fix: Dev to main merge

[Dhruvkumar-Microsoft]

Purpose

This pull request introduces significant improvements to the Azure deployment infrastructure, focusing on enhanced private networking, resource management, and documentation. The main changes include a refactor of networking modules in infra/main.bicep to use a dedicated virtualNetwork module, updates to resource references for private endpoints, and the addition of a comprehensive post-deployment guide. There are also minor workflow and script updates for better usability and telemetry support.

Infrastructure and Networking Refactor:

• Replaced the previous network module with a new virtualNetwork module in infra/main.bicep, adding explicit modules for Bastion Host and Jumpbox VM to improve clarity and modularity of private networking resources. All dependent resources now reference outputs from virtualNetwork instead of network.
• Updated all private endpoint subnet references for Key Vault, Cosmos DB, Storage Account, SQL Server, AI Services, and Search Service to use virtualNetwork!.outputs.pepsSubnetResourceId instead of the old network outputs, ensuring correct resource linkage. [1] [2] [3] [4] [5] [6] [7]
• Changed web application subnet references to use virtualNetwork!.outputs.webSubnetResourceId for private networking alignment.
• Updated private DNS zone virtual network links to use the new virtualNetwork outputs for improved DNS integration.

Documentation and Usability:

• Added a new docs/AVMPostDeploymentGuide.md providing step-by-step instructions for post-deployment tasks, including sample data import, authentication setup, and resource cleanup.

Workflow and Script Improvements:

• Updated .github/workflows/azure-dev.yml to remove automatic triggering on pushes to main and added support for the AZURE_DEV_COLLECT_TELEMETRY variable for enhanced telemetry collection. [1] [2]
• Modified sample data processing script instructions in azure.yaml to pass the resource group as an argument, improving user guidance. [1] [2]

Resource Tagging and Outputs:

• Added DeploymentName to resource group tags for improved tracking, and replaced the output of managed identity client ID with Azure Subscription ID for broader resource context. [1] [2]

Does this introduce a breaking change?

• Yes
• No

Golden Path Validation

• I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

• I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

• ...

Other Information

[Copilot]

Pull Request Overview

This pull request refactors the Azure infrastructure deployment, transitioning from a monolithic network module to a more modular approach with direct VNet integration. The primary focus is restructuring networking components (VNet, Bastion, and Jumpbox) from nested modules into direct deployments in main.bicep, improving maintainability and clarity. Additionally, the PR enhances the deployment workflow by enabling dynamic parameter fetching from deployment outputs and adds comprehensive post-deployment documentation.

Key changes include:

• Refactored networking infrastructure from nested network module to standalone virtualNetwork module with separate Bastion Host and Jumpbox VM modules
• Updated process_sample_data.sh script to dynamically fetch deployment parameters from Azure deployment outputs instead of relying on command-line arguments or azd environment variables
• Added comprehensive post-deployment guide documentation

Reviewed Changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
infra/main.bicep	Replaced network module with virtualNetwork module and separate Bastion/Jumpbox components; updated all resource references to use new output paths; added DeploymentName tag and changed output from client ID to subscription ID
infra/modules/virtualNetwork.bicep	New module consolidating VNet and NSG creation with inline subnet definitions, including support for web, private endpoints, Bastion, and jumpbox subnets
infra/modules/network/virtualNetwork.bicep	Removed (consolidated into parent-level module)
infra/modules/network/network-resources.bicep	Removed (functionality moved to main.bicep)
infra/modules/network/jumpbox.bicep	Removed (functionality moved to main.bicep)
infra/modules/network/bastionHost.bicep	Removed (functionality moved to main.bicep)
infra/modules/network.bicep	Removed (replaced by direct virtualNetwork module usage)
infra/scripts/process_sample_data.sh	Updated to fetch parameters from deployment outputs via Azure CLI instead of command-line arguments; added authentication check and fallback to manual input
infra/scripts/checkquota.sh	Added flag to track insufficient quota when model information is missing
azure.yaml	Updated post-deployment script instructions to pass resource group as argument
.github/workflows/azure-dev.yml	Removed automatic push trigger for main branch; added telemetry collection variable support
docs/AVMPostDeploymentGuide.md	New comprehensive guide for post-deployment steps including data import and authentication setup

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

If the DeploymentName tag doesn't exist, this command will output an empty string without any error indication. Consider adding error handling to notify users when the tag is missing.

Suggested change

	echo "Deployment Name (from tag): $deploymentName"
	echo "Deployment Name (from tag): $deploymentName"
	if [ -z "$deploymentName" ]; then
	echo "ERROR: 'DeploymentName' tag not found in resource group '$resourceGroupName'." >&2
	exit 1
	fi

[Copilot]

Potential index mismatch: Using nsgs[i] assumes NSGs are created for all subnets in order, but nsgs module uses a filtered loop (if (!empty(subnet.?networkSecurityGroup))). This creates a sparse array where indices won't align with the subnet array. If subnet at index 2 has no NSG, accessing nsgs[2] will incorrectly reference nsgs[1]'s actual module.

[Copilot]

Potential index mismatch: Using nsgs[i] assumes NSGs are created for all subnets in order, but nsgs module uses a filtered loop (if (!empty(subnet.?networkSecurityGroup))). This creates a sparse array where indices won't align with the subnet array. If subnet at index 2 has no NSG, accessing nsgs[2] will incorrectly reference nsgs[1]'s actual module.

Suggested change

	// combined output array that holds subnet details along with NSG information
	output subnets subnetOutputType[] = [
	for (subnet, i) in subnets: {
	name: subnet.name
	resourceId: virtualNetwork.outputs.subnetResourceIds[i]
	nsgName: !empty(subnet.?networkSecurityGroup) ? subnet.?networkSecurityGroup.name : null
	nsgResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[i]!.outputs.resourceId : null
	// Array of subnet names for which NSGs are created (order matches nsgs array)
	var nsgSubnetNames = [for (subnet in subnets): !empty(subnet.?networkSecurityGroup) ? subnet.name : null] |> filter(x => x != null)
	// combined output array that holds subnet details along with NSG information
	output subnets subnetOutputType[] = [
	for (subnet, i) in subnets: {
	name: subnet.name
	resourceId: virtualNetwork.outputs.subnetResourceIds[i]
	nsgName: !empty(subnet.?networkSecurityGroup) ? subnet.?networkSecurityGroup.name : null
	nsgResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[indexOf(nsgSubnetNames, subnet.name)]!.outputs.resourceId : null

[Copilot]

The indentation is inconsistent. This line should align with other parameters at the same level (location, tags, etc.).

Suggested change

	name: 'vnet-${solutionSuffix}'
	name: 'vnet-${solutionSuffix}'

[github-actions]

🎉 This PR is included in version 1.9.4 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