Merge pull request #201 from microsoft/task/ci-pipeline-quota-check-dkm

Roopan-Microsoft · web-flow · commit 5207ebf35654 · 2025-02-25T17:17:29.000+05:30
ci: implement quota check in CI Pipeline to ensure resource availability in supported region
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -56,14 +56,75 @@ jobs:
       run: |
         $PSVersionTable.PSVersion
 
+    # Run Quota Check Script
+    - name: Run Quota Check
+      id: quota-check
+      shell: pwsh
+      run: |
+        $ErrorActionPreference = "Stop"  # Ensure that any error stops the pipeline
+        
+        # Path to the PowerShell script for quota check
+        $quotaCheckScript = "Deployment/checkquota.ps1"
+    
+        # Check if the script exists and is executable (not needed for PowerShell like chmod)
+        if (-not (Test-Path $quotaCheckScript)) {
+          Write-Host "❌ Error: Quota check script not found."
+          exit 1
+        }
+    
+        # Run the script
+        .\Deployment\checkquota.ps1
+    
+        # If the script fails, check for the failure message
+        $quotaFailedMessage = "No region with sufficient quota found"
+        $output = Get-Content "Deployment/checkquota.ps1"
+    
+        if ($output -contains $quotaFailedMessage) {
+          echo "QUOTA_FAILED=true" >> $GITHUB_ENV
+        }
+      env:
+        AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+        AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+        AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+        GPT_MIN_CAPACITY: '130'
+        TEXT_EMBEDDING_MIN_CAPACITY: '80'
+  
+
+    # Send Notification on Quota Failure
+    - name: Send Notification on Quota Failure
+      if: env.QUOTA_FAILED == 'true'
+      shell: pwsh
+      run: |
+        $RUN_URL = "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+
+        # Construct the email body
+        $EMAIL_BODY = @"
+        {
+          "body": "<p>Dear Team,</p><p>The quota check has failed, and the pipeline cannot proceed.</p><p><strong>Build URL:</strong> $RUN_URL</p><p>Please take necessary action.</p><p>Best regards,<br>Your Automation Team</p>"
+        }
+        "@
+
+        # Send the notification
+        try {
+          $response = Invoke-RestMethod -Uri "${{ secrets.LOGIC_APP_URL }}" -Method Post -ContentType "application/json" -Body $EMAIL_BODY
+          Write-Host "Notification sent successfully."
+        } catch {
+          Write-Host "❌ Failed to send notification."
+        }
+
+    - name: Fail Pipeline if Quota Check Fails
+      if: env.QUOTA_FAILED == 'true'
+      run: exit 1
+
     - name: Run Deployment Script with Input
       shell: pwsh
       run: |
         cd Deployment
         $input = @"
         ${{ secrets.AZURE_SUBSCRIPTION_ID }}
         CanadaCentral
-        WestUS3
+        ${{ env.VALID_REGION }}
         ${{ secrets.EMAIL }}
         yes
         "@
@@ -136,8 +197,8 @@ jobs:
                   Write-Host "Purging CognitiveService Account: $cognitiveservice_name"
           
                   # Construct resource IDs
-                  $openaiResourceId = "/subscriptions/$subscriptionId/providers/Microsoft.CognitiveServices/locations/westus3/resourceGroups/$resourceGroupName/deletedAccounts/$openai_name"
-                  $cognitiveResourceId = "/subscriptions/$subscriptionId/providers/Microsoft.CognitiveServices/locations/eastus/resourceGroups/$resourceGroupName/deletedAccounts/$cognitiveservice_name"
+                  $openaiResourceId = "/subscriptions/$subscriptionId/providers/Microsoft.CognitiveServices/locations/${{ env.VALID_REGION }}/resourceGroups/$resourceGroupName/deletedAccounts/$openai_name"
+                  $cognitiveResourceId = "/subscriptions/$subscriptionId/providers/Microsoft.CognitiveServices/locations/${{ env.VALID_REGION }}/resourceGroups/$resourceGroupName/deletedAccounts/$cognitiveservice_name"
           
                   # Debug: Print constructed resource IDs
                   Write-Host "Command to purge OpenAI resource: az resource delete --ids `"$openaiResourceId`" --verbose"
diff --git a/Deployment/checkquota.ps1 b/Deployment/checkquota.ps1
@@ -0,0 +1,104 @@
+# List of Azure regions to check for quota (update as needed)
+$REGIONS = @("WestUS3", "CanadaCentral", "eastus")
+
+$SUBSCRIPTION_ID = $env:AZURE_SUBSCRIPTION_ID
+$GPT_MIN_CAPACITY = $env:GPT_MIN_CAPACITY
+$TEXT_EMBEDDING_MIN_CAPACITY = $env:TEXT_EMBEDDING_MIN_CAPACITY
+$AZURE_CLIENT_ID = $env:AZURE_CLIENT_ID
+$AZURE_TENANT_ID = $env:AZURE_TENANT_ID
+$AZURE_CLIENT_SECRET = $env:AZURE_CLIENT_SECRET
+
+# Authenticate using Service Principal
+Write-Host "Authentication using Service Principal..."
+# Ensure Azure PowerShell module is installed and imported
+Install-Module -Name Az -AllowClobber -Force -Scope CurrentUser
+Import-Module Az
+
+# Create a PSCredential object for authentication
+$creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $AZURE_CLIENT_ID, (ConvertTo-SecureString $AZURE_CLIENT_SECRET -AsPlainText -Force)
+
+# Attempt to connect using Service Principal
+try {
+    Connect-AzAccount -ServicePrincipal -TenantId $AZURE_TENANT_ID -Credential $creds
+} catch {
+    Write-Host "❌ Error: Failed to authenticate using Service Principal. $_"
+    exit 1
+}
+
+Write-Host "🔄 Validating required environment variables..."
+if (-not $SUBSCRIPTION_ID -or -not $GPT_MIN_CAPACITY -or -not $TEXT_EMBEDDING_MIN_CAPACITY) {
+    Write-Host "❌ ERROR: Missing required environment variables."
+    exit 1
+}
+
+Write-Host "🔄 Setting Azure subscription..."
+$setSubscriptionResult = Set-AzContext -SubscriptionId $SUBSCRIPTION_ID
+if ($setSubscriptionResult -eq $null) {
+    Write-Host "❌ ERROR: Invalid subscription ID or insufficient permissions."
+    exit 1
+}
+Write-Host "✅ Azure subscription set successfully."
+
+# Define models and their minimum required capacities
+$MIN_CAPACITY = @{
+    "OpenAI.Standard.gpt-4o-mini" = $GPT_MIN_CAPACITY
+    "OpenAI.Standard.text-embedding-3-large" = $TEXT_EMBEDDING_MIN_CAPACITY
+}
+
+$VALID_REGION = ""
+
+foreach ($REGION in $REGIONS) {
+    Write-Host "----------------------------------------"
+    Write-Host "🔍 Checking region: $REGION"
+
+    # Get the Cognitive Services usage information for the region
+    $QUOTA_INFO = Get-AzCognitiveServicesUsage -Location $REGION
+    if (-not $QUOTA_INFO) {
+        Write-Host "⚠️ WARNING: Failed to retrieve quota for region $REGION. Skipping."
+        continue
+    }
+
+    $INSUFFICIENT_QUOTA = $false
+
+    foreach ($MODEL in $MIN_CAPACITY.Keys) {
+
+        $MODEL_INFO = $QUOTA_INFO | Where-Object { $_.Name -eq $MODEL }
+
+        Write-Host "MODEL_INFO ID: $MODEL_INFO"
+        Write-Host "QUOTA_INFO: $QUOTA_INFO"    
+        
+        if (-not $MODEL_INFO) {
+            Write-Host "⚠️ WARNING: No quota information found for model: $MODEL in $REGION. Skipping."
+            continue
+        }
+
+        $CURRENT_VALUE = [int]$MODEL_INFO.CurrentValue
+        $LIMIT = [int]$MODEL_INFO.Limit
+
+        $AVAILABLE = $LIMIT - $CURRENT_VALUE
+
+        Write-Host "✅ Model: $MODEL | Used: $CURRENT_VALUE | Limit: $LIMIT | Available: $AVAILABLE"
+
+        if ($AVAILABLE -lt $MIN_CAPACITY[$MODEL]) {
+            Write-Host "❌ ERROR: $MODEL in $REGION has insufficient quota."
+            $INSUFFICIENT_QUOTA = $true
+            break
+        }
+    }
+
+    if ($INSUFFICIENT_QUOTA -eq $false) {
+        $VALID_REGION = $REGION
+        break
+    }
+
+}
+
+if (-not $VALID_REGION) {
+    Write-Host "❌ No region with sufficient quota found. Blocking deployment."
+    echo "QUOTA_FAILED=true" >> $env:GITHUB_ENV  # Set QUOTA_FAILED for subsequent steps
+    exit 0
+} else {
+    Write-Host "✅ Suggested Region: $VALID_REGION"
+    echo "VALID_REGION=$VALID_REGION" >> $env:GITHUB_ENV   # Set VALID_REGION for subsequent steps
+    exit 0
+}
