@polymorphism-tech/morph-spec 1.0.0

package/content/.morph/templates/infra/container-app.bicep

@@ -0,0 +1,156 @@
+// ==============================================================================
+// MORPH-SPEC - Container App
+// Azure Container Apps with ingress and auto-scaling
+// ==============================================================================
+
+@description('App name')
+param name string
+
+@description('Location')
+param location string
+
+@description('Tags')
+param tags object = {}
+
+@description('Container App Environment ID')
+param environmentId string
+
+@description('Container image')
+param containerImage string
+
+@description('App Insights connection string')
+param appInsightsConnectionString string = ''
+
+@description('CPU cores (0.25, 0.5, 0.75, 1.0, 1.25, 1.5, 1.75, 2.0)')
+param cpu string = '0.25'
+
+@description('Memory (0.5Gi, 1Gi, 1.5Gi, 2Gi, 3Gi, 4Gi)')
+param memory string = '0.5Gi'
+
+@description('Minimum replicas (0 = scale to zero)')
+param minReplicas int = 0
+
+@description('Maximum replicas')
+param maxReplicas int = 3
+
+@description('Target port')
+param targetPort int = 8080
+
+@description('Environment variables')
+param envVars array = []
+
+// ==============================================================================
+// CONTAINER APP
+// ==============================================================================
+
+var secrets = appInsightsConnectionString != '' ? [
+  {
+    name: 'appinsights-connection-string'
+    value: appInsightsConnectionString
+  }
+] : []
+
+var defaultEnvVars = appInsightsConnectionString != '' ? [
+  {
+    name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
+    secretRef: 'appinsights-connection-string'
+  }
+  {
+    name: 'ASPNETCORE_ENVIRONMENT'
+    value: 'Production'
+  }
+] : [
+  {
+    name: 'ASPNETCORE_ENVIRONMENT'
+    value: 'Production'
+  }
+]
+
+resource containerApp 'Microsoft.App/containerApps@2023-05-01' = {
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    managedEnvironmentId: environmentId
+    configuration: {
+      ingress: {
+        external: true
+        targetPort: targetPort
+        transport: 'http'
+        allowInsecure: false
+        traffic: [
+          {
+            latestRevision: true
+            weight: 100
+          }
+        ]
+      }
+      secrets: secrets
+    }
+    template: {
+      containers: [
+        {
+          name: name
+          image: containerImage
+          resources: {
+            cpu: json(cpu)
+            memory: memory
+          }
+          env: concat(defaultEnvVars, envVars)
+          probes: [
+            {
+              type: 'Liveness'
+              httpGet: {
+                path: '/health'
+                port: targetPort
+              }
+              initialDelaySeconds: 10
+              periodSeconds: 30
+              failureThreshold: 3
+            }
+            {
+              type: 'Readiness'
+              httpGet: {
+                path: '/health/ready'
+                port: targetPort
+              }
+              initialDelaySeconds: 5
+              periodSeconds: 10
+              failureThreshold: 3
+            }
+          ]
+        }
+      ]
+      scale: {
+        minReplicas: minReplicas
+        maxReplicas: maxReplicas
+        rules: [
+          {
+            name: 'http-scale'
+            http: {
+              metadata: {
+                concurrentRequests: '100'
+              }
+            }
+          }
+        ]
+      }
+    }
+  }
+}
+
+// ==============================================================================
+// OUTPUTS
+// ==============================================================================
+
+@description('Container App ID')
+output id string = containerApp.id
+
+@description('Container App name')
+output name string = containerApp.name
+
+@description('Container App URL')
+output url string = 'https://${containerApp.properties.configuration.ingress.fqdn}'
+
+@description('Container App FQDN')
+output fqdn string = containerApp.properties.configuration.ingress.fqdn

