feat: Removed local build from preprovision and added as part of post deployment

Author: Prajwal-Microsoft

azure.yaml

@@ -8,13 +8,6 @@ metadata:
   name: [email protected]
 
 hooks:
-  preprovision:
-    posix:
-      shell: sh
-      run: timestamp=$(date +"%Y%m%d-%H%M%S"); logFile="azd_preprovision_$timestamp.log"; sed -i 's/\r$//' ./infra/scripts/docker-build.sh; ./infra/scripts/docker-build.sh "$AZURE_SUBSCRIPTION_ID" "$AZURE_ENV_NAME" "$AZURE_LOCATION" "$AZURE_RESOURCE_GROUP" "$USE_LOCAL_BUILD" "$AZURE_ENV_IMAGETAG" 2>&1 | tee "$logFile"
-    windows:
-      shell: pwsh
-      run: $timestamp = Get-Date -Format "yyyyMMdd-HHmmss"; $logFile = "azd_preprovision_$timestamp.log"; ./infra/scripts/docker-build.ps1 $env:AZURE_SUBSCRIPTION_ID $env:AZURE_ENV_NAME $env:AZURE_LOCATION $env:AZURE_RESOURCE_GROUP $env:USE_LOCAL_BUILD $env:AZURE_ENV_IMAGETAG  *>&1 | Tee-Object -FilePath $logFile
   postprovision:
     posix:
       shell: sh

docs/CustomizingAzdParameters.md

@@ -16,7 +16,6 @@ By default this template will use the environment name as the prefix to prevent
 | `AZURE_ENV_MODEL_NAME`                 | string  | `gpt-4o`                  | Specifies the GPT model name (allowed values: `gpt-4o`).       
 | `AZURE_ENV_MODEL_VERSION`                 | string  | `2024-08-06`                  | Specifies the GPT model version (allowed values: `2024-08-06`).                       |
 | `AZURE_ENV_MODEL_CAPACITY`             | integer | `30`                        | Sets the model capacity (choose based on your subscription's available GPT capacity). |
-| `USE_LOCAL_BUILD`                      | boolean | `false`                     | Indicates whether to use a local container build for deployment.                      |
 | `AZURE_ENV_IMAGETAG`                      | boolean | `latest`                     | Set the Image tag Like (allowed values: latest, dev, hotfix)                       |
 | `AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID` | string  | `<Existing Workspace Id>` | Reuses an existing Log Analytics Workspace instead of provisioning a new one.         |
 

docs/DeploymentGuide.md

@@ -177,34 +177,24 @@ Once you've opened the project in [Codespaces](#github-codespaces), [Dev Contain
 
 6. If you are done trying out the application, you can delete the resources by running `azd down`.
 
-### Publishing Local Build Container to Azure Container Registry
+## Post Deployment Steps
+1. Optional: Publishing Local Build Container to Azure Container Registry 
 
 If you need to rebuild the source code and push the updated container to the deployed Azure Container Registry, follow these steps:
 
-1. Set the environment variable `USE_LOCAL_BUILD` to `True`:
-
    - **Linux/macOS**:
      ```bash
-     export USE_LOCAL_BUILD=True
+     cd ./infra/scripts/
+     ./docker-build.sh
      ```
 
    - **Windows (PowerShell)**:
      ```powershell
-     $env:USE_LOCAL_BUILD = $true
+     cd .\infra\scripts\
+     .\docker-build.ps1
      ```
-2. Run the `az login` command
-   ```bash
-   az login
-   ```
-
-3. Run the `azd up` command again to rebuild and push the updated container:
-   ```bash
-   azd up
-   ```
 
-This will rebuild the source code, package it into a container, and push it to the Azure Container Registry associated with your deployment.
-
-## Post Deployment Steps
+This will create a new Azure Container Registry, rebuild the source code, package it into a container, and push it to the Container Registry created.
 
 1. **Register Schema Files**
 

infra/container_app/deploy_container_app.bicep

@@ -16,7 +16,6 @@ param probes array = []
 param allowedOrigins array = [] 
 param minReplicas int = 1
 param maxReplicas int = 1
-param useLocalBuild string = 'false'
 
 //Todo: Add Appconfig endpoint as Env variable
 
@@ -34,12 +33,7 @@ resource processorContainerApp 'Microsoft.App/containerApps@2024-03-01' = {
     environmentId: containerEnvId
     workloadProfileName: 'Consumption'
     configuration:{
-      registries: useLocalBuild == 'true' ? [
-        {
-          server: azureContainerRegistry
-          identity: managedIdentityId 
-        }
-      ] : null
+      registries: null
       ingress: enableIngress ? {
         external: true
         transport: 'auto'

infra/container_app/deploy_container_app_api_web.bicep

@@ -25,7 +25,6 @@ param maxReplicaContainerWeb int = 1
 // Container related params
 param azureContainerRegistry string
 param containerRegistryReaderId string
-param useLocalBuild string = 'false'
 param imageTag string
 
 var abbrs = loadJsonContent('../abbreviations.json')
@@ -88,7 +87,6 @@ module containerApp 'deploy_container_app.bicep' = {
     enableIngress: false
     minReplicas: minReplicaContainerApp
     maxReplicas: maxReplicaContainerApp
-    useLocalBuild: useLocalBuild
   }
 }
 
@@ -112,7 +110,6 @@ module containerAppApi 'deploy_container_app.bicep' = {
     probes: probes
     minReplicas: minReplicaContainerApi
     maxReplicas: maxReplicaContainerApi
-    useLocalBuild: useLocalBuild
   }
 }
 
@@ -154,7 +151,6 @@ module containerAppWeb 'deploy_container_app.bicep' = {
     ]
     minReplicas: minReplicaContainerWeb
     maxReplicas: maxReplicaContainerWeb
-    useLocalBuild: useLocalBuild
   }
 }
 

infra/deploy_container_registry.bicep

@@ -14,6 +14,9 @@ param location string = resourceGroup().location
 
 @description('Provide a tier of your Azure Container Registry.')
 param acrSku string = 'Basic'
+
+@description('List of Principal Ids to which ACR pull role assignment is required')
+param acrPullPrincipalIds array = []
 
 resource containerRegistry 'Microsoft.ContainerRegistry/registries@2021-09-01' = {
   name: containerNameCleaned
@@ -26,6 +29,19 @@ resource containerRegistry 'Microsoft.ContainerRegistry/registries@2021-09-01' =
     zoneRedundancy: 'Disabled'
   }
 }
+
+// Add Role assignments for required principal id's
+resource acrPullRoleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in acrPullPrincipalIds: {
+  name: guid(principalId, 'acrpull')
+  scope: containerRegistry
+  properties: {
+    roleDefinitionId: subscriptionResourceId(
+      'Microsoft.Authorization/roleDefinitions',
+      '7f951dda-4ed3-4680-a7ca-43fe172d538d'
+    )
+    principalId: principalId
+  }
+}]
 
 output createdAcrName string = containerNameCleaned
 output createdAcrId string = containerRegistry.id

infra/deploy_role_assignments.bicep

@@ -9,8 +9,6 @@ param storagePrincipalId string // Resource ID of the Storage account
 param aiServiceCUId string // Resource ID of the Azure AI Content Understanding Service
 param aiServiceId string // Resource ID of the Azure Open AI service
 
-param containerRegistryReaderPrincipalId string
-
 resource appConfigDataReader 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
   scope: resourceGroup()
   name: '516239f1-63e1-4d78-a4de-a74fb236a071'
@@ -130,15 +128,3 @@ resource cognitiveServicesUserRoleAssignment 'Microsoft.Authorization/roleAssign
     principalType: 'ServicePrincipal'
   }
 }
-
-resource acrPullRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(containerRegistryReaderPrincipalId, 'acrpull')
-  scope: resourceGroup()
-  properties: {
-    roleDefinitionId: subscriptionResourceId(
-      'Microsoft.Authorization/roleDefinitions',
-      '7f951dda-4ed3-4680-a7ca-43fe172d538d'
-    ) // AcrPull role
-    principalId: containerRegistryReaderPrincipalId
-  }
-}

infra/main.bicep

@@ -20,7 +20,16 @@ param secondaryLocation string = 'EastUs2'
     type: 'location'
   }
 })
-param contentUnderstandingLocation string
+param contentUnderstandingLocation string = 'WestUS'
+
+@metadata({azd: {
+    type: 'location'
+    usageName: [
+      'OpenAI.GlobalStandard.gpt-4o,100'
+    ]
+  }
+})
+param aiDeploymentsLocation string
 
 @minLength(1)
 @description('GPT model deployment type:')
@@ -36,8 +45,6 @@ param gptModelName string = 'gpt-4o'
 @description('Version of the GPT model to deploy:')
 param gptModelVersion string = '2024-08-06'
 
-//var gptModelVersion = '2024-02-15-preview'
-
 @minValue(10)
 @description('Capacity of the GPT deployment:')
 // You can increase this, but capacity is limited per model/region, so you will get errors if you go over
@@ -62,9 +69,6 @@ param minReplicaContainerWeb int = 1
 @description('Maximum number of replicas to be added for Container Web App')
 param maxReplicaContainerWeb int = 1
 
-@description('Set this flag to true only if you are deplpoying from Local')
-param useLocalBuild string = 'false'
-
 @description('Optional: Existing Log Analytics Workspace Resource ID')
 param existingLogAnalyticsWorkspaceId string = ''
 
@@ -76,9 +80,6 @@ var resourceGroupLocation = resourceGroup().location
 // Load the abbrevations file required to name the azure resources.
 var abbrs = loadJsonContent('./abbreviations.json')
 
-// Convert input to lowercase
-var useLocalBuildLower = toLower(useLocalBuild)
-
 // ========== Managed Identity ========== //
 module managedIdentityModule 'deploy_managed_identity.bicep' = {
   name: 'deploy_managed_identity'
@@ -111,13 +112,13 @@ module applicationInsights 'deploy_app_insights.bicep' = {
   }
 }
 
-// ========== Container Registry ========== //
-module containerRegistry 'deploy_container_registry.bicep' = {
-  name: 'deploy_container_registry'
-  params: {
-    environmentName: environmentName
-  }
-}
+// // ========== Container Registry ========== //
+// module containerRegistry 'deploy_container_registry.bicep' = {
+//   name: 'deploy_container_registry'
+//   params: {
+//     environmentName: environmentName
+//   }
+// }
 
 // ========== Storage Account ========== //
 module storage 'deploy_storage_account.bicep' = {
@@ -134,7 +135,7 @@ module aifoundry 'deploy_ai_foundry.bicep' = {
   name: 'deploy_ai_foundry'
   params: {
     solutionName: solutionPrefix
-    solutionLocation: resourceGroupLocation
+    solutionLocation: aiDeploymentsLocation
     cuLocation: contentUnderstandingLocation
     deploymentType: deploymentType
     gptModelName: gptModelName
@@ -173,7 +174,6 @@ module containerApps './container_app/deploy_container_app_api_web.bicep' = {
     maxReplicaContainerApi: maxReplicaContainerApi
     minReplicaContainerWeb: minReplicaContainerWeb
     maxReplicaContainerWeb: maxReplicaContainerWeb
-    useLocalBuild: 'false'
     imageTag: 'latest'
   }
 }
@@ -221,7 +221,6 @@ module roleAssignments 'deploy_role_assignments.bicep' = {
     containerAppPrincipalId: containerApps.outputs.containerAppPrincipalId
     aiServiceCUId: aifoundry.outputs.aiServicesCuId
     aiServiceId: aifoundry.outputs.aiServicesId
-    containerRegistryReaderPrincipalId: containerAppEnv.outputs.containerRegistryReaderPrincipalId
   }
 }
 
@@ -230,7 +229,7 @@ module updateContainerApp './container_app/deploy_container_app_api_web.bicep' =
   params: {
     solutionName: solutionPrefix
     location: secondaryLocation
-    azureContainerRegistry: useLocalBuildLower == 'true' ? containerRegistry.outputs.acrEndpoint : containerImageEndPoint
+    azureContainerRegistry: containerImageEndPoint
     appConfigEndPoint: appconfig.outputs.appConfigEndpoint
     containerAppEnvId: containerAppEnv.outputs.containerEnvId
     containerRegistryReaderId: containerAppEnv.outputs.containerRegistryReaderId
@@ -242,7 +241,6 @@ module updateContainerApp './container_app/deploy_container_app_api_web.bicep' =
     maxReplicaContainerApi: maxReplicaContainerApi
     minReplicaContainerWeb: minReplicaContainerWeb
     maxReplicaContainerWeb: maxReplicaContainerWeb
-    useLocalBuild: useLocalBuildLower
     imageTag: imageTag
   }
   dependsOn: [roleAssignments]
@@ -251,4 +249,8 @@ module updateContainerApp './container_app/deploy_container_app_api_web.bicep' =
 output CONTAINER_WEB_APP_NAME string = containerApps.outputs.containerAppWebName
 output CONTAINER_API_APP_NAME string = containerApps.outputs.containerAppApiName
 output CONTAINER_WEB_APP_FQDN string = containerApps.outputs.containweAppWebEndPoint
+output CONTAINER_APP_NAME string = containerApps.outputs.containerAppName
 output CONTAINER_API_APP_FQDN string = containerApps.outputs.containweAppApiEndPoint
+output CONTAINER_APP_USER_IDENTITY_ID string = containerAppEnv.outputs.containerRegistryReaderId
+output CONTAINER_APP_USER_PRINCIPAL_ID string = containerAppEnv.outputs.containerRegistryReaderPrincipalId
+output AZURE_ENV_IMAGETAG string = imageTag