infra: update setup script

Author: sinedied

.azure/setup.sh

@@ -3,11 +3,11 @@
 # Usage: ./setup.sh <project_name> [environment_name] [location] [options]
 # Setup the current GitHub repo for deploying on Azure.
 ##############################################################################
-# v1.0.2 | dependencies: Azure CLI, GitHub CLI, jq
+# v1.1.2 | dependencies: Azure CLI, GitHub CLI, jq
 ##############################################################################
 
-set -e
-cd $(dirname ${BASH_SOURCE[0]})
+set -euo pipefail
+cd "$(dirname "${BASH_SOURCE[0]}")"
 if [[ -f ".settings" ]]; then
   source .settings
 fi
@@ -21,12 +21,14 @@ showUsage() {
   echo "  -s, --skip-login    Skip Azure and GitHub login steps"
   echo "  -t, --terminate     Remove current setup and delete deployed resources"
   echo "  -l, --ci-login      Only perform Azure CLI login using environment credentials"
+  echo "  -c, --use-code      Use device code login flow instead of browser"
   echo
 }
 
 skip_login=false
 terminate=false
 ci_login=false
+use_code=false
 args=()
 
 while [[ $# -gt 0 ]]; do
@@ -43,11 +45,15 @@ while [[ $# -gt 0 ]]; do
       ci_login=true
       shift
       ;;
+    -c|--use-code)
+      use_code=true
+      shift
+      ;;
     --help)
       showUsage
       exit 0
       ;;
-    -*|--*)
+    --*|-*)
       showUsage
       echo "Unknown option $1"
       exit 1
@@ -73,17 +79,17 @@ if ! command -v az &> /dev/null; then
   exit 1
 fi
 
-if [[ "$ci_login" = true ]]; then
+if [[ "$ci_login" == true ]]; then
   echo "Logging in to Azure using \$AZURE_CREDENTIALS..."
-  if [[ -z "${AZURE_CREDENTIALS}" ]]; then
+  if [[ -z "${AZURE_CREDENTIALS:-}" ]]; then
     echo "Azure credentials not found."
     echo "Please run .azure/setup.sh locally to setup your deployment."
     exit 1
   fi
-  client_id="$(echo $AZURE_CREDENTIALS | jq -r .clientId)"
-  client_secret="$(echo $AZURE_CREDENTIALS | jq -r .clientSecret)"
-  subscription_id="$(echo $AZURE_CREDENTIALS | jq -r .subscriptionId)"
-  tenant_id="$(echo $AZURE_CREDENTIALS | jq -r .tenantId)"
+  client_id="$(echo "$AZURE_CREDENTIALS" | jq -r .clientId)"
+  client_secret="$(echo "$AZURE_CREDENTIALS" | jq -r .clientSecret)"
+  subscription_id="$(echo "$AZURE_CREDENTIALS" | jq -r .subscriptionId)"
+  tenant_id="$(echo "$AZURE_CREDENTIALS" | jq -r .tenantId)"
   az login \
     --service-principal \
     --username "${client_id}" \
@@ -106,20 +112,56 @@ if [[ -z "$project_name" ]]; then
   exit 1
 fi
 
