npm - @polymorphism-tech/morph-spec - Versions diffs - 4.3.4 → 4.3.6 - Mend

@polymorphism-tech/morph-spec 4.3.4 → 4.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (164) hide show

package/.morph/templates/infrastructure/azure/deploy.sh ADDED Viewed

@@ -0,0 +1,208 @@
+#!/bin/bash
+# ==============================================================================
+# MORPH-SPEC - Deploy Script
+# Automated deployment of Azure infrastructure
+# ==============================================================================
+set -e  # Exit on error
+# ==============================================================================
+# CONFIGURATION
+# ==============================================================================
+# Required variables (override via environment)
+APP_NAME="${APP_NAME:-myapp}"
+ENVIRONMENT="${ENVIRONMENT:-dev}"
+LOCATION="${LOCATION:-eastus}"
+SUBSCRIPTION_ID="${SUBSCRIPTION_ID:-}"
+# Optional variables
+HOSTING_TYPE="${HOSTING_TYPE:-appservice}"  # appservice or containerapp
+APP_SERVICE_SKU="${APP_SERVICE_SKU:-F1}"
+CONTAINER_IMAGE="${CONTAINER_IMAGE:-mcr.microsoft.com/hello-world:latest}"
+# Derived variables
+RESOURCE_GROUP="rg-${APP_NAME}-${ENVIRONMENT}"
+DEPLOYMENT_NAME="deploy-${APP_NAME}-$(date +%Y%m%d-%H%M%S)"
+# ==============================================================================
+# COLORS
+# ==============================================================================
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+# ==============================================================================
+# FUNCTIONS
+# ==============================================================================
+log_info() {
+    echo -e "${BLUE}ℹ️  $1${NC}"
+}
+log_success() {
+    echo -e "${GREEN}✅ $1${NC}"
+}
+log_warning() {
+    echo -e "${YELLOW}⚠️  $1${NC}"
+}
+log_error() {
+    echo -e "${RED}❌ $1${NC}"
+}
+check_prerequisites() {
+    log_info "Checking prerequisites..."
+    # Check Azure CLI
+    if ! command -v az &> /dev/null; then
+        log_error "Azure CLI not found. Install from: https://aka.ms/azure-cli"
+        exit 1
+    fi
+    # Check login
+    if ! az account show &> /dev/null; then
+        log_error "Not logged in to Azure. Run: az login"
+        exit 1
+    fi
+    # Set subscription if provided
+    if [ -n "$SUBSCRIPTION_ID" ]; then
+        log_info "Setting subscription to: $SUBSCRIPTION_ID"
+        az account set --subscription "$SUBSCRIPTION_ID"
+    fi
+    log_success "Prerequisites checked"
+}
+create_resource_group() {
+    log_info "Creating resource group: $RESOURCE_GROUP"
+    if az group exists -n "$RESOURCE_GROUP" | grep -q true; then
+        log_warning "Resource group already exists"
+    else
+        az group create \
+            --name "$RESOURCE_GROUP" \
+            --location "$LOCATION" \
+            --tags \
+                environment="$ENVIRONMENT" \
+                application="$APP_NAME" \
+                managedBy="bicep" \
+                framework="morph-spec"
+        log_success "Resource group created"
+    fi
+}
+generate_sql_password() {
+    # Generate secure random password
+    SQL_PASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-25)
+    log_success "SQL password generated (stored in Key Vault after deploy)"
+}
+deploy_infrastructure() {
+    log_info "Deploying infrastructure..."
+    log_info "  App Name: $APP_NAME"
+    log_info "  Environment: $ENVIRONMENT"
+    log_info "  Hosting Type: $HOSTING_TYPE"
+    log_info "  Location: $LOCATION"
+    # Prepare parameters file
+    PARAMS_FILE="parameters.${ENVIRONMENT}.json"
+    if [ ! -f "$PARAMS_FILE" ]; then
+        log_error "Parameters file not found: $PARAMS_FILE"
+        exit 1
+    fi
+    # Deploy
+    az deployment group create \
+        --resource-group "$RESOURCE_GROUP" \
+        --name "$DEPLOYMENT_NAME" \
+        --template-file main.bicep \
+        --parameters "@$PARAMS_FILE" \
+        --parameters \
+            appName="$APP_NAME" \
+            environment="$ENVIRONMENT" \
+            location="$LOCATION" \
+            hostingType="$HOSTING_TYPE" \
+            appServiceSku="$APP_SERVICE_SKU" \
+            containerImage="$CONTAINER_IMAGE" \
+            sqlAdminPassword="$SQL_PASSWORD" \
+        --output table
+    log_success "Infrastructure deployed"
+}
+show_outputs() {
+    log_info "Retrieving deployment outputs..."
+    APP_URL=$(az deployment group show \
+        -g "$RESOURCE_GROUP" \
+        -n "$DEPLOYMENT_NAME" \
+        --query properties.outputs.appUrl.value -o tsv)
+    SQL_CONNECTION=$(az deployment group show \
+        -g "$RESOURCE_GROUP" \
+        -n "$DEPLOYMENT_NAME" \
+        --query properties.outputs.sqlConnectionString.value -o tsv)
+    APPINSIGHTS_CONNECTION=$(az deployment group show \
+        -g "$RESOURCE_GROUP" \
+        -n "$DEPLOYMENT_NAME" \
+        --query properties.outputs.appInsightsConnectionString.value -o tsv)
+    echo ""
+    echo "╔════════════════════════════════════════════════════════════════╗"
+    echo "║              DEPLOYMENT SUCCESSFUL                             ║"
+    echo "╚════════════════════════════════════════════════════════════════╝"
+    echo ""
+    echo "🌐 Application URL:"
+    echo "   $APP_URL"
+    echo ""
+    echo "🗄️  SQL Connection String:"
+    echo "   $SQL_CONNECTION"
+    echo ""
+    echo "📊 App Insights Connection String:"
+    echo "   $APPINSIGHTS_CONNECTION"
+    echo ""
+    echo "💡 Next steps:"
+    if [ "$HOSTING_TYPE" = "appservice" ]; then
+        echo "   1. Deploy your code: az webapp up --name app-${APP_NAME}-${ENVIRONMENT}"
+        echo "   2. View logs: az webapp log tail --name app-${APP_NAME}-${ENVIRONMENT} -g $RESOURCE_GROUP"
+    else
+        echo "   1. Build and push container: az acr build --registry <ACR> --image ${APP_NAME}:latest ."
+        echo "   2. Update container app: az containerapp update -n ca-${APP_NAME}-${ENVIRONMENT} -g $RESOURCE_GROUP --image <IMAGE>"
+        echo "   3. View logs: az containerapp logs show -n ca-${APP_NAME}-${ENVIRONMENT} -g $RESOURCE_GROUP --follow"
+    fi
+    echo ""
+}
+# ==============================================================================
+# MAIN
+# ==============================================================================
+main() {
+    echo ""
+    echo "╔════════════════════════════════════════════════════════════════╗"
+    echo "║          MORPH-SPEC - Azure Infrastructure Deploy             ║"
+    echo "╚════════════════════════════════════════════════════════════════╝"
+    echo ""
+    check_prerequisites
+    create_resource_group
+    generate_sql_password
+    deploy_infrastructure
+    show_outputs
+    log_success "Deployment complete! 🚀"
+}
+# Run main function
+main

package/.morph/templates/infrastructure/azure/key-vault.bicep ADDED Viewed

@@ -0,0 +1,91 @@
+// ==============================================================================
+// MORPH-SPEC - Key Vault
+// Azure Key Vault for secrets management
+// ==============================================================================
+@description('Key Vault name')
+@minLength(3)
+@maxLength(24)
+param name string
+@description('Location')
+param location string
+@description('Tags')
+param tags object = {}
+@description('Enable soft delete')
+param enableSoftDelete bool = true
+@description('Soft delete retention days')
+@minValue(7)
+@maxValue(90)
+param softDeleteRetentionDays int = 30
+@description('Enable purge protection')
+param enablePurgeProtection bool = false
+@description('Object IDs to grant access (optional)')
+param accessPoliciesObjectIds array = []
+// ==============================================================================
+// KEY VAULT
+// ==============================================================================
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = {
+  name: name
+  location: location
+  tags: tags
+  properties: {
+    tenantId: subscription().tenantId
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    enabledForDeployment: true
+    enabledForDiskEncryption: false
+    enabledForTemplateDeployment: true
+    enableSoftDelete: enableSoftDelete
+    softDeleteRetentionInDays: softDeleteRetentionDays
+    enablePurgeProtection: enablePurgeProtection ? true : null
+    enableRbacAuthorization: true
+    publicNetworkAccess: 'Enabled'
+    networkAcls: {
+      defaultAction: 'Allow'
+      bypass: 'AzureServices'
+    }
+  }
+}
+// ==============================================================================
+// ACCESS POLICIES (Optional - if not using RBAC)
+// ==============================================================================
+resource accessPolicies 'Microsoft.KeyVault/vaults/accessPolicies@2023-07-01' = if (length(accessPoliciesObjectIds) > 0) {
+  parent: keyVault
+  name: 'add'
+  properties: {
+    accessPolicies: [for objectId in accessPoliciesObjectIds: {
+      tenantId: subscription().tenantId
+      objectId: objectId
+      permissions: {
+        secrets: ['get', 'list', 'set', 'delete']
+        keys: ['get', 'list', 'create', 'delete']
+        certificates: ['get', 'list', 'create', 'delete']
+      }
+    }]
+  }
+}
+// ==============================================================================
+// OUTPUTS
+// ==============================================================================
+@description('Key Vault ID')
+output id string = keyVault.id
+@description('Key Vault name')
+output name string = keyVault.name
+@description('Key Vault URI')
+output uri string = keyVault.properties.vaultUri

package/.morph/templates/infrastructure/azure/main.bicep ADDED Viewed

@@ -0,0 +1,189 @@
+// ==============================================================================
+// MORPH-SPEC - Main Bicep Template
+// Entry point para infraestrutura Azure
+// ==============================================================================
+targetScope = 'resourceGroup'
+// ==============================================================================
+// PARAMETERS
+// ==============================================================================
+@description('Environment name (dev, staging, prod)')
+@allowed(['dev', 'staging', 'prod'])
+param environment string = 'dev'
+@description('Location for all resources')
+param location string = resourceGroup().location
+@description('Application name (used for naming resources)')
+@minLength(3)
+@maxLength(15)
+param appName string
+@description('SQL Server administrator password')
+@secure()
+param sqlAdminPassword string
+@description('Container image to deploy (only for Container Apps)')
+param containerImage string = 'mcr.microsoft.com/hello-world:latest'
+@description('Hosting type: appservice or containerapp')
+@allowed(['appservice', 'containerapp'])
+param hostingType string = 'appservice'
+@description('App Service SKU (only for App Service hosting)')
+@allowed(['F1', 'B1', 'S1', 'P1v2'])
+param appServiceSku string = 'F1'
+// ==============================================================================
+// VARIABLES
+// ==============================================================================
+var resourcePrefix = '${appName}-${environment}'
+var tags = {
+  environment: environment
+  application: appName
+  managedBy: 'bicep'
+  framework: 'morph-spec'
+}
+// ==============================================================================
+// LOG ANALYTICS WORKSPACE
+// Required for Container Apps and Application Insights
+// ==============================================================================
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+  name: '${resourcePrefix}-logs'
+  location: location
+  tags: tags
+  properties: {
+    sku: {
+      name: 'PerGB2018'
+    }
+    retentionInDays: environment == 'prod' ? 90 : 30
+  }
+}
+// ==============================================================================
+// MODULES
+// ==============================================================================
+// Application Insights
+module appInsights 'app-insights.bicep' = {
+  name: 'appInsights-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: '${resourcePrefix}-insights'
+    location: location
+    tags: tags
+    logAnalyticsWorkspaceId: logAnalytics.id
+  }
+}
+// Key Vault
+module keyVault 'key-vault.bicep' = {
+  name: 'keyVault-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: '${resourcePrefix}-kv'
+    location: location
+    tags: tags
+  }
+}
+// Storage Account
+module storage 'storage.bicep' = {
+  name: 'storage-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: replace('${resourcePrefix}st', '-', '')
+    location: location
+    tags: tags
+    sku: environment == 'prod' ? 'Standard_GRS' : 'Standard_LRS'
+  }
+}
+// SQL Database
+module sqlDatabase 'sql-database.bicep' = {
+  name: 'sqlDatabase-${uniqueString(resourceGroup().id)}'
+  params: {
+    serverName: '${resourcePrefix}-sql'
+    databaseName: appName
+    location: location
+    tags: tags
+    adminPassword: sqlAdminPassword
+    useFree: environment == 'dev'
+  }
+}
+// ==============================================================================
+// HOSTING - App Service (Conditional)
+// ==============================================================================
+module appService 'app-service.bicep' = if (hostingType == 'appservice') {
+  name: 'appService-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: 'app-${resourcePrefix}'
+    location: location
+    tags: tags
+    sku: appServiceSku
+    appInsightsConnectionString: appInsights.outputs.connectionString
+    alwaysOn: appServiceSku != 'F1' // Only available on paid tiers
+  }
+}
+// ==============================================================================
+// HOSTING - Container Apps (Conditional)
+// ==============================================================================
+// Container Apps Environment
+module containerAppEnv 'container-app-env.bicep' = if (hostingType == 'containerapp') {
+  name: 'containerAppEnv-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: '${resourcePrefix}-env'
+    location: location
+    tags: tags
+    logAnalyticsWorkspaceId: logAnalytics.id
+  }
+}
+// Container App
+module containerApp 'container-app.bicep' = if (hostingType == 'containerapp') {
+  name: 'containerApp-${uniqueString(resourceGroup().id)}'
+  params: {
+    name: 'ca-${resourcePrefix}'
+    location: location
+    tags: tags
+    environmentId: hostingType == 'containerapp' ? containerAppEnv.outputs.id : ''
+    containerImage: containerImage
+    appInsightsConnectionString: appInsights.outputs.connectionString
+    minReplicas: environment == 'prod' ? 1 : 0
+    maxReplicas: environment == 'prod' ? 10 : 3
+  }
+}
+// ==============================================================================
+// OUTPUTS
+// ==============================================================================
+@description('Application URL')
+output appUrl string = hostingType == 'appservice' ? appService.outputs.url : containerApp.outputs.url
+@description('Hosting Type')
+output hostingType string = hostingType
+@description('SQL Server connection string')
+output sqlConnectionString string = sqlDatabase.outputs.connectionString
+@description('Key Vault URI')
+output keyVaultUri string = keyVault.outputs.uri
+@description('Storage Account connection string')
+output storageConnectionString string = storage.outputs.connectionString
+@description('Application Insights connection string')
+output appInsightsConnectionString string = appInsights.outputs.connectionString
+@description('Log Analytics Workspace ID')
+output logAnalyticsWorkspaceId string = logAnalytics.id
+@description('App Service Principal ID (for Managed Identity)')
+output appPrincipalId string = hostingType == 'appservice' ? appService.outputs.principalId : ''

package/.morph/templates/infrastructure/azure/parameters.dev.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "environment": {
+      "value": "dev"
+    },
+    "appName": {
+      "value": "{{APP_NAME}}"
+    },
+    "sqlAdminPassword": {
+      "reference": {
+        "keyVault": {
+          "id": "/subscriptions/{{SUBSCRIPTION_ID}}/resourceGroups/{{RESOURCE_GROUP}}/providers/Microsoft.KeyVault/vaults/{{KEY_VAULT_NAME}}"
+        },
+        "secretName": "sql-admin-password"
+      }
+    },
+    "hostingType": {
+      "value": "appservice"
+    },
+    "appServiceSku": {
+      "value": "F1"
+    },
+    "containerImage": {
+      "value": "{{ACR_NAME}}.azurecr.io/{{APP_NAME}}:latest"
+    }
+  }
+}

package/.morph/templates/infrastructure/azure/parameters.prod.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "environment": {
+      "value": "prod"
+    },
+    "appName": {
+      "value": "{{APP_NAME}}"
+    },
+    "sqlAdminPassword": {
+      "reference": {
+        "keyVault": {
+          "id": "/subscriptions/{{SUBSCRIPTION_ID}}/resourceGroups/{{RESOURCE_GROUP}}/providers/Microsoft.KeyVault/vaults/{{KEY_VAULT_NAME}}"
+        },
+        "secretName": "sql-admin-password"
+      }
+    },
+    "hostingType": {
+      "value": "containerapp"
+    },
+    "appServiceSku": {
+      "value": "P1v2"
+    },
+    "containerImage": {
+      "value": "{{ACR_NAME}}.azurecr.io/{{APP_NAME}}:{{VERSION}}"
+    }
+  }
+}

