feat(infra) Phase 7 A0 — Api ACA app, image tag params, deploy script#218
Merged
Conversation
infra/modules/shared.bicep:
- Add wizardImageTag + apiImageTag params (default: quickstart placeholder;
CI/CD always supplies explicit :{sha} tags — never :latest for deploys)
- Add apiContainerAppName var ('pinwiz-ca-api-{env}')
- Add apiApp ACA resource: internal ingress (port 8080, external=false),
minReplicas=0 / maxReplicas=3, system-assigned MI, same env var pattern
as wizardApp (ASPNETCORE_URLS, ENVIRONMENT, APPLICATIONINSIGHTS_CONNECTION_STRING)
- Add apiAppAcrPull role assignment (same AcrPull RBAC pattern as wizardApp)
- Add apiAppDiag diagnostic settings (AllMetrics → Log Analytics)
- Update wizardApp image from hardcoded placeholder → wizardImageTag param
- Add services__pinwiz-api__http__0 env var on wizardApp so Aspire service
discovery resolves to the internal Api ACA app ('http://pinwiz-ca-api-{env}')
- Add wizardFqdn, apiContainerAppName, apiPrincipalId outputs
infra/main-shared.bicep:
- Wire wizardImageTag + apiImageTag params through to the shared module
- Add wizardContainerAppName, wizardPrincipalId, wizardFqdn, apiContainerAppName,
apiPrincipalId outputs
infra/scripts/Deploy-SharedResources.ps1:
- Add optional -WizardImageTag and -ApiImageTag params
- Auto-discover current image from running ACA app when not supplied so
a manual Bicep re-deploy does not revert the image to placeholder
- Pass both image tags as inline params to az stack sub create
Minimum allowed line rate is |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Unblocks Phase 7 containerization. Three changes:
infra/modules/shared.bicep+infra/main-shared.bicep:wizardImageTag+apiImageTagparams (default: quickstart placeholder). CI/CD supplies explicit:{sha}tags — never:latestfor ACA deployments;:latestis pushed to ACR as a convenience tag but never referenced in a deploy.apiAppACA resource (pinwiz-ca-api-{env}) — internal ingress only (not publicly reachable); Aspire service namepinwiz-api;minReplicas=0/maxReplicas=3; system-assigned MI + AcrPull + diagnostic settings matching the wizardApp pattern.services__pinwiz-api__http__0 = 'http://pinwiz-ca-api-{env}'env var on wizardApp — Aspire service discovery within the ACA environment.wizardImageTagwired into the wizardApp container image (replaces the hardcoded placeholder).wizardFqdn,apiContainerAppName,apiPrincipalId.infra/scripts/Deploy-SharedResources.ps1:-WizardImageTag+-ApiImageTagoptional params.az stack sub create.Pre-push audit
az bicep build infra/main-shared.bicep— clean ✅az bicep build infra/modules/shared.bicep— clean ✅Jim Keeley <94459922+jkeeley2073@users.noreply.github.com>✅Operator tasks still needed (not in this PR)
Early-Bird-Solutions-LLC/PinballWizardrepo + main branch (needed before A2 deploy.yml can authenticate)🤖 Generated with Claude Code