Merge branch 'dev' into hb-bug-23482

Author: Harsh-Microsoft

.github/workflows/ci.yml

@@ -25,12 +25,17 @@ jobs:
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+      PRINCIPAL_ID: ${{ secrets.PRINCIPAL_ID }}
+      PRINCIPAL_NAME: ${{ secrets.PRINCIPAL_NAME }}
+      PRINCIPAL_TYPE: 'ServicePrincipal'
 
     outputs:
       imageTag: ${{ steps.set-image-tag.outputs.imageTag }}
       web_url: ${{ steps.extract-urls.outputs.web_url }}
       admin_url: ${{ steps.extract-urls.outputs.admin_url }}
       DEPLOYMENT_SUCCESS: ${{ steps.final-status.outputs.DEPLOYMENT_SUCCESS }}
+      resource_group: ${{ steps.check_create_rg.outputs.RESOURCE_GROUP_NAME }}
+      solution_suffix: ${{ steps.generate_solution_prefix.outputs.SOLUTION_SUFFIX }}
 
     steps:
       - name: Checkout code
@@ -203,6 +208,9 @@ jobs:
                               DISABLE_AUTHENTICATION=true
                               NO_AUTH=true
                               SKIP_AUTH=true
+                              PRINCIPAL_ID
+                              PRINCIPAL_NAME
+                              PRINCIPAL_TYPE
 
       - name: Extract URLs from deployment
         id: extract-urls
@@ -299,8 +307,6 @@ jobs:
 
                 echo "=== PostgreSQL Configuration Summary ==="
                 echo "Host Endpoint: $PG_HOST_DESTINATION"
-                echo "Username: admintest (hardcoded)"
-                echo "Password: Initial_0524 (hardcoded)"
                 echo "Database: postgres (hardcoded)"
                 echo "Port: 5432 (hardcoded)"
 
@@ -311,19 +317,28 @@ jobs:
 
       - name: Install Python dependencies
         run: |
-                pip install psycopg2-binary python-dotenv
-
+                pip install psycopg2-binary python-dotenv azure-identity
 
       - name: Populate PostgreSQL Database
         run: |
           python - <<EOF
           import os
           import psycopg2
+          from azure.identity import ClientSecretCredential
+
+          tenant_id = os.environ["AZURE_TENANT_ID"]
+          client_id = os.environ["AZURE_CLIENT_ID"]
+          client_secret = os.environ["AZURE_CLIENT_SECRET"]
+          pg_host = os.environ.get("PG_HOST_DESTINATION", "localhost")
+
+          # Acquire Azure AD access token for PostgreSQL
+          credential = ClientSecretCredential(tenant_id, client_id, client_secret)
+          token = credential.get_token("https://ossrdbms-aad.database.windows.net/.default").token
 
           db_params = {
-              "user": "admintest",
-              "password": "Initial_0524",
-              "host": os.environ.get("PG_HOST_DESTINATION", "localhost"),
+              "user": client_id,   # Use service principal clientId
+              "password": token,   # Use AAD token instead of password
+              "host": pg_host,
               "port": "5432",
               "dbname": "postgres",
               "sslmode": "require"
@@ -343,8 +358,10 @@ jobs:
           except Exception as e:
               print(f"❌ Error during import: {e}")
           EOF
-
-
+        env:
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
 
       - name: Final Status Check
         id: final-status
@@ -386,9 +403,10 @@ jobs:
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
       AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
-      AZURE_ENV_NAME: ${{ github.run_id }}
+      AZURE_ENV_NAME: ${{ needs.deploy.outputs.solution_suffix }}  # Get from deploy job
       AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
       imageTag: ${{ needs.deploy.outputs.imageTag }}
+      AZURE_RESOURCE_GROUP: ${{ needs.deploy.outputs.resource_group }}
 
     steps:
       - name: Checkout code
@@ -408,6 +426,7 @@ jobs:
             AZURE_SUBSCRIPTION_ID
             AZURE_ENV_NAME
             AZURE_LOCATION
+            AZURE_RESOURCE_GROUP
 
       - name: Send Notification on Failure
         if: failure()

.github/workflows/create-release.yml

@@ -1,6 +1,6 @@
 on:
   workflow_run:
-    workflows: ["CI"]
+    workflows: ["Validate Deployment"]
     types:
       - completed
 

Makefile

@@ -57,11 +57,6 @@ azd-login: ## 🔑 Login to Azure with azd and a SPN
 	@echo -e "\e[34m$@\e[0m" || true
 	@azd auth login --client-id ${AZURE_CLIENT_ID} --client-secret ${AZURE_CLIENT_SECRET} --tenant-id ${AZURE_TENANT_ID}
 
