azure Subscription
+* A GitHub account
+* An Azure Subscription
+
+### Region Availability
+
+1. This template uses [Azure OpenAI Service](https://learn.microsoft.com/en-us/azure/ai-services/openai/overview) deployment mododules **gpt-4o** and **text-embedding-ada-002** which may not be available in all Azure regions. Check for [up-to-date region availability](https://learn.microsoft.com/azure/ai-services/openai/concepts/models#standard-deployment-model-availability) and select a region during deployment accordingly
+
+1. The template uses [Azure Database for MySQL - Flexible Server](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/overview) version 8.0 to store data. You may select a region suite for this service. Or create a database instance manually then [Reuse existing service](https://azure-samples.github.io/java-microservices-aca-lab/docs/06_lab_automation/0604.html).
+
+  * We recommend using **East US**, **East US 2**, **North Central US**, **Sweden Central**.
+
+### Costs
+
+You can estimate the cost of this project's architecture with [Azure's pricing calculator](https://azure.microsoft.com/pricing/calculator/)
+
+* Azure Container Apps - [Consumption](https://azure.microsoft.com/en-us/pricing/details/container-apps/)
+* Azure Database for MySQL - [Flexible Server](https://azure.microsoft.com/en-us/pricing/details/mysql/)
+* Azure OpenAI Service - [Standard](https://azure.microsoft.com/en-us/pricing/details/cognitive-services/openai-service/)
+* Azure Monitor - [Analytics Logs](https://azure.microsoft.com/en-us/pricing/details/monitor/)
+
+### Security
 
-### Installation
+This template has [Managed Identity](https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview) built in to eliminate the need for developers to manage these credentials.
 
-For running this lab with all the needed tooling, there are 3 options available: 
+Applications can use managed identities to obtain Microsoft Entra tokens without having to manage any credentials. Additionally, we have added a [GitHub Action tool](https://github.com/microsoft/security-devops-action) that scans the infrastructure-as-code files and generates a report containing any detected issues. To ensure best practices in your repo we recommend anyone creating solutions based on our templates ensure that the [Github secret scanning](https://docs.github.com/code-security/secret-scanning/about-secret-scanning) setting is enabled in your repos.
 
-- Using a GitHub codespace  
-- Using Visual Studio Code with remote containers option
-- Install all the tools on your local machine
+## Resources
 
-Full installation guidance and options for running this lab can be found in the [Installation instructions](install.md).
+* Go to the lab for more details [Deploying and running Java Applications with AI in Azure Container Apps](https://azure-samples.github.io/java-microservices-aca-lab/)
+* Full installation guidance and options for running this lab can be found in the [Installation instructions](install.md).