diff --git a/README.md b/README.md new file mode 100644 index 00000000..aa2dc691 --- /dev/null +++ b/README.md @@ -0,0 +1,805 @@ +# DevExp-DevBox + +[![Continuous Integration](https://github.com/Evilazaro/DevExp-DevBox/actions/workflows/ci.yml/badge.svg)](https://github.com/Evilazaro/DevExp-DevBox/actions/workflows/ci.yml) +[![Deploy to Azure](https://github.com/Evilazaro/DevExp-DevBox/actions/workflows/deploy.yml/badge.svg)](https://github.com/Evilazaro/DevExp-DevBox/actions/workflows/deploy.yml) +[![Release](https://github.com/Evilazaro/DevExp-DevBox/actions/workflows/release.yml/badge.svg)](https://github.com/Evilazaro/DevExp-DevBox/actions/workflows/release.yml) +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +![Azure](https://img.shields.io/badge/Azure-0078D4?logo=microsoftazure&logoColor=white) +![Bicep](https://img.shields.io/badge/Bicep-IaC-blue) + +An enterprise-grade **Infrastructure-as-Code (IaC)** solution built with **Azure Bicep** for deploying and managing **Microsoft Dev Box** environments at scale. This accelerator implements **Azure Landing Zone** principles with a modular architecture that separates concerns across security, monitoring, connectivity, and workload layersβ€”enabling platform engineering teams to provision consistent, secure developer workstations in minutes. + +Whether you're setting up a development environment for a small team or deploying Dev Boxes across an enterprise, DevExp-DevBox provides the automation, governance, and flexibility you need. The solution integrates seamlessly with **GitHub Actions** for CI/CD, uses **OIDC federation** for passwordless Azure authentication, and supports **PowerShell DSC** for customizing Dev Box images with role-specific tooling. + +--- + +## πŸ“‘ Table of Contents + +- [✨ Features](#-features) +- [πŸ—οΈ Architecture](#️-architecture) +- [πŸ“‹ Prerequisites](#-prerequisites) +- [πŸš€ Quick Start](#-quick-start) +- [πŸ“ Project Structure](#-project-structure) +- [βš™οΈ Configuration](#️-configuration) +- [πŸ”„ CI/CD Pipelines](#-cicd-pipelines) +- [πŸ“¦ Module Reference](#-module-reference) +- [🧹 Cleanup](#-cleanup) +- [🀝 Contributing](#-contributing) +- [πŸ“„ License](#-license) + +--- + +## ✨ Features + +| Feature | Description | +|---------|-------------| +| **🏒 Landing Zone Architecture** | Implements Azure best practices with segregated resource groups for Security, Monitoring, and Workload layers | +| **πŸ“„ Configuration-as-Code** | YAML-based configuration with JSON Schema validation for type safety and IDE IntelliSense | +| **🧩 Modular Bicep Design** | Reusable, composable modules with clear input/output contracts and typed parameters | +| **πŸ” OIDC Authentication** | Passwordless GitHub Actions deployment using Azure AD federated credentials | +| **πŸ“Š Multi-Project Support** | Deploy multiple Dev Box projects with distinct pools, catalogs, and access controls | +| **πŸ‘₯ Role-Based Access Control** | Hierarchical RBAC with Managed Identities following least-privilege principles | +| **βš™οΈ DSC Customization** | PowerShell Desired State Configuration (DSC) for Dev Box image customization | +| **πŸš€ Automated Provisioning** | Azure Developer CLI (azd) integration for streamlined setup and deployment | +| **πŸ“ˆ Centralized Monitoring** | Log Analytics workspace integration for unified observability | +| **🌐 Network Flexibility** | Support for both Microsoft-managed and custom VNet configurations | + +--- + +## πŸ—οΈ Architecture + +DevExp-DevBox implements a **Landing Zone** pattern that organizes Azure resources by function, ensuring proper separation of concerns and alignment with the [Azure Well-Architected Framework](https://learn.microsoft.com/azure/well-architected/). + +### Overview + +The solution deploys a centralized **Azure DevCenter** that serves as the management hub for all developer workstations. Resources are organized into three distinct landing zones: + +- **Security Landing Zone** β€” Houses Azure Key Vault for secrets management and credential storage +- **Monitoring Landing Zone** β€” Contains Log Analytics workspace for centralized logging and diagnostics +- **Workload Landing Zone** β€” Deploys DevCenter, projects, pools, and network connectivity + +This separation ensures that security-sensitive resources are isolated, monitoring is centralized, and workload components can scale independently. The modular Bicep architecture enables teams to customize configurations through YAML files while maintaining infrastructure consistency across environments. + +> πŸ“– For detailed architecture documentation including TOGAF-aligned decision records, see the [Architecture Documentation](./docs/architecture/). + +### High-Level Architecture + +```mermaid +flowchart TB + subgraph SUB["☁️ Azure Subscription"] + subgraph Security["πŸ” Security Landing Zone"] + KV["πŸ”‘ Key Vault
Secrets & Credentials"] + end + + subgraph Monitoring["πŸ“Š Monitoring Landing Zone"] + LA["πŸ“ˆ Log Analytics
Centralized Logging"] + end + + subgraph Workload["πŸ“¦ Workload Landing Zone"] + DC["πŸ–₯️ DevCenter
Management Hub"] + + subgraph Projects["πŸ“ Projects"] + P1["πŸ“‹ Project 1"] + P2["πŸ“‹ Project 2"] + end + + subgraph Pools["🏊 Dev Box Pools"] + POOL1["πŸ’» Frontend Pool"] + POOL2["πŸ’» Backend Pool"] + end + end + + subgraph Connectivity["🌐 Connectivity"] + VNET["πŸ”— Virtual Network"] + NC["πŸ”Œ Network Connection"] + end + end + + subgraph External["🌍 External Resources"] + GH["πŸ“š GitHub Catalog
DSC Configurations"] + end + + DC --> P1 & P2 + P1 & P2 --> POOL1 & POOL2 + POOL1 & POOL2 --> NC + NC --> VNET + DC -.->|"Sync"| GH + DC -.->|"Read Secrets"| KV + KV & DC & VNET -->|"Diagnostics"| LA + + classDef security fill:#FEE2E2,stroke:#DC2626,stroke-width:2px + classDef monitoring fill:#DBEAFE,stroke:#2563EB,stroke-width:2px + classDef workload fill:#D1FAE5,stroke:#059669,stroke-width:2px + classDef connectivity fill:#FEF3C7,stroke:#D97706,stroke-width:2px + classDef external fill:#F3E8FF,stroke:#7C3AED,stroke-width:2px + + class Security,KV security + class Monitoring,LA monitoring + class Workload,DC,Projects,P1,P2,Pools,POOL1,POOL2 workload + class Connectivity,VNET,NC connectivity + class External,GH external +``` + +### Azure Services Deployed + +| Service | Purpose | +|---------|---------| +| **Azure DevCenter** | Central hub for developer workstation management | +| **Dev Box Projects** | Project-level organization with team-specific configurations | +| **Dev Box Pools** | VM allocation with role-specific SKUs and images | +| **Azure Key Vault** | Secure storage for secrets (e.g., GitHub PAT for catalogs) | +| **Log Analytics** | Centralized logging and monitoring for all resources | +| **Virtual Network** | Network isolation with managed or custom VNet options | + +### Module Dependency Flow + +```mermaid +flowchart LR + subgraph Orchestration["🎯 Orchestration"] + MAIN["main.bicep
(Subscription Scope)"] + end + + subgraph LandingZones["πŸ—οΈ Landing Zone Modules"] + SEC["security.bicep"] + MON["logAnalytics.bicep"] + WL["workload.bicep"] + end + + subgraph CoreResources["βš™οΈ Core Resources"] + KV["keyVault.bicep"] + LA["logAnalytics.bicep"] + DC["devCenter.bicep"] + VNET["vnet.bicep"] + end + + subgraph ProjectResources["πŸ“ Project Resources"] + PROJ["project.bicep"] + POOL["projectPool.bicep"] + PCAT["projectCatalog.bicep"] + end + + MAIN --> SEC & MON & WL + SEC --> KV + MON --> LA + WL --> DC & VNET + DC --> PROJ + PROJ --> POOL & PCAT + + KV -.->|"secrets"| DC + LA -.->|"diagnostics"| DC + VNET -.