Merge branch 'dev' of https://github.com/Ritesh-Microsoft/content-gen-automation into dev

Author: Ritesh-Microsoft

.flake8

@@ -0,0 +1,5 @@
+[flake8]
+max-line-length = 88
+extend-ignore = E501
+exclude = .venv, frontend
+ignore = E203, W503, G004, G200

.github/workflows/broken-links-checker.yml

@@ -0,0 +1,58 @@
+name: Broken Link Checker
+
+on:
+  pull_request:
+    paths:
+      - '**/*.md'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  actions: read
+
+jobs:
+  markdown-link-check:
+    name: Check Markdown Broken Links
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      # For PR : Get only changed markdown files
+      - name: Get changed markdown files (PR only)
+        id: changed-markdown-files
+        if: github.event_name == 'pull_request'
+        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v46
+        with:
+          files: |
+            **/*.md
+
+
+      # For PR: Check broken links only in changed files
+      - name: Check Broken Links in Changed Markdown Files
+        id: lychee-check-pr
+        if: github.event_name == 'pull_request' && steps.changed-markdown-files.outputs.any_changed == 'true'
+        uses: lycheeverse/lychee-action@v2.7.0
+        with:
+          args: >
+            --verbose --no-progress --exclude ^https?://
+            ${{ steps.changed-markdown-files.outputs.all_changed_files }}
+          failIfEmpty: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # For manual trigger: Check all markdown files in repo
+      - name: Check Broken Links in All Markdown Files in Entire Repo (Manual Trigger)
+        id: lychee-check-manual
+        if: github.event_name == 'workflow_dispatch'
+        uses: lycheeverse/lychee-action@v2.7.0
+        with:
+          args: >
+            --verbose --no-progress --exclude ^https?://
+            '**/*.md'
+          failIfEmpty: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql.yml

@@ -0,0 +1,44 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+    paths:
+      - '**/*.py'
+      - '.github/workflows/codeql.yml'
+  pull_request:
+    branches: [ "main" ]
+    paths:
+      - '**/*.py'
+      - '.github/workflows/codeql.yml'
+  schedule:
+    - cron: '17 11 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v6
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v4
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v4
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/deploy-linux.yml .github/workflows/deploy-ci.yml.github/workflows/deploy-linux.yml renamed to .github/workflows/deploy-ci.yml

@@ -1,17 +1,15 @@
-name: Deploy-Test-Cleanup (v2) Linux
+name: Deploy-Test-Cleanup (v2)
 on:
   pull_request:
     branches:
       - main
     paths:
-      - 'src/frontend/**'
-      - 'src/**/*.py'
-      - 'src/requirements*.txt'
-      - 'src/WebApp.Dockerfile'
-      - '!src/tests/**'
-      - 'infra/**/*.bicep'
-      - 'infra/**/*.json'
-      - '*.yaml'
+      - 'content-gen/src/**'
+      - '!content-gen/src/tests/**'
+      - 'content-gen/infra/**/*.bicep'
+      - 'content-gen/infra/**/*.json'
+      - 'content-gen/*.yaml'
+      - 'content-gen/scripts/**'
       - '.github/workflows/deploy-*.yml'
   workflow_run:
     workflows: ["Build Docker and Optional Push"]
@@ -23,6 +21,16 @@ on:
       - demo
   workflow_dispatch:
     inputs:
+      runner_os:
+        description: 'Deployment Environment'
+        required: false
+        type: choice
+        options:
+          - 'codespace'
+          - 'Devcontainer'
+          - 'Local'
+        default: 'codespace'
+
       azure_location:
         description: 'Azure Location For Deployment'
         required: false
@@ -32,11 +40,14 @@ on:
           - 'australiaeast'
           - 'centralus'
           - 'eastasia'
-          - 'eastus2'
+          - 'eastus'
           - 'japaneast'
           - 'northeurope'
           - 'southeastasia'
+          - 'swedencentral'
           - 'uksouth'
+          - 'westus'
+          - 'westus3'
       resource_group_name:
         description: 'Resource Group Name (Optional)'
         required: false
@@ -90,17 +101,28 @@ on:
         required: false
         default: ''
         type: string
+      image_model_choice:
+        description: 'Image Model to Deploy'
+        required: false
+        default: 'gpt-image-1'
+        type: choice
+        options:
+          - 'gpt-image-1'
+          - 'gpt-image-1.5'
+          - 'none'
 
