Add Azure Developer CLI support

.github/workflows/azure-dev-validate.yml

@@ -0,0 +1,37 @@
+name: Validate bicep scripts
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+    branches:
+      - main
+      - master
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build Bicep for linting
+        uses: azure/CLI@v1
+        with:
+          inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f infra/main.bicep --stdout
+
+      - name: Run Microsoft Security DevOps Analysis
+        uses: microsoft/security-devops-action@preview
+        id: msdo
+        with:
+          tools: templateanalyzer
+        env:
+          GDN_TEMPLATEANALYZER_VERBOSE: 1
+
+      - name: Upload alerts to Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.msdo.outputs.sarifFile }}

.gitignore

@@ -30,3 +30,6 @@ yarn-error.log*
 # typescript
 *.tsbuildinfo
 next-env.d.ts
+
+.azure/
+infra/main.json

azure.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
+
+name: azurechatgpt
+metadata:
+  template: [email protected]
+services:
+  frontend:
+    project: ./src
+    language: ts
+    host: appservice

docs/1-introduction.md

@@ -7,7 +7,7 @@
 
    💡Note: You can configure the authentication provider to your identity solution using [NextAuth providers](https://next-auth.js.org/providers/)
 
-# 👋🏻 Introduction
+## 👋🏻 Introduction
 
 AzureChat - (powered by Azure OpenAI) solution accelerator is built with the following technologies.
 
@@ -37,6 +37,6 @@ AzureChat - (powered by Azure OpenAI) solution accelerator is built with the fol
 
 [Azure OpenAI Embeddings](https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/embeddings?tabs=console) for embed content extracted from files
 
-![](/images/architecture.png)
+![Architecture diagram](/images/architecture.png)
 
 [Next](/docs/2-provision-azure-resources.md)

docs/2-provision-azure-resources.md

@@ -1,11 +1,23 @@
-# 💙 One click - Provision Azure resources
+# Provision Azure resources
 
-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/anzappazurechatgpt)
+You can provision Azure resources for AzureChat using one of two methods described below.
+
+⚠️ Note: This will only create azure resources. Follow the [deploy to Azure section](#-deploy-to-azure---github-actions) to build and deploy AzureChat.
+
+Please also see [section 5](./5-add-Identity.md) for important information about adding authentication to your app.
+
+### Azure Developer CLI
+
+1. Download the [Azure Developer CLI](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/overview)
+1. Run `azd init -t microsoft/azurechat`
+1. Run `azd up` to provision and deploy the application
+1. Values required are described in the [Environment variables](#-environment-variables) section.
+
+### Deploy to Azure
 
 Click on the Deploy to Azure button and configure your settings in the Azure Portal as described in the [Environment variables](#-environment-variables) section.
 
-⚠️ Note: This will only create azure resources. Follow the [deploy to Azure section](#-deploy-to-azure---github-actions) to build and deploy AzureChat.
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/anzappazurechatgpt)
 
-Please see the [section below](#-add-an-identity-provider) for important information about adding authentication to your app.
 
 [Next](/docs/3-run-locally.md)

docs/3-run-locally.md

@@ -10,7 +10,7 @@ Clone this repository locally or fork to your Github account. Run all of the the
 - Do not use double-quotes and do not delete any of the variables.
 - Make sure that `NEXTAUTH_URL=http://localhost:3000` has no comments in the same line.
 
-  ```
+  ```bash
   # Azure OpenAI configuration
   AZURE_OPENAI_API_KEY=
   AZURE_OPENAI_API_INSTANCE_NAME=
@@ -43,7 +43,7 @@ Clone this repository locally or fork to your Github account. Run all of the the
 
 You should now be prompted to login with your chosen OAuth provider. Once successfully logged in, you can start creating new conversations.
 
-![](/images/chat-home.png)
-![](/images/chat-history.png)
+![Chat Home](/images/chat-home.png)
+![Chat history](/images/chat-history.png)
 
 [Next](/docs/4-deployto-azure.md)

docs/4-deployto-azure.md

@@ -2,19 +2,19 @@
 
 The following steps describes how AzureChat can be deployed to Azure App service using GitHub Actions.
 
-# 🧬 Fork the repository
+## 🧬 Fork the repository
 
 Fork this repository to your own organisation so that you can execute GitHub Actions against your own Azure Subscription.
 
-# 🗝️ Configure secrets in your GitHub repository
+## 🗝️ Configure secrets in your GitHub repository
 
 ### 1. AZURE_CREDENTIALS
 
 The GitHub workflow requires a secret named `AZURE_CREDENTIALS` to authenticate with Azure. The secret contains the credentials for a service principal with the Contributor role on the resource group containing the container app and container registry.
 
