Enhance CI workflows: update paths for Docker build, deploy, PyLint, and test workflows; upgrade action versions

Author: Harmanpreet Kaur

.github/workflows/build-docker-images.yml

@@ -7,6 +7,12 @@ on:
       - dev
       - demo
       - hotfix
+    paths:
+      - 'src/backend/**'
+      - 'src/frontend/**'
+      - 'docker/**'
+      - '.github/workflows/build-docker-images.yml'
+      - '.github/workflows/build-docker.yml'
   pull_request:
     branches:
       - main
@@ -18,6 +24,12 @@ on:
       - ready_for_review
       - reopened
       - synchronize
+    paths:
+      - 'src/backend/**'
+      - 'src/frontend/**'
+      - 'docker/**'
+      - '.github/workflows/build-docker-images.yml'
+      - '.github/workflows/build-docker.yml'
   merge_group:
   workflow_dispatch:
 

.github/workflows/deploy.yml

@@ -1,17 +1,19 @@
 name: Deploy-Test-Cleanup Pipeline
 
 on:
-    workflow_run:
-      workflows: ["Build Docker and Optional Push"]
-      types:
-        - completed
-      branches:
-        - main
-        - dev
-        - demo
-    schedule:
-      - cron: '0 5,17 * * *'  # Runs at 5:00 AM and 5:00 PM GMT
-    workflow_dispatch:
+  push:
+    branches:
+      - main
+      - dev
+      - demo
+    paths:
+      - 'infra/**'
+      - 'scripts/**'
+      - 'azure.yaml'
+      - '.github/workflows/deploy.yml'
+  schedule:
+    - cron: '0 5,17 * * *'  # Runs at 5:00 AM and 5:00 PM GMT
+  workflow_dispatch:
 
 env:
   GPT_MIN_CAPACITY: 150
@@ -25,7 +27,7 @@ jobs:
       WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }}
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
 
       - name: Setup Azure CLI
         run: |
@@ -43,7 +45,6 @@ jobs:
           export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
           export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
           export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
-          export GPT_MIN_CAPACITY="${{ env.GPT_MIN_CAPACITY }}"
           export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}"
           chmod +x scripts/checkquota.sh
           if ! scripts/checkquota.sh; then
@@ -72,6 +73,11 @@ jobs:
       - name: Fail Pipeline if Quota Check Fails
         if: env.QUOTA_FAILED == 'true'
         run: exit 1
+      
+      - name: Set Deployment Region
+        run: |
+          echo "Selected Region: $VALID_REGION"
+          echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV
 
       - name: Install Bicep CLI
         run: az bicep install
@@ -94,7 +100,7 @@ jobs:
           rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }})
           if [ "$rg_exists" = "false" ]; then
             echo "Resource group does not exist. Creating..."
-            az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location northcentralus || { echo "Error creating resource group"; exit 1; }
+            az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location australiaeast || { echo "Error creating resource group"; exit 1; }
           else
             echo "Resource group already exists."
           fi
@@ -126,17 +132,20 @@ jobs:
             IMAGE_TAG="latest"
           fi
 
+          # Generate current timestamp in desired format: YYYY-MM-DDTHH:MM:SS.SSSSSSSZ
+            current_date=$(date -u +"%Y-%m-%dT%H:%M:%S.%7NZ")
+          
           az deployment group create \
             --name ${{ env.SOLUTION_PREFIX }}-deployment \
             --resource-group ${{ env.RESOURCE_GROUP_NAME }} \
             --template-file infra/main.bicep \
             --parameters \
                 solutionName="${{ env.SOLUTION_PREFIX }}" \
-                aiDeploymentsLocation="eastus" \
-                useWafAlignedArchitecture=false \
-                capacity=${{ env.GPT_MIN_CAPACITY }} \
+                azureAiServiceLocation='${{ env.AZURE_LOCATION }}' \
                 imageVersion="${IMAGE_TAG}" \
-                createdBy="Pipeline" 
+                createdBy="Pipeline" \
+                tags="{'SecurityControl':'Ignore','Purpose':'Deploying and Cleaning Up Resources for Validation','CreatedDate':'$current_date'}"
+
       - name: Assign Contributor role to Service Principal
         if: always()
         run: |
@@ -185,7 +194,26 @@ jobs:
 
       - name: Login to Azure
         run: |
-          az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
+            az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
+            az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+          
+      - name: Assign Contributor role to Service Principal
+        if: always()
+        run: |
+          echo "Assigning Contributor role to SPN for RG: ${{ env.RESOURCE_GROUP_NAME }}"
+          az role assignment create \
+            --assignee ${{ secrets.AZURE_CLIENT_ID }} \
+            --role "Contributor" \
+            --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}
+          
+          echo "Assigning Log Analytics Contributor role for Log Analytics workspace access at RG level..."
+          az role assignment create \
+            --assignee ${{ secrets.AZURE_CLIENT_ID }} \
+            --role "Log Analytics Reader" \
+            --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} || echo "Log Analytics Contributor role assignment failed (may already exist)"
+          
+          echo "Waiting for role assignment propagation..."
+          sleep 30
 
       - name: Get Log Analytics Workspace and OpenAI from Resource Group
         if: always()
@@ -356,7 +384,7 @@ jobs:
 
           # Purge OpenAI Resource
           echo "Purging the OpenAI Resource..."
-          if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/northcentralus/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then
+          if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/australiaeast/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then
             echo "Failed to purge openai resource: ${{ env.OPENAI_RESOURCE_NAME }}"
           else
             echo "Purged the openai resource: ${{ env.OPENAI_RESOURCE_NAME }}"
@@ -399,7 +427,7 @@ jobs:
 
           EMAIL_BODY=$(cat <<EOF
           {
-            "body": "<p>Dear Team,</p><p>We would like to inform you that the DocGen Deployment Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> <a href=\"${RUN_URL}\">${RUN_URL}</a><br></p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>"
+            "body": "<p>Dear Team,</p><p>We would like to inform you that the CodeMod Deployment Automation process has encountered an issue and has failed to complete successfully.</p><p><strong>Build URL:</strong> <a href=\"${RUN_URL}\">${RUN_URL}</a><br></p><p>Please investigate the matter at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>"
           }
           EOF
           )
@@ -412,4 +440,4 @@ jobs:
         if: always()
         run: |
           az logout
-          echo "Logged out from Azure."
+          echo "Logged out from Azure."

.github/workflows/pylint.yml

@@ -1,6 +1,16 @@
 name: PyLint
 
-on: [push]
+on:
+  push:
+    paths:
+      - '**/*.py'
+      - '**/.flake8'
+      - '.github/workflows/pylint.yml'
+  pull_request:
+    paths:
+      - '**/*.py'
+      - '**/.flake8'
+      - '.github/workflows/pylint.yml'
 
 jobs:
   lint:
@@ -12,11 +22,11 @@ jobs:
     steps:
       # Step 1: Checkout code
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # Step 2: Set up Python environment
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ matrix.python-version }}
 

.github/workflows/test.yml

@@ -6,6 +6,12 @@ on:
       - main
       - dev
       - demo
+    paths:
+      - 'src/backend/**/*.py'
+      - 'src/tests/backend/**'
+      - '.github/workflows/test.yml'
+      - 'src/backend/requirements.txt'
+      - 'src/backend/pyproject.toml'
   pull_request:
     types:
       - opened
@@ -16,14 +22,20 @@ on:
       - main
       - dev
       - demo
+    paths:
+      - 'src/backend/**/*.py'
+      - 'src/tests/backend/**'
+      - '.github/workflows/test.yml'
+      - 'src/backend/requirements.txt'
+      - 'src/backend/pyproject.toml'
 
 jobs:
 #   frontend_tests:
 #     runs-on: ubuntu-latest
 
 #     steps:
 #       - name: Checkout code
-#         uses: actions/checkout@v3
+#         uses: actions/checkout@v5
 
 #       - name: Set up Node.js
 #         uses: actions/setup-node@v3
@@ -64,18 +76,17 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v6
         with:
           python-version: '3.11'
 
       - name: Install Backend Dependencies
         run: |
           python -m pip install --upgrade pip
           pip install -r src/backend/requirements.txt
-          pip install -r src/frontend/requirements.txt
           pip install pytest-cov
           pip install pytest-asyncio
       - name: Set PYTHONPATH
@@ -103,4 +114,4 @@ jobs:
       - name: Skip Backend Tests
         if: env.skip_backend_tests == 'true'
         run: |
-          echo "Skipping backend tests because no test files were found."
+          echo "Skipping backend tests because no test files were found."