fix: downmerge from main to dev

[Priyanka-Microsoft]

Purpose

• ...
  This pull request introduces significant improvements to the deployment automation for the repository by adding new modular workflows, enhancing input validation, and updating Azure authentication methods. The changes focus on making deployments more robust, maintainable, and secure, particularly for Azure-based environments.

The most important changes are:

1. New Modular Deployment Workflows

• Added a new orchestrator workflow (deploy-orchestrator.yml) that coordinates deployment, end-to-end testing, notifications, and cleanup steps, allowing for more flexible and reusable deployment pipelines.
• Introduced a new main workflow (deploy-v2.yml) that validates inputs and delegates execution to the orchestrator, supporting multiple triggers (push, schedule, workflow_dispatch) and a wide range of configuration options.

2. Input Validation Enhancements

• Implemented a dedicated validation job in deploy-v2.yml to rigorously check all workflow input parameters (region, resource group name, booleans, test options, URLs, etc.), ensuring only valid configurations proceed to deployment.

3. Azure Authentication and Permissions Updates

• Switched Azure authentication in CI workflows to use the azure/login GitHub Action with OIDC tokens, improving security and simplifying credential management. [1] [2] [3] [4]
• Updated workflow permissions to explicitly grant only the necessary access (id-token: write, contents: read, actions: read). [1] [2]

4. Tool Installation and Maintenance Improvements

• Replaced inline installation of Azure CLI and Azure Developer CLI with official GitHub Actions (Azure/setup-azd@v2), reducing maintenance overhead and improving reliability. [1] [2]

5. Minor Cleanups and Security

• Removed unnecessary Azure service principal secrets from environment variables, relying on OIDC authentication instead. [1] [2]
• Made post-deployment script execution more robust by allowing it to continue on error, preventing workflow failures due to non-critical issues.
• Cleaned up tags and comments in deployment scripts for clarity and compliance.

These changes collectively modernize the CI/CD pipeline, improve security, and make deployments easier to configure and troubleshoot.

Does this introduce a breaking change?

• Yes
• No

Golden Path Validation

• I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

• I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

• ...

Other Information