 1. Create a service principal with the Contributor role on the resource group that contains the Azure App Service.
 
-   ```
+   ```console
    az ad sp create-for-rbac
       --name <NAME OF THE CREDENTIAL> --role contributor --scopes /subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP> --sdk-auth --output json
    ```
@@ -31,10 +31,10 @@ The GitHub workflow requires a secret named `AZURE_CREDENTIALS` to authenticate
 
 Under the same repository secrets add a new variable `AZURE_APP_SERVICE_NAME` to deploy to your Azure Web app. The value of this secret is the name of your Azure Web app e.g. `my-web-app-name` from the domain https://my-web-app-name.azurewebsites.net/
 
-# 🔄 Run GitHub Actions
+## 🔄 Run GitHub Actions
 
 Once the secrets are configured, the GitHub Actions will be triggered for every code push to the repository. Alternatively, you can manually run the workflow by clicking on the "Run Workflow" button in the Actions tab in GitHub.
 
-![](/images/runworkflow.png)
+![Workflow screenshot](/images/runworkflow.png)
 
 [Next](/docs/5-add-Identity.md)

docs/5-add-Identity.md

@@ -4,64 +4,64 @@ Once the deployment is complete, you will need to add an identity provider to au
 
 ⚠️ Note: Only one of the identity provider is required below.
 
-# GitHub Authentication provider
+## GitHub Authentication provider
 
 We'll create two GitHub apps: one for testing locally and another for production.
 
-#### 🟡 Development app setup
+### 🟡 Development app setup
 
 1. Navigate to GitHub OAuth Apps setup https://github.com/settings/developers
 2. Create a `New OAuth App` https://github.com/settings/applications/new
 3. Fill in the following details
 
-```
+```default
 Application name: AzureChat DEV Environment
 Homepage URL: http://localhost:3000
 Authorization callback URL: http://localhost:3000/api/auth/callback/github
 ```
 
-#### 🟢 Production app setup
+### 🟢 Production app setup
 
 1. Navigate to GitHub OAuth Apps setup https://github.com/settings/developers
 2. Create a `New OAuth App` https://github.com/settings/applications/new
 3. Fill in the following details
 
-```
+```default
 Application name: AzureChat Production
 Homepage URL: https://YOUR-WEBSITE-NAME.azurewebsites.net
 Authorization callback URL: https://YOUR-WEBSITE-NAME.azurewebsites.net/api/auth/callback/github
 ```
 
 ⚠️ After completing app setup, ensure your environment variables locally and on Azure App Service are up to date.
 
-```
+```default
    # GitHub OAuth app configuration
    AUTH_GITHUB_ID=
    AUTH_GITHUB_SECRET=
 ```
 
-# Azure AD Authentication provider
+## Azure AD Authentication provider
 
-#### 🟡 Development app setup
+### 🟡 Development app setup
 
-1. Navigate to Azure AD Apps setup https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps
-2. Create a `New Registration` https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/CreateApplicationBlade/quickStartType~/null/isMSAApp~/false
+1. Navigate to [Azure AD Apps setup](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)
+2. Create a [New Registration](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/CreateApplicationBlade/quickStartType~/null/isMSAApp~/false)
 3. Fill in the following details
 
-```
+```default
 Application name: AzureChat DEV Environment
 Supported account types: Accounts in this organizational directory only
 Redirect URI Platform: Web
 Redirect URI: http://localhost:3000/api/auth/callback/azure-ad
 ```
 
-#### 🟢 Production app setup
+### 🟢 Production app setup
 
-1. Navigate to Azure AD Apps setup https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps
-2. Create a `New Registration` https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/CreateApplicationBlade/quickStartType~/null/isMSAApp~/false
+1. Navigate to [Azure AD Apps setup](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)
+2. Create a [New Registration](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/CreateApplicationBlade/quickStartType~/null/isMSAApp~/false)
 3. Fill in the following details
 
-```
+```default
 Application name: AzureChat Production
 Supported account types: Accounts in this organizational directory only
 Redirect URI Platform: Web
@@ -70,7 +70,7 @@ Redirect URI: https://YOUR-WEBSITE-NAME.azurewebsites.net/api/auth/callback/azur
 
 ⚠️ After completing app setup, ensure your environment variables locally and on Azure App Service are up to date.
 
