update bicep and azd template to build and deploy container app and app service from local while deploying

Author: Harsh-Microsoft

azure.yaml

@@ -3,4 +3,26 @@ name: multi-agent-custom-automation-engine-solution-accelerator
 metadata:
   template: multi-agent-custom-automation-engine-solution-accelerator@1.0
 requiredVersions:
-  azd: ">=1.15.0 !=1.17.1"
+  azd: ">=1.15.0 !=1.17.1"
+
+services:
+  backend:
+    project: ./src/backend
+    language: py
+    host: containerapp
+    docker:
+      image: backend
+      remoteBuild: true
+
+  frontend:
+    project: ./src/frontend
+    language: py
+    host: appservice
+    dist: ./dist
+    hooks:
+      prepackage:
+        windows:
+          shell: pwsh
+          run: ../../infra/scripts/package_frontend.ps1
+          interactive: true
+          continueOnError: false

infra/main.bicep

@@ -195,12 +195,12 @@ param containerAppConfiguration containerAppConfigurationType = {
   enabled: true
   name: 'ca-${solutionPrefix}'
   location: solutionLocation
-  tags: tags
+  tags: union(tags, { 'azd-service-name': 'backend' })
   environmentResourceId: null //Default value set on module configuration
   concurrentRequests: '100'
   containerCpu: '2.0'
   containerMemory: '4.0Gi'
-  containerImageRegistryDomain: 'biabcontainerreg.azurecr.io'
+  containerImageRegistryDomain: ''
   containerImageName: 'macaebackend'
   containerImageTag: imageTag
   containerName: 'backend'
@@ -228,7 +228,7 @@ param webSiteConfiguration webSiteConfigurationType = {
   containerImageName: 'macaefrontend'
   containerImageTag: imageTag
   containerName: 'backend'
-  tags: tags
+  tags: union(tags, { 'azd-service-name': 'frontend' })
   environmentResourceId: null //Default value set on module configuration
 }
 
@@ -901,6 +901,33 @@ module cosmosDb 'br/public:avm/res/document-db/database-account:0.12.0' = if (co
   }
 }
 
+// ========== Container Registry ========== //
+module containerRegistry 'br/public:avm/res/container-registry/registry:0.9.1' = {
+  name: 'registryDeployment'
+  params: {
+    name: 'cr${solutionPrefix}'
+    acrAdminUserEnabled: false
+    acrSku: 'Basic'
+    azureADAuthenticationAsArmPolicyStatus: 'enabled'
+    exportPolicyStatus: 'enabled'
+    location: solutionLocation
+    softDeletePolicyDays: 7
+    softDeletePolicyStatus: 'disabled'
+    tags: tags
+    networkRuleBypassOptions: 'AzureServices'
+    roleAssignments: [
+      {
+        roleDefinitionIdOrName: acrPullRole
+        principalType: 'ServicePrincipal'
+        principalId: userAssignedIdentity.outputs.principalId
+      }
+    ]
+  }
+}
+
+var acrPullRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')
+
+
 // ========== Backend Container App Environment ========== //
 // WAF best practices for container apps: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-container-apps
 var containerAppEnvironmentEnabled = containerAppEnvironmentConfiguration.?enabled ?? true
@@ -962,10 +989,16 @@ module containerApp 'br/public:avm/res/app/container-app:0.14.2' = if (container
         }
       ]
     }
+    registries: [
+      {
+        server: containerRegistry.outputs.loginServer
+        identity: userAssignedIdentity.outputs.resourceId
+      }
+    ]
     containers: [
       {
         name: containerAppConfiguration.?containerName ?? 'backend'
-        image: '${containerAppConfiguration.?containerImageRegistryDomain ?? 'biabcontainerreg.azurecr.io'}/${containerAppConfiguration.?containerImageName ?? 'macaebackend'}:${containerAppConfiguration.?containerImageTag ?? 'latest'}'
+        image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest'
         resources: {
           //TODO: Make cpu and memory parameterized
           cpu: containerAppConfiguration.?containerCpu ?? '2.0'
@@ -1069,22 +1102,26 @@ module webSite 'br/public:avm/res/web/site:0.15.1' = if (webSiteEnabled) {
     name: webSiteName
     tags: webSiteConfiguration.?tags ?? tags
     location: webSiteConfiguration.?location ?? solutionLocation
-    kind: 'app,linux,container'
+    kind: 'app,linux'
+    // kind: 'app,linux,container'
     enableTelemetry: enableTelemetry
     serverFarmResourceId: webSiteConfiguration.?environmentResourceId ?? webServerFarm.?outputs.resourceId
     appInsightResourceId: applicationInsights.outputs.resourceId
     diagnosticSettings: [{ workspaceResourceId: logAnalyticsWorkspaceId }]
     publicNetworkAccess: 'Enabled' //TODO: use Azure Front Door WAF or Application Gateway WAF instead
     siteConfig: {
-      linuxFxVersion: 'DOCKER|${webSiteConfiguration.?containerImageRegistryDomain ?? 'biabcontainerreg.azurecr.io'}/${webSiteConfiguration.?containerImageName ?? 'macaefrontend'}:${webSiteConfiguration.?containerImageTag ?? 'latest'}'
+      // linuxFxVersion: 'DOCKER|${webSiteConfiguration.?containerImageRegistryDomain ?? 'biabcontainerreg.azurecr.io'}/${webSiteConfiguration.?containerImageName ?? 'macaefrontend'}:${webSiteConfiguration.?containerImageTag ?? 'latest'}'
+      linuxFxVersion: 'python|3.11'
+      appCommandLine: 'python3 -m uvicorn frontend_server:app --host 0.0.0.0 --port 8000'
     }
     appSettingsKeyValuePairs: {
-      SCM_DO_BUILD_DURING_DEPLOYMENT: 'true'
-      DOCKER_REGISTRY_SERVER_URL: 'https://${webSiteConfiguration.?containerImageRegistryDomain ?? 'biabcontainerreg.azurecr.io'}'
-      WEBSITES_PORT: '3000'
-      WEBSITES_CONTAINER_START_TIME_LIMIT: '1800' // 30 minutes, adjust as needed
+      SCM_DO_BUILD_DURING_DEPLOYMENT: 'True'
+      // DOCKER_REGISTRY_SERVER_URL: 'https://${webSiteConfiguration.?containerImageRegistryDomain ?? 'biabcontainerreg.azurecr.io'}'
+      WEBSITES_PORT: '8000'
+      // WEBSITES_CONTAINER_START_TIME_LIMIT: '1800' // 30 minutes, adjust as needed
       BACKEND_API_URL: 'https://${containerApp.outputs.fqdn}'
       AUTH_ENABLED: 'false'
+      ENABLE_ORYX_BUILD: 'True'
     }
   }
 }
@@ -1098,6 +1135,21 @@ module webSite 'br/public:avm/res/web/site:0.15.1' = if (webSiteEnabled) {
 @description('The default url of the website to connect to the Multi-Agent Custom Automation Engine solution.')
 output webSiteDefaultHostname string = webSite.outputs.defaultHostname
 
+output AZURE_CONTAINER_REGISTRY_ENDPOINT string = containerRegistry.outputs.loginServer
+
+// @description('The name of the resource.')
+// output name string = <Resource>.name
+
+// @description('The location the resource was deployed into.')
+// output location string = <Resource>.location
+
+// ================ //
+// Definitions      //
+// ================ //
+//
+// Add your User-defined-types here, if any
+//
+
 @export()
 @description('The type for the Multi-Agent Custom Automation Engine Log Analytics Workspace resource configuration.')
 type logAnalyticsWorkspaceConfigurationType = {

infra/scripts/package_frontend.ps1

@@ -0,0 +1,11 @@
+mkdir dist -Force
+rm dist/* -r -Force
+
+# Python
+cp requirements.txt dist -Force
+cp *.py dist -Force
+
+# Node
+npm install
+npm run build
+cp -r build dist -Force

infra/scripts/package_frontend.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -eou pipefail
+
+mkdir -p dist
+rm -rf dist/*
+
+#python
+cp -f requirements.txt dist
+cp -f *.py dist
+
+#node
+npm install
+npm run build
+cp -rf build dist

src/backend/Dockerfile

@@ -10,14 +10,11 @@ WORKDIR /app
 COPY uv.lock pyproject.toml /app/
 
 # Install the project's dependencies using the lockfile and settings
-RUN --mount=type=cache,target=/root/.cache/uv \
-    --mount=type=bind,source=uv.lock,target=uv.lock \
-    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
-    uv sync --frozen --no-install-project --no-dev
+RUN uv sync --frozen --no-install-project --no-dev
 
 # Backend app setup
 COPY . /app  
-RUN --mount=type=cache,target=/root/.cache/uv uv sync --frozen --no-dev
+RUN uv sync --frozen --no-dev
 
 FROM base
 

src/frontend/frontend_server.py

@@ -59,4 +59,4 @@ async def serve_app(full_path: str):
 
 
 if __name__ == "__main__":
-    uvicorn.run(app, host="127.0.0.1", port=3000)
+    uvicorn.run(app, host="127.0.0.1", port=8000)