chore: update dependencies and improve workflow configurations (#299)

* chore: update dependencies and improve workflow configurations

- Bump azd version to 1.20.0 in devcontainer.json
- Update checkout and setup actions in azure-dev.yml
- Add Node.js setup step in terraform-validate.yml
- Adjust target framework indentation in Directory.Build.props and CopilotTests.csproj

* chore(deps): upgrade actions/setup-node to v6.0.0 in workflows

* chore: simplify checkout step in Azure workflow

* chore: rename "Azd down" step to "Destroy Infrastructure" for clarity

* chore: add concurrency configuration to prevent simultaneous deployments

* chore: enhance AZURE_ENV_NAME logic for pull requests

* Update .github/workflows/azure-dev.yml

Co-authored-by: Matt Dotson <[email protected]>

* Apply suggestion from @mattdot

Co-authored-by: Matt Dotson <[email protected]>

* chore: add comment for id-token permission in workflows

---------

Co-authored-by: Matt Dotson <[email protected]>

Author: mawasile

.devcontainer/devcontainer.json

@@ -16,7 +16,7 @@
             "version": "9.0"
         },
         "ghcr.io/azure/azure-dev/azd:latest": {
-            "version": "1.18.1"
+            "version": "1.20.0"
         },
         "./features/dev-tools": {}
     },
@@ -38,8 +38,9 @@
                 "bierner.markdown-mermaid",
                 "ms-dotnettools.csharp",
                 "ms-dotnettools.vscode-dotnet-runtime"
-                // Include other VSCode extensions if needed
-                // Right click on an extension inside VSCode to add directly to devcontainer.json, or copy the extension ID
+
+                // Include other VSCode extensions if needed. Right click on an extension inside VSCode
+                // to add directly to devcontainer.json, or copy the extension ID
             ],
             "settings": {
                 "terraform.languageServer.enable":true,

.github/workflows/azure-dev-down.yml

@@ -14,7 +14,7 @@ on:
         default: "eastus"
 
 permissions:
-  id-token: write
+  id-token: write # Needed for OIDC Authentication
   contents: read
 
 jobs:
@@ -36,7 +36,7 @@ jobs:
           version: '1.20.0'  # Specify your desired azd version here
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: '18.x'
 

.github/workflows/azure-dev.yml

@@ -20,35 +20,44 @@ on:
     # Set this to the mainline branch you are using
     branches:
       - main
+  pull_request:
+    # Run when pull requests are opened or updated
+    branches:
+      - main
+
 # GitHub Actions workflow to deploy to Azure using azd
+# Ensure only one deployment runs at a time to prevent conflicts
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: false
 
 permissions:
   actions: read # Needed for uploading SARIF reports
   security-events: write  # Needed for uploading SARIF reports
-  id-token: write
+  id-token: write # Needed for OIDC Authentication
   contents: read
 
 
 jobs:
   build:
     runs-on: ${{ fromJson(vars.ACTIONS_RUNNER_NAME || '["ubuntu-latest"]') }}
     env:
-      AZURE_ENV_NAME: ${{ github.event.inputs.azd_environment_name || 'CICD' }}
+      AZURE_ENV_NAME: ${{ github.event.inputs.azd_environment_name || (github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number)) || 'CICD' }}
       AZURE_LOCATION: ${{ github.event.inputs.azure_location || 'eastus' }}
 
     steps:
-      - name: Checkout the branch ${{ github.ref_name }}
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
-          ref: ${{ github.ref_name }}
+          persist-credentials: false
 
       - name: Install azd
-        uses: Azure/setup-azd@cf638ffd167fc81e1851241a478a723c05fa9cb3 # v2.2.0
+        uses: Azure/setup-azd@cf638ffd167fc81e1851241a478a723c05fa9cb3 # v2.2.0
         with:
           version: '1.20.0'  # Specify your desired azd version here
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: '18.x'
 
@@ -58,7 +67,7 @@ jobs:
           terraform_version: 1.13.3
 
       - name: Install TFLint
-        uses: terraform-linters/setup-tflint@acd1575d3c037258ce5b2dd01379dc49ce24c6b7 # v6.2.0
+        uses: terraform-linters/setup-tflint@acd1575d3c037258ce5b2dd01379dc49ce24c6b7 # v6.2.0
         with:
           tflint_version: v0.58.1
           github_token: ${{ secrets.GITHUB_TOKEN }}  # Used to avoid rate
@@ -86,9 +95,21 @@ jobs:
           echo "GitLeaks scan completed"
 
       - name: Setup .NET SDK
-        uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
-        with:
-          dotnet-version: '8.0.x'
+        shell: bash
+        run: |
+          # Install .NET SDK to temp directory for self-hosted runners to avoid permission issues
+          DOTNET_INSTALL_DIR="${{ runner.temp }}/dotnet"
+          mkdir -p "$DOTNET_INSTALL_DIR"
+          
+          # Download and run the dotnet-install script
+          curl -sSL https://dot.net/v1/dotnet-install.sh -o dotnet-install.sh
+          chmod +x dotnet-install.sh
+          ./dotnet-install.sh --channel 9.0 --install-dir "$DOTNET_INSTALL_DIR"
+          rm dotnet-install.sh
+          
+          # Add to PATH for subsequent steps
+          echo "$DOTNET_INSTALL_DIR" >> $GITHUB_PATH
+          echo "DOTNET_ROOT=$DOTNET_INSTALL_DIR" >> $GITHUB_ENV
 
       - name: Install Power Platform Tools
         uses: microsoft/powerplatform-actions/actions-install@6c7b538671a040d11afd8ab94d77bfe3b3ed87e6 # v1.9.1
@@ -100,7 +121,7 @@ jobs:
           pac help
 
       - name: Set Up Python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # 6.0.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # 6.0.0
         with:
           python-version: "3.x"
 
@@ -180,8 +201,8 @@ jobs:
         with:
           sarif_file: ./checkov-results.sarif/results_sarif.sarif
 
-      - name: Azd down
-        if: ${{ github.event.inputs.run_azd_down == 'true' }}
+      - name: Destroy Infrastructure
+        if: ${{ github.event.inputs.run_azd_down == 'true' || github.event_name == 'pull_request' }}
         env:
           POWER_PLATFORM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
           POWER_PLATFORM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}

.github/workflows/terraform-validate.yml

@@ -13,6 +13,7 @@ permissions:
   contents: read
   security-events: write
   pull-requests: write  # Allow workflow to comment on PRs
+  id-token: write # Needed for OIDC Authentication
 
 # Global environment variables
 env:
@@ -49,10 +50,15 @@ jobs:
         with:
           fetch-depth: 0  # Required for proper GitLeaks scanning
 
+      - name: Setup Node.js
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          node-version: '18.x'
+        
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
-          terraform_version: "1.12.2"  # Pinning specific version
+          terraform_version: "1.13.3"  # Pinning specific version
 
       - name: Terraform Init
         id: tf-init

Directory.Build.props

@@ -1,7 +1,7 @@
 <Project>
 
   <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
+  <TargetFramework>net9.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <LangVersion>latest</LangVersion>

tests/Copilot/CopilotTests.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
+  <TargetFramework>net9.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <IsPackable>false</IsPackable>