-```
+```default
 # Azure AD OAuth app configuration
 
 AZURE_AD_CLIENT_ID=

docs/6-chat-over-file.md

@@ -8,13 +8,13 @@ Chat with your data utilises the following Azure Services:
 1. [Azure Cognitive Search](https://learn.microsoft.com/en-GB/azure/search/) for indexing and retrieving information.
 1. [Azure OpenAI Embeddings](https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/embeddings?tabs=console) for embed content extracted from files
 
-### Azure OpenAI Embeddings
+## Azure OpenAI Embeddings
 
 We use Azure OpenAI Embeddings to convert text to vectors and index it in Azure Cognitive Search.
 
 update the OpenAI environment variables with the following:
 
-```
+```default
 AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME=
 ```
 
@@ -25,7 +25,7 @@ When deploying to Azure, ensure to update the Azure App service app settings wit
 1. Create Azure Cognitive Search using the following [link](https://learn.microsoft.com/en-us/azure/search/search-get-started-portal)
 1. Create an index on Azure Cognitive Search with the following schema. You can use the Azure portal to create the following [indexes](https://learn.microsoft.com/en-us/azure/search/vector-search-how-to-create-index?tabs=portal-add-field%2Cpush)
 
-```
+```javascript
 {
       "name": "azure-chat",
       "fields": [
@@ -81,7 +81,7 @@ When deploying to Azure, ensure to update the Azure App service app settings wit
 
 2. After the index has been created, proceed to modify the env.local file with the appropriate Azure Cognitive Search environment variables.
 
-```
+```bash
 # Azure cognitive search is used for chat over your data
 AZURE_SEARCH_API_KEY=
 AZURE_SEARCH_NAME=
@@ -95,18 +95,18 @@ AZURE_SEARCH_API_VERSION="2023-07-01-Preview"
 
    Please note that the file is only preserved for each chat thread:
 
-   ```
-   # Azure AI Document Intelligence to extract content from your data
-   AZURE_DOCUMENT_INTELLIGENCE_ENDPOINT="https://REGION.api.cognitive.microsoft.com/"
-   AZURE_DOCUMENT_INTELLIGENCE_KEY=
-   ```
+      ```bash
+      # Azure AI Document Intelligence to extract content from your data
+      AZURE_DOCUMENT_INTELLIGENCE_ENDPOINT="https://REGION.api.cognitive.microsoft.com/"
+      AZURE_DOCUMENT_INTELLIGENCE_KEY=
+      ```
 
 5. At this point, you should be able to start new chat sessions with the `File` option.
    ![](/images/personalise-session.png)
 6. Once the `File` chat option is selected, click the `Choose File` button to select your document and then click the `Upload` button to upload your file. Please note that the Form Recognizer service supports PDF (text or scanned), JPG and PNG input documents.
 7. Once you receive a notification about a successful file upload, you should be able to start chatting with chatting with a chatbot.
 
-### Things to consider:
+### Things to consider
 
 1. Central place maintain uploaded files (e.g a storage account with blob storage)
 2. A way to delete indexed documents on Azure Cognitive Search if the chat thread is deleted

infra/main.bicep

@@ -1,3 +1,5 @@
+targetScope = 'subscription'
+
 @minLength(1)
 @maxLength(64)
 @description('Name of the the environment which is used to generate a short unique hash used in all resources.')
@@ -6,6 +8,7 @@ param name string
 @minLength(1)
 @maxLength(64)
 @description('Azure OpenAI API Key')
+@secure()
 param openaiApiKey string
 
 @minLength(1)
@@ -20,20 +23,40 @@ param openaiDeploymentName string
 
 @minLength(1)
 @maxLength(64)
-@description('Azure OpenAI API Version e.g. 2021-08-04-preview')
-param openaiApiVersion string
+@description('Azure OpenAI API Version e.g. 2023-03-15-preview')
+param openaiApiVersion string = '2023-03-15-preview'
+
+@minLength(1)
+@description('Primary location for all resources')
+param location string
 
-var resourceToken = toLower(uniqueString(subscription().id, name, resourceGroup().location))
+param resourceGroupName string = ''
 
+var resourceToken = toLower(uniqueString(subscription().id, name, location))
+var tags = { 'azd-env-name': name }
+
+// Organize resources in a resource group
+resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: !empty(resourceGroupName) ? resourceGroupName : 'rg-${name}'
+  location: location
+  tags: tags
+}
 
 module resources 'resources.bicep' = {
   name: 'resources-${resourceToken}'
+  scope: rg
   params: {
     name: name
+    location: location
     resourceToken: resourceToken
+    tags: tags
     openai_api_key: openaiApiKey
     openai_instance_name: openaiInstanceName
     openai_deployment_name: openaiDeploymentName
     openai_api_version: openaiApiVersion
   }
 }
+
+output APP_URL string = resources.outputs.url
+output AZURE_LOCATION string = location
+output AZURE_TENANT_ID string = tenant().tenantId