RomanNum3ral
/
MicroFish
mirror of https://github.com/666ghj/MiroFish.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(azure): fix Bicep syntax errors in infra.bicep and container-app.bicep 

- infra.bicep: remove escaped apostrophes from @description strings (BCP071),
  remove unsupported @sensitive() decorator (BCP057), rename output
  storageAccountName -> storageAccountNameOut to avoid collision with param,
  rename postgresAdminUser output -> postgresAdminUserOut
- container-app.bicep: remove unused fileShareName param (no-unused-params)
- 1-infra.sh: update output key storageAccountName -> storageAccountNameOut
- 2-build-deploy.sh: remove fileShareName param (no longer in container-app.bicep)

Both files now compile clean (az bicep build passes with only expected
outputs-should-not-contain-secrets warnings).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Ubuntu 2026-05-05 07:47:06 +00:00
parent 9ee3dc1d59
commit c032580c3b
4 changed files with 17 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
azure/1-infra.sh
View File

@ -95,7 +95,7 @@ INFRA_OUTPUT=$(az deployment group create \
ACR_LOGIN_SERVER=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['acrLoginServer']['value'])") ACR_LOGIN_SERVER=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['acrLoginServer']['value'])")
ACR_NAME_OUT=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['acrName']['value'])") ACR_NAME_OUT=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['acrName']['value'])")
ENV_ID=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['containerAppsEnvId']['value'])") ENV_ID=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['containerAppsEnvId']['value'])")
STORAGE_ACCOUNT_NAME=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['storageAccountName']['value'])") STORAGE_ACCOUNT_NAME=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['storageAccountNameOut']['value'])")
FILE_SHARE_NAME=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['fileShareName']['value'])") FILE_SHARE_NAME=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['fileShareName']['value'])")
POSTGRES_HOST=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['postgresHost']['value'])") POSTGRES_HOST=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['postgresHost']['value'])")
STORAGE_CONNECTION_STRING=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['storageConnectionString']['value'])") STORAGE_CONNECTION_STRING=$(echo "$INFRA_OUTPUT" | python3 -c "import sys,json; print(json.load(sys.stdin)['properties']['outputs']['storageConnectionString']['value'])")

1
azure/2-build-deploy.sh
View File

@ -160,7 +160,6 @@ DEPLOY_OUTPUT=$(az deployment group create \
reportAgentTemperature="${REPORT_AGENT_TEMPERATURE:-0.5}" \ reportAgentTemperature="${REPORT_AGENT_TEMPERATURE:-0.5}" \
storageConnectionString="${STORAGE_CONNECTION_STRING:-}" \ storageConnectionString="${STORAGE_CONNECTION_STRING:-}" \
storageAccountName="${STORAGE_ACCOUNT_NAME:-}" \ storageAccountName="${STORAGE_ACCOUNT_NAME:-}" \
fileShareName="${FILE_SHARE_NAME:-mirofish-uploads}" \
databaseUrl="${DATABASE_URL:-}" \ databaseUrl="${DATABASE_URL:-}" \
--output json) --output json)

3
azure/container-app.bicep
View File

@ -72,9 +72,6 @@ param databaseUrl string = ''
@description('Nom del Storage Account (output d\'infra.bicep)') @description('Nom del Storage Account (output d\'infra.bicep)')
param storageAccountName string = '' param storageAccountName string = ''
@description('Nom del File Share d\'Azure Files (output d\'infra.bicep)')
param fileShareName string = 'mirofish-uploads'
// ─── Paràmetres LLM principal ───────────────────────────────────────────────── // ─── Paràmetres LLM principal ─────────────────────────────────────────────────
@description('URL base de l\'API LLM principal') @description('URL base de l\'API LLM principal')

