Merge pull request #258 from microsoft/task/ci-pipeline-quota-check-kmg-ckmv2

Roopan-Microsoft · web-flow · commit b825cc301169 · 2025-02-25T16:23:25.000+05:30
ci: implement quota check in CI Pipeline to ensure resource availability in supported region
diff --git a/.github/workflows/bicep_deploy.yml b/.github/workflows/bicep_deploy.yml
@@ -12,6 +12,49 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@v3
 
+      - name: Run Quota Check
+        id: quota-check
+        run: |
+          export AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}
+          export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
+          export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
+          export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+          export GPT_MIN_CAPACITY="130"
+          export TEXT_EMBEDDING_MIN_CAPACITY="30"
+
+          chmod +x infra/scripts/checkquota_ckmv2.sh
+          if ! infra/scripts/checkquota_ckmv2.sh; then
+            # If quota check fails due to insufficient quota, set the flag
+            if grep -q "No region with sufficient quota found" infra/scripts/checkquota_ckmv2.sh; then
+              echo "QUOTA_FAILED=true" >> $GITHUB_ENV
+            fi
+            exit 1  # Fail the pipeline if any other failure occurs
+          fi
+
+      - name: Send Notification on Quota Failure
+        if: env.QUOTA_FAILED == 'true'
+        run: |
+          RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          EMAIL_BODY=$(cat <<EOF
+          {
+            "body": "<p>Dear Team,</p><p>The quota check has failed, and the pipeline cannot proceed.</p><p><strong>Build URL:</strong> ${RUN_URL}</p><p>Please take necessary action.</p><p>Best regards,<br>Your Automation Team</p>"
+          }
+          EOF
+          )
+
+          curl -X POST "${{ secrets.LOGIC_APP_URL }}" \
+            -H "Content-Type: application/json" \
+            -d "$EMAIL_BODY" || echo "Failed to send notification"
+
+      - name: Fail Pipeline if Quota Check Fails
+        if: env.QUOTA_FAILED == 'true'
+        run: exit 1
+
+      - name: Set Deployment Region
+        run: |
+          echo "Selected Region: $VALID_REGION"
+          echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV  
+
       - name: Setup Azure CLI
         run: |
           curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
@@ -36,7 +79,7 @@ jobs:
 
       - name: Create Resource Group
         run: |
-          az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location eastus
+          az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location ${{ env.AZURE_LOCATION }}
 
       - name: Generate Unique Solution Prefix
         id: generate_solution_prefix
@@ -56,7 +99,7 @@ jobs:
           az deployment group create \
             --resource-group ${{ env.RESOURCE_GROUP_NAME }} \
             --template-file infra/main.bicep \
-            --parameters solutionPrefix=${{ env.SOLUTION_PREFIX }} location=eastus
+            --parameters solutionPrefix=${{ env.SOLUTION_PREFIX }} location=${{ env.AZURE_LOCATION }}
 
       - name: Delete Bicep Deployment
         if: success()
diff --git a/.github/workflows/deploy-KMGeneric.yml b/.github/workflows/deploy-KMGeneric.yml
@@ -19,6 +19,49 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@v3
 
+      - name: Run Quota Check
+        id: quota-check
+        run: |
+          export AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}
+          export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}
+          export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
+          export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+          export GPT_MIN_CAPACITY="130"
+          export TEXT_EMBEDDING_MIN_CAPACITY="30"
+
+          chmod +x infra/scripts/checkquota_km.sh
+          if ! infra/scripts/checkquota_km.sh; then
+            # If quota check fails due to insufficient quota, set the flag
+            if grep -q "No region with sufficient quota found" infra/scripts/checkquota_km.sh; then
+              echo "QUOTA_FAILED=true" >> $GITHUB_ENV
+            fi
+            exit 1  # Fail the pipeline if any other failure occurs
+          fi
+
+      - name: Send Notification on Quota Failure
+        if: env.QUOTA_FAILED == 'true'
+        run: |
+          RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          EMAIL_BODY=$(cat <<EOF
+          {
+            "body": "<p>Dear Team,</p><p>The quota check has failed, and the pipeline cannot proceed.</p><p><strong>Build URL:</strong> ${RUN_URL}</p><p>Please take necessary action.</p><p>Best regards,<br>Your Automation Team</p>"
+          }
+          EOF
+          )
+
+          curl -X POST "${{ secrets.LOGIC_APP_URL }}" \
+            -H "Content-Type: application/json" \
+            -d "$EMAIL_BODY" || echo "Failed to send notification"
+
+      - name: Fail Pipeline if Quota Check Fails
+        if: env.QUOTA_FAILED == 'true'
+        run: exit 1
+
+      - name: Set Deployment Region
+        run: |
+          echo "Selected Region: $VALID_REGION"
+          echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV 
+
       - name: Setup Azure CLI
         run: |
           curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
@@ -43,7 +86,7 @@ jobs:
 
       - name: Create Resource Group
         run: |
-          az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location eastus2
+          az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location ${{ env.AZURE_LOCATION }}
 
