Skip to content

Update Container App module adding support to Functions #974

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Update Container App module adding support to Functions #974

wants to merge 13 commits into from

Conversation

Krusty93
Copy link
Contributor

@Krusty93 Krusty93 commented Oct 6, 2025
edited
Loading

Close CES-1339

Depends on #961

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 6, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 1945d32

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
azure_container_app Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

mamu0
mamu0 reviewed Oct 7, 2025
View reviewed changes
gz-dx-bot
gz-dx-bot reviewed Oct 7, 2025
View reviewed changes
mamu0
mamu0 reviewed Oct 7, 2025
View reviewed changes
@Krusty93 Krusty93 requested a review from Copilot October 7, 2025 07:38
Copilot
Copilot AI reviewed Oct 7, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for Azure Container Apps deployment mode to the existing Azure Function App Terraform module. The module now supports both traditional App Service Plan-based deployments and the newer Container Apps environment approach, allowing users to choose between the two deployment models based on their requirements.

Key changes:

  • Added a new container_app_config variable to enable Container Apps mode when provided
  • Implemented conditional resource creation logic to deploy either traditional Function App or Container App based on configuration
  • Added proper RBAC assignments and networking configurations for Container Apps deployment

Reviewed Changes

Copilot reviewed 18 out of 19 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
variables.tf Added container_app_config variable and updated validation logic for conditional requirements
tier.tf Added CPU and memory mappings for Container Apps resource sizing
subnets.tf Removed standalone subnet resource (moved to networking.tf)
rbac.tf Added conditional RBAC assignments for both deployment modes and Key Vault access
outputs.tf Updated outputs to handle both deployment modes with container_app section
networking.tf Consolidated subnet creation and added conditional private endpoint creation
main.tf Added azapi provider requirement and updated azurerm version constraint
locals.tf Added Container Apps-specific local variables and conditional logic
function_app_slot.tf Updated resource references to use array indexing
function_app.tf Made Function App resource conditional based on deployment mode
container_app.tf New file implementing Azure Container App resource with full configuration
alerts.tf Updated alerts to exclude Container Apps deployment mode
Various example files Added complete Container Apps deployment example

@Krusty93 Krusty93 force-pushed the CES-1339-modificare-il-modulo-terraform-per-azure-function-per-supportare-container-app branch from 771baac to 42034d1 Compare October 8, 2025 09:05
@Krusty93 Krusty93 requested review from Copilot and mamu0 October 8, 2025 09:05
@Krusty93 Krusty93 marked this pull request as ready for review October 8, 2025 09:05
@Krusty93 Krusty93 requested a review from a team as a code owner October 8, 2025 09:05
@Krusty93 Krusty93 requested a review from gz-dx-bot October 8, 2025 09:05
Copilot
Copilot AI reviewed Oct 8, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 21 out of 22 changed files in this pull request and generated 2 comments.

@Krusty93 Krusty93 force-pushed the CES-1339-modificare-il-modulo-terraform-per-azure-function-per-supportare-container-app branch from 31cebc2 to d2af60e Compare October 8, 2025 09:11
gunzip
gunzip reviewed Oct 8, 2025
View reviewed changes
gunzip
gunzip reviewed Oct 8, 2025
View reviewed changes
infra/modules/azure_container_app/examples/function_app/main.tf Outdated

container_app_environment_id = module.container_app_environment.id

user_assigned_identity_id = module.container_app_environment.user_assigned_identity.id
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: can we put this setting into the container app module itself? in order to avoid users specify this and just provide the cae

Copy link
Contributor Author

@Krusty93 Krusty93 Oct 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm afraid we can't unless we use a data in the module, but it will not be able to create the environment and the app at the same time as there's an nonexistent dependency in the plan phase

@Krusty93 Krusty93 force-pushed the CES-1339-modificare-il-modulo-terraform-per-azure-function-per-supportare-container-app branch from e3d89e3 to f89bbf1 Compare October 8, 2025 13:05
lucacavallaro
lucacavallaro reviewed Oct 9, 2025
View reviewed changes
infra/modules/azure_container_app/variables.tf
Comment on lines +198 to +199
action_group_ids = optional(set(string), [])
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: can this reused for other alerts created by the ca module?

@Krusty93 Krusty93 changed the title Update Function App module adding support to Function Container App Update Container App module adding support to Functions Oct 9, 2025
@Krusty93 Krusty93 requested review from christian-calabrese and removed request for gz-dx-bot October 10, 2025 13:37
@Krusty93 Krusty93 force-pushed the CES-1339-modificare-il-modulo-terraform-per-azure-function-per-supportare-container-app branch from b934844 to 0ffd22a Compare October 12, 2025 13:03
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 13, 2025
View reviewed changes
.github/workflows/_application_insights_tracking.yaml
Comment on lines +8 to +107
runs-on: "ubuntu-latest"
env:
RESOURCE_GROUP_NAME: "dx-d-itn-common-rg-01"
INGESTION_ENDPOINT: "https://italynorth-0.in.applicationinsights.azure.com/"
INSTRUMENTATION_KEY: "9c95698f-d74e-4046-a555-ea5f632c307e"
APPLICATIONINSIGHTS_CONNECTION_STRING: "InstrumentationKey=9c95698f-d74e-4046-a555-ea5f632c307e;IngestionEndpoint=https://italynorth-0.in.applicationinsights.azure.com/;LiveEndpoint=https://italynorth.livediagnostics.monitor.azure.com/;ApplicationId=c6f1af09-fbb3-4770-bf6d-cdaf821d2699"

steps:
# - name: Checkout
# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.7

