coalesce-mcp 6.1.0 → 6.2.0

package/dist/template/.github/workflows/build-test-and-deploy.yml

@@ -1,13 +1,16 @@
-name: Build, Test, and Deploy Coalesce.Starter.Vue
+name: Build, Test, and Deploy
 
 # https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows
 on:
   push:
     branches:
       - main
+    paths-ignore: ["terraform/**"]
   pull_request:
+    paths-ignore: ["terraform/**"]
   workflow_dispatch:
 
+#if (!AzureTerraform)
 # CONFIGURATION
 # For help, go to https://github.com/Azure/Actions
 
@@ -17,12 +20,22 @@ on:
 
 # 2. Set up the `AZURE_WEBAPP_PUBLISH_PROFILE` secret in your repository - https://docs.github.com/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-environment
 
+#endif
+#if (AzureTerraform)
+# CONFIGURATION:
+# Follow the instructions in terraform/README.md to setup infrastructure and variables.
+
+permissions:
+  id-token: write
+  contents: read
+#endif
+
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           lfs: true
 
@@ -62,17 +75,52 @@ jobs:
       - name: dotnet test
         run: dotnet test --configuration Release --no-restore --no-build
 
+      #if (!AzureTerraform)
       - name: dotnet publish
         run: dotnet publish ${{ github.workspace }}/Coalesce.Starter.Vue.Web/Coalesce.Starter.Vue.Web.csproj --configuration Release --output ${{ github.workspace }}/publish --no-restore --no-build
 
       - name: Upload artifact for deployment
         if: github.event_name != 'pull_request'
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           name: web-app
           path: ${{ github.workspace }}/publish
           if-no-files-found: error
+      #endif
+      #if (AzureTerraform)
+      - name: Azure Login
+        if: github.event_name != 'pull_request'
+        uses: azure/login@v2
+        with:
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
 
+      - name: Push containers to ACR
+        if: github.event_name != 'pull_request'
+        run: |
+          az acr login --name ${{ vars.ACR_NAME }}
+          dotnet publish \
+            ${{ github.workspace }}/Coalesce.Starter.Vue.Web/Coalesce.Starter.Vue.Web.csproj \
+            --configuration Release \
+            --no-restore \
+            --no-build \
+            -t:PublishContainer \
+            -p:ContainerRepository=app \
+            -p:ContainerRegistry=${{ vars.ACR_NAME }}.azurecr.io \
+            -p:ContainerImageTags=${{ github.sha }}
+            
+          dotnet publish \
+            ${{ github.workspace }}/Coalesce.Starter.Vue.Migrations/Coalesce.Starter.Vue.Migrations.csproj \
+            --configuration Release \
+            --no-restore \
+            --no-build \
+            -t:PublishContainer \
+            -p:ContainerRepository=migrations \
+            -p:ContainerRegistry=${{ vars.ACR_NAME }}.azurecr.io \
+            -p:ContainerImageTags=${{ github.sha }}
+  #endif
+  #if (!AzureTerraform)
   # Deploys the app to Azure App Service
   # https://docs.github.com/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service
   deploy-production:
@@ -85,7 +133,7 @@ jobs:
 
     steps:
       - name: Download artifact for deployment
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
         with:
           name: web-app
 
@@ -97,3 +145,22 @@ jobs:
           slot-name: "production"
           publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
           package: .
+  #endif
+
+  #if (AzureTerraform)
+  deploy-dev:
+    needs: build-and-test
+    if: github.event_name != 'pull_request'
+    uses: ./.github/workflows/deploy-container-app.yml
+    with:
+      environment_name: dev
+    secrets: inherit
+
+  deploy-prod:
+    needs: deploy-dev
+    if: github.event_name != 'pull_request'
+    uses: ./.github/workflows/deploy-container-app.yml
+    with:
+      environment_name: prod
+    secrets: inherit
+#endif

package/dist/template/.github/workflows/deploy-container-app.yml

@@ -0,0 +1,51 @@
+name: ~Deploy Container App
+
+on:
+  workflow_call:
+    inputs:
+      environment_name:
+        required: true
+        type: string
+    outputs:
+      url:
+        value: ${{ jobs.deploy.outputs.url }}
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ inputs.environment_name }}
+      url: ${{ steps.get-url.outputs.url }}
+    outputs:
+      url: ${{ steps.get-url.outputs.url }}
+
+    steps:
+      - name: Azure Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Verify Container App
+        id: get-url
+        run: |
+          url=$(az containerapp show \
+            -n ${{ vars.PROJECT_NAME }}-${{ inputs.environment_name }}-app \
+            -g ${{ vars.PROJECT_NAME }}-${{ inputs.environment_name }}-rg \
+            --query "properties.configuration.ingress.fqdn" -o tsv)
+          echo "url=https://$url" >> $GITHUB_OUTPUT
+
+      - name: Deploy to Container App
+        env:
+          APP_NAME: ${{ vars.PROJECT_NAME }}-${{ inputs.environment_name }}-app
+          RG: ${{ vars.PROJECT_NAME }}-${{ inputs.environment_name }}-rg
+          APP_IMAGE: ${{ vars.ACR_NAME }}.azurecr.io/app:${{ github.sha }}
+          MIGRATIONS_IMAGE: ${{ vars.ACR_NAME }}.azurecr.io/migrations:${{ github.sha }}
+        run: |
+          az containerapp show -n $APP_NAME -g $RG -o yaml > app.yaml
+
+          yq -i '.properties.template.initContainers[0].image = strenv(MIGRATIONS_IMAGE)' app.yaml
+          yq -i '.properties.template.containers[0].image = strenv(APP_IMAGE)' app.yaml
+
+          az containerapp update -n $APP_NAME -g $RG --yaml app.yaml

package/dist/template/.github/workflows/terraform.yml

@@ -0,0 +1,177 @@
+name: Terraform
+run-name: "Terraform (${{ inputs.target || 'all' }})"
+
+on:
+  pull_request:
+    paths: ["terraform/**"]
+  workflow_dispatch:
+    inputs:
+      target:
+        description: "Which environment to target"
+        type: choice
+        options:
+          - all
+          - dev
+          - prod
+        default: all
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+jobs:
+  plan:
+    name: Plan (${{ inputs.target || 'all' }})
+    runs-on: ubuntu-latest
+    outputs:
+      has_changes: ${{ steps.plan.outputs.exitcode == 2 }}
+    defaults:
+      run:
+        working-directory: terraform
+
+    steps:
+      - uses: actions/checkout@v6
+      - uses: hashicorp/setup-terraform@v3
+
+      - name: Azure Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Build target args
+        id: targets
+        run: |
+          target="${{ inputs.target || 'all' }}"
+          args=""
+          if [ "$target" != "all" ]; then
+            args="-target=module.$target"
+          fi
+          echo "args=$args" >> $GITHUB_OUTPUT
+
+      - name: Terraform Plan
+        id: plan
+        run: |
+          set -o pipefail
+          exitcode=0
+          terraform plan -no-color -input=false -detailed-exitcode \
+            -var="project_name=${{ vars.PROJECT_NAME }}" \
+            -var="subscription_id=${{ vars.AZURE_SUBSCRIPTION_ID }}" \
+            -var="github_repository=${{ github.repository }}" \
+            ${{ steps.targets.outputs.args }} -out=tfplan 2>&1 | tee plan_output.txt || exitcode=$?
+          echo "exitcode=$exitcode" >> $GITHUB_OUTPUT
+          # Exit code 2 means changes present (success). 1 means error.
+          if [ $exitcode -eq 1 ]; then exit 1; fi
+
+      - name: Summarize Plan
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            let plan = fs.readFileSync('terraform/plan_output.txt', 'utf8');
+
+            // Strip refreshing state output, start after the last "Refreshing state..." line
+            const lines = plan.split('\n');
+            const lastRefreshIndex = lines.findLastIndex(l => l.includes('Refreshing state...'));
+            if (lastRefreshIndex !== -1) {
+              plan = lines.slice(lastRefreshIndex + 1).join('\n').trimStart();
+            }
+
+            const maxLen = 60000;
+            let body;
+            if (plan.length > maxLen) {
+              body = `#### Terraform Plan 📋
+
+              Plan output exceeds the comment size limit. Please check the [action output](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for the full plan.
+
+              *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            } else {
+              body = `#### Terraform Plan 📋
+
+              <details><summary>Show Plan</summary>
+
+              \`\`\` hcl
+              ${plan}
+              \`\`\`
+
+              </details>
+
+              *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            }
+
+            fs.appendFileSync(process.env.GITHUB_STEP_SUMMARY, body);
+
+            if (context.eventName !== 'pull_request') return;
+
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+            const botComment = comments.find(c =>
+              c.user.type === 'Bot' && c.body.includes('Terraform Plan 📋')
+            );
+
+            if (botComment) {
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body,
+              });
+            } else {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body,
+              });
+            }
+
+      - name: Upload Plan
+        if: github.event_name == 'workflow_dispatch' && steps.plan.outputs.exitcode == 2
+        uses: actions/upload-artifact@v6
+        with:
+          name: tfplan
+          path: terraform/tfplan
+
+  apply:
+    name: Apply (${{ inputs.target || 'all' }})
+    needs: plan
+    if: github.event_name == 'workflow_dispatch' && needs.plan.outputs.has_changes == 'true'
+    runs-on: ubuntu-latest
+    environment: terraform
+    defaults:
+      run:
+        working-directory: terraform
+
+    steps:
+      - uses: actions/checkout@v6
+      - uses: hashicorp/setup-terraform@v3
+
+      - name: Azure Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Download Plan
+        uses: actions/download-artifact@v7
+        with:
+          name: tfplan
+          path: terraform
+
+      - name: Terraform Apply
+        run: terraform apply -input=false tfplan

