Merge branch 'main' of https://github.com/Reshrahim/recipes

.github/scripts/validate-bicep.sh

@@ -4,12 +4,15 @@ then
     BICEP_EXECUTABLE="$BICEP_PATH/rad-bicep"
 fi
 
+# The Bicep compiler prints out a warning for any experimental features in use. 
+# We want to ignore these warnings since Radius makes use of some experimental features. 
+WARNING_MSG="WARNING: The following experimental Bicep features"
 FILES=$(find . -type f -name "*.bicep")
 FAILURES=()
 for F in $FILES
 do
     echo "validating $F"
-    # We need to run the rad-bicep and fail in one of two cases:
+    # We need to run rad-bicep and fail in one of two cases:
     # - non-zero exit code
     # - non-empty stderr 
     #
@@ -24,7 +27,7 @@ do
     EXITCODE=$?
     exec 3>&-
 
-    if [[ ! $EXITCODE -eq 0 || ! -z $STDERR ]]
+    if [[ ! $EXITCODE -eq 0 || (! -z $STDERR && ! $STDERR == $WARNING_MSG* && ! $STDERR == *"Error"* ) ]]
     then
         echo $STDERR
         FAILURES+=$F

.github/workflows/devops-board.yaml

@@ -0,0 +1,49 @@
+name: Sync issue to Azure DevOps work item
+
+on:
+  issues:
+    types:
+      [opened, edited, deleted, closed, reopened, labeled, unlabeled, assigned]
+
+concurrency:
+  group: issue-${{ github.event.issue.number }}
+  cancel-in-progress: false
+
+# Extra permissions needed to login with Entra ID service principal via federated identity
+permissions:
+  id-token: write
+  issues: write
+
+jobs:
+  ado:
+    runs-on: ubuntu-latest
+    environment:
+      name: issues
+    steps:
+      # Auth using Azure Service Principals was added as a part of v2.3
+      # reference: https://github.com/danhellem/github-actions-issue-to-work-item/pull/143
+      - name: Login to Azure
+        uses: azure/login@v2
+        with:
+          client-id: ${{ vars.AZURE_SP_DEVOPS_SYNC_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_SP_DEVOPS_SYNC_TENANT_ID }}
+          allow-no-subscriptions: true
+      - name: Get Azure DevOps token
+        id: get_ado_token
+        run:
+          # The resource ID for Azure DevOps is always 499b84ac-1321-427f-aa17-267ca6975798
+          # https://learn.microsoft.com/azure/devops/integrate/get-started/authentication/service-principal-managed-identity
+          echo "ADO_TOKEN=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query "accessToken" --output tsv)" >> $GITHUB_ENV
+      - name: Sync issue to Azure DevOps
+        uses: danhellem/[email protected]
+        env:
+          ado_token: ${{ env.ADO_TOKEN }}
+          github_token: '${{ secrets.GH_RAD_CI_BOT_PAT }}'
+          ado_organization: 'azure-octo'
+          ado_project: 'Incubations'
+          ado_area_path: "Incubations\\Radius"
+          ado_iteration_path: "Incubations\\Radius"
+          ado_new_state: 'New'
+          ado_active_state: 'Active'
+          ado_close_state: 'Closed'
+          ado_wit: 'GitHub Issue'

