chore: Dev to Main (#2159)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Roopan-Microsoft <168007406+Roopan-Microsoft@users.noreply.github.com>
Co-authored-by: Roopan P M <v-roopanpm@microsoft.com>
Co-authored-by: Pavan-Microsoft <v-kupavan@microsoft.com>
Co-authored-by: Ross Smith <ross-p-smith@users.noreply.github.com>
Co-authored-by: gpickett <122489228+gpickett@users.noreply.github.com>
Co-authored-by: Francia Riesco <friesco@microsoft.com>
Co-authored-by: Francia Riesco <Fr4nc3@users.noreply.github.com>
Co-authored-by: Prajwal D C <v-dcprajwal@microsoft.com>
Co-authored-by: Harmanpreet-Microsoft <v-harmanprka@microsoft.com>
Co-authored-by: UtkarshMishra-Microsoft <v-utkamishra@microsoft.com>
Co-authored-by: Priyanka-Microsoft <v-prisinghal@microsoft.com>
Co-authored-by: Prasanjeet-Microsoft <v-singhprasa@microsoft.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kiran-Siluveru-Microsoft <v-ksiluveru@microsoft.com>
Co-authored-by: Prashant-Microsoft <v-pmalusare@microsoft.com>
Co-authored-by: Rohini-Microsoft <v-rwalunj@microsoft.com>
Co-authored-by: Avijit-Microsoft <v-aghorui@microsoft.com>
Co-authored-by: RaviKiran-Microsoft <v-ravikirans@microsoft.com>
Co-authored-by: Somesh Joshi <v-somejoshi@microsoft.com>
Co-authored-by: Himanshi Agrawal <v-himagrawal@microsoft.com>
Co-authored-by: pradeepjha-microsoft <v-pradeepjha@microsoft.com>
Co-authored-by: Harmanpreet Kaur <v-harmanpkau@microsoft.com>
Co-authored-by: Bangarraju-Microsoft <v-golib@microsoft.com>
Co-authored-by: Harsh-Microsoft <v-hbangera@microsoft.com>
Co-authored-by: Kanchan-Microsoft <v-knagshetti@microsoft.com>
Co-authored-by: Cristopher Coronado <cristofima@hotmail.com>
Co-authored-by: Cristopher Coronado Moreira <crcorona@pichincha.com>
Co-authored-by: Vamshi-Microsoft <v-vamolla@microsoft.com>
Co-authored-by: Thanusree-Microsoft <168087422+Thanusree-Microsoft@users.noreply.github.com>
Co-authored-by: Niraj Chaudhari (Persistent Systems Inc) <v-nirajcha@microsoft.com>
Co-authored-by: Rohini-Microsoft <168007985+Rohini-Microsoft@users.noreply.github.com>
Co-authored-by: Kingshuk-Microsoft <v-kidatta@microsoft.com>
Co-authored-by: Ayaz-Microsoft <v-ayazkhan@microsoft.com>
Co-authored-by: Abdul-Microsoft <v-amujeebta@microsoft.com>
Co-authored-by: Prekshith-Microsoft <v-pdj@microsoft.com>
Co-authored-by: Rafi-Microsoft <v-rafmd@microsoft.com>
Co-authored-by: Ragini-Microsoft <v-raginich@microsoft.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Atulku-Microsoft <v-atulku@microsoft.com>
Co-authored-by: Akhileswara-Microsoft <v-golnaidu@microsoft.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: 40 people

.env.sample

@@ -27,7 +27,7 @@ AZURE_OPENAI_RESOURCE=
 AZURE_OPENAI_API_KEY=
 AZURE_OPENAI_MODEL=gpt-4o
 AZURE_OPENAI_MODEL_NAME=gpt-4o
-AZURE_OPENAI_EMBEDDING_MODEL=text-embedding-ada-002
+AZURE_OPENAI_EMBEDDING_MODEL=text-embedding-3-small
 AZURE_OPENAI_TEMPERATURE=0
 AZURE_OPENAI_TOP_P=1.0
 AZURE_OPENAI_MAX_TOKENS=1000

.github/workflows/broken-links-checker.yml

@@ -2,6 +2,9 @@ name: Broken Link Checker
 
 on:
   pull_request:
+    paths:
+      - '**/*.md'
+      - '.github/workflows/broken-links-checker.yml'
   workflow_dispatch:
 
 permissions:

