Merge pull request #214 from microsoft/vee-pipeline-fixes

fix: Code Mod | Azure Template Validation & Deploy-Test-Cleanup Pipeline fix

Author: Prajwal-Microsoft

.github/workflows/azure-dev-validation.yml

@@ -19,7 +19,7 @@ jobs:
         uses: actions/checkout@v4 
       # Step 2: Validate the Azure template using microsoft/template-validation-action 
       - name: Validate Azure Template 
-        uses: microsoft/template-validation-action@Latest 
+        uses: microsoft/template-validation-action@Latest
         id: validation 
         env: 
           AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} 
@@ -31,4 +31,4 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
       # Step 3: Print the result of the validation 
       - name: Print result 
-        run: cat ${{ steps.validation.outputs.resultFile }} 
+        run: cat ${{ steps.validation.outputs.resultFile }} 

.github/workflows/deploy.yml

@@ -72,6 +72,11 @@ jobs:
       - name: Fail Pipeline if Quota Check Fails
         if: env.QUOTA_FAILED == 'true'
         run: exit 1
+      
+      - name: Set Deployment Region
+        run: |
+          echo "Selected Region: $VALID_REGION"
+          echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV
 
       - name: Install Bicep CLI
         run: az bicep install
@@ -135,8 +140,7 @@ jobs:
             --template-file infra/main.bicep \
             --parameters \
                 solutionName="${{ env.SOLUTION_PREFIX }}" \
-                aiDeploymentsLocation="eastus" \
-                useWafAlignedArchitecture=false \
+                aiDeploymentsLocation='${{ env.AZURE_LOCATION }}' \
                 capacity=${{ env.GPT_MIN_CAPACITY }} \
                 imageVersion="${IMAGE_TAG}" \
                 createdBy="Pipeline" \
@@ -191,6 +195,24 @@ jobs:
       - name: Login to Azure
         run: |
           az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }}
+          
+      - name: Assign Contributor role to Service Principal
+        if: always()
+        run: |
+          echo "Assigning Contributor role to SPN for RG: ${{ env.RESOURCE_GROUP_NAME }}"
+          az role assignment create \
+            --assignee ${{ secrets.AZURE_CLIENT_ID }} \
+            --role "Contributor" \
+            --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}
+          
+          echo "Assigning Log Analytics Contributor role for Log Analytics workspace access at RG level..."
+          az role assignment create \
+            --assignee ${{ secrets.AZURE_CLIENT_ID }} \
+            --role "Log Analytics Contributor" \
+            --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} || echo "Log Analytics Contributor role assignment failed (may already exist)"
+          
+          echo "Waiting for role assignment propagation..."
+          sleep 30
 
       - name: Get Log Analytics Workspace and OpenAI from Resource Group
         if: always()
@@ -417,4 +439,4 @@ jobs:
         if: always()
         run: |
           az logout
-          echo "Logged out from Azure."
+          echo "Logged out from Azure."

.github/workflows/test.yml

@@ -103,4 +103,4 @@ jobs:
       - name: Skip Backend Tests
         if: env.skip_backend_tests == 'true'
         run: |
-          echo "Skipping backend tests because no test files were found."
+          echo "Skipping backend tests because no test files were found."

infra/main.json

@@ -6,18 +6,12 @@
     "_generator": {
       "name": "bicep",
       "version": "0.37.4.10188",
-      "templateHash": "4708808767614470236"
+      "templateHash": "10857935115773987076"
     },
     "name": "Modernize Your Code Solution Accelerator",
-    "description": "CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. \n"
+    "description": "CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. \r\n"
   },
   "parameters": {
-    "useWafAlignedArchitecture": {
-      "type": "bool",
-      "metadata": {
-        "description": "Set to true if you want to deploy WAF-aligned infrastructure."
-      }
-    },
     "solutionName": {
       "type": "string",
       "minLength": 3,
@@ -79,14 +73,14 @@
     },
     "enableMonitoring": {
       "type": "bool",
-      "defaultValue": "[if(parameters('useWafAlignedArchitecture'), true(), false())]",
+      "defaultValue": false,
       "metadata": {
         "description": "Optional. Enable monitoring for the resources. This will enable Application Insights and Log Analytics. Defaults to false."
       }
     },
     "enableScaling": {
       "type": "bool",
-      "defaultValue": "[if(parameters('useWafAlignedArchitecture'), true(), false())]",
+      "defaultValue": false,
       "metadata": {
         "description": "Optional. Enable scaling for the container apps. Defaults to false."
       }
@@ -107,7 +101,7 @@
     },
     "enablePrivateNetworking": {
       "type": "bool",
-      "defaultValue": "[if(parameters('useWafAlignedArchitecture'), true(), false())]",
+      "defaultValue": false,
       "metadata": {
         "description": "Optional. Enable private networking for the resources. Set to true to enable private networking. Defaults to false."
       }
@@ -192,9 +186,9 @@
     },
     "createdBy": {
       "type": "string",
-      "defaultValue": "[if(empty(deployer().userPrincipalName), '', split(deployer().userPrincipalName, '@')[0])]",
+      "defaultValue": "[if(contains(deployer(), 'userPrincipalName'), split(deployer().userPrincipalName, '@')[0], deployer().objectId)]",
       "metadata": {
-        "description": "Optional created by user name"
+        "description": "Tag, Created by user name"
       }
     }
   },
@@ -457,7 +451,7 @@
       "apiVersion": "2021-04-01",
       "name": "default",
       "properties": {
-        "tags": "[shallowMerge(createArray(variables('allTags'), createObject('TemplateName', 'Code Modernization', 'CreatedBy', parameters('createdBy'))))]"
+        "tags": "[shallowMerge(createArray(variables('allTags'), createObject('TemplateName', 'Code Modernization', 'Type', if(parameters('enablePrivateNetworking'), 'WAF', 'Non-WAF'), 'CreatedBy', parameters('createdBy'))))]"
       }
     },
     "avmTelemetry": {