Merge pull request #181 from microsoft/dev

chore: Dev to Main merge

Author: Roopan-Microsoft

.github/workflows/azd-template-validation.yml

@@ -1,5 +1,6 @@
 name: AZD Template Validation
 on:
+  
   schedule:
     - cron: '30 1 * * 4' # Every Thursday at 7:00 AM IST (1:30 AM UTC)
   workflow_dispatch:
@@ -14,9 +15,14 @@ jobs:
     runs-on: ubuntu-latest
     name: azd template validation
     environment: production
+    env:
+      GH_TOKEN: ${{ github.token }}
     steps:
       - uses: actions/checkout@v4
 
+      - name: Set timestamp
+        run: echo "HHMM=$(date -u +'%H%M')" >> $GITHUB_ENV
+
       - uses: microsoft/template-validation-action@v0.4.3
         with:
           validateAzd: ${{ vars.TEMPLATE_VALIDATE_AZD }}
@@ -27,11 +33,10 @@ jobs:
           AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
           AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
           AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+          AZURE_ENV_NAME: azd-${{ vars.AZURE_ENV_NAME }}-${{ env.HHMM }}
           AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
           AZURE_AI_SERVICE_LOCATION: ${{ vars.AZURE_LOCATION }}
           AZURE_AI_MODEL_CAPACITY: 1 # keep low to avoid potential quota issues
-          GITHUB_TOKEN: ${{ secrets.AZD_GITHUB_TOKEN }}
 
       - name: print result
         run: cat ${{ steps.validation.outputs.resultFile }}

.github/workflows/azure-dev.yml

@@ -15,13 +15,18 @@ jobs:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
       AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
       AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }}
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
 
+      - name: Set timestamp and env name
+        shell: bash
+        run: |
+          HHMM=$(date -u +'%H%M')
+          echo "AZURE_ENV_NAME=azd-${{ vars.AZURE_ENV_NAME }}-${HHMM}" >> $GITHUB_ENV
+
       - name: Install azd
         uses: Azure/setup-azd@v2
 

.github/workflows/deploy-v2.yml

@@ -11,9 +11,25 @@ on:
       - main
       - dev
       - demo
+    paths:
+      - 'src/**'
+      - 'infra/**'
+      - 'azure*.yaml'
+      - 'scripts/**'
+      - '.github/workflows/deploy-v2.yml'
+      - '.github/workflows/deploy-orchestrator.yml'
+      - '.github/workflows/job-*.yml'
   pull_request:
     branches:
       - dev
+    paths:
+      - 'src/**'
+      - 'infra/**'
+      - 'azure*.yaml'
+      - 'scripts/**'
+      - '.github/workflows/deploy-v2.yml'
+      - '.github/workflows/deploy-orchestrator.yml'
+      - '.github/workflows/job-*.yml'
   schedule:
     - cron: '0 9,21 * * *'  # Runs at 9:00 AM and 9:00 PM GMT
   workflow_dispatch:

.github/workflows/validate-bicep-params.yml

@@ -0,0 +1,108 @@
+name: Validate Bicep Parameters
+
+permissions:
+  contents: read
+
+on:
+  schedule:
+    - cron: '30 6 * * 3' # Wednesday 12:00 PM IST (6:30 AM UTC)
+  pull_request:
+    branches:
+      - main
+      - dev
+    paths:
+      - 'infra/**/*.bicep'
+      - 'infra/**/*.parameters.json'
+      - 'scripts/validate_bicep_params.py'
+  workflow_dispatch:
+
+env:
+  accelerator_name: "Container Migration"
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Validate infra/ parameters
+        id: validate_infra
+        continue-on-error: true
+        run: |
+          set +e
+          python scripts/validate_bicep_params.py --dir infra --strict --no-color --json-output infra_results.json 2>&1 | tee infra_output.txt
+          EXIT_CODE=${PIPESTATUS[0]}
+          set -e
+          echo "## Infra Param Validation" >> "$GITHUB_STEP_SUMMARY"
+          echo '```' >> "$GITHUB_STEP_SUMMARY"
+          cat infra_output.txt >> "$GITHUB_STEP_SUMMARY"
+          echo '```' >> "$GITHUB_STEP_SUMMARY"
+          exit $EXIT_CODE
+
+      - name: Set overall result
+        id: result
+        run: |
+          if [[ "${{ steps.validate_infra.outcome }}" == "failure" ]]; then
+            echo "status=failure" >> "$GITHUB_OUTPUT"
+          else
+            echo "status=success" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Upload validation results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: bicep-validation-results
+          path: |
+            infra_results.json
+          retention-days: 30
+
+      - name: Send schedule notification on failure
+        if: github.event_name == 'schedule' && steps.result.outputs.status == 'failure'
+        env:
+          LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+          ACCELERATOR_NAME: ${{ env.accelerator_name }}
+        run: |
+          RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+          INFRA_OUTPUT=$(sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g' infra_output.txt)
+
+          jq -n \
+            --arg name "${ACCELERATOR_NAME}" \
+            --arg infra "$INFRA_OUTPUT" \
+            --arg url "$RUN_URL" \
+            '{subject: ("Bicep Parameter Validation Report - " + $name + " - Issues Detected"), body: ("<p>Dear Team,</p><p>The scheduled <strong>Bicep Parameter Validation</strong> for <strong>" + $name + "</strong> has detected parameter mapping errors.</p><p><strong>infra/ Results:</strong></p><pre>" + $infra + "</pre><p><strong>Run URL:</strong> <a href=\"" + $url + "\">" + $url + "</a></p><p>Please fix the parameter mapping issues at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>")}' \
+            | curl -X POST "${LOGICAPP_URL}" \
+              -H "Content-Type: application/json" \
+              -d @- || echo "Failed to send notification"
+
+      - name: Send schedule notification on success
+        if: github.event_name == 'schedule' && steps.result.outputs.status == 'success'
+        env:
+          LOGICAPP_URL: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+          ACCELERATOR_NAME: ${{ env.accelerator_name }}
+        run: |
+          RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+          INFRA_OUTPUT=$(sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g' infra_output.txt)
+
+          jq -n \
+            --arg name "${ACCELERATOR_NAME}" \
+            --arg infra "$INFRA_OUTPUT" \
+            --arg url "$RUN_URL" \
+            '{subject: ("Bicep Parameter Validation Report - " + $name + " - Passed"), body: ("<p>Dear Team,</p><p>The scheduled <strong>Bicep Parameter Validation</strong> for <strong>" + $name + "</strong> has completed successfully. All parameter mappings are valid.</p><p><strong>infra/ Results:</strong></p><pre>" + $infra + "</pre><p><strong>Run URL:</strong> <a href=\"" + $url + "\">" + $url + "</a></p><p>Best regards,<br>Your Automation Team</p>")}' \
+            | curl -X POST "${LOGICAPP_URL}" \
+              -H "Content-Type: application/json" \
+              -d @- || echo "Failed to send notification"
+
+      - name: Fail if errors found
+        if: steps.result.outputs.status == 'failure'
+        run: exit 1

README.md

@@ -109,6 +109,8 @@ The Container Migration Solution Accelerator supports development and deployment
 
 ![Deployment Architecture](docs/images/readme/deployment-architecture.png)
 
+> **Note**: Some tenants may have additional security restrictions that run periodically and could impact the application (e.g., blocking public network access). If you experience issues or the application stops working, check if these restrictions are the cause. In such cases, consider deploying the WAF-supported version to ensure compliance. To configure, [Click here](./docs/DeploymentGuide.md#31-choose-deployment-type-optional).
+
 > ⚠️ **Important: Check Azure OpenAI o3 Model Availability**
 > To ensure o3 model access is available in your subscription, please check [Azure OpenAI model availability](https://learn.microsoft.com/azure/ai-services/openai/concepts/models#o3-models) before you deploy the solution.
 

azure.yaml

@@ -6,6 +6,7 @@ metadata:
 
 requiredVersions:
   azd: '>=1.18.2 != 1.23.9'
+  bicep: '>= 0.33.0'
 
 hooks:
   postdeploy:

docs/DeploymentGuide.md

@@ -6,6 +6,8 @@ This guide walks you through deploying the Container Migration Solution Accelera
 
 🆘 **Need Help?** If you encounter any issues during deployment, check our [Troubleshooting Guide](./TroubleShootingSteps.md) for solutions to common problems.
 
+> **Note**: Some tenants may have additional security restrictions that run periodically and could impact the application (e.g., blocking public network access). If you experience issues or the application stops working, check if these restrictions are the cause. In such cases, consider deploying the WAF-supported version to ensure compliance. To configure, [Click here](#31-choose-deployment-type-optional).
+
 ## Step 1: Prerequisites & Setup
 
 ### 1.1 Azure Account Requirements

infra/main.parameters.json

@@ -8,9 +8,6 @@
       "location": {
         "value": "${AZURE_LOCATION}"
       },
-      "secondaryLocation": {
-        "value": "${AZURE_SECONDARY_LOCATION}"
-      },
       "containerRegistryHost": {
         "value": "${AZURE_CONTAINER_REGISTRY_HOST}"
       },

infra/main.waf.parameters.json

@@ -8,9 +8,6 @@
       "location": {
         "value": "${AZURE_LOCATION}"
       },
-      "secondaryLocation": {
-        "value": "${AZURE_SECONDARY_LOCATION}"
-      },
       "containerRegistryHost": {
         "value": "${AZURE_CONTAINER_REGISTRY_HOST}"
       },