From 924c880bd398553b1f81ff827f26f5bd064fb606 Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Tue, 16 Dec 2025 17:26:26 +0530 Subject: [PATCH 1/6] Enhance CI workflows: update paths for Docker build, deploy, PyLint, and test workflows; upgrade action versions --- .github/workflows/build-docker-images.yml | 12 ++++ .github/workflows/deploy.yml | 72 ++++++++++++++++------- .github/workflows/pylint.yml | 16 ++++- .github/workflows/test.yml | 21 +++++-- 4 files changed, 91 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml index 7519d620..47aeeb5f 100644 --- a/.github/workflows/build-docker-images.yml +++ b/.github/workflows/build-docker-images.yml @@ -7,6 +7,12 @@ on: - dev - demo - hotfix + paths: + - 'src/backend/**' + - 'src/frontend/**' + - 'docker/**' + - '.github/workflows/build-docker-images.yml' + - '.github/workflows/build-docker.yml' pull_request: branches: - main @@ -18,6 +24,12 @@ on: - ready_for_review - reopened - synchronize + paths: + - 'src/backend/**' + - 'src/frontend/**' + - 'docker/**' + - '.github/workflows/build-docker-images.yml' + - '.github/workflows/build-docker.yml' merge_group: workflow_dispatch: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index be98168f..f61a2490 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,17 +1,19 @@ name: Deploy-Test-Cleanup Pipeline on: - workflow_run: - workflows: ["Build Docker and Optional Push"] - types: - - completed - branches: - - main - - dev - - demo - schedule: - - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT - workflow_dispatch: + push: + branches: + - main + - dev + - demo + paths: + - 'infra/**' + - 'scripts/**' + - 'azure.yaml' + - '.github/workflows/deploy.yml' + schedule: + - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT + workflow_dispatch: env: GPT_MIN_CAPACITY: 150 @@ -25,7 +27,7 @@ jobs: WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }} steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@v5 - name: Setup Azure CLI run: | @@ -43,7 +45,6 @@ jobs: export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }} export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" - export GPT_MIN_CAPACITY="${{ env.GPT_MIN_CAPACITY }}" export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}" chmod +x scripts/checkquota.sh if ! scripts/checkquota.sh; then @@ -72,6 +73,11 @@ jobs: - name: Fail Pipeline if Quota Check Fails if: env.QUOTA_FAILED == 'true' run: exit 1 + + - name: Set Deployment Region + run: | + echo "Selected Region: $VALID_REGION" + echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV - name: Install Bicep CLI run: az bicep install @@ -94,7 +100,7 @@ jobs: rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) if [ "$rg_exists" = "false" ]; then echo "Resource group does not exist. Creating..." - az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location northcentralus || { echo "Error creating resource group"; exit 1; } + az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location australiaeast || { echo "Error creating resource group"; exit 1; } else echo "Resource group already exists." fi @@ -126,17 +132,20 @@ jobs: IMAGE_TAG="latest" fi + # Generate current timestamp in desired format: YYYY-MM-DDTHH:MM:SS.SSSSSSSZ + current_date=$(date -u +"%Y-%m-%dT%H:%M:%S.%7NZ") + az deployment group create \ --name ${{ env.SOLUTION_PREFIX }}-deployment \ --resource-group ${{ env.RESOURCE_GROUP_NAME }} \ --template-file infra/main.bicep \ --parameters \ solutionName="${{ env.SOLUTION_PREFIX }}" \ - aiDeploymentsLocation="eastus" \ - useWafAlignedArchitecture=false \ - capacity=${{ env.GPT_MIN_CAPACITY }} \ + azureAiServiceLocation='${{ env.AZURE_LOCATION }}' \ imageVersion="${IMAGE_TAG}" \ - createdBy="Pipeline" + createdBy="Pipeline" \ + tags="{'SecurityControl':'Ignore','Purpose':'Deploying and Cleaning Up Resources for Validation','CreatedDate':'$current_date'}" + - name: Assign Contributor role to Service Principal if: always() run: | @@ -185,7 +194,26 @@ jobs: - name: Login to Azure run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} + az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} + az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}" + + - name: Assign Contributor role to Service Principal + if: always() + run: | + echo "Assigning Contributor role to SPN for RG: ${{ env.RESOURCE_GROUP_NAME }}" + az role assignment create \ + --assignee ${{ secrets.AZURE_CLIENT_ID }} \ + --role "Contributor" \ + --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} + + echo "Assigning Log Analytics Contributor role for Log Analytics workspace access at RG level..." + az role assignment create \ + --assignee ${{ secrets.AZURE_CLIENT_ID }} \ + --role "Log Analytics Reader" \ + --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} || echo "Log Analytics Contributor role assignment failed (may already exist)" + + echo "Waiting for role assignment propagation..." + sleep 30 - name: Get Log Analytics Workspace and OpenAI from Resource Group if: always() @@ -356,7 +384,7 @@ jobs: # Purge OpenAI Resource echo "Purging the OpenAI Resource..." - if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/northcentralus/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then + if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/australiaeast/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then echo "Failed to purge openai resource: ${{ env.OPENAI_RESOURCE_NAME }}" else echo "Purged the openai resource: ${{ env.OPENAI_RESOURCE_NAME }}" @@ -399,7 +427,7 @@ jobs: EMAIL_BODY=$(cat <Dear Team,

We would like to inform you that the DocGen Deployment Automation process has encountered an issue and has failed to complete successfully.

Build URL: ${RUN_URL}

Please investigate the matter at your earliest convenience.

Best regards,
Your Automation Team

" + "body": "

Dear Team,

We would like to inform you that the CodeMod Deployment Automation process has encountered an issue and has failed to complete successfully.

Build URL: ${RUN_URL}

Please investigate the matter at your earliest convenience.

Best regards,
Your Automation Team

" } EOF ) @@ -412,4 +440,4 @@ jobs: if: always() run: | az logout - echo "Logged out from Azure." + echo "Logged out from Azure." \ No newline at end of file diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index d784267d..c486ba8f 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -1,6 +1,16 @@ name: PyLint -on: [push] +on: + push: + paths: + - '**/*.py' + - '**/.flake8' + - '.github/workflows/pylint.yml' + pull_request: + paths: + - '**/*.py' + - '**/.flake8' + - '.github/workflows/pylint.yml' jobs: lint: @@ -12,11 +22,11 @@ jobs: steps: # Step 1: Checkout code - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Step 2: Set up Python environment - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 34a2f24d..f0c62813 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,12 @@ on: - main - dev - demo + paths: + - 'src/backend/**/*.py' + - 'src/tests/backend/**' + - '.github/workflows/test.yml' + - 'src/backend/requirements.txt' + - 'src/backend/pyproject.toml' pull_request: types: - opened @@ -16,6 +22,12 @@ on: - main - dev - demo + paths: + - 'src/backend/**/*.py' + - 'src/tests/backend/**' + - '.github/workflows/test.yml' + - 'src/backend/requirements.txt' + - 'src/backend/pyproject.toml' jobs: # frontend_tests: @@ -23,7 +35,7 @@ jobs: # steps: # - name: Checkout code -# uses: actions/checkout@v3 +# uses: actions/checkout@v5 # - name: Set up Node.js # uses: actions/setup-node@v3 @@ -64,10 +76,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v5 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: '3.11' @@ -75,7 +87,6 @@ jobs: run: | python -m pip install --upgrade pip pip install -r src/backend/requirements.txt - pip install -r src/frontend/requirements.txt pip install pytest-cov pip install pytest-asyncio - name: Set PYTHONPATH @@ -103,4 +114,4 @@ jobs: - name: Skip Backend Tests if: env.skip_backend_tests == 'true' run: | - echo "Skipping backend tests because no test files were found." + echo "Skipping backend tests because no test files were found." \ No newline at end of file From 1c3f5a70f7ddee1a7d898e962aea33cde6f86944 Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Tue, 16 Dec 2025 17:43:03 +0530 Subject: [PATCH 2/6] Revert "Enhance CI workflows: update paths for Docker build, deploy, PyLint, and test workflows; upgrade action versions" This reverts commit 924c880bd398553b1f81ff827f26f5bd064fb606. --- .github/workflows/build-docker-images.yml | 12 ---- .github/workflows/deploy.yml | 72 +++++++---------------- .github/workflows/pylint.yml | 16 +---- .github/workflows/test.yml | 21 ++----- 4 files changed, 30 insertions(+), 91 deletions(-) diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml index 47aeeb5f..7519d620 100644 --- a/.github/workflows/build-docker-images.yml +++ b/.github/workflows/build-docker-images.yml @@ -7,12 +7,6 @@ on: - dev - demo - hotfix - paths: - - 'src/backend/**' - - 'src/frontend/**' - - 'docker/**' - - '.github/workflows/build-docker-images.yml' - - '.github/workflows/build-docker.yml' pull_request: branches: - main @@ -24,12 +18,6 @@ on: - ready_for_review - reopened - synchronize - paths: - - 'src/backend/**' - - 'src/frontend/**' - - 'docker/**' - - '.github/workflows/build-docker-images.yml' - - '.github/workflows/build-docker.yml' merge_group: workflow_dispatch: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f61a2490..be98168f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,19 +1,17 @@ name: Deploy-Test-Cleanup Pipeline on: - push: - branches: - - main - - dev - - demo - paths: - - 'infra/**' - - 'scripts/**' - - 'azure.yaml' - - '.github/workflows/deploy.yml' - schedule: - - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT - workflow_dispatch: + workflow_run: + workflows: ["Build Docker and Optional Push"] + types: + - completed + branches: + - main + - dev + - demo + schedule: + - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT + workflow_dispatch: env: GPT_MIN_CAPACITY: 150 @@ -27,7 +25,7 @@ jobs: WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }} steps: - name: Checkout Code - uses: actions/checkout@v5 + uses: actions/checkout@v3 - name: Setup Azure CLI run: | @@ -45,6 +43,7 @@ jobs: export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }} export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" + export GPT_MIN_CAPACITY="${{ env.GPT_MIN_CAPACITY }}" export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}" chmod +x scripts/checkquota.sh if ! scripts/checkquota.sh; then @@ -73,11 +72,6 @@ jobs: - name: Fail Pipeline if Quota Check Fails if: env.QUOTA_FAILED == 'true' run: exit 1 - - - name: Set Deployment Region - run: | - echo "Selected Region: $VALID_REGION" - echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV - name: Install Bicep CLI run: az bicep install @@ -100,7 +94,7 @@ jobs: rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) if [ "$rg_exists" = "false" ]; then echo "Resource group does not exist. Creating..." - az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location australiaeast || { echo "Error creating resource group"; exit 1; } + az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location northcentralus || { echo "Error creating resource group"; exit 1; } else echo "Resource group already exists." fi @@ -132,20 +126,17 @@ jobs: IMAGE_TAG="latest" fi - # Generate current timestamp in desired format: YYYY-MM-DDTHH:MM:SS.SSSSSSSZ - current_date=$(date -u +"%Y-%m-%dT%H:%M:%S.%7NZ") - az deployment group create \ --name ${{ env.SOLUTION_PREFIX }}-deployment \ --resource-group ${{ env.RESOURCE_GROUP_NAME }} \ --template-file infra/main.bicep \ --parameters \ solutionName="${{ env.SOLUTION_PREFIX }}" \ - azureAiServiceLocation='${{ env.AZURE_LOCATION }}' \ + aiDeploymentsLocation="eastus" \ + useWafAlignedArchitecture=false \ + capacity=${{ env.GPT_MIN_CAPACITY }} \ imageVersion="${IMAGE_TAG}" \ - createdBy="Pipeline" \ - tags="{'SecurityControl':'Ignore','Purpose':'Deploying and Cleaning Up Resources for Validation','CreatedDate':'$current_date'}" - + createdBy="Pipeline" - name: Assign Contributor role to Service Principal if: always() run: | @@ -194,26 +185,7 @@ jobs: - name: Login to Azure run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} - az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}" - - - name: Assign Contributor role to Service Principal - if: always() - run: | - echo "Assigning Contributor role to SPN for RG: ${{ env.RESOURCE_GROUP_NAME }}" - az role assignment create \ - --assignee ${{ secrets.AZURE_CLIENT_ID }} \ - --role "Contributor" \ - --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} - - echo "Assigning Log Analytics Contributor role for Log Analytics workspace access at RG level..." - az role assignment create \ - --assignee ${{ secrets.AZURE_CLIENT_ID }} \ - --role "Log Analytics Reader" \ - --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} || echo "Log Analytics Contributor role assignment failed (may already exist)" - - echo "Waiting for role assignment propagation..." - sleep 30 + az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} - name: Get Log Analytics Workspace and OpenAI from Resource Group if: always() @@ -384,7 +356,7 @@ jobs: # Purge OpenAI Resource echo "Purging the OpenAI Resource..." - if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/australiaeast/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then + if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/northcentralus/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then echo "Failed to purge openai resource: ${{ env.OPENAI_RESOURCE_NAME }}" else echo "Purged the openai resource: ${{ env.OPENAI_RESOURCE_NAME }}" @@ -427,7 +399,7 @@ jobs: EMAIL_BODY=$(cat <Dear Team,

We would like to inform you that the CodeMod Deployment Automation process has encountered an issue and has failed to complete successfully.

Build URL: ${RUN_URL}

Please investigate the matter at your earliest convenience.

Best regards,
Your Automation Team

" + "body": "

Dear Team,

We would like to inform you that the DocGen Deployment Automation process has encountered an issue and has failed to complete successfully.

Build URL: ${RUN_URL}

Please investigate the matter at your earliest convenience.

Best regards,
Your Automation Team

" } EOF ) @@ -440,4 +412,4 @@ jobs: if: always() run: | az logout - echo "Logged out from Azure." \ No newline at end of file + echo "Logged out from Azure." diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index c486ba8f..d784267d 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -1,16 +1,6 @@ name: PyLint -on: - push: - paths: - - '**/*.py' - - '**/.flake8' - - '.github/workflows/pylint.yml' - pull_request: - paths: - - '**/*.py' - - '**/.flake8' - - '.github/workflows/pylint.yml' +on: [push] jobs: lint: @@ -22,11 +12,11 @@ jobs: steps: # Step 1: Checkout code - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v4 # Step 2: Set up Python environment - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@v3 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f0c62813..34a2f24d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,12 +6,6 @@ on: - main - dev - demo - paths: - - 'src/backend/**/*.py' - - 'src/tests/backend/**' - - '.github/workflows/test.yml' - - 'src/backend/requirements.txt' - - 'src/backend/pyproject.toml' pull_request: types: - opened @@ -22,12 +16,6 @@ on: - main - dev - demo - paths: - - 'src/backend/**/*.py' - - 'src/tests/backend/**' - - '.github/workflows/test.yml' - - 'src/backend/requirements.txt' - - 'src/backend/pyproject.toml' jobs: # frontend_tests: @@ -35,7 +23,7 @@ jobs: # steps: # - name: Checkout code -# uses: actions/checkout@v5 +# uses: actions/checkout@v3 # - name: Set up Node.js # uses: actions/setup-node@v3 @@ -76,10 +64,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v3 - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v4 with: python-version: '3.11' @@ -87,6 +75,7 @@ jobs: run: | python -m pip install --upgrade pip pip install -r src/backend/requirements.txt + pip install -r src/frontend/requirements.txt pip install pytest-cov pip install pytest-asyncio - name: Set PYTHONPATH @@ -114,4 +103,4 @@ jobs: - name: Skip Backend Tests if: env.skip_backend_tests == 'true' run: | - echo "Skipping backend tests because no test files were found." \ No newline at end of file + echo "Skipping backend tests because no test files were found." From 37b9fcea8f8c208cc8d277a0079e67dca3d90489 Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Tue, 16 Dec 2025 17:48:36 +0530 Subject: [PATCH 3/6] Update CI workflows: enhance path triggers for Docker build, deploy, PyLint, and test workflows --- .github/workflows/build-docker-images.yml | 12 ++++++++++++ .github/workflows/deploy.yml | 24 ++++++++++++----------- .github/workflows/pylint.yml | 16 ++++++++++++++- .github/workflows/test.yml | 12 ++++++++++++ 4 files changed, 52 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml index 7519d620..47aeeb5f 100644 --- a/.github/workflows/build-docker-images.yml +++ b/.github/workflows/build-docker-images.yml @@ -7,6 +7,12 @@ on: - dev - demo - hotfix + paths: + - 'src/backend/**' + - 'src/frontend/**' + - 'docker/**' + - '.github/workflows/build-docker-images.yml' + - '.github/workflows/build-docker.yml' pull_request: branches: - main @@ -18,6 +24,12 @@ on: - ready_for_review - reopened - synchronize + paths: + - 'src/backend/**' + - 'src/frontend/**' + - 'docker/**' + - '.github/workflows/build-docker-images.yml' + - '.github/workflows/build-docker.yml' merge_group: workflow_dispatch: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index be98168f..b2b8c01b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,17 +1,19 @@ name: Deploy-Test-Cleanup Pipeline on: - workflow_run: - workflows: ["Build Docker and Optional Push"] - types: - - completed - branches: - - main - - dev - - demo - schedule: - - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT - workflow_dispatch: + push: + branches: + - main + - dev + - demo + paths: + - 'infra/**' + - 'scripts/**' + - 'azure.yaml' + - '.github/workflows/deploy.yml' + schedule: + - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT + workflow_dispatch: env: GPT_MIN_CAPACITY: 150 diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index d784267d..e124825f 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -1,6 +1,20 @@ name: PyLint -on: [push] +on: + push: + paths: + - '**/*.py' + - '**/requirements.txt' + - '**/pyproject.toml' + - '**/.flake8' + - '.github/workflows/pylint.yml' + pull_request: + paths: + - '**/*.py' + - '**/requirements.txt' + - '**/pyproject.toml' + - '**/.flake8' + - '.github/workflows/pylint.yml' jobs: lint: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 34a2f24d..5fcd203e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,12 @@ on: - main - dev - demo + paths: + - 'src/backend/**/*.py' + - 'src/tests/backend/**' + - '.github/workflows/test.yml' + - 'src/backend/requirements.txt' + - 'src/backend/pyproject.toml' pull_request: types: - opened @@ -16,6 +22,12 @@ on: - main - dev - demo + paths: + - 'src/backend/**/*.py' + - 'src/tests/backend/**' + - '.github/workflows/test.yml' + - 'src/backend/requirements.txt' + - 'src/backend/pyproject.toml' jobs: # frontend_tests: From cc7f864add9f74705baaa698d78e35eafd38d2f5 Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Wed, 17 Dec 2025 11:10:10 +0530 Subject: [PATCH 4/6] Fix path pattern for .flake8 in PyLint workflow triggers --- .github/workflows/pylint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index e124825f..f783199b 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -6,14 +6,14 @@ on: - '**/*.py' - '**/requirements.txt' - '**/pyproject.toml' - - '**/.flake8' + - '.flake8' - '.github/workflows/pylint.yml' pull_request: paths: - '**/*.py' - '**/requirements.txt' - '**/pyproject.toml' - - '**/.flake8' + - '.flake8' - '.github/workflows/pylint.yml' jobs: From 1efc3fde28a14a7ecad303ee27957cec314deaef Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Wed, 17 Dec 2025 11:20:10 +0530 Subject: [PATCH 5/6] Add 'src/frontend/requirements.txt' to workflow path triggers for push and pull_request events --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5fcd203e..233c0a49 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,6 +11,7 @@ on: - 'src/tests/backend/**' - '.github/workflows/test.yml' - 'src/backend/requirements.txt' + - 'src/frontend/requirements.txt' - 'src/backend/pyproject.toml' pull_request: types: @@ -27,6 +28,7 @@ on: - 'src/tests/backend/**' - '.github/workflows/test.yml' - 'src/backend/requirements.txt' + - 'src/frontend/requirements.txt' - 'src/backend/pyproject.toml' jobs: From 21c2c35c6ff7bf5327be79872f45d86711730cce Mon Sep 17 00:00:00 2001 From: Harmanpreet Kaur Date: Thu, 18 Dec 2025 12:01:10 +0530 Subject: [PATCH 6/6] Enhance CI workflows: add path triggers for 'infra/**', 'scripts/**', and 'azure.yaml'; update deploy workflow to trigger on completion of Docker build; remove pull request paths from PyLint workflow --- .github/workflows/build-docker-images.yml | 8 +++ .github/workflows/deploy.yml | 72 +++++++++++++++-------- .github/workflows/pylint.yml | 7 --- 3 files changed, 56 insertions(+), 31 deletions(-) diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml index 47aeeb5f..ad4d720b 100644 --- a/.github/workflows/build-docker-images.yml +++ b/.github/workflows/build-docker-images.yml @@ -13,6 +13,10 @@ on: - 'docker/**' - '.github/workflows/build-docker-images.yml' - '.github/workflows/build-docker.yml' + - 'infra/**' + - 'scripts/**' + - 'azure.yaml' + - '.github/workflows/deploy.yml' pull_request: branches: - main @@ -30,6 +34,10 @@ on: - 'docker/**' - '.github/workflows/build-docker-images.yml' - '.github/workflows/build-docker.yml' + - 'infra/**' + - 'scripts/**' + - 'azure.yaml' + - '.github/workflows/deploy.yml' merge_group: workflow_dispatch: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b2b8c01b..0a131fa0 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,19 +1,17 @@ name: Deploy-Test-Cleanup Pipeline on: - push: - branches: - - main - - dev - - demo - paths: - - 'infra/**' - - 'scripts/**' - - 'azure.yaml' - - '.github/workflows/deploy.yml' - schedule: - - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT - workflow_dispatch: + workflow_run: + workflows: ["Build Docker and Optional Push"] + types: + - completed + branches: + - main + - dev + - demo + schedule: + - cron: '0 5,17 * * *' # Runs at 5:00 AM and 5:00 PM GMT + workflow_dispatch: env: GPT_MIN_CAPACITY: 150 @@ -27,7 +25,7 @@ jobs: WEBAPP_URL: ${{ steps.get_output.outputs.WEBAPP_URL }} steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@v5 - name: Setup Azure CLI run: | @@ -45,7 +43,6 @@ jobs: export AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} export AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }} export AZURE_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" - export GPT_MIN_CAPACITY="${{ env.GPT_MIN_CAPACITY }}" export AZURE_REGIONS="${{ vars.AZURE_REGIONS }}" chmod +x scripts/checkquota.sh if ! scripts/checkquota.sh; then @@ -74,6 +71,11 @@ jobs: - name: Fail Pipeline if Quota Check Fails if: env.QUOTA_FAILED == 'true' run: exit 1 + + - name: Set Deployment Region + run: | + echo "Selected Region: $VALID_REGION" + echo "AZURE_LOCATION=$VALID_REGION" >> $GITHUB_ENV - name: Install Bicep CLI run: az bicep install @@ -96,7 +98,7 @@ jobs: rg_exists=$(az group exists --name ${{ env.RESOURCE_GROUP_NAME }}) if [ "$rg_exists" = "false" ]; then echo "Resource group does not exist. Creating..." - az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location northcentralus || { echo "Error creating resource group"; exit 1; } + az group create --name ${{ env.RESOURCE_GROUP_NAME }} --location australiaeast || { echo "Error creating resource group"; exit 1; } else echo "Resource group already exists." fi @@ -128,17 +130,20 @@ jobs: IMAGE_TAG="latest" fi + # Generate current timestamp in desired format: YYYY-MM-DDTHH:MM:SS.SSSSSSSZ + current_date=$(date -u +"%Y-%m-%dT%H:%M:%S.%7NZ") + az deployment group create \ --name ${{ env.SOLUTION_PREFIX }}-deployment \ --resource-group ${{ env.RESOURCE_GROUP_NAME }} \ --template-file infra/main.bicep \ --parameters \ solutionName="${{ env.SOLUTION_PREFIX }}" \ - aiDeploymentsLocation="eastus" \ - useWafAlignedArchitecture=false \ - capacity=${{ env.GPT_MIN_CAPACITY }} \ + azureAiServiceLocation='${{ env.AZURE_LOCATION }}' \ imageVersion="${IMAGE_TAG}" \ - createdBy="Pipeline" + createdBy="Pipeline" \ + tags="{'SecurityControl':'Ignore','Purpose':'Deploying and Cleaning Up Resources for Validation','CreatedDate':'$current_date'}" + - name: Assign Contributor role to Service Principal if: always() run: | @@ -187,7 +192,26 @@ jobs: - name: Login to Azure run: | - az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} + az login --service-principal -u ${{ secrets.AZURE_CLIENT_ID }} -p ${{ secrets.AZURE_CLIENT_SECRET }} --tenant ${{ secrets.AZURE_TENANT_ID }} + az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}" + + - name: Assign Contributor role to Service Principal + if: always() + run: | + echo "Assigning Contributor role to SPN for RG: ${{ env.RESOURCE_GROUP_NAME }}" + az role assignment create \ + --assignee ${{ secrets.AZURE_CLIENT_ID }} \ + --role "Contributor" \ + --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} + + echo "Assigning Log Analytics Contributor role for Log Analytics workspace access at RG level..." + az role assignment create \ + --assignee ${{ secrets.AZURE_CLIENT_ID }} \ + --role "Log Analytics Reader" \ + --scope /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.RESOURCE_GROUP_NAME }} || echo "Log Analytics Contributor role assignment failed (may already exist)" + + echo "Waiting for role assignment propagation..." + sleep 30 - name: Get Log Analytics Workspace and OpenAI from Resource Group if: always() @@ -358,7 +382,7 @@ jobs: # Purge OpenAI Resource echo "Purging the OpenAI Resource..." - if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/northcentralus/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then + if ! az resource delete --ids /subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/providers/Microsoft.CognitiveServices/locations/australiaeast/resourceGroups/${{ env.RESOURCE_GROUP_NAME }}/deletedAccounts/${{ env.OPENAI_RESOURCE_NAME }} --verbose; then echo "Failed to purge openai resource: ${{ env.OPENAI_RESOURCE_NAME }}" else echo "Purged the openai resource: ${{ env.OPENAI_RESOURCE_NAME }}" @@ -401,7 +425,7 @@ jobs: EMAIL_BODY=$(cat <Dear Team,

We would like to inform you that the DocGen Deployment Automation process has encountered an issue and has failed to complete successfully.

Build URL: ${RUN_URL}

Please investigate the matter at your earliest convenience.

Best regards,
Your Automation Team

" + "body": "

Dear Team,

We would like to inform you that the CodeMod Deployment Automation process has encountered an issue and has failed to complete successfully.

Build URL: ${RUN_URL}

Please investigate the matter at your earliest convenience.

Best regards,
Your Automation Team

" } EOF ) @@ -414,4 +438,4 @@ jobs: if: always() run: | az logout - echo "Logged out from Azure." + echo "Logged out from Azure." \ No newline at end of file diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index f783199b..46a06b07 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -8,13 +8,6 @@ on: - '**/pyproject.toml' - '.flake8' - '.github/workflows/pylint.yml' - pull_request: - paths: - - '**/*.py' - - '**/requirements.txt' - - '**/pyproject.toml' - - '.flake8' - - '.github/workflows/pylint.yml' jobs: lint: