chore: Dev merge to Main

.github/workflows/Create-Release..yml

@@ -14,11 +14,9 @@ jobs:
      runs-on: ubuntu-latest
      steps:
        - name: Checkout
-         uses: actions/checkout@v4
-         with:
-           ref: ${{ github.event.workflow_run.head_sha }}
+         uses: actions/checkout@v6
 
-       - uses: codfish/semantic-release-action@v3
+       - uses: codfish/semantic-release-action@v5
          id: semantic
          with:
            tag-format: 'v${version}'

.github/workflows/azd-template-validation.yml

@@ -18,7 +18,7 @@ jobs:
     env:
       GH_TOKEN: ${{ github.token }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set timestamp
         run: echo "HHMM=$(date -u +'%H%M')" >> $GITHUB_ENV

.github/workflows/azure-dev.yml

@@ -19,7 +19,7 @@ jobs:
       AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }}
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set timestamp and env name
         shell: bash

.github/workflows/broken-links-checker.yml

@@ -16,15 +16,15 @@ jobs:
 
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       # For PR : Get only changed markdown files
       - name: Get changed markdown files (PR only)
         id: changed-markdown-files
         if: github.event_name == 'pull_request'
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46
+        uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
         with:
           files: |
             **/*.md
@@ -34,7 +34,7 @@ jobs:
       - name: Check Broken Links in Changed Markdown Files
         id: lychee-check-pr
         if: github.event_name == 'pull_request' && steps.changed-markdown-files.outputs.any_changed == 'true'
-        uses: lycheeverse/lychee-action@v2.4.1
+        uses: lycheeverse/lychee-action@v2.8.0
         with:
           args: >
             --verbose --exclude-mail --no-progress --exclude ^https?://
@@ -47,7 +47,7 @@ jobs:
       - name: Check Broken Links in All Markdown Files in Entire Repo (Manual Trigger)
         id: lychee-check-manual
         if: github.event_name == 'workflow_dispatch'
-        uses: lycheeverse/lychee-action@v2.4.1
+        uses: lycheeverse/lychee-action@v2.8.0
         with:
           args: >
             --verbose --exclude-mail --no-progress --exclude ^https?://

.github/workflows/ci.yml

@@ -41,7 +41,7 @@ jobs:
       DEPLOYMENT_SUCCESS: ${{ steps.deployment_status.outputs.SUCCESS }}
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Login to Azure
         uses: azure/login@v2

.github/workflows/deploy-orchestrator.yml

@@ -22,6 +22,11 @@ on:
         required: false
         default: false
         type: boolean
+      enable_scalability:
+        description: 'Enable Scalability (WAF only, opt-in)'
+        required: false
+        default: false
+        type: boolean
       EXP:
         description: 'Enable EXP'
         required: false
@@ -78,6 +83,7 @@ jobs:
       azure_location: ${{ inputs.azure_location }}
       resource_group_name: ${{ inputs.resource_group_name }}
       waf_enabled: ${{ inputs.waf_enabled }}
+      enable_scalability: ${{ inputs.enable_scalability }}
       EXP: ${{ inputs.EXP }}
       build_docker_image: ${{ inputs.build_docker_image }}
       existing_webapp_url: ${{ inputs.existing_webapp_url }}

.github/workflows/deploy-v2.yml

@@ -43,59 +43,67 @@ on:
           - 'Local'
         default: 'codespace'
       azure_location:
-        description: 'Azure Location For Deployment'
+        description: 'Azure Region (Non-AI Services)'
         required: false
         default: 'australiaeast'
         type: choice
         options:
           - 'australiaeast'
           - 'centralus'
           - 'eastasia'
+          - 'eastus'
           - 'eastus2'
           - 'japaneast'
           - 'northeurope'
           - 'southeastasia'
           - 'uksouth'
+          - 'westeurope'
+          - 'westus3'
       resource_group_name:
         description: 'Resource Group Name (Optional)'
         required: false
         default: ''
         type: string
+      build_docker_image:
+        description: 'Build & Use Custom Images (Optional)'
+        required: false
+        default: false
+        type: boolean
 
       waf_enabled:
-        description: 'Enable WAF'
+        description: 'Deploy WAF'
         required: false
         default: false
         type: boolean
-      EXP:
-        description: 'Enable EXP'
+      enable_scalability:
+        description: 'Enable Scalability (WAF only)'
         required: false
         default: false
         type: boolean
-      build_docker_image:
-        description: 'Build And Push Docker Image (Optional)'
+      EXP:
+        description: 'Deploy EXP'
         required: false
         default: false
         type: boolean
-      
+
       cleanup_resources:
-        description: 'Cleanup Deployed Resources'
+        description: 'Auto Delete RG'
         required: false
         default: false
         type: boolean
-      
+
       AZURE_ENV_EXISTING_LOG_ANALYTICS_WORKSPACE_RID:
-        description: 'Log Analytics Workspace Resource ID (Optional)'
+        description: 'Existing Log Analytics Workspace Resource ID (Optional)'
         required: false
         default: ''
         type: string
       AZURE_EXISTING_AIPROJECT_RESOURCE_ID:
-        description: 'Full Azure AI Project Resource ID (Optional, format: /subscriptions/.../resourceGroups/.../providers/...)'
+        description: 'Existing AI Project Resource ID (Optional)'
         required: false
         default: ''
         type: string
       existing_webapp_url:
-        description: 'Existing WebApp URL (Skips Deployment)'
+        description: 'Run Tests Against Existing RG (Provide Web App URL)'
         required: false
         default: ''
         type: string
@@ -109,6 +117,7 @@ jobs:
       azure_location: ${{ steps.validate.outputs.azure_location }}
       resource_group_name: ${{ steps.validate.outputs.resource_group_name }}
       waf_enabled: ${{ steps.validate.outputs.waf_enabled }}
+      enable_scalability: ${{ steps.validate.outputs.enable_scalability }}
       exp: ${{ steps.validate.outputs.exp }}
       build_docker_image: ${{ steps.validate.outputs.build_docker_image }}
       cleanup_resources: ${{ steps.validate.outputs.cleanup_resources }}
@@ -124,6 +133,7 @@ jobs:
           INPUT_AZURE_LOCATION: ${{ github.event.inputs.azure_location }}
           INPUT_RESOURCE_GROUP_NAME: ${{ github.event.inputs.resource_group_name }}
           INPUT_WAF_ENABLED: ${{ github.event.inputs.waf_enabled }}
+          INPUT_ENABLE_SCALABILITY: ${{ github.event.inputs.enable_scalability }}
           INPUT_EXP: ${{ github.event.inputs.EXP }}
           INPUT_BUILD_DOCKER_IMAGE: ${{ github.event.inputs.build_docker_image }}
           INPUT_CLEANUP_RESOURCES: ${{ github.event.inputs.cleanup_resources }}
@@ -181,6 +191,15 @@ jobs:
           else
             echo "✅ waf_enabled: '$WAF_ENABLED' is valid"
           fi
+
+          # Validate enable_scalability (boolean, opt-in, default false)
+          ENABLE_SCALABILITY="${INPUT_ENABLE_SCALABILITY:-false}"
+          if [[ "$ENABLE_SCALABILITY" != "true" && "$ENABLE_SCALABILITY" != "false" ]]; then
+            echo "❌ ERROR: enable_scalability must be 'true' or 'false', got: '$ENABLE_SCALABILITY'"
+            VALIDATION_FAILED=true
+          else
+            echo "✅ enable_scalability: '$ENABLE_SCALABILITY' is valid"
+          fi
 
           # Validate EXP (boolean)
           EXP_ENABLED="${INPUT_EXP:-false}"
@@ -265,6 +284,7 @@ jobs:
           echo "azure_location=$LOCATION" >> $GITHUB_OUTPUT
           echo "resource_group_name=$INPUT_RESOURCE_GROUP_NAME" >> $GITHUB_OUTPUT
           echo "waf_enabled=$WAF_ENABLED" >> $GITHUB_OUTPUT
+          echo "enable_scalability=$ENABLE_SCALABILITY" >> $GITHUB_OUTPUT
           echo "exp=$EXP_ENABLED" >> $GITHUB_OUTPUT
           echo "build_docker_image=$BUILD_DOCKER" >> $GITHUB_OUTPUT
           echo "cleanup_resources=$CLEANUP_RESOURCES" >> $GITHUB_OUTPUT
@@ -281,6 +301,7 @@ jobs:
       azure_location: ${{ needs.validate-inputs.outputs.azure_location || 'australiaeast' }}
       resource_group_name: ${{ needs.validate-inputs.outputs.resource_group_name || '' }}
       waf_enabled: ${{ needs.validate-inputs.outputs.waf_enabled == 'true' }}
+      enable_scalability: ${{ needs.validate-inputs.outputs.enable_scalability == 'true' }}
       EXP: ${{ needs.validate-inputs.outputs.exp == 'true' }}
       build_docker_image: ${{ needs.validate-inputs.outputs.build_docker_image == 'true' }}
       cleanup_resources: ${{ needs.validate-inputs.outputs.cleanup_resources == 'true' }}

.github/workflows/docker-build-and-push.yml

@@ -32,10 +32,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Get current date
         id: date
@@ -87,7 +87,7 @@ jobs:
           echo "Base tag: $BASE_TAG, Date tag: $DATE_TAG"
 
       - name: Build and Push ContentProcessorAPI Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ./src/backend-api
           file: ./src/backend-api/Dockerfile
@@ -98,7 +98,7 @@ jobs:
             ${{ steps.registry.outputs.ext_registry }}/backend-api:${{ env.DATE_TAG }}
 
       - name: Build and Push ContentProcessor Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ./src/processor
           file: ./src/processor/Dockerfile
@@ -109,7 +109,7 @@ jobs:
             ${{ steps.registry.outputs.ext_registry }}/processor:${{ env.DATE_TAG }}
 
       - name: Build and Push ContentProcessorWeb Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ./src/frontend
           file: ./src/frontend/Dockerfile

.github/workflows/job-cleanup-deployment.yml

@@ -181,7 +181,7 @@ jobs:
           echo "✅ All input parameters validated successfully!"
 
