Enhance Deployment Pipeline

Author: AjitPadhi-Microsoft

.github/workflows/deploy-linux.yml

@@ -1,5 +1,9 @@
 name: Deploy-Test-Cleanup Linux
 on:
+  push:
+    branches:
+      - main
+      - dev
   workflow_dispatch:
     inputs:
       azure_location:
@@ -61,7 +65,7 @@ on:
         default: ''
         type: string
       existing_webapp_url:
-        description: 'Existing Container WebApp URL (Skips Deployment)'
+        description: 'Existing WebApp URL (Skips Deployment)'
         required: false
         default: ''
         type: string
@@ -74,7 +78,7 @@ jobs:
       azure_location: ${{ github.event.inputs.azure_location || 'australiaeast' }}
       resource_group_name: ${{ github.event.inputs.resource_group_name || '' }}
       waf_enabled: ${{ github.event.inputs.waf_enabled == 'true' }}
-      EXP: ${{ github.event.inputs.EXP == 'true' }}
+      exp: ${{ github.event.inputs.exp == 'true' }}
       build_docker_image: ${{ github.event.inputs.build_docker_image == 'true' }}
       cleanup_resources: ${{ github.event.inputs.cleanup_resources == 'true' }}
       run_e2e_tests: ${{ github.event.inputs.run_e2e_tests || 'GoldenPath-Testing' }}

.github/workflows/deploy-orchestrator.yml

@@ -1,4 +1,4 @@
-name: Deployment orchestrator v2
+name: Deployment orchestrator
 
 on:
   workflow_call:
@@ -53,42 +53,14 @@ on:
         default: ''
         type: string
       existing_webapp_url:
-        description: 'Existing Container WebApp URL (Skips Deployment)'
+        description: 'Existing WebApp URL (Skips Deployment)'
         required: false
         default: ''
         type: string
       trigger_type:
         description: 'Trigger type (workflow_dispatch, pull_request, schedule)'
         required: true
         type: string
-    secrets:
-      AZURE_CLIENT_ID:
-        required: true
-      AZURE_CLIENT_SECRET:
-        required: true
-      AZURE_TENANT_ID:
-        required: true
-      AZURE_SUBSCRIPTION_ID:
-        required: true
-      ACR_TEST_LOGIN_SERVER:
-        required: true
-      ACR_TEST_USERNAME:
-        required: true
-      ACR_TEST_PASSWORD:
-        required: true
-      AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID:
-        required: false
-      AZURE_ENV_FOUNDRY_PROJECT_ID:
-        required: false
-      EMAILNOTIFICATION_LOGICAPP_URL_TA:
-        required: false
-    outputs:
-      CONTAINER_WEB_APPURL:
-        description: "Container Web App URL"
-        value: ${{ jobs.deploy.outputs.CONTAINER_WEB_APPURL }}
-      RESOURCE_GROUP_NAME:
-        description: "Resource Group Name"
-        value: ${{ jobs.deploy.outputs.RESOURCE_GROUP_NAME }}
 
 env:
   AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }}
@@ -99,10 +71,7 @@ jobs:
     with:
       trigger_type: ${{ inputs.trigger_type }}
       build_docker_image: ${{ inputs.build_docker_image }}
-    secrets:
-      ACR_TEST_LOGIN_SERVER: ${{ secrets.ACR_TEST_LOGIN_SERVER }}
-      ACR_TEST_USERNAME: ${{ secrets.ACR_TEST_USERNAME }}
-      ACR_TEST_PASSWORD: ${{ secrets.ACR_TEST_PASSWORD }}
+    secrets: inherit
 
   deploy:
     if: always() && (inputs.trigger_type != 'workflow_dispatch' || inputs.existing_webapp_url == '' || inputs.existing_webapp_url == null)
@@ -114,28 +83,23 @@ jobs:
       azure_location: ${{ inputs.azure_location }}
       resource_group_name: ${{ inputs.resource_group_name }}
       waf_enabled: ${{ inputs.waf_enabled }}
-      EXP: ${{ inputs.exp }}
+      exp: ${{ inputs.exp }}
       build_docker_image: ${{ inputs.build_docker_image }}
       existing_webapp_url: ${{ inputs.existing_webapp_url }}
       azure_env_log_anlytics_workspace_id: ${{ inputs.azure_env_log_anlytics_workspace_id }}
       azure_existing_ai_project_resource_id: ${{ inputs.azure_existing_ai_project_resource_id }}
       docker_image_tag: ${{ needs.docker-build.outputs.IMAGE_TAG }}
-    secrets:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      ACR_TEST_LOGIN_SERVER: ${{ secrets.ACR_TEST_LOGIN_SERVER }}
-      AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.azure_env_log_anlytics_workspace_id }}
-      AZURE_ENV_FOUNDRY_PROJECT_ID: ${{ secrets.AZURE_ENV_FOUNDRY_PROJECT_ID }}
+      run_e2e_tests: ${{ inputs.run_e2e_tests }}
+      cleanup_resources: ${{ inputs.cleanup_resources }}
+    secrets: inherit
 
   e2e-test:
-    if: always() && ((needs.deploy.result == 'success' && needs.deploy.outputs.CONTAINER_WEB_APPURL != '') || (inputs.existing_webapp_url != '' && inputs.existing_webapp_url != null)) && (inputs.trigger_type != 'workflow_dispatch' || (inputs.run_e2e_tests != 'None' && inputs.run_e2e_tests != '' && inputs.run_e2e_tests != null))
+    if: always() && ((needs.deploy.result == 'success' && needs.deploy.outputs.WEB_APP_URL != '') || (inputs.existing_webapp_url != '' && inputs.existing_webapp_url != null)) && (inputs.trigger_type != 'workflow_dispatch' || (inputs.run_e2e_tests != 'None' && inputs.run_e2e_tests != '' && inputs.run_e2e_tests != null))
     needs: [docker-build, deploy]
     uses: ./.github/workflows/job-test-automation.yml
     with:
-      KMGENERIC_URL: ${{ needs.deploy.outputs.CONTAINER_WEB_APPURL || inputs.existing_webapp_url }}
-      KMGENERIC_URL_API: ${{ needs.deploy.outputs.CONTAINER_WEB_APPURL || inputs.existing_webapp_url }}
+      KMGENERIC_URL: ${{ needs.deploy.outputs.WEB_APP_URL || inputs.existing_webapp_url }}
+      KMGENERIC_URL_API: ${{ needs.deploy.outputs.API_APP_URL || inputs.existing_webapp_url }}
       TEST_SUITE: ${{ inputs.trigger_type == 'workflow_dispatch' && inputs.run_e2e_tests || 'GoldenPath-Testing' }}
     secrets: inherit
 
@@ -146,35 +110,30 @@ jobs:
     with:
       trigger_type: ${{ inputs.trigger_type }}
       waf_enabled: ${{ inputs.waf_enabled }}
-      EXP: ${{ inputs.exp }}
+      exp: ${{ inputs.exp }}
       run_e2e_tests: ${{ inputs.run_e2e_tests }}
       existing_webapp_url: ${{ inputs.existing_webapp_url }}
       deploy_result: ${{ needs.deploy.result }}
       e2e_test_result: ${{ needs.e2e-test.result }}
-      CONTAINER_WEB_APPURL: ${{ needs.deploy.outputs.CONTAINER_WEB_APPURL }}
-      RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
-      QUOTA_FAILED: ${{ needs.deploy.outputs.QUOTA_FAILED }}
-      TEST_SUCCESS: ${{ needs.e2e-test.outputs.TEST_SUCCESS }}
-      TEST_REPORT_URL: ${{ needs.e2e-test.outputs.TEST_REPORT_URL }}
-    secrets:
-      EMAILNOTIFICATION_LOGICAPP_URL_TA: ${{ secrets.EMAILNOTIFICATION_LOGICAPP_URL_TA }}
+      web_app_url: ${{ needs.deploy.outputs.WEB_APP_URL }}
+      resource_group_name: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
+      quota_failed: ${{ needs.deploy.outputs.QUOTA_FAILED }}
+      test_success: ${{ needs.e2e-test.outputs.TEST_SUCCESS }}
+      test_report_url: ${{ needs.e2e-test.outputs.TEST_REPORT_URL }}
+    secrets: inherit
 
   cleanup-deployment:
-    if: always() && needs.deploy.result == 'success' && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && inputs.existing_webapp_url == '' && (inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources == true || inputs.cleanup_resources == null)
+    if: always() && needs.deploy.result == 'success' && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && inputs.existing_webapp_url == '' && (inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources)
     needs: [docker-build, deploy, e2e-test]
     uses: ./.github/workflows/job-cleanup-resources.yml
     with:
       runner_os: ${{ inputs.runner_os }}
       trigger_type: ${{ inputs.trigger_type }}
       cleanup_resources: ${{ inputs.cleanup_resources }}
       existing_webapp_url: ${{ inputs.existing_webapp_url }}
-      RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
-      AZURE_LOCATION: ${{ needs.deploy.outputs.AZURE_LOCATION }}
-      AZURE_ENV_OPENAI_LOCATION: ${{ needs.deploy.outputs.AZURE_ENV_OPENAI_LOCATION }}
-      ENV_NAME: ${{ needs.deploy.outputs.ENV_NAME }}
-      IMAGE_TAG: ${{ needs.deploy.outputs.IMAGE_TAG }}
-    secrets:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      resource_group_name: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
+      azure_location: ${{ needs.deploy.outputs.AZURE_LOCATION }}
+      azure_env_openai_location: ${{ needs.deploy.outputs.AZURE_ENV_OPENAI_LOCATION }}
+      env_name: ${{ needs.deploy.outputs.ENV_NAME }}
+      image_tag: ${{ needs.deploy.outputs.IMAGE_TAG }}
+    secrets: inherit

.github/workflows/deploy-windows.yml

@@ -1,5 +1,9 @@
 name: Deploy-Test-Cleanup Windows
 on:
+  push:
+    branches:
+      - main
+      - dev
   workflow_dispatch:
     inputs:
       azure_location:
@@ -61,7 +65,7 @@ on:
         default: ''
         type: string
       existing_webapp_url:
-        description: 'Existing Container WebApp URL (Skips Deployment)'
+        description: 'Existing WebApp URL (Skips Deployment)'
         required: false
         default: ''
         type: string
@@ -74,7 +78,7 @@ jobs:
       azure_location: ${{ github.event.inputs.azure_location || 'australiaeast' }}
       resource_group_name: ${{ github.event.inputs.resource_group_name || '' }}
       waf_enabled: ${{ github.event.inputs.waf_enabled == 'true' }}
-      EXP: ${{ github.event.inputs.exp == 'true' }}
+      exp: ${{ github.event.inputs.exp == 'true' }}
       build_docker_image: ${{ github.event.inputs.build_docker_image == 'true' }}
       cleanup_resources: ${{ github.event.inputs.cleanup_resources == 'true' }}
       run_e2e_tests: ${{ github.event.inputs.run_e2e_tests || 'GoldenPath-Testing' }}

.github/workflows/job-azure-deploy.yml

@@ -1,4 +1,4 @@
-name: Deploy Job v2
+name: Deploy Job
 
 on:
   workflow_call:
@@ -47,7 +47,7 @@ on:
         default: 'GoldenPath-Testing'
         type: string
       existing_webapp_url:
-        description: 'Existing Container WebApp URL (Skips Deployment)'
+        description: 'Existing WebApp URL (Skips Deployment)'
         required: false
         default: ''
         type: string
@@ -66,34 +66,16 @@ on:
         required: false
         default: ''
         type: string
-    secrets:
-      AZURE_CLIENT_ID:
-        required: true
-      AZURE_CLIENT_SECRET:
-        required: true
-      AZURE_TENANT_ID:
-        required: true
-      AZURE_SUBSCRIPTION_ID:
-        required: true
-      ACR_TEST_LOGIN_SERVER:
-        required: true
-      AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID:
-        required: false
-      AZURE_ENV_FOUNDRY_PROJECT_ID:
-        required: false
     outputs:
-      invoice_schema_id:
-        description: "Invoice Schema ID"
-        value: ${{ jobs.deploy-linux.outputs.invoice_schema_id || jobs.deploy-windows.outputs.invoice_schema_id }}
-      propertydamageclaimform_schema_id:
-        description: "Property Damage Claim Form Schema ID"
-        value: ${{ jobs.deploy-linux.outputs.propertydamageclaimform_schema_id || jobs.deploy-windows.outputs.propertydamageclaimform_schema_id }}
       RESOURCE_GROUP_NAME:
         description: "Resource Group Name"
         value: ${{ jobs.azure-setup.outputs.RESOURCE_GROUP_NAME }}
-      CONTAINER_WEB_APPURL:
-        description: "Container Web App URL"
-        value: ${{ jobs.deploy-linux.outputs.CONTAINER_WEB_APPURL || jobs.deploy-windows.outputs.CONTAINER_WEB_APPURL }}
+      WEB_APP_URL:
+        description: "Web App URL"
+        value: ${{ jobs.deploy-linux.outputs.WEB_APP_URL || jobs.deploy-windows.outputs.WEB_APP_URL }}
+      API_APP_URL:
+        description: "API App URL"
+        value: ${{ jobs.deploy-linux.outputs.API_APP_URL || jobs.deploy-windows.outputs.API_APP_URL }}
       ENV_NAME:
         description: "Environment Name"
         value: ${{ jobs.azure-setup.outputs.ENV_NAME }}
@@ -112,10 +94,11 @@ on:
 
 env:
   GPT_MIN_CAPACITY: 100
+  TEXT_EMBEDDING_MIN_CAPACITY: 80
   BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
   WAF_ENABLED: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.waf_enabled || false) || false }}
   EXP: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.exp || false) || false }}
-  CLEANUP_RESOURCES: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.cleanup_resources || true) || true }}
+  CLEANUP_RESOURCES: ${{ inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources }}
   RUN_E2E_TESTS: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.run_e2e_tests || 'GoldenPath-Testing') || 'GoldenPath-Testing' }}
   BUILD_DOCKER_IMAGE: ${{ inputs.trigger_type == 'workflow_dispatch' && (inputs.build_docker_image || false) || false }}
 
