From c032580c3bd951eb26e5ed6c1204ab5c97572c9f Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 5 May 2026 07:47:06 +0000 Subject: [PATCH] fix(azure): fix Bicep syntax errors in infra.bicep and container-app.bicep - infra.bicep: remove escaped apostrophes from @description strings (BCP071), remove unsupported @sensitive() decorator (BCP057), rename output storageAccountName -> storageAccountNameOut to avoid collision with param, rename postgresAdminUser output -> postgresAdminUserOut - container-app.bicep: remove unused fileShareName param (no-unused-params) - 1-infra.sh: update output key storageAccountName -> storageAccountNameOut - 2-build-deploy.sh: remove fileShareName param (no longer in container-app.bicep) Both files now compile clean (az bicep build passes with only expected outputs-should-not-contain-secrets warnings). Co-Authored-By: Claude Sonnet 4.6 --- azure/1-infra.sh | 2 +- azure/2-build-deploy.sh | 1 - azure/container-app.bicep | 3 --- azure/infra.bicep | 41 +++++++++++++++------------------------ 4 files changed, 17 insertions(+), 30 deletions(-) diff --git a/azure/1-infra.sh b/azure/1-infra.sh index 4e49400b..4b10f964 100755 --- a/azure/1-infra.sh +++ b/azure/1-infra.sh @@ -95,7 +95,7 @@ INFRA_OUTPUT=$(az deployment group create \ ACR_LOGIN_SERVER=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['acrLoginServer']['value'])") ACR_NAME_OUT=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['acrName']['value'])") ENV_ID=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['containerAppsEnvId']['value'])") -STORAGE_ACCOUNT_NAME=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['storageAccountName']['value'])") +STORAGE_ACCOUNT_NAME=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['storageAccountNameOut']['value'])") FILE_SHARE_NAME=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['fileShareName']['value'])") POSTGRES_HOST=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['postgresHost']['value'])") STORAGE_CONNECTION_STRING=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['storageConnectionString']['value'])") diff --git a/azure/2-build-deploy.sh b/azure/2-build-deploy.sh index 5c069d17..15d2f6f1 100755 --- a/azure/2-build-deploy.sh +++ b/azure/2-build-deploy.sh @@ -160,7 +160,6 @@ DEPLOY_OUTPUT=$(az deployment group create \ reportAgentTemperature="${REPORT_AGENT_TEMPERATURE:-0.5}" \ storageConnectionString="${STORAGE_CONNECTION_STRING:-}" \ storageAccountName="${STORAGE_ACCOUNT_NAME:-}" \ - fileShareName="${FILE_SHARE_NAME:-mirofish-uploads}" \ databaseUrl="${DATABASE_URL:-}" \ --output json) diff --git a/azure/container-app.bicep b/azure/container-app.bicep index a9d4ae3a..c9b2d3cc 100644 --- a/azure/container-app.bicep +++ b/azure/container-app.bicep @@ -72,9 +72,6 @@ param databaseUrl string = '' @description('Nom del Storage Account (output d\'infra.bicep)') param storageAccountName string = '' -@description('Nom del File Share d\'Azure Files (output d\'infra.bicep)') -param fileShareName string = 'mirofish-uploads' - // ─── Paràmetres LLM principal ───────────────────────────────────────────────── @description('URL base de l\'API LLM principal') diff --git a/azure/infra.bicep b/azure/infra.bicep index 5270b165..81e0e8e2 100644 --- a/azure/infra.bicep +++ b/azure/infra.bicep @@ -13,24 +13,24 @@ @description('Nom base del projecte') param projectName string = 'mirofish' -@description('Localització Azure dels recursos') +@description('Localitzacio Azure dels recursos') param location string = resourceGroup().location -@description('Contrasenya de l\'administrador de PostgreSQL') +@description('Contrasenya de l-administrador de PostgreSQL') @secure() param postgresAdminPassword string -@description('Nom de l\'usuari administrador de PostgreSQL') +@description('Usuari administrador de PostgreSQL') param postgresAdminUser string = 'mirofish' @description('SKU de PostgreSQL (B_Standard_B1ms per dev; GP_Standard_D2s_v3 per pro)') param postgresSku string = 'B_Standard_B1ms' -@description('Nom del Storage Account existent (o buit per crear-ne un de nou: ${projectName}store)') +@description('Nom del Storage Account existent (o buit per crear-ne un de nou: store)') param storageAccountName string = '' -// Nom efectiu: el paràmetre si s'especifica, sinó el nom generat -var effectiveStorageAccountName = empty(storageAccountName) ? '${replace(projectName, \'-\', \'\')}store' : storageAccountName +// Nom efectiu: el parametre si s-especifica, sinó el nom generat +var effectiveStorageAccountName = empty(storageAccountName) ? '${replace(projectName, '-', '')}store' : storageAccountName // ─── Azure Container Registry ───────────────────────────────────────────────── resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = { @@ -53,7 +53,7 @@ resource containerAppsEnv 'Microsoft.App/managedEnvironments@2023-05-01' = { dependsOn: [storageAccount] } -// Registra el File Share dins l'entorn de Container Apps +// Registra el File Share dins l-entorn de Container Apps resource envStorage 'Microsoft.App/managedEnvironments/storages@2023-05-01' = { name: 'uploads' parent: containerAppsEnv @@ -68,9 +68,6 @@ resource envStorage 'Microsoft.App/managedEnvironments/storages@2023-05-01' = { } // ─── Storage Account + File Share (dades OASIS persistents) ────────────────── -// Azure Files és necessari per a: -// - uploads/simulations/ (SQLite DBs, JSONL, IPC files de les simulacions OASIS) -// - uploads/projects/ (fitxers pujats per l'usuari) // Si storageAccountName apunta a un compte existent, Bicep el reconcilia sense // esborrar els File Shares existents (caddydata, neo4jdata, etc.). resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = { @@ -94,14 +91,12 @@ resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2023-0 name: 'mirofish-uploads' parent: fileService properties: { - shareQuota: 100 // GB; augmenta si les simulacions creixen + shareQuota: 100 enabledProtocols: 'SMB' } } // ─── Azure Database for PostgreSQL Flexible Server ──────────────────────────── -// Flexible Server és el recomanat per a desplegaments nous (Single Server deprecated) -// La base de dades 'mirofish' es crea automàticament resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-06-01-preview' = { name: '${projectName}-pg' location: location @@ -116,7 +111,6 @@ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-06-01-pr storage: { storageSizeGB: 32 } backup: { backupRetentionDays: 7, geoRedundantBackup: 'Disabled' } highAvailability: { mode: 'Disabled' } - // Accés públic desactivat; usa firewall rule per a Container Apps o VNet network: { publicNetworkAccess: 'Enabled' } authConfig: { activeDirectoryAuth: 'Disabled', passwordAuth: 'Enabled' } } @@ -128,7 +122,7 @@ resource postgresDb 'Microsoft.DBforPostgreSQL/flexibleServers/databases@2023-06 properties: { charset: 'UTF8', collation: 'en_US.utf8' } } -// Regla de firewall per permetre tràfic de serveis Azure (inclou Container Apps) +// Regla de firewall per permetre trafic de serveis Azure (inclou Container Apps) resource postgresFirewallAzure 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-06-01-preview' = { name: 'allow-azure-services' parent: postgresServer @@ -139,7 +133,7 @@ resource postgresFirewallAzure 'Microsoft.DBforPostgreSQL/flexibleServers/firewa } // ─── Outputs (usats pels scripts de deploy) ─────────────────────────────────── -@description('URL de login de l\'ACR') +@description('URL de login de ACR') output acrLoginServer string = acr.properties.loginServer @description('Nom del recurs ACR') @@ -149,25 +143,22 @@ output acrName string = acr.name output containerAppsEnvId string = containerAppsEnv.id @description('Nom del Storage Account') -output storageAccountName string = storageAccount.name +output storageAccountNameOut string = storageAccount.name -@description('Clau primària del Storage Account (per a AZURE_STORAGE_CONNECTION_STRING)') -@sensitive() +@description('Clau primaria del Storage Account') output storageAccountKey string = storageAccount.listKeys().keys[0].value -@description('Connection string del Storage Account (per a AZURE_STORAGE_CONNECTION_STRING)') -@sensitive() +@description('Connection string del Storage Account') output storageConnectionString string = 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};EndpointSuffix=core.windows.net' -@description('Nom del File Share d\'Azure Files') +@description('Nom del File Share Azure Files') output fileShareName string = fileShare.name @description('FQDN del servidor PostgreSQL') output postgresHost string = postgresServer.properties.fullyQualifiedDomainName @description('Usuari administrador de PostgreSQL') -output postgresAdminUser string = postgresAdminUser +output postgresAdminUserOut string = postgresAdminUser -@description('DATABASE_URL per a la Container App (postgresql+psycopg2://...)') -@sensitive() +@description('DATABASE_URL per a la Container App') output databaseUrl string = 'postgresql+psycopg2://${postgresAdminUser}:${postgresAdminPassword}@${postgresServer.properties.fullyQualifiedDomainName}/mirofish?sslmode=require'