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Azure Developer CLI
         uses: Azure/setup-azd@v2

.github/workflows/job-deploy-linux.yml

@@ -28,6 +28,11 @@ on:
         required: false
         type: string
         default: 'false'
+      ENABLE_SCALABILITY:
+        description: 'Enable Scalability (WAF only, opt-in)'
+        required: false
+        type: string
+        default: 'false'
       AZURE_ENV_EXISTING_LOG_ANALYTICS_WORKSPACE_RID:
         required: false
         type: string
@@ -182,16 +187,32 @@ jobs:
           echo "✅ All input parameters validated successfully!"
 
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure Parameters Based on WAF Setting
         shell: bash
         env:
-          WAF_ENABLED: ${{ inputs.WAF_ENABLED }}
+          INPUT_WAF_ENABLED: ${{ inputs.WAF_ENABLED }}
+          INPUT_ENABLE_SCALABILITY: ${{ inputs.ENABLE_SCALABILITY }}
         run: |
-          if [[ "$WAF_ENABLED" == "true" ]]; then
+          set -euo pipefail
+          if [[ "$INPUT_WAF_ENABLED" == "true" ]]; then
             cp infra/main.waf.parameters.json infra/main.parameters.json
             echo "✅ Successfully copied WAF parameters to main parameters file"
+            SCALABILITY_VALUE="${INPUT_ENABLE_SCALABILITY:-false}"
+            if [[ "$SCALABILITY_VALUE" != "true" && "$SCALABILITY_VALUE" != "false" ]]; then
+              echo "❌ ERROR: ENABLE_SCALABILITY must be 'true' or 'false', got: '$SCALABILITY_VALUE'"
+              exit 1
+            fi
+            echo "🔧 Setting enableScalability=${SCALABILITY_VALUE}"
+            tmpfile=$(mktemp)
+            if ! jq --argjson v "$SCALABILITY_VALUE" '.parameters.enableScalability.value = $v' infra/main.parameters.json > "$tmpfile"; then
+              echo "❌ ERROR: jq failed to update enableScalability in infra/main.parameters.json"
+              rm -f "$tmpfile"
+              exit 1
+            fi
+            mv "$tmpfile" infra/main.parameters.json
+            echo "✅ enableScalability set to ${SCALABILITY_VALUE}"
           else
             echo "🔧 Configuring Non-WAF deployment - using default main.parameters.json..."
           fi

.github/workflows/job-deploy-windows.yml

@@ -28,6 +28,11 @@ on:
         required: false
         type: string
         default: 'false'
+      ENABLE_SCALABILITY:
+        description: 'Enable Scalability (WAF only, opt-in)'
+        required: false
+        type: string
+        default: 'false'
       AZURE_ENV_EXISTING_LOG_ANALYTICS_WORKSPACE_RID:
         required: false
         type: string
@@ -182,16 +187,32 @@ jobs:
           echo "✅ All input parameters validated successfully!"
 
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure Parameters Based on WAF Setting
         shell: bash
         env:
-          WAF_ENABLED: ${{ inputs.WAF_ENABLED }}
+          INPUT_WAF_ENABLED: ${{ inputs.WAF_ENABLED }}
+          INPUT_ENABLE_SCALABILITY: ${{ inputs.ENABLE_SCALABILITY }}
         run: |
-          if [[ "$WAF_ENABLED" == "true" ]]; then
+          set -euo pipefail
+          if [[ "$INPUT_WAF_ENABLED" == "true" ]]; then
             cp infra/main.waf.parameters.json infra/main.parameters.json
             echo "✅ Successfully copied WAF parameters to main parameters file"
+            SCALABILITY_VALUE="${INPUT_ENABLE_SCALABILITY:-false}"
+            if [[ "$SCALABILITY_VALUE" != "true" && "$SCALABILITY_VALUE" != "false" ]]; then
+              echo "❌ ERROR: ENABLE_SCALABILITY must be 'true' or 'false', got: '$SCALABILITY_VALUE'"
+              exit 1
+            fi
+            echo "🔧 Setting enableScalability=${SCALABILITY_VALUE}"
+            tmpfile=$(mktemp)
+            if ! jq --argjson v "$SCALABILITY_VALUE" '.parameters.enableScalability.value = $v' infra/main.parameters.json > "$tmpfile"; then
+              echo "❌ ERROR: jq failed to update enableScalability in infra/main.parameters.json"
+              rm -f "$tmpfile"
+              exit 1
+            fi
+            mv "$tmpfile" infra/main.parameters.json
+            echo "✅ enableScalability set to ${SCALABILITY_VALUE}"
           else
             echo "🔧 Configuring Non-WAF deployment - using default main.parameters.json..."
           fi