Skip to content
GenAIScript
Blog

Bicep Best Practices

Azure Bicep is a Domain Specific Language (DSL) for deploying Azure resources declaratively. It is a language that is designed to be a more readable and maintainable way to define Azure resources.

Bicep comes with a linter that detects various faults, but also comes with online best practices which are not completely covered by the linter.

Web App Basic Linux

Section titled “Web App Basic Linux”

The following is a Bicep file that deploys a web app with a Linux app service plan. It is the microsoft.web/webapp-basic-linux/main.bicep sample template in the bicep playground.

web-app-basic-linux.bicep
@description('Base name of the resource such as web app name and app service plan ')
@minLength(2)
param webAppName string = 'AzureLinuxApp'


@description('The SKU of App Service Plan ')
param sku string = 'S1'


@description('The Runtime stack of current web app')
param linuxFxVersion string = 'php|7.4'


@description('Location for all resources.')
param location string = resourceGroup().location


var webAppPortalName = '${webAppName}-webapp'
#disable-next-line genaiscript
var appServicePlanName = 'AppServicePlan-${webAppName}'


resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
  name: appServicePlanName
  location: location
  sku: {
    name: sku
  }
  kind: 'linux'
  properties: {
    reserved: true
  }
}


resource webAppPortal 'Microsoft.Web/sites@2022-03-01' = {
  name: webAppPortalName
  location: location
  kind: 'app'
  properties: {
    serverFarmId: appServicePlan.id
    siteConfig: {
      linuxFxVersion: linuxFxVersion
      ftpsState: 'FtpsOnly'
    }
    httpsOnly: true
  }
  identity: {
    type: 'SystemAssigned'
  }
}

Script

Section titled “Script”

The file is linter clean, but some improvements could be made with best practices. The following script will apply best practices to the Bicep file.

bicep-best-practices.genai.mjs
script({
    title: "Bicep Best Practices",
    temperature: 0,
    system: ["system", "system.annotations"],
    accept: ".bicep",
})


def("FILE", env.files, { endsWith: ".bicep" })


$`You are an expert at Azure Bicep.


Review the bicep in FILE and generate errors to enhance the script base on best practices
(https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/best-practices).


- Generate the top 3 most important annotations.
- Limit range to a single line.
- Do NOT generate notes.
- If a line starts with "#disable-next-line genaiscript", ignore the next line.
`
  • line numbers are added to the file content to help the LLM precisely locate the issues.
def("FILE", env.files, { endsWith: ".bicep", lineNumbers: true })
  • the script uses a builtin support for annotations to generate parseable warnings and errors. Annotations are automatically integrated as problems in VSCode or as build errors in the CI/CD pipeline.
$`... and generate annotations ...`
  • added support to ignore false positives using the #disable-next-line genaiscript comment
$`- If a line starts with "#disable-next-line genaiscript", ignore the next line.`
  • GPT-4 already knows about the best practices for Bicep, no need to repeat them!

Results

Section titled “Results”

The LLM generates 3 annotations for the Bicep file. The annotations are surfaced as squiggly lines in VSCode.

Screenshot of a code editor displaying a Bicep file with parameters for an Azure web app. The parameters include webAppName, sku, linuxFxVersion, and location. There are warnings at the bottom suggesting to use a secure and unique default value for 'webAppName', specify the runtime stack more dynamically, and consider adding a 'reserved' property within 'siteConfig'.