diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml index 93aa7483..23bed8a2 100644 --- a/.github/workflows/azure-dev.yml +++ b/.github/workflows/azure-dev.yml @@ -25,7 +25,6 @@ jobs: id: validation env: AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} AZURE_ENV_NAME: ${{ secrets.AZURE_ENV_NAME }} diff --git a/.github/workflows/deploy-orchestrator.yml b/.github/workflows/deploy-orchestrator.yml index 22c4d073..8a9f9083 100644 --- a/.github/workflows/deploy-orchestrator.yml +++ b/.github/workflows/deploy-orchestrator.yml @@ -1,9 +1,5 @@ name: Deployment orchestrator -permissions: - contents: read - actions: read - on: workflow_call: inputs: diff --git a/.github/workflows/deploy-linux.yml b/.github/workflows/deploy-v2.yml similarity index 91% rename from .github/workflows/deploy-linux.yml rename to .github/workflows/deploy-v2.yml index d5d4b737..2d7234d6 100644 --- a/.github/workflows/deploy-linux.yml +++ b/.github/workflows/deploy-v2.yml @@ -1,6 +1,7 @@ -name: Deploy-Test-Cleanup (v2) Linux +name: Deploy-Test-Cleanup (v2) permissions: + id-token: write contents: read actions: read on: @@ -14,6 +15,14 @@ on: - hotfix workflow_dispatch: inputs: + runner_os: + description: 'Deployment Environment' + required: false + type: choice + options: + - 'codespace' + - 'Local' + default: 'codespace' azure_location: description: 'Azure Location For Deployment' required: false @@ -90,6 +99,7 @@ jobs: runs-on: ubuntu-latest outputs: validation_passed: ${{ steps.validate.outputs.passed }} + runner_os: ${{ steps.validate.outputs.runner_os }} azure_location: ${{ steps.validate.outputs.azure_location }} resource_group_name: ${{ steps.validate.outputs.resource_group_name }} waf_enabled: ${{ steps.validate.outputs.waf_enabled }} @@ -105,6 +115,7 @@ jobs: id: validate shell: bash env: + INPUT_RUNNER_OS: ${{ github.event.inputs.runner_os }} INPUT_AZURE_LOCATION: ${{ github.event.inputs.azure_location }} INPUT_RESOURCE_GROUP_NAME: ${{ github.event.inputs.resource_group_name }} INPUT_WAF_ENABLED: ${{ github.event.inputs.waf_enabled }} @@ -118,6 +129,20 @@ jobs: run: | echo "🔍 Validating workflow input parameters..." VALIDATION_FAILED=false + + # Resolve runner_os from Deployment Environment selection + DEPLOY_ENV="${INPUT_RUNNER_OS:-codespace}" + if [[ "$DEPLOY_ENV" == "codespace" ]]; then + RUNNER_OS="ubuntu-latest" + echo "✅ Deployment Environment: 'codespace' → runner: ubuntu-latest" + elif [[ "$DEPLOY_ENV" == "Local" ]]; then + RUNNER_OS="windows-latest" + echo "✅ Deployment Environment: 'Local' → runner: windows-latest" + else + echo "❌ ERROR: Deployment Environment must be 'codespace' or 'Local', got: '$DEPLOY_ENV'" + VALIDATION_FAILED=true + RUNNER_OS="ubuntu-latest" + fi # Validate azure_location (Azure region format) LOCATION="${INPUT_AZURE_LOCATION:-australiaeast}" @@ -241,6 +266,7 @@ jobs: # Output validated values echo "passed=true" >> $GITHUB_OUTPUT + echo "runner_os=$RUNNER_OS" >> $GITHUB_OUTPUT echo "azure_location=$LOCATION" >> $GITHUB_OUTPUT echo "resource_group_name=$INPUT_RESOURCE_GROUP_NAME" >> $GITHUB_OUTPUT echo "waf_enabled=$WAF_ENABLED" >> $GITHUB_OUTPUT @@ -257,7 +283,7 @@ jobs: if: needs.validate-inputs.outputs.validation_passed == 'true' uses: ./.github/workflows/deploy-orchestrator.yml with: - runner_os: ubuntu-latest + runner_os: ${{ needs.validate-inputs.outputs.runner_os || 'ubuntu-latest' }} azure_location: ${{ needs.validate-inputs.outputs.azure_location || 'australiaeast' }} resource_group_name: ${{ needs.validate-inputs.outputs.resource_group_name || '' }} waf_enabled: ${{ needs.validate-inputs.outputs.waf_enabled == 'true' }} diff --git a/.github/workflows/deploy-waf.yml b/.github/workflows/deploy-waf.yml index a879b200..a035fae9 100644 --- a/.github/workflows/deploy-waf.yml +++ b/.github/workflows/deploy-waf.yml @@ -1,6 +1,7 @@ name: Validate WAF Deployment v4 permissions: + id-token: write contents: read actions: read on: @@ -13,6 +14,7 @@ on: jobs: deploy: runs-on: ubuntu-latest + environment: production env: GPT_MIN_CAPACITY: 1 O4_MINI_MIN_CAPACITY: 1 @@ -21,12 +23,16 @@ jobs: - name: Checkout Code uses: actions/checkout@v4 + - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Run Quota Check id: quota-check env: - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} GPT_MIN_CAPACITY: ${{ env.GPT_MIN_CAPACITY }} O4_MINI_MIN_CAPACITY: ${{ env.O4_MINI_MIN_CAPACITY }} @@ -66,10 +72,6 @@ jobs: echo "Selected Region: $VALID_REGION" echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV - - name: Login to Azure - run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} - - name: Install Bicep CLI run: az bicep install diff --git a/.github/workflows/deploy-windows.yml b/.github/workflows/deploy-windows.yml deleted file mode 100644 index b1ed8e93..00000000 --- a/.github/workflows/deploy-windows.yml +++ /dev/null @@ -1,272 +0,0 @@ -name: Deploy-Test-Cleanup (v2) Windows - -permissions: - contents: read - actions: read -on: - # workflow_run: - # workflows: ["Build Docker and Optional Push v3"] - # types: - # - completed - # branches: - # - main - # - dev-v3 - # - hotfix - workflow_dispatch: - inputs: - azure_location: - description: 'Azure Location For Deployment' - required: false - default: 'australiaeast' - type: choice - options: - - 'australiaeast' - - 'centralus' - - 'eastasia' - - 'eastus2' - - 'japaneast' - - 'northeurope' - - 'southeastasia' - - 'uksouth' - resource_group_name: - description: 'Resource Group Name (Optional)' - required: false - default: '' - type: string - - waf_enabled: - description: 'Enable WAF' - required: false - default: false - type: boolean - EXP: - description: 'Enable EXP' - required: false - default: false - type: boolean - build_docker_image: - description: 'Build & Push Docker Image (Optional)' - required: false - default: false - type: boolean - - cleanup_resources: - description: 'Cleanup Deployed Resources' - required: false - default: false - type: boolean - - run_e2e_tests: - description: 'Run End-to-End Tests' - required: false - default: 'GoldenPath-Testing' - type: choice - options: - - 'GoldenPath-Testing' - - 'Smoke-Testing' - - 'None' - - AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: - description: 'Log Analytics Workspace ID (Optional)' - required: false - default: '' - type: string - AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: - description: 'AI Project Resource ID (Optional)' - required: false - default: '' - type: string - existing_webapp_url: - description: 'Existing WebApp URL (Skips Deployment)' - required: false - default: '' - type: string - - # schedule: - # - cron: '0 11,23 * * *' # Runs at 11:00 AM and 11:00 PM GMT - -jobs: - validate-inputs: - runs-on: ubuntu-latest - outputs: - validation_passed: ${{ steps.validate.outputs.passed }} - azure_location: ${{ steps.validate.outputs.azure_location }} - resource_group_name: ${{ steps.validate.outputs.resource_group_name }} - waf_enabled: ${{ steps.validate.outputs.waf_enabled }} - exp: ${{ steps.validate.outputs.exp }} - build_docker_image: ${{ steps.validate.outputs.build_docker_image }} - cleanup_resources: ${{ steps.validate.outputs.cleanup_resources }} - run_e2e_tests: ${{ steps.validate.outputs.run_e2e_tests }} - azure_env_log_analytics_workspace_id: ${{ steps.validate.outputs.azure_env_log_analytics_workspace_id }} - azure_existing_ai_project_resource_id: ${{ steps.validate.outputs.azure_existing_ai_project_resource_id }} - existing_webapp_url: ${{ steps.validate.outputs.existing_webapp_url }} - steps: - - name: Validate Workflow Input Parameters - id: validate - shell: bash - env: - INPUT_AZURE_LOCATION: ${{ github.event.inputs.azure_location }} - INPUT_RESOURCE_GROUP_NAME: ${{ github.event.inputs.resource_group_name }} - INPUT_WAF_ENABLED: ${{ github.event.inputs.waf_enabled }} - INPUT_EXP: ${{ github.event.inputs.EXP }} - INPUT_BUILD_DOCKER_IMAGE: ${{ github.event.inputs.build_docker_image }} - INPUT_CLEANUP_RESOURCES: ${{ github.event.inputs.cleanup_resources }} - INPUT_RUN_E2E_TESTS: ${{ github.event.inputs.run_e2e_tests }} - INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ github.event.inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }} - INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ github.event.inputs.AZURE_EXISTING_AI_PROJECT_RESOURCE_ID }} - INPUT_EXISTING_WEBAPP_URL: ${{ github.event.inputs.existing_webapp_url }} - run: | - echo "🔍 Validating workflow input parameters..." - VALIDATION_FAILED=false - - # Validate azure_location (Azure region format) - LOCATION="${INPUT_AZURE_LOCATION:-australiaeast}" - - if [[ ! "$LOCATION" =~ ^[a-z0-9]+$ ]]; then - echo "❌ ERROR: azure_location '$LOCATION' is invalid. Must contain only lowercase letters and numbers" - VALIDATION_FAILED=true - else - echo "✅ azure_location: '$LOCATION' is valid" - fi - - # Validate resource_group_name (Azure naming convention, optional) - if [[ -n "$INPUT_RESOURCE_GROUP_NAME" ]]; then - if [[ ! "$INPUT_RESOURCE_GROUP_NAME" =~ ^[a-zA-Z0-9._\(\)-]+$ ]] || [[ "$INPUT_RESOURCE_GROUP_NAME" =~ \.$ ]]; then - echo "❌ ERROR: resource_group_name '$INPUT_RESOURCE_GROUP_NAME' is invalid. Must contain only alphanumerics, periods, underscores, hyphens, and parentheses. Cannot end with period." - VALIDATION_FAILED=true - elif [[ ${#INPUT_RESOURCE_GROUP_NAME} -gt 90 ]]; then - echo "❌ ERROR: resource_group_name '$INPUT_RESOURCE_GROUP_NAME' exceeds 90 characters (length: ${#INPUT_RESOURCE_GROUP_NAME})" - VALIDATION_FAILED=true - else - echo "✅ resource_group_name: '$INPUT_RESOURCE_GROUP_NAME' is valid" - fi - else - echo "✅ resource_group_name: Not provided (will be auto-generated)" - fi - - # Validate waf_enabled (boolean) - WAF_ENABLED="${INPUT_WAF_ENABLED:-false}" - if [[ "$WAF_ENABLED" != "true" && "$WAF_ENABLED" != "false" ]]; then - echo "❌ ERROR: waf_enabled must be 'true' or 'false', got: '$WAF_ENABLED'" - VALIDATION_FAILED=true - else - echo "✅ waf_enabled: '$WAF_ENABLED' is valid" - fi - - # Validate EXP (boolean) - EXP_ENABLED="${INPUT_EXP:-false}" - if [[ "$EXP_ENABLED" != "true" && "$EXP_ENABLED" != "false" ]]; then - echo "❌ ERROR: EXP must be 'true' or 'false', got: '$EXP_ENABLED'" - VALIDATION_FAILED=true - else - echo "✅ EXP: '$EXP_ENABLED' is valid" - fi - - # Validate build_docker_image (boolean) - BUILD_DOCKER="${INPUT_BUILD_DOCKER_IMAGE:-false}" - if [[ "$BUILD_DOCKER" != "true" && "$BUILD_DOCKER" != "false" ]]; then - echo "❌ ERROR: build_docker_image must be 'true' or 'false', got: '$BUILD_DOCKER'" - VALIDATION_FAILED=true - else - echo "✅ build_docker_image: '$BUILD_DOCKER' is valid" - fi - - # Validate cleanup_resources (boolean) - CLEANUP_RESOURCES="${INPUT_CLEANUP_RESOURCES:-false}" - if [[ "$CLEANUP_RESOURCES" != "true" && "$CLEANUP_RESOURCES" != "false" ]]; then - echo "❌ ERROR: cleanup_resources must be 'true' or 'false', got: '$CLEANUP_RESOURCES'" - VALIDATION_FAILED=true - else - echo "✅ cleanup_resources: '$CLEANUP_RESOURCES' is valid" - fi - - # Validate run_e2e_tests (specific allowed values) - TEST_OPTION="${INPUT_RUN_E2E_TESTS:-GoldenPath-Testing}" - if [[ "$TEST_OPTION" != "GoldenPath-Testing" && "$TEST_OPTION" != "Smoke-Testing" && "$TEST_OPTION" != "None" ]]; then - echo "❌ ERROR: run_e2e_tests must be one of: GoldenPath-Testing, Smoke-Testing, None, got: '$TEST_OPTION'" - VALIDATION_FAILED=true - else - echo "✅ run_e2e_tests: '$TEST_OPTION' is valid" - fi - - # Validate AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID (optional, Azure Resource ID format) - if [[ -n "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" ]]; then - if [[ ! "$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/providers/[Mm]icrosoft\.