Eliminates the Terraform workflow for remote state setup, which is no longer needed.

Updates documentation to clarify the configuration for GitHub runners, ensuring users have accurate guidance for setting up and using self-hosted runners effectively.

This streamlines the CI/CD process and removes potential confusion for new users.

Update Gitleaks scanning for newly initialized templates with no remote branch set.

update gitignore to avoid including sensitive data in cicd/.ssh/
cicd/.ssh/* as terraform backend and GH runner code will be executed locally per the updated guidance

Author: HadwaAbdelhalem

.github/workflows/setup-remote-state.yml

@@ -501,4 +501,17 @@ power_platform_deployment_settings
 
 .external_modules/
 
-*.sln
+*.sln
+
+# Ignore SSH keys and certificates (security sensitive)
+cicd/.ssh/
+cicd/.ssh/*
+**/.ssh/
+*.pem
+*.key
+*_rsa
+*_dsa
+*_ecdsa
+*_ed25519
+*.p12
+*.pfx

.gitignore

@@ -6,32 +6,38 @@ network security.
 
 ## Table of Contents
 
-- [Features](#features)
-- [Architecture](#architecture)
-  - [Key Architecture Components](#key-architecture-components)
-- [Account & License Requirements](#account--license-requirements)
-  - [User Configuration](#user-configuration)
-- [Getting Started](#getting-started)
-  - [GitHub Codespaces](#github-codespaces)
-  - [VS Code Dev Containers](#vs-code-dev-containers)
-  - [Local Environment](#local-environment)
-  - [Deploying](#deploying)
-  - [Using the Bot](#using-the-bot)
-  - [Clean Up](#clean-up)
-- [Testing](#testing)
-  - [Copilot Studio Agent Test](#copilot-studio-agent-test)
-  - [AI Search Test (Optional)](#ai-search-test-optional)
-- [Advanced Scenarios](#advanced-scenarios)
-  - [GitHub Self-Hosted Runners](#github-self-hosted-runners)
-  - [Bring Your Own Networking](#bring-your-own-networking)
-  - [Custom Resource Group](#custom-resource-group)
-- [Additional Considerations](#additional-considerations)
-  - [Security Considerations](#security-considerations)
-  - [Production Readiness](#production-readiness)
-- [Resources](#resources)
-- [Data Collection](#data-collection)
-- [Responsible AI](#responsible-ai)
-- [Getting Help](#getting-help)
+- [Copilot Studio with Azure AI Search](#copilot-studio-with-azure-ai-search)
+  - [Table of Contents](#table-of-contents)
+  - [Features](#features)
+  - [Architecture](#architecture)
+    - [Key Architecture Components](#key-architecture-components)
+  - [Account \& License Requirements](#account--license-requirements)
+    - [User Configuration](#user-configuration)
+  - [Getting Started](#getting-started)
+    - [GitHub Codespaces](#github-codespaces)
+    - [VS Code Dev Containers](#vs-code-dev-containers)
+    - [Local Environment](#local-environment)
+    - [Deploying](#deploying)
+    - [Using the Bot](#using-the-bot)
+    - [Clean Up](#clean-up)
+  - [Testing](#testing)
+    - [Copilot Studio Agent Test](#copilot-studio-agent-test)
+      - [Running Tests After Local Deployment Execution](#running-tests-after-local-deployment-execution)
+      - [Running Tests with Manual Environment Variable Configuration](#running-tests-with-manual-environment-variable-configuration)
+    - [AI Search Test (Optional)](#ai-search-test-optional)
+      - [Prerequisites for AI Search Tests](#prerequisites-for-ai-search-tests)
+      - [Running AI Search Tests Locally](#running-ai-search-tests-locally)
+  - [Advanced Scenarios](#advanced-scenarios)
+    - [GitHub Self-Hosted Runners](#github-self-hosted-runners)
+    - [Bring Your Own Networking](#bring-your-own-networking)
+    - [Custom Resource Group](#custom-resource-group)
+  - [Additional Considerations](#additional-considerations)
+    - [Security Considerations](#security-considerations)
+    - [Production Readiness](#production-readiness)
+  - [Resources](#resources)
+  - [Data Collection](#data-collection)
+  - [Responsible AI](#responsible-ai)
+  - [Getting Help](#getting-help)
 