-if [[ "$skip_login" = false ]]; then
+if [[ "$skip_login" == false ]]; then
+  az_login_options=""
+  if [[ "$use_code" == true || "${CODESPACES:-}" == true ]]; then
+    az_login_options="--use-device-code"
+  fi
+
   echo "Logging in to Azure..."
-  az login
-  echo "Logging in to GitHub..."
-  gh auth login
+  az login --query "[].{name:name,id:id}" $az_login_options
+  echo "Listed above are your available subscriptions."
+  echo
+
+  echo "Currently selected subscription is:"
+  az account show \
+      --query "{name:name,id:id}" \
+      --output tsv
+  echo
+  read -r -n 1 -p "Is your current subscription correct? (Y/n) " is_correct
+  echo
+
+  if [[ "$is_correct" == "n" ]]; then
+    read -r -p "Enter your subscription name or ID: " az_sub
+    az account set \
+      --subscription "$az_sub" \
+      --query "{name:name,id:id}" \
+      --output tsv
+    echo "Azure default subscription has been updated successfully."
+  fi
+
+  if [[ -z "${GITHUB_TOKEN:-}" || "${CODESPACES:-}" == true ]]; then
+    unset GITHUB_TOKEN
+    echo "Logging in to GitHub..."
+    gh auth login
+
+    if [[ -n "${GITHUB_REPOSITORY:-}" ]]; then
+      echo "Setting default GitHub repository to '$GITHUB_REPOSITORY'..."
+      gh repo set-default "$GITHUB_REPOSITORY"
+    fi
+  else
+    echo "GITHUB_TOKEN is already set, skipping GitHub login."
+  fi
+
   echo "Login successful."
 fi
 
-if [[ "$terminate" = true ]]; then
+if [[ "$terminate" == true ]]; then
   echo "Deleting current setup..."
-  .azure/infra.sh down ${project_name} ${environment} ${location}
+  .azure/infra.sh down "${project_name}" "${environment}" "${location}"
   echo "Retrieving GitHub repository URL..."
   remote_repo=$(git config --get remote.origin.url)
-  gh secret delete AZURE_CREDENTIALS -R $remote_repo
+  gh secret delete AZURE_CREDENTIALS -R "$remote_repo"
   echo "Setup deleted."
 else
   echo "Retrieving Azure subscription..."
@@ -141,8 +183,12 @@ else
   echo "Retrieving GitHub repository URL..."
   remote_repo=$(git config --get remote.origin.url)
   echo "Setting up GitHub repository secrets..."
-  gh secret set AZURE_CREDENTIALS -b"$service_principal" -R $remote_repo
-  echo "Triggering Azure deployment..."
-  gh workflow run deploy.yml
+  gh secret set AZURE_CREDENTIALS -b"$service_principal" -R "$remote_repo"
+
+  if [[ -f ".github/workflows/deploy.yml" ]]; then
+    echo "Found deploy.yml workflow, triggering deployment..."
+    gh workflow run deploy.yml
+  fi
+
   echo "Setup success!"
 fi

.github/workflows/template.yml

@@ -1,39 +1,26 @@
 # TODO solution
-- [x] Feedback npm CI with docker + npm workspaces
-- [x] CosmosDB
-- [ ] Add correlation ID in logs
-- [ ] Bicep
-  - [x] update setup script
-  - [ ] update build script
-  - [ ] update deploy script
-- [ ] GitHub Actions deployment
-- [ ] devcontainer with vscode extensions
-- [ ] secrets bash array with newlines -> nope?
+- [ ] provide zip of each service built by CI, in packages
+- [ ] add in description mention of 3 frameworks
+- [ ] URL -> host in outputs
+
+- [ ] Add correlation ID in logs (Dapr?)
+
+## Nice to have
+- [ ] devcontainer with vscode extensions (what's missing? Db explorer?)
+- [c] cosmosdb emulator in compose file? 
+- [ ] secrets bash array with newlines -> nope? ask Chris
 - [ ] env file uppercase
 - [ ] URLs and DB CS in format <name>_URL
 - [ ] bash strict mode
 
 # Workshop
-- [x] Simple website to push/get requests with auth [SWA]
-- [x] CosmosDB to store results
 <!-- - [ ] Event Grid to pass events -->
 <!-- - [ ] Azure Function to process events and store in DB -->
-- [x] Microservices problems
-  * 3 services:
-    - API gateway - N Dice Rolls
-    - Dice Rolls API - DB / APIs: new roll dice / get last N rolls - DB
-    - Settings API - Store User<>Dice Faces preferences - DB
-  <!-- * [ ] Service to service communication/auth -->
-  * Service discovery
-  * Load balancing / scaling
-  * Monitoring
+<!-- * [ ] Service to service communication/auth -->
+  * Service discovery?
   * Logging/Tracing
 
-- [x] website
-  * [x] Login
-  * [x] Set dice type preference
-  * [x] Roll N dices and show results / time
-  * [x] Show last N rolls
+- [ ] website nice CSS?
 
 # Plan
 

TODO

@@ -122,7 +122,7 @@ This will start the creation of a dev container environment, which is a pre-conf
 
 <div class="info" data-title="note">
 
-> You don't have to worry about Codespaces usage cost for this workshop, as it's free for forks of our template repository. For personal usage, Codespaces includes up to 60 hours of free usage per month for all GitHub users, see [the pricing details here](https://github.com/features/codespaces).
+> Codespaces includes up to 60 hours of free usage per month for all GitHub users, see [the pricing details here](https://github.com/features/codespaces).
 
 </div>
 
@@ -1517,8 +1517,15 @@ Create a new file named `staticwebapp.config.json` in the `packages/website/publ
 }
 ```
 
-TODO: complete
-TODO: raise issue about the rewrite
+We're defining two things here: the routing rules, and the navigation fallback. We add a routing rules to only allow access to our API to authenticated users. SWA provides two built-in roles: `authenticated` and `anonymous`. We use the `authenticated` role here, because we want to make sure that only authenticated users can access our API. If a user tries to access our API without being authenticated, it will return a `401 Unauthorized` response.
+
+<div class="info" data-title="info">
+
+> Routing options also allows to define redirections, rewriting, caching headers, and more. See the [documentation](https://learn.microsoft.com/azure/static-web-apps/configuration) for more details.
+
+</div>
+
+The navigation fallback is used to redirect all requests to unknown resources to the `index.html` file. This is mandatory for single-page applications, though we're only using it here to make sure that you always end up on the index page.
 
 ### Setting up the SWA CLI
 
@@ -1565,8 +1572,6 @@ Then, we'll add a new `start` script to our `package.json` file to start the SWA
   },
 ``` 
 
-TODO: cli fix: vite + api dev server url question
-
 ### Testing our application
 
 We're now ready to test our whole application locally. To do so, we need to start in parallel the SWA CLI and the Docker compose environment with our services.
@@ -1618,7 +1623,7 @@ You should see the login page of our application:
 
 If you select **Login**, you'll be redirected to the SWA CLI authentication emulator login page:
 
-![Screenshot of the SWA CLI login page](./assets/swa-login.png)
+![Screenshot of the SWA CLI login page](./assets/swa-cli-auth.png)
 
 This is a fake login page made for local testing, where you can enter various parameters to simulate different users. Fill in any **Username** and select **Login**.
 
@@ -1633,7 +1638,31 @@ After you're done testing, you can stop the application by pressing `Ctrl+C` in
 ---
 
 ## Azure setup
-- Setup azure account: script: explain what it does
+
+Azure is a cloud platform that provides a wide range of services to build, deploy, and manage applications. We'll use various Azure services in this workshop to host our application.
+
+First, you need to make sure you have an Azure account. If you don't have one, you can create a free account including Azure credits on the [Azure website](https://azure.microsoft.com/free/).
+
+<div class="important" data-title="important">
+
+> If you're following this workshop in-person at SnowCamp, you can use the following link to get a 50$ Azure Pass credit: [redeem your Azure Pass](https://azcheck.in/sno230125)
+
+</div>
+
+Once you have your Azure account, open a terminal at the root of the project and run:
+
+```bash
+.azure/setup.sh
+```
+
+This script uses the [Azure CLI](https://learn.microsoft.com/cli/azure) and [GitHub CLI](https://cli.github.com/) to do the following:
+- Login into your Azure account
+- Select a subscription to use
+- Create a [service principal](https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal), a token that will be used to create or update resources in Azure
+- Login into your GitHub account
+- Add the `AZURE_CREDENTIALS` secret to your GitHub repository, with your the service principal token
+
+
 
 ### Introducing Azure services
 - Explain SWA / ACR / ACA / CosmosDB / Registry / Log analytics / Azure Monitor