Address feedback from Copilot

pamelafox · pamelafox · commit a426a3a25b64 · 2025-07-30T22:07:57.000-07:00
diff --git a/app/backend/prepdocs.py b/app/backend/prepdocs.py
@@ -337,7 +337,10 @@ async def main(strategy: Strategy, setup_index: bool = True):
 
     load_azd_env()
 
-    if os.getenv("AZURE_PUBLIC_NETWORK_ACCESS") == "Disabled" and os.getenv("AZURE_USE_VPN_GATEWAY") != "true":
+    if (
+        os.getenv("AZURE_PUBLIC_NETWORK_ACCESS") == "Disabled"
+        and os.getenv("AZURE_USE_VPN_GATEWAY", "").lower() != "true"
+    ):
         logger.error("AZURE_PUBLIC_NETWORK_ACCESS is set to Disabled. Exiting.")
         exit(0)
 
diff --git a/infra/core/host/container-apps-environment.bicep b/infra/core/host/container-apps-environment.bicep
@@ -6,10 +6,6 @@ param daprEnabled bool = false
 param logAnalyticsWorkspaceName string = ''
 param applicationInsightsName string = ''
 
-@description('Virtual network name for container apps environment.')
-param vnetName string = ''
-@description('Subnet name for container apps environment integration.')
-param subnetName string = ''
 param subnetResourceId string
 
 param usePrivateIngress bool = true
@@ -30,11 +26,9 @@ resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2025-02-02-
     daprAIInstrumentationKey: daprEnabled && !empty(applicationInsightsName) ? applicationInsights.properties.InstrumentationKey : ''
     publicNetworkAccess: usePrivateIngress ? 'Disabled' : 'Enabled'
     vnetConfiguration: usePrivateIngress ? {
-      // Use proper subnet resource ID format
       infrastructureSubnetId: subnetResourceId
-      internal: usePrivateIngress
+      internal: true
     } : null
-    // Configure workload profile for dedicated environment (not consumption)
     workloadProfiles: usePrivateIngress
     ? [
       {
diff --git a/infra/core/host/container-apps.bicep b/infra/core/host/container-apps.bicep
@@ -24,8 +24,6 @@ module containerAppsEnvironment 'container-apps-environment.bicep' = {
     tags: tags
     logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
     applicationInsightsName: applicationInsightsName
-    vnetName: vnetName
-    subnetName: subnetName
     usePrivateIngress: usePrivateIngress
     subnetResourceId: subnetResourceId
   }
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -300,7 +300,7 @@ param webAppExists bool
 @allowed(['appservice', 'containerapps'])
 param deploymentTarget string = 'appservice'
 param acaIdentityName string = deploymentTarget == 'containerapps' ? '${environmentName}-aca-identity' : ''
-param acaManagedEnvironmentName string = deploymentTarget == 'containerapps' ? '${environmentName}-aca-envnet' : ''
+param acaManagedEnvironmentName string = deploymentTarget == 'containerapps' ? '${environmentName}-aca-env' : ''
 param containerRegistryName string = deploymentTarget == 'containerapps'
   ? '${replace(toLower(environmentName), '-', '')}acr'
   : ''
@@ -542,7 +542,7 @@ module acaBackend 'core/host/container-app-upsert.bicep' = if (deploymentTarget
     acaIdentity
   ]
   params: {
-    name: !empty(backendServiceName) ? backendServiceName : '${abbrs.webSitesContainerApps}backend${resourceToken}'
+    name: !empty(backendServiceName) ? backendServiceName : '${abbrs.webSitesContainerApps}backend-${resourceToken}'
     location: location
     identityName: (deploymentTarget == 'containerapps') ? acaIdentityName : ''
     exists: webAppExists
@@ -552,7 +552,7 @@ module acaBackend 'core/host/container-app-upsert.bicep' = if (deploymentTarget
     targetPort: 8000
     containerCpuCoreCount: '1.0'
     containerMemory: '2Gi'
-    containerMinReplicas: 1
+    containerMinReplicas: usePrivateEndpoint ? 1 : 0
     allowedOrigins: allowedOrigins
     env: union(appEnvVariables, {
       // For using managed identity to access Azure resources. See https://github.com/microsoft/azure-container-apps/issues/442
@@ -1155,17 +1155,15 @@ module cosmosDbRoleBackend 'core/security/documentdb-sql-role.bicep' = if (useAu
   }
 }
 
-
-
 module isolation 'network-isolation.bicep' = if (usePrivateEndpoint) {
   name: 'networks'
   scope: resourceGroup
   params: {
     location: location
     tags: tags
     vnetName: '${abbrs.virtualNetworks}${resourceToken}'
-    useVpnGateway: useVpnGateway
     deploymentTarget: deploymentTarget
+    useVpnGateway: useVpnGateway
     vpnGatewayName: useVpnGateway ? '${abbrs.networkVpnGateways}${resourceToken}' : ''
     dnsResolverName: useVpnGateway ? '${abbrs.privateDnsResolver}${resourceToken}' : ''
   }

Original file line number	Diff line number	Diff line change
`@@ -24,8 +24,6 @@ module containerAppsEnvironment 'container-apps-environment.bicep' = {`
`24`	`24`	`tags: tags`
`25`	`25`	`logAnalyticsWorkspaceName: logAnalyticsWorkspaceName`
`26`	`26`	`applicationInsightsName: applicationInsightsName`
`27`		`- vnetName: vnetName`
`28`		`- subnetName: subnetName`
`29`	`27`	`usePrivateIngress: usePrivateIngress`
`30`	`28`	`subnetResourceId: subnetResourceId`
`31`	`29`	`}`