First try?

Author: Torkuno

.dockerignore

@@ -0,0 +1,27 @@
+**/__pycache__
+**/.venv
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/bin
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md

.github/workflows/infra.yml

@@ -0,0 +1,119 @@
+name: Deploy Infrastructure
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+  push:
+      branches:
+        - 'main'
+
+env:
+
+  DOCKER_REGISTRY_SERVER_URL: tmesalles.azurecr.io
+  KEY_VAULT_NAME: tmesalles-kv
+  IMAGE_NAME: tmesalles-dockerimg
+  APP_SERVICE_NAME: tmesalles-appservice
+
+  RESOURCE_GROUP_DEV: BCSAI2024-DEVOPS-STUDENTS-B-DEV
+  SUBSCRIPTION_ID_DEV: e0b9cada-61bc-4b5a-bd7a-52c606726b3b
+
+  USER_ALIAS: tmesalles
+
+jobs:
+  build-exericse:
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout code
+      - uses: actions/checkout@main
+      # Lint Bicep code
+      - name: Run Bicep linter
+        run: az bicep build --file ./main.bicep
+
+      - name: Upload Bicep build artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: bicep-build
+          path: ./main.bicep
+
+        # Checkout the repository to the runner.
+      - name: Checkout
+        uses: actions/checkout@v3
+
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build-exericse
+
+    steps:
+
+    - uses: actions/checkout@main
+
+    - name: Download Bicep build artifact
+      uses: actions/download-artifact@v3
+      with:
+          name: bicep-build
+
+      # Log into Azure
+    - uses: azure/login@v2
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: deploy
+      uses: azure/arm-deploy@v2
+      with:
+        subscriptionId: ${{ env.SUBSCRIPTION_ID_DEV }}
+        resourceGroupName: ${{ env.RESOURCE_GROUP_DEV }}
+        template: ./main.bicep
+        parameters: >
+          ./infra/parameters.bicepparam
+  build-push-image:
+    runs-on: ubuntu-latest
+    needs: deploy
+    outputs:
+      image-version: ${{ steps.image-version.outputs.version }}
+
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: "Log in to azure"
+        uses: azure/login@v2
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: "Get container registry credentials from vault"
+        run: |
+          REGISTRY_USERNAME=$(az keyvault secret show --name tmesalles-cr-username --vault-name ${{ env.KEY_VAULT_NAME }} --query value -o tsv)
+          REGISTRY_PASSWORD=$(az keyvault secret show --name tmesalles-cr-password0 --vault-name ${{ env.KEY_VAULT_NAME }} --query value -o tsv)
+          echo "REGISTRY_USERNAME=${REGISTRY_USERNAME}" >> $GITHUB_ENV
+          echo "REGISTRY_PASSWORD=${REGISTRY_PASSWORD}" >> $GITHUB_ENV
+      - name: "Set image version"
+        id: image-version
+        run: |
+          echo "version=$(date +'%Y.%m.%d.%H.%M')" >> $GITHUB_OUTPUT
+      - name: "Print images"
+        run: |
+          echo "Images"
+          docker images
+      - name: "Docker build and push image"
+        run: |
+          docker build -t ${{ env.DOCKER_REGISTRY_SERVER_URL }}/${{ env.IMAGE_NAME}}:${{ steps.image-version.outputs.version}} .
+          docker login ${{ env.DOCKER_REGISTRY_SERVER_URL }} -u ${{ env.REGISTRY_USERNAME }} -p ${{ env.REGISTRY_PASSWORD }}
+          docker push ${{ env.DOCKER_REGISTRY_SERVER_URL }}/${{ env.IMAGE_NAME}}:${{ steps.image-version.outputs.version}}
+  deploy-container:
+    runs-on: ubuntu-latest
+    needs: build-push-image
+    steps:
+    - name: Login to Azure
+      uses: azure/login@v1
+      with:
+        creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+    - name: Deploy Docker Image to Azure Web App
+      uses: azure/webapps-deploy@v3
+      with:
+        app-name: ${{ env.APP_SERVICE_NAME }}
+        images: |
+          ${{ env.DOCKER_REGISTRY_SERVER_URL }}/${{ env.IMAGE_NAME }}:${{ needs.build-push-image.outputs.image-version }}

.vscode/launch.json

@@ -0,0 +1,19 @@
+{
+    "configurations": [
+        {
+            "name": "Docker: Python - Flask",
+            "type": "docker",
+            "request": "launch",
+            "preLaunchTask": "docker-run: debug",
+            "python": {
+                "pathMappings": [
+                    {
+                        "localRoot": "${workspaceFolder}",
+                        "remoteRoot": "/app"
+                    }
+                ],
+                "projectType": "flask"
+            }
+        }
+    ]
+}

.vscode/tasks.json

@@ -0,0 +1,40 @@
+{
+	"version": "2.0.0",
+	"tasks": [
+		{
+			"type": "docker-build",
+			"label": "docker-build",
+			"platform": "python",
+			"dockerBuild": {
+				"tag": "msdocspythonflaskwebappquickstart:latest",
+				"dockerfile": "${workspaceFolder}/Dockerfile",
+				"context": "${workspaceFolder}",
+				"pull": true
+			}
+		},
+		{
+			"type": "docker-run",
+			"label": "docker-run: debug",
+			"dependsOn": [
+				"docker-build"
+			],
+			"dockerRun": {
+				"env": {
+					"FLASK_APP": "app.py"
+				}
+			},
+			"python": {
+				"args": [
+					"run",
+					"--no-debugger",
+					"--no-reload",
+					"--host",
+					"0.0.0.0",
+					"--port",
+					"5002"
+				],
+				"module": "flask"
+			}
+		}
+	]
+}