->|"network"| POOL + + classDef orch fill:#818CF8,stroke:#4F46E5,color:#FFFFFF + classDef lz fill:#4F46E5,stroke:#3730A3,color:#FFFFFF + classDef core fill:#10B981,stroke:#059669,color:#FFFFFF + classDef proj fill:#F59E0B,stroke:#D97706,color:#000000 + + class MAIN orch + class SEC,MON,WL lz + class KV,LA,DC,VNET core + class PROJ,POOL,PCAT proj +``` + +--- + +## πŸ“‹ Prerequisites + +Ensure you have the following tools installed before proceeding: + +| Tool | Version | Purpose | Installation | +|------|---------|---------|--------------| +| **Azure CLI** | 2.50+ | Azure resource management | [Install Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) | +| **Azure Developer CLI (azd)** | Latest | Deployment orchestration | [Install azd](https://learn.microsoft.com/azure/developer/azure-developer-cli/install-azd) | +| **GitHub CLI** | 2.0+ | Repository and secret management | [Install gh](https://cli.github.com/) | +| **Bicep CLI** | 0.20+ | Template compilation | Included with Azure CLI | +| **PowerShell** | 7.0+ | Script execution | [Install PowerShell](https://docs.microsoft.com/powershell/scripting/install/installing-powershell) | + +### Azure Requirements + +- βœ… An active Azure subscription with **Owner** or **Contributor + User Access Administrator** permissions +- βœ… Azure AD permissions to create App Registrations (for OIDC setup) +- βœ… Registered resource providers: + +```bash +# Register required resource providers +az provider register --namespace Microsoft.DevCenter +az provider register --namespace Microsoft.KeyVault +az provider register --namespace Microsoft.Network +az provider register --namespace Microsoft.OperationalInsights +``` + +### Verify Prerequisites + +```bash +# Check Azure CLI +az --version + +# Check azd +azd version + +# Check GitHub CLI +gh --version + +# Check PowerShell +pwsh --version +``` + +--- + +## πŸš€ Quick Start + +Deploy your Dev Box environment in 4 steps: + +### 1️⃣ Clone the Repository + +```bash +git clone https://github.com/Evilazaro/DevExp-DevBox.git +cd DevExp-DevBox +``` + +### 2️⃣ Authenticate with Azure and GitHub + +```bash +# Login to Azure (interactive) +az login + +# Set your target subscription +az account set --subscription "" + +# Login to GitHub (required for OIDC credential setup) +gh auth login +``` + +### 3️⃣ Run the Setup Script + +The setup script performs the following: + +- βœ… Initializes Azure Developer CLI environment +- βœ… Creates Azure AD App Registration for OIDC +- βœ… Configures federated credentials for GitHub Actions +- βœ… Sets up GitHub repository secrets and variables + +**Linux/macOS:** + +```bash +chmod +x setUp.sh +./setUp.sh -e -s github +``` + +**Windows (PowerShell):** + +```powershell +.\setUp.ps1 -EnvName -SourceControl github +``` + +> πŸ“ **Parameters:** +> +> - `-e` / `-EnvName`: Environment identifier (e.g., `dev`, `staging`, `prod`) +> - `-s` / `-SourceControl`: Source control platform (`github` or `adogit`) + +### 4️⃣ Provision Infrastructure + +```bash +# Deploy all resources to Azure +azd provision +``` + +The deployment takes approximately **15-30 minutes** depending on the number of projects and pools configured. + +> πŸ’‘ **Tip:** For automated CI/CD deployments, use the GitHub Actions workflow. See [CI/CD Pipelines](#-cicd-pipelines). + +--- + +## πŸ“ Project Structure + +
+Click to expand full directory tree + +``` +DevExp-DevBox/ +β”œβ”€β”€ πŸ“„ azure.yaml # azd configuration (Linux/macOS) +β”œβ”€β”€ πŸ“„ azure-pwh.yaml # azd configuration (Windows PowerShell) +β”œβ”€β”€ πŸ“„ setUp.sh # Setup script (Bash) +β”œβ”€β”€ πŸ“„ setUp.ps1 # Setup script (PowerShell) +β”œβ”€β”€ πŸ“„ cleanSetUp.ps1 # Cleanup script +β”œβ”€β”€ πŸ“„ package.json # Hugo documentation dependencies +β”‚ +β”œβ”€β”€ πŸ“ .configuration/ # Runtime configurations +β”‚ β”œβ”€β”€ πŸ“ devcenter/workloads/ # DSC configurations for Dev Box images +β”‚ β”‚ β”œβ”€β”€ common-config.dsc.yaml +β”‚ β”‚ β”œβ”€β”€ common-backend-config.dsc.yaml +β”‚ β”‚ └── ... +β”‚ β”œβ”€β”€ πŸ“ powershell/ # PowerShell utility scripts +β”‚ └── πŸ“ setup/ # Setup helper scripts +β”‚ β”œβ”€β”€ πŸ“ Azure/ # Azure credential management +β”‚ └── πŸ“ GitHub/ # GitHub secret management +β”‚ +β”œβ”€β”€ πŸ“ .github/ # GitHub Actions configuration +β”‚ β”œβ”€β”€ πŸ“ actions/ci/ # Reusable composite actions +β”‚ β”‚ β”œβ”€β”€ bicep-standard-ci/ # Bicep build action +β”‚ β”‚ └── generate-release/ # Semantic versioning action +β”‚ └── πŸ“ workflows/ +β”‚ β”œβ”€β”€ ci.yml # Continuous Integration +β”‚ β”œβ”€β”€ deploy.yml # Azure deployment +β”‚ └── release.yml # Release management +β”‚ +β”œβ”€β”€ πŸ“ docs/ # TOGAF-aligned documentation +β”‚ β”œβ”€β”€ πŸ“ architecture/ # Architecture decision records +β”‚ β”œβ”€β”€ πŸ“ devops/ # CI/CD documentation +β”‚ └── πŸ“ scripts/ # Script usage guides +β”‚ +β”œβ”€β”€ πŸ“ infra/ # Bicep orchestration layer +β”‚ β”œβ”€β”€ πŸ“„ main.bicep # Entry point (subscription scope) +β”‚ β”œβ”€β”€ πŸ“„ main.parameters.json # Parameter file +β”‚ └── πŸ“ settings/ # YAML configuration files +β”‚ β”œβ”€β”€ πŸ“ resourceOrganization/ # Landing zone resource groups +β”‚ β”œβ”€β”€ πŸ“ security/ # Key Vault settings +β”‚ └── πŸ“ workload/ # DevCenter configuration +β”‚ +└── πŸ“ src/ # Reusable Bicep modules + β”œβ”€β”€ πŸ“ connectivity/ # Network resources + β”‚ β”œβ”€β”€ connectivity.bicep + β”‚ β”œβ”€β”€ vnet.bicep + β”‚ └── networkConnection.bicep + β”œβ”€β”€ πŸ“ identity/ # RBAC assignments + β”‚ β”œβ”€β”€ devCenterRoleAssignment.bicep + β”‚ └── projectIdentityRoleAssignment.bicep + β”œβ”€β”€ πŸ“ management/ # Monitoring resources + β”‚ └── logAnalytics.bicep + β”œβ”€β”€ πŸ“ security/ # Security resources + β”‚ β”œβ”€β”€ keyVault.bicep + β”‚ β”œβ”€β”€ secret.bicep + β”‚ └── security.bicep + └── πŸ“ workload/ # DevCenter resources + β”œβ”€β”€ workload.bicep + β”œβ”€β”€ πŸ“ core/ # DevCenter core modules + β”‚ β”œβ”€β”€ devCenter.bicep + β”‚ β”œβ”€β”€ catalog.bicep + β”‚ └── environmentType.bicep + └── πŸ“ project/ # Project-level modules + β”œβ”€β”€ project.bicep + β”œβ”€β”€ projectPool.bicep + β”œβ”€β”€ projectCatalog.bicep + └── projectEnvironmentType.bicep +``` + +
+ +--- + +## βš™οΈ Configuration + +DevExp-DevBox uses **YAML configuration files** with JSON Schema validation for a type-safe, IDE-friendly experience. Each configuration file has a corresponding JSON Schema that provides IntelliSense and validation in VS Code. + +### Configuration Files + +| File | Purpose | Schema | +|------|---------|--------| +| [azureResources.yaml](./infra/settings/resourceOrganization/azureResources.yaml) | Resource group naming, tagging, and landing zone organization | [azureResources.schema.json](./infra/settings/resourceOrganization/azureResources.schema.json) | +| [security.yaml](./infra/settings/security/security.yaml) | Key Vault configuration and access policies | [security.schema.json](./infra/settings/security/security.schema.json) | +| [devcenter.yaml](./infra/settings/workload/devcenter.yaml) | DevCenter, projects, pools, catalogs, and RBAC | [devcenter.schema.json](./infra/settings/workload/devcenter.schema.json) | + +### Landing Zone Configuration + +Configure resource groups in `infra/settings/resourceOrganization/azureResources.yaml`: + +```yaml +# Workload Resource Group - Dev Center and projects +workload: + create: true + name: devexp-workload + tags: + environment: dev + project: Contoso-DevExp-DevBox + costCenter: IT + +# Security Resource Group - Key Vault +security: + create: true + name: devexp-security + tags: + environment: dev + landingZone: Security + +# Monitoring Resource Group - Log Analytics +monitoring: + create: true + name: devexp-monitoring + tags: + environment: dev + landingZone: Monitoring +``` + +### Example: Adding a New Project + +Edit `infra/settings/workload/devcenter.yaml` to add a project: + +```yaml +projects: + - name: "my-new-project" + description: "My team's development environment" + + # Network configuration + network: + name: my-project-vnet + create: true + virtualNetworkType: Managed # Or "Unmanaged" for custom VNets + addressPrefixes: + - 10.1.0.0/16 + subnets: + - name: devbox-subnet + properties: + addressPrefix: 10.1.1.0/24 + + # Identity and access control + identity: + type: SystemAssigned + roleAssignments: + - azureADGroupId: "" + azureADGroupName: "My Team Developers" + azureRBACRoles: + - name: "Dev Box User" + id: "45d50f46-0b78-4001-a660-4198cbe8cd05" + scope: Project + + # Dev Box pools + pools: + - name: "standard-pool" + imageDefinitionName: "my-image-definition" + vmSku: general_i_16c64gb256ssd_v2 + + # Environment types available to this project + environmentTypes: + - name: "dev" + deploymentTargetId: "" +``` + +### VM SKU Options + +| SKU | vCPUs | RAM | Storage | Use Case | +|-----|-------|-----|---------|----------| +| `general_i_8c32gb256ssd_v2` | 8 | 32 GB | 256 GB | Light development | +| `general_i_16c64gb256ssd_v2` | 16 | 64 GB | 256 GB | Standard development | +| `general_i_32c128gb512ssd_v2` | 32 | 128 GB | 512 GB | Heavy workloads, builds | + +### DSC Customization + +Dev Box images can be customized using PowerShell Desired State Configuration (DSC). Sample configurations are provided in `.configuration/devcenter/workloads/`: + +| Configuration | Purpose | +|---------------|---------| +| `common-config.dsc.yaml` | Base configuration for all Dev Boxes | +| `common-backend-config.dsc.yaml` | Backend