- 
                Notifications
    You must be signed in to change notification settings 
- Fork 158
fix: Dev to main merge #712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
docs: post deployment script changes
fix: Fix process_sample_data.sh
fix: Updated the networking module
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This pull request refactors the Azure infrastructure deployment, transitioning from a monolithic network module to a more modular approach with direct VNet integration. The primary focus is restructuring networking components (VNet, Bastion, and Jumpbox) from nested modules into direct deployments in main.bicep, improving maintainability and clarity. Additionally, the PR enhances the deployment workflow by enabling dynamic parameter fetching from deployment outputs and adds comprehensive post-deployment documentation.
Key changes include:
- Refactored networking infrastructure from nested networkmodule to standalonevirtualNetworkmodule with separate Bastion Host and Jumpbox VM modules
- Updated process_sample_data.shscript to dynamically fetch deployment parameters from Azure deployment outputs instead of relying on command-line arguments or azd environment variables
- Added comprehensive post-deployment guide documentation
Reviewed Changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description | 
|---|---|
| infra/main.bicep | Replaced networkmodule withvirtualNetworkmodule and separate Bastion/Jumpbox components; updated all resource references to use new output paths; addedDeploymentNametag and changed output from client ID to subscription ID | 
| infra/modules/virtualNetwork.bicep | New module consolidating VNet and NSG creation with inline subnet definitions, including support for web, private endpoints, Bastion, and jumpbox subnets | 
| infra/modules/network/virtualNetwork.bicep | Removed (consolidated into parent-level module) | 
| infra/modules/network/network-resources.bicep | Removed (functionality moved to main.bicep) | 
| infra/modules/network/jumpbox.bicep | Removed (functionality moved to main.bicep) | 
| infra/modules/network/bastionHost.bicep | Removed (functionality moved to main.bicep) | 
| infra/modules/network.bicep | Removed (replaced by direct virtualNetwork module usage) | 
| infra/scripts/process_sample_data.sh | Updated to fetch parameters from deployment outputs via Azure CLI instead of command-line arguments; added authentication check and fallback to manual input | 
| infra/scripts/checkquota.sh | Added flag to track insufficient quota when model information is missing | 
| azure.yaml | Updated post-deployment script instructions to pass resource group as argument | 
| .github/workflows/azure-dev.yml | Removed automatic push trigger for main branch; added telemetry collection variable support | 
| docs/AVMPostDeploymentGuide.md | New comprehensive guide for post-deployment steps including data import and authentication setup | 
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| cosmosDbAccountName=$(azd env get-value COSMOSDB_ACCOUNT_NAME) | ||
| fi | ||
| deploymentName=$(az group show --name "$resourceGroupName" --query "tags.DeploymentName" -o tsv) | ||
| echo "Deployment Name (from tag): $deploymentName" | 
    
      
    
      Copilot
AI
    
    
    
      Oct 20, 2025 
    
  
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the DeploymentName tag doesn't exist, this command will output an empty string without any error indication. Consider adding error handling to notify users when the tag is missing.
| echo "Deployment Name (from tag): $deploymentName" | |
| echo "Deployment Name (from tag): $deploymentName" | |
| if [ -z "$deploymentName" ]; then | |
| echo "ERROR: 'DeploymentName' tag not found in resource group '$resourceGroupName'." >&2 | |
| exit 1 | |
| fi | 
| for (subnet, i) in subnets: { | ||
| name: subnet.name | ||
| addressPrefixes: subnet.?addressPrefixes | ||
| networkSecurityGroupResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[i]!.outputs.resourceId : null | 
    
      
    
      Copilot
AI
    
    
    
      Oct 20, 2025 
    
  
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Potential index mismatch: Using nsgs[i] assumes NSGs are created for all subnets in order, but nsgs module uses a filtered loop (if (!empty(subnet.?networkSecurityGroup))). This creates a sparse array where indices won't align with the subnet array. If subnet at index 2 has no NSG, accessing nsgs[2] will incorrectly reference nsgs[1]'s actual module.
| // combined output array that holds subnet details along with NSG information | ||
| output subnets subnetOutputType[] = [ | ||
| for (subnet, i) in subnets: { | ||
| name: subnet.name | ||
| resourceId: virtualNetwork.outputs.subnetResourceIds[i] | ||
| nsgName: !empty(subnet.?networkSecurityGroup) ? subnet.?networkSecurityGroup.name : null | ||
| nsgResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[i]!.outputs.resourceId : null | 
    
