Merge branch 'psl-standardize-bicep-params' of https://github.com/microsoft/Build-your-own-copilot-Solution-Accelerator into psl-standardize-bicep-params

Author: VishalS-Microsoft

.github/dependabot.yml

@@ -1,4 +1,5 @@
 version: 2
+
 updates:
   # 1. React (JavaScript/TypeScript) dependencies
   - package-ecosystem: "npm"
@@ -8,32 +9,50 @@ updates:
     commit-message:
       prefix: "build"
     target-branch: "dependabotchanges"
-    open-pull-requests-limit: 100
+    open-pull-requests-limit: 10
+    groups:
+      frontend-deps:
+        patterns:
+          - "*"
 
-  # 2. Python dependencies
+  # 2. Python dependencies – App
   - package-ecosystem: "pip"
     directory: "/src/App"
     schedule:
       interval: "monthly"
     commit-message:
       prefix: "build"
     target-branch: "dependabotchanges"
-    open-pull-requests-limit: 100
-
+    open-pull-requests-limit: 10
+    groups:
+      backend-deps:
+        patterns:
+          - "*"
+          
+  # 3. Python dependencies – Fabric Scripts
   - package-ecosystem: "pip"
     directory: "/src/infra/scripts/fabric_scripts"
     schedule:
       interval: "monthly"
     commit-message:
       prefix: "build"
     target-branch: "dependabotchanges"
-    open-pull-requests-limit: 100
+    open-pull-requests-limit: 10
+    groups:
+      backend-deps:
+        patterns:
+          - "*"
 
+  # 4. Python dependencies – Index Scripts
   - package-ecosystem: "pip"
     directory: "/src/infra/scripts/index_scripts"
     schedule:
       interval: "monthly"
     commit-message:
       prefix: "build"
     target-branch: "dependabotchanges"
-    open-pull-requests-limit: 100
+    open-pull-requests-limit: 10
+    groups:
+      backend-deps:
+        patterns:
+          - "*"

