Merge branch 'main' into demo

Author: Roopan-Microsoft

.env.sample

@@ -22,8 +22,8 @@ AZURE_SEARCH_DATASOURCE_NAME=
 # Azure OpenAI for generating the answer and computing the embedding of the documents
 AZURE_OPENAI_RESOURCE=
 AZURE_OPENAI_API_KEY=
-AZURE_OPENAI_MODEL=gpt-35-turbo
-AZURE_OPENAI_MODEL_NAME=gpt-35-turbo
+AZURE_OPENAI_MODEL=gpt-4o
+AZURE_OPENAI_MODEL_NAME=gpt-4o
 AZURE_OPENAI_EMBEDDING_MODEL=text-embedding-ada-002
 AZURE_OPENAI_TEMPERATURE=0
 AZURE_OPENAI_TOP_P=1.0

.github/dependabot.yml

@@ -24,7 +24,7 @@ updates:
       langchain:
         patterns:
           - "langchain*"
-    open-pull-requests-limit: 50
+    open-pull-requests-limit: 100
     target-branch: "dependabotchanges"
   - package-ecosystem: "npm"
     directory: "/code/frontend"
@@ -34,7 +34,7 @@ updates:
 
     commit-message:
       prefix: "build"
-    open-pull-requests-limit: 50
+    open-pull-requests-limit: 100
     target-branch: "dependabotchanges"
   - package-ecosystem: "npm"
     directory: "/tests/integration/ui"
@@ -44,5 +44,5 @@ updates:
 
     commit-message:
       prefix: "build"
-    open-pull-requests-limit: 50
+    open-pull-requests-limit: 100
     target-branch: "dependabotchanges"

.github/workflows/bicep-audit.yml

@@ -1,12 +1,12 @@
 name: Validate bicep templates
 on:
   push:
-    branches: 
+    branches:
       - main
     paths:
       - "**/*.bicep"
   pull_request:
-    branches: 
+    branches:
       - main
     paths:
       - "**/*.bicep"

.github/workflows/build-docker-images.yml

@@ -1,4 +1,4 @@
-name: Build Docker Images
+name: Build Docker and Optional Push
 
 on:
   push:
@@ -12,11 +12,12 @@ on:
       - dev
       - demo
     types:
-    - opened
-    - ready_for_review
-    - reopened
-    - synchronize
+      - opened
+      - ready_for_review
+      - reopened
+      - synchronize
   merge_group:
+  workflow_dispatch:
 
 jobs:
   docker-build:
@@ -31,9 +32,11 @@ jobs:
             dockerfile: docker/Frontend.Dockerfile
     uses: ./.github/workflows/build-docker.yml
     with:
-      registry: ${{ github.ref_name == 'main' && 'fruoccopublic.azurecr.io' || 'cwydcontainerreg.azurecr.io'}}
-      username: ${{ github.ref_name == 'main' && 'fruoccopublic' || 'cwydcontainerreg'}}
+      old_registry: ${{ github.ref_name == 'main' && 'fruoccopublic.azurecr.io' }}
+      new_registry: 'cwydcontainerreg.azurecr.io'
+      old_username: ${{ github.ref_name == 'main' && 'fruoccopublic' }}
+      new_username: 'cwydcontainerreg'
       app_name: ${{ matrix.app_name }}
       dockerfile: ${{ matrix.dockerfile }}
-      push: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' }}
+      push: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo'|| github.ref_name == 'dependabotchanges' }}
     secrets: inherit

.github/workflows/build-docker.yml

@@ -3,10 +3,16 @@ name: Reusable Docker build and push workflow
 on:
   workflow_call:
     inputs:
-      registry:
+      old_registry:
         required: true
         type: string
-      username:
+      old_username:
+        required: true
+        type: string
+      new_registry:
+        required: true
+        type: string
+      new_username:
         required: true
         type: string
       app_name:
@@ -31,20 +37,30 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v4
 