[Oo]perational[Ii]nsights/[Ww]orkspaces/[^/]+$ ]]; then - echo "❌ ERROR: AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID is invalid. Must be a valid Azure Resource ID format:" - echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}" - echo " Got: '$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID'" - VALIDATION_FAILED=true - else - echo "✅ AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: Valid Resource ID format" - fi - else - echo "✅ AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: Not provided (optional)" - fi - - # Validate AZURE_EXISTING_AI_PROJECT_RESOURCE_ID (optional, Azure Resource ID format) - if [[ -n "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" ]]; then - if [[ ! "$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" =~ ^/subscriptions/[a-fA-F0-9-]+/[Rr]esource[Gg]roups/[^/]+/providers/([Mm]icrosoft\.[Mm]achine[Ll]earning[Ss]ervices/([Ww]orkspaces|[Pp]rojects)/[^/]+|[Mm]icrosoft\.[Cc]ognitive[Ss]ervices/[Aa]ccounts/[^/]+/[Pp]rojects/[^/]+)$ ]]; then - echo "❌ ERROR: AZURE_EXISTING_AI_PROJECT_RESOURCE_ID is invalid. Must be a valid Azure Resource ID format:" - echo " /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.CognitiveServices/accounts/{accountName}/projects/{projectName}" - echo " Got: '$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID'" - VALIDATION_FAILED=true - else - echo "✅ AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: Valid Resource ID format" - fi - else - echo "✅ AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: Not provided (optional)" - fi - - # Validate existing_webapp_url (optional, must start with https) - if [[ -n "$INPUT_EXISTING_WEBAPP_URL" ]]; then - if [[ ! "$INPUT_EXISTING_WEBAPP_URL" =~ ^https:// ]]; then - echo "❌ ERROR: existing_webapp_url must start with 'https://', got: '$INPUT_EXISTING_WEBAPP_URL'" - VALIDATION_FAILED=true - else - echo "✅ existing_webapp_url: '$INPUT_EXISTING_WEBAPP_URL' is valid" - fi - else - echo "✅ existing_webapp_url: Not provided (will perform deployment)" - fi - - # Fail workflow if any validation failed - if [[ "$VALIDATION_FAILED" == "true" ]]; then - echo "" - echo "❌ Parameter validation failed. Please correct the errors above and try again." - exit 1 - fi - - echo "" - echo "✅ All input parameters validated successfully!" - - # Output validated values - echo "passed=true" >> $GITHUB_OUTPUT - echo "azure_location=$LOCATION" >> $GITHUB_OUTPUT - echo "resource_group_name=$INPUT_RESOURCE_GROUP_NAME" >> $GITHUB_OUTPUT - echo "waf_enabled=$WAF_ENABLED" >> $GITHUB_OUTPUT - echo "exp=$EXP_ENABLED" >> $GITHUB_OUTPUT - echo "build_docker_image=$BUILD_DOCKER" >> $GITHUB_OUTPUT - echo "cleanup_resources=$CLEANUP_RESOURCES" >> $GITHUB_OUTPUT - echo "run_e2e_tests=$TEST_OPTION" >> $GITHUB_OUTPUT - echo "azure_env_log_analytics_workspace_id=$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" >> $GITHUB_OUTPUT - echo "azure_existing_ai_project_resource_id=$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" >> $GITHUB_OUTPUT - echo "existing_webapp_url=$INPUT_EXISTING_WEBAPP_URL" >> $GITHUB_OUTPUT - - Run: - needs: validate-inputs - if: needs.validate-inputs.outputs.validation_passed == 'true' - uses: ./.github/workflows/deploy-orchestrator.yml - with: - runner_os: windows-latest - azure_location: ${{ needs.validate-inputs.outputs.azure_location || 'australiaeast' }} - resource_group_name: ${{ needs.validate-inputs.outputs.resource_group_name || '' }} - waf_enabled: ${{ needs.validate-inputs.outputs.waf_enabled == 'true' }} - EXP: ${{ needs.validate-inputs.outputs.exp == 'true' }} - build_docker_image: ${{ needs.validate-inputs.outputs.build_docker_image == 'true' }} - cleanup_resources: ${{ needs.validate-inputs.outputs.cleanup_resources == 'true' }} - run_e2e_tests: ${{ needs.validate-inputs.outputs.run_e2e_tests || 'GoldenPath-Testing' }} - AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ needs.validate-inputs.outputs.azure_env_log_analytics_workspace_id || '' }} - AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ needs.validate-inputs.outputs.azure_existing_ai_project_resource_id || '' }} - existing_webapp_url: ${{ needs.validate-inputs.outputs.existing_webapp_url || '' }} - trigger_type: ${{ github.event_name }} - secrets: inherit diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e3550c5b..202b3347 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,6 +1,7 @@ name: Validate Deployment v4 permissions: + id-token: write contents: read actions: read on: @@ -24,6 +25,7 @@ env: jobs: deploy: runs-on: ubuntu-latest + environment: production outputs: RESOURCE_GROUP_NAME: ${{ steps.check_create_rg.outputs.RESOURCE_GROUP_NAME }} WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }} @@ -34,12 +36,16 @@ jobs: - name: Checkout Code uses: actions/checkout@v4 + - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Run Quota Check id: quota-check env: - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} GPT_MIN_CAPACITY: ${{ env.GPT_MIN_CAPACITY }} O4_MINI_MIN_CAPACITY: ${{ env.O4_MINI_MIN_CAPACITY }} @@ -79,10 +85,6 @@ jobs: echo "Selected Region: $VALID_REGION" echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV - - name: Login to Azure - run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} - - name: Install Bicep CLI run: az bicep install @@ -212,13 +214,19 @@ jobs: if: always() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' needs: [deploy, e2e-test] runs-on: ubuntu-latest + environment: production env: RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }} steps: - name: Login to Azure - run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} - az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}" + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Set Azure Subscription + run: az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}" - name: Extract AI Services and Key Vault Names if: always() diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index d9301a6d..54b79a62 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -45,12 +45,14 @@ on: workflow_dispatch: permissions: + id-token: write contents: read actions: read jobs: build-and-push: runs-on: ubuntu-latest + environment: production steps: - name: Checkout repository @@ -59,13 +61,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log in to Azure Container Registry + - name: Login to Azure if: ${{ github.ref_name == 'main' || github.ref_name == 'dev-v4'|| github.ref_name == 'demo-v4' || github.ref_name == 'hotfix' }} - uses: azure/docker-login@v2 + uses: azure/login@v2 with: - login-server: ${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io' }} - username: ${{ secrets.ACR_USERNAME }} - password: ${{ secrets.ACR_PASSWORD }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Log in to Azure Container Registry + if: ${{ github.ref_name == 'main' || github.ref_name == 'dev-v4'|| github.ref_name == 'demo-v4' || github.ref_name == 'hotfix' }} + run: az acr login --name ${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io' }} - name: Get current date id: date diff --git a/.github/workflows/job-cleanup-deployment.yml b/.github/workflows/job-cleanup-deployment.yml index e1afa455..48c2586b 100644 --- a/.github/workflows/job-cleanup-deployment.yml +++ b/.github/workflows/job-cleanup-deployment.yml @@ -1,8 +1,5 @@ name: Cleanup Deployment Job -permissions: - contents: read - actions: read on: workflow_call: inputs: @@ -49,6 +46,7 @@ jobs: cleanup-deployment: runs-on: ${{ inputs.runner_os }} continue-on-error: true + environment: production env: RESOURCE_GROUP_NAME: ${{ inputs.RESOURCE_GROUP_NAME }} AZURE_LOCATION: ${{ inputs.AZURE_LOCATION }} @@ -58,10 +56,15 @@ jobs: steps: - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Set Azure Subscription shell: bash - run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} - az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} + run: az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Delete Resource Group (Optimized Cleanup) id: delete_rg diff --git a/.github/workflows/job-deploy-linux.yml b/.github/workflows/job-deploy-linux.yml index f941a202..60c5458e 100644 --- a/.github/workflows/job-deploy-linux.yml +++ b/.github/workflows/job-deploy-linux.yml @@ -1,9 +1,5 @@ name: Deploy Steps - Linux -permissions: - contents: read - actions: read - on: workflow_call: inputs: @@ -49,6 +45,7 @@ on: jobs: deploy-linux: runs-on: ubuntu-latest + environment: production env: AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }} outputs: @@ -206,13 +203,19 @@ jobs: - name: Install azd uses: Azure/setup-azd@v2 + - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Login to AZD id: login-azure shell: bash run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} - azd auth login --client-id ${{ secrets.AZURE_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CLIENT_SECRET }} --tenant-id ${{ secrets.AZURE_TENANT_ID }} + azd auth login --client-id "${{ secrets.AZURE_CLIENT_ID }}" --federated-credential-provider "github" --tenant-id "${{ secrets.AZURE_TENANT_ID }}" - name: Deploy using azd up and extract values (Linux) id: get_output_linux diff --git a/.github/workflows/job-deploy-windows.yml b/.github/workflows/job-deploy-windows.yml index 1ee301d5..030c9619 100644 --- a/.github/workflows/job-deploy-windows.yml +++ b/.github/workflows/job-deploy-windows.yml @@ -1,9 +1,5 @@ name: Deploy Steps - Windows -permissions: - contents: read - actions: read - on: workflow_call: inputs: @@ -48,6 +44,7 @@ on: jobs: deploy-windows: runs-on: windows-latest + environment: production env: AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }} outputs: @@ -205,13 +202,19 @@ jobs: - name: Install azd uses: Azure/setup-azd@v2 + - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Login to AZD id: login-azure shell: bash run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} - azd auth login --client-id ${{ secrets.AZURE_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CLIENT_SECRET }} --tenant-id ${{ secrets.AZURE_TENANT_ID }} + azd auth login --client-id "${{ secrets.AZURE_CLIENT_ID }}" --federated-credential-provider "github" --tenant-id "${{ secrets.AZURE_TENANT_ID }}" - name: Deploy using azd up and extract values (Windows) diff --git a/.github/workflows/job-deploy.yml b/.github/workflows/job-deploy.yml index 2046488e..7a8f32e3 100644 --- a/.github/workflows/job-deploy.yml +++ b/.github/workflows/job-deploy.yml @@ -1,9 +1,5 @@ name: Deploy Job -permissions: - contents: read - actions: read - on: workflow_call: inputs: @@ -112,6 +108,7 @@ jobs: name: Azure Setup if: inputs.trigger_type != 'workflow_dispatch' || inputs.existing_webapp_url == '' || inputs.existing_webapp_url == null runs-on: ubuntu-latest + environment: production outputs: RESOURCE_GROUP_NAME: ${{ steps.check_create_rg.outputs.RESOURCE_GROUP_NAME }} ENV_NAME: ${{ steps.generate_env_name.outputs.ENV_NAME }} @@ -290,17 +287,19 @@ jobs: uses: actions/checkout@v4 - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Set Azure Subscription shell: bash - run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} - az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} + run: az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Run Quota Check id: quota-check env: - AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} GPT_MIN_CAPACITY: ${{ env.GPT_MIN_CAPACITY }} O4_MINI_MIN_CAPACITY: ${{ env.O4_MINI_MIN_CAPACITY }} diff --git a/.github/workflows/job-docker-build.yml b/.github/workflows/job-docker-build.yml index b62fdf68..71e7a42b 100644 --- a/.github/workflows/job-docker-build.yml +++ b/.github/workflows/job-docker-build.yml @@ -1,7 +1,4 @@ name: Docker Build Job -permissions: - contents: read - actions: read on: workflow_call: inputs: @@ -26,6 +23,7 @@ jobs: docker-build: if: inputs.trigger_type == 'workflow_dispatch' && inputs.build_docker_image == true runs-on: ubuntu-latest + environment: production outputs: IMAGE_TAG: ${{ steps.generate_docker_tag.outputs.IMAGE_TAG }} steps: @@ -49,12 +47,15 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log in to Azure Container Registry - uses: azure/docker-login@v2 + - name: Login to Azure + uses: azure/login@v2 with: - login-server: ${{ secrets.ACR_TEST_LOGIN_SERVER }} - username: ${{ secrets.ACR_TEST_USERNAME }} - password: ${{ secrets.ACR_TEST_PASSWORD }} + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Log in to Azure Container Registry + run: az acr login --name ${{ secrets.ACR_TEST_LOGIN_SERVER }} - name: Build and optionally push Backend Docker image uses: docker/build-push-action@v6 diff --git a/.github/workflows/job-send-notification.yml b/.github/workflows/job-send-notification.yml index 06ec6d8b..5b062a89 100644 --- a/.github/workflows/job-send-notification.yml +++ b/.github/workflows/job-send-notification.yml @@ -1,7 +1,4 @@ name: Send Notification Job -permissions: - contents: read - actions: read on: workflow_call: inputs: diff --git a/.github/workflows/test-automation-v2.yml b/.github/workflows/test-automation-v2.yml index 07267617..394adbe5 100644 --- a/.github/workflows/test-automation-v2.yml +++ b/.github/workflows/test-automation-v2.yml @@ -37,6 +37,7 @@ env: jobs: test: runs-on: ubuntu-latest + environment: production outputs: TEST_SUCCESS: ${{ steps.test1.outcome == 'success' || steps.test2.outcome == 'success' || steps.test3.outcome == 'success' }} TEST_REPORT_URL: ${{ steps.upload_report.outputs.artifact-url }} @@ -50,9 +51,11 @@ jobs: python-version: '3.13' - name: Login to Azure - run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} - az account set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Install dependencies run: | diff --git a/.github/workflows/test-automation.yml b/.github/workflows/test-automation.yml index 0982bab4..4a893c4c 100644 --- a/.github/workflows/test-automation.yml +++ b/.github/workflows/test-automation.yml @@ -1,5 +1,9 @@ name: Test Automation MACAE +permissions: + id-token: write + contents: read + on: workflow_dispatch: workflow_call: @@ -26,6 +30,7 @@ on: jobs: test: runs-on: ubuntu-latest + environment: production env: MACAE_WEB_URL: ${{ inputs.MACAE_WEB_URL }} MACAE_URL_API: ${{ inputs.MACAE_URL_API }} @@ -45,7 +50,9 @@ jobs: - name: Azure CLI Login uses: azure/login@v2 with: - creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}' + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} # - name: Start Container App # uses: azure/cli@v2 diff --git a/README.md b/README.md index 6987bc51..0b70701c 100644 --- a/README.md +++ b/README.md @@ -194,6 +194,15 @@ Check out similar solution accelerators
+💡 Want to get familiar with Microsoft's AI and Data Engineering best practices? Check out our playbooks to learn more + +| Playbook | Description | +|:---|:---| +| [AI playbook](https://learn.microsoft.com/en-us/ai/playbook/) | The Artificial Intelligence (AI) Playbook provides enterprise software engineers with solutions, capabilities, and code developed to solve real-world AI problems. | +| [Data playbook](https://learn.microsoft.com/en-us/data-engineering/playbook/understanding-data-playbook) | The data playbook provides enterprise software engineers with solutions which contain code developed to solve real-world problems. Everything in the playbook is developed with, and validated by, some of Microsoft's largest and most influential customers and partners. | + +
+ ## Provide feedback Have questions, find a bug, or want to request a feature? [Submit a new issue](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator/issues) on this repo and we'll connect. diff --git a/docs/TroubleShootingSteps.md b/docs/TroubleShootingSteps.md index afc573f0..99c9172d 100644 --- a/docs/TroubleShootingSteps.md +++ b/docs/TroubleShootingSteps.md @@ -58,6 +58,7 @@ Use these as quick reference guides to unblock your deployments. | Issue/Error Code | Description | Steps to Resolve | |-----------------|-------------|------------------| | **InternalSubscriptionIsOverQuotaForSku/
ManagedEnvironmentProvisioningError** | Subscription quota exceeded for the requested SKU | Quotas are applied per resource group, subscriptions, accounts, and other scopes. For example, your subscription might be configured to limit the number of vCPUs for a region. If you attempt to deploy a virtual machine with more vCPUs than the permitted amount, you receive an error that the quota was exceeded.

For PowerShell, use the `Get-AzVMUsage` cmdlet to find virtual machine quotas:
`Get-AzVMUsage -Location "West US"`

Based on available quota you can deploy application otherwise, you can request for more quota | +| **ServiceQuotaExceeded** | Free tier service quota limit reached for Azure AI Search | This error occurs when you attempt to deploy an Azure AI Search service but have already reached the **free tier quota limit** for your subscription. Each Azure subscription is limited to **one free tier Search service**.

**Example error message:**
`ServiceQuotaExceeded: Operation would exceed 'free' tier service quota. You are using 1 out of 1 'free' tier service quota.`

**Common causes:**

**Resolution:**

**Reference:**
| | **InsufficientQuota** | Not enough quota available in subscription | | | **MaxNumberOfRegionalEnvironmentsInSubExceeded** | Maximum Container App Environments limit reached for region |This error occurs when you attempt to create more **Azure Container App Environments** than the regional quota limit allows for your subscription. Each Azure region has a specific limit on the number of Container App Environments that can be created per subscription.

**Common Causes:**

**Resolution:**

**Reference:**
| | **SkuNotAvailable** | Requested SKU not available in selected location or zone | You receive this error in the following scenarios:
| @@ -88,6 +89,7 @@ Use these as quick reference guides to unblock your deployments. | **ServiceUnavailable/ResourceNotFound** | Service unavailable or restricted in selected region | | | **ResourceOperationFailure/
ProvisioningDisabled** | Resource provisioning restricted or disabled in region | | | **RedundancyConfigurationNotAvailableInRegion** | Redundancy configuration not supported in selected region | | +| **NoRegisteredProviderFound** | Unsupported API version for resource type in specified location | This error occurs when you attempt to deploy an Azure resource using an **API version that is not supported** for the specified resource type and location.