@@ -155,6 +138,11 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@v4
 
+      - name: Setup Azure CLI
+        run: |
+          curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+          az --version
+
       - name: Login to Azure
         shell: bash
         run: |
@@ -170,29 +158,25 @@ jobs:
           export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }}
           export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
           export GPT_MIN_CAPACITY=${{ env.GPT_MIN_CAPACITY }}
+          export TEXT_EMBEDDING_MIN_CAPACITY=${{ env.TEXT_EMBEDDING_MIN_CAPACITY }}
           export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}"
 
-          chmod +x infra/scripts/checkquota.sh
-          if ! infra/scripts/checkquota.sh; then
-            if grep -q "No region with sufficient quota found" infra/scripts/checkquota.sh; then
+          chmod +x infra/scripts/checkquota_km.sh
+          if ! infra/scripts/checkquota_km.sh; then
+            if grep -q "No region with sufficient quota found" infra/scripts/checkquota_km.sh; then
               echo "QUOTA_FAILED=true" >> $GITHUB_ENV
             fi
             exit 1
           fi
-
-      - name: Set Quota Failure Output
-        id: quota_failure_output
-        if: env.QUOTA_FAILED == 'true'
-        shell: bash
-        run: |
-          echo "QUOTA_FAILED=true" >> $GITHUB_OUTPUT
-          echo "Quota check failed - will notify via separate notification job"
       
       - name: Fail Pipeline if Quota Check Fails
         if: env.QUOTA_FAILED == 'true'
         shell: bash
         run: exit 1
-      
+
+      - name: Install Bicep CLI
+        run: az bicep install
+
       - name: Set Deployment Region
         id: set_region
         shell: bash
@@ -222,17 +206,13 @@ jobs:
             echo "RESOURCE_GROUP_NAME=${{ inputs.resource_group_name }}" >> $GITHUB_ENV
           else
             echo "Generating a unique resource group name..."
-            ACCL_NAME="cp"  # Account name as specified
+            ACCL_NAME="kmgeneric"  # Account name as specified
             SHORT_UUID=$(uuidgen | cut -d'-' -f1)
             UNIQUE_RG_NAME="arg-${ACCL_NAME}-${SHORT_UUID}"
             echo "RESOURCE_GROUP_NAME=${UNIQUE_RG_NAME}" >> $GITHUB_ENV
             echo "Generated RESOURCE_GROUP_NAME: ${UNIQUE_RG_NAME}"
           fi
 
-      - name: Install Bicep CLI
-        shell: bash
-        run: az bicep install
-
       - name: Check and Create Resource Group
         id: check_create_rg
         shell: bash
@@ -255,7 +235,7 @@ jobs:
         shell: bash
         run: |
           set -e
-          COMMON_PART="psldg"
+          COMMON_PART="pslkmg"
           TIMESTAMP=$(date +%s)  
           UPDATED_TIMESTAMP=$(echo $TIMESTAMP | tail -c 6) 
           UNIQUE_SOLUTION_PREFIX="${COMMON_PART}${UPDATED_TIMESTAMP}"
@@ -365,14 +345,7 @@ jobs:
       WAF_ENABLED: ${{ inputs.waf_enabled == true && 'true' || 'false' }}
       AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ inputs.azure_env_log_anlytics_workspace_id }}
       AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ inputs.azure_existing_ai_project_resource_id }}
-    secrets:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      ACR_TEST_LOGIN_SERVER: ${{ secrets.ACR_TEST_LOGIN_SERVER }}
-      AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}
-      AZURE_ENV_FOUNDRY_PROJECT_ID: ${{ secrets.AZURE_ENV_FOUNDRY_PROJECT_ID }}
+    secrets: inherit
 
   deploy-windows:
     name: Deploy on Windows
@@ -390,11 +363,4 @@ jobs:
       WAF_ENABLED: ${{ inputs.waf_enabled == true && 'true' || 'false' }}
       AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ inputs.azure_env_log_anlytics_workspace_id }}
       AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ inputs.azure_existing_ai_project_resource_id }}
-    secrets:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      ACR_TEST_LOGIN_SERVER: ${{ secrets.ACR_TEST_LOGIN_SERVER }}
-      AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ secrets.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}
-      AZURE_ENV_FOUNDRY_PROJECT_ID: ${{ secrets.AZURE_ENV_FOUNDRY_PROJECT_ID }}
+    secrets: inherit