developer tools (Azure CLI, .NET SDK, Docker) | +| `common-frontend-usertasks-config.dsc.yaml` | Frontend developer tools (Node.js, npm) | +| `winget-upgrade-packages.dsc.yaml` | Automated package updates | + +**Example: Backend Developer DSC** + +```yaml +# .configuration/devcenter/workloads/common-backend-config.dsc.yaml +properties: + configurationVersion: "0.2.0" + resources: + # Azure CLI + - resource: Microsoft.WinGet.DSC/WinGetPackage + id: Microsoft.AzureCLI + settings: + id: Microsoft.AzureCLI + + # Azure Developer CLI + - resource: Microsoft.WinGet.DSC/WinGetPackage + id: Microsoft.Azd + settings: + id: Microsoft.Azd + + # Visual Studio Code + - resource: Microsoft.WinGet.DSC/WinGetPackage + id: Microsoft.VisualStudioCode + settings: + id: Microsoft.VisualStudioCode +``` + +--- + +## πŸ”„ CI/CD Pipelines + +DevExp-DevBox includes a complete CI/CD pipeline architecture using GitHub Actions with **OIDC-based authentication** for secure, passwordless Azure deployments. The pipeline follows DevOps best practices with semantic versioning, artifact management, and environment-specific deployment gates. + +### Pipeline Architecture + +```mermaid +flowchart TB + subgraph Triggers["🎯 Triggers"] + direction LR + T1["🌿 Push: feature/**"] + T2["πŸ”§ Push: fix/**"] + T3["πŸ“ PR to main"] + T4["πŸ–±οΈ Manual: Deploy"] + T5["πŸ–±οΈ Manual: Release"] + end + + subgraph CI["πŸ”„ Continuous Integration (ci.yml)"] + direction TB + CI1["πŸ“Š generate-tag-version
Semantic Version Calculation"] + CI2["πŸ”¨ build
Bicep Compilation & Validation"] + CI1 --> CI2 + end + + subgraph Deploy["πŸš€ Deployment (deploy.yml)"] + direction TB + D1["βœ… Validate Variables
Check Required Secrets"] + D2["πŸ”¨ Build Bicep
Compile Templates"] + D3["πŸ” OIDC Auth
Federated Credentials"] + D4["☁️ azd provision
Deploy to Azure"] + D1 --> D2 --> D3 --> D4 + end + + subgraph Release["🏷️ Release (release.yml)"] + direction TB + R1["πŸ“Š generate-release
Tag & Changelog"] + R2["πŸ”¨ build
Final Artifacts"] + R3["πŸŽ‰ publish-release
GitHub Release"] + R1 --> R2 --> R3 + end + + T1 & T2 & T3 --> CI + T4 --> Deploy + T5 --> Release + + classDef trigger fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px + classDef ci fill:#DBEAFE,stroke:#2563EB,stroke-width:2px + classDef deploy fill:#D1FAE5,stroke:#059669,stroke-width:2px + classDef release fill:#FEF3C7,stroke:#D97706,stroke-width:2px + + class Triggers,T1,T2,T3,T4,T5 trigger + class CI,CI1,CI2 ci + class Deploy,D1,D2,D3,D4 deploy + class Release,R1,R2,R3 release +``` + +### Workflows Overview + +| Workflow | File | Trigger | Purpose | +|----------|------|---------|---------| +| **Continuous Integration** | `.github/workflows/ci.yml` | Push to `feature/**`, `fix/**`; PRs to `main` | Build and validate Bicep templates | +| **Deploy to Azure** | `.github/workflows/deploy.yml` | Manual dispatch | Provision infrastructure to Azure | +| **Release** | `.github/workflows/release.yml` | Manual dispatch | Generate semantic versions and GitHub releases | + +### Required GitHub Configuration + +#### Repository Variables + +| Variable | Description | Example | +|----------|-------------|---------| +| `AZURE_CLIENT_ID` | App Registration client ID | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | +| `AZURE_TENANT_ID` | Azure AD tenant ID | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | +| `AZURE_SUBSCRIPTION_ID` | Target subscription ID | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | +| `AZURE_LOCATION` | Default Azure region | `eastus2` | + +#### Repository Secrets + +| Secret | Description | +|--------|-------------| +| `KEY_VAULT_SECRET` | GitHub Personal Access Token for private catalog access | + +### Deploying via GitHub Actions + +1. Navigate to **Actions** β†’ **Deploy to Azure** +2. Click **Run workflow** +3. Configure deployment parameters: + - `AZURE_ENV_NAME`: Environment name (e.g., `dev`, `staging`, `prod`) + - `AZURE_LOCATION`: Azure region (e.g., `eastus2`, `westus2`) +4. Click **Run workflow** + +### Setting Up OIDC Authentication + +The setup scripts automatically configure OIDC, but you can also set it up manually: + +```powershell +# Create App Registration and federated credentials +.\.configuration\setup\powershell\Azure\generateDeploymentCredentials.ps1 +``` + +> πŸ“– **More Details:** For comprehensive CI/CD pipeline documentation including reusable actions, versioning strategy, and best practices, see the [DevOps Documentation](./docs/devops/README.md). + +--- + +## πŸ“¦ Module Reference + +
+Click to expand module catalog + +### Core Modules + +| Module | Path | Description | +|--------|------|-------------| +| `main.bicep` | `infra/main.bicep` | Orchestration entry point (subscription scope) | + +### Security Layer + +| Module | Path | Description | +|--------|------|-------------| +| `security.bicep` | `src/security/security.bicep` | Security landing zone orchestrator | +| `keyVault.bicep` | `src/security/keyVault.bicep` | Azure Key Vault with RBAC | +| `secret.bicep` | `src/security/secret.bicep` | Key Vault secret management | + +### Management Layer + +| Module | Path | Description | +|--------|------|-------------| +| `logAnalytics.bicep` | `src/management/logAnalytics.bicep` | Log Analytics workspace | + +### Connectivity Layer + +| Module | Path | Description | +|--------|------|-------------| +| `connectivity.bicep` | `src/connectivity/connectivity.bicep` | Connectivity orchestrator | +| `vnet.bicep` | `src/connectivity/vnet.bicep` | Virtual network with subnets | +| `networkConnection.bicep` | `src/connectivity/networkConnection.bicep` | DevCenter network connection | +| `resourceGroup.bicep` | `src/connectivity/resourceGroup.bicep` | Connectivity resource group | + +### Workload Layer + +| Module | Path | Description | +|--------|------|-------------| +| `workload.bicep` | `src/workload/workload.bicep` | Workload orchestrator | +| `devCenter.bicep` | `src/workload/core/devCenter.bicep` | DevCenter resource | +| `catalog.bicep` | `src/workload/core/catalog.bicep` | DevCenter catalog | +| `environmentType.bicep` | `src/workload/core/environmentType.bicep` | Environment type definition | +| `project.bicep` | `src/workload/project/project.bicep` | DevCenter project | +| `projectPool.bicep` | `src/workload/project/projectPool.bicep` | Dev Box pool | +| `projectCatalog.bicep` | `src/workload/project/projectCatalog.bicep` | Project-level catalog | +| `projectEnvironmentType.bicep` | `src/workload/project/projectEnvironmentType.bicep` | Project environment type | + +### Identity Layer + +| Module | Path | Description | +|--------|------|-------------| +| `devCenterRoleAssignment.bicep` | `src/identity/devCenterRoleAssignment.bicep` | DevCenter RBAC | +| `projectIdentityRoleAssignment.bicep` | `src/identity/projectIdentityRoleAssignment.bicep` | Project RBAC | +| `keyVaultAccess.bicep` | `src/identity/keyVaultAccess.bicep` | Key Vault access policies | +| `orgRoleAssignment.bicep` | `src/identity/orgRoleAssignment.bicep` | Organization-level RBAC | + +
+ +--- + +## 🧹 Cleanup + +Remove all deployed resources when no longer needed. + +### Option 1: Azure Developer CLI (Recommended) + +```bash +# Remove all resources and purge Key Vault +azd down --purge --force +``` + +### Option 2: Cleanup Script (Full Cleanup) + +The cleanup script performs a comprehensive teardown: + +```powershell +.