**Example error message:**
`NoRegisteredProviderFound: No registered resource provider found for location 'westeurope' and API version '2020-06-30' for type 'searchServices'. The supported api-versions are '2014-07-31-Preview, 2015-02-28, 2015-08-19, 2019-10-01-Preview, 2020-03-13, 2020-08-01, 2020-08-01-Preview, 2021-04-01-Preview, 2021-06-06-Preview, 2022-09-01, 2023-11-01, 2024-03-01-Preview, 2024-06-01-Preview, 2025-02-01-Preview, 2025-05-01'.`

**Common causes:**

**Resolution:**

**Reference:**
| -------------------------------- @@ -119,6 +121,9 @@ Use these as quick reference guides to unblock your deployments. |-----------------|-------------|------------------| | **NetcfgSubnetRangeOutsideVnet** | Subnet IP range outside virtual network address space | | | **DisableExport_PublicNetworkAccessMustBeDisabled** | Public network access must be disabled when export is disabled | | +| **VMSizeIsNotPermittedToEnableAcceleratedNetworking** | VM size does not support accelerated networking | This error occurs when you attempt to enable accelerated networking on a VM size that does not support it.

**How to reproduce:**

**Resolution:**
| +**NetworkSecurityGroupNotCompliantForAzureBastionSubnet** / **SecurityRuleParameterContainsUnsupportedValue** | NSG rules blocking required Azure Bastion ports | This error occurs when the Network Security Group (NSG) attached to `AzureBastionSubnet` explicitly denies inbound TCP ports 443 and/or 4443, which Azure Bastion requires for management and tunneling.

**How to reproduce:**

**Resolution:**
| +| **RouteTableCannotBeAttachedForAzureBastionSubnet** | Route table attached to Azure Bastion subnet | This error occurs because Azure Bastion subnet (`AzureBastionSubnet`) has a platform restriction that prevents route tables from being attached.

**How to reproduce:**

**Resolution:**
| --------------------------------- @@ -129,6 +134,9 @@ Use these as quick reference guides to unblock your deployments. | **InvalidRequestContent** | Deployment contains unrecognized or missing required values | | | **Conflict - Cannot use the SKU Basic with File Change Audit for site** | File Change Audit not supported on Basic SKU | | | **AccountPropertyCannotBeUpdated** | Read-only property cannot be modified after creation | The property **`isHnsEnabled`** (Hierarchical Namespace for Data Lake Gen2) is **read-only** and can only be set during **storage account creation**. Once a storage account is created, this property **cannot be updated**. Trying to update it via ARM template, Bicep, CLI, or Portal will fail.

**Resolution:**
| +| **Conflict - Local authentication is disabled** | App Configuration store has local authentication disabled but application is using local auth mode | This error occurs when your Azure App Configuration store has **local authentication disabled** (`disableLocalAuth: true`) but your application is trying to access it using **connection strings or access keys** instead of **Azure AD/Managed Identity authentication**.

**Example error message:**
`The operation cannot be performed because the configuration store is using local authentication mode and local authentication is disabled. To enable access to data plane resources while local authentication is disabled, please use pass-through authentication mode.`

**Common causes:**

**Resolution:**

**Reference:**
| +| **PropertyChangeNotAllowed** | Immutable VM property cannot be changed after creation | This error occurs when you attempt to modify an immutable property (such as `osProfile.adminUsername`) on an existing VM.

**Cause (Azure Limitation):**
Once a VM is created, the `osProfile.adminUsername` property is immutable and cannot be changed. If you modify the VM username or password in the template and redeploy, this issue will occur.

**Resolution:**

**Note:** Some VM properties are immutable by design. Always plan credential and configuration changes before initial deployment. | + ---------------------------------- @@ -140,7 +148,8 @@ Use these as quick reference guides to unblock your deployments. | **AccountProvisioningStateInvalid** | Resource used before provisioning completed | | | **BadRequest - DatabaseAccount is in a failed provisioning state because the previous attempt to create it was not successful** | Database account failed to provision previously | | | **ServiceDeleting** | Cannot provision service because deletion is still in progress | This error occurs when you attempt to create an Azure Search service with the same name as one that is currently being deleted. Azure Search services have a **soft-delete period** during which the service name remains reserved.

**Common causes:**

**Resolution:**
| - +| **FailedIdentityOperation / ManagedEnvironmentScheduledForDelete** | Identity operation failed due to pending delete or resource conflict | This error occurs when you attempt to create or update an Azure Container Apps Managed Environment while it has a **pending delete operation** or the resource already exists in a conflicting state.

**Example error messages:**
`FailedIdentityOperation: Identity operation for resource failed with error 'Failed to perform resource identity operation. Status: 'Conflict'. Response: 'Request specified that resource is new, but resource already exists. This may be due to a pending delete operation, try again later.'`

`ManagedEnvironmentScheduledForDelete: The environment 'cae-xxx' is under deletion. Please retry the creation with new name or wait for the deletion completed.`

**Common causes:**

**Resolution:**

**Reference:**
| +| **BadRequest - Parent account does not provision correctly** | Parent AI Services/Cognitive Services account failed to provision | This error occurs when a **child resource** (such as an AI project, model deployment, or other dependent resource) attempts to be created on a **parent Cognitive Services/AI Services account** that has **failed to provision** or is in an incomplete state.

**Example error message:**
`Parent account does not provision correctly, please retry creating the account.`

**Common causes:**

**Resolution:**

**Reference:**
| --------------------------------- ## Miscellaneous @@ -150,6 +159,9 @@ Use these as quick reference guides to unblock your deployments. | **DeploymentModelNotSupported/
ServiceModelDeprecated/
InvalidResourceProperties** | Model not supported or deprecated in selected region | | | **FlagMustBeSetForRestore/
NameUnavailable/
CustomDomainInUse** | Soft-deleted resource requires restore flag or purge | This error occurs when you try to deploy a Cognitive Services resource that was **soft-deleted** earlier. Azure requires you to explicitly set the **`restore` flag** to `true` if you want to recover the soft-deleted resource. If you don't want to restore the resource, you must **purge the deleted resource** first before redeploying.

**Example causes:**

**How to fix:**
| | **ContainerAppOperationError** | Container image build or deployment issue | | +| **LinkedAuthorizationFailed** | Service principal lacks permission to use a linked resource required for deployment | This error occurs when a service principal doesn't have permission to perform an action on a linked resource that is required for the operation (e.g., cluster creation).

**Common causes:**

**Resolution:**
| +| **ContainerOperationFailure** | Container image or storage resource does not exist | This error occurs when an operation fails because the **specified container resource does not exist**. This can happen with Azure Container Registry images or Azure Storage blob containers.

**Example error message:**
`ContainerOperationFailure: The specified resource does not exist. RequestId:xxxxx Time:xxxxx`

**Common causes:**

**Resolution:**

**Reference:**
| + --------------------------------- diff --git a/infra/scripts/checkquota.sh b/infra/scripts/checkquota.sh index 6fcb6461..b7981571 100644 --- a/infra/scripts/checkquota.sh +++ b/infra/scripts/checkquota.sh @@ -7,16 +7,6 @@ SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}" GPT_MIN_CAPACITY="${GPT_MIN_CAPACITY}" O4_MINI_MIN_CAPACITY="${O4_MINI_MIN_CAPACITY}" GPT41_MINI_MIN_CAPACITY="${GPT41_MINI_MIN_CAPACITY}" -AZURE_CLIENT_ID="${AZURE_CLIENT_ID}" -AZURE_TENANT_ID="${AZURE_TENANT_ID}" -AZURE_CLIENT_SECRET="${AZURE_CLIENT_SECRET}" - -# Authenticate using Managed Identity -echo "Authentication using Managed Identity..." -if ! az login --service-principal -u "$AZURE_CLIENT_ID" -p "$AZURE_CLIENT_SECRET" --tenant "$AZURE_TENANT_ID"; then - echo "❌ Error: Failed to login using Managed Identity." - exit 1 -fi echo "🔄 Validating required environment variables..." if [[ -z "$SUBSCRIPTION_ID" || -z "$REGIONS" ]]; then diff --git a/tests/e2e-test/tests/test_MACAE_Smoke_test.py b/tests/e2e-test/tests/test_MACAE_Smoke_test.py index e3f0b39c..4ea37b8e 100644 --- a/tests/e2e-test/tests/test_MACAE_Smoke_test.py +++ b/tests/e2e-test/tests/test_MACAE_Smoke_test.py @@ -11,7 +11,6 @@ logger = logging.getLogger(__name__) -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") @pytest.mark.gp def test_macae_v4_gp_workflow(login_logout, request): """ @@ -449,7 +448,6 @@ def test_macae_v4_gp_workflow(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") def test_validate_source_text_not_visible(login_logout, request): """ Validate that source text is not visible after retail customer response. @@ -577,7 +575,6 @@ def test_validate_source_text_not_visible(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") def test_rai_validation_unable_to_create_plan(login_logout, request): """ Validate RAI (Responsible AI) validation for 'Unable to create plan' message across all 5 teams. @@ -770,7 +767,6 @@ def test_rai_validation_unable_to_create_plan(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") def test_rai_validation_in_clarification(login_logout, request): """ Validate RAI (Responsible AI) validation for 'Unable to create plan' message in clarification input. @@ -896,7 +892,6 @@ def test_rai_validation_in_clarification(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") def test_cancel_button_all_teams(login_logout, request): """ Validate cancel button functionality across all 5 teams. @@ -1093,7 +1088,6 @@ def test_cancel_button_all_teams(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") @pytest.mark.cancel def test_cancel_functionality_all_teams(login_logout, request): """ @@ -1264,7 +1258,6 @@ def test_cancel_functionality_all_teams(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") @pytest.mark.rai def test_rai_prompt_in_clarification(login_logout, request): """ @@ -1366,7 +1359,6 @@ def test_rai_prompt_in_clarification(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") @pytest.mark.rai def test_rai_prompts_all_teams(login_logout, request): """ @@ -1492,7 +1484,6 @@ def test_rai_prompts_all_teams(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") @pytest.mark.input_validation def test_chat_input_validation(login_logout, request): """ @@ -1609,7 +1600,6 @@ def test_chat_input_validation(login_logout, request): raise -@pytest.mark.skip(reason="Skipping - running only test_cross_team_agent_validation") @pytest.mark.duplicate_teams def test_duplicate_team_entries(login_logout, request): """