41
azure/infra.bicep
View File

@ -13,24 +13,24 @@
@description('Nom base del projecte') @description('Nom base del projecte')
param projectName string = 'mirofish' param projectName string = 'mirofish'
@description('Localització Azure dels recursos') @description('Localitzacio Azure dels recursos')
param location string = resourceGroup().location param location string = resourceGroup().location
@description('Contrasenya de l\'administrador de PostgreSQL') @description('Contrasenya de l-administrador de PostgreSQL')
@secure() @secure()
param postgresAdminPassword string param postgresAdminPassword string
@description('Nom de l\'usuari administrador de PostgreSQL') @description('Usuari administrador de PostgreSQL')
param postgresAdminUser string = 'mirofish' param postgresAdminUser string = 'mirofish'
@description('SKU de PostgreSQL (B_Standard_B1ms per dev; GP_Standard_D2s_v3 per pro)') @description('SKU de PostgreSQL (B_Standard_B1ms per dev; GP_Standard_D2s_v3 per pro)')
param postgresSku string = 'B_Standard_B1ms' param postgresSku string = 'B_Standard_B1ms'
@description('Nom del Storage Account existent (o buit per crear-ne un de nou: ${projectName}store)') @description('Nom del Storage Account existent (o buit per crear-ne un de nou: <projectName>store)')
param storageAccountName string = '' param storageAccountName string = ''
// Nom efectiu: el paràmetre si s'especifica, sinó el nom generat // Nom efectiu: el parametre si s-especifica, sinó el nom generat
var effectiveStorageAccountName = empty(storageAccountName) ? '${replace(projectName, \'-\', \'\')}store' : storageAccountName var effectiveStorageAccountName = empty(storageAccountName) ? '${replace(projectName, '-', '')}store' : storageAccountName
// ─── Azure Container Registry ───────────────────────────────────────────────── // ─── Azure Container Registry ─────────────────────────────────────────────────
resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = { resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
@ -53,7 +53,7 @@ resource containerAppsEnv 'Microsoft.App/managedEnvironments@2023-05-01' = {
dependsOn: [storageAccount] dependsOn: [storageAccount]
} }
// Registra el File Share dins l'entorn de Container Apps // Registra el File Share dins l-entorn de Container Apps
resource envStorage 'Microsoft.App/managedEnvironments/storages@2023-05-01' = { resource envStorage 'Microsoft.App/managedEnvironments/storages@2023-05-01' = {
name: 'uploads' name: 'uploads'
parent: containerAppsEnv parent: containerAppsEnv
@ -68,9 +68,6 @@ resource envStorage 'Microsoft.App/managedEnvironments/storages@2023-05-01' = {
} }
// ─── Storage Account + File Share (dades OASIS persistents) ────────────────── // ─── Storage Account + File Share (dades OASIS persistents) ──────────────────
// Azure Files és necessari per a:
// - uploads/simulations/ (SQLite DBs, JSONL, IPC files de les simulacions OASIS)
// - uploads/projects/ (fitxers pujats per l'usuari)
// Si storageAccountName apunta a un compte existent, Bicep el reconcilia sense // Si storageAccountName apunta a un compte existent, Bicep el reconcilia sense
// esborrar els File Shares existents (caddydata, neo4jdata, etc.). // esborrar els File Shares existents (caddydata, neo4jdata, etc.).
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = { resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
@ -94,14 +91,12 @@ resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2023-0
name: 'mirofish-uploads' name: 'mirofish-uploads'
parent: fileService parent: fileService
properties: { properties: {
shareQuota: 100 // GB; augmenta si les simulacions creixen shareQuota: 100
enabledProtocols: 'SMB' enabledProtocols: 'SMB'
} }
} }
// ─── Azure Database for PostgreSQL Flexible Server ──────────────────────────── // ─── Azure Database for PostgreSQL Flexible Server ────────────────────────────
// Flexible Server és el recomanat per a desplegaments nous (Single Server deprecated)
// La base de dades 'mirofish' es crea automàticament
resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-06-01-preview' = { resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-06-01-preview' = {
