Merge branch 'main' into hadwa/add_azd_copilot_chat_mode

Author: HadwaAbdelhalem

.devcontainer/devcontainer.json

@@ -7,15 +7,16 @@
         "ghcr.io/devcontainers/features/python:1" : {},
         "ghcr.io/devcontainers/features/powershell:1": {},
         "ghcr.io/devcontainers/features/azure-cli:1": {},
+        "ghcr.io/devcontainers/features/github-cli:1": {},
         "ghcr.io/devcontainers/features/docker-in-docker:2": {},
         "ghcr.io/devcontainers/features/terraform:1": {
             "installTFsec": true
         },
         "ghcr.io/devcontainers/features/dotnet:2": {
-            "version": "8.0"
+            "version": "9.0"
         },
         "ghcr.io/azure/azure-dev/azd:latest": {
-            "version": "1.18.1"
+            "version": "1.20.0"
         },
         "./features/dev-tools": {}
     },
@@ -31,16 +32,15 @@
                 "ms-vscode.makefile-tools",  
                 "DavidAnson.vscode-markdownlint",
                 "golang.go",
-                "azapi-vscode.azapi",
                 "ms-azuretools.vscode-azureterraform",
                 "terraform-linters.tflint-vscode",
-                "microsoft-IsvExpTools.powerplatform-vscode",
                 "ms-vscode.azurecli",
                 "bierner.markdown-mermaid",
                 "ms-dotnettools.csharp",
                 "ms-dotnettools.vscode-dotnet-runtime"
-                // Include other VSCode extensions if needed
-                // Right click on an extension inside VSCode to add directly to devcontainer.json, or copy the extension ID
+
+                // Include other VSCode extensions if needed. Right click on an extension inside VSCode
+                // to add directly to devcontainer.json, or copy the extension ID
             ],
             "settings": {
                 "terraform.languageServer.enable":true,

.devcontainer/features/dev-tools/install.sh

@@ -1,4 +1,7 @@
 #!/bin/sh
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+
 set -eux
 
 echo "Installing development tools for Copilot Studio with Azure AI Search..."

.devcontainer/postCreate.sh

@@ -1,4 +1,7 @@
 #!/bin/sh
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+
 set -eux
 
 echo "Running post-create setup for interactive operations..."
@@ -10,21 +13,15 @@ tflint --init
 
 # Install PowerApps CLI (Microsoft.PowerApps.CLI.Tool)
 echo "Installing PowerApps CLI..."
-dotnet tool install --global Microsoft.PowerApps.CLI.Tool --version 1.43.6
+dotnet tool install --global Microsoft.PowerApps.CLI.Tool --version 1.49.3
 
 # Restore .NET packages including Microsoft.Agents.CopilotStudio.Client
 echo "Restoring .NET packages..."
-if [ -f "Directory.Build.props" ]; then
-    dotnet restore
-    echo ".NET packages restored successfully!"
+if [ -f "tests/Copilot/CopilotTests.csproj" ]; then
+    dotnet restore tests/Copilot/CopilotTests.csproj
+    echo "Copilot project packages restored successfully!"
 else
-    # Fallback to individual project restore
-    if [ -f "tests/Copilot/CopilotTests.csproj" ]; then
-        dotnet restore tests/Copilot/CopilotTests.csproj
-        echo "Copilot project packages restored successfully!"
-    else
-        echo "No .NET projects found, skipping package restore"
-    fi
+    echo "No .NET projects found, skipping package restore"
 fi
 
 echo "Post-create setup completed successfully!"

.github/workflows/azure-dev-down.yml

@@ -14,7 +14,7 @@ on:
         default: "eastus"
 
 permissions:
-  id-token: write
+  id-token: write # Needed for OIDC Authentication
   contents: read
 
 jobs:
@@ -26,19 +26,24 @@ jobs:
 
     steps:
       - name: Checkout the branch ${{ github.ref_name }}
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           ref: ${{ github.ref_name }}
 
       - name: Install azd
-        uses: Azure/setup-azd@ae0f8b5482eeac61e940f447327d84c73beb8b1e # v2.1.0
+        uses: Azure/setup-azd@cf638ffd167fc81e1851241a478a723c05fa9cb3 # v2.2.0
         with:
-          version: '1.18.1'  # Specify your desired azd version here
+          version: '1.20.0'  # Specify your desired azd version here
+        
+      - name: Setup Node.js
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          node-version: '18.x'
 
       - name: Install Terraform
         uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
-          terraform_version: 1.12.2
+          terraform_version: 1.13.3
 
       - name: Login to Azure with Federated Identity
         uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
@@ -65,6 +70,7 @@ jobs:
           RS_CONTAINER_NAME: ${{ vars.RS_CONTAINER_NAME }}
           RS_RESOURCE_GROUP: ${{ vars.RS_RESOURCE_GROUP }}
           RESOURCE_SHARE_USER: ${{ vars.RESOURCE_SHARE_USER }}
+          RESOURCE_TAGS: ${{ vars.RESOURCE_TAGS }}
 
         shell: bash
         run: |
@@ -74,7 +80,30 @@ jobs:
           azd env set RS_CONTAINER_NAME "$RS_CONTAINER_NAME"
           azd env set RS_RESOURCE_GROUP "$RS_RESOURCE_GROUP"
           azd env set RESOURCE_SHARE_USER "$RESOURCE_SHARE_USER"
+          azd env set RESOURCE_TAGS "$RESOURCE_TAGS"
 
           azd package # trigger prepackage hook to setup terraform provider
           azd provision --preview  # https://github.com/Azure/azure-dev/issues/4317
           azd down --no-prompt --force --purge
+
+      - name: Purge Soft-Deleted Azure OpenAI Resources
+        shell: bash
+        run: |
+          # Get the OpenAI resource name and location from environment outputs
+          OPENAI_RESOURCE_NAME=$(azd env get-values --output json | jq -r '.openai_resource_name // empty')
+          AZURE_REGION=$(azd env get-values --output json | jq -r '.primary_azure_region // empty')
+          RESOURCE_GROUP=$(azd env get-values --output json | jq -r '.resource_group_name // empty')
+
+          # Only attempt to purge if we have the required information
+          if [[ -n "$OPENAI_RESOURCE_NAME" && -n "$AZURE_REGION" ]]; then
+            echo "Attempting to purge soft-deleted Azure OpenAI resource: $OPENAI_RESOURCE_NAME in $AZURE_REGION"
+            
+            # Purge the soft-deleted Cognitive Services account (continue on error if resource not found)
+            az cognitiveservices account purge \
+              --location "$AZURE_REGION" \
+              --resource-group "$RESOURCE_GROUP" \
+              --name "$OPENAI_RESOURCE_NAME" || echo "Resource may not be in soft-delete state or already purged"
+          else
+            echo "OpenAI resource information not found in environment outputs. Skipping purge."
+          fi
+

.github/workflows/azure-dev.yml

@@ -20,35 +20,54 @@ on:
     # Set this to the mainline branch you are using
     branches:
       - main
+  pull_request:
+    # Run when pull requests are opened or updated
+    branches:
+      - main
+
 # GitHub Actions workflow to deploy to Azure using azd
+# Ensure only one deployment runs at a time to prevent conflicts
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: false
 
 permissions:
   actions: read # Needed for uploading SARIF reports
   security-events: write  # Needed for uploading SARIF reports
-  id-token: write
+  id-token: write # Needed for OIDC Authentication
   contents: read
 
 
 jobs:
   build:
     runs-on: ${{ fromJson(vars.ACTIONS_RUNNER_NAME || '["ubuntu-latest"]') }}
     env:
-      AZURE_ENV_NAME: ${{ github.event.inputs.azd_environment_name || 'CICD' }}
+      AZURE_ENV_NAME: ${{ github.event.inputs.azd_environment_name || (github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number)) || 'CICD' }}
       AZURE_LOCATION: ${{ github.event.inputs.azure_location || 'eastus' }}
 
     steps:
-      - name: Checkout the branch ${{ github.ref_name }}
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
-          ref: ${{ github.ref_name }}
+          persist-credentials: false
 
       - name: Install azd
-        uses: Azure/setup-azd@ae0f8b5482eeac61e940f447327d84c73beb8b1e # v2.1.0
+        uses: Azure/setup-azd@cf638ffd167fc81e1851241a478a723c05fa9cb3 # v2.2.0
+        with:
+          version: '1.20.0'  # Specify your desired azd version here
+
+      - name: Setup Node.js
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          node-version: '18.x'
+
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
         with:
-          version: '1.18.1'  # Specify your desired azd version here
+          terraform_version: 1.13.3
 
       - name: Install TFLint
-        uses: terraform-linters/setup-tflint@90f302c255ef959cbfb4bd10581afecdb7ece3e6 # v4.1.1
+        uses: terraform-linters/setup-tflint@acd1575d3c037258ce5b2dd01379dc49ce24c6b7 # v6.2.0
         with:
           tflint_version: v0.58.1
           github_token: ${{ secrets.GITHUB_TOKEN }}  # Used to avoid rate
@@ -76,9 +95,21 @@ jobs:
           echo "GitLeaks scan completed"
 
       - name: Setup .NET SDK
-        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
-        with:
-          dotnet-version: '8.0.x'
+        shell: bash
+        run: |
+          # Install .NET SDK to temp directory for self-hosted runners to avoid permission issues
+          DOTNET_INSTALL_DIR="${{ runner.temp }}/dotnet"
+          mkdir -p "$DOTNET_INSTALL_DIR"
+          
+          # Download and run the dotnet-install script
+          curl -sSL https://dot.net/v1/dotnet-install.sh -o dotnet-install.sh
+          chmod +x dotnet-install.sh
+          ./dotnet-install.sh --channel 9.0 --install-dir "$DOTNET_INSTALL_DIR"
+          rm dotnet-install.sh
+          
+          # Add to PATH for subsequent steps
+          echo "$DOTNET_INSTALL_DIR" >> $GITHUB_PATH
+          echo "DOTNET_ROOT=$DOTNET_INSTALL_DIR" >> $GITHUB_ENV
 
       - name: Install Power Platform Tools
         uses: microsoft/powerplatform-actions/actions-install@6c7b538671a040d11afd8ab94d77bfe3b3ed87e6 # v1.9.1
@@ -90,7 +121,7 @@ jobs:
           pac help
 
       - name: Set Up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # 5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # 6.0.0
         with:
           python-version: "3.x"
 
@@ -123,6 +154,7 @@ jobs:
           RS_RESOURCE_GROUP: ${{ vars.RS_RESOURCE_GROUP }}
 
           RESOURCE_SHARE_USER: ${{ vars.RESOURCE_SHARE_USER }}
+          RESOURCE_TAGS: ${{ vars.RESOURCE_TAGS }}
 
           GITHUB_PAT: ${{ secrets.MCS_RUNNER }}
           GITHUB_REPO_OWNER: ${{ github.repository_owner }}
@@ -135,6 +167,7 @@ jobs:
           azd config set auth.useAzCliAuth "true"
           azd env new "$AZURE_ENV_NAME" --location "$AZURE_LOCATION" --no-prompt
           azd env set RESOURCE_SHARE_USER "$RESOURCE_SHARE_USER"
+          azd env set RESOURCE_TAGS "$RESOURCE_TAGS"
 
           azd env set RS_STORAGE_ACCOUNT "$RS_STORAGE_ACCOUNT"
           azd env set RS_CONTAINER_NAME "$RS_CONTAINER_NAME"
@@ -168,8 +201,8 @@ jobs:
         with:
           sarif_file: ./checkov-results.sarif/results_sarif.sarif
 
-      - name: Azd down
-        if: ${{ github.event.inputs.run_azd_down == 'true' }}
+      - name: Destroy Infrastructure
+        if: ${{ github.event.inputs.run_azd_down == 'true' || github.event_name == 'pull_request' }}
         env:
           POWER_PLATFORM_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
           POWER_PLATFORM_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
@@ -187,13 +220,37 @@ jobs:
           RS_CONTAINER_NAME: ${{ vars.RS_CONTAINER_NAME }}
           RS_RESOURCE_GROUP: ${{ vars.RS_RESOURCE_GROUP }}
           RESOURCE_SHARE_USER: ${{ vars.RESOURCE_SHARE_USER }}
+          RESOURCE_TAGS: ${{ vars.RESOURCE_TAGS }}
 
         shell: bash
         run: |
           azd env set RS_STORAGE_ACCOUNT "$RS_STORAGE_ACCOUNT"
           azd env set RS_CONTAINER_NAME "$RS_CONTAINER_NAME"
           azd env set RS_RESOURCE_GROUP "$RS_RESOURCE_GROUP"
           azd env set RESOURCE_SHARE_USER "$RESOURCE_SHARE_USER"
+          azd env set RESOURCE_TAGS "$RESOURCE_TAGS"
 
           azd env select "$AZURE_ENV_NAME"
-          azd down --no-prompt --force --purge
+          azd down --no-prompt --force --purge
+
+      - name: Purge Soft-Deleted Azure OpenAI Resources
+        if: ${{ github.event.inputs.run_azd_down == 'true' || github.event_name == 'pull_request' }}
+        shell: bash
+        run: |
+          # Get the OpenAI resource name and location from environment outputs
+          OPENAI_RESOURCE_NAME=$(azd env get-values --output json | jq -r '.openai_resource_name // empty')
+          AZURE_REGION=$(azd env get-values --output json | jq -r '.primary_azure_region // empty')
+          RESOURCE_GROUP=$(azd env get-values --output json | jq -r '.resource_group_name // empty')
+
+          # Only attempt to purge if we have the required information
+          if [[ -n "$OPENAI_RESOURCE_NAME" && -n "$AZURE_REGION" ]]; then
+            echo "Attempting to purge soft-deleted Azure OpenAI resource: $OPENAI_RESOURCE_NAME in $AZURE_REGION"
+            
+            # Purge the soft-deleted Cognitive Services account (continue on error if resource not found)
+            az cognitiveservices account purge \
+              --location "$AZURE_REGION" \
+              --resource-group "$RESOURCE_GROUP" \
+              --name "$OPENAI_RESOURCE_NAME" || echo "Resource may not be in soft-delete state or already purged"
+          else
+            echo "OpenAI resource information not found in environment outputs. Skipping purge."
+          fi