       - name: Generate Unique Solution Prefix
         id: generate_solution_prefix
@@ -68,7 +111,7 @@ jobs:
           az deployment group create \
             --resource-group ${{ env.RESOURCE_GROUP_NAME }} \
             --template-file infra/main.bicep \
-            --parameters environmentName=${{env.SOLUTION_PREFIX}} contentUnderstandingLocation="West US" secondaryLocation="eastus2" imageTag=${{ steps.determine_tag.outputs.tagname }}
+            --parameters environmentName=${{env.SOLUTION_PREFIX}} contentUnderstandingLocation="West US" secondaryLocation="${{ env.AZURE_LOCATION }}" imageTag=${{ steps.determine_tag.outputs.tagname }}
      
             
       - name: Extract AI Services and Key Vault Names
diff --git a/infra/scripts/checkquota_ckmv2.sh b/infra/scripts/checkquota_ckmv2.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+# List of Azure regions to check for quota (update as needed)
+REGIONS=("eastus" "eastus2" "northcentralus")
+
+SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}"
+GPT_MIN_CAPACITY="${GPT_MIN_CAPACITY}"
+TEXT_EMBEDDING_MIN_CAPACITY="${TEXT_EMBEDDING_MIN_CAPACITY}"
+AZURE_CLIENT_ID="${AZURE_CLIENT_ID}"
+AZURE_TENANT_ID="${AZURE_TENANT_ID}"
+AZURE_CLIENT_SECRET="${AZURE_CLIENT_SECRET}"
+
+# Authenticate using Managed Identity
+echo "Authentication using Managed Identity..."
+if ! az login --service-principal -u "$AZURE_CLIENT_ID" -p "$AZURE_CLIENT_SECRET" --tenant "$AZURE_TENANT_ID"; then
+   echo "❌ Error: Failed to login using Managed Identity."
+   exit 1
+fi
+
+echo "🔄 Validating required environment variables..."
+if [[ -z "$SUBSCRIPTION_ID" || -z "$GPT_MIN_CAPACITY" || -z "$TEXT_EMBEDDING_MIN_CAPACITY" ]]; then
+    echo "❌ ERROR: Missing required environment variables."
+    exit 1
+fi
+
+echo "🔄 Setting Azure subscription..."
+if ! az account set --subscription "$SUBSCRIPTION_ID"; then
+    echo "❌ ERROR: Invalid subscription ID or insufficient permissions."
+    exit 1
+fi
+echo "✅ Azure subscription set successfully."
+
+# Define models and their minimum required capacities
+declare -A MIN_CAPACITY=(
+    ["OpenAI.Standard.gpt-4"]=$GPT_MIN_CAPACITY #for ckmv2
+)
+
+VALID_REGION=""
+for REGION in "${REGIONS[@]}"; do
+    echo "----------------------------------------"
+    echo "🔍 Checking region: $REGION"
+
+    QUOTA_INFO=$(az cognitiveservices usage list --location "$REGION" --output json)
+    if [ -z "$QUOTA_INFO" ]; then
+        echo "⚠️ WARNING: Failed to retrieve quota for region $REGION. Skipping."
+        continue
+    fi
+
+    INSUFFICIENT_QUOTA=false
+    for MODEL in "${!MIN_CAPACITY[@]}"; do
+        MODEL_INFO=$(echo "$QUOTA_INFO" | awk -v model="\"value\": \"$MODEL\"" '
+            BEGIN { RS="},"; FS="," }
+            $0 ~ model { print $0 }
+        ')
+
+        if [ -z "$MODEL_INFO" ]; then
+            echo "⚠️ WARNING: No quota information found for model: $MODEL in $REGION. Skipping."
+            continue
+        fi
+
+        CURRENT_VALUE=$(echo "$MODEL_INFO" | awk -F': ' '/"currentValue"/ {print $2}' | tr -d ',' | tr -d ' ')
+        LIMIT=$(echo "$MODEL_INFO" | awk -F': ' '/"limit"/ {print $2}' | tr -d ',' | tr -d ' ')
+
+        CURRENT_VALUE=${CURRENT_VALUE:-0}
+        LIMIT=${LIMIT:-0}
+
+        CURRENT_VALUE=$(echo "$CURRENT_VALUE" | cut -d'.' -f1)
+        LIMIT=$(echo "$LIMIT" | cut -d'.' -f1)
+
+        AVAILABLE=$((LIMIT - CURRENT_VALUE))
+
+        echo "✅ Model: $MODEL | Used: $CURRENT_VALUE | Limit: $LIMIT | Available: $AVAILABLE"
+
+        if [ "$AVAILABLE" -lt "${MIN_CAPACITY[$MODEL]}" ]; then
+            echo "❌ ERROR: $MODEL in $REGION has insufficient quota."
+            INSUFFICIENT_QUOTA=true
+            break
+        fi
+    done
+
+    if [ "$INSUFFICIENT_QUOTA" = false ]; then
+        VALID_REGION="$REGION"
+        break
+    fi
+
+done
+
+if [ -z "$VALID_REGION" ]; then
+    echo "❌ No region with sufficient quota found. Blocking deployment."
+    echo "QUOTA_FAILED=true" >> "$GITHUB_ENV"
+    exit 0
+else
+    echo "✅ Final Region: $VALID_REGION"
+    echo "VALID_REGION=$VALID_REGION" >> "$GITHUB_ENV"
+    exit 0
+fi
diff --git a/infra/scripts/checkquota_km.sh b/infra/scripts/checkquota_km.sh
@@ -0,0 +1,97 @@
+#!/bin/bash
+
+# List of Azure regions to check for quota (update as needed)
+REGIONS=("eastus" "eastus2")
+
+SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}"
+GPT_MIN_CAPACITY="${GPT_MIN_CAPACITY}"
+TEXT_EMBEDDING_MIN_CAPACITY="${TEXT_EMBEDDING_MIN_CAPACITY}"
+AZURE_CLIENT_ID="${AZURE_CLIENT_ID}"
+AZURE_TENANT_ID="${AZURE_TENANT_ID}"
+AZURE_CLIENT_SECRET="${AZURE_CLIENT_SECRET}"
+
+# Authenticate using Managed Identity
+echo "Authentication using Managed Identity..."
+if ! az login --service-principal -u "$AZURE_CLIENT_ID" -p "$AZURE_CLIENT_SECRET" --tenant "$AZURE_TENANT_ID"; then
+   echo "❌ Error: Failed to login using Managed Identity."
+   exit 1
+fi
+
+echo "🔄 Validating required environment variables..."
+if [[ -z "$SUBSCRIPTION_ID" || -z "$GPT_MIN_CAPACITY" || -z "$TEXT_EMBEDDING_MIN_CAPACITY" ]]; then
+    echo "❌ ERROR: Missing required environment variables."
+    exit 1
+fi
+
+echo "🔄 Setting Azure subscription..."
+if ! az account set --subscription "$SUBSCRIPTION_ID"; then
+    echo "❌ ERROR: Invalid subscription ID or insufficient permissions."
+    exit 1
+fi
+echo "✅ Azure subscription set successfully."
+
+# Define models and their minimum required capacities
+declare -A MIN_CAPACITY=(
+    ["OpenAI.Standard.gpt-4o-mini"]=$GPT_MIN_CAPACITY #km generic
+    ["OpenAI.Standard.text-embedding-ada-002"]=$TEXT_EMBEDDING_MIN_CAPACITY #km generic
+)
+
+VALID_REGION=""
+for REGION in "${REGIONS[@]}"; do
+    echo "----------------------------------------"
+    echo "🔍 Checking region: $REGION"
+
+    QUOTA_INFO=$(az cognitiveservices usage list --location "$REGION" --output json)
+    if [ -z "$QUOTA_INFO" ]; then
+        echo "⚠️ WARNING: Failed to retrieve quota for region $REGION. Skipping."
+        continue
+    fi
+
+    INSUFFICIENT_QUOTA=false
+    for MODEL in "${!MIN_CAPACITY[@]}"; do
+        MODEL_INFO=$(echo "$QUOTA_INFO" | awk -v model="\"value\": \"$MODEL\"" '
+            BEGIN { RS="},"; FS="," }
+            $0 ~ model { print $0 }
+        ')
+
+        if [ -z "$MODEL_INFO" ]; then
+            echo "⚠️ WARNING: No quota information found for model: $MODEL in $REGION. Skipping."
+            continue
+        fi
+
+        CURRENT_VALUE=$(echo "$MODEL_INFO" | awk -F': ' '/"currentValue"/ {print $2}' | tr -d ',' | tr -d ' ')
+        LIMIT=$(echo "$MODEL_INFO" | awk -F': ' '/"limit"/ {print $2}' | tr -d ',' | tr -d ' ')
+
+        CURRENT_VALUE=${CURRENT_VALUE:-0}
+        LIMIT=${LIMIT:-0}
+
+        CURRENT_VALUE=$(echo "$CURRENT_VALUE" | cut -d'.' -f1)
+        LIMIT=$(echo "$LIMIT" | cut -d'.' -f1)
+
+        AVAILABLE=$((LIMIT - CURRENT_VALUE))
+
+        echo "✅ Model: $MODEL | Used: $CURRENT_VALUE | Limit: $LIMIT | Available: $AVAILABLE"
+
+        if [ "$AVAILABLE" -lt "${MIN_CAPACITY[$MODEL]}" ]; then
+            echo "❌ ERROR: $MODEL in $REGION has insufficient quota."
+            INSUFFICIENT_QUOTA=true
+            break
+        fi
+    done
+
+    if [ "$INSUFFICIENT_QUOTA" = false ]; then
+        VALID_REGION="$REGION"
+        break
+    fi
+
+done
+
+if [ -z "$VALID_REGION" ]; then
+    echo "❌ No region with sufficient quota found. Blocking deployment."
+    echo "QUOTA_FAILED=true" >> "$GITHUB_ENV"
+    exit 0
+else
+    echo "✅ Final Region: $VALID_REGION"
+    echo "VALID_REGION=$VALID_REGION" >> "$GITHUB_ENV"
+    exit 0
+fi