-    - name: Docker Login
+    # Login for 'main' branch to both registries
+    - name: Docker Login to fruoccopublic (Main)
       if: ${{ inputs.push == true && github.ref_name == 'main' }}
       uses: docker/login-action@v3
       with:
-        registry: ${{ inputs.registry }}
-        username: ${{ inputs.username }}
+        registry: ${{ inputs.old_registry }}
+        username: ${{ inputs.old_username }}
         password: ${{ secrets.DOCKER_PASSWORD }}
 
-    - name: Dev Docker Login
+    - name: Docker Login to cwydcontainerreg (Main)
+      if: ${{ inputs.push == true && github.ref_name == 'main' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.new_registry }}
+        username: ${{ inputs.new_username }}
+        password: ${{ secrets.DEV_DOCKER_PASSWORD }}
+
+    # Login for 'dev' and 'demo' branches to cwydcontainerreg only
+    - name: Docker Login to cwydcontainerreg (Dev/Demo)
       if: ${{ inputs.push == true && (github.ref_name == 'dev' || github.ref_name == 'demo') }}
       uses: docker/login-action@v3
       with:
-        registry: ${{ inputs.registry }}
-        username: ${{ inputs.username }}
+        registry: ${{ inputs.new_registry }}
+        username: ${{ inputs.new_username }}
         password: ${{ secrets.DEV_DOCKER_PASSWORD }}
 
     - name: Set up Docker Buildx
@@ -54,13 +70,26 @@ jobs:
       id: date
       run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
 
-    - name: Build Docker Image and optionally push
+    - name: Build Docker Image and optionally push (Old Registry)
+      if: ${{ github.ref_name == 'main' }}
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ${{ inputs.dockerfile }}
+        push: ${{ inputs.push }}
+        cache-from: type=registry,ref=${{ inputs.old_registry }}/${{ inputs.app_name }}:${{ github.ref_name == 'main' && 'latest' || github.head_ref || github.ref_name }}
+        tags: |
+          ${{ inputs.old_registry }}/${{ inputs.app_name }}:${{ github.ref_name == 'main' && 'latest' || github.head_ref || 'default' }}
+          ${{ inputs.old_registry }}/${{ inputs.app_name }}:${{ steps.date.outputs.date }}_${{ github.run_number }}
+
+    - name: Build Docker Image and optionally push (New Registry)
+      if: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo'|| github.ref_name == 'dependabotchanges' }}
       uses: docker/build-push-action@v6
       with:
         context: .
         file: ${{ inputs.dockerfile }}
         push: ${{ inputs.push }}
-        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.app_name}}:${{ github.ref_name == 'main' && 'latest' || github.ref_name == 'dev' && 'dev' || github.ref_name == 'demo' && 'demo' || github.head_ref || github.ref_name }}
+        cache-from: type=registry,ref=${{ inputs.new_registry }}/${{ inputs.app_name }}:${{ github.ref_name == 'main' && 'latest' || github.ref_name == 'dev' && 'dev' || github.ref_name == 'demo' && 'demo'|| github.ref_name == 'dependabotchanges' && 'dependabotchanges' || github.head_ref || github.ref_name }}
         tags: |
-          ${{ inputs.registry }}/${{ inputs.app_name}}:${{ github.ref_name == 'main' && 'latest' || github.ref_name == 'dev' && 'dev' || github.ref_name == 'demo' && 'demo' || github.head_ref || 'default' }}
-          ${{ inputs.registry }}/${{ inputs.app_name}}:${{ steps.date.outputs.date }}_${{ github.run_number }}
+          ${{ inputs.new_registry }}/${{ inputs.app_name }}:${{ github.ref_name == 'main' && 'latest' || github.ref_name == 'dev' && 'dev' || github.ref_name == 'demo' && 'demo'|| github.ref_name == 'dependabotchanges' && 'dependabotchanges' || github.head_ref || 'default' }}
+          ${{ inputs.new_registry }}/${{ inputs.app_name }}:${{ steps.date.outputs.date }}_${{ github.run_number }}

