feat: Add Azure infrastructure provisioning #11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Initialize-CodePals.ps1: PowerShell script for resource provisioning - main.bicep: Infrastructure template (Static Web App, Key Vault, Managed Identity) - Sets up dev and prod environments with OIDC federation for GitHub Actions - All secrets stored in Azure Key Vault
…lates - Add Initialize-Infra PowerShell function for infrastructure provisioning - Add Initialize-DNS for CNAME record creation - Add Initialize-DNSZones for DNS zone management with dev NS delegation - Add main.bicep for Static Web App, Key Vault, and Managed Identity - Add dns-delegation.bicep for dev subdomain NS records - Configure federated identity for GitHub Actions OIDC authentication - Update CODEOWNERS: @rmjoia must approve all PRs unless creator
- Configure custom domain in Bicep template for Static Web App - Fix federated identity parameter (IdentityName instead of UserAssignedIdentityName) - Add custom domain validation in deployment script - Rename Initialize-CodePals.ps1 to Initialize-Infra.ps1 for consistency - Add automatic Azure module installation and loading
- Add auto-module loading for required Az modules - Fix federated credential parameter (IdentityName vs UserAssignedIdentityName) - Fix deployment token retrieval using listSecrets API action - Add custom domain configuration in Bicep (conditional for dev only) - Support both dev and prod environments with proper location validation - Production infrastructure deployed: codepals-prod-rg in westeurope
6 tasks
…potent - Add Cosmos DB account with free tier and serverless mode - Add three containers: users, profiles, connections - Configure RBAC role assignment for Managed Identity - Store Cosmos DB secrets in Key Vault - Configure Static Web App environment variables - Make DNS script idempotent (checks existing records) - Make federated identity script idempotent - Add comprehensive Pester tests (16 tests passing) - Improve error handling and user feedback
- Create CodePals.Infra module (psd1/psm1) for infrastructure management - Add Initialize-GitHubOAuth function with Azure Key Vault integration - Add SupportsShouldProcess to all functions for -WhatIf dry-run capability - Add comprehensive Pester tests for OAuth module (14 tests passing) - Update Initialize-Infra and Initialize-DNS with -WhatIf support - Add module documentation (README.md) Functions exported: - Initialize-Infra: Provision complete Azure infrastructure - Initialize-DNS: Configure DNS records - Initialize-GitHubOAuth: Set up GitHub OAuth with Key Vault storage All secrets stored securely in Azure Key Vault (no plaintext exposure)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds automated infrastructure provisioning for CodePals landing page deployment to Azure.
What's New
Infrastructure Provisioned
Components
Usage