   schedule:
-    - cron: '0 9,21 * * *'  # Runs at 9:00 AM and 9:00 PM GMT
+    - cron: '30 4 * * *'  # Runs at 10:00 AM IST (4:30 AM UTC)
 permissions:
   contents: read
   actions: read
+  packages: write  # Required by deploy-orchestrator → job-deploy → job-deploy-devcontainer for GHCR
 jobs:
   validate-inputs:
     runs-on: ubuntu-latest
     outputs:
       validation_passed: ${{ steps.validate.outputs.passed }}
+      runner_os: ${{ steps.validate.outputs.runner_os }}
       azure_location: ${{ steps.validate.outputs.azure_location }}
       resource_group_name: ${{ steps.validate.outputs.resource_group_name }}
       waf_enabled: ${{ steps.validate.outputs.waf_enabled }}
@@ -111,11 +133,13 @@ jobs:
       azure_env_log_analytics_workspace_id: ${{ steps.validate.outputs.azure_env_log_analytics_workspace_id }}
       azure_existing_ai_project_resource_id: ${{ steps.validate.outputs.azure_existing_ai_project_resource_id }}
       existing_webapp_url: ${{ steps.validate.outputs.existing_webapp_url }}
+      image_model_choice: ${{ steps.validate.outputs.image_model_choice }}
     steps:
       - name: Validate Workflow Input Parameters
         id: validate
         shell: bash
         env:
+          INPUT_RUNNER_OS: ${{ github.event.inputs.runner_os }}
           INPUT_AZURE_LOCATION: ${{ github.event.inputs.azure_location }}
           INPUT_RESOURCE_GROUP_NAME: ${{ github.event.inputs.resource_group_name }}
           INPUT_WAF_ENABLED: ${{ github.event.inputs.waf_enabled }}
@@ -126,10 +150,30 @@ jobs:
           INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID: ${{ github.event.inputs.AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID }}
           INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ github.event.inputs.AZURE_EXISTING_AI_PROJECT_RESOURCE_ID }}
           INPUT_EXISTING_WEBAPP_URL: ${{ github.event.inputs.existing_webapp_url }}
+          INPUT_IMAGE_MODEL_CHOICE: ${{ github.event.inputs.image_model_choice }}
         run: |
           echo "🔍 Validating workflow input parameters..."
           VALIDATION_FAILED=false
           
+          # Validate runner_os (specific allowed values) and derive actual runner
+          RUNNER_OS_INPUT="${INPUT_RUNNER_OS:-codespace}"
+          if [[ "$RUNNER_OS_INPUT" != "codespace" && "$RUNNER_OS_INPUT" != "Devcontainer" && "$RUNNER_OS_INPUT" != "Local" ]]; then
+            echo "❌ ERROR: runner_os must be one of: codespace, Devcontainer, Local, got: '$RUNNER_OS_INPUT'"
+            VALIDATION_FAILED=true
+          else
+            echo "✅ runner_os: '$RUNNER_OS_INPUT' is valid"
+          fi
+
+          # Derive actual runner from runner_os input
+          if [[ "$RUNNER_OS_INPUT" == "codespace" ]]; then
+            RUNNER_OS="ubuntu-latest"
+          elif [[ "$RUNNER_OS_INPUT" == "Devcontainer" ]]; then
+            RUNNER_OS="devcontainer"
+          else
+            RUNNER_OS="windows-latest"
+          fi
+          echo "✅ runner_os derived as: '$RUNNER_OS'"
+          
           # Validate azure_location (Azure region format)
           LOCATION="${INPUT_AZURE_LOCATION:-australiaeast}"
           
@@ -252,6 +296,7 @@ jobs:
           
           # Output validated values
           echo "passed=true" >> $GITHUB_OUTPUT
+          echo "runner_os=$RUNNER_OS" >> $GITHUB_OUTPUT
           echo "azure_location=$LOCATION" >> $GITHUB_OUTPUT
           echo "resource_group_name=$INPUT_RESOURCE_GROUP_NAME" >> $GITHUB_OUTPUT
           echo "waf_enabled=$WAF_ENABLED" >> $GITHUB_OUTPUT
@@ -262,13 +307,23 @@ jobs:
           echo "azure_env_log_analytics_workspace_id=$INPUT_AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID" >> $GITHUB_OUTPUT
           echo "azure_existing_ai_project_resource_id=$INPUT_AZURE_EXISTING_AI_PROJECT_RESOURCE_ID" >> $GITHUB_OUTPUT
           echo "existing_webapp_url=$INPUT_EXISTING_WEBAPP_URL" >> $GITHUB_OUTPUT
+          
+          # Validate and output image_model_choice
+          IMAGE_MODEL="${INPUT_IMAGE_MODEL_CHOICE:-gpt-image-1}"
+          ALLOWED_MODELS=("gpt-image-1" "gpt-image-1.5" "none")
+          if [[ ! " ${ALLOWED_MODELS[@]} " =~ " ${IMAGE_MODEL} " ]]; then
+            echo "❌ ERROR: image_model_choice '$IMAGE_MODEL' is invalid. Allowed: ${ALLOWED_MODELS[*]}"
+            exit 1
+          fi
+          echo "✅ image_model_choice: '$IMAGE_MODEL' is valid"
+          echo "image_model_choice=$IMAGE_MODEL" >> $GITHUB_OUTPUT
 
   Run:
     needs: validate-inputs
     if: needs.validate-inputs.outputs.validation_passed == 'true'
     uses: ./.github/workflows/deploy-orchestrator.yml
     with:
-      runner_os: ubuntu-latest
+      runner_os: ${{ needs.validate-inputs.outputs.runner_os || 'ubuntu-latest' }}
       azure_location: ${{ needs.validate-inputs.outputs.azure_location || 'australiaeast' }}
       resource_group_name: ${{ needs.validate-inputs.outputs.resource_group_name || '' }}
       waf_enabled: ${{ needs.validate-inputs.outputs.waf_enabled == 'true' }}
@@ -280,4 +335,5 @@ jobs:
       AZURE_EXISTING_AI_PROJECT_RESOURCE_ID: ${{ needs.validate-inputs.outputs.azure_existing_ai_project_resource_id || '' }}
       existing_webapp_url: ${{ needs.validate-inputs.outputs.existing_webapp_url || '' }}
       trigger_type: ${{ github.event_name }}
+      image_model_choice: ${{ needs.validate-inputs.outputs.image_model_choice || 'gpt-image-1' }}
     secrets: inherit

.github/workflows/deploy-orchestrator.yml

@@ -4,7 +4,7 @@ on:
   workflow_call:
     inputs:
       runner_os:
-        description: 'Runner OS (ubuntu-latest or windows-latest)'
+        description: 'Runner OS (ubuntu-latest, windows-latest, or devcontainer)'
         required: true
         type: string
       azure_location:
@@ -61,12 +61,18 @@ on:
         description: 'Trigger type (workflow_dispatch, pull_request, schedule)'
         required: true
         type: string
+      image_model_choice:
+        description: 'Image model to deploy (gpt-image-1, gpt-image-1.5, none)'
+        required: false
+        default: 'gpt-image-1'
+        type: string
 
 env:
   AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }}
 permissions:
   contents: read
   actions: read
+  packages: write  # Required by job-deploy → job-deploy-devcontainer to push devcontainer image to GHCR
 
 jobs:
   docker-build:
@@ -94,10 +100,12 @@ jobs:
       docker_image_tag: ${{ needs.docker-build.outputs.IMAGE_TAG }}
       run_e2e_tests: ${{ inputs.run_e2e_tests }}
       cleanup_resources: ${{ inputs.cleanup_resources }}
+      image_model_choice: ${{ inputs.image_model_choice }}
     secrets: inherit
 
   e2e-test:
-    if: "!cancelled() && ((needs.deploy.result == 'success' && needs.deploy.outputs.WEB_APPURL != '') || (inputs.existing_webapp_url != '' && inputs.existing_webapp_url != null)) && (inputs.trigger_type != 'workflow_dispatch' || (inputs.run_e2e_tests != 'None' && inputs.run_e2e_tests != '' && inputs.run_e2e_tests != null))"
+    # if: "!cancelled() && ((needs.deploy.result == 'success' && needs.deploy.outputs.WEB_APPURL != '') || (inputs.existing_webapp_url != '' && inputs.existing_webapp_url != null)) && (inputs.trigger_type != 'workflow_dispatch' || (inputs.run_e2e_tests != 'None' && inputs.run_e2e_tests != '' && inputs.run_e2e_tests != null))"
+    if: false # Temporarily disable E2E tests
     needs: [docker-build, deploy]
     uses: ./.github/workflows/test-automation-v2.yml
     with:

.github/workflows/deploy-windows.yml

@@ -86,6 +86,7 @@ on:
 permissions:
   contents: read
   actions: read
+  packages: write  # Required by deploy-orchestrator → job-deploy → job-deploy-devcontainer for GHCR
 
 jobs:
   validate-inputs: