chore: dev to main merge#1050
Open
Akhileswara-Microsoft wants to merge 17 commits into
Open
Conversation
…/MACAE into psl-codeqlfixes
fix: update roleDefinitionIdOrName values to use GUIDs for Storage and Search roles.
chore: Reduce model capacity to 50k
ci: Refactor Docker workflow
chore: codeQL fixes
Akhileswara-Microsoft
requested review from
Avijit-Microsoft,
Fr4nc3,
Roopan-Microsoft,
aniaroramsft,
dgp10801,
marktayl1,
nchandhi and
toherman-msft
as code owners
Akhileswara-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Coverage Report •
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the solution accelerator’s deployment defaults and supporting automation/docs, primarily to reduce the default GPT-4.1 deployment capacity and harden/standardize deployment-related configuration (workflows + RBAC role assignments).
Changes:
- Reduced default GPT-4.1 capacity from 150k to 50k across infra templates, workflows, and quota-check tooling/docs.
- Updated Bicep role assignments to use explicit role definition GUIDs (instead of role names) for improved robustness.
- Adjusted GitHub Actions workflows to use
vars.ACR_TEST_LOGIN_SERVERfor ACR endpoints and refined Docker build workflow triggering/structure.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| src/tests/backend/v4/config/test_settings.py | Minor async test adjustments around cancelled task awaits. |
| src/tests/backend/common/database/test_database_base.py | Refactors the exception-handling context-manager test structure. |
| infra/scripts/quota_check_params.sh | Lowers default model capacity in the quota-check script. |
| infra/main.json | Regenerated ARM JSON template reflecting new defaults and Bicep generator version. |
| infra/main.bicep | Lowers GPT-4.1 capacity default and switches role assignments to GUIDs. |
| infra/main_custom.bicep | Mirrors main.bicep capacity + role GUID updates for the custom template. |
| docs/quota_check.md | Updates quota guidance and examples to reflect 50k capacity defaults. |
| docs/DeploymentGuide.md | Updates documented default quota configuration and recommendations. |
| docs/CustomizingAzdParameters.md | Updates documented default parameter value for GPT-4.1 capacity. |
| .github/workflows/job-docker-build.yml | Converts ACR endpoint to vars, adds manual trigger, and adjusts permissions/structure. |
| .github/workflows/job-deploy.yml | Updates quota minimum environment default for GPT capacity. |
| .github/workflows/job-deploy-windows.yml | Switches ACR endpoint reference from secrets to vars. |
| .github/workflows/job-deploy-linux.yml | Switches ACR endpoint reference from secrets to vars. |
| .github/workflows/deploy.yml | Updates quota minimum environment default for GPT capacity. |
| .github/workflows/deploy-orchestrator.yml | Moves docker-build conditional logic to the caller and simplifies invocation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
fix: Fix model version in document (Copilot comment fix)
Roopan-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
This pull request makes several important updates to the deployment configuration, focusing on lowering the default GPT-4.1 model capacity from 150k to 50k tokens, updating documentation and templates to reflect this change, and improving security and maintainability in deployment workflows by switching from secrets to environment variables for Azure Container Registry (ACR) access and clarifying role assignments.
Model Capacity Reduction and Documentation Updates:
Lowered the default GPT-4.1 model capacity from 150k to 50k tokens across Bicep templates (
infra/main.bicep,infra/main.json), workflow files, and all related documentation. This includes updating default values, usage instructions, and quota check scripts to ensure consistency and clarity for users.Deployment Workflow Security and Maintenance:
Switched from using GitHub secrets to environment variables (
vars) for referencing the ACR login server in all relevant workflow files, improving maintainability and aligning with best practices for workflow configuration.Updated the Docker build workflow to clarify its purpose, add manual trigger support (
workflow_dispatch), and set appropriate permissions for GitHub Actions OIDC authentication.Role Assignment Improvements:
Workflow Logic and Template Updates:
These changes together improve the clarity, security, and maintainability of the deployment process while aligning documentation and infrastructure defaults with the new model capacity standard.
Does this introduce a breaking change?
Golden Path Validation
Deployment Validation
Other Information
This pull request makes several important updates to the deployment configuration, focusing on lowering the default GPT-4.1 model capacity from 150k to 50k tokens, improving Azure Container Registry (ACR) variable handling, and updating role assignments to use explicit GUIDs. These changes affect both the infrastructure code and documentation to ensure consistency and clarity for users and maintainers.
Model Capacity & Documentation Updates:
Azure Container Registry (ACR) Variable Handling:
secrets.ACR_TEST_LOGIN_SERVERtovars.ACR_TEST_LOGIN_SERVERthroughout workflow files for improved security and flexibility. This affects Docker build, deploy, and image tagging steps.Workflow and Job Configuration:
job-docker-build.ymlanddeploy-orchestrator.yml, simplifying the triggering and execution of Docker build jobs.Role Assignment Specification:
Infrastructure Template Updates:
infra/main.jsonwith Bicep v0.44.1, reflecting the above changes and updating template hashes and dependency order for improved reproducibility.These updates collectively streamline deployment, improve security and maintainability, and ensure the documentation matches the current configuration.