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: CI
+name: Validate Deployment
 
 on:
   push:
@@ -7,7 +7,7 @@ on:
       - dev
       - demo
   schedule:
-    - cron: '0 6,18 * * *'  # Runs at 6:00 AM and 6:00 PM GMT
+    - cron: '0 8,20 * * *'  # Runs at 8:00 AM and 8:00 PM GMT
 
 permissions:
   contents: read
@@ -29,6 +29,53 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      # Run Quota Check Script
+      - name: Run Quota Check
+        id: quota-check
+        run: |
+          export AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}
+          export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
+          export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
+          export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+          export GPT_MIN_CAPACITY="30"
+          export TEXT_EMBEDDING_MIN_CAPACITY="30"
+          export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}"
+
+          chmod +x scripts/checkquota.sh
+          if ! scripts/checkquota.sh; then
+            # If quota check fails due to insufficient quota, set the flag
+            if grep -q "No region with sufficient quota found" scripts/checkquota.sh; then
+              echo "QUOTA_FAILED=true" >> $GITHUB_ENV
+            fi
+            exit 1  # Fail the pipeline if any other failure occurs
+          fi
+
+      - name: Send Notification on Quota Failure
+        if: env.QUOTA_FAILED == 'true'
+        run: |
+          RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          EMAIL_BODY=$(cat <<EOF
+          {
+            "body": "<p>Dear Team,</p><p>The quota check has failed, and the pipeline cannot proceed.</p><p><strong>Build URL:</strong> ${RUN_URL}</p><p>Please take necessary action.</p><p>Best regards,<br>Your Automation Team</p>"
+          }
+          EOF
+          )
+
+          curl -X POST "${{ secrets.LOGIC_APP_URL }}" \
+            -H "Content-Type: application/json" \
+            -d "$EMAIL_BODY" || echo "Failed to send notification"
+
+      - name: Fail Pipeline if Quota Check Fails
+        if: env.QUOTA_FAILED == 'true'
+        run: exit 1
+
+        # The pipeline stops here if quota check fails!
+
+      - name: Set Deployment Region
+        run: |
+          echo "Selected Region: $VALID_REGION"
+          echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -51,7 +98,7 @@ jobs:
         uses: devcontainers/[email protected]
         env:
           AZURE_ENV_NAME: ${{ github.run_id }}
-          AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+          AZURE_LOCATION: ${{ env.AZURE_LOCATION }}
         with:
           imageName: ghcr.io/azure-samples/chat-with-your-data-solution-accelerator
           cacheFrom: ghcr.io/azure-samples/chat-with-your-data-solution-accelerator
@@ -83,7 +130,7 @@ jobs:
             AZURE_SUBSCRIPTION_ID
             AZURE_ENV_NAME
             AZURE_LOCATION
-            
+
       - name: Send Notification on Failure
         if: failure()
         run: |

.github/workflows/create-release.yml

@@ -8,7 +8,7 @@ permissions:
   contents: write
   pull-requests: write
 
-name: create-release
+name: Create-Release
 
 jobs:
   create-release:

.github/workflows/pr-title-checker.yml

@@ -1,4 +1,4 @@
-name: "pr-title-checker"
+name: "PR Title Checker"
 
 on:
   pull_request_target:

