Feature/bicep (#4)

Author: justinyoo

.devcontainer/devcontainer.json

@@ -9,7 +9,7 @@
       "version": "9.0"
     },
     "ghcr.io/devcontainers/features/azure-cli:latest": {
-      "extensions": "account,containerapp,deploy-to-azure,functionapp,staticwebapp,subscription,webapp"
+      "extensions": "account,authV2,containerapp,deploy-to-azure,functionapp,staticwebapp,subscription,webapp"
     },
     "ghcr.io/devcontainers/features/github-cli:latest": {},
     "ghcr.io/devcontainers/features/docker-in-docker": {},

Dockerfile.containerapp

@@ -7,7 +7,9 @@ COPY ./src/EasyAuth.Components /source/EasyAuth.Components
 
 WORKDIR /source/EasyAuth.ContainerApp
 
-RUN dotnet publish -c Release -o /app
+ARG TARGETARCH=amd64
+
+RUN dotnet publish -a ${TARGETARCH/amd64/x64} -c Release -o /app
 
 FROM mcr.microsoft.com/dotnet/aspnet:9.0-alpine AS final
 

README.md

@@ -1,2 +1,97 @@
-# azure-easyauth-sample
-This provides a sample code for the EasyAuth feature on Azure App Service, Azure Static Web App and Azure Container Apps
+# Azure EasyAuth Sample
+
+This provides sample [Blazor](https://learn.microsoft.com/aspnet/core/blazor/) apps for the EasyAuth feature on Azure App Service, Azure Container Apps and Azure Static Web App.
+
+## Prerequisites
+
+- [.NET 9+ SDK](https://dotnet.microsoft.com/download/dotnet/9.0)
+- [Visual Studio 2022](https://visualstudio.microsoft.com/vs/) or [Visual Studio Code](https://code.visualstudio.com/) with [C# Dev Kit](https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.csdevkit)
+- [GitHub CLI](https://github.com/cli/cli#installation)
+- [Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli)
+- [Azure Developer CLI](https://learn.microsoft.com/azure/developer/azure-developer-cli/install-azd)
+- [SWA CLI](https://learn.microsoft.com/azure/static-web-apps/static-web-apps-cli-install)
+
+## Getting Started
+
+1. Clone this repository.
+
+    ```bash
+    gh repo fork devkimchi/azure-easyauth-sample --clone
+    ```
+
+1. Change the directory to the repository.
+
+    ```bash
+    cd azure-easyauth-sample
+    ```
+
+1. Build the sample apps.
+
+    ```bash
+    dotnet restore && dotnet build
+    ```
+
+1. Create artifacts for each app
+
+    ```bash
+    dotnet publish -c Release
+    ```
+
+1. Login to Azure.
+
+    ```bash
+    # Login to Azure with Azure Developer CLI
+    azd auth login
+    
+    # Login to Azure with Azure CLI
+    az login
+    ```
+
+1. Run the following command to provision and deploy the Azure resources.
+
+    ```bash
+    azd up
+    ```
+
+   It will ask you to provide the following parameters:
+
+   - New environment name
+   - Azure subscription to use
+   - Azure location to provision resources
+   - `sttappLocation` to provision Azure Static Web App
+
+   It provisions Azure Container Apps, Azure App Service, and Azure Static Web App instances and deploys the sample apps to each of them.
+
+1. Get each app's URL.
+
+    ```bash
+    # Web App URL
+    azd env get-value AZURE_RESOURCE_EASYAUTH_WEBAPP_URL
+
+    # Container App URL
+    azd env get-value AZURE_RESOURCE_EASYAUTH_CONTAINERAPP_URL
+
+    # Static Web App URL
+    azd env get-value AZURE_RESOURCE_EASYAUTH_STATICAPP_URL
+    ```
+
+1. With the URLs above, navigate each app with your browser. You'll be redirected to login your apps with Entra ID first. Once you logged in, you'll see the logged-in user's information.
+
+## Known Limitations of Azure EasyAuth
+
+Azure EasyAuth is supposed to protect your entire app, not for specific pages. Therefore, if you want to protect certain pages of your app, you have to implement the authentication/authorisation logic by yourself.
+
+## Clean Up
+
+If you want to clean up the resources provisioned by the `azd up` command, run the following command:
+
+```bash
+azd down --force --purge
+```
+
+## Additional Resources
+
+- [Azure EasyAuth](https://learn.microsoft.com/azure/app-service/scenario-secure-app-authentication-app-service?tabs=workforce-configuration)
+- [Azure App Service](https://learn.microsoft.com/azure/app-service/overview)
+- [Azure Container Apps](https://learn.microsoft.com/azure/container-apps/overview)
+- [Azure Static Web Apps](https://learn.microsoft.com/azure/static-web-apps/overview)