package/dist/template/.template.config/template.json

@@ -11,10 +11,7 @@
   },
   "sourceName": "Coalesce.Starter.Vue",
   "preferNameDirectory": true,
-  "guids": [
-    "a0519206-1884-46ae-9307-ec95105646e5",
-    "8474a2d7-c044-4e5e-81dd-55e78596f186"
-  ],
+  "guids": ["427b7da5-dfe1-43cc-b172-40fe2d2fa505"],
   "symbols": {
     "KestrelPortGenerated": {
       "type": "generated",
@@ -70,6 +67,7 @@
       "displayName": "Sign-in with Microsoft",
       "description": "Adds Microsoft as an external authentication and account provider for Identity.",
       "$coalesceRequires": ["and", "Identity"],
+      "$coalesceParent": "Identity",
       "$coalesceLink": "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins"
     },
     "GoogleAuth": {
@@ -78,6 +76,7 @@
       "displayName": "Sign-in with Google",
       "description": "Adds Google as an external authentication and account provider for Identity.",
       "$coalesceRequires": ["and", "Identity"],
+      "$coalesceParent": "Identity",
       "$coalesceLink": "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins"
     },
     "OtherOAuth": {
@@ -86,6 +85,7 @@
       "displayName": "Sign-in with other OAuth/OIDC",
       "description": "Adds generic code to help you add a different OAuth/OIDC external authentication and account provider for Identity.",
       "$coalesceRequires": ["and", "Identity"],
+      "$coalesceParent": "Identity",
       "$coalesceLink": "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/other-logins"
     },
     "LocalAuth": {
@@ -94,14 +94,25 @@
       "displayName": "Sign-in with Username/Password",
       "description": "Adds infrastructure for supporting individual user accounts with first-party usernames and passwords.",
       "$coalesceRequires": ["and", "Identity"],
+      "$coalesceParent": "Identity",
       "$coalesceLink": "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/individual"
     },
+    "Passkeys": {
+      "type": "parameter",
+      "datatype": "bool",
+      "displayName": "Sign-in with Passkeys",
+      "description": "Adds infrastructure for supporting passwordless authentication using passkeys (WebAuthn).",
+      "$coalesceRequires": ["and", "LocalAuth"],
+      "$coalesceParent": "LocalAuth",
+      "$coalesceLink": "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/passkeys"
+    },
     "UserPictures": {
       "type": "parameter",
       "datatype": "bool",
       "displayName": "User Profile Pictures",
       "description": "Adds infrastructure for acquiring, saving, and displaying user profile pictures.",
-      "$coalesceRequires": ["and", "Identity"]
+      "$coalesceRequires": ["and", "Identity"],
+      "$coalesceParent": "Identity"
     },
     "TrackingBase": {
       "type": "parameter",
@@ -134,6 +145,13 @@
       "displayName": "OpenAPI",
       "description": "Include configuration to expose an OpenAPI document, and interactive UI with Scalar."
     },
+    "Hangfire": {
+      "type": "parameter",
+      "datatype": "bool",
+      "displayName": "Hangfire",
+      "description": "Add packages, configuration, and telemetry for Hangfire, a background job runner.",
+      "$coalesceLink": "https://www.hangfire.io/"
+    },
     "Tenancy": {
       "type": "parameter",
       "datatype": "bool",
@@ -147,39 +165,70 @@
       "datatype": "bool",
       "displayName": "Tenancy: Creation by Self-service",
       "description": "Allows any signed in user to create additional tenants.",
-      "$coalesceRequires": ["and", "Tenancy"]
+      "$coalesceRequires": ["and", "Tenancy"],
+      "$coalesceParent": "Tenancy"
     },
     "TenantCreateAdmin": {
       "type": "parameter",
       "datatype": "bool",
       "displayName": "Tenancy: Creation by Global Admin",
       "description": "Allows global admins to create new tenants.",
-      "$coalesceRequires": ["and", "Tenancy"]
+      "$coalesceRequires": ["and", "Tenancy"],
+      "$coalesceParent": "Tenancy"
     },
     "TenantCreateExternal": {
       "type": "parameter",
       "datatype": "bool",
-      "displayName": "Tenancy: Creation/Membership by OIDC",
+      "displayName": "Tenancy: Creation & Membership by OIDC",
       "description": "Automatically creates a new tenant for external organizations (Microsoft Entra, Google GSuite), and grants automatic tenant membership to other users within those organizations.",
       "$coalesceRequires": [
         "and",
         "Tenancy",
         ["or", "MicrosoftAuth", "GoogleAuth", "OtherOAuth"]
-      ]
+      ],
+      "$coalesceParent": "Tenancy"
     },
     "TenantMemberInvites": {
       "type": "parameter",
       "datatype": "bool",
       "displayName": "Tenancy: Membership by Invitation",
       "description": "Allows administrators within a tenant to create invitation links to grant membership to their tenant.",
-      "$coalesceRequires": ["and", "Tenancy"]
+      "$coalesceRequires": ["and", "Tenancy"],
+      "$coalesceParent": "Tenancy"
+    },
+    "GithubActions": {
+      "type": "parameter",
+      "datatype": "bool",
+      "displayName": "CI: GitHub Actions",
+      "description": "Include a GitHub Actions template for build, test, and deploy.",
+      "$coalesceLink": "https://docs.github.com/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service"
+    },
+    "AzurePipelines": {
+      "type": "parameter",
+      "datatype": "bool",
+      "displayName": "CI: Azure Pipelines",
+      "description": "Include an Azure Pipelines build template. For deployments, a release pipeline is recommended (which don't support YAML config files).",
+      "$coalesceLink": "https://learn.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops&tabs=net%2Cbrowser"
+    },
+    "AzureTerraform": {
+      "type": "parameter",
+      "datatype": "bool",
+      "displayName": "Infrastructure: Azure",
+      "description": "Include Terraform configurations for provisioning Azure infrastructure with Container Apps and Azure SQL. Defines dev and prod environments.",
+      "$coalesceLink": "https://developer.hashicorp.com/terraform/tutorials/azure-get-started",
+      "$coalesceWarning": {
+        "ifNot": ["and", "GithubActions"],
+        "message": "Terraform CI is only provided for GitHub Actions. Without it, significant manual work and rework will be needed."
+      }
     },
     "AppInsights": {
       "type": "parameter",
       "datatype": "bool",
       "displayName": "Azure Application Insights",
       "description": "Include configuration and integrations for Application Insights, both front-end and back-end.",
-      "$coalesceLink": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview"
+      "$coalesceLink": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview",
+      "$coalesceRequires": ["and", "AzureTerraform"],
+      "$coalesceParent": "AzureTerraform"
     },
     "AppInsightsPackageDependency": {
       "type": "generated",
@@ -200,26 +249,41 @@
         ]
       }
     },
-    "Hangfire": {
+    "BlobStorage": {
       "type": "parameter",
       "datatype": "bool",
-      "displayName": "Hangfire",
-      "description": "Add packages, configuration, and telemetry for Hangfire, a background job runner.",
-      "$coalesceLink": "https://www.hangfire.io/"
+      "displayName": "Azure Blob Storage",
+      "description": "Include configuration and integrations for Azure Blob Storage.",
+      "$coalesceLink": "https://aspire.dev/integrations/cloud/azure/azure-storage-blobs/",
+      "$coalesceRequires": ["and", "AzureTerraform"],
+      "$coalesceParent": "AzureTerraform"
+    },
+    "KeyVault": {
+      "type": "parameter",
+      "datatype": "bool",
+      "displayName": "Azure Key Vault",
+      "description": "Include configuration and integrations for Azure Key Vault.",
+      "$coalesceLink": "https://aspire.dev/integrations/cloud/azure/azure-key-vault/",
+      "$coalesceRequires": ["and", "AzureTerraform"],
+      "$coalesceParent": "AzureTerraform"
     },
     "AIChat": {
       "type": "parameter",
       "datatype": "bool",
-      "displayName": "AI Chat with Semantic Kernel + Azure Open AI",
-      "description": "Add packages and configuration for creating an AI chat assistant in your application.",
-      "$coalesceLink": "/topics/template-features.html#ai-chat"
+      "displayName": "Azure AI Services + AI Chat",
+      "description": "Include configuration and integrations for Azure AI Services, as well as sample code for creating an AI chat assistant in your application.",
+      "$coalesceLink": "/topics/template-features.html#ai-chat",
+      "$coalesceRequires": ["and", "AzureTerraform"],
+      "$coalesceParent": "AzureTerraform"
     },
     "EmailAzure": {
       "type": "parameter",
       "datatype": "bool",
-      "displayName": "Email: Azure Communication Services",
+      "displayName": "Azure Email Communication Services",
       "description": "Include basic code for sending email with Azure Communication Services. See instructions in appsettings.json - the official ACS documentation is very confusing.",
-      "$coalesceLink": "https://learn.microsoft.com/en-us/azure/communication-services/concepts/email/prepare-email-communication-resource"
+      "$coalesceLink": "https://learn.microsoft.com/en-us/azure/communication-services/concepts/email/prepare-email-communication-resource",
+      "$coalesceRequires": ["and", "AzureTerraform"],
+      "$coalesceParent": "AzureTerraform"
     },
     "EmailSendGrid": {
       "type": "parameter",
@@ -227,20 +291,6 @@
       "displayName": "Email: Twilio SendGrid",
       "description": "Include basic code for sending email with Twilio SendGrid.",
       "$coalesceLink": "https://www.twilio.com/docs/sendgrid/for-developers/sending-email/email-api-quickstart-for-c"
-    },
-    "AzurePipelines": {
-      "type": "parameter",
-      "datatype": "bool",
-      "displayName": "CI: Azure Pipelines",
-      "description": "Include an azure-pipelines.yml build template. For deployments, a release pipeline is recommended (which don't support YAML config files).",
-      "$coalesceLink": "https://learn.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops&tabs=net%2Cbrowser"
-    },
-    "GithubActions": {
-      "type": "parameter",
-      "datatype": "bool",
-      "displayName": "CI: Github Actions",
-      "description": "Include a build-test-and-deploy.yml github action file template.",
-      "$coalesceLink": "https://docs.github.com/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service"
     }
   },
   "sources": [
@@ -257,7 +307,8 @@
             "**/*.g.cs",
             "**/*.g.ts",
             "**/*.lock.json",
-            "**/package-lock.json"
+            "**/package-lock.json",
+            "**/DEVELOPMENT.md"
           ]
         },
         {
@@ -291,6 +342,10 @@
             "**/UserManagementService.cs"
           ]
         },
+        {
+          "condition": "!Passkeys",
+          "exclude": ["**/PasskeyService.cs", "**/passkey.js"]
+        },
         {
           "condition": "!(LocalAuth || TenantMemberInvites || TenantCreateAdmin || EmailSendGrid || EmailAzure)",
           "exclude": ["**/NoOpEmailService.*", "**/IEmailService.*"]
@@ -332,7 +387,18 @@
         },
         {
           "condition": "!AppInsights",
-          "exclude": ["**/useAppInsights.ts"]
+          "exclude": [
+            "**/useAppInsights.ts",
+            "**/terraform/modules/app_insights"
+          ]
+        },
+        {
+          "condition": "!BlobStorage",
+          "exclude": ["**/terraform/modules/storage"]
+        },
+        {
+          "condition": "!KeyVault",
+          "exclude": ["**/terraform/modules/key_vault"]
         },
         {
           "condition": "!GoogleAuth",
@@ -340,11 +406,18 @@
         },
         {
           "condition": "!MicrosoftAuth",
-          "exclude": ["**/microsoft-logo.svg"]
+          "exclude": [
+            "**/microsoft-logo.svg",
+            "**/terraform/modules/app_registration"
+          ]
         },
         {
           "condition": "!EmailAzure",
-          "exclude": ["**/AzureEmailOptions.cs", "**/AzureEmailService.cs"]
+          "exclude": [
+            "**/AzureEmailOptions.cs",
+            "**/AzureEmailService.cs",
+            "**/terraform/modules/acs"
+          ]
         },
         {
           "condition": "!EmailSendGrid",
@@ -367,7 +440,11 @@
         },
         {
           "condition": "!AIChat",
-          "exclude": ["**/AIChat.vue", "**/AIAgentService.cs"]
+          "exclude": [
+            "**/AIChat.vue",
+            "**/AIAgentService.cs",
+            "**/terraform/modules/ai_services"
+          ]
         },
         {
           "condition": "!AzurePipelines",
@@ -376,11 +453,35 @@
         {
           "condition": "!GithubActions",
           "exclude": ["**/.github/workflows/build-test-and-deploy.yml"]
+        },
+        {
+          "condition": "!AzureTerraform",
+          "exclude": [
+            "**/terraform/**",
+            "**/.github/workflows/deploy-container-app.yml",
+            "**/.github/workflows/terraform.yml"
+          ]
         }
       ]
     }
   ],
   "SpecialCustomOperations": {
+    "**.tf": {
+      "operations": [
+        {
+          "type": "conditional",
+          "configuration": {
+            "if": ["#if"],
+            "else": ["#else"],
+            "elseif": ["#elseif", "#elif"],
+            "endif": ["#endif"],
+            "trim": true,
+            "wholeLine": true,
+            "evaluator": "C++"
+          }
+        }
+      ]
+    },
     "**.vue": {
       "operations": [
         {