\cleanSetUp.ps1 -EnvName -Location +``` + +**What the cleanup script removes:** + +| Resource Type | Action | +|---------------|--------| +| Subscription Deployments | Deletes all ARM deployments | +| Role Assignments | Removes user and managed identity RBAC | +| Service Principals | Deletes OIDC app registrations | +| GitHub Secrets | Removes Azure credential secrets | +| Resource Groups | Deletes Security, Monitoring, Workload, and Connectivity RGs | + +### Option 3: Manual Cleanup + +```bash +# List resource groups +az group list --query "[?starts_with(name, 'devexp-')].name" -o tsv + +# Delete specific resource groups +az group delete --name devexp-workload---RG --yes --no-wait +az group delete --name devexp-security---RG --yes --no-wait +az group delete --name devexp-monitoring---RG --yes --no-wait +``` + +> ⚠️ **Warning:** Key Vault soft-delete is enabled by default. Use `--purge` flag or manually purge deleted vaults to fully remove secrets. + +--- + +## 🀝 Contributing + +Contributions are welcome! We follow a standard GitHub workflow. + +### How to Contribute + +1. **Fork** the repository +2. **Create** a feature branch: + + ```bash + git checkout -b feature/amazing-feature + ``` + +3. **Make** your changes following the guidelines below +4. **Test** locally: + + ```bash + az bicep build --file infra/main.bicep + ``` + +5. **Commit** your changes: + + ```bash + git commit -m 'feat: add amazing feature' + ``` + +6. **Push** to the branch: + + ```bash + git push origin feature/amazing-feature + ``` + +7. **Open** a Pull Request to `main` + +### Development Guidelines + +| Area | Guideline | +|------|-----------| +| **Bicep** | Follow [Bicep best practices](https://learn.microsoft.com/azure/azure-resource-manager/bicep/best-practices) | +| **Parameters** | Include `@description()` decorators for all parameters | +| **Resources** | Add appropriate tags to all resources | +| **Naming** | Use consistent naming conventions (camelCase for variables, kebab-case for resources) | +| **Documentation** | Update README and architecture docs for configuration changes | +| **Testing** | Validate Bicep files compile before submitting PRs | + +### Commit Message Convention + +We use [Conventional Commits](https://www.conventionalcommits.org/): + +``` +feat: add new Dev Box pool configuration +fix: correct Key Vault access policy +docs: update README with DSC examples +refactor: simplify network module +``` + +--- + +## πŸ“„ License + +This project is licensed under the **MIT License** β€” see the [LICENSE](LICENSE) file for details. + +--- + +## πŸ“š Additional Resources + +### Documentation + +| Resource | Description | +|----------|-------------| +| [Architecture Documentation](./docs/architecture/) | TOGAF-aligned architecture decision records | +| [DevOps Documentation](./docs/devops/README.md) | Comprehensive CI/CD pipeline documentation | +| [Script Documentation](./docs/scripts/README.md) | Setup and configuration script guides | + +### External References + +| Resource | Link | +|----------|------| +| Microsoft Dev Box | [Documentation](https://learn.microsoft.com/azure/dev-box/overview-what-is-microsoft-dev-box) | +| Azure DevCenter | [Documentation](https://learn.microsoft.com/azure/deployment-environments/overview-what-is-azure-deployment-environments) | +| Azure Bicep | [Documentation](https://learn.microsoft.com/azure/azure-resource-manager/bicep/) | +| Azure Landing Zones | [Cloud Adoption Framework](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/) | +| Azure Developer CLI | [Documentation](https://learn.microsoft.com/azure/developer/azure-developer-cli/) | + +### Support + +- πŸ› **Issues:** [GitHub Issues](https://github.com/Evilazaro/DevExp-DevBox/issues) +- πŸ’¬ **Discussions:** [GitHub Discussions](https://github.com/Evilazaro/DevExp-DevBox/discussions) + +--- + +

+ Built with ❀️ by the DevExp Team +

diff --git a/docs/architecture/01-business-architecture.md b/docs/architecture/01-business-architecture.md index da4852d3..12a4bf83 100644 --- a/docs/architecture/01-business-architecture.md +++ b/docs/architecture/01-business-architecture.md @@ -40,15 +40,15 @@ tags: ## πŸ“‘ Table of Contents -- [πŸ“‹ Executive Summary](#executive-summary) -- [🎯 Business Context](#business-context) -- [πŸ‘₯ Stakeholder Analysis](#stakeholder-analysis) -- [βš™οΈ Business Capabilities](#business-capabilities) -- [πŸ”„ Value Streams](#value-streams) -- [πŸ“ Business Requirements](#business-requirements) -- [πŸ“Š Success Metrics](#success-metrics) -- [πŸ“– Glossary](#glossary) -- [πŸ”— References](#references) +- [πŸ“‹ Executive Summary](#-executive-summary) +- [🎯 Business Context](#-business-context) +- [πŸ‘₯ Stakeholder Analysis](#-stakeholder-analysis) +- [βš™οΈ Business Capabilities](#%EF%B8%8F-business-capabilities) +- [πŸ”„ Value Streams](#-value-streams) +- [πŸ“ Business Requirements](#-business-requirements) +- [πŸ“Š Success Metrics](#-success-metrics) +- [πŸ“– Glossary](#-glossary) +- [πŸ”— References](#-references) --- @@ -278,6 +278,7 @@ flowchart TB class C9,C10,C11,C12 secondary class C13,C14,C15 primary + style L1 fill:#F3F4F6,stroke:#6B7280,stroke-width:2px style L2A fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px style L2B fill:#FEE2E2,stroke:#F44336,stroke-width:2px style L2C fill:#ECFDF5,stroke:#10B981,stroke-width:2px diff --git a/docs/architecture/02-data-architecture.md b/docs/architecture/02-data-architecture.md index bf46f76d..9c35bef2 100644 --- a/docs/architecture/02-data-architecture.md +++ b/docs/architecture/02-data-architecture.md @@ -40,15 +40,15 @@ tags: ## πŸ“‘ Table of Contents -- [πŸ“Š Data Overview](#data-overview) -- [πŸ“ Configuration Data Model](#configuration-data-model) -- [πŸ” Secrets Management](#secrets-management) -- [πŸ“Ά Telemetry & Diagnostics](#telemetry--diagnostics) -- [πŸ”„ Data Flow Diagrams](#data-flow-diagrams) -- [πŸ›‘οΈ Data Governance](#data-governance) -- [πŸ“ Schema Documentation](#schema-documentation) -- [πŸ“– Glossary](#glossary) -- [πŸ”— References](#references) +- [πŸ“Š Data Overview](#-data-overview) +- [πŸ“ Configuration Data Model](#-configuration-data-model) +- [πŸ” Secrets Management](#-secrets-management) +- [πŸ“Ά Telemetry & Diagnostics](#-telemetry--diagnostics) +- [πŸ”„ Data Flow Diagrams](#-data-flow-diagrams) +- [πŸ›‘οΈ Data Governance](#%EF%B8%8F-data-governance) +- [πŸ“ Schema Documentation](#-schema-documentation) +- [πŸ“– Glossary](#-glossary) +- [πŸ”— References](#-references) --- @@ -105,6 +105,7 @@ flowchart TB class T1,T2,T3 secondary class ST1,ST2,ST3 datastore + style DataCategories fill:#F3F4F6,stroke:#6B7280,stroke-width:2px style Config fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px style Secrets fill:#FEE2E2,stroke:#F44336,stroke-width:2px style Telemetry fill:#ECFDF5,stroke:#10B981,stroke-width:2px diff --git a/docs/architecture/03-application-architecture.md b/docs/architecture/03-application-architecture.md index 381938f1..920af925 100644 --- a/docs/architecture/03-application-architecture.md +++ b/docs/architecture/03-application-architecture.md @@ -40,15 +40,15 @@ tags: ## πŸ“‘ Table of Contents -- [πŸ“Š Application Overview](#application-overview) -- [πŸ“‹ Bicep Module Catalog](#bicep-module-catalog) -- [πŸ”— Module Dependency Graph](#module-dependency-graph) -- [πŸ“œ Interface Contracts](#interface-contracts) -- [πŸš€ Deployment Orchestration](#deployment-orchestration) -- [πŸ”§ Component Details](#component-details) -- [πŸ”„ Integration Patterns](#integration-patterns) -- [πŸ”Œ Extension Points](#extension-points) -- [πŸ“š References](#references) +- [πŸ“Š Application Overview](#-application-overview) +- [πŸ“‹ Bicep Module Catalog](#-bicep-module-catalog) +- [πŸ”— Module Dependency Graph](#-module-dependency-graph) +- [πŸ“œ Interface Contracts](#-interface-contracts) +- [πŸš€ Deployment Orchestration](#-deployment-orchestration) +- [πŸ”§ Component Details](#-component-details) +- [πŸ”„ Integration Patterns](#-integration-patterns) +- [πŸ”Œ Extension Points](#-extension-points) +- [πŸ“š References](#-references) --- diff --git a/docs/architecture/04-technology-architecture.md b/docs/architecture/04-technology-architecture.md index 719ca9da..8015aa54 100644 --- a/docs/architecture/04-technology-architecture.md +++ b/docs/architecture/04-technology-architecture.md @@ -40,16 +40,16 @@ tags: ## πŸ“‘ Table of Contents -- [πŸ“Š Technology Overview](#technology-overview) -- [πŸ“¦ Azure Service Catalog](#azure-service-catalog) -- [πŸ—οΈ Landing Zone Design](#landing-zone-design) -- [🌐 Network Architecture](#network-architecture) -- [πŸ’» Compute Architecture](#compute-architecture) -- [πŸ”„ CI/CD Infrastructure](#cicd-infrastructure) -- [πŸ“Ά Monitoring Infrastructure](#monitoring-infrastructure) -- [πŸ“ Infrastructure Sizing](#infrastructure-sizing) -- [πŸ“œ Technology Standards](#technology-standards) -- [πŸ”— References](#references) +- [πŸ“Š Technology Overview](#-technology-overview) +- [πŸ“¦ Azure Service Catalog](#-azure-service-catalog) +- [πŸ—οΈ Landing Zone Design](#%EF%B8%8F-landing-zone-design) +- [🌐 Network Architecture](#-network-architecture) +- [πŸ’» Compute Architecture](#-compute-architecture) +- [πŸ”„ CI/CD Infrastructure](#-cicd-infrastructure) +- [πŸ“Ά Monitoring Infrastructure](#-monitoring-infrastructure) +- [πŸ“ Infrastructure Sizing](#-infrastructure-sizing) +- [πŸ“œ Technology Standards](#-technology-standards) +- [πŸ”— References](#-references) --- @@ -128,6 +128,10 @@ flowchart TB style IaC fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px