.github/workflows/publish-recipes.yaml

@@ -43,10 +43,16 @@ jobs:
       uses: actions/checkout@v3
     - name: Parse release version and set environment variables
       run: python ./.github/scripts/get_release_version.py
-    - name: Download latest rad CLI
+    - name: Set up ORAS
+      uses: oras-project/setup-oras@v1
+      with:
+        version: '1.2.0'
+    - name: Verify ORAS installation
+      run: oras version
+    - name: Download rad CLI
       run: |
         echo "Downloading latest rad CLI"
-        wget -q "${{ env.RAD_CLI_URL }}" -O - | /bin/bash
+        wget -q "${{ env.RAD_CLI_URL }}" -O - | /bin/bash -s edge
     - name: Login to GitHub Container Registry
       uses: docker/login-action@v2
       with:
@@ -96,10 +102,16 @@ jobs:
       uses: actions/checkout@v3
     - name: Parse release version and set environment variables
       run: python ./.github/scripts/get_release_version.py
+    - name: Set up ORAS
+      uses: oras-project/setup-oras@v1
+      with:
+        version: '1.2.0'
+    - name: Verify ORAS installation
+      run: oras version
     - name: Download rad CLI
       run: |
         echo "Downloading latest rad CLI"
-        wget -q "${{ env.RAD_CLI_URL }}" -O - | /bin/bash
+        wget -q "${{ env.RAD_CLI_URL }}" -O - | /bin/bash -s edge
     - name: Login to GitHub Container Registry
       uses: docker/login-action@v2
       with:

.github/workflows/test.yaml

@@ -40,7 +40,8 @@ jobs:
       - name: Download k3d
         run: wget -q -O - https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash
       - name: Create k3d cluster
-        run: k3d cluster create --agents 2 -p "80:80@loadbalancer" --k3s-arg "--disable=traefik@server:0" --registry-create reciperegistry:51351
+        # Map localhost port 80 on the external load balancer, and disable traefik and the internal load balancer.
+        run: k3d cluster create --agents 2 -p "80:80@loadbalancer" --k3s-arg "--disable=traefik@server:*" --k3s-arg "--disable=servicelb@server:*" --registry-create reciperegistry:51351
       - name: Install Dapr
         run: |
           helm repo add dapr https://dapr.github.io/helm-charts/

.github/workflows/validate-bicep.yaml

@@ -35,21 +35,19 @@ jobs:
     name: Validate Bicep Code
     runs-on: ubuntu-latest
     steps:
-    - name: Check out repo
-      uses: actions/checkout@v3
-    - name: Parse release version and set environment variables
-      run: python ./.github/scripts/get_release_version.py
-    - name: Download rad-bicep
-      run: |
-        ./.github/scripts/curl-with-retries.sh https://get.radapp.dev/tools/bicep-extensibility/${{ env.REL_CHANNEL }}/linux-x64/rad-bicep --output rad-bicep
-        chmod +x rad-bicep
-        ./rad-bicep --version
-    - name: Verify Bicep files
-      run: ./.github/scripts/validate-bicep.sh
-      env: 
-        BICEP_PATH: .
-    - name: Write error to summary
-      if: ${{ failure() }}
-      run: |
-        echo "## Bicep validation failed" >> $GITHUB_STEP_SUMMARY
-        echo "One or more Bicep files have failed validation. Please ensure you do not have any Bicep errors. Visit https://docs.radapp.dev/getting-started/install/ to download and install the Bicep VS Code extension to assist with validation." >> $GITHUB_STEP_SUMMARY
+      - name: Setup and verify bicep CLI
+        run: |
+          curl -Lo rad-bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
+          chmod +x ./rad-bicep
+          ./rad-bicep --version
+      - name: Check out repo
+        uses: actions/checkout@v4
+      - name: Verify Bicep files
+        run: ./.github/scripts/validate-bicep.sh
+        env: 
+          BICEP_PATH: .
+      - name: Write error to summary
+        if: ${{ failure() }}
+        run: |
+          echo "## Bicep validation failed" >> $GITHUB_STEP_SUMMARY
+          echo "One or more Bicep files have failed validation. Please ensure you do not have any Bicep errors. Visit https://docs.radapp.dev/getting-started/install/ to download and install the Bicep VS Code extension to assist with validation." >> $GITHUB_STEP_SUMMARY

README.md

@@ -1,6 +1,6 @@
 # Radius Community Recipes
 
-This repository contains commonly used [Recipe](https://docs.radapp.io/recipes) templates for Radius Environments.
+This repository contains commonly used [Recipe](https://docs.radapp.io/guides/recipes/overview/) templates for Radius Environments.
 
