diff --git a/.github/workflows/deploy-unified.yml b/.github/workflows/deploy-Parameterized.yml similarity index 79% rename from .github/workflows/deploy-unified.yml rename to .github/workflows/deploy-Parameterized.yml index 0891ea8d1..c75f8cacb 100644 --- a/.github/workflows/deploy-unified.yml +++ b/.github/workflows/deploy-Parameterized.yml @@ -1,5 +1,16 @@ name: Deploy-Test-Cleanup (Parameterized) on: + pull_request: + branches: + - main + workflow_run: + workflows: ["Build Docker and Optional Push"] + types: + - completed + branches: + - main + - dev + - demo workflow_dispatch: inputs: run_e2e_tests: @@ -32,6 +43,13 @@ on: required: false default: '' type: string + build_docker_image: + description: 'Build and push new Docker image' + required: false + default: false + type: boolean + schedule: + - cron: "0 6,18 * * *" # Runs at 6:00 AM and 6:00 PM GMT @@ -39,10 +57,13 @@ env: GPT_MIN_CAPACITY: 150 TEXT_EMBEDDING_MIN_CAPACITY: 80 BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }} - WAF_ENABLED: ${{ github.event.inputs.waf_enabled || false }} - EXP: ${{ github.event.inputs.EXP || false }} - CLEANUP_RESOURCES: ${{ github.event.inputs.cleanup_resources || true }} - RUN_E2E_TESTS: ${{ github.event.inputs.run_e2e_tests || true }} + # For automatic triggers (pull_request, workflow_run, schedule): force Non-WAF + Non-EXP + # For manual dispatch: use input values or defaults + WAF_ENABLED: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.waf_enabled || false) || false }} + EXP: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.EXP || false) || false }} + CLEANUP_RESOURCES: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.cleanup_resources || true) || true }} + RUN_E2E_TESTS: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.run_e2e_tests || true) || true }} + BUILD_DOCKER_IMAGE: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.build_docker_image || false) || false }} jobs: deploy: @@ -54,11 +75,34 @@ jobs: AZURE_LOCATION: ${{ steps.set_region.outputs.AZURE_LOCATION }} IMAGE_TAG: ${{ steps.generate_docker_tag.outputs.IMAGE_TAG }} env: - WAF_ENABLED: ${{ github.event.inputs.waf_enabled || true }} - EXP: ${{ github.event.inputs.EXP || false }} - CLEANUP_RESOURCES: ${{ github.event.inputs.cleanup_resources || true }} + # For automatic triggers: force Non-WAF + Non-EXP, for manual dispatch: use inputs + WAF_ENABLED: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.waf_enabled || false) || false }} + EXP: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.EXP || false) || false }} + CLEANUP_RESOURCES: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.cleanup_resources || true) || true }} steps: + - name: Display Workflow Configuration + run: | + echo "🚀 ===================================" + echo "📋 WORKFLOW CONFIGURATION SUMMARY" + echo "🚀 ===================================" + echo "Trigger Type: ${{ github.event_name }}" + echo "Branch: ${{ env.BRANCH_NAME }}" + echo "" + echo "Configuration Settings:" + echo " â€ĸ WAF Enabled: ${{ env.WAF_ENABLED }}" + echo " â€ĸ EXP Enabled: ${{ env.EXP }}" + echo " â€ĸ Run E2E Tests: ${{ env.RUN_E2E_TESTS }}" + echo " â€ĸ Cleanup Resources: ${{ env.CLEANUP_RESOURCES }}" + echo " â€ĸ Build Docker Image: ${{ env.BUILD_DOCKER_IMAGE }}" + echo "" + if [[ "${{ github.event_name }}" != "workflow_dispatch" ]]; then + echo "ℹī¸ Automatic Trigger: Using Non-WAF + Non-EXP configuration" + else + echo "ℹī¸ Manual Trigger: Using user-specified configuration" + fi + echo "🚀 ===================================" + - name: Validate EXP Configuration run: | echo "🔍 Validating EXP configuration..." @@ -194,21 +238,49 @@ jobs: - name: Generate Unique Docker Image Tag id: generate_docker_tag run: | - # Generate unique tag for manual deployment runs - TIMESTAMP=$(date +%Y%m%d-%H%M%S) - RUN_ID="${{ github.run_id }}" - BRANCH_NAME="${{ env.BRANCH_NAME }}" - # Sanitize branch name for Docker tag (replace invalid characters with hyphens) - CLEAN_BRANCH_NAME=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9._-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g') - UNIQUE_TAG="${CLEAN_BRANCH_NAME}-${TIMESTAMP}-${RUN_ID}" - echo "IMAGE_TAG=$UNIQUE_TAG" >> $GITHUB_ENV - echo "IMAGE_TAG=$UNIQUE_TAG" >> $GITHUB_OUTPUT - echo "Generated unique Docker tag: $UNIQUE_TAG" + if [[ "${{ env.BUILD_DOCKER_IMAGE }}" == "true" ]]; then + echo "🔨 Building new Docker image - generating unique tag..." + # Generate unique tag for manual deployment runs + TIMESTAMP=$(date +%Y%m%d-%H%M%S) + RUN_ID="${{ github.run_id }}" + BRANCH_NAME="${{ env.BRANCH_NAME }}" + # Sanitize branch name for Docker tag (replace invalid characters with hyphens) + CLEAN_BRANCH_NAME=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9._-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g') + UNIQUE_TAG="${CLEAN_BRANCH_NAME}-${TIMESTAMP}-${RUN_ID}" + echo "IMAGE_TAG=$UNIQUE_TAG" >> $GITHUB_ENV + echo "IMAGE_TAG=$UNIQUE_TAG" >> $GITHUB_OUTPUT + echo "Generated unique Docker tag: $UNIQUE_TAG" + else + echo "🏷ī¸ Using existing Docker image based on branch..." + BRANCH_NAME="${{ env.BRANCH_NAME }}" + echo "Current branch: $BRANCH_NAME" + + # Determine image tag based on branch + if [[ "$BRANCH_NAME" == "main" ]]; then + IMAGE_TAG="latest_waf" + echo "Using main branch - image tag: latest_waf" + elif [[ "$BRANCH_NAME" == "dev" ]]; then + IMAGE_TAG="dev" + echo "Using dev branch - image tag: dev" + elif [[ "$BRANCH_NAME" == "demo" ]]; then + IMAGE_TAG="demo" + echo "Using demo branch - image tag: demo" + else + IMAGE_TAG="latest_waf" + echo "Using default for branch '$BRANCH_NAME' - image tag: latest_waf" + fi + + echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV + echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_OUTPUT + echo "Using existing Docker image tag: $IMAGE_TAG" + fi - name: Set up Docker Buildx + if: env.BUILD_DOCKER_IMAGE == true uses: docker/setup-buildx-action@v3 - name: Log in to Azure Container Registry + if: env.BUILD_DOCKER_IMAGE == true uses: azure/docker-login@v2 with: login-server: ${{ secrets.ACR_DEV_LOGIN_SERVER }} @@ -216,6 +288,7 @@ jobs: password: ${{ secrets.ACR_DEV_PASSWORD }} - name: Build and Push Docker Image + if: env.BUILD_DOCKER_IMAGE == true id: build_push_image uses: docker/build-push-action@v6 with: @@ -227,11 +300,18 @@ jobs: ${{ secrets.ACR_DEV_LOGIN_SERVER }}/webapp:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}_${{ github.run_number }} - name: Verify Docker Image Build + if: env.BUILD_DOCKER_IMAGE == true run: | echo "✅ Docker image successfully built and pushed" echo "Image tag: ${{ env.IMAGE_TAG }}" echo "Run number: ${{ github.run_number }}" + - name: Verify Docker Image Selection + if: env.BUILD_DOCKER_IMAGE == false + run: | + echo "✅ Using existing Docker image: latest_waf" + echo "Image tag: ${{ env.IMAGE_TAG }}" + - name: Generate Unique Environment Name id: generate_env_name run: | @@ -294,10 +374,15 @@ jobs: azd env set AZURE_RESOURCE_GROUP="$RESOURCE_GROUP_NAME" azd env set AZURE_ENV_IMAGETAG="${{ env.IMAGE_TAG }}" - # Extract ACR name from login server and set as environment variable - ACR_NAME=$(echo "${{ secrets.ACR_DEV_LOGIN_SERVER }}" | cut -d'.' -f1) - azd env set AZURE_ENV_ACR_NAME="$ACR_NAME" - echo "Set ACR name to: $ACR_NAME" + # Set ACR name only when building Docker image + if [[ "${{ env.BUILD_DOCKER_IMAGE }}" == "true" ]]; then + # Extract ACR name from login server and set as environment variable + ACR_NAME=$(echo "${{ secrets.ACR_DEV_LOGIN_SERVER }}" | cut -d'.' -f1) + azd env set AZURE_ENV_ACR_NAME="$ACR_NAME" + echo "Set ACR name to: $ACR_NAME" + else + echo "Skipping ACR name configuration (using existing image)" + fi if [[ "${{ env.EXP }}" == "true" ]]; then echo "✅ EXP ENABLED - Setting EXP parameters..." @@ -406,7 +491,8 @@ jobs: echo "Logged out from Azure." e2e-test: - if: github.event.inputs.run_e2e_tests == true || github.event.inputs.run_e2e_tests == null + # Run e2e tests for automatic triggers or when manually enabled + if: github.event_name != 'workflow_dispatch' || github.event.inputs.run_e2e_tests == true || github.event.inputs.run_e2e_tests == null needs: deploy uses: ./.github/workflows/test-automation.yml with: @@ -414,7 +500,8 @@ jobs: secrets: inherit cleanup-deployment: - if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && (github.event.inputs.cleanup_resources == true || github.event.inputs.cleanup_resources == null) + # Cleanup for automatic triggers or when manually enabled + if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && (github.event_name != 'workflow_dispatch' || github.event.inputs.cleanup_resources == true || github.event.inputs.cleanup_resources == null) needs: [deploy] runs-on: ubuntu-latest env: @@ -450,7 +537,7 @@ jobs: set -e echo "🗑ī¸ Cleaning up Docker images from Azure Container Registry..." - if [[ -n "${{ env.IMAGE_TAG }}" ]]; then + if [[ -n "${{ env.IMAGE_TAG }}" && "${{ env.IMAGE_TAG }}" != "latest_waf" ]]; then echo "Deleting Docker images with tag: ${{ env.IMAGE_TAG }}" # Delete the main image @@ -465,7 +552,7 @@ jobs: echo "✅ Docker images cleanup completed" else - echo "⚠ī¸ No IMAGE_TAG found, skipping Docker image cleanup" + echo "⚠ī¸ Skipping Docker image cleanup (using latest_waf or no custom image tag)" fi - name: Select Environment diff --git a/infra/main.bicep b/infra/main.bicep index 56e68a3ae..52c304da3 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -623,7 +623,7 @@ module aiSearch 'br/public:avm/res/search/search-service:0.11.1' = { diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null disableLocalAuth: false hostingMode: 'default' - sku: enableScalability ? 'standard' : 'basic' + sku: enableScalability ? 'standard' : 'standard' managedIdentities: { systemAssigned: true } networkRuleSet: { bypass: 'AzureServices'