 ## Features
 
@@ -161,6 +167,7 @@ A related option is VS Code Dev Containers, which will open the project in your
     ```
 
     Note that this command will initialize a git repository, so you do not need to clone this repository.
+    This will also create a new folder with the environment name you entered though the cmd steps in the `.azure` folder. It will also set it as the default environment for any calls to `azd` going forward.
 
 ### Deploying
 
@@ -181,14 +188,6 @@ The steps below will provision Azure and Power Platform resources and will deplo
 
     *Note: the `pac auth create` command may return a warning about being unable to connect to a Dataverse organization. This is expected, and will not impact the deployment.*
 
-1. Create a new azd environment:
-
-    ```shell
-    azd env new
-    ```
-
-    This will create a new folder in the `.azure` folder, and set it as the active environment for any calls to `azd` going forward.
-
 1. Set you internative testing user.
   
     ```shell
@@ -197,7 +196,7 @@ The steps below will provision Azure and Power Platform resources and will deplo
 
     Set this value to the Azure Entra ID object ID of the primary administrator or developer who will manage and modify the deployed solution resources in the future. This user will be granted administrative access to the Power Platform resources (such as bot ownership and environment management) and will have visibility into the Azure resources provisioned by this deployment. Replace `entraid_user_object_id` with the actual object ID of the intended admin or developer.
 
-1. Deploy your infrastructure
+3. Deploy your infrastructure
 
     ```shell
     azd up

README.md

@@ -35,8 +35,10 @@ function Run-Gitleaks {
 
     $SourcePath = (Get-Location)
 
-    # Get current git branch
+    # Get current git branch and check if repository has commits
     $currentBranch = $null
+    $hasCommits = $false
+    
     try {
         Write-Host "Getting current git branch..."
         $currentBranch = git branch --show-current
@@ -45,6 +47,19 @@ function Run-Gitleaks {
             $currentBranch = "unknown"
         } else {
             Write-Host "Current git branch: $currentBranch"
+            
+            # Check if the repository has any commits
+            try {
+                git rev-parse HEAD 2>$null | Out-Null
+                if ($LASTEXITCODE -eq 0) {
+                    $hasCommits = $true
+                    Write-Host "Repository has commits, will use branch reference in log options."
+                } else {
+                    Write-Host "Repository has no commits yet, will skip branch reference in log options."
+                }
+            } catch {
+                Write-Host "Cannot determine commit history, will skip branch reference in log options."
+            }
         }
     } catch {
         Write-Warning "Error getting git branch: $_"
@@ -61,8 +76,8 @@ function Run-Gitleaks {
         "--log-level", "$LogLevel"
     )
 
-    # Only add log-opts if we have a valid branch name.
-    if ($currentBranch -ne "unknown") {
+    # Only add log-opts if we have a valid branch name and the repository has commits.
+    if ($currentBranch -ne "unknown" -and $hasCommits) {
         $cmdOptions += "--log-opts"
         $cmdOptions += "$currentBranch"
     }

azd-hooks/scripts/hooks/preprovision/run_gitleaks.ps1

@@ -48,6 +48,7 @@ hooks:
       continueOnError: false
       interactive: false
       run: azd-hooks/scripts/hooks/postpackage/postpackage.ps1
-      pipeline:
-        variables:
-          - RESOURCE_SHARE_USER
+pipeline:
+  variables:
+    - RESOURCE_SHARE_USER
+    - ACTIONS_RUNNER_NAME

azure.yaml

@@ -32,12 +32,15 @@ This configuration creates:
 
    ```json
    {
-     "subscription_id": "your-subscription-id",
-     "location": "East US",
-     "github_token": "your-github-token",
-     "github_owner": "Azure-Samples",
-     "github_repository": "Copilot-Studio-with-Azure-AI-Search"
-   }
+    "subscription_id": "YOUR_SUBSCRIPTION_ID",
+    "location": "West US",
+    "github_runner_config": {
+      "repo_owner": "YOUR_REPO_OWNER",
+      "repo_name": "YOUR_REPO_NAME",
+    },
+    "github_runner_registration_token": "YOUR_GITHUB_RUNNER_TOKEN_HERE"
+
+  }
    ```
 
 3. Initialize and apply:
@@ -50,21 +53,34 @@ This configuration creates:
 
 ## Backend Configuration
 
-After deployment, use the output values to configure your Terraform backend in other projects:
+After deployment, use the output to set the remote state values for your template.
 
 ```hcl
-terraform {
-  backend "azurerm" {
-    storage_account_name = "sttfstate<random>"
-    container_name       = "tfstate"
-    key                  = "terraform.tfstate"
-    resource_group_name  = "rg-tfstate-<random>"
-    subscription_id      = "your-subscription-id"
-    use_azuread_auth     = true
-  }
+backend_config = {
+  "container_name" = "CONTAINER_NAME"
+  "resource_group_name" = "RESOURCE_GROUP_NAME"
+  "storage_account_name" = "STORAGE_ACCOUNT_NAME"
+  "subscription_id" = "SUBSCRIPTION_ID"
 }
 ```
 
+   ```shell
+    # Set the remote state variables
+    azd env set RS_STORAGE_ACCOUNT 'STORAGE_ACCOUNT_NAME'
+    azd env set RS_CONTAINER_NAME 'CONTAINER_NAME'
+    azd env set RS_RESOURCE_GROUP 'RESOURCE_GROUP_NAME'
+
+    # Direct  jobs to the new runner by setting a repo variable used by your workflows for `runs-on` selection
+    azd env set ACTIONS_RUNNER_NAME ['self-hosted']
+    
+    # Update the template to use remote backend
+    azd hooks run prepackage
+    ```
+
+  - `ACTIONS_RUNNER_NAME`: set to `['self-hosted']` (JSON array syntax) to target any self-hosted runner
+
+Note: The runner VM registers with labels like `self-hosted,vm,<resource-group>,<location>,<unique-id>`. You can narrow job placement further by including those additional labels in your `runs-on` matrix if desired.
+
 ## Security Features
 
 - Private storage account (no public access)
@@ -81,16 +97,5 @@ This configuration automatically sets up GitHub repository variables for CI/CD p
 - `RS_RESOURCE_GROUP`: Name of the resource group containing the storage account
 - `RS_CONTAINER_NAME`: Name of the storage container for Terraform state
 
-These variables can be used in GitHub Actions workflows to configure Terraform backend settings.
-
-## Environment Variables Alternative
+These variables will be used in GitHub Actions workflows to configure Terraform backend settings.
 
-Instead of using `terraform.tfvars.json`, you can set environment variables:
-
-```bash
-export TF_VAR_subscription_id="your-subscription-id"
-export TF_VAR_location="East US"
-export TF_VAR_github_token="your-github-token"
-export TF_VAR_github_owner="Azure-Samples"
-export TF_VAR_github_repository="Copilot-Studio-with-Azure-AI-Search"
-```

cicd/README.md

@@ -1,6 +1,14 @@
 {
   "subscription_id": "00000000-0000-0000-0000-000000000000",
-  "location": "East US",
-  "github_owner": "Azure-Samples",
-  "github_repository": "Copilot-Studio-with-Azure-AI-Search"
+  "location": "West US",
+  "github_runner_config": {
+    "repo_owner": "YOUR_REPO_OWNER",
+    "repo_name": "YOUR_REPO_NAME",
+    "runner_type": "vm",
+    "runner_name": "azure-runner",
+    "runner_group": "default",
+    "vm_size": "Standard_D2s_v3",
+    "vm_os_type": "linux"
+  },
+  "github_runner_registration_token": "YOUR_GITHUB_RUNNER_TOKEN_HERE"
 }