diff --git a/.github/workflows/deploy-azd.yml b/.github/workflows/deploy-azd.yml index 90a75d39..678cc317 100644 --- a/.github/workflows/deploy-azd.yml +++ b/.github/workflows/deploy-azd.yml @@ -140,48 +140,6 @@ jobs: id: azure-login-sp with: creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ env.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}' - - - name: 🚨 Check Authentication Status - run: | - OIDC_OUTCOME="${{ steps.azure-login-oidc.outcome }}" - SP_OUTCOME="${{ steps.azure-login-sp.outcome }}" - - if [ "${{ env.USE_OIDC }}" = "true" ]; then - if [ "$OIDC_OUTCOME" = "failure" ] || [ "$OIDC_OUTCOME" = "skipped" ]; then - echo "⚠ī¸ OIDC authentication failed - insufficient permissions or missing federated credentials" - echo "This is normal for:" - echo " - Forked repositories" - echo " - Repositories without 'id-token: write' permissions" - echo " - Missing Azure AD federated identity credentials" - echo "" - echo "💡 Solutions:" - echo " 1. Add AZURE_CLIENT_SECRET to repository secrets for service principal auth" - echo " 2. Configure federated identity credentials in Azure AD" - echo " 3. Enable 'id-token: write' permissions in repository settings" - - if [ "${{ github.event_name }}" = "pull_request" ]; then - echo "ℹī¸ For PR previews, functionality will be limited" - echo "auth_success=false" >> $GITHUB_OUTPUT - else - echo "❌ For deployments, authentication is required" - exit 1 - fi - else - echo "✅ Azure OIDC authentication successful" - echo "auth_success=true" >> $GITHUB_OUTPUT - fi - else - if [ "$SP_OUTCOME" = "success" ]; then - echo "✅ Azure Service Principal authentication successful" - echo "auth_success=true" >> $GITHUB_OUTPUT - else - echo "❌ Service Principal authentication failed" - if [ "${{ github.event_name }}" != "pull_request" ]; then - exit 1 - fi - echo "auth_success=false" >> $GITHUB_OUTPUT - fi - fi - name: ⚙ī¸ Setup Azure Developer CLI uses: Azure/setup-azd@v2 @@ -195,22 +153,24 @@ jobs: continue-on-error: true # Don't fail if authentication doesn't work id: azd-login run: | - if [ "${{ env.USE_OIDC }}" = "true" ] && [ "${{ steps.azure-login-oidc.outcome }}" = "success" ]; then - echo "🔐 Attempting azd authentication with OIDC..." + if ($env:USE_OIDC -eq "true" -and "${{ steps.azure-login-oidc.outcome }}" -eq "success") { + Write-Host "🔐 Attempting azd authentication with OIDC..." azd auth login ` - --client-id "$Env:AZURE_CLIENT_ID" ` - --federated-credential-provider "github" ` - --tenant-id "$Env:AZURE_TENANT_ID" - elif [ "${{ env.USE_OIDC }}" = "false" ] && [ "${{ steps.azure-login-sp.outcome }}" = "success" ]; then - echo "🔐 Attempting azd authentication with Service Principal..." + --client-id $env:AZURE_CLIENT_ID ` + --federated-credential-provider github ` + --tenant-id $env:AZURE_TENANT_ID + } + elseif ($env:USE_OIDC -eq "false" -and "${{ steps.azure-login-sp.outcome }}" -eq "success") { + Write-Host "🔐 Attempting azd authentication with Service Principal..." azd auth login ` - --client-id "$Env:AZURE_CLIENT_ID" ` - --client-secret "$Env:AZURE_CLIENT_SECRET" ` - --tenant-id "$Env:AZURE_TENANT_ID" - else - echo "⚠ī¸ Skipping azd login due to failed Azure authentication" + --client-id $env:AZURE_CLIENT_ID ` + --client-secret $env:AZURE_CLIENT_SECRET ` + --tenant-id $env:AZURE_TENANT_ID + } + else { + Write-Host "⚠ī¸ Skipping azd login due to failed Azure authentication" exit 1 - fi + } shell: pwsh # ======================================================================== @@ -302,17 +262,6 @@ jobs: ARM_USE_OIDC: ${{ env.USE_OIDC }} ARM_CLIENT_SECRET: ${{ env.USE_OIDC == 'false' && env.AZURE_CLIENT_SECRET || '' }} - # - name: Whitelist GitHub Runner IP - # uses: azure/CLI@v1 - # with: - # inlineScript: | - # set -eu - # agentIP=$(curl -s https://api.ipify.org/) - # az storage account network-rule add \ - # --resource-group "${{ env.RS_RESOURCE_GROUP }}" \ - # --account-name "${{ env.RS_STORAGE_ACCOUNT }}" \ - # --ip-address $agentIP - # sleep 300 # ======================================================================== # PREVIEW MODE (for PRs) # ======================================================================== @@ -548,11 +497,8 @@ jobs: echo "container_registry_endpoint=${AZURE_CONTAINER_REGISTRY_ENDPOINT:-unknown}" >> $GITHUB_OUTPUT # Try to get service endpoints - FRONTEND_URL=$(azd show --output json 2>/dev/null | jq -r '.services."rtaudio-client".endpoint // empty' || echo "") - BACKEND_URL=$(azd show --output json 2>/dev/null | jq -r '.services."rtaudio-server".endpoint // empty' || echo "") - - echo "frontend_url=${FRONTEND_URL}" >> $GITHUB_OUTPUT - echo "backend_url=${BACKEND_URL}" >> $GITHUB_OUTPUT + echo "frontend_url=${FRONTEND_CONTAINER_APP_FQDN:-unknown}" >> $GITHUB_OUTPUT + echo "backend_url=${BACKEND_CONTAINER_APP_FQDN:-unknown}" >> $GITHUB_OUTPUT else echo "⚠ī¸ Could not extract azd outputs" echo "resource_group=unknown" >> $GITHUB_OUTPUT @@ -577,19 +523,6 @@ jobs: # ======================================================================== # CLEANUP STEPS # ======================================================================== - # - name: 🔓 Remove GitHub Runner IP from Whitelist - # if: always() - # continue-on-error: true - # uses: azure/CLI@v1 - # with: - # inlineScript: | - # set -eu - # agentIP=$(curl -s https://api.ipify.org/) - # az storage account network-rule remove \ - # --resource-group "${{ env.RS_RESOURCE_GROUP }}" \ - # --account-name "${{ env.RS_STORAGE_ACCOUNT }}" \ - # --ip-address $agentIP || echo "⚠ī¸ Could not remove IP from whitelist" - - name: đŸšĒ Logout if: always() run: | diff --git a/requirements.txt b/requirements.txt index 8dbbf9b2..114609a9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,70 +1,73 @@ -## Core FastAPI microservices stack -fastapi>=0.104.0 -uvicorn[standard]>=0.24.0 -pydantic>=2.5.0 -pydantic-settings>=2.1.0 -starlette>=0.27.0 -redis>=5.0.0 -aiohttp>=3.9.0 -python-multipart>=0.0.6 -pyjwt - -# Azure services - Linux App Service compatible versions -azure-cosmos>=4.5.0 -azure-identity>=1.15.0 -azure-storage-blob>=12.19.0 -azure-cognitiveservices-speech>=1.45.0 -azure-communication-callautomation>=1.4.0 -azure-communication-identity>=1.5.0 -azure-keyvault-secrets>=4.7.0 -azure-eventgrid>=4.10.0 - -# Azure monitoring and telemetry -azure-monitor-opentelemetry>=1.6.11 -opentelemetry-sdk -opentelemetry-instrumentation -opentelemetry-instrumentation-fastapi -opentelemetry-instrumentation-requests -opentelemetry-instrumentation-urllib -opentelemetry-instrumentation-urllib3 -opentelemetry-instrumentation-openai-v2 - -# Azure + misc -azure-core>=1.29.0 -colorama>=0.4.6 - -# AI and OpenAI integration -openai>=1.50.0 - -# HTTP clients - stable versions -httpx>=0.27.0 -aiofiles>=23.0.0 - -# Async and networking tools -tenacity>=8.5.0 -# Load testing (moved from end) -locust>=2.20.0 -# WebSocket and communication libraries -websockets>=12.0 -websocket-client>=1.6.0 -pytest>=7.4.0 -backoff>=2.0.0 - -# Data processing and YAML configuration -numpy>=1.24.0 -python-dotenv>=1.0.0 -python-json-logger>=2.0.0 -jinja2>=3.1.0 -typing-extensions>=4.8.0 -langdetect>=1.0.9 -PyYAML>=6.0.0 -pyyaml-include>=1.3.0 - -# Audio processing for Live Voice API and samples -sounddevice>=0.4.6 -pyaudio>=0.2.11 -wave # Part of standard library, but may need explicit declaration - -# Database drivers -pymongo>=4.6.0 -rapidfuzz>=3.13.0 \ No newline at end of file +## Core FastAPI microservices stack +fastapi>=0.104.0 +uvicorn[standard]>=0.24.0 +pydantic>=2.5.0 +pydantic-settings>=2.1.0 +starlette>=0.27.0 +redis>=5.0.0 +aiohttp>=3.9.0 +python-multipart>=0.0.6 +pyjwt + +# Azure services - Linux App Service compatible versions +azure-cosmos>=4.5.0 +azure-identity>=1.15.0 +azure-storage-blob>=12.19.0 +azure-cognitiveservices-speech>=1.45.0 +azure-communication-callautomation>=1.4.0 +azure-communication-identity>=1.5.0 +azure-keyvault-secrets>=4.7.0 +azure-eventgrid>=4.10.0 + +# Azure monitoring and telemetry +azure-monitor-opentelemetry>=1.6.11 +opentelemetry-sdk +opentelemetry-instrumentation +opentelemetry-instrumentation-fastapi +opentelemetry-instrumentation-requests +opentelemetry-instrumentation-urllib +opentelemetry-instrumentation-urllib3 +opentelemetry-instrumentation-openai-v2 + +# Azure + misc +azure-core>=1.29.0 +colorama>=0.4.6 + +# AI and OpenAI integration +openai>=1.50.0 + +# HTTP clients - stable versions +httpx>=0.27.0 +aiofiles>=23.0.0 + +# Async and networking tools +tenacity>=8.5.0 +# Load testing (moved from end) +locust>=2.20.0 +# WebSocket and communication libraries +websockets>=12.0 +websocket-client>=1.6.0 +pytest>=7.4.0 +backoff>=2.0.0 + +# Data processing and YAML configuration +numpy>=1.24.0 +python-dotenv>=1.0.0 +python-json-logger>=2.0.0 +jinja2>=3.1.0 +typing-extensions>=4.8.0 +langdetect>=1.0.9 +PyYAML>=6.0.0 +pyyaml-include>=1.3.0 + +# Audio processing for Live Voice API and samples +sounddevice>=0.4.6 +pyaudio>=0.2.11 +# wave is in the Python standard library; no pip package required + +# Database drivers +pymongo>=4.6.0 +rapidfuzz>=3.13.0 + +# Testing and linting tools +locust \ No newline at end of file