# - name: Configure AZ CLI
# run: |
# az config set extension.use_dynamic_install=yes_without_prompt
# az configure --defaults group="$RESOURCE_GROUP_NAME"

- name: Node Setup
uses: actions/setup-node@v5
with:
node-version: 24

- name: Install SDK
run: |
npm i --save @azure/monitor-opentelemetry @opentelemetry/api
npm i --save applicationinsights
- name: Track event via JS
uses: actions/github-script@v8
with:
script: |
// const { useAzureMonitor } = require("@azure/monitor-opentelemetry");
//const { trace } = require("@opentelemetry/api");
//const { SemanticAttributes } = require("@opentelemetry/semantic-conventions");
const appInsights = require("applicationinsights");
appInsights.setup(process.env.APPINSIGHTS_CONNECTION_STRING)
.setAutoCollectConsole(false)
.setAutoCollectExceptions(false)
.setAutoCollectDependencies(false)
.setAutoCollectRequests(false)
.start();
const client = appInsights.defaultClient;
client.trackEvent({ name: "WorkflowStarted" });
console.log("Tracking event via JS");
//useAzureMonitor();
//console.log("Azure monitor setup");
// const meter = metrics.getMeter("testMeter");
// let counter = meter.createCounter("counter");
// counter.add(1, { "testKey": "testValue" });
// console.log("exception threw");
// const openTelemetry = ApplicationInsights(
// {
// azureMonitorExporterOptions: {
// connectionString: ${{ env.APPLICATIONINSIGHTS_CONNECTION_STRING }},
// }
// });
// const appInsights = new ApplicationInsights({ config: {
// connectionString: '${{ env.APPLICATIONINSIGHTS_CONNECTION_STRING }}',
// /* ...Other Configuration Options... */
// } });
// appInsights.loadAppInsights();
// appInsights.trackEvent({ name: 'Open Telemtry', properties: { customProperty: 'custom property value' } });
// appInsights.flush();
- name: Track event
run: |
echo "logging event to AI"
curl -X POST ${INGESTION_ENDPOINT}/v2/track \
-H "Content-Type: application/json" \
-d '[
{
"ver": 1,
"name": ""Microsoft.ApplicationInsights.Metric",
"time": "'$(date -u +"%Y-%m-%dT%H:%M:%S.000Z")'",
"sampleRate": 100,
"iKey": "${{ env.INSTRUMENTATION_KEY }}",
"data": {
"baseType": "EventData",
"baseData": {
"ver": 2,
"name": "Workflow completed",
"duration": "00.00:00:10",
"message": "Sample workflow Result",
"properties": {
"job": "build",
"status": "success"
}
}
}
}
]'

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 4 days ago

To fix the problem, we should add a permissions block to the workflow to restrict the permissions of the GITHUB_TOKEN. Since this workflow tracks events and does not interact with GitHub resources, contents: read is sufficient and recommended as a minimal starting point. The permissions block should be added either at the top level (applies to all jobs) or under the relevant job (here, tracker). Given only one job is defined, both locations are effective; however, top-level placement is simplest.

Specifically, in .github/workflows/_application_insights_tracking.yaml, insert:

permissions:
  contents: read

between the name: (line 1) and on: (line 3) lines.

Suggested changeset 1
.github/workflows/_application_insights_tracking.yaml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/_application_insights_tracking.yaml b/.github/workflows/_application_insights_tracking.yaml
--- a/.github/workflows/_application_insights_tracking.yaml
+++ b/.github/workflows/_application_insights_tracking.yaml
@@ -1,4 +1,6 @@
 name: Tracking Application Insights
+permissions:
+  contents: read
 
 on:
   workflow_dispatch:
EOF
@@ -1,4 +1,6 @@
name: Tracking Application Insights
permissions:
contents: read

on:
workflow_dispatch:
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions GitHub Actions
Copy link
Contributor

Tip

✅ All Terraform module locks are up to date

No module changes detected - everything is in sync!

📋 Pre-commit Output Log 
[INFO] Initializing environment for https://github.com/antonbabenko/pre-commit-terraform.
Lock Terraform Registry modules......................................................Passed
Terraform Providers Lock (on staged .terraform.lock.hcl files).......................Passed
- hook id: terraform_providers_lock_staged
- duration: 0.05s

No .terraform.lock.hcl files to process.

Terraform fmt........................................................................Passed
terraform_docs on modules............................................................Passed
terraform_docs on resources..........................................................Passed
Terraform validate with tflint.......................................................Passed
Terraform validate...................................................................Passed
Terraform validate with trivy........................................................Passed

Generated on Mon Oct 13 08:00:31 UTC 2025
Run all checks on modified files

@Krusty93 Krusty93 removed the priority label Oct 13, 2025
@dpulls dpulls
Copy link

dpulls bot commented Oct 14, 2025

🎉 All dependencies have been resolved !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucacavallaro lucacavallaro lucacavallaro left review comments

Copilot code review Copilot Copilot left review comments

@mamu0 mamu0 Awaiting requested review from mamu0

@gunzip gunzip Awaiting requested review from gunzip

@christian-calabrese christian-calabrese Awaiting requested review from christian-calabrese

+1 more reviewer

@gz-dx-bot gz-dx-bot gz-dx-bot left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Krusty93 @gunzip @lucacavallaro @mamu0 @gz-dx-bot