package/.morph/templates/infrastructure/azure/parameters.staging.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "environment": {
+      "value": "staging"
+    },
+    "appName": {
+      "value": "{{APP_NAME}}"
+    },
+    "sqlAdminPassword": {
+      "reference": {
+        "keyVault": {
+          "id": "/subscriptions/{{SUBSCRIPTION_ID}}/resourceGroups/{{RESOURCE_GROUP}}/providers/Microsoft.KeyVault/vaults/{{KEY_VAULT_NAME}}"
+        },
+        "secretName": "sql-admin-password"
+      }
+    },
+    "hostingType": {
+      "value": "containerapp"
+    },
+    "appServiceSku": {
+      "value": "B1"
+    },
+    "containerImage": {
+      "value": "{{ACR_NAME}}.azurecr.io/{{APP_NAME}}:latest"
+    }
+  }
+}

package/.morph/templates/infrastructure/azure/sql-database.bicep ADDED Viewed

@@ -0,0 +1,103 @@
+// ==============================================================================
+// MORPH-SPEC - SQL Database
+// Azure SQL Server with Database (supports Free tier)
+// ==============================================================================
+@description('SQL Server name')
+param serverName string
+@description('Database name')
+param databaseName string
+@description('Location')
+param location string
+@description('Tags')
+param tags object = {}
+@description('Admin username')
+param adminUsername string = 'sqladmin'
+@description('Admin password')
+@secure()
+param adminPassword string
+@description('Use free tier (32GB, limited DTUs)')
+param useFree bool = true
+// ==============================================================================
+// SQL SERVER
+// ==============================================================================
+resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
+  name: serverName
+  location: location
+  tags: tags
+  properties: {
+    administratorLogin: adminUsername
+    administratorLoginPassword: adminPassword
+    version: '12.0'
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+  }
+}
+// ==============================================================================
+// SQL DATABASE
+// ==============================================================================
+resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = {
+  parent: sqlServer
+  name: databaseName
+  location: location
+  tags: tags
+  sku: useFree ? {
+    name: 'Free'
+    tier: 'Free'
+  } : {
+    name: 'Basic'
+    tier: 'Basic'
+    capacity: 5
+  }
+  properties: {
+    collation: 'SQL_Latin1_General_CP1_CI_AS'
+    maxSizeBytes: useFree ? 32212254720 : 2147483648  // 32GB free, 2GB basic
+    catalogCollation: 'SQL_Latin1_General_CP1_CI_AS'
+    zoneRedundant: false
+    readScale: 'Disabled'
+    requestedBackupStorageRedundancy: 'Local'
+  }
+}
+// ==============================================================================
+// FIREWALL RULES
+// ==============================================================================
+// Allow Azure services
+resource firewallAzure 'Microsoft.Sql/servers/firewallRules@2023-05-01-preview' = {
+  parent: sqlServer
+  name: 'AllowAllAzureIps'
+  properties: {
+    startIpAddress: '0.0.0.0'
+    endIpAddress: '0.0.0.0'
+  }
+}
+// ==============================================================================
+// OUTPUTS
+// ==============================================================================
+@description('SQL Server ID')
+output serverId string = sqlServer.id
+@description('SQL Server FQDN')
+output serverFqdn string = sqlServer.properties.fullyQualifiedDomainName
+@description('Database ID')
+output databaseId string = sqlDatabase.id
+@description('Connection string (password placeholder)')
+output connectionString string = 'Server=tcp:${sqlServer.properties.fullyQualifiedDomainName},1433;Database=${databaseName};User ID=${adminUsername};Password=${adminPassword};Encrypt=true;TrustServerCertificate=false;Connection Timeout=30;'
+@description('Connection string template (no password)')
+output connectionStringTemplate string = 'Server=tcp:${sqlServer.properties.fullyQualifiedDomainName},1433;Database=${databaseName};User ID=${adminUsername};Password={your_password};Encrypt=true;TrustServerCertificate=false;Connection Timeout=30;'