Files
youcef zr 6efac95b53 feat(deploy): Azure deployment support (App Service + ACI) (#3387)
* feat(deploy): add Azure deployment templates (App Service + ACI)

Adds a deploy/azure/ lane so Open Design can be deployed to Microsoft
Azure from the published runtime image, alongside the existing Docker
Compose and Helm options. Covers the App Service + ACI scope of #1028.

Two Bicep templates run the same single-port Alpine image used by
deploy/docker-compose.yml and charts/open-design:

- app-service.bicep: App Service for Containers with managed HTTPS,
  Always On, and health checks on /api/health.
- aci.bicep: a single Azure Container Instances group with a public
  FQDN and an /api/health liveness probe.

These are evaluation deployments: state lives on the container's local
disk and is ephemeral. Open Design stores SQLite under OD_DATA_DIR, and
SQLite needs real file locking, which the Azure Files (SMB) storage
behind both App Service and ACI persistence cannot provide without
corruption. App Service sets WEBSITES_ENABLE_APP_SERVICE_STORAGE=false to
keep the data dir on local disk. Durable self-hosting stays on the
Compose named volume or the Helm PVC.

Both wire the daemon's env contract (OD_BIND_HOST/OD_PORT/OD_WEB_PORT/
OD_DATA_DIR/OD_PUBLIC_BASE_URL/OD_ALLOWED_ORIGINS/OD_API_TOKEN) and take
the API token as a secure parameter so it never appears in deployment
outputs.

deploy-azure.sh wraps `az` to create the resource group, generate a
token when one isn't supplied, deploy a lane, and print the URL.
README.md documents both lanes, the ephemeral-data caveat, and the
security trade-offs.

deploy/tests/azure-bicep.test.ts guards the runtime contract and that the
data dir is never mounted to Azure Files; when the bicep CLI is present
it also compiles both templates.

* docs(deploy): add ACI health-check example to Azure quick start
2026-06-23 06:53:45 +00:00
..