.github/workflows/scheduled-Dependabot-PRs-Auto-Merge.yml

@@ -0,0 +1,152 @@
+# ------------------------------------------------------------------------------
+# Scheduled Dependabot PRs Auto-Merge Workflow
+#
+# Purpose:
+#   - Automatically detect, rebase (if needed), and merge Dependabot PRs targeting
+#     the `dependabotchanges` branch, supporting different merge strategies.
+#
+# Features:
+#   ✅ Filters PRs authored by Dependabot and targets the specific base branch
+#   ✅ Rebases PRs with conflicts and auto-resolves using "prefer-theirs" strategy
+#   ✅ Attempts all three merge strategies: merge, squash, rebase (first success wins)
+#   ✅ Handles errors gracefully, logs clearly
+#
+# Triggers:
+#   - Scheduled daily run (midnight UTC)
+#   - Manual trigger (via GitHub UI)
+#
+# Required Permissions:
+#   - contents: write
+#   - pull-requests: write
+# ------------------------------------------------------------------------------
+
+name: Scheduled Dependabot PRs Auto-Merge
+
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Runs once a day at midnight UTC
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  merge-dependabot:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install GitHub CLI
+        run: |
+          sudo apt update
+          sudo apt install -y gh
+      - name: Fetch & Filter Dependabot PRs
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "🔍 Fetching all Dependabot PRs targeting 'dependabotchanges'..."
+          > matched_prs.txt
+          pr_batch=$(gh pr list --state open --json number,title,author,baseRefName,url \
+            --jq '.[] | "\(.number)|\(.title)|\(.author.login)|\(.baseRefName)|\(.url)"')
+          while IFS='|' read -r number title author base url; do
+            author=$(echo "$author" | xargs)
+            base=$(echo "$base" | xargs)
+            if [[ "$author" == "app/dependabot" && "$base" == "dependabotchanges" ]]; then
+              echo "$url" >> matched_prs.txt
+              echo "✅ Matched PR #$number - $title"
+            else
+              echo "❌ Skipped PR #$number - $title (Author: $author, Base: $base)"
+            fi
+          done <<< "$pr_batch"
+          echo "👉 Matched PRs:"
+          cat matched_prs.txt || echo "None"
+      - name: Rebase PR if Conflicts Exist
+        if: success()
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [[ ! -s matched_prs.txt ]]; then
+            echo "⚠️ No matching PRs to process."
+            exit 0
+          fi
+          while IFS= read -r pr_url; do
+            pr_number=$(basename "$pr_url")
+            echo "🔁 Checking PR #$pr_number for conflicts..."
+            mergeable=$(gh pr view "$pr_number" --json mergeable --jq '.mergeable')
+            if [[ "$mergeable" == "CONFLICTING" ]]; then
+              echo "⚠️ Merge conflicts detected. Performing manual rebase for PR #$pr_number..."
+              head_branch=$(gh pr view "$pr_number" --json headRefName --jq '.headRefName')
+              base_branch=$(gh pr view "$pr_number" --json baseRefName --jq '.baseRefName')
+              git fetch origin "$base_branch":"$base_branch"
+              git fetch origin "$head_branch":"$head_branch"
+              git checkout "$head_branch"
+              git config user.name "github-actions"
+              git config user.email "[email protected]"
+              # Attempt rebase with 'theirs' strategy
+              if git rebase --strategy=recursive -X theirs "$base_branch"; then
+                echo "✅ Rebase successful. Pushing..."
+                git push origin "$head_branch" --force
+              else
+                echo "❌ Rebase failed. Aborting..."
+                git rebase --abort || true
+              fi
+            else
+              echo "✅ PR #$pr_number is mergeable. Skipping rebase."
+            fi
+          done < matched_prs.txt
+          
+      - name: Auto-Merge PRs using available strategy
+        if: success()
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [[ ! -s matched_prs.txt ]]; then
+            echo "⚠️ No matching PRs to process."
+            exit 0
+          fi
+          while IFS= read -r pr_url; do
+            pr_number=$(basename "$pr_url")
+            echo "🔍 Checking mergeability for PR #$pr_number"
+            attempt=0
+            max_attempts=8
+            mergeable=""
+            sleep 5  # Let GitHub calculate mergeable status
+            while [[ $attempt -lt $max_attempts ]]; do
+              mergeable=$(gh pr view "$pr_number" --json mergeable --jq '.mergeable' 2>/dev/null || echo "UNKNOWN")
+              echo "🔁 Attempt $((attempt+1))/$max_attempts: mergeable=$mergeable"
+              if [[ "$mergeable" == "MERGEABLE" ]]; then
+                success=0
+                for strategy in rebase squash merge; do
+                  echo "🚀 Trying to auto-merge PR #$pr_number using '$strategy' strategy..."
+                  set -x
+                  merge_output=$(gh pr merge --auto --"$strategy" "$pr_url" 2>&1)
+                  merge_status=$?
+                  set +x
+                  echo "$merge_output"
+                  if [[ $merge_status -eq 0 ]]; then
+                    echo "✅ Auto-merge succeeded using '$strategy'."
+                    success=1
+                    break
+                  else
+                    echo "❌ Auto-merge failed using '$strategy'. Trying next strategy..."
+                  fi
+                done
+                if [[ $success -eq 0 ]]; then
+                  echo "❌ All merge strategies failed for PR #$pr_number"
+                fi
+                break
+              elif [[ "$mergeable" == "CONFLICTING" ]]; then
+                echo "❌ Cannot merge due to conflicts. Skipping PR #$pr_number"
+                break
+              else
+                echo "🕒 Waiting for GitHub to determine mergeable status..."
+                sleep 15
+              fi
+              ((attempt++))
+            done
+            if [[ "$mergeable" != "MERGEABLE" && "$mergeable" != "CONFLICTING" ]]; then
+              echo "❌ Mergeability undetermined after $max_attempts attempts. Skipping PR #$pr_number"
+            fi
+          done < matched_prs.txt || echo "⚠️ Completed loop with some errors, but continuing gracefully."

README.md

@@ -6,7 +6,7 @@ This solution accelerator is a powerful tool that helps you create your own copi
 
 <div align="center">
 
-[**SOLUTION OVERVIEW**](#solution-overview)  \| [**QUICK DEPLOY**](#quick-deploy)  \| [**BUSINESS USE CASE**](#business-use-case)  \| [**SUPPORTING DOCUMENTATION**](#supporting-documentation)
+[**SOLUTION OVERVIEW**](#solution-overview)  \| [**QUICK DEPLOY**](#quick-deploy)  \| [**BUSINESS SCENARIO**](#business-scenario)  \| [**SUPPORTING DOCUMENTATION**](#supporting-documentation)
 
 </div>
 <br/>
@@ -49,7 +49,7 @@ Leverages Azure OpenAI Service and Azure AI Search, this solution streamlines da
   Azure OpenAI Service helps to summarize the conversations and actions for the next meeting.​
 
   - **Chat with data** <br/>
-  Azure OpenAI Service helpsenable chat with structured and unstructured data using Semantic Kernel autonomous function calling.​
+  Azure OpenAI Service helps enable chat with structured and unstructured data using Semantic Kernel autonomous function calling.​
 
 </details>
 
@@ -117,7 +117,7 @@ either by deleting the resource group in the Portal or running `azd down`.
 
 <br /><br />
 <h2><img src="./docs/images/readme/business-scenario.png" width="48" />
-Business Use Case
+Business Scenario
 </h2>
 
 

docs/AppAuthentication.md

@@ -1,4 +1,4 @@
-# Set up Authentication in Azure Container App
+# Set Up Authentication in Azure App Service
 
 This document provides step-by-step instructions to configure Azure App Registrations for a front-end application.
 
@@ -7,22 +7,27 @@ This document provides step-by-step instructions to configure Azure App Registra
 - Access to **Microsoft Entra ID**
 - Necessary permissions to create and manage **App Registrations**
 
-## Add Authentication in Azure App Service configuration
+## Step 1: Add Authentication in Azure App Service configuration
 
 1. Click on `Authentication` from left menu.
 
   ![Authentication](images/AppAuthentication.png)
 
-1. Click on `+ Add identity provider` to see a list of identity providers.
+2. Click on `+ Add identity provider` to see a list of identity providers.
 
   ![Authentication Identity](images/AppAuthenticationIdentityNew.png)
 
-1. Click on `+ Add Provider` to see a list of identity providers.
+3. Click on `Identity Provider` dropdown to see a list of identity providers.
 
   ![Add Provider](images/AppAuthIdentityProvider.png)
 
-1. Select the first option `Microsoft Entra Id` from the drop-down list.
+4. Select the first option `Microsoft Entra Id` from the drop-down list and select `client secret expiration` under App registration.
+> NOTE: If `Create new app registration` is disabled, then go to [Create new app registration](/docs/create_new_app_registration.md) and come back to this step to complete the app authentication.
+
  ![Add Provider](images/AppAuthIdentityProviderAdd.png)
 
-1. Accept the default values and click on `Add` button to go back to the previous page with the identify provider added.
-  ![Authentication Identity](images/AppAuthenticationIdentity.png)
+5. Accept the default values and click on `Add` button to go back to the previous page with the identify provider added.
+
+  ![Authentication Identity](images/AppAuthenticationIdentity.png)
+
+6. You have successfully added app authentication, and now required to log in to access the application.

docs/AzureSemanticSearchRegion.md

@@ -2,6 +2,6 @@
 
 Steps to Check Semantic Search Availability
 1. Open the [Semantic Search Availability](https://learn.microsoft.com/en-us/azure/search/search-region-support) page.
-2. Scroll down to the **"Availability by Region"** section.
-3. Use the table to find supported regions for **Azure AI Search** and its **Semantic Search** feature.
-4. If your target region is not listed, choose a supported region for deployment.
+2. Scroll down to the **"Azure public region"** section.
+3. Use the table to find supported regions for **Azure AI Search** and its **Semantic ranker** feature.
+4. If your target region is not listed, choose a supported region for deployment.

