Initial commit

Author: Bob Tabor

.cruft.json

@@ -0,0 +1,33 @@
+{
+  "template": "https://github.com/Azure-Samples/Azure-Python-Standardization-Template-Generator",
+  "commit": "619a6b29afba8ca26c528526bc313294d5c414a4",
+  "checkout": null,
+  "context": {
+    "cookiecutter": {
+      "project_name": "azure",
+      "python_version": "3.12",
+      "project_backend": "fastapi",
+      "db_resource": "postgres-flexible",
+      "project_host": "appservice",
+      "web_port": "8000",
+      "__repo_name": "azure-fastapi-postgres-flexible-appservice",
+      "__src_folder_name": "azure-fastapi-postgres-flexible-appservice",
+      "__project_short_description": "Create a relecloud demo application with fastapi and postgres-flexible",
+      "_copy_without_render": [
+        ".github/workflows/azure-dev.yml",
+        ".github/workflows/cruft.yml",
+        ".github/workflows/devcontainer-ci.yml",
+        ".github/workflows/format.yml"
+      ],
+      "_extensions": [
+        "extensions.GetUrlForBackend"
+      ],
+      "_jinja2_env_vars": {
+        "lstrip_blocks": true,
+        "trim_blocks": true
+      },
+      "_template": "https://github.com/Azure-Samples/Azure-Python-Standardization-Template-Generator"
+    }
+  },
+  "directory": null
+}

.devcontainer/Dockerfile_dev

@@ -0,0 +1,11 @@
+FROM mcr.microsoft.com/devcontainers/python:3.12-bullseye
+
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends postgresql-client \
+    && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+
+
+COPY requirements-dev.txt requirements-dev.txt
+COPY src/requirements.txt src/requirements.txt
+RUN python -m pip install --upgrade pip
+RUN python -m pip install -r requirements-dev.txt

.devcontainer/devcontainer.json

@@ -0,0 +1,53 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-docker-compose
+{
+    "name": "azure-fastapi-postgres-flexible-appservice",
+
+    // Update the 'dockerComposeFile' list if you have more compose files or use different names.
+    // The .devcontainer/docker-compose.yml file contains any overrides you need/want to make.
+    "dockerComposeFile": "docker-compose_dev.yml",
+    // The 'service' property is the name of the service for the container that VS Code should
+    // use. Update this value and .devcontainer/docker-compose.yml to the real service name.
+    "service": "app",
+    "shutdownAction": "stopCompose",
+    "workspaceFolder": "/workspace",
+    "forwardPorts": [8000, 5432],
+    "portsAttributes": {
+        "8000": {"label": "frontend web port", "onAutoForward": "notify"},
+        "5432": {"label": "PostgreSQL Port", "onAutoForward": "silent"}
+    },
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "ms-azuretools.vscode-bicep",
+                "charliermarsh.ruff",
+                "ms-python.python",
+                "bierner.github-markdown-preview"
+            ],
+            "settings": {
+                "python.defaultInterpreterPath": "/usr/local/bin/python",
+                "python.testing.pytestEnabled": true,
+                "python.testing.unittestEnabled": false,
+                "files.exclude": {
+                    ".coverage": true,
+                    ".pytest_cache": true,
+                    "__pycache__": true,
+                    ".ruff_cache": true
+                },
+                "[python]": {
+                    "editor.formatOnSave": true,
+                    "editor.defaultFormatter": "charliermarsh.ruff",
+                    "editor.codeActionsOnSave": {
+                        "source.organizeImports": true,
+                        "source.fixAll": true
+                    }
+                }
+            }
+        }
+    },
+    "features": {
+        "ghcr.io/azure/azure-dev/azd:latest": {}
+    },
+    "postCreateCommand": "playwright install chromium --with-deps && pip install -e src &&  python3 src/fastapi_app/seed_data.py"
+}
+

.devcontainer/docker-compose_dev.yml

@@ -0,0 +1,42 @@
+version: '3'
+services:
+  db:
+    image: postgres:14
+
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: relecloud
+      POSTGRES_PASSWORD: postgres
+
+    restart: unless-stopped
+
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres -d relecloud"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  app:
+    build:
+      context: ..
+      dockerfile: ./.devcontainer/Dockerfile_dev
+    depends_on:
+      db:
+        condition: service_healthy
+    network_mode: service:db
+    environment:
+      POSTGRES_USERNAME: postgres
+      POSTGRES_DATABASE: relecloud
+      POSTGRES_HOST: db
+      POSTGRES_PASSWORD: postgres
+
+    command: sleep infinity
+
+    volumes:
+      - ..:/workspace:cached
+
+volumes:
+  postgres-data:

.gitattributes

@@ -0,0 +1,3 @@
+* text=auto eol=lf
+*.{cmd,[cC][mM][dD]} text eol=crlf
+*.{bat,[bB][aA][tT]} text eol=crlf

.github/workflows/audit-bicep.yml

@@ -0,0 +1,45 @@
+name: Validate AZD template
+on:
+  push:
+    branches: 
+      - main
+      - cruft/update
+    paths:
+      - "infra/**"
+  pull_request:
+    branches: 
+      - main
+      - cruft/update
+    paths:
+      - "infra/**"
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run PSRule analysis
+        uses: microsoft/ps-rule@v2.9.0
+        with:
+          modules: PSRule.Rules.Azure
+          baseline: Azure.Pillar.Security
+          inputPath: infra/*.test.bicep
+          outputFormat: Sarif
+          outputPath: reports/ps-rule-results.sarif
+          summary: true
+        continue-on-error: true
+          
+        env:
+          PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION: 'true'
+          PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION_TIMEOUT: '30'
+
+      - name: Upload alerts to Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        if: github.repository_owner == 'Azure-Samples'
+        with:
+          sarif_file: reports/ps-rule-results.sarif

.github/workflows/azure-dev.yml

@@ -0,0 +1,107 @@
+name: Deploy to Azure with azd
+
+on:
+    workflow_dispatch:
+    push:
+      branches:
+        - main
+        - cruft/update
+
+# GitHub Actions workflow to deploy to Azure using azd
+# To configure required secrets for connecting to Azure, simply run `azd pipeline config`
+
+# Set up permissions for deploying with secretless Azure federated credentials
+# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
+permissions:
+    id-token: write
+    contents: read
+
+jobs:
+    build:
+      runs-on: ubuntu-latest
+      outputs:
+        uri: ${{ steps.output.outputs.uri }}
+      env:
+        AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+        AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+        AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+        AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Install azd
+          uses: Azure/setup-azd@v1.0.0
+
+        - name: Log in with Azure (Federated Credentials)
+          if: ${{ env.AZURE_CLIENT_ID != '' }}
+          run: |
+            azd auth login `
+              --client-id "$Env:AZURE_CLIENT_ID" `
+              --federated-credential-provider "github" `
+              --tenant-id "$Env:AZURE_TENANT_ID"
+          shell: pwsh
+
+        - name: Log in with Azure (Client Credentials)
+          if: ${{ env.AZURE_CREDENTIALS != '' }}
+          run: |
+            $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
+            Write-Host "::add-mask::$($info.clientSecret)"
+
+            azd auth login `
+              --client-id "$($info.clientId)" `
+              --client-secret "$($info.clientSecret)" `
+              --tenant-id "$($info.tenantId)"
+          shell: pwsh
+          env:
+            AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+
+        - name: Provision Infrastructure
+          run: azd provision --no-prompt
+          env:
+            AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+            AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+            AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+        - name: Deploy Application
+          run: azd deploy --no-prompt
+          env:
+            AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+            AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+            AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+        - name: Output Deployment URI
+          id: output
+          run: |
+            azd env get-values > .env
+            source .env
+            echo "uri=$BACKEND_URI" >> "$GITHUB_OUTPUT"
+
+    smoketests:
+      runs-on: ubuntu-latest
+      needs: build
+      steps:
+
+        - name: Basic smoke test (curl)
+          env:
+            URI: ${{needs.build.outputs.uri}}
+          run: |
+            echo "Sleeping 1 minute due to https://github.com/Azure/azure-dev/issues/2669"
+            sleep 60
+            curl -sSf $URI
+        - name: Checkout
+          uses: actions/checkout@v3
+
+        - name: Setup python
+          uses: actions/setup-python@v4
+          with:
+            python-version: 3.12
+
+        - name: End-to-end smoke tests (playwright)
+          env:
+            URI: ${{needs.build.outputs.uri}}
+          run: |
+            python3 -m pip install --upgrade pip
+            python3 -m pip install -r requirements-dev.txt
+            python3 -m playwright install chromium --with-deps
+            python3 -m pytest --exitfirst src/tests/smoke/smoketests.py --live-server-url $URI

.github/workflows/cruft.yml

@@ -0,0 +1,68 @@
+name: Update repository with Cruft
+permissions:
+  contents: write
+  pull-requests: write
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 2 * * 1" # Every Monday at 2am
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - add-paths: .
+            body: Use this to merge the changes to this repository.
+            branch: cruft/update
+            commit-message: "chore: accept new Cruft update"
+            title: New updates detected with Cruft
+          - add-paths: .cruft.json
+            body: Use this to reject the changes in this repository.
+            branch: cruft/reject${{ github.run_id }}
+            commit-message: "chore: reject new Cruft update"
+            title: Reject new updates detected with Cruft
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.12"
+
+      - name: Install Cruft
+        run: pip3 install -r requirements-dev.txt
+
+      - name: Check if update is available
+        continue-on-error: false
+        id: check
+        run: |
+          CHANGES=0
+          if [ -f .cruft.json ]; then
+            if ! cruft check; then
+              CHANGES=1
+            fi
+          else
+            echo "No .cruft.json file"
+          fi
+
+          echo "has_changes=$CHANGES" >> "$GITHUB_OUTPUT"
+
+      - name: Run update if available
+        if: steps.check.outputs.has_changes == '1'
+        run: |
+          git config --global user.email "you@example.com"
+          git config --global user.name "GitHub"
+
+          cruft update --skip-apply-ask --refresh-private-variables
+          git restore --staged .
+
+      - name: Create pull request
+        if: steps.check.outputs.has_changes == '1'
+        run: |
+          echo "::set-output name=branch::${{ matrix.branch }}"
+          echo "::set-output name=commit-message::${{ matrix.commit-message }}"
+          git checkout -b "${{ matrix.branch }}"
+          git add ${{ matrix.add-paths }}
+          git commit -m "${{ matrix.commit-message }}"
+          git push origin "${{ matrix.branch }}"