.github/workflows/stale-bot.yml

@@ -1,19 +1,82 @@
-name: 'Close stale issues and PRs'
+name: "Manage Stale Issues, PRs & Unmerged Branches"
 on:
   schedule:
-    - cron: '30 1 * * *'
-
+    - cron: '30 1 * * *'  # Runs daily at 1:30 AM UTC
+  workflow_dispatch:  # Allows manual triggering
 permissions:
   contents: write
   issues: write
   pull-requests: write
-
 jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - name: Mark Stale Issues and PRs
+        uses: actions/stale@v9
         with:
-          stale-issue-message: 'This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 30 days.'
+          stale-issue-message: "This issue is stale because it has been open 180 days with no activity. Remove stale label or comment, or it will be closed in 30 days."
+          stale-pr-message: "This PR is stale because it has been open 180 days with no activity. Please update or it will be closed in 30 days."
           days-before-stale: 180
           days-before-close: 30
+          exempt-issue-labels: "keep"
+          exempt-pr-labels: "keep"
+  cleanup-branches:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetch full history for accurate branch checks
+      - name: Fetch All Branches
+        run: git fetch --all --prune
+      - name: List Merged Branches With No Activity in Last 3 Months
+        run: |
+          
+          echo "Branch Name,Last Commit Date,Committer,Committed In Branch,Action" > merged_branches_report.csv
+          
+          for branch in $(git for-each-ref --format '%(refname:short) %(committerdate:unix)' refs/remotes/origin | awk -v date=$(date -d '3 months ago' +%s) '$2 < date {print $1}'); do
+            if [[ "$branch" != "origin/main" && "$branch" != "origin/dev" ]]; then
+              branch_name=${branch#origin/}
+              # Ensure the branch exists locally before getting last commit date
+              git fetch origin "$branch_name" || echo "Could not fetch branch: $branch_name"
+              last_commit_date=$(git log -1 --format=%ci "origin/$branch_name" || echo "Unknown")
+              committer_name=$(git log -1 --format=%cn "origin/$branch_name" || echo "Unknown")
+              committed_in_branch=$(git branch -r --contains "origin/$branch_name" | tr -d ' ' | paste -sd "," -)
+              echo "$branch_name,$last_commit_date,$committer_name,$committed_in_branch,Delete" >> merged_branches_report.csv
+            fi
+          done
+      - name: List PR Approved and Merged Branches Older Than 30 Days
+        run: |
+          
+          for branch in $(gh api repos/${{ github.repository }}/pulls --jq '.[] | select(.merged_at != null and (.base.ref == "main" or .base.ref == "dev")) | select(.merged_at | fromdateiso8601 < (now - 2592000)) | .head.ref'); do
+            # Ensure the branch exists locally before getting last commit date
+            git fetch origin "$branch" || echo "Could not fetch branch: $branch"
+            last_commit_date=$(git log -1 --format=%ci origin/$branch || echo "Unknown")
+            committer_name=$(git log -1 --format=%cn origin/$branch || echo "Unknown")
+            committed_in_branch=$(git branch -r --contains "origin/$branch" | tr -d ' ' | paste -sd "," -)
+            echo "$branch,$last_commit_date,$committer_name,$committed_in_branch,Delete" >> merged_branches_report.csv
+          done
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: List Open PR Branches With No Activity in Last 3 Months
+        run: |
+          
+          for branch in $(gh api repos/${{ github.repository }}/pulls --state open --jq '.[] | select(.base.ref == "main" or .base.ref == "dev") | .head.ref'); do
+            # Ensure the branch exists locally before getting last commit date
+            git fetch origin "$branch" || echo "Could not fetch branch: $branch"
+            last_commit_date=$(git log -1 --format=%ci origin/$branch || echo "Unknown")
+            committer_name=$(git log -1 --format=%cn origin/$branch || echo "Unknown")
+            if [[ $(date -d "$last_commit_date" +%s) -lt $(date -d '3 months ago' +%s) ]]; then
+              # If no commit in the last 3 months, mark for deletion
+              committed_in_branch=$(git branch -r --contains "origin/$branch" | tr -d ' ' | paste -sd "," -)
+              echo "$branch,$last_commit_date,$committer_name,$committed_in_branch,Delete" >> merged_branches_report.csv
+            fi
+          done
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload CSV Report of Inactive Branches
+        uses: actions/upload-artifact@v4
+        with:
+          name: merged-branches-report
+          path: merged_branches_report.csv
+          retention-days: 30

.github/workflows/tests.yml

@@ -1,4 +1,4 @@
-name: Tests
+name: Test Workflow with Coverage
 
 on:
   push: