Implement conditional deployment pipeline for monorepo using turbo and pnpm

.force-deploy

@@ -0,0 +1,13 @@
+# .force-deploy configuration file for ShareThrift monorepo
+# Set FORCE_DEPLOY_* flags to control manual deployment overrides
+# Set to 'true' to force deployment, 'false' to disable
+
+FORCE_DEPLOY_API=false
+FORCE_DEPLOY_UI=false
+FORCE_DEPLOY_DOCS=false
+
+# Developers: Change any value to 'true' to force deployment of that package
+# Example:
+# FORCE_DEPLOY_API=true
+# FORCE_DEPLOY_UI=true
+# FORCE_DEPLOY_DOCS=true

.github/workflows/copilot-setup-steps.yml

@@ -33,64 +33,50 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: "22"
-          cache: "npm"
 
-      - name: Cache node modules
-        id: npm-cache
+      - name: Install PNPM
+        run: |
+          npm install --global corepack@latest
+          corepack enable
+          corepack prepare pnpm@latest-10 --activate
+          pnpm --version
+
+      - name: Cache pnpm store
+        id: pnpm-cache
         uses: actions/cache@v4
         with:
           path: |
-            ~/.npm
-            ~/.cache
+            ~/.local/share/pnpm/store/v3
             node_modules
             packages/*/node_modules
             apps/*/node_modules
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
           restore-keys: |
-            ${{ runner.os }}-node-
+            ${{ runner.os }}-pnpm-
 
       - name: Install JavaScript dependencies
-        run: npm ci
-        if: steps.npm-cache.outputs.cache-hit != 'true'
+        run: pnpm install --frozen-lockfile
+        if: steps.pnpm-cache.outputs.cache-hit != 'true'
 
       - name: Cache Playwright browsers
         id: playwright-cache
         uses: actions/cache@v4
         with:
           path: /home/runner/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-${{ hashFiles('**/package-lock.json') }}
+          key: ${{ runner.os }}-playwright-${{ hashFiles('**/pnpm-lock.yaml') }}
           restore-keys: |
             ${{ runner.os }}-playwright-
-
 
       - name: Install Playwright browsers
         run: |
           echo "Installing Playwright browsers for UI testing..."
-          npx playwright install --with-deps
+          pnpm exec playwright install --with-deps
         env:
           PLAYWRIGHT_BROWSERS_PATH: /home/runner/.cache/ms-playwright
         if: steps.playwright-cache.outputs.cache-hit != 'true'
 
-
       - name: Install Java SDK (Required for SonarCloud)
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '17'
-
-
-      # - name: Verify required environment variables
-      #   run: |
-      #     if [ -z "$SONAR_TOKEN" ]; then
-      #       echo "Error: SONAR_TOKEN is not set."
-      #       exit 1
-      #     fi
-      #     if [ -z "$GH_TOKEN" ]; then
-      #       echo "Error: GH_TOKEN is not set."
-      #       exit 1
-      #     fi
-      #     echo "All required environment variables are set."
-      #   env:
-      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      #     GH_TOKEN: ${{ secrets.GH_TOKEN }}
-