      
    
      Copilot
AI
    
    
    
      Oct 20, 2025 
    
  
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Potential index mismatch: Using nsgs[i] assumes NSGs are created for all subnets in order, but nsgs module uses a filtered loop (if (!empty(subnet.?networkSecurityGroup))). This creates a sparse array where indices won't align with the subnet array. If subnet at index 2 has no NSG, accessing nsgs[2] will incorrectly reference nsgs[1]'s actual module.
| // combined output array that holds subnet details along with NSG information | |
| output subnets subnetOutputType[] = [ | |
| for (subnet, i) in subnets: { | |
| name: subnet.name | |
| resourceId: virtualNetwork.outputs.subnetResourceIds[i] | |
| nsgName: !empty(subnet.?networkSecurityGroup) ? subnet.?networkSecurityGroup.name : null | |
| nsgResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[i]!.outputs.resourceId : null | |
| // Array of subnet names for which NSGs are created (order matches nsgs array) | |
| var nsgSubnetNames = [for (subnet in subnets): !empty(subnet.?networkSecurityGroup) ? subnet.name : null] |> filter(x => x != null) | |
| // combined output array that holds subnet details along with NSG information | |
| output subnets subnetOutputType[] = [ | |
| for (subnet, i) in subnets: { | |
| name: subnet.name | |
| resourceId: virtualNetwork.outputs.subnetResourceIds[i] | |
| nsgName: !empty(subnet.?networkSecurityGroup) ? subnet.?networkSecurityGroup.name : null | |
| nsgResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[indexOf(nsgSubnetNames, subnet.name)]!.outputs.resourceId : null | 
| vmAdminUsername: vmAdminUsername ?? 'JumpboxAdminUser' | ||
| vmAdminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!' | ||
| vmSize: vmSize ?? 'Standard_DS2_v2' // Default VM size | ||
| name: 'vnet-${solutionSuffix}' | 
    
      
    
      Copilot
AI
    
    
    
      Oct 20, 2025 
    
  
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The indentation is inconsistent. This line should align with other parameters at the same level (location, tags, etc.).
| name: 'vnet-${solutionSuffix}' | |
| name: 'vnet-${solutionSuffix}' | 
| 🎉 This PR is included in version 1.9.4 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 | 
Purpose
This pull request introduces significant improvements to the Azure deployment infrastructure, focusing on enhanced private networking, resource management, and documentation. The main changes include a refactor of networking modules in
infra/main.bicepto use a dedicatedvirtualNetworkmodule, updates to resource references for private endpoints, and the addition of a comprehensive post-deployment guide. There are also minor workflow and script updates for better usability and telemetry support.Infrastructure and Networking Refactor:
networkmodule with a newvirtualNetworkmodule ininfra/main.bicep, adding explicit modules for Bastion Host and Jumpbox VM to improve clarity and modularity of private networking resources. All dependent resources now reference outputs fromvirtualNetworkinstead ofnetwork.virtualNetwork!.outputs.pepsSubnetResourceIdinstead of the oldnetworkoutputs, ensuring correct resource linkage. [1] [2] [3] [4] [5] [6] [7]virtualNetwork!.outputs.webSubnetResourceIdfor private networking alignment.virtualNetworkoutputs for improved DNS integration.Documentation and Usability:
docs/AVMPostDeploymentGuide.mdproviding step-by-step instructions for post-deployment tasks, including sample data import, authentication setup, and resource cleanup.Workflow and Script Improvements:
.github/workflows/azure-dev.ymlto remove automatic triggering on pushes tomainand added support for theAZURE_DEV_COLLECT_TELEMETRYvariable for enhanced telemetry collection. [1] [2]azure.yamlto pass the resource group as an argument, improving user guidance. [1] [2]Resource Tagging and Outputs:
DeploymentNameto resource group tags for improved tracking, and replaced the output of managed identity client ID with Azure Subscription ID for broader resource context. [1] [2]Does this introduce a breaking change?
Golden Path Validation
Deployment Validation
What to Check
Verify that the following are valid
Other Information