-azd-login: ## 🔑 Login to Azure with azd and a SPN
-	@echo -e "\e[34m$@\e[0m" || true
-	@azd auth login --client-id ${AZURE_CLIENT_ID} --client-secret ${AZURE_CLIENT_SECRET} --tenant-id ${AZURE_TENANT_ID}
-
-# Fixed Makefile section for deploy target
 # Fixed Makefile section for deploy target
 deploy: azd-login ## Deploy everything to Azure
 	@echo -e "\e[34m$@\e[0m" || true
@@ -126,15 +121,10 @@ deploy: azd-login ## Deploy everything to Azure
 		echo "$$PG_HOST_VAL" > pg_host.txt
 
 
-
-
-
 	@echo "=== PostgreSQL Configuration ==="
-	@echo "Username: admintest (hardcoded)"
 	@echo "Database: postgres (hardcoded)"
 	@echo "Port: 5432 (hardcoded)"
 	@echo "Host: $$(cat pg_host.txt 2>/dev/null || echo 'Not available')"
-	@echo "Password: Initial_0524 (hardcoded)"
 
 # Helper target to check current authentication status
 check-auth:
@@ -178,4 +168,5 @@ disable-auth-fixed:
 
 destroy: azd-login ## 🧨 Destroy everything in Azure
 	@echo -e "\e[34m$@\e[0m" || true
+	@azd env select $(AZURE_ENV_NAME) || true
 	@azd down --force --purge --no-prompt

docs/LOCAL_DEPLOYMENT.md

@@ -280,7 +280,7 @@ Execute the above [shell command](#L81) to run the function locally. You may nee
 |AZURE_SEARCH_TITLE_COLUMN||Field from your Azure AI Search index that gives a relevant title or header for your data content to display in the UI.|
 |AZURE_SEARCH_TOP_K|5|The number of documents to retrieve from Azure AI Search.|
 |AZURE_SEARCH_URL_COLUMN||Field from your Azure AI Search index that contains a URL for the document, e.g. an Azure Blob Storage URI. This value is not currently used.|
-|AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION ||Whether to use [Integrated Vectorization](https://learn.microsoft.com/en-us/azure/search/vector-search-integrated-vectorization)|
+|AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION ||Whether to use [Integrated Vectorization](https://learn.microsoft.com/en-us/azure/search/vector-search-integrated-vectorization). If the database type is PostgreSQL, set this to false.|
 |AZURE_SEARCH_USE_SEMANTIC_SEARCH|False|Whether or not to use semantic search|
 |AZURE_SPEECH_RECOGNIZER_LANGUAGES | en-US,fr-FR,de-DE,it-IT | Comma-separated list of languages to recognize from speech input|
 |AZURE_SPEECH_REGION_ENDPOINT | | The regional endpoint of the Azure Speech service|
@@ -299,7 +299,7 @@ Execute the above [shell command](#L81) to run the function locally. You may nee
 |OPEN_AI_FUNCTIONS_SYSTEM_PROMPT | | System prompt for OpenAI functions orchestration|
 |ORCHESTRATION_STRATEGY | openai_function | Orchestration strategy. Use Azure OpenAI Functions (openai_function), Semantic Kernel (semantic_kernel),  LangChain (langchain) or Prompt Flow (prompt_flow) for messages orchestration. If you are using a new model version 0613 select any strategy, if you are using a 0314 model version select "langchain". Note that both `openai_function` and `semantic_kernel` use OpenAI function calling. Prompt Flow option is still in development and does not support RBAC or integrated vectorization as of yet.|
 |SEMANTIC_KERNEL_SYSTEM_PROMPT | | System prompt used by the Semantic Kernel orchestration|
-|USE_ADVANCED_IMAGE_PROCESSING | false | Whether to enable the use of a vision LLM and Computer Vision for embedding images|
+|USE_ADVANCED_IMAGE_PROCESSING | false | Whether to enable the use of a vision LLM and Computer Vision for embedding images. If the database type is PostgreSQL, set this to false.|
 |USE_KEY_VAULT | true | Whether to use Azure Key Vault for storing secrets|
 
 ## Bicep

docs/TEAMS_LOCAL_DEPLOYMENT.md

@@ -29,16 +29,21 @@ Or use the [Azure Functions VS Code extension](https://marketplace.visualstudio.
 2. Open the file env\\.env.local
 3. Locate the environment variable _AZURE_FUNCTION_URL_.
 
