feat: waf changes

[Pavan-Microsoft]

Purpose

This pull request introduces several improvements to Azure authentication and resource management, primarily focusing on using managed identities for service credentials, automating resource group handling in CI workflows, and enhancing security and maintainability for cloud deployments. The most significant changes are grouped below.

Azure Authentication & Managed Identity Integration:

• Updated all service clients (CosmosDB, Blob Storage, Computer Vision, Form Recognizer, PostgreSQL, and Azure Search) to consistently use managed identity credentials by passing MANAGED_IDENTITY_CLIENT_ID to the get_azure_credential function, improving security and standardizing authentication across the codebase. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

CI/CD Workflow Enhancements:

• Automated resource group creation in the GitHub Actions CI workflow by generating unique names and checking for existence before creation, ensuring isolated and repeatable deployments.
• Added steps to install Azure Developer CLI (azd) and set new environment variables (AZURE_PRINCIPAL_ID, AZURE_PRINCIPAL_NAME, AZURE_PRINCIPAL_TYPE, AZURE_RESOURCE_GROUP, and AZURE_ENV_NAME), supporting improved deployment automation and parameterization. [1] [2] [3] [4]

PostgreSQL Access Security:

• Migrated PostgreSQL authentication in CI from hardcoded credentials to Azure AD tokens using the service principal, and updated the connection logic to use secure credentials and token acquisition via azure-identity. [1] [2] [3]

Docker Image Tagging & Caching:

• Changed Docker image tags and cache references for the main branch from latest to latest_waf in build and CI workflows, supporting clearer versioning and cache management for WAF-enabled images. (.devcontainer/Dockerfile [1] .github/workflows/build-docker.yml [2] .github/workflows/ci.yml [3]

Deployment & Miscellaneous Improvements:

• Improved the Makefile deploy target to validate required environment variables before running Azure deployment commands, reducing the risk of misconfiguration.
• Updated installation logic for required tools in the dependabot workflow to use direct apt-get commands for reliability.
• Minor configuration and sample file updates for backend batch and local settings. [1] [2] [3] [4]

These changes collectively improve the security, reliability, and maintainability of Azure resource provisioning and authentication in both the application code and CI/CD pipelines.