Merge branch 'main' into demo

Author: Roopan-Microsoft

content-gen/.env.sample .env.samplecontent-gen/.env.sample renamed to .env.sample

@@ -16,8 +16,8 @@ USE_FOUNDRY=false
 # Format: https://<project-name>.services.ai.azure.com
 AZURE_AI_PROJECT_ENDPOINT=
 
-# Image model deployment name in Foundry (e.g., gpt-image-1)
-AZURE_AI_IMAGE_DEPLOYMENT=gpt-image-1
+# Image model deployment name in Foundry (e.g., gpt-image-1-mini)
+AZURE_AI_IMAGE_MODEL_DEPLOYMENT=gpt-image-1-mini
 
 # =============================================================================
 # Azure OpenAI Configuration
@@ -31,15 +31,14 @@ AZURE_OPENAI_ENDPOINT=https://your-openai.openai.azure.com/
 AZURE_OPENAI_GPT_MODEL=gpt-5.1
 
 # Image Generation Model Configuration
-# Supported models: dall-e-3 or gpt-image-1
-AZURE_OPENAI_IMAGE_MODEL=gpt-image-1
+# Supported models: gpt-image-1-mini or gpt-image-1.5
+AZURE_OPENAI_IMAGE_MODEL=gpt-image-1-mini
 
-# For gpt-image-1 (if using a different endpoint than DALL-E)
+# For gpt-image-1-mini or gpt-image-1.5, the endpoint is the same as the main OpenAI endpoint, but you can specify a different one if needed
 AZURE_OPENAI_GPT_IMAGE_ENDPOINT=https://your-openai.openai.azure.com
 
 # Image generation settings
-# For dall-e-3: sizes are 1024x1024, 1024x1792, 1792x1024; quality is standard or hd
-# For gpt-image-1: sizes are 1024x1024, 1536x1024, 1024x1536, auto; quality is low, medium, high, auto
+# For gpt-image-1-mini/1.5: sizes are 1024x1024, 1536x1024, 1024x1536, auto; quality is low, medium, high, auto
 AZURE_OPENAI_IMAGE_SIZE=1024x1024
 AZURE_OPENAI_IMAGE_QUALITY=medium
 
@@ -114,3 +113,13 @@ WORKERS=4
 # Feature flags
 AUTH_ENABLED=false
 SANITIZE_ANSWER=false
+
+# =============================================================================
+# Logging Configuration
+# =============================================================================
+# Basic logging level (DEBUG, INFO, WARNING, ERROR)
+AZURE_BASIC_LOGGING_LEVEL=INFO
+# Logging level for Azure SDK and third-party packages (DEBUG, INFO, WARNING, ERROR)
+AZURE_PACKAGE_LOGGING_LEVEL=WARNING
+# Comma-separated list of Python logger names to apply package logging level to
+AZURE_LOGGING_PACKAGES=

.flake8

@@ -0,0 +1,5 @@
+[flake8]
+max-line-length = 88
+extend-ignore = E501
+exclude = .venv, frontend
+ignore = E203, W503, G004, G200

archive-doc-gen/.github/CODEOWNERS .github/CODEOWNERSarchive-doc-gen/.github/CODEOWNERS renamed to .github/CODEOWNERS

@@ -2,5 +2,4 @@
 # Each line is a file pattern followed by one or more owners.
 
 # These owners will be the default owners for everything in the repo.
-* @toherman-msft @Avijit-Microsoft @Roopan-Microsoft @Prajwal-Microsoft @Vinay-Microsoft @malrose07 @aniaroramsft @nchandhi @dgp10801
-
+* @Avijit-Microsoft @Roopan-Microsoft @Prajwal-Microsoft @aniaroramsft @Vinay-Microsoft @malrose07 @toherman-msft @nchandhi

.github/dependabot.yml

@@ -0,0 +1,49 @@
+version: 2
+
+updates:
+  # GitHub Actions - grouped
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    target-branch: "dependabotchanges"
+    commit-message:
+      prefix: "build"
+    open-pull-requests-limit: 10
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+
+  # Python (pip) dependencies - grouped
+  - package-ecosystem: "pip"
+    directories:
+      - "/src/backend"
+      - "/infra/vscode_web"
+      - "/scripts"
+    schedule:
+      interval: "monthly"
+    target-branch: "dependabotchanges"
+    commit-message:
+      prefix: "build"
+    open-pull-requests-limit: 10
+    groups:
+      python-deps:
+        patterns:
+          - "*"
+
+  # npm dependencies - grouped
+  - package-ecosystem: "npm"
+    directories:
+      - "/src/app/frontend"
+      - "/src/app/frontend-server"
+    schedule:
+      interval: "monthly"
+    target-branch: "dependabotchanges"
+    commit-message:
+      prefix: "build"
+    open-pull-requests-limit: 10
+    groups:
+      npm-deps:
+        patterns:
+          - "*"

.github/workflows/azure-dev.yml

@@ -1,36 +1,52 @@
 name: Azure Template Validation
 on:
   workflow_dispatch:
-
+  push:
+    branches:
+      - main
+ 
 permissions:
   contents: read
   id-token: write
   pull-requests: write
-
+ 
 jobs:
   template_validation_job:
     runs-on: ubuntu-latest
+    environment: production
     name: Template validation
-
+ 
     steps:
       # Step 1: Checkout the code from your repository
       - name: Checkout code
         uses: actions/checkout@v4
 
-      # Step 2: Validate the Azure template using microsoft/template-validation-action
+      # Step 2: Pre-authenticate Azure for azd validation
+      - name: Login to Azure
+        shell: bash
+        run: |
+          az login --service-principal -u "${{ secrets.AZURE_CLIENT_ID }}" -p "${{ secrets.AZURE_CLIENT_SECRET }}" --tenant "${{ secrets.AZURE_TENANT_ID }}"
+          az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+ 
+      # Step 3: Validate the Azure template using microsoft/template-validation-action
       - name: Validate Azure Template
         uses: microsoft/template-validation-action@v0.4.3
-        id: validation
         with:
-          workingDirectory: ./content-gen
+          workingDirectory: .
+          validateAzd: ${{ vars.TEMPLATE_VALIDATE_AZD }}
+          useDevContainer: ${{ vars.TEMPLATE_USE_DEV_CONTAINER }}
+          validateTests: ${{ vars.TEMPLATE_VALIDATE_TESTS }}
+        id: validation
         env:
           AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
           AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
           AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
           AZURE_ENV_NAME: ${{ secrets.AZURE_ENV_NAME }}
           AZURE_LOCATION: ${{ secrets.AZURE_LOCATION }}
+          AZURE_ENV_OPENAI_LOCATION: ${{ secrets.AZURE_ENV_OPENAI_LOCATION }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      # Step 3: Print the result of the validation
+ 
+      # Step 4: Print the result of the validation
       - name: Print result
-        run: cat ${{ steps.validation.outputs.resultFile }}
+        run: cat ${{ steps.validation.outputs.resultFile }}

…ithub/workflows/broken-links-checker.yml …ithub/workflows/broken-links-checker.ymlarchive-doc-gen/.github/workflows/broken-links-checker.yml renamed to .github/workflows/broken-links-checker.yml archive-doc-gen/.github/workflows/broken-links-checker.yml renamed to .github/workflows/broken-links-checker.yml

@@ -8,6 +8,7 @@ on:
 
 permissions:
   contents: read
+  actions: read
 
 jobs:
   markdown-link-check:

.github/workflows/codeql.yml

@@ -0,0 +1,44 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+    paths:
+      - '**/*.py'
+      - '.github/workflows/codeql.yml'
+  pull_request:
+    branches: [ "main" ]
+    paths:
+      - '**/*.py'
+      - '.github/workflows/codeql.yml'
+  schedule:
+    - cron: '17 11 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v6
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v4
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v4
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/deploy-orchestrator.yml

@@ -61,13 +61,15 @@ on:
         description: 'Trigger type (workflow_dispatch, pull_request, schedule)'
         required: true
         type: string
+      image_model_choice:
+        description: 'Image model to deploy (gpt-image-1-mini, gpt-image-1.5, none)'
+        required: false
+        default: 'gpt-image-1-mini'
+        type: string
 
 env:
   AZURE_DEV_COLLECT_TELEMETRY: ${{ vars.AZURE_DEV_COLLECT_TELEMETRY }}
-permissions:
-  contents: read
-  actions: read
-  
+
 jobs:
   docker-build:
     uses: ./.github/workflows/job-docker-build.yml
@@ -94,6 +96,7 @@ jobs:
       docker_image_tag: ${{ needs.docker-build.outputs.IMAGE_TAG }}
       run_e2e_tests: ${{ inputs.run_e2e_tests }}
       cleanup_resources: ${{ inputs.cleanup_resources }}
+      image_model_choice: ${{ inputs.image_model_choice }}
     secrets: inherit
 
   e2e-test:
@@ -105,9 +108,25 @@ jobs:
       TEST_SUITE: ${{ inputs.trigger_type == 'workflow_dispatch' && inputs.run_e2e_tests || 'GoldenPath-Testing' }}
     secrets: inherit
 
+  cleanup-deployment:
+    if: "!cancelled() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && inputs.existing_webapp_url == '' && (inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources)"
+    needs: [docker-build, deploy, e2e-test]
+    uses: ./.github/workflows/job-cleanup-deployment.yml
+    with:
+      runner_os: ${{ inputs.runner_os }}
+      trigger_type: ${{ inputs.trigger_type }}
+      cleanup_resources: ${{ inputs.cleanup_resources }}
+      existing_webapp_url: ${{ inputs.existing_webapp_url }}
+      RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
+      AZURE_LOCATION: ${{ needs.deploy.outputs.AZURE_LOCATION }}
+      AZURE_ENV_OPENAI_LOCATION: ${{ needs.deploy.outputs.AZURE_ENV_OPENAI_LOCATION }}
+      ENV_NAME: ${{ needs.deploy.outputs.ENV_NAME }}
+      IMAGE_TAG: ${{ needs.deploy.outputs.IMAGE_TAG }}
+    secrets: inherit
+
   send-notification:
     if: "!cancelled()"
-    needs: [docker-build, deploy, e2e-test]
+    needs: [docker-build, deploy, e2e-test, cleanup-deployment]
     uses: ./.github/workflows/job-send-notification.yml
     with:
       trigger_type: ${{ inputs.trigger_type }}
@@ -122,20 +141,5 @@ jobs:
       QUOTA_FAILED: ${{ needs.deploy.outputs.QUOTA_FAILED }}
       TEST_SUCCESS: ${{ needs.e2e-test.outputs.TEST_SUCCESS }}
       TEST_REPORT_URL: ${{ needs.e2e-test.outputs.TEST_REPORT_URL }}
-    secrets: inherit
-
-  cleanup-deployment:
-    if: "!cancelled() && needs.deploy.outputs.RESOURCE_GROUP_NAME != '' && inputs.existing_webapp_url == '' && (inputs.trigger_type != 'workflow_dispatch' || inputs.cleanup_resources)"
-    needs: [docker-build, deploy, e2e-test]
-    uses: ./.github/workflows/job-cleanup-deployment.yml
-    with:
-      runner_os: ${{ inputs.runner_os }}
-      trigger_type: ${{ inputs.trigger_type }}
-      cleanup_resources: ${{ inputs.cleanup_resources }}
-      existing_webapp_url: ${{ inputs.existing_webapp_url }}
-      RESOURCE_GROUP_NAME: ${{ needs.deploy.outputs.RESOURCE_GROUP_NAME }}
-      AZURE_LOCATION: ${{ needs.deploy.outputs.AZURE_LOCATION }}
-      AZURE_ENV_OPENAI_LOCATION: ${{ needs.deploy.outputs.AZURE_ENV_OPENAI_LOCATION }}
-      ENV_NAME: ${{ needs.deploy.outputs.ENV_NAME }}
-      IMAGE_TAG: ${{ needs.deploy.outputs.IMAGE_TAG }}
+      cleanup_result: ${{ needs.cleanup-deployment.result }}
     secrets: inherit