Azure bicep

[dewitt4]

This pull request introduces a comprehensive Azure deployment pipeline and associated infrastructure scripts and documentation for the Agentbase platform. The changes establish an automated, multi-stage CI/CD workflow for deploying the core, frontend, and AI service components to Azure, including infrastructure provisioning, secret management, and health checks. Additionally, documentation and configuration files have been updated or added to support Azure deployments and development workflows.

CI/CD Pipeline and Infrastructure Automation

• Added azure-pipelines/agentbase-deploy.yml, a multi-stage Azure DevOps pipeline for validating, deploying, and (optionally) tearing down Agentbase environments (staging and production), with clear prerequisites and environment gating.
• Introduced azure-pipelines/templates/deploy-env.yml, a reusable deployment stage that provisions infrastructure, builds and pushes Docker images, seeds Azure Key Vault secrets, updates web apps, and verifies endpoint health for each environment.

Deployment and Secret Management Scripts

• Added azure-pipelines/scripts/seed-keyvault.sh, an idempotent script to populate Azure Key Vault with all required secrets, handling both generated and user-supplied values safely.
• Added azure-pipelines/scripts/health-check.sh, a robust script to poll service endpoints until healthy, used for post-deployment verification in the pipeline.

Documentation and Configuration

• Added docs/azure/README.md with a clear overview of the Azure deployment architecture, pipeline runbook, cost analysis, and quick start instructions.
• Updated .gitattributes to normalize line endings for scripts and YAML files, ensuring cross-platform compatibility and preventing issues on Linux build agents.
• Enhanced agentbase.code-workspace to include the Azure project and set PowerShell's working directory for improved local development experience.

[Copilot]

Pull request overview

This PR adds an Azure deployment stack for the Agentbase platform: Bicep IaC for all required Azure resources plus an Azure DevOps multi-stage pipeline to validate, deploy, and verify staging/prod environments. It also makes minimal core-service runtime changes to support Azure Blob Storage uploads and Postgres TLS.

Changes:

• Introduces a reusable Azure DevOps pipeline (Validate → Deploy staging → approval → Deploy prod) with scripts for Key Vault seeding and endpoint health checks.
• Adds Bicep modules and a composition root (infra/main.bicep) to provision App Service (3 containers), ACR, Key Vault, Blob Storage, Postgres Flexible Server, Cosmos (Mongo), Redis, monitoring, and (prod) private networking.
• Updates core service configuration for Azure (Blob upload backend + optional Postgres TLS) and adds Azure SDK dependencies/docs.

Reviewed changes

Copilot reviewed 29 out of 30 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
packages/core/tsconfig.json	Adds multer types to fix core build typing.
packages/core/src/modules/uploads/uploads.service.ts	Adds Azure Blob upload backend and selection logic.
packages/core/src/data-source.ts	Adds optional Postgres TLS config for TypeORM CLI datasource.
packages/core/src/app.module.ts	Adds optional Postgres TLS config for runtime TypeORM connection.
packages/core/package.json	Adds Azure Identity + Blob Storage SDK dependencies.
infra/modules/storage-account.bicep	Provisions a Storage Account + uploads container for Blob storage.
infra/modules/redis-cache.bicep	Provisions Azure Cache for Redis (Basic C0) with TLS-only config.
infra/modules/rbac.bicep	Defines least-privilege role assignments for managed identities.
infra/modules/postgres-flexible.bicep	Provisions Azure Database for PostgreSQL Flexible Server + DB.
infra/modules/networking.bicep	Provisions VNet + private endpoints + private DNS zones (prod).
infra/modules/monitoring.bicep	Provisions Log Analytics + Application Insights.
infra/modules/key-vault.bicep	Provisions Key Vault with RBAC authorization.
infra/modules/cosmos-mongo.bicep	Provisions Cosmos DB (Mongo API) serverless + DB.
infra/modules/container-registry.bicep	Provisions Azure Container Registry (Basic).
infra/modules/app-service-plan.bicep	Provisions Linux App Service Plan with parameterized SKU.
infra/modules/app-service-container.bicep	Provisions container-based Web Apps with managed identity and base settings.
infra/main.parameters.staging.json	Staging parameters (B2, no private networking, marketplace URL).
infra/main.parameters.prod.json	Prod parameters (P1v2, private networking, marketplace URL).
infra/main.bicep	Composition root wiring all modules + app settings + outputs for pipeline.
docs/azure/README.md	Entry-point documentation and quick start for Azure deployment.
docs/azure/pipeline.md	Runbook for Azure DevOps pipeline setup, execution, rollback, teardown.
docs/azure/cost.md	SKU rationale and estimated monthly costs with cost levers.
docs/azure/architecture.md	Architecture description with diagrams, security model, and wiring notes.
azure-pipelines/templates/deploy-env.yml	Reusable deployment stage template for an environment.
azure-pipelines/scripts/seed-keyvault.sh	Idempotent Key Vault seeding script (generated + supplied secrets).
azure-pipelines/scripts/health-check.sh	Endpoint polling script for post-deploy verification.
azure-pipelines/agentbase-deploy.yml	Azure DevOps pipeline definition (Validate + Deploy stages).
agentbase.code-workspace	Adds agentbase-azure folder + PowerShell working directory setting.
.gitignore	Ignores Azure Boards workitems folder.
.gitattributes	Normalizes LF line endings for scripts/YAML/Bicep to avoid agent issues.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.