-4. Replace the `<AZURE_FUNCTION_URL>` with your local Teams Backend URL (i.e., http://localhost:7071/api/GetConversationResponse)
+4. Update the environment variables in the file with your local development URLs:
+   - Replace the `<AZURE_FUNCTION_URL>` placeholder with your local Teams Backend Function URL: `http://localhost:7071/api/GetConversationResponse`
+   - Set the `AZURE_APP_API_BASE_URL` to your local API URL: `http://127.0.0.1:5050/`
+
     ```env
     AZURE_FUNCTION_URL=http://localhost:7071/api/GetConversationResponse
+    AZURE_APP_API_BASE_URL=http://127.0.0.1:5050/
     ```
     ![Env](images/teams-local-3.png)
 
 5. Save the file.
-6. Select Teams Toolkit from the navigation panel.
-7. Verify your signed into O365 and Azure with sideloading enabled.
-8. Select the "play" button next to Local.
+6. For local development, ensure that multitenant mode is enabled in the Teams extension. In `index.ts`, check that the `MicrosoftAppType` is set to "MultiTenant" instead of "SingleTenant"
+7. Select Teams Toolkit from the navigation panel.
+8. Verify your signed into O365 and Azure with sideloading enabled.
+9. Select the "play" button next to Local.
 
 ![Teams Toolkit](images/teams-local-2.png)
 

docs/advanced_image_processing.md

@@ -46,3 +46,5 @@ azd env set ADVANCED_IMAGE_PROCESSING_MAX_IMAGES 2
 ```
 
 Advanced image processing is only used in the `custom` conversation flow and not the `byod` flow, as Azure OpenAI On Your Data only supports Ada embeddings. It is currently not possible to use advanced image processing when integrated vectorization is enabled.
+
+Advanced image processing is not supported when deploying with PostgreSQL as the database type.

docs/integrated_vectorization.md

@@ -49,3 +49,5 @@ If you have a deployment with Integrated Vectorization enabled, and you want to
 ![Delete Search Index](images/delete-search-datasource.png)
 1. Run the command `azd env set AZURE_SEARCH_USE_INTEGRATED_VECTORIZATION false`
 1. Run `azd up`
+
+**NOTE**: Integrated vectorization is not supported when deploying with PostgreSQL as the database type.

docs/teams_extension.md

@@ -32,16 +32,17 @@ This extension enables users to experience Chat with your data within Teams, wit
 
 ![ENV](images/teams-1.png)
 
-4. Locate the environment variable _AZURE_FUNCTION_URL_.
-5. Replace the `<FUNCTION_APP_NAME>` and `<FUNCTION_KEY>` with your actual Function App name and function key
+4. Locate the environment variables _AZURE_FUNCTION_URL_ and _AZURE_APP_API_BASE_URL_.
+5. Replace the `<FUNCTION_APP_NAME>` and `<FUNCTION_KEY>` with your actual Function App name and function key, and replace `<APP-NAME>` with your actual App Service name
     ```env
     AZURE_FUNCTION_URL=https://<FUNCTION_APP_NAME>.azurewebsites.net/api/GetConversationResponse?code=<FUNCTION_KEY>
-
+    AZURE_APP_API_BASE_URL=https://<APP-NAME>.azurewebsites.net/
     ```
     ![Env](images/teams-deploy-env.png)
 6. Save the file.
 7. Select Teams Toolkit from the navigation panel.
 
+![Microsoft 365 Agents Toolkit in VS Code](images/teams-2.png)
 ![Microsoft 365 Agents Toolkit in VS Code](images/teams-2.png)
 
 8. Within the Microsoft 365 Agents Toolkit panel, login to the following accounts:

extensions/teams/cards/cardBuilder.ts

@@ -1,11 +1,12 @@
 import { Attachment, CardFactory } from "botbuilder";
 import { Citation, CardType } from "../model";
+import config from "../config";
 
 export function actionBuilder(citation: Citation, docId: number): any {
 
-    const urlParts = citation.url.split("]");
-    let url = urlParts[urlParts.length - 1].replaceAll("(", "").replaceAll(")", "");
     let title = citation.title.replaceAll("/documents/", "");
+    const filename = title;
+    let fileApiUrl = `${config.getFileEndpoint}/${filename}`;
     let content = citation.content.replaceAll(citation.title, "").replaceAll("url", "");
     content = content.replaceAll(/(<([^>]+)>)/ig, "\n").replaceAll("<>", "");
     let citationCardAction = {
@@ -37,7 +38,7 @@ export function actionBuilder(citation: Citation, docId: number): any {
                 {
                     type: CardType.OpenUrl,
                     title: "Go to the source",
-                    url: decodeURI(url),
+                    url: decodeURI(fileApiUrl),
                 }
             ]
         }

extensions/teams/config.ts

@@ -2,7 +2,11 @@ const config = {
   botId: process.env.BOT_ID,
   botPassword: process.env.BOT_PASSWORD,
   azureFunctionUrl: process.env.AZURE_FUNCTION_URL,
+  azureAppApiBaseUrl: process.env.AZURE_APP_API_BASE_URL,
   tenantId: process.env.TEAMS_APP_TENANT_ID,
+  getFileEndpoint: process.env.AZURE_APP_API_BASE_URL ?
+    `${process.env.AZURE_APP_API_BASE_URL}api/files` :
+    null,
 };
 
 export default config;