chore: Dev Merge to Main#600
Open
Shreyas-Microsoft wants to merge 12 commits into
Open
Conversation
fix: Dependent bot code changes
feat: Enhance email template, add RG owner tag, scalability input
fix: update event stream names and enforce security settings in Bicep
Shreyas-Microsoft
requested review from
Avijit-Microsoft,
Prajwal-Microsoft,
Roopan-Microsoft,
Vinay-Microsoft,
aniaroramsft,
dgp10801,
nchandhi and
toherman-msft
as code owners
Shreyas-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Coverage Report •
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the solution’s deployment automation and infrastructure templates to add an opt-in “Enable Scalability” flag for WAF deployments, improve Azure Resource Group traceability via ownership tagging, and apply several dependency + infra hardening updates.
Changes:
- Added
enableScalability/ENABLE_SCALABILITYinputs across major deployment workflows and propagated the flag into ARM parameters for WAF deployments. - Added/merged an
Ownertag on deployment Resource Groups (create + update paths) for better auditability. - Updated infra templates and dependencies (e.g., Log Analytics naming, DCR config updates, storage/container-app hardening, Python + Web package bumps) and revamped email notification formatting.
Reviewed changes
Copilot reviewed 16 out of 20 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/ContentProcessorWorkflow/pyproject.toml | Bumps python-multipart dependency version. |
| src/ContentProcessorWeb/pnpm-lock.yaml | Locks updated dependency graph (postcss + additional overrides). |
| src/ContentProcessorWeb/package.json | Updates postcss version and pins additional pnpm overrides. |
| src/ContentProcessorAPI/uv.lock | Updates locked Python deps (python-multipart, urllib3). |
| src/ContentProcessorAPI/requirements.txt | Bumps python-multipart and urllib3 pinned versions. |
| src/ContentProcessorAPI/pyproject.toml | Bumps python-multipart and urllib3 constraints. |
| src/ContentProcessor/uv.lock | Updates locked Python deps (python-multipart, urllib3). |
| src/ContentProcessor/requirements.txt | Bumps urllib3 pinned version. |
| infra/main.json | Regenerated ARM output reflecting infra/template changes. |
| infra/main.bicep | Updates monitoring/DCR config, standardizes LA naming, and adds hardening flags (storage/container apps). |
| infra/main_custom.bicep | Mirrors main.bicep changes for the custom deployment path. |
| .github/workflows/job-send-notification.yml | Reworks notification emails to richer HTML formatting and status “pills”. |
| .github/workflows/job-deploy.yml | Adds enableScalability input + propagates flag; adds Owner tag create/update logic. |
| .github/workflows/job-deploy-windows.yml | Adds ENABLE_SCALABILITY input and injects it into parameters.json for WAF. |
| .github/workflows/job-deploy-linux.yml | Adds ENABLE_SCALABILITY input and injects it into parameters.json for WAF. |
| .github/workflows/deploy.yml | Adds Owner tagging for RG creation and merges Owner tag on existing RGs. |
| .github/workflows/deploy-windows.yml | Adds enableScalability input and validation/propagation to orchestrated jobs. |
| .github/workflows/deploy-v2.yml | Adds enableScalability input + validation/propagation; clarifies input descriptions. |
| .github/workflows/deploy-orchestrator.yml | Adds enableScalability input and passes it through to downstream workflows. |
Files not reviewed (1)
- src/ContentProcessorWeb/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+222
to
+224
| RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" | ||
| RESOURCE_GROUP="$INPUT_RESOURCE_GROUP_NAME" | ||
|
|
||
| EMAIL_BODY=$(cat <<EOF | ||
| { | ||
| "body": "<p>Dear Team,</p><p>We would like to inform you that the ${ACCELERATOR_NAME} deployment has failed.</p><p><strong>Status Summary:</strong><br><table border='1' cellpadding='5' cellspacing='0'><tr><th>Stage</th><th>Status</th></tr><tr><td>Deployment</td><td>❌ FAILED (Deployment Issue)</td></tr><tr><td>E2E Tests</td><td>⏭️ SKIPPED</td></tr><tr><td>Cleanup</td><td>${CLEANUP_STATUS}</td></tr></table></p><p><strong>Deployment Details:</strong><br>• Resource Group: ${RESOURCE_GROUP}</p><p><strong>Configuration:</strong> ${CONFIG_LABEL}</p><p><strong>Run URL:</strong> <a href='${RUN_URL}'>${RUN_URL}</a></p><p>Please investigate the deployment failure at your earliest convenience.</p><p>Best regards,<br>Your Automation Team</p>", | ||
| "subject": "❌[CI/CD-Automation] [${ACCELERATOR_NAME}] Deployment-Failed" | ||
| } | ||
| EOF | ||
| PILL_BASE="display:inline-block; min-width:70px; text-align:center; padding:4px 12px; border-radius:20px; font-size:12px; font-weight:600; line-height:1.4;" |
Comment on lines
+257
to
+261
| <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${RESOURCE_GROUP}</td></tr> | ||
| <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Triggered By</td> | ||
| <td style="padding:8px 0; font-size:13px; color:#111827;">${{ github.actor }}</td></tr> | ||
| <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Branch</td> | ||
| <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${{ env.BRANCH_NAME }}</td></tr> |
Comment on lines
+180
to
+183
| <tr><td style="padding:8px 0; font-size:13px; color:#6b7280; width:140px;">Triggered By</td> | ||
| <td style="padding:8px 0; font-size:13px; color:#111827;">${{ github.actor }}</td></tr> | ||
| <tr><td style="padding:8px 0; font-size:13px; color:#6b7280;">Branch</td> | ||
| <td style="padding:8px 0; font-size:13px; color:#111827; font-family:'Cascadia Code','Courier New',monospace;">${{ env.BRANCH_NAME }}</td></tr> |
Ritesh-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Ritesh-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Ritesh-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Ritesh-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Ritesh-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
Ritesh-Microsoft
temporarily deployed
to
production
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
This pull request introduces a new "Enable Scalability" option (intended for WAF deployments only) across all major deployment workflows, along with improvements to resource group ownership tagging and various input description clarifications. The main focus is on making scalability an opt-in feature for WAF deployments, ensuring validation and propagation of this flag throughout the workflows, and improving resource group traceability.
Key changes:
Scalability Option for WAF Deployments
Added an
enableScalabilityorENABLE_SCALABILITYinput to all deployment workflows (deploy-v2.yml,deploy-windows.yml,deploy-orchestrator.yml,job-deploy.yml,job-deploy-linux.yml,job-deploy-windows.yml), including validation logic to ensure it is only effective when WAF is enabled. The flag is propagated through job environments and parameters as appropriate. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20]For WAF deployments, the
enableScalabilityparameter is injected into the ARM parameters file (main.parameters.json) usingjq. For non-WAF deployments, the flag is ignored with a log message. [1] [2]Resource Group Ownership Tagging
Owner(the GitHub actor) at creation time, and to merge/update the tag for existing groups, improving traceability of deployments. [1] [2] [3]Input and Output Improvements
Improved input descriptions for clarity (e.g., region/AI project/resource group cleanup descriptions) and made some naming more consistent across workflows. [1] [2] [3]
Ensured that all new and updated inputs are correctly validated (including error messages and notes about when options are ignored) and passed through to jobs and steps as needed. [1] [2]
These changes collectively make deployments more robust, auditable, and flexible for users who need to enable scalability features in WAF-protected environments.
Does this introduce a breaking change?
Golden Path Validation
Deployment Validation
What to Check
Verify that the following are valid
Other Information