Merge pull request #2 from MicrosoftCloudEssentials-LearningHub/terraform-sample

brown9804 · web-flow · commit 0faa3557805c · 2025-08-27T12:01:56.000-06:00
terraform template
diff --git a/.github/workflows/use-visitor-counter.yml b/.github/workflows/use-visitor-counter.yml
@@ -21,6 +21,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          ref: ${{ github.head_ref || github.ref_name }}
 
       - name: Shallow clone visitor counter logic
         run: git clone --depth=1 https://github.com/brown9804/github-visitor-counter.git
@@ -57,30 +58,23 @@ jobs:
           git config --global user.name "github-actions[bot]"
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
 
-      # Commit and push logic for PR events (merge, not rebase)
-      - name: Commit and push changes (PR)
-        if: github.event_name == 'pull_request'
+      - name: Commit and merge changes
         env:
-          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_BRANCH: ${{ github.head_ref || github.ref_name }}
+          GIT_AUTHOR_NAME: github-actions[bot]
+          GIT_AUTHOR_EMAIL: github-actions[bot]@users.noreply.github.com
+          GIT_COMMITTER_NAME: github-actions[bot]
+          GIT_COMMITTER_EMAIL: github-actions[bot]@users.noreply.github.com
         run: |
-          git fetch origin
-          git checkout ${{ github.head_ref }}
-          git pull origin ${{ github.head_ref }} || echo "No merge needed"
+          # Ensure we're on the correct branch
+          git switch -c "$PR_BRANCH" || git switch "$PR_BRANCH"
+          
+          # Stage and commit changes if any
           git add -A
-          git commit -m "Update visitor count" || echo "No changes to commit"
-          git remote set-url origin https://x-access-token:${TOKEN}@github.com/${{ github.repository }}
-          git push origin HEAD:${{ github.head_ref }}
-
-      # Commit and push logic for non-PR events (merge, not rebase)
-      - name: Commit and push changes (non-PR)
-        if: github.event_name != 'pull_request'
-        env:
-          TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git fetch origin
-          git checkout ${{ github.ref_name }} || git checkout -b ${{ github.ref_name }} origin/${{ github.ref_name }}
-          git pull origin ${{ github.ref_name }} || echo "No merge needed"
-          git add -A
-          git commit -m "Update visitor count" || echo "No changes to commit"
-          git remote set-url origin https://x-access-token:${TOKEN}@github.com/${{ github.repository }}
-          git push origin HEAD:${{ github.ref_name }}
+          git diff --staged --quiet || git commit -m "Update visitor count"
+          
+          # Pull and merge existing changes
+          git pull origin "$PR_BRANCH" --no-rebase
+          
+          # Push all changes
+          git push origin "$PR_BRANCH"
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,5 @@
 # Local .terraform directories
-.terraform/
+*.terraform**
 
 # .tfstate files
 *.tfstate
@@ -13,7 +13,6 @@ crash.*.log
 # password, private keys, and other secrets. These should not be part of version 
 # control as they are data points which are potentially sensitive and subject 
 # to change depending on the environment.
-*.tfvars
 *.tfvars.json
 
 # Ignore override files as they are usually used to override resources locally and so
@@ -25,7 +24,7 @@ override.tf.json
 
 # Ignore transient lock info files created by terraform apply
 .terraform.tfstate.lock.info
-
+.terraform.lock.hcl
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 
@@ -34,4 +33,4 @@ override.tf.json
 
 # Ignore CLI configuration files
 .terraformrc
-terraform.rc
+terraform.rc
diff --git a/README.md b/README.md
@@ -1,12 +1,12 @@
-# Azure Text Embedding Model Recommendations - Overview 
+# Azure Text Embedding Model - Overview 
 
 Costa Rica
 
 [![GitHub](https://badgen.net/badge/icon/github?icon=github&label)](https://github.com)
 [![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/)
 [brown9804](https://github.com/brown9804)
 
-Last updated: 2025-08-20
+Last updated: 2025-08-27
 
 -----------------------------
 
@@ -161,7 +161,7 @@ Last updated: 2025-08-20
 
 <!-- START BADGE -->
 <div align="center">
-  <img src="https://img.shields.io/badge/Total%20views-24-limegreen" alt="Total views">
+  <img src="https://img.shields.io/badge/Total%20views-1304-limegreen" alt="Total views">
   <p>Refresh Date: 2025-08-27</p>
 </div>
 <!-- END BADGE -->
diff --git a/aiSearch-Overview.md b/aiSearch-Overview.md
@@ -1,12 +1,12 @@
-#  RAG (Retrieval-Augmented Generation) pattern - Overview 
+#  Azure AI Search - Overview 
 
 Costa Rica
 
 [![GitHub](https://badgen.net/badge/icon/github?icon=github&label)](https://github.com) 
 [![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/)
 [brown9804](https://github.com/brown9804)
 
-Last updated: 2025-07-17
+Last updated: 2025-08-27
 
 ----------
 
@@ -376,7 +376,7 @@ Click [here](https://github.com/brown9804/MicrosoftCloudEssentialsHub/tree/main/
 
 <!-- START BADGE -->
 <div align="center">
-  <img src="https://img.shields.io/badge/Total%20views-24-limegreen" alt="Total views">
+  <img src="https://img.shields.io/badge/Total%20views-1304-limegreen" alt="Total views">
   <p>Refresh Date: 2025-08-27</p>
 </div>
 <!-- END BADGE -->
diff --git a/terraform-infrastructure/README.md b/terraform-infrastructure/README.md
@@ -133,7 +133,7 @@ graph TD;
 
 <!-- START BADGE -->
 <div align="center">
-  <img src="https://img.shields.io/badge/Total%20views-24-limegreen" alt="Total views">
+  <img src="https://img.shields.io/badge/Total%20views-1304-limegreen" alt="Total views">
   <p>Refresh Date: 2025-08-27</p>
 </div>
 <!-- END BADGE -->
diff --git a/terraform-infrastructure/main.tf b/terraform-infrastructure/main.tf
@@ -0,0 +1,125 @@
+// Retrieve client config – helpful for role assignments.
+data "azurerm_client_config" "example" {}
+
+// Optionally, retrieve your own Azure AD user info.
+data "azuread_user" "current" {
+  object_id = data.azurerm_client_config.example.object_id
+}
+
+// Resource Group 
+resource "azurerm_resource_group" "rg" {
+  name     = var.resource_group_name
+  location = var.location
+  tags = {
+    Project = "AI Agents"
+  }
+}
+
+// Key Vault 
+resource "azurerm_key_vault" "example" {
+  name                = var.keyvault_name
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  tenant_id           = data.azurerm_client_config.example.tenant_id
+
+  sku_name                 = "standard"
+  purge_protection_enabled = true
+}
+
+// Key Vault Policies 
+resource "azurerm_key_vault_access_policy" "example" {
+  key_vault_id = azurerm_key_vault.example.id
+  tenant_id    = data.azurerm_client_config.example.tenant_id
+  object_id    = data.azurerm_client_config.example.object_id
+
+  key_permissions = [
+    "Create",
+    "Get",
+    "Delete",
+    "Purge",
+    "GetRotationPolicy",
+  ]
+}
+
+// Storage Account 
+resource "azurerm_storage_account" "example" {
+  name                     = var.storage_account_name
+  location                 = azurerm_resource_group.rg.location
+  resource_group_name      = azurerm_resource_group.rg.name
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+// AI Services Account 
+resource "azurerm_ai_services" "aiserviceaccount" {
+  name                = var.aiservices_name
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  sku_name            = "S0"
+}
+
+// AI Foundry
+resource "azurerm_ai_foundry" "aifoundry" {
+  name                = var.aifoundry_name
+  location            = azurerm_ai_services.aiserviceaccount.location
+  resource_group_name = azurerm_ai_services.aiserviceaccount.resource_group_name
+  storage_account_id  = azurerm_storage_account.example.id
+  key_vault_id        = azurerm_key_vault.example.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+}
+
+// AI Foundry Project 
+resource "azurerm_ai_foundry_project" "aiproject" {
+  name               = var.aifoundryproject_name
+  location           = azurerm_ai_foundry.aifoundry.location
+  ai_services_hub_id = azurerm_ai_foundry.aifoundry.id
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
+
+
+// Azure Open AI (Cognitive Services) Account
+resource "azurerm_cognitive_account" "openai" {
+  name                = var.openai_account_name
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  sku_name            = "S0"
+  kind                = "OpenAI"
+  tags = {
+    Project = "AI Agents"
+  }
+}
+
+// Azure Cognitive Search Service
+resource "azurerm_search_service" "search" {
+  name                = var.search_service_name
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  sku                 = "standard"
+  partition_count     = 1
+  replica_count       = 1
+  tags = {
+    Project = "AI Agents"
+  }
+}
+
+
+// Role Assignments for Permissions
+resource "azurerm_role_assignment" "ai_developer" {
+  principal_id         = var.developer_principal_id # or object_id
+  scope                = azurerm_resource_group.rg.id
+  role_definition_name = "Azure AI Developer"
+}
+
+resource "azurerm_role_assignment" "openai_user" {
+  principal_id         = var.openai_user_object_id # or we can use object_id
+  scope                = azurerm_resource_group.rg.id
+  role_definition_name = "Cognitive Services OpenAI User"
+}
+
diff --git a/terraform-infrastructure/outputs.tf b/terraform-infrastructure/outputs.tf
@@ -0,0 +1,11 @@
+output "resource_group_id" {
+  value = azurerm_resource_group.rg.id
+}
+
+output "openai_account_id" {
+  value = azurerm_cognitive_account.openai.id
+}
+
+output "search_service_name" {
+  value = azurerm_search_service.search.name
+}
diff --git a/terraform-infrastructure/provider.tf b/terraform-infrastructure/provider.tf
@@ -0,0 +1,27 @@
+# provider.tf
+# This file configures the Azure provider to interact with Azure resources.
+# It specifies the required provider and its version, along with provider-specific configurations.
+
+terraform {
+  required_version = ">= 1.8, < 2.0"
+  # Specify the required provider and its version
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"  # Source of the AzureRM provider
+      version = "~> 4.30.0"          # Version of the AzureRM provider
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~> 2.38.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}                        # Enable all features for the AzureRM provider
+  subscription_id = var.subscription_id  # Add your subscription ID here
+}
+
+provider "azuread" {
+  # Defaults are usually sufficient.
+}
diff --git a/terraform-infrastructure/terraform.tfvars b/terraform-infrastructure/terraform.tfvars
@@ -0,0 +1,12 @@
+subscription_id        = "<your_subscription_id>"
+resource_group_name    = "RG-Embedding-Btest"
+location               = "East US"
+storage_account_name   = "aiembeddingbx1"
+aiservices_name        = "aiservicesbx1"
+keyvault_name          = "aiembeddingkvbx1"
+aifoundry_name         = "aifoundrytestbx1"
+aifoundryproject_name  = "projectnametestbx1"
+openai_account_name    = "aoaibx1test"
+search_service_name    = "aisearchbx1test"
+developer_principal_id = "<your_developer_principal_id>"
+openai_user_object_id  = "<your_openai_user_object_id>"
diff --git a/terraform-infrastructure/variables.tf b/terraform-infrastructure/variables.tf
@@ -0,0 +1,60 @@
+variable "subscription_id" {
+  description = "Azure subscription ID"
+  type        = string
+}
+
+variable "location" {
+  description = "Azure region"
+  type        = string
+  default     = "East US"
+}
+
+variable "resource_group_name" {
+  description = "Name of the resource group for the AI Foundry Project"
+  type        = string
+}
+
+variable "keyvault_name" {
+  description = "The name of the key vault"
+  type        = string
+}
+
+variable "aiservices_name" {
+  description = "The name of the AI services account"
+  type        = string
+}
+
+variable "aifoundry_name" {
+  description = "The name of the AI Foundry Hub"
+  type        = string
+}
+
+variable "aifoundryproject_name" {
+  description = "The name of the AI Foundry Project"
+  type        = string
+}
+
+variable "storage_account_name" {
+  description = "The name of the storage account"
+  type        = string
+}
+
+variable "openai_account_name" {
+  description = "Name of the Azure OpenAI (Cognitive Services) account"
+  type        = string
+}
+
+variable "search_service_name" {
+  description = "Name of the Azure Cognitive Search service"
+  type        = string
+}
+
+variable "developer_principal_id" {
+  description = "Principal ID for the Azure AI Developer (assigned at the resource group level)"
+  type        = string
+}
+
+variable "openai_user_object_id" {
+  description = "Object ID for the Cognitive Services Open AI User (assigned at the resource group level)"
+  type        = string
+}
