Game Master Copilot

Game Master Copilot is an AI enabled copilot to help game masters create content. It is a multitenant application that can be used to serve users and teams (organizations).

The application is a work-in-progress and is being used a test platform for various technologies and services. It is intended to demonstrate the use of Large Foundational Models/Generative AI using Azure OpenAI Service and Semantic Kernel as well as a reference architecture for running multitenant SaaS applications in Azure.

This application uses the following Microsoft & Azure technologies, including:

• Azure Container Apps: Application and API hosting.
• Azure OpenAI Service: foundational models (GPT-4 Turbo, DALL-E etc.)
• Semantic Kernel: AI orchestration.
• Azure AI Search: Search and semantic index (including vector support).
• Azure Cosmos DB: Application data & document storage (including caching).
• Azure Key Vault: Key, secret and certificate handling.
• Azure Blob Storage: Provides general file storage for the application.
• Azure Application Insights: Application monitoring.
• .NET 8 Blazor WASM with Hosted Server: Core application and APIs.
• .NET 8 Aspire: Application service discovery.

Future features planned:

• Azure AD B2C: Application identity.
• Azure Application Configuration: Implement external application configuration.
• Azure Cache for Redis: Implement caching. Will use DAPR within the Azure Container Apps service.
• Azure Event Grid: Implement event mechansim to drive processes.

Continuous Integration & Continuous Delivery

The application is built and deployed using:

• Continuous integration using GitHub Actions workflow from the main branch. See continuous-integration.yml.
• Continuous delivery using GitHub Actions workflow from the main branch. See continuous-deployment.yml.
• Infrastrucutre as Code using [Azure Bicep](). See main.bicep.

Workload Identity

The GitHub Actions workflow has been configured to use Entra ID Workload Identity for the workflow to connect to Azure. Please see Configuring Workload Identity Federation for GitHub Actions workflow for more information.

Environments

The following environments should be configured in the GitHub repository:

• TEST: The Azure AD URL to use for authentication. For example, `https://login.microsoftonline.com/``.
• PRODUCTION: The Azure region to deploy the resources to. For example, EastUS.

Your environments should look similar to this:

Currently the continuous-delivery only deploys the test environment, but in future it will deploy to both test and production depending on tagging and other criteria.

Variables

The following Actions Variables should be configured in the GitHub repository:

• LOCATION: The Azure region to deploy the resources to. For example, EastUS.
• BASE_RESOURCE_NAME_SHARED: The base name that will prefixed to all shared Azure resources deployed to ensure they are unique. For example, dsr-gmcopilot-shared.
• RESOURCE_GROUP_NAME_SHARED: The name of the Azure resource group to create and add the shared resources to. For example, dsr-gmcopilot-shared-rg.

The following variables are used to configure authentcation to Entra ID for the application. See Enable authentication and authorization in Azure Container Apps with Microsoft Entra ID to learn more about how to configure the Application Registration to use.

• ENTRAID_ISSUER_URL: The base Entra ID Issuer URL to use for authentication. For example, https://login.microsoftonline.com/.
• ENTRAID_TENANT_ID: The Tenant ID of the Entra ID tenant to use for authentication.
• ENTRAID_CLIENT_ID: The Client ID of the Entra ID Application Registration to use for authentication.

The shared resrouces are resources that are shared across all environments. These resources are:

• Azure Container Registry

Environment Variables

Each environment should have the following actions variables defined:

• BASE_RESOURCE_NAME: The base name that will prefixed to all Azure resources deployed to ensure they are unique. For example, dsr-gmcopilot-prod for production.
• RESOURCE_GROUP_NAME: The name of the Azure resource group to create and add the application resources to. For example, dsr-gmcopilot-prod-rg for production.
• ENVIRONMENT_CODE: A code that will be used to identify this environment. For example, prod for production. This is not currently used.

Your variables should look similar to this:

Secrets

The following Actions Secrets need to be defined so that that the resources can be deployed by the GitHub Actions workflow and that the Web Application can use Azure AD as an authentication source:

• AZURE_CLIENT_ID: The Application (Client) ID of the Service Principal used to authenticate to Azure. This is generated as part of configuring Workload Identity Federation.
• AZURE_TENANT_ID: The Tenant ID of the Service Principal used to authenticate to Azure.
• AZURE_SUBSCRIPTION_ID: The Subscription ID of the Azure Subscription to deploy to.

Using Entra ID (Customer) as an Authentication Source

• ENTRAID_CLIENT_SECRET: The client secret of the Entra ID application registration that has been created in the Entra ID tenant to be used as an authentication source.

These values should be kept secret and care taken to ensure they are not shared with anyone. Your secrets should look like this: