Config changes for python deployment - dev env (#346)

1. add env.dev file, so ATK displays the option of "dev" env
2. Use Single tenant auth
3. Made python specific changes - use linux instead of windows for
webapp, generate requirements.txt before deployment, use python main.py
as startup command

Co-authored-by: Mehak Bindra <[email protected]>

Author: MehakBindra

packages/cli/configs/atk/basic/python/env/.env.dev

@@ -0,0 +1,16 @@
+# Built-in environment variables
+TEAMSFX_ENV=dev
+APP_NAME_SUFFIX=dev
+
+# Updating AZURE_SUBSCRIPTION_ID or AZURE_RESOURCE_GROUP_NAME after provision may also require an update to RESOURCE_SUFFIX, because some services require a globally unique name across subscriptions/resource groups.
+AZURE_SUBSCRIPTION_ID=
+AZURE_RESOURCE_GROUP_NAME=
+RESOURCE_SUFFIX=
+
+TEAMS_APP_ID=
+TEAMS_APP_TENANT_ID=
+BOT_ID=
+AAD_APP_OBJECT_ID=
+AAD_APP_TENANT_ID=
+BOT_AZURE_APP_SERVICE_RESOURCE_ID=
+BOT_DOMAIN=

packages/cli/configs/atk/basic/python/infra/azure.bicep

@@ -3,88 +3,84 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
-param webAppSKU string
+@description('Required when create Azure Bot service')
+param botAadAppClientId string
+
+@secure()
+@description('Required by Bot Framework package in your bot project')
+param botAadAppClientSecret string
 
 @maxLength(42)
 param botDisplayName string
 
+param webAppSKU string
+param linuxFxVersion string
+param tenantId string
+
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
-param identityName string = resourceBaseName
 param location string = resourceGroup().location
-
-resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  location: location
-  name: identityName
-}
+param pythonVersion string = linuxFxVersion
 
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
-  kind: 'app'
+  kind: 'app,linux'
   location: location
   name: serverfarmsName
   sku: {
     name: webAppSKU
   }
+  properties:{
+    reserved: true
+  }
 }
 
 // Web App that hosts your agent
+// Web App that hosts your bot
 resource webApp 'Microsoft.Web/sites@2021-02-01' = {
-  kind: 'app'
+  kind: 'app,linux'
   location: location
   name: webAppName
   properties: {
     serverFarmId: serverfarm.id
-    httpsOnly: true
     siteConfig: {
       alwaysOn: true
+      appCommandLine: 'python main.py'
+      linuxFxVersion: pythonVersion
       appSettings: [
         {
-          name: 'WEBSITE_RUN_FROM_PACKAGE'
-          value: '1'
-        }
-        {
-          name: 'WEBSITE_PYTHON_VERSION'
-          value: '3.11'
+          name: 'SCM_DO_BUILD_DURING_DEPLOYMENT'
+          value: 'true'
         }
         {
-          name: 'RUNNING_ON_AZURE'
-          value: '1'
+          name: 'CLIENT_ID'
+          value: botAadAppClientId
         }
         {
-          name: 'BOT_ID'
-          value: identity.properties.clientId
+          name: 'CLIENT_SECRET'
+          value: botAadAppClientSecret
         }
         {
-          name: 'BOT_TENANT_ID'
-          value: identity.properties.tenantId
+          name: 'TENANT_ID'
+          value: tenantId
         }
       ]
       ftpsState: 'FtpsOnly'
     }
   }
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${identity.id}': {}
-    }
-  }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
   params: {
     resourceBaseName: resourceBaseName
-    identityClientId: identity.properties.clientId
-    identityResourceId: identity.id
-    identityTenantId: identity.properties.tenantId
+    botAadAppClientId: botAadAppClientId
     botAppDomain: webApp.properties.defaultHostName
     botDisplayName: botDisplayName
+    tenantId: tenantId
   }
 }
 
 output BOT_AZURE_APP_SERVICE_RESOURCE_ID string = webApp.id
 output BOT_DOMAIN string = webApp.properties.defaultHostName
-output BOT_ID string = identity.properties.clientId
-output BOT_TENANT_ID string = identity.properties.tenantId

packages/cli/configs/atk/basic/python/infra/azure.parameters.json.hbs

@@ -8,6 +8,18 @@
     "webAppSKU": {
       "value": "B1"
     },
+    "botAadAppClientId": {
+      "value": "$\{{BOT_ID}}"
+    },
+    "botAadAppClientSecret": {
+      "value": "$\{{SECRET_BOT_PASSWORD}}"
+    },
+    "tenantId": {
+      "value": "$\{{AAD_APP_TENANT_ID}}"
+    },
+    "linuxFxVersion": {
+      "value": "PYTHON|3.12"
+    },
     "botDisplayName": {
       "value": "{{ toPascalCase name }}Infra"
     }

packages/cli/configs/atk/basic/python/infra/botRegistration/azurebot.bicep

@@ -8,10 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param identityResourceId string
-param identityClientId string
-param identityTenantId string
+param botAadAppClientId string
 param botAppDomain string
+param tenantId string
 
 // Register your web service as a bot with the Bot Framework
 resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
@@ -21,10 +20,9 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
   properties: {
     displayName: botDisplayName
     endpoint: 'https://${botAppDomain}/api/messages'
-    msaAppId: identityClientId
-    msaAppMSIResourceId: identityResourceId
-    msaAppTenantId: identityTenantId
-    msaAppType: 'UserAssignedMSI'
+    msaAppId: botAadAppClientId
+    msaAppType: 'SingleTenant'
+    msaAppTenantId: tenantId
   }
   sku: {
     name: botServiceSku

packages/cli/configs/atk/basic/python/teamsapp.yml.hbs

@@ -20,25 +20,52 @@ provision:
     writeToEnvironmentFile:
       teamsAppId: TEAMS_APP_ID
 
-  # Automates the creation an Azure AD app registration which is required for a bot.
-  # The Bot ID (AAD app client ID) and Bot Password (AAD app client secret) are saved to an environment file.
-  - uses: botAadApp/create
+  # Creates a new Microsoft Entra app to authenticate users if
+  # the environment variable that stores clientId is empty
+  - uses: aadApp/create
     with:
-      name: {{ toPascalCase name }}$\{{APP_NAME_SUFFIX}}
+        # Note: when you run aadApp/update, the Microsoft Entra app name will be updated
+        # based on the definition in manifest. If you don't want to change the
+        # name, make sure the name in Microsoft Entra manifest is the same with the name
+        # defined here.
+        name: {{ toPascalCase name }}$\{{APP_NAME_SUFFIX}}
+        # If the value is false, the driver will not generate client secret for you
+        generateClientSecret: true
+        # organization's Microsoft Entra tenant (for example, single tenant).
+        signInAudience: AzureADMultipleOrgs
+    # Write the information of created resources into environment file for the
+    # specified environment variable(s).
     writeToEnvironmentFile:
-      botId: BOT_ID
-      botPassword: SECRET_BOT_PASSWORD
+        clientId: BOT_ID
+        # Environment variable that starts with `SECRET_` will be stored to the
+        # .env.{envName}.user environment file
+        clientSecret: SECRET_BOT_PASSWORD
+        objectId: AAD_APP_OBJECT_ID
+        tenantId: AAD_APP_TENANT_ID
 
-  # Automates the creation of infrastructure defined in ARM templates to host the bot.
-  # The created resource IDs are saved to an environment file.
-  - uses: arm/deploy
+  - uses: arm/deploy # Deploy given ARM templates parallelly.
     with:
+      # AZURE_SUBSCRIPTION_ID is a built-in environment variable,
+      # if its value is empty, TeamsFx will prompt you to select a subscription.
+      # Referencing other environment variables with empty values
+      # will skip the subscription selection prompt.
       subscriptionId: $\{{AZURE_SUBSCRIPTION_ID}}
+      # AZURE_RESOURCE_GROUP_NAME is a built-in environment variable,
+      # if its value is empty, TeamsFx will prompt you to select or create one
+      # resource group.
+      # Referencing other environment variables with empty values
+      # will skip the resource group selection prompt.
       resourceGroupName: $\{{AZURE_RESOURCE_GROUP_NAME}}
       templates:
-        - path: ./infra/azure.bicep
+        - path: ./infra/azure.bicep # Relative path to this file
+          # Relative path to this yaml file.
+          # Placeholders will be replaced with corresponding environment
+          # variable before ARM deployment.
           parameters: ./infra/azure.parameters.json
-          deploymentName: Create-resources-for-tab
+          # Required when deploying ARM template
+          deploymentName: Create-resources-for-bot
+      # M365 Agents Toolkit will download this bicep CLI version from github for you,
+      # will use bicep CLI in PATH if you remove this config.
       bicepCliVersion: v0.9.1
 
   # Optional: Automates schema and error checking of the Teams app manifest and outputs the results in the console.
@@ -65,10 +92,15 @@ provision:
       appPackagePath: ./appPackage/build/appPackage.$\{{TEAMSFX_ENV}}.zip
 
 deploy:
+  - uses: script
+    with:
+      run: |
+        uv sync
+        uv export --no-hashes -o src/requirements.txt
   # Deploy to an Azure App Service using the zip file created in the provision step.
   - uses: azureAppService/zipDeploy
     with:
-      artifactFolder: .
+      artifactFolder: src
       ignoreFile: .webappignore
       # This example uses the env var thats generated by the arm/deploy action.
       # You can replace it with an existing Azure Resource ID or other