docker-compose.debug.yml

@@ -0,0 +1,14 @@
+version: '3.4'
+
+services:
+  msdocspythonflaskwebappquickstart:
+    image: msdocspythonflaskwebappquickstart
+    build:
+      context: .
+      dockerfile: ./Dockerfile
+    command: ["sh", "-c", "pip install debugpy -t /tmp && python /tmp/debugpy --wait-for-client --listen 0.0.0.0:5678 -m flask run --no-debugger --no-reload --host 0.0.0.0 --port 5002"]
+    ports:
+      - 5002:5002
+      - 5678:5678
+    environment:
+      - FLASK_APP=app.py

docker-compose.yml

@@ -0,0 +1,10 @@
+version: '3.4'
+
+services:
+  msdocspythonflaskwebappquickstart:
+    image: msdocspythonflaskwebappquickstart
+    build:
+      context: .
+      dockerfile: ./Dockerfile
+    ports:
+      - 5002:5002

dockerfile

@@ -0,0 +1,25 @@
+# For more information, please refer to https://aka.ms/vscode-docker-python
+FROM python:3-slim
+
+EXPOSE 5002
+
+# Keeps Python from generating .pyc files in the container
+ENV PYTHONDONTWRITEBYTECODE=1
+
+# Turns off buffering for easier container logging
+ENV PYTHONUNBUFFERED=1
+
+# Install pip requirements
+COPY requirements.txt .
+RUN python -m pip install -r requirements.txt
+
+WORKDIR /app
+COPY . /app
+
+# Creates a non-root user with an explicit UID and adds permission to access the /app folder
+# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
+RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
+USER appuser
+
+# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
+CMD ["gunicorn", "--bind", "0.0.0.0:5002", "app:app"]

gunicorn.conf.py

@@ -0,0 +1,14 @@
+# Gunicorn configuration file
+import multiprocessing
+
+max_requests = 1000
+max_requests_jitter = 50
+
+log_file = "-"
+
+bind = "0.0.0.0:50505"
+
+workers = (multiprocessing.cpu_count() * 2) + 1
+threads = workers
+
+timeout = 120

infra/azure-app-service.bicep

@@ -0,0 +1,32 @@
+param name string
+param location string = resourceGroup().location
+param appServicePlanId string
+
+param registryName string
+@secure()
+param registryServerUserName string
+@secure()
+param registryServerPassword string
+param registryImageName string
+param registryImageVersion string
+param appSettings array = []
+var dockerAppSettings = [
+  { name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE', value: 'false' }
+  { name: 'DOCKER_REGISTRY_SERVER_URL', value: 'https://${registryName}.azurecr.io' }
+  { name: 'DOCKER_REGISTRY_SERVER_USERNAME', value: registryServerUserName }
+  { name: 'DOCKER_REGISTRY_SERVER_PASSWORD', value: registryServerPassword }
+]
+
+resource containerAppService 'Microsoft.Web/sites@2022-03-01' = {
+  name: name
+  location: location
+  kind: 'app'
+  properties: {
+    serverFarmId: appServicePlanId
+    siteConfig: {
+      linuxFxVersion: 'DOCKER|${registryName}.azurecr.io/${registryImageName}:${registryImageVersion}'
+      appCommandLine: ''
+      appSettings: union(appSettings, dockerAppSettings)
+    }
+  }
+}

infra/azure-service-plan.bicep

@@ -0,0 +1,22 @@
+param location string
+param name string
+param sku string
+
+resource appServicePlan 'Microsoft.Web/serverFarms@2022-03-01' = {
+  name: name
+  location: location
+  sku: {
+    name: sku
+    capacity: 1
+    family: 'B'
+    size: 'B1'
+    tier: 'Basic'
+  }
+  kind: 'linux'
+  properties: {
+    reserved: true
+  }
+}
+
+output id string = appServicePlan.id
+output name string = appServicePlan.name

infra/container-registry.bicep

@@ -0,0 +1,60 @@
+param name string
+param location string = resourceGroup().location
+param sku string = 'Basic'
+param adminUserEnabled bool = true
+#disable-next-line secure-secrets-in-params
+
+param keyVaultResourceId string
+param usernameSecretName string
+#disable-next-line secure-secrets-in-params
+param password0SecretName string
+#disable-next-line secure-secrets-in-params
+param password1SecretName string
+
+// Creating container registry
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' = {
+  name: name
+  location: location
+  sku: {
+    name: sku
+  }
+  properties: {
+    adminUserEnabled: adminUserEnabled
+  }
+}
+
+// Reference the existing Key Vault
+resource adminCredentialsKeyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: last(split(keyVaultResourceId, '/')) // Extract the name from the resource ID
+}
+
+// Store the admin username in Key Vault
+resource secretAdminUserName 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  name: usernameSecretName
+  parent: adminCredentialsKeyVault
+  properties: {
+    value: containerRegistry.listCredentials().username
+  }
+}
+
+// Store the first admin password in Key Vault
+resource secretAdminUserPassword0 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  name: password0SecretName
+  parent: adminCredentialsKeyVault
+  properties: {
+    value: containerRegistry.listCredentials().passwords[0].value
+  }
+}
+
+// Store the second admin password in Key Vault
+resource secretAdminUserPassword1 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  name: password1SecretName
+  parent: adminCredentialsKeyVault
+  properties: {
+    value: containerRegistry.listCredentials().passwords[1].value
+  }
+}
+
+// Output values for verification
+output containerRegistryName string = containerRegistry.name
+output containerRegistryLoginServer string = containerRegistry.properties.loginServer