package/content/.morph/templates/infra/key-vault.bicep

@@ -0,0 +1,91 @@
+// ==============================================================================
+// MORPH-SPEC - Key Vault
+// Azure Key Vault for secrets management
+// ==============================================================================
+
+@description('Key Vault name')
+@minLength(3)
+@maxLength(24)
+param name string
+
+@description('Location')
+param location string
+
+@description('Tags')
+param tags object = {}
+
+@description('Enable soft delete')
+param enableSoftDelete bool = true
+
+@description('Soft delete retention days')
+@minValue(7)
+@maxValue(90)
+param softDeleteRetentionDays int = 30
+
+@description('Enable purge protection')
+param enablePurgeProtection bool = false
+
+@description('Object IDs to grant access (optional)')
+param accessPoliciesObjectIds array = []
+
+// ==============================================================================
+// KEY VAULT
+// ==============================================================================
+
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = {
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    tenantId: subscription().tenantId
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    enabledForDeployment: true
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: true
+    enableSoftDelete: enableSoftDelete
+    softDeleteRetentionInDays: softDeleteRetentionDays
+    enablePurgeProtection: enablePurgeProtection ? true : null
+    enableRbacAuthorization: true
+    publicNetworkAccess: 'Enabled'
+    networkAcls: {
+      defaultAction: 'Allow'
+      bypass: 'AzureServices'
+    }
+  }
+}
+
+// ==============================================================================
+// ACCESS POLICIES (Optional - if not using RBAC)
+// ==============================================================================
+
+resource accessPolicies 'Microsoft.KeyVault/vaults/accessPolicies@2023-07-01' = if (length(accessPoliciesObjectIds) > 0) {
+  parent: keyVault
+  name: 'add'
+  properties: {
+    accessPolicies: [for objectId in accessPoliciesObjectIds: {
+      tenantId: subscription().tenantId
+      objectId: objectId
+      permissions: {
+        secrets: ['get', 'list', 'set', 'delete']
+        keys: ['get', 'list', 'create', 'delete']
+        certificates: ['get', 'list', 'create', 'delete']
+      }
+    }]
+  }
+}
+
+// ==============================================================================
+// OUTPUTS
+// ==============================================================================
+
+@description('Key Vault ID')
+output id string = keyVault.id
+
+@description('Key Vault name')
+output name string = keyVault.name
+
+@description('Key Vault URI')
+output uri string = keyVault.properties.vaultUri

package/content/.morph/templates/infra/main.bicep

@@ -0,0 +1,155 @@
+// ==============================================================================
+// MORPH-SPEC - Main Bicep Template
+// Entry point para infraestrutura Azure
+// ==============================================================================
+
+targetScope = 'resourceGroup'
+
+// ==============================================================================
+// PARAMETERS
+// ==============================================================================
+
+@description('Environment name (dev, staging, prod)')
+@allowed(['dev', 'staging', 'prod'])
+param environment string = 'dev'
+
+@description('Location for all resources')
+param location string = resourceGroup().location
+
+@description('Application name (used for naming resources)')
+@minLength(3)
+@maxLength(15)
+param appName string
+
+@description('SQL Server administrator password')
+@secure()
+param sqlAdminPassword string
+
+@description('Container image to deploy')
+param containerImage string = 'mcr.microsoft.com/hello-world:latest'
+
+// ==============================================================================
+// VARIABLES
+// ==============================================================================
+
+var resourcePrefix = '${appName}-${environment}'
+var tags = {
+  environment: environment
+  application: appName
+  managedBy: 'bicep'
+  framework: 'morph-spec'
+}
+
+// ==============================================================================
+// LOG ANALYTICS WORKSPACE
+// Required for Container Apps and Application Insights
+// ==============================================================================
+
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: '${resourcePrefix}-logs'
+  location: location
+  tags: tags
+  properties: {
+    sku: {
+      name: 'PerGB2018'
+    }
+    retentionInDays: environment == 'prod' ? 90 : 30
+  }
+}
+
+// ==============================================================================
+// MODULES
+// ==============================================================================
+
+// Application Insights
+module appInsights 'app-insights.bicep' = {
+  name: 'appInsights-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: '${resourcePrefix}-insights'
+    location: location
+    tags: tags
+    logAnalyticsWorkspaceId: logAnalytics.id
+  }
+}
+
+// Key Vault
+module keyVault 'key-vault.bicep' = {
+  name: 'keyVault-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: '${resourcePrefix}-kv'
+    location: location
+    tags: tags
+  }
+}
+
+// Storage Account
+module storage 'storage.bicep' = {
+  name: 'storage-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: replace('${resourcePrefix}st', '-', '')
+    location: location
+    tags: tags
+    sku: environment == 'prod' ? 'Standard_GRS' : 'Standard_LRS'
+  }
+}
+
+// SQL Database
+module sqlDatabase 'sql-database.bicep' = {
+  name: 'sqlDatabase-${uniqueString(resourceGroup().id)}'
+  params: {
+    serverName: '${resourcePrefix}-sql'
+    databaseName: appName
+    location: location
+    tags: tags
+    adminPassword: sqlAdminPassword
+    useFree: environment == 'dev'
+  }
+}
+
+// Container Apps Environment
+module containerAppEnv 'container-app-env.bicep' = {
+  name: 'containerAppEnv-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: '${resourcePrefix}-env'
+    location: location
+    tags: tags
+    logAnalyticsWorkspaceId: logAnalytics.id
+  }
+}
+
+// Container App
+module containerApp 'container-app.bicep' = {
+  name: 'containerApp-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: resourcePrefix
+    location: location
+    tags: tags
+    environmentId: containerAppEnv.outputs.id
+    containerImage: containerImage
+    appInsightsConnectionString: appInsights.outputs.connectionString
+    minReplicas: environment == 'prod' ? 1 : 0
+    maxReplicas: environment == 'prod' ? 10 : 3
+  }
+}
+
+// ==============================================================================
+// OUTPUTS
+// ==============================================================================
+
+@description('Container App URL')
+output containerAppUrl string = containerApp.outputs.url
+
+@description('SQL Server connection string')
+output sqlConnectionString string = sqlDatabase.outputs.connectionString
+
+@description('Key Vault URI')
+output keyVaultUri string = keyVault.outputs.uri
+
+@description('Storage Account connection string')
+output storageConnectionString string = storage.outputs.connectionString
+
+@description('Application Insights connection string')
+output appInsightsConnectionString string = appInsights.outputs.connectionString
+
+@description('Log Analytics Workspace ID')
+output logAnalyticsWorkspaceId string = logAnalytics.id