docs/CustomizingAzdParameters.md

@@ -27,6 +27,7 @@ To customize any of the above values, run the following command **before** `azd
 
 ```bash
 azd env set <PARAMETER_NAME> <VALUE>
+
 ```
 
 **Example:**

docs/DeploymentGuide.md

@@ -215,7 +215,7 @@ This will rebuild the source code, package it into a container, and push it to t
     ```
 
 2. **Add Authentication Provider**  
-    - Follow steps in [App Authentication](./AppAuthentication.md) to configure authenitcation in app service. Note that Authentication changes can take up to 10 minutes. 
+    - Follow steps in [App Authentication](./AppAuthentication.md) to configure authentication in app service. Note that Authentication changes can take up to 10 minutes. 
 
 3. **Deleting Resources After a Failed Deployment**  
 

docs/ManualAppRegistrationConfiguration.md

@@ -23,7 +23,7 @@ This guide provides detailed steps to manually register both front-end and backe
   - Copy the Default domain url from the Overview .
 
 - Click **Register**  
-  ![ManualRegisterAppWeb1](./Images/ManualRegisterAppWeb1.png)
+  ![ManualRegisterAppWeb1](./images/ManualRegisterAppWeb1.png)
 
 
 
@@ -36,13 +36,13 @@ This guide provides detailed steps to manually register both front-end and backe
 - Start (Optional for custom range): Set the starting date of the secret's validity
 - End (Optional for custom range): Set the ending date of the secret's validity
 - Click **Add** and remember to copy and store the secret value securely as it will not be shown again
-![ManualRegisterAppWeb3](./Images/ManualRegisterAppWeb3.png)
+![ManualRegisterAppWeb3](./images/ManualRegisterAppWeb3.png)
 
 ### 3. Get Tenant ID
 - Go to **Tenant Properties** in [Azure Portal](https://portal.azure.com)
 - Copy the Tenant ID (will be used in next step)
 
-![ManualRegisterAppWeb6](./Images/ManualRegisterAppWeb6.png)
+![ManualRegisterAppWeb6](./images/ManualRegisterAppWeb6.png)
 
 ### 4. Set Up Authentication in Web Container App
 
@@ -57,10 +57,10 @@ This guide provides detailed steps to manually register both front-end and backe
   - **Allowed Token Audiences**: Usually the Application ID URI or Client ID
 - Click **Add**  
 
-![ManualRegisterAppWeb4](./Images/ManualRegisterAppWeb4.png)
+![ManualRegisterAppWeb4](./images/ManualRegisterAppWeb4.png)
 
 ---
 
 ## Conclusion
 
-You have now manually configured Azure App Registrations.
+You have now manually configured Azure App Registrations.

docs/create_new_app_registration.md

@@ -0,0 +1,35 @@
+# Creating a new App Registration
+
+1. Click on `Home` and select `Microsoft Entra ID`.
+
+![Microsoft Entra ID](images/MicrosoftEntraID.png)
+
+2. Click on `App registrations`.
+
+![App registrations](images/Appregistrations.png)
+
+3. Click on `+ New registration`.
+
+![New Registrations](images/NewRegistration.png)
+
+4. Provide the `Name`, select supported account types as `Accounts in this organizational directory only(Contoso only - Single tenant)`, select platform as `Web`, enter/select the `URL` and register.
+
+![Add Details](images/AddDetails.png)
+
+5. After application is created successfully, then click on `Add a Redirect URL`.
+
+![Redirect URL](images/AddRedirectURL.png)
+
+6. Click on `+ Add a platform`.
+
+![+ Add platform](images/AddPlatform.png)
+
+7. Click on `Web`.
+
+![Web](images/Web.png)
+
+8. Enter the `web app URL` (Provide the app service name in place of XXXX) and Save. Then go back to [Set Up Authentication in Azure App Service](/docs/AppAuthentication) Step 1 page and follow from _Point 4_ choose `Pick an existing app registration in this directory` from the Add an Identity Provider page and provide the newly registered App Name.
+
+E.g. <<https://<< appservicename >>.azurewebsites.net/.auth/login/aad/callback>>
+
+![Add Details](images/WebAppURL.png)