fix: Deployment issue with container app

Author: Prajwal-Microsoft

.devcontainer/Dockerfile

@@ -0,0 +1,27 @@
+ARG UV_VERSION=latest
+ARG DEBIAN_VERSION=bookworm
+
+# Use UV package as a base layer
+FROM ghcr.io/astral-sh/uv:$UV_VERSION AS uv
+
+# Use Debian-based VS Code Dev Container as base
+FROM mcr.microsoft.com/vscode/devcontainers/base:$DEBIAN_VERSION
+
+# Install dependencies and Node.js 20+ from NodeSource
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+       python3-numpy poppler-utils build-essential python3-dev curl \
+    && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y nodejs \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && curl -fsSL https://aka.ms/install-azd.sh | bash
+
+# Copy UV binaries
+COPY --from=uv --chown=vscode: /uv /uvx /bin/
+
+# Install global NPM packages
+RUN npm install -g tslint-to-eslint-config typescript yarn react-app-rewired
+
+# Set default shell
+SHELL ["/bin/bash", "-c"]

.devcontainer/devcontainer.json

@@ -0,0 +1,58 @@
+{
+    "name": "Multi-Project DevContainer",
+    "build": {
+        "dockerfile": "Dockerfile"
+    },
+    "features": {
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {
+            "version": "latest"
+        },
+        "ghcr.io/va-h/devcontainers-features/uv:1": {
+            "shellautocompletion": true,
+            "version": "latest"
+        },
+        "azure-cli": "latest"
+    },
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "ms-python.python",
+                "charliermarsh.ruff",
+                "exiasr.hadolint",
+                "kevinrose.vsc-python-indent",
+                "mosapride.zenkaku",
+                "ms-azuretools.vscode-docker",
+                "ms-python.python",
+                "njpwerner.autodocstring",
+                "redhat.vscode-yaml",
+                "shardulm94.trailing-spaces",
+                "tamasfe.even-better-toml",
+                "yzhang.markdown-all-in-one",
+                "ms-azuretools.azure-dev",
+                "charliermarsh.ruff",
+                "exiasr.hadolint",
+                "kevinrose.vsc-python-indent",
+                "mosapride.zenkaku",
+                "ms-azuretools.vscode-docker",
+                "ms-python.python",
+                "njpwerner.autodocstring",
+                "redhat.vscode-yaml",
+                "shardulm94.trailing-spaces",
+                "tamasfe.even-better-toml",
+                "yzhang.markdown-all-in-one",
+                "ms-azuretools.azure-dev",
+                "ms-vscode.azurecli"
+            ]
+        }
+    },
+    "containerEnv": {
+        "DISPLAY": "dummy",
+        "PYTHONUNBUFFERED": "True",
+        "UV_LINK_MODE": "copy",
+        "UV_PROJECT_ENVIRONMENT": "/home/vscode/.venv"
+    },
+    "postCreateCommand": "sed -i 's/\r$//' ./setupEnv.sh && sh ./setupEnv.sh",
+    "remoteEnv": {
+        "PYTHONPATH": "/home/vscode/.venv/bin"
+    }
+}

.devcontainer/setupEnv.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e  # Exit on error
+
+echo "Setting up ContentProcessor..."
+cd src/ContentProcessor
+uv sync --frozen
+cd ../../
+
+pwd
+
+echo "Setting up ContentProcessorApi..."
+cd src/ContentProcessorApi
+uv sync --frozen
+cd ../../
+pwd
+
+echo "Installing dependencies for ContentProcessorWeb..."
+cd src/ContentProcessorWeb
+yarn install
+
+echo "Setup complete! 🎉"

infra/container_app/deploy_container_app_env.bicep

@@ -1,33 +1,30 @@
 param solutionName string
-param containerEnvName string 
+param containerEnvName string
 param location string
 
-// Container related params
-param azureContainerRegistry string
-
 param logAnalyticsWorkspaceName string
 
 resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
   name: logAnalyticsWorkspaceName
 }
 
 resource containerRegistryReader 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  name: '${ solutionName }-acr-managed-identity'
+  name: '${solutionName }-acr-managed-identity'
   location: location
   tags: {
     app: solutionName
     location: location
   }
 }
 
-resource acrPullRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(azureContainerRegistry, containerRegistryReader.id, 'acrpull')
-  scope: resourceGroup()
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d') // AcrPull role
-    principalId: containerRegistryReader.properties.principalId
-  }
-}
+// resource acrPullRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+//   name: guid(azureContainerRegistry, containerRegistryReader.id, 'acrpull')
+//   scope: resourceGroup()
+//   properties: {
+//     roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d') // AcrPull role
+//     principalId: containerRegistryReader.properties.principalId
+//   }
+// }
 
 resource containerAppEnv 'Microsoft.App/managedEnvironments@2024-03-01' = {
   name: containerEnvName
@@ -53,3 +50,4 @@ resource containerAppEnv 'Microsoft.App/managedEnvironments@2024-03-01' = {
 
 output containerEnvId string = containerAppEnv.id
 output containerRegistryReaderId string = containerRegistryReader.id
+output containerRegistryReaderPrincipalId string = containerRegistryReader.properties.principalId

infra/deploy_container_registry.bicep

@@ -7,7 +7,7 @@ param environmentName string
 var uniqueId = toLower(uniqueString(subscription().id, environmentName, resourceGroup().location))
 var solutionName = 'cps-${padLeft(take(uniqueId, 12), 12, '0')}'
 
-var containerNameCleaned = replace('cr${ solutionName }', '-', '')
+var containerNameCleaned = replace('cr${solutionName }', '-', '')
 
 @description('Provide a location for the registry.')
 param location string = resourceGroup().location

infra/deploy_cosmos_db.bicep

@@ -1,24 +1,24 @@
 param solutionLocation string
 
 param cosmosAccountName string
-var databaseName = 'ContentProcess'
-var collectionNameProcess = 'Processes'
-var collectionNameSchema = 'Schemas'
+// var databaseName = 'ContentProcess'
+// var collectionNameProcess = 'Processes'
+// var collectionNameSchema = 'Schemas'
 
-var containers = [
-  {
-    name: collectionNameProcess
-    id: collectionNameProcess
-    partitionKey: '/userId'
-  }
-  {
-    name: collectionNameSchema
-    id: collectionNameSchema
-    partitionKey: '/userId'
-  }
-]
+// var containers = [
+//   {
+//     name: collectionNameProcess
+//     id: collectionNameProcess
+//     partitionKey: '/userId'
+//   }
+//   {
+//     name: collectionNameSchema
+//     id: collectionNameSchema
+//     partitionKey: '/userId'
+//   }
+// ]
 
-@allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
+@allowed(['GlobalDocumentDB', 'MongoDB', 'Parse'])
 param kind string = 'GlobalDocumentDB'
 
 param tags object = {}
@@ -41,29 +41,29 @@ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2024-12-01-preview' = {
     enableAutomaticFailover: false
     enableMultipleWriteLocations: false
     apiProperties: (kind == 'MongoDB') ? { serverVersion: '7.0' } : {}
-    capabilities: kind == 'MongoDB' ? [{ name: 'EnableMongo' }] : [ { name: 'EnableServerless' } ]
+    capabilities: kind == 'MongoDB' ? [{ name: 'EnableMongo' }] : [{ name: 'EnableServerless' }]
     capacityMode: 'Serverless'
     enableFreeTier: false
   }
 }
 
-resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2024-12-01-preview' = {
-  parent: cosmos
-  name: databaseName
-  properties: {
-    resource: { id: databaseName }
-  }
+// resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2024-12-01-preview' = {
+//   parent: cosmos
+//   name: databaseName
+//   properties: {
+//     resource: { id: databaseName }
+//   }
 
-  resource list 'collections' = [for container in containers: {
-    name: container.name
-    properties: {
-      resource: {
-        id: container.id
-      }
-      options: {}
-    }
-  }]
-}
+//   resource list 'collections' = [for container in containers: {
+//     name: container.name
+//     properties: {
+//       resource: {
+//         id: container.id
+//       }
+//       options: {}
+//     }
+//   }]
+// }
 
 output cosmosAccountName string = cosmos.name
-output cosmosDatabaseName string = databaseName
+// output cosmosDatabaseName string = databaseName

infra/deploy_role_assignments.bicep

@@ -1,14 +1,16 @@
-param conainerAppPrincipalIds array  // List of user/service principal IDs
-param containerApiPrincipalId string  // API principal ID
-param containerAppPrincipalId string  // APP principal ID
+param conainerAppPrincipalIds array // List of user/service principal IDs
+param containerApiPrincipalId string // API principal ID
+param containerAppPrincipalId string // APP principal ID
 
-param appConfigResourceId string  // Resource ID of the App Configuration instance
-param storageResourceId string  // Resource ID of the Storage account
-param storagePrincipalId string  // Resource ID of the Storage account
+param appConfigResourceId string // Resource ID of the App Configuration instance
+param storageResourceId string // Resource ID of the Storage account
+param storagePrincipalId string // Resource ID of the Storage account
 
 param aiServiceCUId string // Resource ID of the Content Understanding Service
 param aiServiceId string // Resource ID of the Open AI service
 
+param containerRegistryReaderPrincipalId string
+
 resource appConfigDataReader 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
   scope: resourceGroup()
   name: '516239f1-63e1-4d78-a4de-a74fb236a071'
@@ -34,7 +36,7 @@ resource cognitiveServicesOpenAIUserRole 'Microsoft.Authorization/roleDefinition
   scope: resourceGroup()
 }
 
-resource roleAssignments 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [ 
+resource roleAssignments 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [
   for principalId in conainerAppPrincipalIds: {
     name: guid('${appConfigResourceId}-${principalId}', appConfigDataReader.id)
     scope: resourceGroup()
@@ -128,3 +130,15 @@ resource cognitiveServicesUserRoleAssignment 'Microsoft.Authorization/roleAssign
     principalType: 'ServicePrincipal'
   }
 }
+
+resource acrPullRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(containerRegistryReaderPrincipalId, 'acrpull')
+  scope: resourceGroup()
+  properties: {
+    roleDefinitionId: subscriptionResourceId(
+      'Microsoft.Authorization/roleDefinitions',
+      '7f951dda-4ed3-4680-a7ca-43fe172d538d'
+    ) // AcrPull role
+    principalId: containerRegistryReaderPrincipalId
+  }
+}

infra/deploy_storage_account.bicep

@@ -6,7 +6,7 @@ param solutionLocation string
 
 @description('Name')
 param saName string
-var saNameCleaned = replace(saName, '-', '')
+var saNameCleaned = take(replace(saName, '-', ''), 24)
 
 param managedIdentityObjectId string
 
@@ -18,7 +18,7 @@ resource storageAccounts_resource 'Microsoft.Storage/storageAccounts@2022-09-01'
   }
   kind: 'StorageV2'
   identity: {
-    type:'SystemAssigned'
+    type: 'SystemAssigned'
   }
   properties: {
     minimumTlsVersion: 'TLS1_2'
@@ -62,7 +62,6 @@ resource storageAccounts_resource 'Microsoft.Storage/storageAccounts@2022-09-01'
 //   }
 // }
 
-
 // resource storageAccounts_default_data 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = {
 //   parent: storageAccounts_default
 //   name: 'data'
@@ -86,8 +85,8 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   name: guid(resourceGroup().id, managedIdentityObjectId, blobDataContributor.id)
   properties: {
     principalId: managedIdentityObjectId
-    roleDefinitionId:blobDataContributor.id
-    principalType: 'ServicePrincipal' 
+    roleDefinitionId: blobDataContributor.id
+    principalType: 'ServicePrincipal'
   }
 }