package/content/.morph/templates/infra/parameters.dev.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "environment": {
+      "value": "dev"
+    },
+    "appName": {
+      "value": "{{APP_NAME}}"
+    },
+    "sqlAdminPassword": {
+      "reference": {
+        "keyVault": {
+          "id": "/subscriptions/{{SUBSCRIPTION_ID}}/resourceGroups/{{RESOURCE_GROUP}}/providers/Microsoft.KeyVault/vaults/{{KEY_VAULT_NAME}}"
+        },
+        "secretName": "sql-admin-password"
+      }
+    },
+    "containerImage": {
+      "value": "{{ACR_NAME}}.azurecr.io/{{APP_NAME}}:latest"
+    }
+  }
+}

package/content/.morph/templates/infra/parameters.prod.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "environment": {
+      "value": "prod"
+    },
+    "appName": {
+      "value": "{{APP_NAME}}"
+    },
+    "sqlAdminPassword": {
+      "reference": {
+        "keyVault": {
+          "id": "/subscriptions/{{SUBSCRIPTION_ID}}/resourceGroups/{{RESOURCE_GROUP}}/providers/Microsoft.KeyVault/vaults/{{KEY_VAULT_NAME}}"
+        },
+        "secretName": "sql-admin-password"
+      }
+    },
+    "containerImage": {
+      "value": "{{ACR_NAME}}.azurecr.io/{{APP_NAME}}:{{VERSION}}"
+    }
+  }
+}

