138: Add Azure Deployment Script Functionality (#168)

* Net new azure deployment script resources and related updates

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: devorekristen <[email protected]>
Co-authored-by: Phong Cao <[email protected]>
Co-authored-by: Hannah K <[email protected]>
Co-authored-by: Matt Dotson <[email protected]>
Co-authored-by: mattdot <[email protected]>
Co-authored-by: Eduardo Sanchez <[email protected]>
Co-authored-by: mawasile <[email protected]>
Co-authored-by: Copilot <[email protected]>

Author: 9 people

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
     "name": "Azure Developer CLI",
-    "image": "mcr.microsoft.com/devcontainers/go:1.4.1-bullseye",    
+    "image": "mcr.microsoft.com/devcontainers/go:1.4.1-bullseye",
     "features": {
         // terraform and az (required for auth) are installed by default
         // See https://containers.dev/features for list of features
@@ -11,7 +11,6 @@
         "ghcr.io/devcontainers/features/terraform:1": {
             "installTFsec": true
         },
-        "ghcr.io/azure/azure-dev/azd:latest": {},
         "ghcr.io/devcontainers/features/dotnet:2": {
             "version": "8.0"
         },
@@ -36,7 +35,8 @@
                 "ms-azuretools.vscode-azureterraform",
                 "terraform-linters.tflint-vscode",
                 "microsoft-IsvExpTools.powerplatform-vscode",
-                "ms-vscode.azurecli"
+                "ms-vscode.azurecli",
+                "bierner.markdown-mermaid"
                 // Include other VSCode extensions if needed
                 // Right click on an extension inside VSCode to add directly to devcontainer.json, or copy the extension ID
             ],

.github/instructions/copilot-instructions.md renamed to .github/copilot-instructions.md

@@ -1,3 +1,7 @@
+# Copilot Instructions
+
+## Project Overview
+
 This repository implements an enterprise-grade integration between Microsoft Copilot Studio and Azure AI Search using Terraform infrastructure as code and Azure Developer CLI for deployment.
 
 We use Terraform with the Azure Provider for all infrastructure provisioning, following a modular structure with separate files for different service types (main.ai.tf, main.search.tf, main.network.tf, etc.).
@@ -32,7 +36,11 @@ We implement retry logic and exponential backoff for transient failures in Power
 
 We use GitHub Actions workflows with federated identity credentials for CI/CD, avoiding long-lived secrets.
 
-## Terraform Best Practices
+We name our feature branches using the following format: mcs/<github user name>/<issue number>-<short-description>
+
+## Coding Guidelines
+
+### Terraform Best Practices
 
 - Use `snake_case` for all variable, resource, and module names.
 - Use double quotes (`"`) for strings, not single quotes.
@@ -66,6 +74,7 @@ We use GitHub Actions workflows with federated identity credentials for CI/CD, a
 - Use lifecycle rules like `create_before_destroy` with caution.
 - Never store secrets in plain text in `.tf` files.
 - Do not commit `.tfstate`, `.tfvars`, or `.terraform/` folders.
+- Every .tf file should end with a single blank after the last non-blank line.
 
 ## Testing
 
@@ -132,4 +141,3 @@ azd down             # Destroy all provisioned resources
 - Use remote state (e.g., Azure Storage backend) to avoid local state file conflicts.
 - Use `outputs.tf` to export values required by `azd` to deploy and configure services.
 - Reference service-level variables via `${azurerm_...}` resources in outputs for app service bindings.
-- We name our feature branches using the following format: mcs/<github user name>/<issue number>-<short-description>

.github/workflows/azure-dev.yml

@@ -34,6 +34,7 @@ jobs:
       AZURE_ENV_NAME: ${{ github.event.inputs.azd_environment_name || 'CICD' }}
       AZURE_LOCATION: ${{ github.event.inputs.azure_location || 'eastus' }}
 
+
     steps:
       - name: Checkout the branch ${{ github.ref_name }}
         uses: actions/checkout@v4
@@ -50,6 +51,7 @@ jobs:
         with:
           terraform_version: 1.9.0
 
+
       - name: Install TFLint
         uses: terraform-linters/setup-tflint@v4
         with:
@@ -83,17 +85,14 @@ jobs:
       - name: Install Checkov
         run: pip install checkov
 
+
       - name: Login to Azure with Federated Identity
         uses: azure/login@v2
         with:
           client-id: ${{ vars.AZURE_CLIENT_ID }}
           tenant-id: ${{ vars.AZURE_TENANT_ID }}
           subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
 
-      - name: Authenticate with Azure Developer CLI
-        run: |
-          azd auth login --client-id ${{ vars.AZURE_CLIENT_ID }} --tenant-id ${{ vars.AZURE_TENANT_ID }} --federated-credential-provider "github"
-
       - name: Provision Infrastructure
         env:
           POWER_PLATFORM_USE_CLI: false
@@ -128,6 +127,14 @@ jobs:
           azd env set RS_CONTAINER_NAME $env:RS_CONTAINER_NAME
           azd env set RS_RESOURCE_GROUP $env:RS_RESOURCE_GROUP
 
+          azd env set GITHUB_PAT $env:GITHUB_PAT
+          azd env set GITHUB_REPO_OWNER $env:GITHUB_REPO_OWNER
+          azd env set GITHUB_REPO_NAME $env:GITHUB_REPO_NAME
+          azd env set GITHUB_RUNNER_IMAGE_NAME $env:GITHUB_RUNNER_IMAGE_NAME
+          azd env set GITHUB_RUNNER_IMAGE_TAG $env:GITHUB_RUNNER_IMAGE_TAG
+          azd env set GITHUB_RUNNER_IMAGE_BRANCH $env:GITHUB_RUNNER_IMAGE_BRANCH
+
+
           azd env set GITHUB_PAT $env:GITHUB_PAT
           azd env set GITHUB_REPO_OWNER $env:GITHUB_REPO_OWNER
           azd env set GITHUB_REPO_NAME $env:GITHUB_REPO_NAME
@@ -137,6 +144,7 @@ jobs:
 
           azd provision --no-prompt
 
+
       - uses: actions/upload-artifact@v4
         if: success() || failure()
         with:
@@ -150,11 +158,13 @@ jobs:
         with:
           sarif_file: ./gitleaks-report.sarif
 
+
       - name: Upload Checkov SARIF Report to GitHub
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ./checkov-results.sarif/results_sarif.sarif
 
+
       - name: Azd down
         if: ${{ github.event.inputs.run_azd_down == true }}
         env:

.github/workflows/test-runner.yaml

@@ -48,7 +48,7 @@ jobs:
           echo "Create a new virtual environment"
           python3 -m venv .copilot_venv
 
-      - name: Run `data/upload_data.py` script
+      - name: Run `search/upload_data.py` script
         run: |
           echo "Activate the virtual environment"
           source .copilot_venv/bin/activate

.gitignore

@@ -445,6 +445,7 @@ terraform.rc
 # Checkov & Gitleaks reports
 *.sarif
 
+# Lint results
 # Lint results
 infra_lint_res.xml
 

README.md

@@ -159,7 +159,7 @@ The steps below will provision Azure and Power Platform resources and will deplo
 1. Login to your Power Platform:
 
     ```shell
-    pac auth create --name az-cli-auth --applicationId <SP_CLIENT_ID> --clientSecret <SP_SECRET> --tenant <TENANT_ID>
+    pac auth create --name az-cli-auth --applicationId <SP_CLIENT_ID> --clientSecret <SP_SECRET> --tenant <TENANT_ID> --accept-cleartext-caching
     export POWER_PLATFORM_USE_CLI="true"
     ```