name: '${projectName}-pg' name: '${projectName}-pg'
location: location location: location
@ -116,7 +111,6 @@ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-06-01-pr
storage: { storageSizeGB: 32 } storage: { storageSizeGB: 32 }
backup: { backupRetentionDays: 7, geoRedundantBackup: 'Disabled' } backup: { backupRetentionDays: 7, geoRedundantBackup: 'Disabled' }
highAvailability: { mode: 'Disabled' } highAvailability: { mode: 'Disabled' }
// Accés públic desactivat; usa firewall rule per a Container Apps o VNet
network: { publicNetworkAccess: 'Enabled' } network: { publicNetworkAccess: 'Enabled' }
authConfig: { activeDirectoryAuth: 'Disabled', passwordAuth: 'Enabled' } authConfig: { activeDirectoryAuth: 'Disabled', passwordAuth: 'Enabled' }
} }
@ -128,7 +122,7 @@ resource postgresDb 'Microsoft.DBforPostgreSQL/flexibleServers/databases@2023-06
properties: { charset: 'UTF8', collation: 'en_US.utf8' } properties: { charset: 'UTF8', collation: 'en_US.utf8' }
} }
// Regla de firewall per permetre tràfic de serveis Azure (inclou Container Apps) // Regla de firewall per permetre trafic de serveis Azure (inclou Container Apps)
resource postgresFirewallAzure 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-06-01-preview' = { resource postgresFirewallAzure 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2023-06-01-preview' = {
name: 'allow-azure-services' name: 'allow-azure-services'
parent: postgresServer parent: postgresServer
@ -139,7 +133,7 @@ resource postgresFirewallAzure 'Microsoft.DBforPostgreSQL/flexibleServers/firewa
} }
// ─── Outputs (usats pels scripts de deploy) ─────────────────────────────────── // ─── Outputs (usats pels scripts de deploy) ───────────────────────────────────
@description('URL de login de l\'ACR') @description('URL de login de ACR')
output acrLoginServer string = acr.properties.loginServer output acrLoginServer string = acr.properties.loginServer
@description('Nom del recurs ACR') @description('Nom del recurs ACR')
@ -149,25 +143,22 @@ output acrName string = acr.name
output containerAppsEnvId string = containerAppsEnv.id output containerAppsEnvId string = containerAppsEnv.id
@description('Nom del Storage Account') @description('Nom del Storage Account')
output storageAccountName string = storageAccount.name output storageAccountNameOut string = storageAccount.name
@description('Clau primària del Storage Account (per a AZURE_STORAGE_CONNECTION_STRING)') @description('Clau primaria del Storage Account')
@sensitive()
output storageAccountKey string = storageAccount.listKeys().keys[0].value output storageAccountKey string = storageAccount.listKeys().keys[0].value
@description('Connection string del Storage Account (per a AZURE_STORAGE_CONNECTION_STRING)') @description('Connection string del Storage Account')
@sensitive()
output storageConnectionString string = 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};EndpointSuffix=core.windows.net' output storageConnectionString string = 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};EndpointSuffix=core.windows.net'
@description('Nom del File Share d\'Azure Files') @description('Nom del File Share Azure Files')
output fileShareName string = fileShare.name output fileShareName string = fileShare.name
@description('FQDN del servidor PostgreSQL') @description('FQDN del servidor PostgreSQL')
output postgresHost string = postgresServer.properties.fullyQualifiedDomainName output postgresHost string = postgresServer.properties.fullyQualifiedDomainName
@description('Usuari administrador de PostgreSQL') @description('Usuari administrador de PostgreSQL')
output postgresAdminUser string = postgresAdminUser output postgresAdminUserOut string = postgresAdminUser
@description('DATABASE_URL per a la Container App (postgresql+psycopg2://...)') @description('DATABASE_URL per a la Container App')
@sensitive()
output databaseUrl string = 'postgresql+psycopg2://${postgresAdminUser}:${postgresAdminPassword}@${postgresServer.properties.fullyQualifiedDomainName}/mirofish?sslmode=require' output databaseUrl string = 'postgresql+psycopg2://${postgresAdminUser}:${postgresAdminPassword}@${postgresServer.properties.fullyQualifiedDomainName}/mirofish?sslmode=require'