package/content/.morph/templates/infra/sql-database.bicep

@@ -0,0 +1,103 @@
+// ==============================================================================
+// MORPH-SPEC - SQL Database
+// Azure SQL Server with Database (supports Free tier)
+// ==============================================================================
+
+@description('SQL Server name')
+param serverName string
+
+@description('Database name')
+param databaseName string
+
+@description('Location')
+param location string
+
+@description('Tags')
+param tags object = {}
+
+@description('Admin username')
+param adminUsername string = 'sqladmin'
+
+@description('Admin password')
+@secure()
+param adminPassword string
+
+@description('Use free tier (32GB, limited DTUs)')
+param useFree bool = true
+
+// ==============================================================================
+// SQL SERVER
+// ==============================================================================
+
+resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
+  name: serverName
+  location: location
+  tags: tags
+  properties: {
+    administratorLogin: adminUsername
+    administratorLoginPassword: adminPassword
+    version: '12.0'
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+  }
+}
+
+// ==============================================================================
+// SQL DATABASE
+// ==============================================================================
+
+resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = {
+  parent: sqlServer
+  name: databaseName
+  location: location
+  tags: tags
+  sku: useFree ? {
+    name: 'Free'
+    tier: 'Free'
+  } : {
+    name: 'Basic'
+    tier: 'Basic'
+    capacity: 5
+  }
+  properties: {
+    collation: 'SQL_Latin1_General_CP1_CI_AS'
+    maxSizeBytes: useFree ? 32212254720 : 2147483648  // 32GB free, 2GB basic
+    catalogCollation: 'SQL_Latin1_General_CP1_CI_AS'
+    zoneRedundant: false
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Local'
+  }
+}
+
+// ==============================================================================
+// FIREWALL RULES
+// ==============================================================================
+
+// Allow Azure services
+resource firewallAzure 'Microsoft.Sql/servers/firewallRules@2023-05-01-preview' = {
+  parent: sqlServer
+  name: 'AllowAllAzureIps'
+  properties: {
+    startIpAddress: '0.0.0.0'
+    endIpAddress: '0.0.0.0'
+  }
+}
+
+// ==============================================================================
+// OUTPUTS
+// ==============================================================================
+
+@description('SQL Server ID')
+output serverId string = sqlServer.id
+
+@description('SQL Server FQDN')
+output serverFqdn string = sqlServer.properties.fullyQualifiedDomainName
+
+@description('Database ID')
+output databaseId string = sqlDatabase.id
+
+@description('Connection string (password placeholder)')
+output connectionString string = 'Server=tcp:${sqlServer.properties.fullyQualifiedDomainName},1433;Database=${databaseName};User ID=${adminUsername};Password=${adminPassword};Encrypt=true;TrustServerCertificate=false;Connection Timeout=30;'
+
+@description('Connection string template (no password)')
+output connectionStringTemplate string = 'Server=tcp:${sqlServer.properties.fullyQualifiedDomainName},1433;Database=${databaseName};User ID=${adminUsername};Password={your_password};Encrypt=true;TrustServerCertificate=false;Connection Timeout=30;'

package/content/.morph/templates/infra/storage.bicep

@@ -0,0 +1,106 @@
+// ==============================================================================
+// MORPH-SPEC - Storage Account
+// Azure Storage Account with Blob containers
+// ==============================================================================
+
+@description('Storage account name (lowercase, no hyphens, 3-24 chars)')
+@minLength(3)
+@maxLength(24)
+param name string
+
+@description('Location')
+param location string
+
+@description('Tags')
+param tags object = {}
+
+@description('SKU (Standard_LRS, Standard_GRS, Standard_ZRS)')
+@allowed(['Standard_LRS', 'Standard_GRS', 'Standard_ZRS', 'Premium_LRS'])
+param sku string = 'Standard_LRS'
+
+@description('Create default blob containers')
+param createContainers bool = true
+
+// ==============================================================================
+// STORAGE ACCOUNT
+// ==============================================================================
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
+  name: name
+  location: location
+  tags: tags
+  kind: 'StorageV2'
+  sku: {
+    name: sku
+  }
+  properties: {
+    accessTier: 'Hot'
+    allowBlobPublicAccess: false
+    allowSharedKeyAccess: true
+    minimumTlsVersion: 'TLS1_2'
+    supportsHttpsTrafficOnly: true
+    networkAcls: {
+      defaultAction: 'Allow'
+      bypass: 'AzureServices'
+    }
+  }
+}
+
+// ==============================================================================
+// BLOB SERVICE
+// ==============================================================================
+
+resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
+  parent: storageAccount
+  name: 'default'
+  properties: {
+    deleteRetentionPolicy: {
+      enabled: true
+      days: 7
+    }
+  }
+}
+
+// ==============================================================================
+// DEFAULT CONTAINERS
+// ==============================================================================
+
+resource uploadsContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = if (createContainers) {
+  parent: blobService
+  name: 'uploads'
+  properties: {
+    publicAccess: 'None'
+  }
+}
+
+resource reportsContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = if (createContainers) {
+  parent: blobService
+  name: 'reports'
+  properties: {
+    publicAccess: 'None'
+  }
+}
+
+resource backupsContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = if (createContainers) {
+  parent: blobService
+  name: 'backups'
+  properties: {
+    publicAccess: 'None'
+  }
+}
+
+// ==============================================================================
+// OUTPUTS
+// ==============================================================================
+
+@description('Storage Account ID')
+output id string = storageAccount.id
+
+@description('Storage Account name')
+output name string = storageAccount.name
+
+@description('Primary blob endpoint')
+output primaryBlobEndpoint string = storageAccount.properties.primaryEndpoints.blob
+
+@description('Connection string')
+output connectionString string = 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};EndpointSuffix=core.windows.net'