.github/workflows/build-docker-images.yml

@@ -6,11 +6,27 @@ on:
       - main
       - dev
       - demo
+    paths:
+      - 'code/**'
+      - '!code/tests/**'
+      - 'docker/**'
+      - 'package.json'
+      - 'pyproject.toml'
+      - '.github/workflows/build-docker-images.yml'
+      - '.github/workflows/build-docker.yml'
   pull_request:
     branches:
       - main
       - dev
       - demo
+    paths:
+      - 'code/**'
+      - '!code/tests/**'
+      - 'docker/**'
+      - 'package.json'
+      - 'pyproject.toml'
+      - '.github/workflows/build-docker-images.yml'
+      - '.github/workflows/build-docker.yml'
     types:
       - opened
       - ready_for_review

.github/workflows/ci.yml

@@ -6,6 +6,13 @@ on:
       - main
       - dev
       - demo
+    paths:
+      - 'infra/**'
+      - 'scripts/**'
+      - 'azure.yaml'
+      - 'pyproject.toml'
+      - 'Makefile'
+      - '.github/workflows/ci.yml'
   schedule:
     - cron: '0 8,20 * * *'  # Runs at 8:00 AM and 8:00 PM GMT
   workflow_dispatch:

.github/workflows/job-deploy.yml

@@ -557,13 +557,25 @@ jobs:
       DATABASE_TYPE: ${{ inputs.DATABASE_TYPE }}
     secrets: inherit
 
+  # Run post-deployment setup (Function App client key + PostgreSQL tables)
+  post-deployment-setup:
+    needs: [azure-setup, deploy-linux, deploy-windows]
+    if: |
+      always() &&
+      (needs.deploy-linux.result == 'success' || needs.deploy-windows.result == 'success')
+    uses: ./.github/workflows/job-post-deployment-setup.yml
+    with:
+      RESOURCE_GROUP_NAME: ${{ needs.azure-setup.outputs.RESOURCE_GROUP_NAME }}
+    secrets: inherit
+
   # Call PostgreSQL setup workflow when DATABASE_TYPE is PostgreSQL
   import-sample-data-postgresql:
-    needs: [azure-setup, deploy-linux, deploy-windows]
+    needs: [azure-setup, deploy-linux, deploy-windows, post-deployment-setup]
     if: |
       always() &&
       inputs.DATABASE_TYPE == 'PostgreSQL' &&
-      (needs.deploy-linux.result == 'success' || needs.deploy-windows.result == 'success')
+      (needs.deploy-linux.result == 'success' || needs.deploy-windows.result == 'success') &&
+      needs.post-deployment-setup.result == 'success'
     uses: ./.github/workflows/import-sample-data-postgresql.yml
     with:
       RESOURCE_GROUP_NAME: ${{ needs.azure-setup.outputs.RESOURCE_GROUP_NAME }}
@@ -572,11 +584,12 @@ jobs:
 
   # Call CosmosDB/Azure Search setup workflow when DATABASE_TYPE is CosmosDB
   import-sample-data-cosmosdb:
-    needs: [azure-setup, deploy-linux, deploy-windows]
+    needs: [azure-setup, deploy-linux, deploy-windows, post-deployment-setup]
     if: |
       always() &&
       inputs.DATABASE_TYPE == 'CosmosDB' &&
-      (needs.deploy-linux.result == 'success' || needs.deploy-windows.result == 'success')
+      (needs.deploy-linux.result == 'success' || needs.deploy-windows.result == 'success') &&
+      needs.post-deployment-setup.result == 'success'
     uses: ./.github/workflows/import-sample-data-cosmosdb.yml
     with:
       RESOURCE_GROUP_NAME: ${{ needs.azure-setup.outputs.RESOURCE_GROUP_NAME }}

