feat: Down merge from main to dev (#240)

* updated model capacity to minimum 100

* Add principalType 'ServicePrincipal' to role assignments in Bicep modules

* update mainjson file

* removed text embedding condition

* add reuse guide for existing Azure AI Foundry project

* remove redundant replica settings for container and API apps in deployment workflow

* disable private networking in deployment parameters

* normalize secondary location value to lowercase in deployment parameters

* fix: correct casing for SOLUTION_NAME in deployment output extraction

* refactor: remove unused SOLUTION_NAME output and related steps in deployment workflow

* fix: prepend https to CONTAINER_WEB_APPURL in deployment output extraction

---------

Co-authored-by: Priyanka-Microsoft <v-prisinghal@microsoft.com>
Co-authored-by: Roopan-Microsoft <168007406+Roopan-Microsoft@users.noreply.github.com>
Co-authored-by: Abdul-Microsoft <v-amujeebta@microsoft.com>
Co-authored-by: Prasanjeet-Microsoft <v-singhprasa@microsoft.com>
Co-authored-by: Vinay Sharma <v-vinayshar@microsoft.com>

Author: 6 people

.github/workflows/deploy.yml

@@ -16,7 +16,6 @@ jobs:
       propertydamageclaimform_schema_id: ${{ steps.register.outputs.propertylossdamageclaimform_schema_id }}
       RESOURCE_GROUP_NAME: ${{ steps.generate_rg_name.outputs.RESOURCE_GROUP_NAME }}
       CONTAINER_WEB_APPURL: ${{ steps.get_output.outputs.CONTAINER_WEB_APPURL }}
-      SOLUTION_NAME: ${{ steps.get_output.outputs.SOLUTION_NAME }}
       DEPLOYMENT_SUCCESS: ${{ steps.deployment_status.outputs.SUCCESS }}
       AI_SERVICES_NAME: ${{ steps.get_ai_services_name.outputs.AI_SERVICES_NAME }}
       KEYVAULTS: ${{ steps.list_keyvaults.outputs.KEYVAULTS }}
@@ -143,18 +142,13 @@ jobs:
             --template-file infra/main.json \
             --parameters \
               environmentName="${{ env.ENVIRONMENT_NAME }}" \
-              secondaryLocation="EastUs2" \
+              enablePrivateNetworking="false" \
+              secondaryLocation="eastus2" \
               contentUnderstandingLocation="WestUS" \
               deploymentType="GlobalStandard" \
               gptModelName="gpt-4o" \
               gptModelVersion="2024-08-06" \
               gptDeploymentCapacity="30" \
-              minReplicaContainerApp="1" \
-              maxReplicaContainerApp="1" \
-              minReplicaContainerApi="1" \
-              maxReplicaContainerApi="1" \
-              minReplicaContainerWeb="1" \
-              maxReplicaContainerWeb="1" \
               aiDeploymentsLocation="${{ env.AZURE_LOCATION }}" \
             --query "properties.outputs" -o json); then
               echo "❌ Deployment failed. See logs above."
@@ -171,18 +165,13 @@ jobs:
           export CONTAINER_API_APPNAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.containeR_API_APP_NAME.value')
           echo "CONTAINER_API_APPNAME=$CONTAINER_API_APPNAME" >> $GITHUB_ENV
 
-          export CONTAINER_WEB_APPURL=$(echo "$DEPLOY_OUTPUT" | jq -r '.containeR_WEB_APP_FQDN.value')
+          export CONTAINER_WEB_APPURL="https://$(echo "$DEPLOY_OUTPUT" | jq -r '.containeR_WEB_APP_FQDN.value')"
           echo "CONTAINER_WEB_APPURL=$CONTAINER_WEB_APPURL" >> $GITHUB_ENV
           echo "CONTAINER_WEB_APPURL=$CONTAINER_WEB_APPURL" >> $GITHUB_OUTPUT
 
           export CONTAINER_WEB_APPNAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.containeR_WEB_APP_NAME.value')
           echo "CONTAINER_WEB_APPNAME=$CONTAINER_WEB_APPNAME" >> $GITHUB_ENV
 
-          export SOLUTION_NAME=$(echo "$DEPLOY_OUTPUT" | jq -r '.solutioN_NAME.value')
-          echo "SOLUTION_NAME=$SOLUTION_NAME" >> $GITHUB_ENV
-          echo "SOLUTION_NAME=$SOLUTION_NAME" >> $GITHUB_OUTPUT
-
-
       - name: Register schemas
         id: register
         run: |
@@ -290,7 +279,6 @@ jobs:
     with:
       CP_WEB_URL: ${{ needs.deploy.outputs.CONTAINER_WEB_APPURL }}
       CP_RG: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
-      CP_CONTAINERAPP_PREFIX: ${{ format('ca-{0}', needs.deploy.outputs.SOLUTION_NAME ) }}
     secrets: inherit
 
   cleanup:

