Merge pull request #42 from Fr4nc3/latestmainbranch

fix: Merge from Azure-Samples main to Main (Azure-Samples#1530)

Author: Pavan-Microsoft

.github/dependabot.yml

@@ -7,31 +7,42 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
+
     commit-message:
       prefix: "build"
+    target-branch: "dependabotchanges"
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
+
+
     commit-message:
       prefix: "build"
     groups:
       langchain:
         patterns:
           - "langchain*"
     open-pull-requests-limit: 50
+    target-branch: "dependabotchanges"
   - package-ecosystem: "npm"
     directory: "/code/frontend"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
+
+
     commit-message:
       prefix: "build"
     open-pull-requests-limit: 50
+    target-branch: "dependabotchanges"
   - package-ecosystem: "npm"
     directory: "/tests/integration/ui"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
+
+
     commit-message:
       prefix: "build"
     open-pull-requests-limit: 50
+    target-branch: "dependabotchanges"

.github/workflows/build-docker-images.yml

@@ -4,9 +4,15 @@ on:
   workflow_run:
     workflows: [Tests]
     types: [completed]
-    branches: [main]
+    branches:
+      - main
+      - dev
+      - demo
   pull_request:
-    branches: [main]
+    branches:
+      - main
+      - dev
+      - demo
     types:
     - opened
     - ready_for_review
@@ -28,9 +34,9 @@ jobs:
             dockerfile: docker/Frontend.Dockerfile
     uses: ./.github/workflows/build-docker.yml
     with:
-      registry: fruoccopublic.azurecr.io
-      username: fruoccopublic
+      registry: ${{ github.event.workflow_run.head_branch == 'main' && 'fruoccopublic.azurecr.io' || 'cwydcontainerreg.azurecr.io'}}
+      username: ${{ github.event.workflow_run.head_branch == 'main' && 'fruoccopublic' || 'cwydcontainerreg'}}
       app_name: ${{ matrix.app_name }}
       dockerfile: ${{ matrix.dockerfile }}
-      push: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_branch == 'main' }}
+      push: ${{ github.event.workflow_run.head_branch == 'main' || github.event.workflow_run.head_branch == 'dev' || github.event.workflow_run.head_branch == 'demo' }}
     secrets: inherit

.github/workflows/build-docker.yml

@@ -21,6 +21,8 @@ on:
     secrets:
       DOCKER_PASSWORD:
         required: false
+      DEV_DOCKER_PASSWORD:
+        required: false
 
 jobs:
   docker-build:
@@ -31,13 +33,21 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Docker Login
-      if: ${{ inputs.push }}
+      if: ${{ inputs.push == true && github.ref_name == 'main' }}
       uses: docker/login-action@v3
       with:
         registry: ${{ inputs.registry }}
         username: ${{ inputs.username }}
         password: ${{ secrets.DOCKER_PASSWORD }}
 
+    - name: Dev Docker Login
+      if: ${{ inputs.push == true && (github.ref_name == 'dev' || github.ref_name == 'demo') }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.username }}
+        password: ${{ secrets.DEV_DOCKER_PASSWORD }}
+
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
 
@@ -51,7 +61,7 @@ jobs:
         context: .
         file: ${{ inputs.dockerfile }}
         push: ${{ inputs.push }}
-        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.app_name}}:latest
+        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.app_name}}:${{ github.ref_name == 'main' && 'latest' || github.ref_name == 'dev' && 'dev' || github.ref_name == 'demo' && 'demo' || 'latest' }}
         tags: |
-          ${{ inputs.registry }}/${{ inputs.app_name}}:latest
+          ${{ inputs.registry }}/${{ inputs.app_name}}:${{ github.ref_name == 'main' && 'latest' || github.ref_name == 'dev' && 'dev' || github.ref_name == 'demo' && 'demo' || 'latest' }}
           ${{ inputs.registry }}/${{ inputs.app_name}}:${{ steps.date.outputs.date }}_${{ github.run_number }}

.github/workflows/ci.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+      - dev
+      - demo
   schedule:
     - cron: '0 6,18 * * *'  # Runs at 6:00 AM and 6:00 PM GMT
 
@@ -34,6 +36,17 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Set imageTag
+        id: set-image-tag
+        run: |
+          if [[ "${{ github.event_name }}" == "schedule" ]]; then
+            echo "imageTag=latest" >> $GITHUB_ENV
+          elif [[ "${{ github.ref_name }}" == "main" ]]; then
+            echo "imageTag=latest" >> $GITHUB_ENV
+          else
+            echo "imageTag=${{ github.ref_name }}" >> $GITHUB_ENV
+          fi
+
       - name: Pre-build image and run make in dev container
         uses: devcontainers/ci@v0.3
         env:
@@ -43,8 +56,9 @@ jobs:
         with:
           imageName: ghcr.io/azure-samples/chat-with-your-data-solution-accelerator
           cacheFrom: ghcr.io/azure-samples/chat-with-your-data-solution-accelerator
+          imageTag: ${{ env.imageTag }}
           runCmd: make ci && make deploy
-          refFilterForPush: refs/heads/main
+          refFilterForPush: refs/heads/${{ github.event_name == 'schedule' && 'main' || github.ref_name }}
           env: |
             AZURE_CLIENT_ID
             AZURE_CLIENT_SECRET
@@ -64,6 +78,7 @@ jobs:
         with:
           push: never
           imageName: ghcr.io/azure-samples/chat-with-your-data-solution-accelerator
+          imageTag: ${{ env.imageTag }}
           runCmd: make destroy
           env: |
             AZURE_CLIENT_ID
@@ -78,7 +93,6 @@ jobs:
         if: failure()
         run: |
           RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-
           # Construct the email body
           EMAIL_BODY=$(cat <<EOF
           {

.github/workflows/sync-branches.yml

@@ -0,0 +1,44 @@
+name: Sync Main to dependabotchanges
+
+on:
+  # Schedule the sync job to run daily or customize as needed
+  schedule:
+    - cron: '0 1 * * *'  # Runs every day at 1 AM UTC
+  # Trigger the sync job on pushes to the main branch
+  push:
+    branches:
+      - main
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Fetch all history for accurate branch comparison
+
+      - name: Configure Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Sync main to dependabotchanges
+        run: |
+          # Ensure we're on the main branch
+          git checkout main
+          # Fetch the latest changes
+          git pull origin main
+
+          # Switch to dependabotchanges branch
+          git checkout dependabotchanges
+          # Merge main branch changes
+          git merge main --no-edit
+
+          # Push changes back to dependabotchanges branch
+          git push origin dependabotchanges
+
+      - name: Notify on Failure
+        if: failure()
+        run: echo "Sync from main to dependabotchanges failed!"

.github/workflows/tests.yml

@@ -2,9 +2,9 @@ name: Tests
 
 on:
   push:
-    branches: [main]
+    branches: [main, dev, demo]
   pull_request:
-    branches: [main]
+    branches: [main, dev, demo]
     types:
       - opened
       - ready_for_review

code/create_app.py

@@ -42,7 +42,7 @@ def get_markdown_url(source, title, container_sas):
 
 
 def get_citations(citation_list):
-    """Returns Formated Citations"""
+    """Returns Formated Citations."""
     blob_client = AzureBlobStorageClient()
     container_sas = blob_client.get_container_sas()
     citations_dict = {"citations": []}

infra/app/function.bicep

@@ -66,6 +66,7 @@ module function '../core/host/functions.bicep' = {
     runtimeName: runtimeName
     runtimeVersion: runtimeVersion
     dockerFullImageName: dockerFullImageName
+    useKeyVault: useKeyVault
     appSettings: union(appSettings, {
       WEBSITES_ENABLE_APP_SERVICE_STORAGE: 'false'
       AZURE_AUTH_TYPE: authType

infra/app/web.bicep

@@ -206,6 +206,22 @@ module webaccess '../core/security/keyvault-access.bicep' = if (useKeyVault) {
   }
 }
 
+resource cosmosRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2024-05-15' existing = {
+  name: '${json(appSettings.AZURE_COSMOSDB_INFO).accountName}/00000000-0000-0000-0000-000000000002'
+}
+
+module cosmosUserRole '../core/database/cosmos-sql-role-assign.bicep' = {
+  name: 'cosmos-sql-user-role-${web.name}'
+  params: {
+    accountName: json(appSettings.AZURE_COSMOSDB_INFO).accountName
+    roleDefinitionId: cosmosRoleDefinition.id
+    principalId: web.outputs.identityPrincipalId
+  }
+  dependsOn: [
+    cosmosRoleDefinition
+  ]
+}
+
 output FRONTEND_API_IDENTITY_PRINCIPAL_ID string = web.outputs.identityPrincipalId
 output FRONTEND_API_NAME string = web.outputs.name
 output FRONTEND_API_URI string = web.outputs.uri

infra/core/database/cosmos-sql-role-assign.bicep

@@ -0,0 +1,19 @@
+metadata description = 'Creates a SQL role assignment under an Azure Cosmos DB account.'
+param accountName string
+
+param roleDefinitionId string
+param principalId string = ''
+
+resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
+  parent: cosmos
+  name: guid(roleDefinitionId, principalId, cosmos.id)
+  properties: {
+    principalId: principalId
+    roleDefinitionId: roleDefinitionId
+    scope: cosmos.id
+  }
+}
+
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
+  name: accountName
+}