fix: merging dev to main

.github/workflows/deploy-orchestrator.yml

@@ -72,10 +72,8 @@ env:
 
 jobs:
   docker-build:
+    if: inputs.trigger_type == 'workflow_dispatch' && inputs.build_docker_image == true
     uses: ./.github/workflows/job-docker-build.yml
-    with:
-      trigger_type: ${{ inputs.trigger_type }}
-      build_docker_image: ${{ inputs.build_docker_image }}
     secrets: inherit
 
   deploy:

.github/workflows/job-deploy-linux.yml

@@ -263,7 +263,7 @@ jobs:
           azd env set AZURE_ENV_IMAGE_TAG="$INPUT_IMAGE_TAG"
 
           if [[ "$INPUT_BUILD_DOCKER_IMAGE" == "true" ]]; then
-            ACR_NAME="${{ secrets.ACR_TEST_LOGIN_SERVER }}"
+            ACR_NAME="${{ vars.ACR_TEST_LOGIN_SERVER }}"
             azd env set AZURE_ENV_CONTAINER_REGISTRY_ENDPOINT="$ACR_NAME"
             echo "Set ACR name to: $ACR_NAME"
           else

.github/workflows/job-deploy-windows.yml

@@ -268,7 +268,7 @@ jobs:
 
           # Set ACR name only when building Docker image
           if ("$env:INPUT_BUILD_DOCKER_IMAGE" -eq "true") {
-            $ACR_NAME = "${{ secrets.ACR_TEST_LOGIN_SERVER }}"
+            $ACR_NAME = "${{ vars.ACR_TEST_LOGIN_SERVER }}"
             azd env set AZURE_ENV_CONTAINER_REGISTRY_ENDPOINT="$ACR_NAME"
             Write-Host "Set ACR name to: $ACR_NAME"
           } else {

.github/workflows/job-docker-build.yml

@@ -1,27 +1,21 @@
-name: Docker Build Job
+name: Build & Push Test Images (Feature Branch)
 on:
   workflow_call:
-    inputs:
-      trigger_type:
-        description: 'Trigger type (workflow_dispatch, pull_request, schedule)'
-        required: true
-        type: string
-      build_docker_image:
-        description: 'Build And Push Docker Image (Optional)'
-        required: false
-        default: false
-        type: boolean
     outputs:
       IMAGE_TAG:
         description: "Generated Docker Image Tag"
         value: ${{ jobs.docker-build.outputs.IMAGE_TAG }}
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
 
 env:
   BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.head_ref || github.ref_name }}
 
 jobs:
   docker-build:
-    if: inputs.trigger_type == 'workflow_dispatch' && inputs.build_docker_image == true
     runs-on: ubuntu-latest
     environment: production
     outputs:
@@ -55,7 +49,11 @@ jobs:
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Login to Azure Container Registry
-        run: az acr login --name ${{ secrets.ACR_TEST_LOGIN_SERVER }}
+        shell: bash
+        run: |
+          # Extract registry name from login server (e.g., myacr.azurecr.io -> myacr)
+          ACR_NAME=$(echo "${{ vars.ACR_TEST_LOGIN_SERVER }}" | cut -d'.' -f1)
+          az acr login --name "$ACR_NAME"
 
       - name: Build and Push Cod Mod backend Docker image
         uses: docker/build-push-action@v7
@@ -66,8 +64,8 @@ jobs:
           file: docker/Backend.Dockerfile
           push: true
           tags: |
-            ${{ secrets.ACR_TEST_LOGIN_SERVER }}/cmsabackend:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}
-            ${{ secrets.ACR_TEST_LOGIN_SERVER }}/cmsabackend:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}_${{ github.run_number }}
+            ${{ vars.ACR_TEST_LOGIN_SERVER }}/cmsabackend:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}
+            ${{ vars.ACR_TEST_LOGIN_SERVER }}/cmsabackend:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}_${{ github.run_number }}
 
       - name: Build and Push Cod Mod frontend Docker image
         uses: docker/build-push-action@v7
@@ -78,8 +76,8 @@ jobs:
           file: docker/Frontend.Dockerfile
           push: true
           tags: |
-            ${{ secrets.ACR_TEST_LOGIN_SERVER }}/cmsafrontend:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}
-            ${{ secrets.ACR_TEST_LOGIN_SERVER }}/cmsafrontend:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}_${{ github.run_number }}
+            ${{ vars.ACR_TEST_LOGIN_SERVER }}/cmsafrontend:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}
+            ${{ vars.ACR_TEST_LOGIN_SERVER }}/cmsafrontend:${{ steps.generate_docker_tag.outputs.IMAGE_TAG }}_${{ github.run_number }}
 
       - name: Verify Docker Image Build
         shell: bash
@@ -91,7 +89,7 @@ jobs:
         if: always()
         shell: bash
         run: |
-          ACR_NAME=$(echo "${{ secrets.ACR_TEST_LOGIN_SERVER }}")
+          ACR_NAME=$(echo "${{ vars.ACR_TEST_LOGIN_SERVER }}")
           echo "## 🐳 Docker Build Job Summary" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY

docs/CustomizingAzdParameters.md

@@ -13,9 +13,9 @@ By default this template will use the environment name as the prefix to prevent
 | `AZURE_ENV_AI_SERVICE_LOCATION`        | string  | `<User selects during deployment>`     | Location of the Azure resources. Controls where the Azure AI Services will be deployed. |
 | `AZURE_ENV_MODEL_DEPLOYMENT_TYPE`      | string  | `GlobalStandard` | Change the Model Deployment Type (allowed values: Standard, GlobalStandard).                         |
 | `AZURE_ENV_GPT_MODEL_NAME`             | string  | `gpt-4o`         | Set the Model Name (allowed values: gpt-4o).                                                         |
-| `AZURE_ENV_GPT_MODEL_VERSION`          | string  | `2024-08-06`     | Set the Azure model version (allowed values: 2024-08-06)    |
+| `AZURE_ENV_GPT_MODEL_VERSION`          | string  | `2024-11-20`     | Set the Azure model version (allowed values: 2024-11-20)    |
 | `AZURE_ENV_GPT_MODEL_CAPACITY`         | integer | `150`            | Set the Model Capacity (choose a number based on available GPT model capacity in your subscription). |
-| `AZURE_ENV_EXISTING_LOG_ANALYTICS_WORKSPACE_RID`| string  | Guide to get your [Existing Workspace ID](/docs/re-use-log-analytics.md)     | Set this if you want to reuse an existing Log Analytics Workspace instead of creating a new one.     |
+| `AZURE_ENV_EXISTING_LOG_ANALYTICS_WORKSPACE_RID`| string  | Guide to get your [Existing Workspace ID](re-use-log-analytics.md)     | Set this if you want to reuse an existing Log Analytics Workspace instead of creating a new one.     |
 | `AZURE_ENV_IMAGE_TAG`                  | string  | `latest`         | Set the Image tag Like (allowed values: latest, dev, hotfix)    |
 | `AZURE_ENV_VM_SIZE`                    | string  | `Standard_D2s_v5`         | Specifies the size of the Jumpbox Virtual Machine (e.g., `Standard_D2s_v5`, `Standard_D2s_v4`). Set a custom value if `enablePrivateNetworking` is `true`.    |
 | `AZURE_ENV_JUMPBOX_ADMIN_USERNAME`     | string  | `JumpboxAdminUser`          | Specifies the administrator username for the Jumpbox Virtual Machine.      |

infra/main.bicep

@@ -109,8 +109,8 @@ param imageTag string = 'latest_2025-11-10_599'
 param containerRegistryEndpoint string = 'cmsacontainerreg.azurecr.io'
 
 @minLength(1)
-@description('Optional. Version of the GPT model to deploy. Defaults to 2024-08-06.')
-param gptModelVersion string = '2024-08-06'
+@description('Optional. Version of the GPT model to deploy. Defaults to 2024-11-20.')
+param gptModelVersion string = '2024-11-20'
 
 @description('Optional. Use this parameter to use an existing AI project resource ID. Defaults to empty string.')
 param existingFoundryProjectResourceId string = ''
@@ -778,7 +778,7 @@ module aiServices 'modules/ai-foundry/aifoundry.bicep' = {
       {
         principalId: appIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
-        roleDefinitionIdOrName: 'Cognitive Services OpenAI Contributor'
+        roleDefinitionIdOrName: '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd' // Cognitive Services OpenAI User
       }
       {
         principalId: appIdentity.outputs.principalId
@@ -867,7 +867,7 @@ module storageAccount 'modules/storageAccount.bicep' = {
       {
         principalId: appIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
-        roleDefinitionIdOrName: 'Storage Blob Data Contributor'
+        roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' // Storage Blob Data Contributor
       }
     ]
     enableTelemetry: enableTelemetry