 ## Recipes
 
@@ -51,7 +51,7 @@ rad recipe register azure \
 ### Bicep
 
 ```bicep
-import radius as rad
+extension radius 
 
 resource myenv 'Applications.Core/environments' = {
   name: 'myenv'

aws/rediscaches.bicep

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import aws as aws
+extension aws
 
 @description('Radius-provided object containing information about the resource calling the Recipe')
 param context object

aws/sqldatabases.bicep

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import aws as aws
+extension aws
 
 @description('Radius-provided object containing information about the resource calling the Recipe')
 param context object

azure/statestores.bicep

@@ -54,10 +54,10 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
   }
 }
 
-import kubernetes as k8s {
+extension kubernetes with {
   kubeConfig: ''
   namespace: context.runtime.kubernetes.namespace
-}
+} as k8s
 
 var daprType = 'state.azure.blobstorage'
 var daprVersion = 'v1'

bicepconfig.json

@@ -0,0 +1,14 @@
+{
+    "experimentalFeaturesEnabled": {
+        "extensibility": true,
+        "extensionRegistry": true,
+        "dynamicTypeLoading": true
+    },
+    "extensions": {
+        "radius": "br:biceptypes.azurecr.io/radius:latest",
+        "aws": "br:biceptypes.azurecr.io/aws:latest"
+    },
+    "cloud": {
+        "credentialPrecedence": [ "Environment" ]
+    }
+}

docs/contributing/contributing-recipes.md

@@ -7,7 +7,7 @@ This section describes the guidelines for contributing code / docs to Radius Rec
 To write your first recipe, follow the steps below:
 
 1. Familiarize yourself with the IaC language of your choice [Bicep](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview?tabs=bicep) or [Terraform](https://developer.hashicorp.com/terraform)
-1. Familiarize yourself with the Radius [Recipe](https://docs.radapp.io/recipes) concept
+1. Familiarize yourself with the Radius [Recipe](https://docs.radapp.io/guides/recipes) concept
 1. Familiarize yourself with the [supported resource types](https://docs.radapp.io/guides/recipes/overview/#supported-resources) to write recipes for.
 1. Review the existing recipes in this repository to understand the structure and best practices
 1. Follow this [how-to guide](https://docs.radapp.io/guides/recipes/howto-author-recipes/) to write your first recipe, register your recipe in the environment.
@@ -53,7 +53,7 @@ To test the recipe locally, follow the steps below:
 
     **Via Radius environment bicep**
     ```bicep
-    import radius as radius
+    extension radius
     resource env 'Applications.Core/environments@2023-10-01-preview' = {
         name: 'prod'
         properties: {
@@ -117,4 +117,4 @@ All contributions come through pull requests. To submit a proposed change, we re
 
 #### Use work-in-progress PRs for early feedback
 
-A good way to communicate before investing too much time is to create a draft PR and share it with your reviewers. The standard way of doing this is to mark your PR as draft within GitHub.
+A good way to communicate before investing too much time is to create a draft PR and share it with your reviewers. The standard way of doing this is to mark your PR as draft within GitHub.

local-dev/README.md

@@ -6,6 +6,7 @@ The [local-dev](/local-dev) directory contains lightweight Recipes for developme
 
 | Recipe | Resource | Description | Template Path |
 |--------|----------|-------------|---------------|
+| [`local-dev/daprconfigurationstores`](/local-dev/configurationstores.bicep) | `Applications.Dapr/configurationStores` | A lightweight container running the `redis` image and a Redis Dapr Configuration Store component for development purposes. | `ghcr.io/radius-project/recipes/local-dev/daprconfigurationstores:TAG` |
 | [`local-dev/daprpubsubbrokers`](/local-dev/pubsubbrokers.bicep) | `Applications.Dapr/pubSubBrokers` | A lightweight container running the `redis` image and a Redis Dapr Pub/Sub component for development purposes. | `ghcr.io/radius-project/recipes/local-dev/daprpubsubbrokers:TAG` |
 | [`local-dev/daprstatestores`](/local-dev/statestores.bicep) | `Applications.Dapr/stateStores` |A lightweight container running the `redis` image and a Redis Dapr state store component for development purposes. | `ghcr.io/radius-project/recipes/local-dev/daprstatestores:TAG` |
 | [`local-dev/secretStores`](/local-dev/secretstores.bicep) | `Applications.Dapr/secretStores` | A kubernetes secret store type for development purposes. | `ghcr.io/radius-project/recipes/local-dev/secretstores:TAG` |

local-dev/configurationstores.bicep

@@ -0,0 +1,139 @@
+/*
+Copyright 2023 The Radius Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+@description('Information about what resource is calling this Recipe. Generated by Radius. For more information visit https://docs.radapp.dev/operations/custom-recipes/')
+param context object
+
+@description('Tag to pull for the redis container image.')
+param tag string = '7'
+
+@description('Memory request for the redis deployment.')
+param memoryRequest string = '128Mi'
+
+@description('Memory limit for the redis deployment')
+param memoryLimit string = '1024Mi'
+
+extension kubernetes with {
+  kubeConfig: ''
+  namespace: context.runtime.kubernetes.namespace
+} as kubernetes
+
+var uniqueName = 'daprconfig-${uniqueString(context.resource.id)}'
+var port = 6379
+
+resource redis 'apps/Deployment@v1' = {
+  metadata: {
+    name: uniqueName
+  }
+  spec: {
+    selector: {
+      matchLabels: {
+        app: 'dapr-config-redis'
+        resource: context.resource.name
+      }
+    }
+    template: {
+      metadata: {
+        labels: {
+          app: 'dapr-config-redis'
+          resource: context.resource.name
+
+          // Label pods with the application name so `rad run` can find the logs.
+          'radapp.io/application': context.application == null ? '' : context.application.name
+        }
+      }
+      spec: {
+        containers: [
+          {
+            // This container is the running redis instance.
+            name: 'redis'
+            image: 'redis:${tag}'
+            ports: [
+              {
+                containerPort: port
+              }
+            ]
+            resources: {
+              requests: {
+                memory: memoryRequest
+              }
+              limits: {
+                memory: memoryLimit
+              }
+            }
+          }
+        ]
+      }
+    }
+  }
+}
+
+resource svc 'core/Service@v1' = {
+  metadata: {
+    name: uniqueName
+  }
+  spec: {
+    type: 'ClusterIP'
+    selector: {
+      app: 'dapr-config-redis'
+      resource: context.resource.name
+    }
+    ports: [
+      {
+        port: port
+      }
+    ]
+  }
+}
+
+var daprType = 'configuration.redis'
+var daprVersion = 'v1'
+
+resource daprComponent 'dapr.io/Component@v1alpha1' = {
+  metadata: {
+    name: context.resource.name
+  }
+  spec: {
+    type: daprType
+    version: daprVersion
+    metadata: [
+      {
+        name: 'redisHost'
+        value: '${svc.metadata.name}.${svc.metadata.namespace}.svc.cluster.local:${port}'
+      }
+      {
+        name: 'redisPassword'
+        value: ''
+      }
+    ]
+  }
+}
+
+output result object = {
+  // This workaround is needed because the deployment engine omits Kubernetes resources from its output.
+  // This allows Kubernetes resources to be cleaned up when the resource is deleted.
+  // Once this gap is addressed, users won't need to do this.
+  resources: [
+    '/planes/kubernetes/local/namespaces/${svc.metadata.namespace}/providers/core/Service/${svc.metadata.name}'
+    '/planes/kubernetes/local/namespaces/${redis.metadata.namespace}/providers/apps/Deployment/${redis.metadata.name}'
+    '/planes/kubernetes/local/namespaces/${daprComponent.metadata.namespace}/providers/dapr.io/Component/${daprComponent.metadata.name}'
+  ]
+  values: {
+    type: daprType
+    version: daprVersion
+    metadata: daprComponent.spec.metadata
+  }
+}