AAII — Azure AI Infra & Inference

Public-safe, end-to-end path from Terraform IaC → GitHub OIDC → containerized API deployment, with a local Blazor UI to exercise the API.

Portfolio Snapshot

AAII delivers a public-safe, end-to-end path from Terraform IaC → GitHub OIDC → containerized API deployment, with a local Blazor UI to exercise the API. Changes are continuously verified via Terraform fmt/validate, Python pytest, and .NET build (plus a single repo “Definition-of-Done” validation script).

What it proves

Delivers a portfolio-safe Azure deployment blueprint (no secrets committed; OIDC-only auth flow).
Implements IaC-first infrastructure with Terraform, modular structure, and validate-only CI posture.
Hardens deployments with Resource Group-scoped least-privilege RBAC and environment separation (dev/prod).
Automates local and demo workflows via PowerShell scripts and VS Code tasks.
Verifies reliability with repeatable checks across Terraform, Python, and .NET.
Demonstrates an API + UI slice including semantic search over a repo-hosted JSON corpus.

Key components

Unified configuration sample at config/aaii.config.sample.json (local overrides are intentionally ignored).
PowerShell automation for Azure OIDC bootstrap/verify and Terraform var generation.
Terraform modules for core resources and Container Apps scaffolding (with an additive split-module option).
FastAPI service with GET /health, POST /infer, GET /model, POST /embed, POST /search.
Semantic search over data/sample-json/*.json with per-file embedding caching (filename + mtime).
Blazor Server UI supporting Local/Cloud API targets plus a Semantic Search UI surface.
Repo validation script scripts/validate/verify.ps1 (Terraform + pytest + .NET build).
Documentation hub (docs/) plus ADRs capturing guardrails and repo scope.

Delivery milestones

Bootstrap layer created for local tooling + validation.
Unified config introduced for Azure bootstrap + Terraform inputs.
OIDC GitHub Actions configured for env-scoped subjects and RG-scoped RBAC.
Terraform baseline modularized (core + container app scaffolding) with validate-only CI posture.
Containerized API delivered with Dockerfile + ACR push + Container Apps deploy path.
UI shipped with Local/Cloud target switch and endpoint-safe configuration pattern.
Semantic search milestone delivered (embeddings + corpus + UI hook + tests).

Operational notes

This repo is designed to stay public-safe: real endpoints/IDs belong in ignored files or user-secrets.
Dev/prod separation is done via GitHub Environments and env-scoped identity subjects.
Deployments are opt-in/manual; CI focuses on validation (fmt/validate/build/test) by design.

Note: Source repo currently private; available on request. Will be published later.

Verification

Visual evidence of the deployment pipeline and running application.

Blazor UI for inference — UI surface — functional end-to-end inference path.

GitHub Actions CI build workflow — CI build workflow run (green) — baseline verification.

GitHub Actions infrastructure deployment workflow — Infrastructure deploy workflow — IaC apply evidence.

GitHub Actions API deployment workflow — API deploy workflow — application rollout evidence.

Terraform remote state container — Terraform remote state storage — repeatable deployments.

Azure Container App resource — Container App resource — production runtime confirmation.