infra/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.42.1.51946",
-      "templateHash": "18156607440911418905"
+      "version": "0.44.1.10279",
+      "templateHash": "3504230210727330834"
     },
     "name": "Modernize Your Code Solution Accelerator",
     "description": "CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. \r\n"
@@ -174,10 +174,10 @@
     },
     "gptModelVersion": {
       "type": "string",
-      "defaultValue": "2024-08-06",
+      "defaultValue": "2024-11-20",
       "minLength": 1,
       "metadata": {
-        "description": "Optional. Version of the GPT model to deploy. Defaults to 2024-08-06."
+        "description": "Optional. Version of the GPT model to deploy. Defaults to 2024-11-20."
       }
     },
     "existingFoundryProjectResourceId": {
@@ -5093,8 +5093,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "15922750226218572834"
+              "version": "0.44.1.10279",
+              "templateHash": "12666388833640590711"
             }
           },
           "definitions": {
@@ -13102,10 +13102,10 @@
       "dependsOn": [
         "applicationInsights",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').oms)]",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').ods)]",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').agentSvc)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').monitor)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').agentSvc)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').ods)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]",
         "dataCollectionEndpoint",
         "logAnalyticsWorkspace",
         "virtualNetwork"
@@ -26161,7 +26161,7 @@
               {
                 "principalId": "[reference('appIdentity').outputs.principalId.value]",
                 "principalType": "ServicePrincipal",
-                "roleDefinitionIdOrName": "Cognitive Services OpenAI Contributor"
+                "roleDefinitionIdOrName": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd"
               },
               {
                 "principalId": "[reference('appIdentity').outputs.principalId.value]",
@@ -26189,8 +26189,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "7788164101952925462"
+              "version": "0.44.1.10279",
+              "templateHash": "7796390788683636674"
             },
             "name": "AI Services and Project Module",
             "description": "This module creates an AI Services resource and an AI Foundry project within it. It supports private networking, OpenAI deployments, and role assignments."
@@ -27487,8 +27487,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.42.1.51946",
-                      "templateHash": "3451497265231138743"
+                      "version": "0.44.1.10279",
+                      "templateHash": "15798298565583456780"
                     }
                   },
                   "definitions": {
@@ -29197,8 +29197,8 @@
                           "metadata": {
                             "_generator": {
                               "name": "bicep",
-                              "version": "0.42.1.51946",
-                              "templateHash": "6439859910553532577"
+                              "version": "0.44.1.10279",
+                              "templateHash": "13008301984486295222"
                             }
                           },
                           "definitions": {
@@ -29412,8 +29412,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.42.1.51946",
-                      "templateHash": "3451497265231138743"
+                      "version": "0.44.1.10279",
+                      "templateHash": "15798298565583456780"
                     }
                   },
                   "definitions": {
@@ -31122,8 +31122,8 @@
                           "metadata": {
                             "_generator": {
                               "name": "bicep",
-                              "version": "0.42.1.51946",
-                              "templateHash": "6439859910553532577"
+                              "version": "0.44.1.10279",
+                              "templateHash": "13008301984486295222"
                             }
                           },
                           "definitions": {
@@ -32081,7 +32081,7 @@
               {
                 "principalId": "[reference('appIdentity').outputs.principalId.value]",
                 "principalType": "ServicePrincipal",
-                "roleDefinitionIdOrName": "Storage Blob Data Contributor"
+                "roleDefinitionIdOrName": "ba92f5b4-2d11-453d-a403-e96b0029c9fe"
               }
             ]
           },
@@ -32096,8 +32096,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "15460841004653840446"
+              "version": "0.44.1.10279",
+              "templateHash": "17237339939537137976"
             }
           },
           "definitions": {
@@ -40550,8 +40550,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "9745767047675020484"
+              "version": "0.44.1.10279",
+              "templateHash": "8524856574515803596"
             }
           },
           "definitions": {

infra/main_custom.bicep

@@ -111,8 +111,8 @@ param frontendImageName string = ''
 param imageTag string = 'latest'
 
 @minLength(1)
-@description('Optional. Version of the GPT model to deploy. Defaults to 2024-08-06.')
-param gptModelVersion string = '2024-08-06'
+@description('Optional. Version of the GPT model to deploy. Defaults to 2024-11-20.')
+param gptModelVersion string = '2024-11-20'
 
 @description('Optional. Use this parameter to use an existing AI project resource ID. Defaults to empty string.')
 param existingFoundryProjectResourceId string = ''
@@ -687,7 +687,7 @@ module aiServices 'modules/ai-foundry/aifoundry.bicep' = {
       {
         principalId: appIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
-        roleDefinitionIdOrName: 'Cognitive Services OpenAI Contributor'
+        roleDefinitionIdOrName: '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd' // Cognitive Services OpenAI User
       }
       {
         principalId: appIdentity.outputs.principalId
@@ -776,7 +776,7 @@ module storageAccount 'modules/storageAccount.bicep' = {
       {
         principalId: appIdentity.outputs.principalId
         principalType: 'ServicePrincipal'
-        roleDefinitionIdOrName: 'Storage Blob Data Contributor'
+        roleDefinitionIdOrName: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' // Storage Blob Data Contributor
       }
     ]
     enableTelemetry: enableTelemetry