style CI_CD fill:#EEF2FF,stroke:#4F46E5,stroke-width:2px style Azure fill:#ECFDF5,stroke:#10B981,stroke-width:2px + style Compute fill:#D1FAE5,stroke:#059669,stroke-width:1px + style Security fill:#D1FAE5,stroke:#059669,stroke-width:1px + style Network fill:#D1FAE5,stroke:#059669,stroke-width:1px + style Monitor fill:#D1FAE5,stroke:#059669,stroke-width:1px ``` ### Technology Decision Matrix @@ -517,6 +521,9 @@ flowchart TB style DevCenter fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px style Runtime fill:#ECFDF5,stroke:#10B981,stroke-width:2px + style Images fill:#D1FAE5,stroke:#059669,stroke-width:1px + style Projects fill:#D1FAE5,stroke:#059669,stroke-width:1px + style Pools fill:#D1FAE5,stroke:#059669,stroke-width:1px ``` ### Dev Box SKU Options @@ -639,6 +646,8 @@ flowchart TB style GitHub fill:#EEF2FF,stroke:#4F46E5,stroke-width:2px style Azure fill:#ECFDF5,stroke:#10B981,stroke-width:2px + style Actions fill:#E0E7FF,stroke:#4F46E5,stroke-width:1px + style Secrets fill:#E0E7FF,stroke:#4F46E5,stroke-width:1px ``` ### Workflow Pipeline Structure @@ -791,6 +800,8 @@ flowchart TB style Collection fill:#EEF2FF,stroke:#4F46E5,stroke-width:2px style LAW fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px style Consumers fill:#ECFDF5,stroke:#10B981,stroke-width:2px + style Tables fill:#D1FAE5,stroke:#059669,stroke-width:1px + style Solutions fill:#D1FAE5,stroke:#059669,stroke-width:1px ``` ### Diagnostic Settings Configuration diff --git a/docs/architecture/05-security-architecture.md b/docs/architecture/05-security-architecture.md index e22b3748..c7e509d2 100644 --- a/docs/architecture/05-security-architecture.md +++ b/docs/architecture/05-security-architecture.md @@ -40,17 +40,17 @@ tags: ## πŸ“‘ Table of Contents -- [πŸ“Š Security Overview](#security-overview) -- [⚠️ Threat Model](#threat-model) -- [πŸ”‘ Identity & Access Management](#identity--access-management) -- [πŸ‘₯ RBAC Hierarchy](#rbac-hierarchy) -- [πŸ” Secrets Management](#secrets-management) -- [🌐 Network Security](#network-security) -- [πŸ›‘οΈ Data Protection](#data-protection) -- [βœ… Compliance & Governance](#compliance--governance) -- [πŸ“Ά Security Operations](#security-operations) -- [πŸ“‹ Security Controls Matrix](#security-controls-matrix) -- [πŸ”— References](#references) +- [πŸ“Š Security Overview](#-security-overview) +- [⚠️ Threat Model](#%EF%B8%8F-threat-model) +- [πŸ”‘ Identity & Access Management](#-identity--access-management) +- [πŸ‘₯ RBAC Hierarchy](#-rbac-hierarchy) +- [πŸ” Secrets Management](#-secrets-management) +- [🌐 Network Security](#-network-security) +- [πŸ›‘οΈ Data Protection](#%EF%B8%8F-data-protection) +- [βœ… Compliance & Governance](#-compliance--governance) +- [πŸ“Ά Security Operations](#-security-operations) +- [πŸ“‹ Security Controls Matrix](#-security-controls-matrix) +- [πŸ”— References](#-references) --- @@ -542,6 +542,8 @@ flowchart TB style Sources fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px style KeyVault fill:#FEE2E2,stroke:#F44336,stroke-width:2px style Access fill:#ECFDF5,stroke:#10B981,stroke-width:2px + style Settings fill:#FECACA,stroke:#C62828,stroke-width:1px + style Secrets fill:#FECACA,stroke:#C62828,stroke-width:1px ``` ### Key Vault Configuration @@ -661,6 +663,9 @@ flowchart TB style Internet fill:#F3F4F6,stroke:#6B7280,stroke-width:2px style AzureNetwork fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px style Resources fill:#ECFDF5,stroke:#10B981,stroke-width:2px + style NSG fill:#D1FAE5,stroke:#059669,stroke-width:1px + style VNet fill:#D1FAE5,stroke:#059669,stroke-width:1px + style PE fill:#D1FAE5,stroke:#059669,stroke-width:1px ``` ### Network Configuration Options diff --git a/docs/architecture/07-deployment-architecture.md b/docs/architecture/07-deployment-architecture.md index ccefaecb..9342a182 100644 --- a/docs/architecture/07-deployment-architecture.md +++ b/docs/architecture/07-deployment-architecture.md @@ -14,7 +14,7 @@ tags: # πŸš€ Deployment Architecture -> πŸ“– This document describes the deployment architecture and CI/CD pipeline design for the Dev Box Accelerator project. +> **DevExp-DevBox Landing Zone Accelerator** > [!NOTE] > **Target Audience:** DevOps Engineers, Platform Engineers, Release Managers @@ -29,20 +29,27 @@ tags: +| Property | Value | +|:---------|:------| +| **Version** | 1.0.0 | +| **Last Updated** | 2026-01-23 | +| **Author** | DevExp Team | +| **Status** | Published | + --- ## πŸ“‘ Table of Contents -- [🎯 Overview](#overview) -- [πŸ—οΈ High-Level Architecture](#high-level-architecture) -- [πŸ”„ Pipeline Architecture](#pipeline-architecture) -- [🌍 Deployment Environments](#deployment-environments) -- [πŸ”’ Security Architecture](#security-architecture) -- [πŸ“¦ Infrastructure Components](#infrastructure-components) -- [πŸ’Ύ Artifact Management](#artifact-management) -- [πŸ› οΈ Deployment Process](#deployment-process) -- [πŸ“Ά Monitoring & Observability](#monitoring--observability) -- [πŸ”— Related Documentation](#related-documentation) +- [🎯 Overview](#-overview) +- [πŸ—οΈ High-Level Architecture](#%EF%B8%8F-high-level-architecture) +- [πŸ”„ Pipeline Architecture](#-pipeline-architecture) +- [🌍 Deployment Environments](#-deployment-environments) +- [πŸ”’ Security Architecture](#-security-architecture) +- [πŸ“¦ Infrastructure Components](#-infrastructure-components) +- [πŸ’Ύ Artifact Management](#-artifact-management) +- [πŸ› οΈ Deployment Process](#%EF%B8%8F-deployment-process) +- [πŸ“Ά Monitoring & Observability](#-monitoring--observability) +- [πŸ”— Related Documentation](#-related-documentation) --- @@ -59,55 +66,72 @@ The Dev Box Accelerator uses a modern GitOps-style deployment approach with GitH ## πŸ—οΈ High-Level Architecture ```mermaid +--- +title: High-Level Architecture +--- flowchart TB - subgraph "πŸ‘¨β€πŸ’» Development" + %% ===== DEVELOPMENT ===== + subgraph Development["πŸ‘¨β€πŸ’» Development"] DEV1["Developer Workstation"] DEV2["VS Code + Bicep Extension"] - DEV1 --> DEV2 + DEV1 -->|uses| DEV2 end - subgraph "πŸ“¦ Source Control" + %% ===== SOURCE CONTROL ===== + subgraph SourceControl["πŸ“¦ Source Control"] GH1["GitHub Repository"] GH2["Branch Strategy"] GH3["Pull Requests"] - GH1 --> GH2 - GH2 --> GH3 + GH1 -->|implements| GH2 + GH2 -->|enables| GH3 end - subgraph "πŸ”„ CI/CD Pipeline" + %% ===== CI/CD PIPELINE ===== + subgraph CICD["πŸ”„ CI/CD Pipeline"] direction TB CI["πŸ”¨ CI Workflow"] RELEASE["🏷️ Release Workflow"] DEPLOY["πŸš€ Deploy Workflow"] end - subgraph "☁️ Azure" + %% ===== AZURE ===== + subgraph Azure["☁️ Azure"] direction TB SUB["Azure Subscription"] RG["Resource Groups"] DC["Dev Center"] KV["Key Vault"] VNET["Virtual Network"] - SUB --> RG - RG --> DC & KV & VNET + SUB -->|contains| RG + RG -->|hosts| DC + RG -->|hosts| KV + RG -->|hosts| VNET end - DEV2 --> |"git push"| GH1 - GH2 --> |"feature/fix branches"| CI - GH3 --> |"PR to main"| CI - GH1 --> |"manual trigger"| RELEASE - GH1 --> |"manual trigger"| DEPLOY - DEPLOY --> |"azd provision"| SUB - - classDef dev fill:#E3F2FD,stroke:#1565C0,color:#000 - classDef gh fill:#F3E5F5,stroke:#6A1B9A,color:#000 - classDef cicd fill:#FFF3E0,stroke:#EF6C00,color:#000 - classDef azure fill:#E8F5E9,stroke:#2E7D32,color:#000 - - class DEV1,DEV2 dev - class GH1,GH2,GH3 gh - class CI,RELEASE,DEPLOY cicd - class SUB,RG,DC,KV,VNET azure + %% ===== CONNECTIONS ===== + DEV2 -->|git push| GH1 + GH2 -->|triggers| CI + GH3 -->|triggers| CI + GH1 -->|manual trigger| RELEASE + GH1 -->|manual trigger| DEPLOY + DEPLOY -->|azd provision| SUB + + %% ===== NODE STYLES ===== + classDef primary fill:#4F46E5,stroke:#3730A3,color:#FFFFFF + classDef secondary fill:#10B981,stroke:#059669,color:#FFFFFF + classDef trigger fill:#818CF8,stroke:#4F46E5,color:#FFFFFF + classDef datastore fill:#F59E0B,stroke:#D97706,color:#000000 + + class DEV1,DEV2 primary + class GH1,GH2,GH3 trigger + class CI,RELEASE,DEPLOY datastore + class SUB,RG,DC,KV,VNET secondary + + %% ===== SUBGRAPH STYLES ===== + style Development fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px + style SourceControl fill:#EEF2FF,stroke:#4F46E5,stroke-width:2px + style CICD fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px + style Azure fill:#ECFDF5,stroke:#10B981,stroke-width:2px ``` --- @@ -121,58 +145,75 @@ flowchart TB ### Workflow Relationships ```mermaid +--- +title: Workflow Relationships +--- flowchart LR - subgraph "Trigger Events" - T1([Push to feature/**]) - T2([Push to fix/**]) - T3([PR to main]) - T4([Manual Dispatch]) + %% ===== TRIGGER EVENTS ===== + subgraph Triggers["🎯 Trigger Events"] + T1(["Push to feature/**"]) + T2(["Push to fix/**"]) + T3(["PR to main"]) + T4(["Manual Dispatch"]) end - subgraph "Workflows" + %% ===== WORKFLOWS ===== + subgraph Workflows["πŸ”„ Workflows"] direction TB - W1["ci.yml
Continuous Integration"] - W2["release.yml
Branch-Based Release"] - W3["deploy.yml
Deploy to Azure"] + W1["ci.yml
Continuous Integration"] + W2["release.yml
Branch-Based Release"] + W3["deploy.yml
Deploy to Azure"] end - subgraph "Artifacts & Outputs" + %% ===== ARTIFACTS & OUTPUTS ===== + subgraph Outputs["πŸ“¦ Artifacts & Outputs"] A1[/"Versioned Artifacts"/] A2[/"GitHub Release"/] - A3[(Azure Resources)] + A3[("Azure Resources")] end - T1 & T2 --> W1 - T3 --> W1 - T4 --> W2 - T4 --> W3 + %% ===== CONNECTIONS ===== + T1 -->|triggers| W1 + T2 -->|triggers| W1 + T3 -->|triggers| W1 + T4 -->|triggers| W2 + T4 -->|triggers| W3 - W1 --> A1 - W2 --> A1 - W2 --> A2 - W3 --> A3 + W1 -->|produces| A1 + W2 -->|produces| A1 + W2 -->|creates| A2 + W3 -->|provisions| A3 - classDef trigger fill:#2196F3,stroke:#1565C0,color:#fff - classDef workflow fill:#FF9800,stroke:#EF6C00,color:#fff - classDef artifact fill:#4CAF50,stroke:#2E7D32,color:#fff + %% ===== NODE STYLES ===== + classDef trigger fill:#818CF8,stroke:#4F46E5,color:#FFFFFF + classDef datastore fill:#F59E0B,stroke:#D97706,color:#000000 + classDef secondary fill:#10B981,stroke:#059669,color:#FFFFFF class T1,T2,T3,T4 trigger - class W1,W2,W3 workflow - class A1,A2,A3 artifact + class W1,W2,W3 datastore + class A1,A2,A3 secondary + + %% ===== SUBGRAPH STYLES ===== + style Triggers fill:#EEF2FF,stroke:#4F46E5,stroke-width:2px + style Workflows fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px + style Outputs fill:#ECFDF5,stroke:#10B981,stroke-width:2px ``` ### Detailed CI/CD Flow ```mermaid +--- +title: Detailed CI/CD Flow +--- sequenceDiagram - participant Dev as Developer - participant GH as GitHub - participant CI as CI Workflow - participant Release as Release Workflow - participant Deploy as Deploy Workflow - participant Azure as Azure - - rect rgb(227, 242, 253) + participant Dev as πŸ‘€ Developer + participant GH as πŸ™ GitHub + participant CI as πŸ”¨ CI Workflow + participant Release as 🏷️ Release Workflow + participant Deploy as πŸš€ Deploy Workflow + participant Azure as ☁️ Azure + + rect rgb(224, 231, 255) Note over Dev,GH: Feature Development Dev->>GH: Push to feature/** branch GH->>CI: Trigger CI workflow @@ -181,7 +222,7 @@ sequenceDiagram CI->>GH: Upload artifacts end - rect rgb(243, 229, 245) + rect rgb(238, 242, 255) Note over Dev,GH: Pull Request Dev->>GH: Create PR to main GH->>CI: Trigger CI workflow @@ -189,7 +230,7 @@ sequenceDiagram CI-->>GH: PR check status end - rect rgb(255, 243, 224) + rect rgb(254, 243, 199) Note over GH,Release: Release Creation Dev->>Release: Manual trigger Release->>Release: Calculate version @@ -197,7 +238,7 @@ sequenceDiagram Release->>GH: Create GitHub Release end - rect rgb(232, 245, 233) + rect rgb(236, 253, 245) Note over Deploy,Azure: Deployment Dev->>Deploy: Manual trigger Deploy->>Deploy: Build Bicep @@ -226,30 +267,41 @@ sequenceDiagram ### Environment Configuration ```mermaid +--- +title: Environment Configuration +--- flowchart TB - subgraph "GitHub Environments" + %% ===== GITHUB ENVIRONMENTS ===== + subgraph GitHubEnv["πŸ™ GitHub Environments"] direction LR ENV1["dev"] ENV2["staging"] ENV3["prod"] end - subgraph "Azure Subscriptions" + %% ===== AZURE SUBSCRIPTIONS ===== + subgraph AzureSub["☁️ Azure Subscriptions"] direction LR SUB1["Dev Subscription"] SUB2["Staging Subscription"] SUB3["Prod Subscription"] end - ENV1 --> |OIDC| SUB1 - ENV2 --> |OIDC| SUB2 - ENV3 --> |OIDC| SUB3 + %% ===== CONNECTIONS ===== + ENV1 -->|OIDC| SUB1 + ENV2 -->|OIDC| SUB2 + ENV3 -->|OIDC| SUB3 - classDef env fill:#2196F3,stroke:#1565C0,color:#fff - classDef azure fill:#4CAF50,stroke:#2E7D32,color:#fff + %% ===== NODE STYLES ===== + classDef trigger fill:#818CF8,stroke:#4F46E5,color:#FFFFFF + classDef secondary fill:#10B981,stroke:#059669,color:#FFFFFF - class ENV1,ENV2,ENV3 env - class SUB1,SUB2,SUB3 azure + class ENV1,ENV2,ENV3 trigger + class SUB1,SUB2,SUB3 secondary + + %% ===== SUBGRAPH STYLES ===== + style GitHubEnv fill:#EEF2FF,stroke:#4F46E5,stroke-width:2px + style AzureSub fill:#ECFDF5,stroke:#10B981,stroke-width:2px ``` --- @@ -263,35 +315,50 @@ flowchart TB ### Authentication Flow ```mermaid +--- +title: Authentication Flow +--- flowchart LR - subgraph "GitHub Actions" + %% ===== GITHUB ACTIONS ===== + subgraph GitHub["πŸ™ GitHub Actions"] GH1["Workflow Run"] GH2["Request OIDC Token"] + GH1 -->|initiates| GH2 end - subgraph "Azure AD" + %% ===== AZURE AD ===== + subgraph AzureAD["🏒 Azure AD"] AD1["Validate Token"] AD2["Issue Access Token"] AD3["Federated Credential"] + AD1 -->|checks| AD3 + AD3 -->|authorizes| AD2 end - subgraph "Azure Resources" + %% ===== AZURE RESOURCES ===== + subgraph AzureRes["☁️ Azure Resources"] AZ1["Subscription"] AZ2["Resource Group"] + AZ1 -->|contains| AZ2 end - GH1 --> GH2 - GH2 --> |"JWT"| AD1 - AD1 --> AD3 - AD3 --> AD2 - AD2 --> |"Bearer Token"| AZ1 - AZ1 --> AZ2 + %% ===== CONNECTIONS ===== + GH2 -->|JWT| AD1 + AD2 -->|Bearer Token| AZ1 - classDef github fill:#24292E,stroke:#1B1F23,color:#fff - classDef azure fill:#0078D4,stroke:#005A9E,color:#fff + %% ===== NODE STYLES ===== + classDef trigger fill:#818CF8,stroke:#4F46E5,color:#FFFFFF + classDef primary fill:#4F46E5,stroke:#3730A3,color:#FFFFFF + classDef secondary fill:#10B981,stroke:#059669,color:#FFFFFF - class GH1,GH2 github - class AD1,AD2,AD3,AZ1,AZ2 azure + class GH1,GH2 trigger + class AD1,AD2,AD3 primary + class AZ1,AZ2 secondary + + %% ===== SUBGRAPH STYLES ===== + style GitHub fill:#EEF2FF,stroke:#4F46E5,stroke-width:2px + style AzureAD fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px + style AzureRes fill:#ECFDF5,stroke:#10B981,stroke-width:2px ``` ### Security Controls @@ -315,12 +382,17 @@ flowchart LR ### Bicep Module Structure ```mermaid +--- +title: Bicep Module Structure +--- flowchart TB - subgraph "Entry Point" + %% ===== ENTRY POINT ===== + subgraph EntryPoint["🎯 Entry Point"] MAIN["main.bicep"] end - subgraph "src/workload" + %% ===== WORKLOAD MODULES ===== + subgraph Workload["πŸ“¦ src/workload"] W1["workload.bicep"] W2["core/devCenter.bicep"] W3["core/catalog.bicep"] @@ -329,39 +401,60 @@ flowchart TB W6["project/projectPool.bicep"] end - subgraph "src/connectivity" + %% ===== CONNECTIVITY MODULES ===== + subgraph Connectivity["🌐 src/connectivity"] C1["connectivity.bicep"] C2["vnet.bicep"] C3["networkConnection.bicep"] end - subgraph "src/security" + %% ===== SECURITY MODULES ===== + subgraph Security["πŸ” src/security"] S1["security.bicep"] S2["keyVault.bicep"] S3["secret.bicep"] end - subgraph "src/identity" + %% ===== IDENTITY MODULES ===== + subgraph Identity["πŸ‘€ src/identity"] I1["devCenterRoleAssignment.bicep"] I2["projectIdentityRoleAssignment.bicep"] end - MAIN --> W1 & C1 & S1 & I1 - W1 --> W2 & W3 & W4 & W5 & W6 - C1 --> C2 & C3 - S1 --> S2 & S3 - - classDef main fill:#F44336,stroke:#C62828,color:#fff - classDef workload fill:#2196F3,stroke:#1565C0,color:#fff - classDef connectivity fill:#4CAF50,stroke:#2E7D32,color:#fff - classDef security fill:#FF9800,stroke:#EF6C00,color:#fff - classDef identity fill:#9C27B0,stroke:#6A1B9A,color:#fff - - class MAIN main - class W1,W2,W3,W4,W5,W6 workload - class C1,C2,C3 connectivity - class S1,S2,S3 security - class I1,I2 identity + %% ===== CONNECTIONS ===== + MAIN -->|deploys| W1 + MAIN -->|deploys| C1 + MAIN -->|deploys| S1 + MAIN -->|deploys| I1 + W1 -->|includes| W2 + W1 -->|includes| W3 + W1 -->|includes| W4 + W1 -->|includes| W5 + W1 -->|includes| W6 + C1 -->|includes| C2 + C1 -->|includes| C3 + S1 -->|includes| S2 + S1 -->|includes| S3 + + %% ===== NODE STYLES ===== + classDef trigger fill:#818CF8,stroke:#4F46E5,color:#FFFFFF + classDef primary fill:#4F46E5,stroke:#3730A3,color:#FFFFFF + classDef secondary fill:#10B981,stroke:#059669,color:#FFFFFF + classDef datastore fill:#F59E0B,stroke:#D97706,color:#000000 + classDef failed fill:#F44336,stroke:#C62828,color:#FFFFFF + + class MAIN trigger + class W1,W2,W3,W4,W5,W6 primary + class C1,C2,C3 secondary + class S1,S2,S3 datastore + class I1,I2 failed + + %% ===== SUBGRAPH STYLES ===== + style EntryPoint fill:#EEF2FF,stroke:#4F46E5,stroke-width:2px + style Workload fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px + style Connectivity fill:#ECFDF5,stroke:#10B981,stroke-width:2px + style Security fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px + style Identity fill:#FEE2E2,stroke:#F44336,stroke-width:2px ``` --- @@ -375,37 +468,51 @@ flowchart TB ### Artifact Flow ```mermaid +--- +title: Artifact Flow +--- flowchart LR - subgraph "Build Stage" + %% ===== BUILD STAGE ===== + subgraph Build["πŸ”¨ Build Stage"] B1["Bicep Source"] B2["az bicep build"] B3["ARM Templates"] - B1 --> B2 --> B3 + B1 -->|compiles| B2 + B2 -->|generates| B3 end - subgraph "Storage" - S1["GitHub Artifacts
30-day retention"] - S2["GitHub Releases
Permanent"] + %% ===== STORAGE ===== + subgraph Storage["πŸ’Ύ Storage"] + S1["GitHub Artifacts
30-day retention"] + S2["GitHub Releases
Permanent"] end - subgraph "Deployment" + %% ===== DEPLOYMENT ===== + subgraph Deployment["πŸš€ Deployment"] D1["azd provision"] D2["Azure Resources"] - D1 --> D2 + D1 -->|creates| D2 end - B3 --> S1 - B3 --> S2 - S1 --> D1 - S2 --> D1 - - classDef build fill:#FF9800,stroke:#EF6C00,color:#fff - classDef storage fill:#2196F3,stroke:#1565C0,color:#fff - classDef deploy fill:#4CAF50,stroke:#2E7D32,color:#fff - - class B1,B2,B3 build - class S1,S2 storage - class D1,D2 deploy + %% ===== CONNECTIONS ===== + B3 -->|uploads| S1 + B3 -->|uploads| S2 + S1 -->|downloads| D1 + S2 -->|downloads| D1 + + %% ===== NODE STYLES ===== + classDef datastore fill:#F59E0B,stroke:#D97706,color:#000000 + classDef primary fill:#4F46E5,stroke:#3730A3,color:#FFFFFF + classDef secondary fill:#10B981,stroke:#059669,color:#FFFFFF + + class B1,B2,B3 datastore + class S1,S2 primary + class D1,D2 secondary + + %% ===== SUBGRAPH STYLES ===== + style Build fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px + style Storage fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px + style Deployment fill:#ECFDF5,stroke:#10B981,stroke-width:2px ``` ### Versioning Scheme diff --git a/docs/devops/release.md b/docs/devops/release.md index 053e83f5..600e33d5 100644 --- a/docs/devops/release.md +++ b/docs/devops/release.md @@ -309,37 +309,74 @@ permissions: ### Branch-Based Version Calculation ```mermaid +--- +title: Version Calculation Flow +--- flowchart LR - subgraph "πŸ“Š Version Calculation" + %% ===== VERSION CALCULATION ===== + subgraph VersionCalc["πŸ“Š Version Calculation"] direction TB - START((Start)) --> CHECK{Branch Type?} - CHECK --> |main| MAIN["Conditional Major
if minor=0 AND patch=0"] - CHECK --> |feature/**| FEAT["Patch + commits
Suffix: -feature.name"] - CHECK --> |fix/**| FIX["Minor + commits
Suffix: -fix.name"] - - MAIN --> OVERFLOW1{Overflow?} - FEAT --> OVERFLOW2{patch > 99?} - FIX --> OVERFLOW3{minor > 99?} + START(("▢️ Start")) + CHECK{"πŸ”€ Branch Type?"} + MAIN["πŸ“Œ Conditional Major\nif minor=0 AND patch=0"] + FEAT["🌿 Patch + commits\nSuffix: -feature.name"] + FIX["πŸ”§ Minor + commits\nSuffix: -fix.name"] - OVERFLOW1 --> |"patch > 99"| INCMIN["minor++, patch=0"] - OVERFLOW2 --> |Yes| INCMIN2["minor++, patch=0"] - OVERFLOW3 --> |Yes| INCMAJ["major++, minor=0"] + START -->|analyzes| CHECK + CHECK -->|main| MAIN + CHECK -->|feature/**| FEAT + CHECK -->|fix/**| FIX + end + + %% ===== OVERFLOW HANDLING ===== + subgraph OverflowHandling["⚠️ Overflow Handling"] + direction TB + OVERFLOW1{"patch > 99?"} + OVERFLOW2{"patch > 99?"} + OVERFLOW3{"minor > 99?"} - INCMIN --> FINALV[/"Final Version"/] - INCMIN2 --> FINALV - INCMAJ --> FINALV - OVERFLOW1 --> |No| FINALV - OVERFLOW2 --> |No| FINALV - OVERFLOW3 --> |No| FINALV + INCMIN["πŸ”„ minor++, patch=0"] + INCMIN2["πŸ”„ minor++, patch=0"] + INCMAJ["πŸ”„ major++, minor=0"] end - classDef decision fill:#FFC107,stroke:#FFA000,color:#000 - classDef process fill:#2196F3,stroke:#1565C0,color:#fff - classDef output fill:#4CAF50,stroke:#2E7D32,color:#fff + %% ===== OUTPUT ===== + subgraph Output["πŸ“¦ Output"] + FINALV[/"🏷️ Final Version"/] + end + %% ===== CONNECTIONS ===== + MAIN -->|checks| OVERFLOW1 + FEAT -->|checks| OVERFLOW2 + FIX -->|checks| OVERFLOW3 + + OVERFLOW1 -->|Yes| INCMIN + OVERFLOW2 -->|Yes| INCMIN2 + OVERFLOW3 -->|Yes| INCMAJ + + INCMIN -->|outputs| FINALV + INCMIN2 -->|outputs| FINALV + INCMAJ -->|outputs| FINALV + OVERFLOW1 -.->|No| FINALV + OVERFLOW2 -.->|No| FINALV + OVERFLOW3 -.->|No| FINALV + + %% ===== STYLES ===== + classDef trigger fill:#818CF8,stroke:#4F46E5,color:#FFFFFF + classDef primary fill:#4F46E5,stroke:#3730A3,color:#FFFFFF + classDef secondary fill:#10B981,stroke:#059669,color:#FFFFFF + classDef datastore fill:#F59E0B,stroke:#D97706,color:#000000 + classDef decision fill:#FFFBEB,stroke:#F59E0B,color:#000000 + + class START trigger + class MAIN,FEAT,FIX,INCMIN,INCMIN2,INCMAJ primary class CHECK,OVERFLOW1,OVERFLOW2,OVERFLOW3 decision - class MAIN,FEAT,FIX,INCMIN,INCMIN2,INCMAJ process - class FINALV output + class FINALV datastore + + %% ===== SUBGRAPH STYLES ===== + style VersionCalc fill:#E0E7FF,stroke:#4F46E5,stroke-width:2px + style OverflowHandling fill:#FEE2E2,stroke:#F44336,stroke-width:2px + style Output fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px ``` ### Version Rules by Branch diff --git a/docs/scripts/README.md b/docs/scripts/README.md index da3cb013..8cb7a142 100644 --- a/docs/scripts/README.md +++ b/docs/scripts/README.md @@ -33,16 +33,16 @@ tags: ## πŸ“‘ Table of Contents -- [🎯 Overview](#overview) -- [πŸ—οΈ Scripts Architecture](#scripts-architecture) -- [⚑ Quick Reference](#quick-reference) -- [πŸ“‚ Scripts by Category](#scripts-by-category) -- [βš™οΈ Prerequisites Summary](#prerequisites-summary) -- [πŸ”„ Common Workflows](#common-workflows) -- [⚠️ Error Handling Patterns](#error-handling-patterns) -- [πŸ“ File Structure](#file-structure) -- [πŸ”— Related Documentation](#related-documentation) -- [🀝 Contributing](#contributing) +- [🎯 Overview](#-overview) +- [πŸ—οΈ Scripts Architecture](#%EF%B8%8F-scripts-architecture) +- [⚑ Quick Reference](#-quick-reference) +- [πŸ“‚ Scripts by Category](#-scripts-by-category) +- [βš™οΈ Prerequisites Summary](#%EF%B8%8F-prerequisites-summary) +- [πŸ”„ Common Workflows](#-common-workflows) +- [⚠️ Error Handling Patterns](#%EF%B8%8F-error-handling-patterns) +- [πŸ“ File Structure](#-file-structure) +- [πŸ”— Related Documentation](#-related-documentation) +- [🀝 Contributing](#-contributing) --- diff --git a/docs/scripts/azure/create-custom-role.md b/docs/scripts/azure/create-custom-role.md index be9914e6..984d6906 100644 --- a/docs/scripts/azure/create-custom-role.md +++ b/docs/scripts/azure/create-custom-role.md @@ -38,11 +38,11 @@ tags: - [🎯 Overview](#-overview) - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸ“œ Role Definition](#-role-definition) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [⚠️ Error Handling](#-error-handling) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) - [πŸ”§ Troubleshooting](#-troubleshooting) - [πŸ” Security Considerations](#-security-considerations) - [πŸ”— Related Scripts](#-related-scripts) diff --git a/docs/scripts/azure/create-users-and-assign-role.md b/docs/scripts/azure/create-users-and-assign-role.md index 6bf68e8f..e4a62229 100644 --- a/docs/scripts/azure/create-users-and-assign-role.md +++ b/docs/scripts/azure/create-users-and-assign-role.md @@ -35,11 +35,11 @@ tags: - [🎯 Overview](#-overview) - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸ”‘ Assigned Roles](#-assigned-roles) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [⚠️ Error Handling](#-error-handling) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) - [πŸ”§ Troubleshooting](#-troubleshooting) - [πŸ” Security Considerations](#-security-considerations) - [πŸ”— Related Scripts](#-related-scripts) diff --git a/docs/scripts/azure/delete-deployment-credentials.md b/docs/scripts/azure/delete-deployment-credentials.md index e67cec6f..78f060f6 100644 --- a/docs/scripts/azure/delete-deployment-credentials.md +++ b/docs/scripts/azure/delete-deployment-credentials.md @@ -38,10 +38,10 @@ tags: - [🎯 Overview](#-overview) - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [⚠️ Error Handling](#-error-handling) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) - [πŸ”§ Troubleshooting](#-troubleshooting) - [πŸ” Security Considerations](#-security-considerations) - [πŸ”— Related Scripts](#-related-scripts) diff --git a/docs/scripts/azure/delete-users-and-assigned-roles.md b/docs/scripts/azure/delete-users-and-assigned-roles.md index 9dacfe56..f6dd8e34 100644 --- a/docs/scripts/azure/delete-users-and-assigned-roles.md +++ b/docs/scripts/azure/delete-users-and-assigned-roles.md @@ -35,11 +35,11 @@ tags: - [🎯 Overview](#-overview) - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸ”‘ Removed Roles](#-removed-roles) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [⚠️ Error Handling](#-error-handling) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) - [πŸ”§ Troubleshooting](#-troubleshooting) - [πŸ” Security Considerations](#-security-considerations) - [πŸ”— Related Scripts](#-related-scripts) diff --git a/docs/scripts/azure/generate-deployment-credentials.md b/docs/scripts/azure/generate-deployment-credentials.md index 9069a006..01828621 100644 --- a/docs/scripts/azure/generate-deployment-credentials.md +++ b/docs/scripts/azure/generate-deployment-credentials.md @@ -40,13 +40,13 @@ tags: - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ”„ Service Principal Creation Flow](#-service-principal-creation-flow) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸ‘₯ Assigned Roles](#-assigned-roles) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [⚠️ Error Handling](#-error-handling) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) - [πŸ”’ Security Considerations](#-security-considerations) -- [πŸ› οΈ Troubleshooting](#-troubleshooting) +- [πŸ› οΈ Troubleshooting](#%EF%B8%8F-troubleshooting) - [πŸ”— Related Scripts](#-related-scripts) --- diff --git a/docs/scripts/clean-setup.md b/docs/scripts/clean-setup.md index 6d4675ab..50b59d7f 100644 --- a/docs/scripts/clean-setup.md +++ b/docs/scripts/clean-setup.md @@ -35,15 +35,15 @@ tags: ## πŸ“‘ Table of Contents -- [🎯 Overview](#overview) -- [πŸ“Š Flow Visualization](#flow-visualization) -- [πŸ“ Parameters](#parameters) -- [βš™οΈ Prerequisites](#prerequisites) -- [πŸ”§ Functions Reference](#functions-reference) -- [πŸ“ Usage Examples](#usage-examples) -- [⚠️ Error Handling](#error-handling) -- [πŸ”§ Troubleshooting](#troubleshooting) -- [πŸ”— Related Scripts](#related-scripts) +- [🎯 Overview](#-overview) +- [πŸ“Š Flow Visualization](#-flow-visualization) +- [πŸ“ Parameters](#-parameters) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) +- [πŸ”§ Functions Reference](#-functions-reference) +- [πŸ“ Usage Examples](#-usage-examples) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) +- [πŸ”§ Troubleshooting](#-troubleshooting) +- [πŸ”— Related Scripts](#-related-scripts) --- diff --git a/docs/scripts/configuration/README.md b/docs/scripts/configuration/README.md index c6256646..eba83128 100644 --- a/docs/scripts/configuration/README.md +++ b/docs/scripts/configuration/README.md @@ -36,7 +36,7 @@ tags: - [🎯 Overview](#-overview) - [πŸ“œ Scripts Inventory](#-scripts-inventory) - [πŸ”„ Workflow Diagram](#-workflow-diagram) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸš€ Quick Start](#-quick-start) - [πŸ”— Related Documentation](#-related-documentation) diff --git a/docs/scripts/configuration/clean-up.md b/docs/scripts/configuration/clean-up.md index 95dcd502..8602aa86 100644 --- a/docs/scripts/configuration/clean-up.md +++ b/docs/scripts/configuration/clean-up.md @@ -38,12 +38,12 @@ tags: - [🎯 Overview](#-overview) - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) -- [πŸ—‚οΈ Resource Groups Deleted](#-resource-groups-deleted) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) +- [πŸ—‚οΈ Resource Groups Deleted](#%EF%B8%8F-resource-groups-deleted) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [⚠️ Error Handling](#-error-handling) -- [πŸ› οΈ Troubleshooting](#-troubleshooting) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) +- [πŸ› οΈ Troubleshooting](#%EF%B8%8F-troubleshooting) - [πŸ”’ Security Considerations](#-security-considerations) - [πŸ”— Related Scripts](#-related-scripts) diff --git a/docs/scripts/configuration/winget-update.md b/docs/scripts/configuration/winget-update.md index 4fe5d4a7..69480dd8 100644 --- a/docs/scripts/configuration/winget-update.md +++ b/docs/scripts/configuration/winget-update.md @@ -40,11 +40,11 @@ tags: - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ”„ Update Process Flow](#-update-process-flow) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) -- [πŸ› οΈ Configuration](#-configuration) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) +- [πŸ› οΈ Configuration](#%EF%B8%8F-configuration) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [⚠️ Error Handling](#-error-handling) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) - [πŸ” Troubleshooting](#-troubleshooting) - [πŸ”„ DSC Integration](#-dsc-integration) - [πŸ”’ Security Considerations](#-security-considerations) diff --git a/docs/scripts/github/README.md b/docs/scripts/github/README.md index 08036184..14cb934a 100644 --- a/docs/scripts/github/README.md +++ b/docs/scripts/github/README.md @@ -35,7 +35,7 @@ tags: - [🎯 Overview](#-overview) - [πŸ“œ Scripts Inventory](#-scripts-inventory) - [πŸ”„ Workflow Diagram](#-workflow-diagram) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸš€ Quick Start](#-quick-start) - [πŸ”— Related Documentation](#-related-documentation) diff --git a/docs/scripts/github/create-github-secret-azure-credentials.md b/docs/scripts/github/create-github-secret-azure-credentials.md index ff5469ef..ca45891f 100644 --- a/docs/scripts/github/create-github-secret-azure-credentials.md +++ b/docs/scripts/github/create-github-secret-azure-credentials.md @@ -36,13 +36,13 @@ tags: - [🎯 Overview](#-overview) - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸ“₯ Expected Input Format](#-expected-input-format) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [βš™οΈ Using the Secret in GitHub Actions](#-using-the-secret-in-github-actions) -- [⚠️ Error Handling](#-error-handling) -- [πŸ› οΈ Troubleshooting](#-troubleshooting) +- [βš™οΈ Using the Secret in GitHub Actions](#%EF%B8%8F-using-the-secret-in-github-actions) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) +- [πŸ› οΈ Troubleshooting](#%EF%B8%8F-troubleshooting) - [πŸ”’ Security Considerations](#-security-considerations) - [πŸ”— Related Scripts](#-related-scripts) @@ -54,7 +54,7 @@ This script authenticates to GitHub using the GitHub CLI and creates a repositor --- -[⬆️ Back to Top](#-creategithubsecretazurecredentialsps1) +[⬆️ Back to Top](#-table-of-contents) --- diff --git a/docs/scripts/github/delete-github-secret-azure-credentials.md b/docs/scripts/github/delete-github-secret-azure-credentials.md index 28742a3f..0bc3da53 100644 --- a/docs/scripts/github/delete-github-secret-azure-credentials.md +++ b/docs/scripts/github/delete-github-secret-azure-credentials.md @@ -38,11 +38,11 @@ tags: - [🎯 Overview](#-overview) - [πŸ“Š Flow Visualization](#-flow-visualization) - [πŸ“ Parameters](#-parameters) -- [βš™οΈ Prerequisites](#-prerequisites) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) - [πŸ”§ Functions Reference](#-functions-reference) - [πŸ“ Usage Examples](#-usage-examples) -- [⚠️ Error Handling](#-error-handling) -- [πŸ› οΈ Troubleshooting](#-troubleshooting) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) +- [πŸ› οΈ Troubleshooting](#%EF%B8%8F-troubleshooting) - [πŸ”’ Security Considerations](#-security-considerations) - [πŸ”— Related Scripts](#-related-scripts) diff --git a/docs/scripts/setup.md b/docs/scripts/setup.md index 56911e0a..0bc55706 100644 --- a/docs/scripts/setup.md +++ b/docs/scripts/setup.md @@ -33,17 +33,17 @@ tags: ## πŸ“‘ Table of Contents -- [🎯 Overview](#overview) -- [πŸ“Š Flow Visualization](#flow-visualization) -- [πŸ”’ Authentication Flow](#authentication-flow) -- [πŸ“ Parameters](#parameters) -- [βš™οΈ Prerequisites](#prerequisites) -- [πŸ”§ Functions Reference](#functions-reference) -- [πŸ“ Usage Examples](#usage-examples) -- [⚠️ Error Handling](#error-handling) -- [πŸ” Security Considerations](#security-considerations) -- [πŸ”§ Troubleshooting](#troubleshooting) -- [πŸ”— Related Scripts](#related-scripts) +- [🎯 Overview](#-overview) +- [πŸ“Š Flow Visualization](#-flow-visualization) +- [πŸ”’ Authentication Flow](#-authentication-flow) +- [πŸ“ Parameters](#-parameters) +- [βš™οΈ Prerequisites](#%EF%B8%8F-prerequisites) +- [πŸ”§ Functions Reference](#-functions-reference) +- [πŸ“ Usage Examples](#-usage-examples) +- [⚠️ Error Handling](#%EF%B8%8F-error-handling) +- [πŸ” Security Considerations](#-security-considerations) +- [πŸ”§ Troubleshooting](#-troubleshooting) +- [πŸ”— Related Scripts](#-related-scripts) ---