diff --git a/.github/workflows/azure-dev-validation.yml b/.github/workflows/azure-dev-validation.yml index d5378b5b..ce740a94 100644 --- a/.github/workflows/azure-dev-validation.yml +++ b/.github/workflows/azure-dev-validation.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v4 # Step 2: Validate the Azure template using microsoft/template-validation-action - name: Validate Azure Template - uses: microsoft/template-validation-action@Latest + uses: microsoft/template-validation-action@Latest id: validation env: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} @@ -31,4 +31,4 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Step 3: Print the result of the validation - name: Print result - run: cat ${{ steps.validation.outputs.resultFile }} + run: cat ${{ steps.validation.outputs.resultFile }} \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9d54a82d..fdde396d 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -72,6 +72,11 @@ jobs: - name: Fail Pipeline if Quota Check Fails if: env.QUOTA_FAILED == 'true' run: exit 1 + + - name: Set Deployment Region + run: | + echo "Selected Region: $VALID_REGION" + echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV - name: Install Bicep CLI run: az bicep install @@ -135,8 +140,7 @@ jobs: --template-file infra/main.bicep \ --parameters \ solutionName="${{ env.SOLUTION_PREFIX }}" \ - aiDeploymentsLocation="eastus" \ - useWafAlignedArchitecture=false \ + aiDeploymentsLocation='${{ env.AZURE_LOCATION }}' \ capacity=${{ env.GPT_MIN_CAPACITY }} \ imageVersion="${IMAGE_TAG}" \ createdBy="Pipeline" \ @@ -191,6 +195,24 @@ jobs: - name: Login to Azure run: | az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} + + - name: Assign Contributor role to Service Principal + if: always() + run: | + echo "Assigning Contributor role to SPN for RG: ${{ env.RESOURCE_GROUP_NAME }}" + az role assignment create \ + --assignee ${{ secrets.AZURE_CLIENT_ID }} \ + --role "Contributor" \ + --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} + + echo "Assigning Log Analytics Contributor role for Log Analytics workspace access at RG level..." + az role assignment create \ + --assignee ${{ secrets.AZURE_CLIENT_ID }} \ + --role "Log Analytics Contributor" \ + --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} || echo "Log Analytics Contributor role assignment failed (may already exist)" + + echo "Waiting for role assignment propagation..." + sleep 30 - name: Get Log Analytics Workspace and OpenAI from Resource Group if: always() @@ -417,4 +439,4 @@ jobs: if: always() run: | az logout - echo "Logged out from Azure." + echo "Logged out from Azure." \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 34a2f24d..f1103949 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -103,4 +103,4 @@ jobs: - name: Skip Backend Tests if: env.skip_backend_tests == 'true' run: | - echo "Skipping backend tests because no test files were found." + echo "Skipping backend tests because no test files were found." \ No newline at end of file diff --git a/infra/main.json b/infra/main.json index 0b855908..9e1a8ac8 100644 --- a/infra/main.json +++ b/infra/main.json @@ -6,18 +6,12 @@ "_generator": { "name": "bicep", "version": "0.37.4.10188", - "templateHash": "4708808767614470236" + "templateHash": "10857935115773987076" }, "name": "Modernize Your Code Solution Accelerator", - "description": "CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. \n" + "description": "CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. \r\n" }, "parameters": { - "useWafAlignedArchitecture": { - "type": "bool", - "metadata": { - "description": "Set to true if you want to deploy WAF-aligned infrastructure." - } - }, "solutionName": { "type": "string", "minLength": 3, @@ -79,14 +73,14 @@ }, "enableMonitoring": { "type": "bool", - "defaultValue": "[if(parameters('useWafAlignedArchitecture'), true(), false())]", + "defaultValue": false, "metadata": { "description": "Optional. Enable monitoring for the resources. This will enable Application Insights and Log Analytics. Defaults to false." } }, "enableScaling": { "type": "bool", - "defaultValue": "[if(parameters('useWafAlignedArchitecture'), true(), false())]", + "defaultValue": false, "metadata": { "description": "Optional. Enable scaling for the container apps. Defaults to false." } @@ -107,7 +101,7 @@ }, "enablePrivateNetworking": { "type": "bool", - "defaultValue": "[if(parameters('useWafAlignedArchitecture'), true(), false())]", + "defaultValue": false, "metadata": { "description": "Optional. Enable private networking for the resources. Set to true to enable private networking. Defaults to false." } @@ -192,9 +186,9 @@ }, "createdBy": { "type": "string", - "defaultValue": "[if(empty(deployer().userPrincipalName), '', split(deployer().userPrincipalName, '@')[0])]", + "defaultValue": "[if(contains(deployer(), 'userPrincipalName'), split(deployer().userPrincipalName, '@')[0], deployer().objectId)]", "metadata": { - "description": "Optional created by user name" + "description": "Tag, Created by user name" } } }, @@ -457,7 +451,7 @@ "apiVersion": "2021-04-01", "name": "default", "properties": { - "tags": "[shallowMerge(createArray(variables('allTags'), createObject('TemplateName', 'Code Modernization', 'CreatedBy', parameters('createdBy'))))]" + "tags": "[shallowMerge(createArray(variables('allTags'), createObject('TemplateName', 'Code Modernization', 'Type', if(parameters('enablePrivateNetworking'), 'WAF', 'Non-WAF'), 'CreatedBy', parameters('createdBy'))))]" } }, "avmTelemetry": {