Merge remote-tracking branch 'origin/dev' into feature/avm-waf-aligned

Author: Abdul-Microsoft

.devcontainer/devcontainer.json

@@ -3,19 +3,26 @@
     "image": "mcr.microsoft.com/devcontainers/python:3.11-bullseye",
     "forwardPorts": [50505],
     "features": {
-        "ghcr.io/azure/azure-dev/azd:latest": {}
+        "ghcr.io/azure/azure-dev/azd:latest": {},
+        "ghcr.io/devcontainers/features/azure-cli:1": {
+			"installBicep": true,
+			"version": "latest",
+			"bicepVersion": "latest"
+		}
     },
     "customizations": {
         "vscode": {
             "extensions": [
                 "ms-azuretools.azure-dev",
+                "ms-azuretools.vscode-azcli",
                 "ms-azuretools.vscode-bicep",
                 "ms-python.python",
                 "ms-toolsai.jupyter",
                 "GitHub.vscode-github-actions"
             ]
         }
     },
+    "postCreateCommand": "sudo chmod +x ./scripts/quota_check_params.sh",
     "postStartCommand": "git pull origin main && python3 -m pip install -r ./src/frontend/requirements.txt && python3 -m pip install -r ./src/backend/requirements.txt",
     "remoteUser": "vscode",
     "hostRequirements": {

.github/dependabot.yml

@@ -1,38 +1,56 @@
 version: 2
 updates:
- # GitHub Actions dependencies
- - package-ecosystem: "github-actions"
-   directory: "/"
-   schedule:
-     interval: "monthly"
-   commit-message:
-     prefix: "build"
-   target-branch: "dependabotchanges"
-   open-pull-requests-limit: 100
+  # GitHub Actions dependencies (grouped)
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "build"
+    target-branch: "dependabotchanges"
+    open-pull-requests-limit: 10
+    groups:
+      all-actions:
+        patterns:
+          - "*"
 
- - package-ecosystem: "pip"
-   directory: "/src/backend"
-   schedule:
-     interval: "monthly"
-   commit-message:
-     prefix: "build"
-   target-branch: "dependabotchanges"
-   open-pull-requests-limit: 100
+  # Python dependencies (grouped)
+  - package-ecosystem: "pip"
+    directory: "/src/backend"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "build"
+    target-branch: "dependabotchanges"
+    open-pull-requests-limit: 10
+    groups:
+      all-backend-deps:
+        patterns:
+          - "*"
 
- - package-ecosystem: "pip"
-   directory: "/src/frontend"
-   schedule:
-     interval: "monthly"
-   commit-message:
-     prefix: "build"
-   target-branch: "dependabotchanges"
-   open-pull-requests-limit: 100
+  - package-ecosystem: "pip"
+    directory: "/src/frontend"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "build"
+    target-branch: "dependabotchanges"
+    open-pull-requests-limit: 10
+    groups:
+      all-backend-deps:
+        patterns:
+          - "*"
 
- - package-ecosystem: "npm"
-   directory: "/src/frontend"
-   schedule:
-     interval: "monthly"
-   commit-message:
-     prefix: "build"
-   target-branch: "dependabotchanges"
-   open-pull-requests-limit: 100
+  # npm dependencies (grouped)
+  - package-ecosystem: "npm"
+    directory: "/src/frontend"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "build"
+    target-branch: "dependabotchanges"
+    open-pull-requests-limit: 10
+    groups:
+      all-frontend-deps:
+        patterns:
+          - "*"

.github/workflows/azure-dev-validation.yml

@@ -11,7 +11,7 @@ permissions:
 jobs: 
   template_validation_job: 
     runs-on: ubuntu-latest 
-    environment: dev
+    environment: production
     name: Template validation 
     steps: 
       # Step 1: Checkout the code from your repository 
@@ -31,4 +31,4 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
       # Step 3: Print the result of the validation 
       - name: Print result 
-        run: cat ${{ steps.validation.outputs.resultFile }} 
+        run: cat ${{ steps.validation.outputs.resultFile }} 

.github/workflows/build-docker.yml

@@ -23,7 +23,7 @@ on:
         type: boolean
     secrets:
       DOCKER_PASSWORD:
-        required: true
+        required: false
 
 jobs:
   docker-build:

.github/workflows/deploy.yml

@@ -1,15 +1,28 @@
-name: Validate Deployment
+name: Deploy-Test-Cleanup Pipeline
 
 on:
-  push:
-    branches:
-      - main
-  schedule:
-    - cron: '0 5,17 * * *'  # Runs at 5:00 AM and 5:00 PM GMT
+    workflow_run:
+      workflows: ["Build Docker and Optional Push"]
+      types:
+        - completed
+      branches:
+        - main
+        - dev
+        - demo
+    schedule:
+      - cron: '0 5,17 * * *'  # Runs at 5:00 AM and 5:00 PM GMT
+    workflow_dispatch:
+
+env:
+  GPT_MIN_CAPACITY: 200
+  BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
 
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    outputs:
+      RESOURCE_GROUP_NAME: ${{ steps.check_create_rg.outputs.RESOURCE_GROUP_NAME }}
+      WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }}
     steps:
       - name: Checkout Code
         uses: actions/checkout@v3
@@ -35,7 +48,6 @@ jobs:
           UNIQUE_RG_NAME="arg-${ACCL_NAME}-${SHORT_UUID}"
           echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV
           echo "Generated RESOURCE_GROUP_NAME: ${UNIQUE_RG_NAME}"
-  
 
       - name: Check and Create Resource Group
         id: check_create_rg
@@ -49,8 +61,8 @@ jobs:
           else
             echo "Resource group already exists."
           fi
+          echo "RESOURCE_GROUP_NAME=${{ env.RESOURCE_GROUP_NAME }}" >> $GITHUB_OUTPUT
 
-      
       - name: Generate Unique Solution Prefix
         id: generate_solution_prefix
         run: |
@@ -62,16 +74,42 @@ jobs:
           echo "SOLUTION_PREFIX=${UNIQUE_SOLUTION_PREFIX}" >> $GITHUB_ENV
           echo "Generated SOLUTION_PREFIX: ${UNIQUE_SOLUTION_PREFIX}"
 
-
       - name: Deploy Bicep Template
         id: deploy
         run: |
           set -e
+          # set image tag based on branch
+          if [[ "${{ env.BRANCH_NAME }}" == "main" ]]; then
+            IMAGE_TAG="latest"
+          elif [[ "${{ env.BRANCH_NAME }}" == "dev" ]]; then
+            IMAGE_TAG="dev"
+          elif [[ "${{ env.BRANCH_NAME }}" == "demo" ]]; then
+            IMAGE_TAG="demo"
+          else
+            IMAGE_TAG="latest"
+          fi
+
           az deployment group create \
+            --name ${{ env.SOLUTION_PREFIX }}-deployment \
             --resource-group ${{ env.RESOURCE_GROUP_NAME }} \
             --template-file infra/main.bicep \
-            --parameters AzureAiServiceLocation=northcentralus Prefix=${{ env.SOLUTION_PREFIX }}
-
+            --parameters \
+                Prefix="${{ env.SOLUTION_PREFIX }}" \
+                AzureAiServiceLocation="eastus" \
+                capacity=${{ env.GPT_MIN_CAPACITY }} \
+                imageVersion="${IMAGE_TAG}"\
+            --debug
+
+      - name: Get Deployment Output and extract Values
+        id: get_output
+        run: |
+          set -e
+          echo "Fetching deployment output..."
+          BICEP_OUTPUT=$(az deployment group show --name ${{ env.SOLUTION_PREFIX }}-deployment --resource-group ${{ env.RESOURCE_GROUP_NAME }} --query "properties.outputs" -o json)
+          echo "Extracting deployment output..."
+          WEBAPP_URL=$(echo $BICEP_OUTPUT | jq -r '.weB_APP_URL.value')
+          echo "WEBAPP_URL=$WEBAPP_URL" >> $GITHUB_OUTPUT
+          echo "Deployment output: $BICEP_OUTPUT"
 
       - name: Send Notification on Failure
         if: failure()
@@ -91,8 +129,37 @@ jobs:
             -H "Content-Type: application/json" \
             -d "$EMAIL_BODY" || echo "Failed to send notification"
 
+      - name: Logout from Azure
+        if: always()
+        run: |
+          az logout
+          echo "Logged out from Azure."
+
+  e2e-test:
+    needs: deploy
+    uses: ./.github/workflows/test-automation.yml
+    with:
+      CODEMOD_WEB_URL: ${{ needs.deploy.outputs.WEBAPP_URL }}
+    secrets: inherit
+
+  cleanup-deployment:
+    if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != ''
+    needs: [deploy, e2e-test]
+    runs-on: ubuntu-latest
+    env:
+      RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
+    steps:
+      - name: Setup Azure CLI
+        run: |
+          curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+          az --version  # Verify installation
+
+      - name: Login to Azure
+        run: |
+          az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
 
       - name: Get Log Analytics Workspace and OpenAI from Resource Group
+        if: always()
         id: get_azure_resources
         run: |
 
@@ -123,8 +190,8 @@ jobs:
             echo "OpenAI resource name: ${openai_resource_name}" 
           fi
 
-
       - name: List KeyVaults and Store in Array
+        if: always()
         id: list_keyvaults
         run: |
 
@@ -158,6 +225,7 @@ jobs:
           fi
 
       - name: Purge log analytics workspace
+        if: always()
         id: log_analytics_workspace
         run: |
 
@@ -172,9 +240,8 @@ jobs:
 
           echo "Log analytics workspace resource purging completed successfully"    
       
-
       - name: Delete Bicep Deployment
-        if: success()
+        if: always()
         run: |
           set -e  
           echo "Checking if resource group exists..."
@@ -190,8 +257,8 @@ jobs:
             echo "Resource group does not exists."
           fi
 
-
       - name: Wait for resource deletion to complete
+        if: always()
         run: |
 
           # List of keyvaults 
@@ -249,10 +316,9 @@ jobs:
               break
             fi
           done
-
           
       - name: Purging the Resources
-        if: success()
+        if: always()
         run: |
 
           set -e
@@ -296,3 +362,9 @@ jobs:
             fi
           done
           echo "Resource purging completed successfully"
+
+      - name: Logout from Azure
+        if: always()
+        run: |
+          az logout
+          echo "Logged out from Azure."