azure.yaml

@@ -1,8 +1,10 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
 
 name: azure-easyauth-sample
+
 metadata:
   template: azd-init@1.11.0
+
 services:
   easyauth-containerapp:
     project: src/EasyAuth.ContainerApp
@@ -20,3 +22,49 @@ services:
     project: src/EasyAuth.WebApp
     host: appservice
     language: dotnet
+
+hooks:
+  preup:
+    posix:
+      shell: sh
+      continueOnError: false
+      interactive: true
+      run: infra/hooks/preup.sh
+    windows:
+      shell: pwsh
+      continueOnError: false
+      interactive: true
+      run: infra/hooks/preup.ps1
+  preprovision:
+    posix:
+      shell: sh
+      continueOnError: false
+      interactive: true
+      run: infra/hooks/preprovision.sh
+    windows:
+      shell: pwsh
+      continueOnError: false
+      interactive: true
+      run: infra/hooks/preprovision.ps1
+  postprovision:
+    posix:
+      shell: sh
+      continueOnError: false
+      interactive: true
+      run: infra/hooks/postprovision.sh
+    windows:
+      shell: pwsh
+      continueOnError: false
+      interactive: true
+      run: infra/hooks/postprovision.ps1
+  postdeploy:
+    posix:
+      shell: sh
+      continueOnError: false
+      interactive: true
+      run: infra/hooks/postdeploy.sh
+    windows:
+      shell: pwsh
+      continueOnError: false
+      interactive: true
+      run: infra/hooks/postdeploy.ps1

infra/hooks/deploy_swa.ps1

@@ -0,0 +1,46 @@
+# Runs the deploy_swa script
+# It does the following:
+# 1. Loads the azd environment variables
+# 2. Logs in to the Azure CLI if not running in a GitHub Action
+# 3. Build SWA app
+# 4. Deploy SWA app
+
+# $REPOSITORY_ROOT = git rev-parse --show-toplevel
+$REPOSITORY_ROOT = "$(Split-Path $MyInvocation.MyCommand.Path)/../.."
+
+# Load the azd environment variables
+& "$REPOSITORY_ROOT/infra/hooks/load_azd_env.ps1" -ShowMessage
+
+if ([string]::IsNullOrEmpty($env:GITHUB_WORKSPACE)) {
+    # The GITHUB_WORKSPACE is not set, meaning this is not running in a GitHub Action
+    & "$REPOSITORY_ROOT/infra/hooks/login.ps1"
+}
+
+$AZURE_ENV_NAME = $env:AZURE_ENV_NAME
+
+# Run only if GITHUB_WORKSPACE is NOT set - this is NOT running in a GitHub Action workflow
+if ([string]::IsNullOrEmpty($env:GITHUB_WORKSPACE)) {
+    Write-Host "Deploying to Azure Static Web Apps..."
+
+    $RESOURCE_GROUP = "rg-$env:AZURE_ENV_NAME"
+    $STATICAPP_NAME = $env:AZURE_RESOURCE_EASYAUTH_STATICAPP_NAME
+
+    # Build SWA app
+    swa build
+
+    # Get deployment token
+    $deploymentToken = az staticwebapp secrets list `
+    --resource-group $RESOURCE_GROUP `
+    --name $STATICAPP_NAME `
+    --query "properties.apiKey" -o tsv
+
+    # Deploy SWA app
+    swa deploy `
+        --api-location src/EasyAuth.FunctionApp/bin/Release/net9.0 `
+        --env Production `
+        -d $deploymentToken  
+
+    Write-Host "...Done"
+} else {
+    Write-Host "Skipping to deploy the application Azure Static Web Apps..."
+}

infra/hooks/load_azd_env.ps1

@@ -0,0 +1,21 @@
+# Loads the azd .env file into the current environment
+# It does the following:
+# 1. Loads the azd .env file from the current environment
+
+Param(
+    [switch]
+    [Parameter(Mandatory=$false)]
+    $ShowMessage
+)
+
+if ($ShowMessage) {
+    Write-Host "Loading azd .env file from current environment" -ForegroundColor Cyan
+}
+
+foreach ($line in (& azd env get-values)) {
+    if ($line -match "([^=]+)=(.*)") {
+        $key = $matches[1]
+        $value = $matches[2] -replace '^"|"$'
+        [Environment]::SetEnvironmentVariable($key, $value)
+    }
+}

infra/hooks/load_azd_env.sh

@@ -0,0 +1,21 @@
+# Loads the azd .env file into the current environment
+# It does the following:
+# 1. Loads the azd .env file from the current environment
+
+Param(
+    [switch]
+    [Parameter(Mandatory=$false)]
+    $ShowMessage
+)
+
+if ($ShowMessage) {
+    Write-Host "Loading azd .env file from current environment" -ForegroundColor Cyan
+}
+
+foreach ($line in (& azd env get-values)) {
+    if ($line -match "([^=]+)=(.*)") {
+        $key = $matches[1]
+        $value = $matches[2] -replace '^"|"$'
+        [Environment]::SetEnvironmentVariable($key, $value)
+    }
+}

infra/hooks/login.ps1

@@ -0,0 +1,68 @@
+# Logs in to Azure through AZD and AZ CLI
+# It does the following:
+# 1. Checks if the user is logged in to Azure
+# 2. Logs in to Azure Developer CLI if the user is not logged in
+# 3. Logs in to Azure CLI if the user is not logged in
+# 4. Sets the active subscription if the user is logged in
+# 5. Prompts the user to select a subscription if the subscription is not set
+# 6. Sets the active subscription to the selected subscription
+# 7. Exits if the subscription is not found
+
+# $REPOSITORY_ROOT = git rev-parse --show-toplevel
+$REPOSITORY_ROOT = "$(Split-Path $MyInvocation.MyCommand.Path)/../.."
+
+# Load the azd environment variables
+& "$REPOSITORY_ROOT/infra/hooks/load_azd_env.ps1"
+
+# AZD LOGIN
+# Check if the user is logged in to Azure
+$login_status = azd auth login --check-status
+
+# Check if the user is not logged in
+if ($login_status -like "*Not logged in*") {
+    Write-Host "Not logged in, initiating login process..."
+    # Command to log in to Azure
+    azd auth login
+}
+
+# AZ LOGIN
+$EXPIRED_TOKEN = az ad signed-in-user show --query 'id' -o tsv 2>$null
+
+if ([string]::IsNullOrEmpty($EXPIRED_TOKEN)) {
+    az login --scope https://graph.microsoft.com/.default -o none
+}
+
+if ([string]::IsNullOrEmpty($env:AZURE_SUBSCRIPTION_ID)) {
+    $ACCOUNT = az account show --query '[id,name]'
+    Write-Host "You can set the 'AZURE_SUBSCRIPTION_ID' environment variable with 'azd env set AZURE_SUBSCRIPTION_ID'."
+    Write-Host $ACCOUNT
+
+    $response = Read-Host "Do you want to use the above subscription? (Y/n) "
+    $response = if ([string]::IsNullOrEmpty($response)) { "Y" } else { $response }
+    switch ($response) {
+        { $_ -match "^[yY](es)?$" } {
+            # Do nothing
+            break
+        }
+        default {
+            Write-Host "Listing available subscriptions..."
+            $SUBSCRIPTIONS = az account list --query 'sort_by([], &name)' --output json
+            Write-Host "Available subscriptions:"
+            Write-Host ($SUBSCRIPTIONS | ConvertFrom-Json | ForEach-Object { "{0} {1}" -f $_.name, $_.id } | Format-Table)
+            $subscription_input = Read-Host "Enter the name or ID of the subscription you want to use: "
+            $AZURE_SUBSCRIPTION_ID = ($SUBSCRIPTIONS | ConvertFrom-Json | Where-Object { $_.name -eq $subscription_input -or $_.id -eq $subscription_input } | Select-Object -exp id)
+            if (-not [string]::IsNullOrEmpty($AZURE_SUBSCRIPTION_ID)) {
+                Write-Host "Setting active subscription to: $AZURE_SUBSCRIPTION_ID"
+                az account set -s $AZURE_SUBSCRIPTION_ID
+            }
+            else {
+                Write-Host "Subscription not found. Please enter a valid subscription name or ID."
+                exit 1
+            }
+            break
+        }
+    }
+}
+else {
+    az account set -s $env:AZURE_SUBSCRIPTION_ID
+}