apps/api/build-pipelines/config/dev-pri.json

@@ -0,0 +1,82 @@
+[
+    {
+        "name": "APPLICATION_NAME",
+        "value": "STH",
+        "slotSetting": false
+    },
+    {
+        "name": "AZURE_STORAGE_CONNECTION_STRING",
+        "value": "@Microsoft.KeyVault(SecretUri=https://sharethrift-keyvault.vault.azure.net/secrets/STH-AZURE-STORAGE-CONNECTION-STRING)",
+        "slotSetting": false
+    },
+    {
+        "name": "AZURE_SUBSCRIPTION_ID",
+        "value": "b46b070d-1eee-4d27-943a-32728cfca0b5",
+        "slotSetting": false
+    },
+    {
+        "name": "AZURE_RESOURCE_GROUP_NAME",
+        "value": "rg-sharethrift",
+        "slotSetting": false
+    },
+    {
+        "name": "BLACK_LISTED_EMAILS",
+        "value": "[]",
+        "slotSetting": false
+    },
+    {
+        "name": "COSMOSDB_CONNECTION_STRING",
+        "value": "@Microsoft.KeyVault(SecretUri=https://sharethrift-keyvault.vault.azure.net/secrets/STH-COSMOSDB-CONNECTION-STRING)",
+        "slotSetting": false
+    },
+    {
+        "name": "COSMOSDB_DBNAME",
+        "value": "sthdevcosmosdatbd52ztvowoqqe",
+        "slotSetting": false
+    },
+    {
+        "name": "KEY_VAULT_URL",
+        "value": "https://sharethrift-keyvault.vault.azure.net/",
+        "slotSetting": false
+    },
+    {
+        "name": "NODE_ENV",
+        "value": "production",
+        "slotSetting": false
+    },
+    {
+        "name": "PAYMENT_API_URL",
+        "value": "",
+        "slotSetting": false
+    },
+    {
+        "name": "SENDGRID_API_KEY",
+        "value": "@Microsoft.KeyVault(SecretUri=https://sharethrift-keyvault.vault.azure.net/secrets/STH-SENDGRID-API-KEY)",
+        "slotSetting": false
+    },
+    {
+        "name": "TWILIO_ACCOUNT_SID",
+        "value": "@Microsoft.KeyVault(SecretUri=https://sharethrift-keyvault.vault.azure.net/secrets/STH-TWILIO-ACCOUNT-SID)",
+        "slotSetting": false
+    },
+    {
+        "name": "TWILIO_AUTH_TOKEN",
+        "value": "@Microsoft.KeyVault(SecretUri=https://sharethrift-keyvault.vault.azure.net/secrets/STH-TWILIO-AUTH-TOKEN)",
+        "slotSetting": false
+    },
+    {
+        "name": "USER_PORTAL_OIDC_AUDIENCE",
+        "value": "https://sharethrift.com/auth-redirect",
+        "slotSetting": false
+    },
+    {
+        "name": "USER_PORTAL_OIDC_ENDPOINT",
+        "value": "https://sharethriftb2c.b2clogin.com/sharethriftb2c.onmicrosoft.com/b2c_1a_signup_signin/discovery/v2.0/keys",
+        "slotSetting": false
+    },
+    {
+        "name": "USER_PORTAL_OIDC_ISSUER",
+        "value": "https://sharethriftb2c.b2clogin.com/961394d2-0a14-4946-9913-6eb4944419af/",
+        "slotSetting": false
+    }
+]

apps/api/deploy-api.yml

@@ -11,41 +11,85 @@ parameters:
   type: string
 - name: vmImageName
   type: string
-- name: functionAppNamePri
+- name: appSettingsJsonFileRelativePathPri
+  displayName: 'AppSettings Json File Relative Path for Primary instance'
   type: string
 
 jobs:
 - job: Infrastructure
   displayName: Infrastructure Setup
-  condition: eq(stageDependencies.Build.BuildJob.outputs['BuildJob.HAS_BACKEND_CHANGES'], 'true')
+  condition: eq(stageDependencies.Build.Build.outputs['BuildJob.HAS_BACKEND_CHANGES'], 'true')
   pool:
     vmImage: ${{parameters.vmImageName}}
   steps:
   - task: AzureResourceManagerTemplateDeployment@3
+    name: deployInfrastructure
+    displayName: 'Deploy API Infrastructure'
     inputs:
       connectedServiceName: ${{parameters.ServiceConnectionName}}
-      deploymentName: $(Build.BuildNumber)
+      deploymentName: $(Build.BuildNumber)-api
       location: ${{parameters.deploymentDefaultLocation}}
       resourceGroupName: ${{parameters.resourceGroupName}}
       csmFile: apps/api/iac/main.bicep
-      overrideParameters: >
-                -environment ${{parameters.environmentNameBicep}}
+      csmParametersFile: apps/api/iac/${{parameters.environmentNameBicep}}.bicepparam
+      deploymentOutputs: 'armOutputs'
+      # overrideParameters: >
+      #           -environment ${{parameters.environmentNameBicep}}
+
+  - task: PowerShell@2
+    name: captureOutputs
+    displayName: 'Capture Infrastructure Outputs'
+    inputs:
+      targetType: 'inline'
+      script: |
+        Write-Host "Debug - armOutputs: $(armOutputs)"
+        $var = ConvertFrom-Json '$(armOutputs)'
+        $functionAppNamePri = $var.functionAppNamePri.value
+        Write-Host "Function App Name (Primary): $functionAppNamePri"
+        Write-Host "##vso[task.setvariable variable=functionAppNamePri;isOutput=true]$functionAppNamePri"
+
 - deployment: Application_Deployment_Pri
   displayName: Application Deployment (Primary)
-  condition: eq(stageDependencies.Build.BuildJob.outputs['BuildJob.HAS_BACKEND_CHANGES'], 'true')
+  condition: and(succeeded(), eq(stageDependencies.Build.Build.outputs['BuildJob.HAS_BACKEND_CHANGES'], 'true'))
+  dependsOn: Infrastructure
   environment: ${{parameters.environmentNameDevOps}}
   pool:
     vmImage: ${{parameters.vmImageName}}
+  variables:
+    functionAppNamePri: $[ dependencies.Infrastructure.outputs['captureOutputs.functionAppNamePri'] ]
   strategy:
     runOnce:
       deploy:
         steps:
+        - download: current
+          displayName: 'Artifact: Download API package'
+          artifact: api
         - task: AzureFunctionApp@1
-          displayName: 'Azure Functions App Deploy: ${{parameters.functionAppNamePri}}'
+          displayName: 'Azure Functions App Deploy: $(functionAppNamePri)'
           inputs:
             azureSubscription: ${{parameters.ServiceConnectionName}}
             appType: 'functionAppLinux'
-            appName: ${{parameters.functionAppNamePri}}
-            package: '$(Pipeline.Workspace)/drop/$(Build.BuildId).zip'
+            appName: $(functionAppNamePri)
+            package: '$(Pipeline.Workspace)/api/api-$(Build.BuildId).zip'
             runtimeStack: 'NODE|22'
-            deploymentMethod: 'runFromPackage'
+            deploymentMethod: 'runFromPackage'
+
+- job: Application_Settings_Pri
+  displayName: Application Settings (Primary)
+  condition: and(succeeded(), eq(stageDependencies.Build.Build.outputs['BuildJob.HAS_BACKEND_CHANGES'], 'true'))
+  dependsOn: 
+    - Infrastructure
+    - Application_Deployment_Pri
+  pool:
+    vmImage: ${{parameters.vmImageName}}
+  variables:
+    functionAppNamePri: $[ dependencies.Infrastructure.outputs['captureOutputs.functionAppNamePri'] ]
+  steps:
+  - powershell: |
+      $output = Get-Content '$(Build.SourcesDirectory)/${{parameters.appSettingsJsonFileRelativePathPri}}'
+      Write-Host "##vso[task.setvariable variable=appSettingsPri]$($output)"
+  - task: AzureAppServiceSettings@1
+    inputs:
+      azureSubscription: ${{parameters.ServiceConnectionName}}
+      appName: $(functionAppNamePri)
+      appSettings: '$(appSettingsPri)'