.github/workflows/job-post-deployment-setup.yml

@@ -0,0 +1,103 @@
+name: Post-Deployment Setup
+
+on:
+  workflow_dispatch:
+    inputs:
+      RESOURCE_GROUP_NAME:
+        description: 'Azure Resource Group name'
+        required: true
+        type: string
+  workflow_call:
+    inputs:
+      RESOURCE_GROUP_NAME:
+        description: 'Azure Resource Group name'
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  post-deployment-setup:
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Login to Azure
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install Python Dependencies
+        shell: bash
+        run: |
+          pip install psycopg2-binary azure-identity
+
+      - name: Run Post-Deployment Setup (Attempt 1)
+        id: setup1
+        shell: bash
+        env:
+          RESOURCE_GROUP: ${{ inputs.RESOURCE_GROUP_NAME }}
+        run: |
+          chmod +x scripts/post_deployment_setup.sh
+          bash scripts/post_deployment_setup.sh "$RESOURCE_GROUP"
+        continue-on-error: true
+
+      - name: Wait 20 seconds before retry
+        if: ${{ steps.setup1.outcome == 'failure' }}
+        shell: bash
+        run: sleep 20s
+
+      - name: Run Post-Deployment Setup (Attempt 2)
+        id: setup2
+        if: ${{ steps.setup1.outcome == 'failure' }}
+        shell: bash
+        env:
+          RESOURCE_GROUP: ${{ inputs.RESOURCE_GROUP_NAME }}
+        run: |
+          chmod +x scripts/post_deployment_setup.sh
+          bash scripts/post_deployment_setup.sh "$RESOURCE_GROUP"
+        continue-on-error: true
+
+      - name: Wait 40 seconds before final retry
+        if: ${{ steps.setup2.outcome == 'failure' }}
+        shell: bash
+        run: sleep 40s
+
+      - name: Run Post-Deployment Setup (Attempt 3)
+        id: setup3
+        if: ${{ steps.setup2.outcome == 'failure' }}
+        shell: bash
+        env:
+          RESOURCE_GROUP: ${{ inputs.RESOURCE_GROUP_NAME }}
+        run: |
+          chmod +x scripts/post_deployment_setup.sh
+          bash scripts/post_deployment_setup.sh "$RESOURCE_GROUP"
+
+      - name: Generate Post-Deployment Summary
+        if: always()
+        shell: bash
+        run: |
+          echo "## 🔧 Post-Deployment Setup Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
+          echo "| **Job Status** | ${{ job.status == 'success' && '✅ Success' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Resource Group** | \`${{ inputs.RESOURCE_GROUP_NAME }}\` |" >> $GITHUB_STEP_SUMMARY
+
+      - name: Logout from Azure
+        if: always()
+        shell: bash
+        run: |
+          az logout || true
+          echo "Logged out from Azure."

.github/workflows/tests.yml

@@ -12,6 +12,12 @@ on:
       - '.github/workflows/tests.yml'
   pull_request:
     branches: [main, dev, demo]
+    paths:
+      - 'code/**'
+      - 'pyproject.toml'
+      - 'package.json'
+      - 'pytest.ini'
+      - '.github/workflows/tests.yml'
     types:
       - opened
       - ready_for_review

.github/workflows/validate-bicep-params.yml

@@ -0,0 +1,108 @@
+name: Validate Bicep Parameters
+
+permissions:
+  contents: read
+
+on:
+  schedule:
+    - cron: '30 6 * * 3' # Wednesday 12:00 PM IST (6:30 AM UTC)
+  pull_request:
+    branches:
+      - main
+      - dev
+    paths:
+      - 'infra/**/*.bicep'
+      - 'infra/**/*.parameters.json'
+      - 'scripts/validate_bicep_params.py'
+  workflow_dispatch:
+
+env:
+  accelerator_name: "CWYD"
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Validate infra/ parameters
+        id: validate_infra
+        continue-on-error: true
+        run: |
+          set +e
+          python scripts/validate_bicep_params.py --dir infra --strict --no-color --json-output infra_results.json 2>&1 | tee infra_output.txt
+          EXIT_CODE=${PIPESTATUS[0]}
+          set -e
+          echo "## Infra Param Validation" >> "$GITHUB_STEP_SUMMARY"
+          echo '```' >> "$GITHUB_STEP_SUMMARY"
+          cat infra_output.txt >> "$GITHUB_STEP_SUMMARY"
+          echo '```' >> "$GITHUB_STEP_SUMMARY"
+          exit $EXIT_CODE
+
+      - name: Set overall result
+        id: result
+        run: |
+          if [[ "${{ steps.validate_infra.outcome }}" == "failure" ]]; then
+            echo "status=failure" >> "$GITHUB_OUTPUT"
+          else
+            echo "status=success" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Upload validation results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: bicep-validation-results
+          path: |
+            infra_results.json
+          retention-days: 30
+
+      - name: Send schedule notification on failure
+        if: github.event_name == 'schedule' && steps.result.outputs.status == 'failure'
+        env:
+          LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+          ACCELERATOR_NAME: ${{ env.accelerator_name }}
+        run: |
+          RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+          INFRA_OUTPUT=$(sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g' infra_output.txt)
+
+          jq -n \
+            --arg name "${ACCELERATOR_NAME}" \
+            --arg infra "$INFRA_OUTPUT" \
+            --arg url "$RUN_URL" \
+            '{subject: ("Bicep Parameter Validation Report - " + $name + " - Issues Detected"), body: ("<p>Dear Team,</p><p>The scheduled <strong>Bicep Parameter Validation</strong> for <strong>" + $name + "</strong> has detected parameter mapping errors.</p><p><strong>infra/ Results:</strong></p><pre>" + $infra + "</pre><p><strong>Run URL:</strong> <a href=\"" + $url + "\">" + $url + "</a></p><p>Please fix the parameter mapping issues at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>")}' \
+            | curl -X POST "${LOGICAPP_URL}" \
+              -H "Content-Type: application/json" \
+              -d @- || echo "Failed to send notification"
+
+      - name: Send schedule notification on success
+        if: github.event_name == 'schedule' && steps.result.outputs.status == 'success'
+        env:
+          LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+          ACCELERATOR_NAME: ${{ env.accelerator_name }}
+        run: |
+          RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+          INFRA_OUTPUT=$(sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g' infra_output.txt)
+
+          jq -n \
+            --arg name "${ACCELERATOR_NAME}" \
+            --arg infra "$INFRA_OUTPUT" \
+            --arg url "$RUN_URL" \
+            '{subject: ("Bicep Parameter Validation Report - " + $name + " - Passed"), body: ("<p>Dear Team,</p><p>The scheduled <strong>Bicep Parameter Validation</strong> for <strong>" + $name + "</strong> has completed successfully. All parameter mappings are valid.</p><p><strong>infra/ Results:</strong></p><pre>" + $infra + "</pre><p><strong>Run URL:</strong> <a href=\"" + $url + "\">" + $url + "</a></p><p>Best regards,<br>Your Automation Team</p>")}' \
+            | curl -X POST "${LOGICAPP_URL}" \
+              -H "Content-Type: application/json" \
+              -d @- || echo "Failed to send notification"
+
+      - name: Fail if errors found
+        if: steps.result.outputs.status == 'failure'
+        run: exit 1

README.md

@@ -201,7 +201,18 @@ Select either "PostgreSQL" or "Cosmos DB":
 ![Solution Architecture - DB Selection](/docs/images/db_selection.png)
 
 
-When Deployment is complete, follow steps in [Set Up Authentication in Azure App Service](./docs/azure_app_service_auth_setup.md) to add app authentication to your web app running on Azure App Service
+**When Deployment is complete:**
+
+1. Run the post-deployment setup script to configure the Function App client key and create PostgreSQL tables (if applicable). Open [Azure Cloud Shell](https://shell.azure.com) (Bash) and run:
+
+    ```bash
+    az login
+    git clone https://github.com/Azure-Samples/chat-with-your-data-solution-accelerator.git
+    cd chat-with-your-data-solution-accelerator
+    bash scripts/post_deployment_setup.sh "<your-resource-group-name>"
+    ```
+
+2. Follow steps in [Set Up Authentication in Azure App Service](./docs/azure_app_service_auth_setup.md) to add app authentication to your web app running on Azure App Service
 
 **Note**: The default configuration deploys an OpenAI Model "gpt-4.1" with version 2025-04-14. However, not all
 locations support this version. If you're deploying to a location that doesn't support version 2024-05-13, you'll need to
@@ -266,7 +277,7 @@ Check out similar solution accelerators
 | [AI&nbsp;playbook](https://learn.microsoft.com/en-us/ai/playbook/) | The Artificial Intelligence (AI) Playbook provides enterprise software engineers with solutions, capabilities, and code developed to solve real-world AI problems. |
 | [Data&nbsp;playbook](https://learn.microsoft.com/en-us/data-engineering/playbook/understanding-data-playbook) | The data playbook provides enterprise software engineers with solutions which contain code developed to solve real-world problems. Everything in the playbook is developed with, and validated by, some of Microsoft's largest and most influential customers and partners. |
 
-<br/> 
+<br/>
 
 ### Resource links