Merge branch 'microsoft:main' into ghc-custom-instructions

Author: chdaly

.azdo/pipelines/azure-dev.yml

@@ -2,8 +2,6 @@
 # Set this to the mainline branch you are using
 trigger:
   - main
-  - master
-  - feature/azd-semantickernel
 
 # Azure Pipelines workflow to deploy to Azure using azd
 # To configure required secrets and service connection for connecting to Azure, simply run `azd pipeline config --provider azdo`

.devcontainer/setupEnv.sh

@@ -1,5 +1,5 @@
 [flake8]
 max-line-length = 88
 extend-ignore = E501
-exclude = .venv, frontend
+exclude = .venv, frontend, src/backend/tests
 ignore = E203, W503, G004, G200, E402

.flake8

@@ -3,7 +3,7 @@
 
 version: 2
 updates:
-  # GitHub Actions dependencies
+  # GitHub Actions dependencies (grouped)
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
@@ -12,7 +12,12 @@ updates:
       prefix: "build"
     target-branch: "dependabotchanges"
     open-pull-requests-limit: 10
+    groups:
+      all-actions:
+        patterns:
+          - "*"
 
+  # Python pip dependencies (grouped)
   - package-ecosystem: "pip"
     directory: "/src/backend"
     schedule:
@@ -21,6 +26,10 @@ updates:
       prefix: "build"
     target-branch: "dependabotchanges"
     open-pull-requests-limit: 10
+    groups:
+      python-deps:
+        patterns:
+          - "*"
 
   - package-ecosystem: "pip"
     directory: "/src/frontend"
@@ -29,4 +38,8 @@ updates:
     commit-message:
       prefix: "build"
     target-branch: "dependabotchanges"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 10
+    groups:
+      python-deps:
+        patterns:
+          - "*"

.github/dependabot.yml

@@ -2,9 +2,7 @@ name: Azure Template Validation
 on:
   push:
     branches:
-      - dev
       - main
-      - feature/azd-semantickernel
   workflow_dispatch:
 
 permissions:
@@ -15,69 +13,19 @@ permissions:
 jobs:
   template_validation_job:
     runs-on: ubuntu-latest
-    name: Template validation
+    name: template validation
     steps:
-      # Step 1: Checkout the code from your repository
-      - name: Checkout code
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-      # Step 2: Set up Python
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: "3.9"
-
-      # Step 3: Create and populate the virtual environment
-      - name: Create virtual environment and install dependencies
-        run: |
-          python -m venv .venv
-          source .venv/bin/activate
-          python -m pip install --upgrade pip
-          pip install azure-mgmt-resource azure-identity azure-core azure-mgmt-subscription azure-cli-core
-          # Install any other dependencies that might be needed
-          pip freeze > requirements-installed.txt
-          echo "Virtual environment created with these packages:"
-          cat requirements-installed.txt
-
-      # Step 4: Create azd directory if it doesn't exist
-      - name: Create azd directory
-        run: |
-          mkdir -p ./.azd || true
-          touch ./.azd/.env || true
-
-      # Step 5: Validate the Azure template
-      - name: Validate Azure Template
-        uses: microsoft/[email protected]
+      - uses: microsoft/template-validation-action@Latest
         id: validation
         env:
-          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          AZURE_ENV_NAME: ${{ secrets.AZURE_ENV_NAME }}
-          AZURE_LOCATION: ${{ secrets.AZURE_LOCATION }}
+          AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+          AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+          AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+          AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      # Step 6: Debug output in case of failure
-      - name: Debug on failure
-        if: failure()
-        run: |
-          echo "Validation failed. Checking environment:"
-          ls -la
-          if [ -d ".venv" ]; then
-            echo ".venv directory exists"
-            ls -la .venv/bin/
-          else
-            echo ".venv directory does not exist"
-          fi
-          if [ -d "tva_*" ]; then
-            echo "TVA directory exists:"
-            find . -name "tva_*" -type d
-            ls -la $(find . -name "tva_*" -type d)
-          else
-            echo "No TVA directory found"
-          fi
-
-      # Step 7: Print the result of the validation
-      - name: Print result
-        if: success()
+      - name: print result
         run: cat ${{ steps.validation.outputs.resultFile }}

.github/workflows/azure-dev.yml

@@ -18,7 +18,7 @@ on:
       - dev
       - demo
       - hotfix
-  workflow_dispatch: 
+  workflow_dispatch:
 
 jobs:
   build-and-push:
@@ -32,14 +32,24 @@ jobs:
         uses: docker/setup-buildx-action@v1
 
       - name: Log in to Azure Container Registry
-        if: ${{ (github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix') }}
+        if: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'hotfix' }}
         uses: azure/docker-login@v2
         with:
-          login-server: ${{ secrets.ACR_LOGIN_SERVER }}
+          login-server: ${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io' }}
           username: ${{ secrets.ACR_USERNAME }}
           password: ${{ secrets.ACR_PASSWORD }}
 
-      - name: Set Docker image tag
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+      
+      - name: Get registry
+        id: registry
+        run: |
+          echo "ext_registry=${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io'}}" >> $GITHUB_OUTPUT
+
+      - name: Determine Tag Name Based on Branch
+        id: determine_tag
         run: |
           if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
             echo "TAG=latest" >> $GITHUB_ENV
@@ -52,24 +62,30 @@ jobs:
           else
             echo "TAG=pullrequest-ignore" >> $GITHUB_ENV
           fi
-          
-      - name: Build and push Docker images optionally
+
+      - name: Set Historical Tag
         run: |
-          cd src/backend
-          docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} -f Dockerfile . && \
-          if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix"  ]]; then
-            docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaebackend:${{ env.TAG }} && \
-            echo "Backend image built and pushed successfully."
-          else
-            echo "Skipping Docker push for backend with tag: ${{ env.TAG }}"
-          fi
-          cd ../frontend
-          docker build -t ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} -f Dockerfile . && \
-          if [[ "${{ env.TAG }}" == "latest" || "${{ env.TAG }}" == "dev" || "${{ env.TAG }}" == "demo" || "${{ env.TAG }}" == "hotfix"  ]]; then
-            docker push ${{ secrets.ACR_LOGIN_SERVER }}/macaefrontend:${{ env.TAG }} && \
-            echo "Frontend image built and pushed successfully."
-          else
-            echo "Skipping Docker push for frontend with tag: ${{ env.TAG }}"
-          fi
+          DATE_TAG=$(date +'%Y-%m-%d')
+          RUN_ID=${{ github.run_number }}
+          # Create historical tag using TAG, DATE_TAG, and RUN_ID
+          echo "HISTORICAL_TAG=${{ env.TAG }}_${DATE_TAG}_${RUN_ID}" >> $GITHUB_ENV
 
-          
+      - name: Build and optionally push Backend Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./src/backend
+          file: ./src/backend/Dockerfile
+          push: ${{ env.TAG != 'pullrequest-ignore' }}
+          tags: |
+            ${{ steps.registry.outputs.ext_registry }}/macaebackend:${{ env.TAG }}
+            ${{ steps.registry.outputs.ext_registry }}/macaebackend:${{ env.HISTORICAL_TAG }}
+  
+      - name: Build and optionally push Frontend Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./src/frontend
+          file: ./src/frontend/Dockerfile
+          push: ${{ env.TAG != 'pullrequest-ignore' }}
+          tags: |
+            ${{ steps.registry.outputs.ext_registry }}/macaefrontend:${{ env.TAG }}
+            ${{ steps.registry.outputs.ext_registry }}/macaefrontend:${{ env.HISTORICAL_TAG }}

.github/workflows/docker-build-and-push.yml

@@ -0,0 +1,152 @@
+# ------------------------------------------------------------------------------
+# Scheduled Dependabot PRs Auto-Merge Workflow
+#
+# Purpose:
+#   - Automatically detect, rebase (if needed), and merge Dependabot PRs targeting
+#     the `dependabotchanges` branch, supporting different merge strategies.
+#
+# Features:
+#   ✅ Filters PRs authored by Dependabot and targets the specific base branch
+#   ✅ Rebases PRs with conflicts and auto-resolves using "prefer-theirs" strategy
+#   ✅ Attempts all three merge strategies: merge, squash, rebase (first success wins)
+#   ✅ Handles errors gracefully, logs clearly
+#
+# Triggers:
+#   - Scheduled daily run (midnight UTC)
+#   - Manual trigger (via GitHub UI)
+#
+# Required Permissions:
+#   - contents: write
+#   - pull-requests: write
+# ------------------------------------------------------------------------------
+
+name: Scheduled Dependabot PRs Auto-Merge
+
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Runs once a day at midnight UTC
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  merge-dependabot:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install GitHub CLI
+        run: |
+          sudo apt update
+          sudo apt install -y gh
+      - name: Fetch & Filter Dependabot PRs
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "🔍 Fetching all Dependabot PRs targeting 'dependabotchanges'..."
+          > matched_prs.txt
+          pr_batch=$(gh pr list --state open --json number,title,author,baseRefName,url \
+            --jq '.[] | "\(.number)|\(.title)|\(.author.login)|\(.baseRefName)|\(.url)"')
+          while IFS='|' read -r number title author base url; do
+            author=$(echo "$author" | xargs)
+            base=$(echo "$base" | xargs)
+            if [[ "$author" == "app/dependabot" && "$base" == "dependabotchanges" ]]; then
+              echo "$url" >> matched_prs.txt
+              echo "✅ Matched PR #$number - $title"
+            else
+              echo "❌ Skipped PR #$number - $title (Author: $author, Base: $base)"
+            fi
+          done <<< "$pr_batch"
+          echo "👉 Matched PRs:"
+          cat matched_prs.txt || echo "None"
+      - name: Rebase PR if Conflicts Exist
+        if: success()
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [[ ! -s matched_prs.txt ]]; then
+            echo "⚠️ No matching PRs to process."
+            exit 0
+          fi
+          while IFS= read -r pr_url; do
+            pr_number=$(basename "$pr_url")
+            echo "🔁 Checking PR #$pr_number for conflicts..."
+            mergeable=$(gh pr view "$pr_number" --json mergeable --jq '.mergeable')
+            if [[ "$mergeable" == "CONFLICTING" ]]; then
+              echo "⚠️ Merge conflicts detected. Performing manual rebase for PR #$pr_number..."
+              head_branch=$(gh pr view "$pr_number" --json headRefName --jq '.headRefName')
+              base_branch=$(gh pr view "$pr_number" --json baseRefName --jq '.baseRefName')
+              git fetch origin "$base_branch":"$base_branch"
+              git fetch origin "$head_branch":"$head_branch"
+              git checkout "$head_branch"
+              git config user.name "github-actions"
+              git config user.email "[email protected]"
+              # Attempt rebase with 'theirs' strategy
+              if git rebase --strategy=recursive -X theirs "$base_branch"; then
+                echo "✅ Rebase successful. Pushing..."
+                git push origin "$head_branch" --force
+              else
+                echo "❌ Rebase failed. Aborting..."
+                git rebase --abort || true
+              fi
+            else
+              echo "✅ PR #$pr_number is mergeable. Skipping rebase."
+            fi
+          done < matched_prs.txt
+          
+      - name: Auto-Merge PRs using available strategy
+        if: success()
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [[ ! -s matched_prs.txt ]]; then
+            echo "⚠️ No matching PRs to process."
+            exit 0
+          fi
+          while IFS= read -r pr_url; do
+            pr_number=$(basename "$pr_url")
+            echo "🔍 Checking mergeability for PR #$pr_number"
+            attempt=0
+            max_attempts=8
+            mergeable=""
+            sleep 5  # Let GitHub calculate mergeable status
+            while [[ $attempt -lt $max_attempts ]]; do
+              mergeable=$(gh pr view "$pr_number" --json mergeable --jq '.mergeable' 2>/dev/null || echo "UNKNOWN")
+              echo "🔁 Attempt $((attempt+1))/$max_attempts: mergeable=$mergeable"
+              if [[ "$mergeable" == "MERGEABLE" ]]; then
+                success=0
+                for strategy in rebase squash merge; do
+                  echo "🚀 Trying to auto-merge PR #$pr_number using '$strategy' strategy..."
+                  set -x
+                  merge_output=$(gh pr merge --auto --"$strategy" "$pr_url" 2>&1)
+                  merge_status=$?
+                  set +x
+                  echo "$merge_output"
+                  if [[ $merge_status -eq 0 ]]; then
+                    echo "✅ Auto-merge succeeded using '$strategy'."
+                    success=1
+                    break
+                  else
+                    echo "❌ Auto-merge failed using '$strategy'. Trying next strategy..."
+                  fi
+                done
+                if [[ $success -eq 0 ]]; then
+                  echo "❌ All merge strategies failed for PR #$pr_number"
+                fi
+                break
+              elif [[ "$mergeable" == "CONFLICTING" ]]; then
+                echo "❌ Cannot merge due to conflicts. Skipping PR #$pr_number"
+                break
+              else
+                echo "🕒 Waiting for GitHub to determine mergeable status..."
+                sleep 15
+              fi
+              ((attempt++))
+            done
+            if [[ "$mergeable" != "MERGEABLE" && "$mergeable" != "CONFLICTING" ]]; then
+              echo "❌ Mergeability undetermined after $max_attempts attempts. Skipping PR #$pr_number"
+            fi
+          done < matched_prs.txt || echo "⚠️ Completed loop with some errors, but continuing gracefully."