apps/api/iac/dev.bicepparam

@@ -0,0 +1,85 @@
+using './main.bicep'
+
+param env = 'dev'
+param applicationPrefix = 'sth'
+param tags = {
+  environment: 'dev'
+  application: 'sth'
+}
+
+//app service plan
+param appServicePlanInstanceName = 'pri-001'
+param appServicePlanLocation = 'eastus2'
+param appServicePlanSku = 'B1'
+param appServicePlanOperatingSystem = 'linux'
+
+// application insights
+param applicationInsightsLocation = 'eastus2'
+
+//function app
+param functionAppStorageAccountName = 'cxadevfunceastus2'
+param functionAppLocation = 'eastus2'
+param functionAppInstanceName = 'pri'
+param functionWorkerRuntime = 'node'
+param functionExtensionVersion = '~4'
+param maxOldSpaceSizeMB = 3072
+param linuxFxVersion = 'NODE|22'
+param allowedOrigins = [
+  'https://sharethrift.com'
+]
+param keyVaultName = 'sharethrift-keyvault'
+
+//storage account
+param storageAccountName = 'app'
+param storageAccountLocation = 'eastus2'
+param storageAccountSku = 'Standard_RAGZRS'
+param storageAccountManagementPolicy = {
+  enable: false
+  deleteAfterNDaysList: []
+}
+param enableBlobService = true
+param containers = [
+  {
+    name: 'public'
+    publicAccess: 'blob'
+  }
+  {
+    name: 'private'
+    publicAccess: 'None'
+  }
+]
+param enableQueueService = true
+param queues = []
+param cors = {
+  allowedOrigins: [
+    'https://sharethrift.com'
+  ]
+  allowedMethods: [
+    'GET'
+    'POST'
+    'PUT'
+    'OPTIONS'
+  ]
+  allowedHeaders: [
+    '*'
+  ]
+  exposedHeaders: [
+    'x-ms-version-id'
+  ]
+  maxAgeInSeconds: 0
+}
+param enableTableService = false
+param isVersioningEnabled = true
+param tables = []
+
+
+//cosmos
+param cosmosMongoDBInstanceName = 'dat'
+param cosmosLocation = 'eastus2'
+param totalThroughputLimit = 3200
+param backupIntervalInMinutes = 240
+param backupRetentionIntervalInHours = 96
+param maxThroughput = 1000
+param runRbacRoleAssignment = false
+param enableAnalyticalStorage = true
+param rbacMembers = []