updated bicep

Author: AjitPadhi-Microsoft

code/scripts/package_frontend.ps1

@@ -9,5 +9,5 @@ cp backend dist -r -Force
 
 # Node
 cd frontend
-npm ci
+npm install
 npm run build

code/scripts/package_frontend.sh

@@ -9,5 +9,5 @@ cp *.py dist
 cp -r backend dist
 
 cd frontend
-npm ci
+npm install
 npm run build

docker/Frontend.Dockerfile

@@ -3,9 +3,11 @@ RUN mkdir -p /home/node/app/node_modules && chown -R node:node /home/node/app
 WORKDIR /home/node/app
 COPY ./code/frontend/package*.json ./
 USER node
+# RUN npm install --force
 RUN npm ci
 COPY --chown=node:node ./code/frontend ./frontend
 WORKDIR /home/node/app/frontend
+RUN npm install --save-dev @types/node @types/jest
 RUN npm run build
 
 FROM python:3.11.7-bookworm

infra/main.bicep

@@ -989,7 +989,6 @@ module openai 'modules/core/ai/cognitiveservices.bicep' = {
         : []
     )
   }
-  // Implicit dependency on the specific DNS zone is established via the privateDnsZoneResourceId param reference
 }
 
 module computerVision 'modules/core/ai/cognitiveservices.bicep' = if (useAdvancedImageProcessing) {
@@ -1030,7 +1029,6 @@ module computerVision 'modules/core/ai/cognitiveservices.bicep' = if (useAdvance
         : []
     )
   }
-  // Implicit dependency on the specific DNS zone is established via the privateDnsZoneResourceId param reference
 }
 
 // The Web socket from front end application connects to Speech service over a public internet and it does not work over a Private endpoint.
@@ -1230,8 +1228,6 @@ module web 'modules/app/web.bicep' = {
       {
         AZURE_BLOB_ACCOUNT_NAME: storageAccountName
         AZURE_BLOB_CONTAINER_NAME: blobContainerName
-        // Endpoints constructed from resource names to avoid implicit dependencies on AI service modules,
-        // enabling parallel deployment of app services and AI services (customSubDomainName defaults to name)
         AZURE_FORM_RECOGNIZER_ENDPOINT: 'https://${formRecognizerName}.cognitiveservices.azure.com/'
         AZURE_COMPUTER_VISION_ENDPOINT: useAdvancedImageProcessing ? 'https://${computerVisionName}.cognitiveservices.azure.com/' : ''
         AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION: computerVisionVectorizeImageApiVersion
@@ -1335,7 +1331,6 @@ module adminweb 'modules/app/adminweb.bicep' = {
       {
         AZURE_BLOB_ACCOUNT_NAME: storageAccountName
         AZURE_BLOB_CONTAINER_NAME: blobContainerName
-        // Endpoints constructed from resource names to avoid implicit dependencies on AI service modules
         AZURE_FORM_RECOGNIZER_ENDPOINT: 'https://${formRecognizerName}.cognitiveservices.azure.com/'
         AZURE_COMPUTER_VISION_ENDPOINT: useAdvancedImageProcessing ? 'https://${computerVisionName}.cognitiveservices.azure.com/' : ''
         AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION: computerVisionVectorizeImageApiVersion
@@ -1443,7 +1438,6 @@ module function 'modules/app/function.bicep' = {
       {
         AZURE_BLOB_ACCOUNT_NAME: storageAccountName
         AZURE_BLOB_CONTAINER_NAME: blobContainerName
-        // Endpoints constructed from resource names to avoid implicit dependencies on AI service modules
         AZURE_FORM_RECOGNIZER_ENDPOINT: 'https://${formRecognizerName}.cognitiveservices.azure.com/'
         AZURE_COMPUTER_VISION_ENDPOINT: useAdvancedImageProcessing ? 'https://${computerVisionName}.cognitiveservices.azure.com/' : ''
         AZURE_COMPUTER_VISION_VECTORIZE_IMAGE_API_VERSION: computerVisionVectorizeImageApiVersion
@@ -1575,7 +1569,6 @@ module formrecognizer 'modules/core/ai/cognitiveservices.bicep' = {
         : []
     )
   }
-  // Implicit dependency on the specific DNS zone is established via the privateDnsZoneResourceId param reference
 }
 
 module contentsafety 'modules/core/ai/cognitiveservices.bicep' = {
@@ -1615,7 +1608,6 @@ module contentsafety 'modules/core/ai/cognitiveservices.bicep' = {
         : []
     )
   }
-  // Implicit dependency on the specific DNS zone is established via the privateDnsZoneResourceId param reference
 }
 
 // If advanced image processing is used, storage account already should be publicly accessible.

infra/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.41.2.15936",
-      "templateHash": "13064725685019502849"
+      "templateHash": "4688738135405051461"
     }
   },
   "parameters": {
@@ -54510,9 +54510,9 @@
         }
       },
       "dependsOn": [
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageFile)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageFile)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]",
         "managedIdentityModule",
         "virtualNetwork"
       ]

scripts/post_deployment_setup.ps1

@@ -43,22 +43,20 @@ $currentIdentityOid = $null
 $currentIdentityDisplay = $null
 $principalType = "User"
 
-# Try signed-in user first (single API call to get both id and userPrincipalName)
-$userInfo = az ad signed-in-user show 2>$null | ConvertFrom-Json
-if ($userInfo) {
+# Try signed-in user first
+$currentIdentityOid = az ad signed-in-user show --query "id" -o tsv 2>$null
+if ($currentIdentityOid) {
     $identityType = "user"
-    $currentIdentityOid = $userInfo.id
-    $currentIdentityDisplay = $userInfo.userPrincipalName
+    $currentIdentityDisplay = az ad signed-in-user show --query "userPrincipalName" -o tsv 2>$null
     $principalType = "User"
     Write-Host "✓ Detected identity type: User ($currentIdentityDisplay)"
 } else {
-    # Fallback to service principal (single API call per resource)
+    # Fallback to service principal
     $spAppId = az account show --query "user.name" -o tsv 2>$null
     if ($spAppId -and $spAppId -ne "null") {
-        $spInfo = az ad sp show --id $spAppId 2>$null | ConvertFrom-Json
-        if ($spInfo) {
-            $currentIdentityOid = $spInfo.id
-            $currentIdentityDisplay = $spInfo.displayName
+        $currentIdentityOid = az ad sp show --id $spAppId --query "id" -o tsv 2>$null
+        $currentIdentityDisplay = az ad sp show --id $spAppId --query "displayName" -o tsv 2>$null
+        if ($currentIdentityOid) {
             $identityType = "servicePrincipal"
             $principalType = "ServicePrincipal"
             Write-Host "✓ Detected identity type: Service Principal ($currentIdentityDisplay, OID: $currentIdentityOid)"
@@ -127,21 +125,21 @@ Write-Host ""
 Write-Host "--- Step 1: Set Function App Client Key ---"
 
 # Discover function app
-$functionAppName = az functionapp list --resource-group $ResourceGroupName --query "[0].name" -o tsv 2>$null
-if (-not $functionAppName) {
+$functionApps = az functionapp list --resource-group $ResourceGroupName --query "[].name" -o tsv 2>$null
+if (-not $functionApps) {
     Write-Warning "⚠ No function apps found in resource group '$ResourceGroupName'. Skipping function key setup."
 }
 else {
-    $functionAppName = $functionAppName.Trim()
+    $functionAppName = ($functionApps -split "`n")[0].Trim()
     Write-Host "✓ Discovered function app: $functionAppName"
 
     # Discover key vault
-    $keyVaultName = az keyvault list --resource-group $ResourceGroupName --query "[0].name" -o tsv 2>$null
-    if (-not $keyVaultName) {
+    $keyVaults = az keyvault list --resource-group $ResourceGroupName --query "[].name" -o tsv 2>$null
+    if (-not $keyVaults) {
         Write-Warning "⚠ No Key Vault found. Skipping function key setup."
     }
     else {
-        $keyVaultName = $keyVaultName.Trim()
+        $keyVaultName = ($keyVaults -split "`n")[0].Trim()
         Write-Host "✓ Discovered Key Vault: $keyVaultName"
 
         # Ensure the current identity has 'Key Vault Secrets User' role on the Key Vault
@@ -228,12 +226,12 @@ else {
 Write-Host ""
 Write-Host "--- Step 2: Create PostgreSQL Tables ---"
 
-$serverFqdn = az postgres flexible-server list --resource-group $ResourceGroupName --query "[0].fullyQualifiedDomainName" -o tsv 2>$null
-if (-not $serverFqdn) {
+$pgServers = az postgres flexible-server list --resource-group $ResourceGroupName --query "[].fullyQualifiedDomainName" -o tsv 2>$null
+if (-not $pgServers) {
     Write-Host "No PostgreSQL Flexible Server found in resource group. Skipping table creation."
 }
 else {
-    $serverFqdn = $serverFqdn.Trim()
+    $serverFqdn = ($pgServers -split "`n")[0].Trim()
     $serverName = $serverFqdn.Split('.')[0]
     Write-Host "✓ Discovered PostgreSQL server: $serverName ($serverFqdn)"
 

scripts/post_deployment_setup.sh

@@ -51,27 +51,23 @@ CURRENT_IDENTITY_OID=""
 CURRENT_IDENTITY_DISPLAY=""
 PRINCIPAL_TYPE="User"
 
-# Try signed-in user first (single API call to get full JSON, then parse both fields)
-USER_JSON=$(az ad signed-in-user show 2>/dev/null || true)
-if [ -n "$USER_JSON" ]; then
+# Try signed-in user first
+CURRENT_IDENTITY_OID=$(az ad signed-in-user show --query "id" -o tsv 2>/dev/null || true)
+if [ -n "$CURRENT_IDENTITY_OID" ]; then
     IDENTITY_TYPE="user"
-    CURRENT_IDENTITY_OID=$(echo "$USER_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])" 2>/dev/null || true)
-    CURRENT_IDENTITY_DISPLAY=$(echo "$USER_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin)['userPrincipalName'])" 2>/dev/null || true)
+    CURRENT_IDENTITY_DISPLAY=$(az ad signed-in-user show --query "userPrincipalName" -o tsv 2>/dev/null || true)
     PRINCIPAL_TYPE="User"
     echo "✓ Detected identity type: User (${CURRENT_IDENTITY_DISPLAY})"
 else
-    # Fallback to service principal (single API call per resource)
+    # Fallback to service principal — get the SP's app ID from the current account
     SP_APP_ID=$(az account show --query "user.name" -o tsv 2>/dev/null || true)
     if [ -n "$SP_APP_ID" ] && [ "$SP_APP_ID" != "null" ]; then
-        SP_JSON=$(az ad sp show --id "$SP_APP_ID" 2>/dev/null || true)
-        if [ -n "$SP_JSON" ]; then
-            CURRENT_IDENTITY_OID=$(echo "$SP_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])" 2>/dev/null || true)
-            CURRENT_IDENTITY_DISPLAY=$(echo "$SP_JSON" | python3 -c "import sys,json; print(json.load(sys.stdin)['displayName'])" 2>/dev/null || true)
-            if [ -n "$CURRENT_IDENTITY_OID" ]; then
-                IDENTITY_TYPE="servicePrincipal"
-                PRINCIPAL_TYPE="ServicePrincipal"
-                echo "✓ Detected identity type: Service Principal (${CURRENT_IDENTITY_DISPLAY}, OID: ${CURRENT_IDENTITY_OID})"
-            fi
+        CURRENT_IDENTITY_OID=$(az ad sp show --id "$SP_APP_ID" --query "id" -o tsv 2>/dev/null || true)
+        CURRENT_IDENTITY_DISPLAY=$(az ad sp show --id "$SP_APP_ID" --query "displayName" -o tsv 2>/dev/null || true)
+        if [ -n "$CURRENT_IDENTITY_OID" ]; then
+            IDENTITY_TYPE="servicePrincipal"
+            PRINCIPAL_TYPE="ServicePrincipal"
+            echo "✓ Detected identity type: Service Principal (${CURRENT_IDENTITY_DISPLAY}, OID: ${CURRENT_IDENTITY_OID})"
         fi
     fi
 fi