.github/workflows/test-automation.yml

@@ -9,14 +9,10 @@ on:
       CP_RG:
         required: true
         type: string
-      CP_CONTAINERAPP_PREFIX:
-        required: true
-        type: string
 
 env:
     url: ${{ inputs.CP_WEB_URL }}
     CP_RG: ${{ inputs.CP_RG }}
-    CP_CONTAINERAPP_PREFIX: ${{ inputs.CP_CONTAINERAPP_PREFIX }}
     accelerator_name: "Content Processing"
 
 
@@ -38,16 +34,6 @@ jobs:
           az login --service-principal -u ${{ secrets.AZURE_MAINTENANCE_CLIENT_ID }} -p ${{ secrets.AZURE_MAINTENANCE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
           az account set --subscription ${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}
 
-      - name: Start Container App
-        id: start-container-app
-        uses: azure/cli@v2
-        with:
-          azcliversion: 'latest'
-          inlineScript: |
-            az rest -m post -u "/subscriptions/${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CP_RG }}/providers/Microsoft.App/containerApps/${{ env.CP_CONTAINERAPP_PREFIX }}-app/start?api-version=2025-01-01"
-            az rest -m post -u "/subscriptions/${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CP_RG }}/providers/Microsoft.App/containerApps/${{ env.CP_CONTAINERAPP_PREFIX }}-api/start?api-version=2025-01-01"
-            az rest -m post -u "/subscriptions/${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CP_RG }}/providers/Microsoft.App/containerApps/${{ env.CP_CONTAINERAPP_PREFIX }}-web/start?api-version=2025-01-01"
-
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
@@ -159,15 +145,4 @@ jobs:
           # Send the notification
           curl -X POST "${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}" \
             -H "Content-Type: application/json" \
-            -d "$EMAIL_BODY" || echo "Failed to send notification"
-
-      - name: Stop Container App
-        if: always()
-        uses: azure/cli@v2
-        with:
-          azcliversion: 'latest'
-          inlineScript: |
-            az rest -m post -u "/subscriptions/${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CP_RG }}/providers/Microsoft.App/containerApps/${{ env.CP_CONTAINERAPP_PREFIX }}-app/stop?api-version=2025-01-01"
-            az rest -m post -u "/subscriptions/${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CP_RG }}/providers/Microsoft.App/containerApps/${{ env.CP_CONTAINERAPP_PREFIX }}-api/stop?api-version=2025-01-01"
-            az rest -m post -u "/subscriptions/${{ secrets.AZURE_MAINTENANCE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CP_RG }}/providers/Microsoft.App/containerApps/${{ env.CP_CONTAINERAPP_PREFIX }}-web/stop?api-version=2025-01-01"
-            az logout
+            -d "$EMAIL_BODY" || echo "Failed to send notification"

docs/DeploymentGuide.md

@@ -124,6 +124,7 @@ When you start the deployment, most parameters will have **default values**, but
 | **Use Local Build**                         | Boolean flag to determine if local container builds should be used.                         | false             |
 | **Image Tag**                               | Image version for deployment (allowed values: `latest`, `dev`, `hotfix`).                   | latest            |
 | **Existing Log Analytics Workspace**        | To reuse an existing Log Analytics Workspace ID instead of creating a new one.              | *(none)*          |
+| **Existing Azure AI Foundry Project**        | To reuse an existing Azure AI Foundry Project ID instead of creating a new one.              | *(none)*          |
 
 
 </details>
@@ -148,6 +149,14 @@ To adjust quota settings, follow these [steps](./AzureGPTQuotaSettings.md).
 
 </details>
 
+<details>
+
+  <summary><b>Reusing an Existing Azure AI Foundry Project</b></summary>
+
+  Guide to get your [Existing Project ID](/docs/re-use-foundry-project.md)
+
+</details>
+
 ### Deploying with AZD
 
 Once you've opened the project in [Codespaces](#github-codespaces), [Dev Containers](#vs-code-dev-containers), or [locally](#local-environment), you can deploy it to Azure by following these steps:

docs/images/re_use_foundry_project/azure_ai_foundry_list.png

@@ -1,7 +1,7 @@
 ## Check Quota Availability Before Deployment
 
 Before deploying the accelerator, **ensure sufficient quota availability** for the required model.
-> **For Global Standard | GPT-4o - the capacity to at least 30K tokens for optimal performance.**
+> **For Global Standard | GPT-4o - the capacity to at least 100K tokens for optimal performance.**
 
 ### Login if you have not done so already
 ```
@@ -11,7 +11,7 @@ azd auth login
 
 ### 📌 Default Models & Capacities:
 ```
-gpt-4o:30
+gpt-4o:100
 ```
 ### 📌 Default Regions:
 ```
@@ -37,19 +37,19 @@ eastus, uksouth, eastus2, northcentralus, swedencentral, westus, westus2, southc
    ```
 ✔️ Check specific model(s) in default regions:
   ```
-  ./quota_check_params.sh --models gpt-4o:30
+  ./quota_check_params.sh --models gpt-4o:100
   ```
 ✔️ Check default models in specific region(s):
   ```
 ./quota_check_params.sh --regions eastus,westus
   ```
 ✔️ Passing Both models and regions:  
   ```
-  ./quota_check_params.sh --models gpt-4o:30 --regions eastus,westus2
+  ./quota_check_params.sh --models gpt-4o:100 --regions eastus,westus2
   ```
 ✔️ All parameters combined:
   ```
- ./quota_check_params.sh --models gpt-4:30 --regions eastus,westus --verbose
+ ./quota_check_params.sh --models gpt-4:100 --regions eastus,westus --verbose
   ```
 
 ### **Sample Output**

docs/images/re_use_foundry_project/navigate_to_projects.png

@@ -0,0 +1,44 @@
+[← Back to *DEPLOYMENT* guide](/docs/DeploymentGuide.md#deployment-options--steps)
+
+# Reusing an Existing Azure AI Foundry Project
+To configure your environment to use an existing Azure AI Foundry Project, follow these steps:
+---
+### 1. Go to Azure Portal
+Go to https://portal.azure.com
+
+### 2. Search for Azure AI Foundry
+In the search bar at the top, type "Azure AI Foundry" and click on it. Then select the Foundry service instance where your project exists.
+
+![alt text](../docs/images/re_use_foundry_project/azure_ai_foundry_list.png)
+
+### 3. Navigate to Projects under Resource Management
+On the left sidebar of the Foundry service blade:
+
+- Expand the Resource Management section
+- Click on Projects (this refers to the active Foundry project tied to the service)
+
+### 4. Click on the Project
+From the Projects view: Click on the project name to open its details
+
+    Note: You will see only one project listed here, as each Foundry service maps to a single project in this accelerator
+
+![alt text](../docs/images/re_use_foundry_project/navigate_to_projects.png)
+
+### 5. Copy Resource ID
+In the left-hand menu of the project blade: 
+
+- Click on Properties under Resource Management
+- Locate the Resource ID field
+- Click on the copy icon next to the Resource ID value
+
+![alt text](../docs/images/re_use_foundry_project/project_resource_id.png)
+
+### 6. Set the Foundry Project Resource ID in Your Environment
+Run the following command in your terminal
+```bash
+azd env set AZURE_ENV_FOUNDRY_PROJECT_ID '<Existing Foundry Project Resource ID>'
+```
+Replace `<Existing Foundry Project Resource ID>` with the value obtained from Step 5.
+
+### 7. Continue Deployment
+Proceed with the next steps in the [deployment guide](/docs/DeploymentGuide.md#deployment-options--steps).

docs/images/re_use_foundry_project/project_resource_id.png

@@ -446,6 +446,7 @@ module avmKeyVault './modules/key-vault.bicep' = {
       {
         principalId: avmManagedIdentity.outputs.principalId
         roleDefinitionIdOrName: 'Key Vault Administrator'
+        principalType: 'ServicePrincipal'
       }
     ]
     enablePurgeProtection: false
@@ -502,6 +503,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = {
       {
         principalId: avmManagedIdentity.outputs.principalId
         roleDefinitionIdOrName: 'Storage Blob Data Contributor'
+        principalType: 'ServicePrincipal'
       }
       {
         roleDefinitionIdOrName: 'Storage Blob Data Contributor'
@@ -597,6 +599,7 @@ module avmAiServices 'modules/account/main.bicep' = {
       {
         principalId: avmManagedIdentity.outputs.principalId
         roleDefinitionIdOrName: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635' // Owner role
+        principalType: 'ServicePrincipal'
       }
       {
         principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId!
@@ -1096,14 +1099,17 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6
       {
         principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId!
         roleDefinitionIdOrName: 'App Configuration Data Reader'
+        principalType: 'ServicePrincipal'
       }
       {
         principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId!
         roleDefinitionIdOrName: 'App Configuration Data Reader'
+        principalType: 'ServicePrincipal'
       }
       {
         principalId: avmContainerApp_Web.outputs.?systemAssignedMIPrincipalId!
         roleDefinitionIdOrName: 'App Configuration Data Reader'
+        principalType: 'ServicePrincipal'
       }
     ]
     keyValues: [