Vamshi-Microsoft · Vamshi-Microsoft · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025
diff --git a/.github/workflows/deploy-unified.yml → .github/workflows/deploy-Parameterized.yml b/.github/workflows/deploy-unified.yml → .github/workflows/deploy-Parameterized.yml
@@ -1,5 +1,16 @@
 name: Deploy-Test-Cleanup (Parameterized)
 on:
+  pull_request:
+    branches:
+      - main
+  workflow_run:
+    workflows: ["Build Docker and Optional Push"]
+    types:
+      - completed
+    branches:
+      - main
+      - dev
+      - demo
   workflow_dispatch:
     inputs:
       run_e2e_tests:
@@ -32,17 +43,27 @@ on:
         required: false
         default: ''
         type: string
+      build_docker_image:
+        description: 'Build and push new Docker image'
+        required: false
+        default: false
+        type: boolean
+  schedule:
+    - cron: "0 6,18 * * *" # Runs at 6:00 AM and 6:00 PM GMT
 
 
 
 env:
   GPT_MIN_CAPACITY: 150
   TEXT_EMBEDDING_MIN_CAPACITY: 80
   BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
-  WAF_ENABLED: ${{ github.event.inputs.waf_enabled || false }}
-  EXP: ${{ github.event.inputs.EXP || false }}
-  CLEANUP_RESOURCES: ${{ github.event.inputs.cleanup_resources || true }}
-  RUN_E2E_TESTS: ${{ github.event.inputs.run_e2e_tests || true }}
+  # For automatic triggers (pull_request, workflow_run, schedule): force Non-WAF + Non-EXP
+  # For manual dispatch: use input values or defaults
+  WAF_ENABLED: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.waf_enabled || false) || false }}
+  EXP: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.EXP || false) || false }}
+  CLEANUP_RESOURCES: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.cleanup_resources || true) || true }}
+  RUN_E2E_TESTS: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.run_e2e_tests || true) || true }}
+  BUILD_DOCKER_IMAGE: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.build_docker_image || false) || false }}
 
 jobs:
   deploy:
@@ -54,11 +75,34 @@ jobs:
       AZURE_LOCATION: ${{ steps.set_region.outputs.AZURE_LOCATION }}
       IMAGE_TAG: ${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}
     env:
-      WAF_ENABLED: ${{ github.event.inputs.waf_enabled || true }}
-      EXP: ${{ github.event.inputs.EXP || false }}
-      CLEANUP_RESOURCES: ${{ github.event.inputs.cleanup_resources || true }}
+      # For automatic triggers: force Non-WAF + Non-EXP, for manual dispatch: use inputs
+      WAF_ENABLED: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.waf_enabled || false) || false }}
+      EXP: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.EXP || false) || false }}
+      CLEANUP_RESOURCES: ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.cleanup_resources || true) || true }}
 
     steps:
+      - name: Display Workflow Configuration
+        run: |
+          echo "🚀 ==================================="
+          echo "📋 WORKFLOW CONFIGURATION SUMMARY"
+          echo "🚀 ==================================="
+          echo "Trigger Type: ${{ github.event_name }}"
+          echo "Branch: ${{ env.BRANCH_NAME }}"
+          echo ""
+          echo "Configuration Settings:"
+          echo "  • WAF Enabled: ${{ env.WAF_ENABLED }}"
+          echo "  • EXP Enabled: ${{ env.EXP }}"
+          echo "  • Run E2E Tests: ${{ env.RUN_E2E_TESTS }}"
+          echo "  • Cleanup Resources: ${{ env.CLEANUP_RESOURCES }}"
+          echo "  • Build Docker Image: ${{ env.BUILD_DOCKER_IMAGE }}"
+          echo ""
+          if [[ "${{ github.event_name }}" != "workflow_dispatch" ]]; then
+            echo "ℹ️  Automatic Trigger: Using Non-WAF + Non-EXP configuration"
+          else
+            echo "ℹ️  Manual Trigger: Using user-specified configuration"
+          fi
+          echo "🚀 ==================================="
+
       - name: Validate EXP Configuration
         run: |
           echo "🔍 Validating EXP configuration..."
@@ -194,28 +238,57 @@ jobs:
       - name: Generate Unique Docker Image Tag
         id: generate_docker_tag
         run: |
-          # Generate unique tag for manual deployment runs
-          TIMESTAMP=$(date +%Y%m%d-%H%M%S)
-          RUN_ID="${{ github.run_id }}"
-          BRANCH_NAME="${{ env.BRANCH_NAME }}"
-          # Sanitize branch name for Docker tag (replace invalid characters with hyphens)
-          CLEAN_BRANCH_NAME=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9._-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
-          UNIQUE_TAG="${CLEAN_BRANCH_NAME}-${TIMESTAMP}-${RUN_ID}"
-          echo "IMAGE_TAG=$UNIQUE_TAG" >> $GITHUB_ENV
-          echo "IMAGE_TAG=$UNIQUE_TAG" >> $GITHUB_OUTPUT
-          echo "Generated unique Docker tag: $UNIQUE_TAG"
+          if [[ "${{ env.BUILD_DOCKER_IMAGE }}" == "true" ]]; then
+            echo "🔨 Building new Docker image - generating unique tag..."
+            # Generate unique tag for manual deployment runs
+            TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+            RUN_ID="${{ github.run_id }}"
+            BRANCH_NAME="${{ env.BRANCH_NAME }}"
+            # Sanitize branch name for Docker tag (replace invalid characters with hyphens)
+            CLEAN_BRANCH_NAME=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9._-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
+            UNIQUE_TAG="${CLEAN_BRANCH_NAME}-${TIMESTAMP}-${RUN_ID}"
+            echo "IMAGE_TAG=$UNIQUE_TAG" >> $GITHUB_ENV
+            echo "IMAGE_TAG=$UNIQUE_TAG" >> $GITHUB_OUTPUT
+            echo "Generated unique Docker tag: $UNIQUE_TAG"
+          else
+            echo "🏷️ Using existing Docker image based on branch..."
+            BRANCH_NAME="${{ env.BRANCH_NAME }}"
+            echo "Current branch: $BRANCH_NAME"
+
+            # Determine image tag based on branch
+            if [[ "$BRANCH_NAME" == "main" ]]; then
+              IMAGE_TAG="latest_waf"
+              echo "Using main branch - image tag: latest_waf"
+            elif [[ "$BRANCH_NAME" == "dev" ]]; then
+              IMAGE_TAG="dev"
+              echo "Using dev branch - image tag: dev"
+            elif [[ "$BRANCH_NAME" == "demo" ]]; then
+              IMAGE_TAG="demo"
+              echo "Using demo branch - image tag: demo"
+            else
+              IMAGE_TAG="latest_waf"
+              echo "Using default for branch '$BRANCH_NAME' - image tag: latest_waf"
+            fi
+
+            echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
+            echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_OUTPUT
+            echo "Using existing Docker image tag: $IMAGE_TAG"
+          fi
 
       - name: Set up Docker Buildx
+        if: env.BUILD_DOCKER_IMAGE == true
         uses: docker/setup-buildx-action@v3
 
       - name: Log in to Azure Container Registry
+        if: env.BUILD_DOCKER_IMAGE == true
         uses: azure/docker-login@v2
         with:
           login-server: ${{ secrets.ACR_DEV_LOGIN_SERVER }}
           username: ${{ secrets.ACR_DEV_USERNAME }}
           password: ${{ secrets.ACR_DEV_PASSWORD }}
 
       - name: Build and Push Docker Image
+        if: env.BUILD_DOCKER_IMAGE == true
         id: build_push_image
         uses: docker/build-push-action@v6
         with:
@@ -227,11 +300,18 @@ jobs:
             ${{ secrets.ACR_DEV_LOGIN_SERVER }}/webapp:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}_${{ github.run_number }}
 
       - name: Verify Docker Image Build
+        if: env.BUILD_DOCKER_IMAGE == true
         run: |
           echo "✅ Docker image successfully built and pushed"
           echo "Image tag: ${{ env.IMAGE_TAG }}"
           echo "Run number: ${{ github.run_number }}"
 
+      - name: Verify Docker Image Selection
+        if: env.BUILD_DOCKER_IMAGE == false
+        run: |
+          echo "✅ Using existing Docker image: latest_waf"
+          echo "Image tag: ${{ env.IMAGE_TAG }}"
+
       - name: Generate Unique Environment Name
         id: generate_env_name
         run: |
@@ -294,10 +374,15 @@ jobs:
           azd env set AZURE_RESOURCE_GROUP="$RESOURCE_GROUP_NAME"
           azd env set AZURE_ENV_IMAGETAG="${{ env.IMAGE_TAG }}"
 
-          # Extract ACR name from login server and set as environment variable
-          ACR_NAME=$(echo "${{ secrets.ACR_DEV_LOGIN_SERVER }}" | cut -d'.' -f1)
-          azd env set AZURE_ENV_ACR_NAME="$ACR_NAME"
-          echo "Set ACR name to: $ACR_NAME"
+          # Set ACR name only when building Docker image
+          if [[ "${{ env.BUILD_DOCKER_IMAGE }}" == "true" ]]; then
+            # Extract ACR name from login server and set as environment variable
+            ACR_NAME=$(echo "${{ secrets.ACR_DEV_LOGIN_SERVER }}" | cut -d'.' -f1)
+            azd env set AZURE_ENV_ACR_NAME="$ACR_NAME"
+            echo "Set ACR name to: $ACR_NAME"
+          else
+            echo "Skipping ACR name configuration (using existing image)"
+          fi
 
           if [[ "${{ env.EXP }}" == "true" ]]; then
             echo "✅ EXP ENABLED - Setting EXP parameters..."
@@ -406,15 +491,17 @@ jobs:
           echo "Logged out from Azure."
 
   e2e-test:
-    if: github.event.inputs.run_e2e_tests == true || github.event.inputs.run_e2e_tests == null
+    # Run e2e tests for automatic triggers or when manually enabled
+    if: github.event_name != 'workflow_dispatch' || github.event.inputs.run_e2e_tests == true || github.event.inputs.run_e2e_tests == null
     needs: deploy
     uses: ./.github/workflows/test-automation.yml
     with:
       DOCGEN_URL: ${{ needs.deploy.outputs.WEBAPP_URL }}
     secrets: inherit
 
   cleanup-deployment:
-    if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && (github.event.inputs.cleanup_resources == true || github.event.inputs.cleanup_resources == null)
+    # Cleanup for automatic triggers or when manually enabled
+    if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && (github.event_name != 'workflow_dispatch' || github.event.inputs.cleanup_resources == true || github.event.inputs.cleanup_resources == null)
     needs: [deploy]
     runs-on: ubuntu-latest
     env:
@@ -450,7 +537,7 @@ jobs:
           set -e
           echo "🗑️ Cleaning up Docker images from Azure Container Registry..."
 
-          if [[ -n "${{ env.IMAGE_TAG }}" ]]; then
+          if [[ -n "${{ env.IMAGE_TAG }}" && "${{ env.IMAGE_TAG }}" != "latest_waf" ]]; then
             echo "Deleting Docker images with tag: ${{ env.IMAGE_TAG }}"
 
             # Delete the main image
@@ -465,7 +552,7 @@ jobs:
 
             echo "✅ Docker images cleanup completed"
           else
-            echo "⚠️ No IMAGE_TAG found, skipping Docker image cleanup"
+            echo "⚠️ Skipping Docker image cleanup (using latest_waf or no custom image tag)"
           fi
 
       - name: Select Environment

diff --git a/infra/main.bicep b/infra/main.bicep
@@ -623,7 +623,7 @@ module aiSearch 'br/public:avm/res/search/search-service:0.11.1' = {
     diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null
     disableLocalAuth: false
     hostingMode: 'default'
-    sku: enableScalability ? 'standard' : 'basic'
+    sku: enableScalability ? 'standard' : 'standard'
     managedIdentities: { systemAssigned: true }
     networkRuleSet: {
       bypass: 'AzureServices'