CICD workflow fix for azd deployment

.github/workflows/deploy-azd.yml

@@ -140,48 +140,6 @@ jobs:
         id: azure-login-sp
         with:
           creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ env.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}'
-
-      - name: 🚨 Check Authentication Status
-        run: |
-          OIDC_OUTCOME="${{ steps.azure-login-oidc.outcome }}"
-          SP_OUTCOME="${{ steps.azure-login-sp.outcome }}"
-
-          if [ "${{ env.USE_OIDC }}" = "true" ]; then
-            if [ "$OIDC_OUTCOME" = "failure" ] || [ "$OIDC_OUTCOME" = "skipped" ]; then
-              echo "⚠️ OIDC authentication failed - insufficient permissions or missing federated credentials"
-              echo "This is normal for:"
-              echo "  - Forked repositories"
-              echo "  - Repositories without 'id-token: write' permissions"
-              echo "  - Missing Azure AD federated identity credentials"
-              echo ""
-              echo "💡 Solutions:"
-              echo "  1. Add AZURE_CLIENT_SECRET to repository secrets for service principal auth"
-              echo "  2. Configure federated identity credentials in Azure AD"
-              echo "  3. Enable 'id-token: write' permissions in repository settings"
-
-              if [ "${{ github.event_name }}" = "pull_request" ]; then
-                echo "ℹ️ For PR previews, functionality will be limited"
-                echo "auth_success=false" >> $GITHUB_OUTPUT
-              else
-                echo "❌ For deployments, authentication is required"
-                exit 1
-              fi
-            else
-              echo "✅ Azure OIDC authentication successful"
-              echo "auth_success=true" >> $GITHUB_OUTPUT
-            fi
-          else
-            if [ "$SP_OUTCOME" = "success" ]; then
-              echo "✅ Azure Service Principal authentication successful"
-              echo "auth_success=true" >> $GITHUB_OUTPUT
-            else
-              echo "❌ Service Principal authentication failed"
-              if [ "${{ github.event_name }}" != "pull_request" ]; then
-                exit 1
-              fi
-              echo "auth_success=false" >> $GITHUB_OUTPUT
-            fi
-          fi
 
       - name: ⚙️ Setup Azure Developer CLI
         uses: Azure/setup-azd@v2
@@ -195,22 +153,24 @@ jobs:
         continue-on-error: true  # Don't fail if authentication doesn't work
         id: azd-login
         run: |
-          if [ "${{ env.USE_OIDC }}" = "true" ] && [ "${{ steps.azure-login-oidc.outcome }}" = "success" ]; then
-            echo "🔐 Attempting azd authentication with OIDC..."
+          if ($env:USE_OIDC -eq "true" -and "${{ steps.azure-login-oidc.outcome }}" -eq "success") {
+            Write-Host "🔐 Attempting azd authentication with OIDC..."
             azd auth login `
-              --client-id "$Env:AZURE_CLIENT_ID" `
-              --federated-credential-provider "github" `
-              --tenant-id "$Env:AZURE_TENANT_ID"
-          elif [ "${{ env.USE_OIDC }}" = "false" ] && [ "${{ steps.azure-login-sp.outcome }}" = "success" ]; then
-            echo "🔐 Attempting azd authentication with Service Principal..."
+              --client-id $env:AZURE_CLIENT_ID `
+              --federated-credential-provider github `
+              --tenant-id $env:AZURE_TENANT_ID
+          }
+          elseif ($env:USE_OIDC -eq "false" -and "${{ steps.azure-login-sp.outcome }}" -eq "success") {
+            Write-Host "🔐 Attempting azd authentication with Service Principal..."
             azd auth login `
-              --client-id "$Env:AZURE_CLIENT_ID" `
-              --client-secret "$Env:AZURE_CLIENT_SECRET" `
-              --tenant-id "$Env:AZURE_TENANT_ID"
-          else
-            echo "⚠️ Skipping azd login due to failed Azure authentication"
+              --client-id $env:AZURE_CLIENT_ID `
+              --client-secret $env:AZURE_CLIENT_SECRET `
+              --tenant-id $env:AZURE_TENANT_ID
+          }
+          else {
+            Write-Host "⚠️ Skipping azd login due to failed Azure authentication"
             exit 1
-          fi
+          }
         shell: pwsh
 
       # ========================================================================
@@ -302,17 +262,6 @@ jobs:
           ARM_USE_OIDC: ${{ env.USE_OIDC }}
           ARM_CLIENT_SECRET: ${{ env.USE_OIDC == 'false' && env.AZURE_CLIENT_SECRET || '' }}
 
-      # - name: Whitelist GitHub Runner IP
-      #   uses: azure/CLI@v1
-      #   with:
-      #     inlineScript: |
-      #       set -eu
-      #       agentIP=$(curl -s https://api.ipify.org/)
-      #       az storage account network-rule add \
-      #         --resource-group "${{ env.RS_RESOURCE_GROUP }}" \
-      #         --account-name "${{ env.RS_STORAGE_ACCOUNT }}" \
-      #         --ip-address $agentIP
-      #       sleep 300
       # ========================================================================
       # PREVIEW MODE (for PRs)
       # ========================================================================
@@ -548,11 +497,8 @@ jobs:
             echo "container_registry_endpoint=${AZURE_CONTAINER_REGISTRY_ENDPOINT:-unknown}" >> $GITHUB_OUTPUT
 
             # Try to get service endpoints
-            FRONTEND_URL=$(azd show --output json 2>/dev/null | jq -r '.services."rtaudio-client".endpoint // empty' || echo "")
-            BACKEND_URL=$(azd show --output json 2>/dev/null | jq -r '.services."rtaudio-server".endpoint // empty' || echo "")
-
-            echo "frontend_url=${FRONTEND_URL}" >> $GITHUB_OUTPUT
-            echo "backend_url=${BACKEND_URL}" >> $GITHUB_OUTPUT
+            echo "frontend_url=${FRONTEND_CONTAINER_APP_FQDN:-unknown}" >> $GITHUB_OUTPUT
+            echo "backend_url=${BACKEND_CONTAINER_APP_FQDN:-unknown}" >> $GITHUB_OUTPUT
           else
             echo "⚠️ Could not extract azd outputs"
             echo "resource_group=unknown" >> $GITHUB_OUTPUT
@@ -577,19 +523,6 @@ jobs:
       # ========================================================================
       # CLEANUP STEPS
       # ========================================================================
-      # - name: 🔓 Remove GitHub Runner IP from Whitelist
-      #   if: always()
-      #   continue-on-error: true
-      #   uses: azure/CLI@v1
-      #   with:
-      #     inlineScript: |
-      #       set -eu
-      #       agentIP=$(curl -s https://api.ipify.org/)
-      #       az storage account network-rule remove \
-      #         --resource-group "${{ env.RS_RESOURCE_GROUP }}" \
-      #         --account-name "${{ env.RS_STORAGE_ACCOUNT }}" \
-      #         --ip-address $agentIP || echo "⚠️ Could not remove IP from whitelist"
-
       - name: 🚪 Logout
         if: always()
         run: |

requirements.txt

@@ -1,70 +1,73 @@
-## Core FastAPI microservices stack
-fastapi>=0.104.0
-uvicorn[standard]>=0.24.0
-pydantic>=2.5.0
-pydantic-settings>=2.1.0
-starlette>=0.27.0
-redis>=5.0.0
-aiohttp>=3.9.0
-python-multipart>=0.0.6
-pyjwt
-
-# Azure services - Linux App Service compatible versions
-azure-cosmos>=4.5.0
-azure-identity>=1.15.0
-azure-storage-blob>=12.19.0
-azure-cognitiveservices-speech>=1.45.0
-azure-communication-callautomation>=1.4.0
-azure-communication-identity>=1.5.0
-azure-keyvault-secrets>=4.7.0
-azure-eventgrid>=4.10.0
-
-# Azure monitoring and telemetry
-azure-monitor-opentelemetry>=1.6.11
-opentelemetry-sdk
-opentelemetry-instrumentation
-opentelemetry-instrumentation-fastapi
-opentelemetry-instrumentation-requests
-opentelemetry-instrumentation-urllib
-opentelemetry-instrumentation-urllib3
-opentelemetry-instrumentation-openai-v2
-
-# Azure + misc
-azure-core>=1.29.0
-colorama>=0.4.6
-
-# AI and OpenAI integration
-openai>=1.50.0
-
-# HTTP clients - stable versions
-httpx>=0.27.0
-aiofiles>=23.0.0
-
-# Async and networking tools
-tenacity>=8.5.0
-# Load testing (moved from end)
-locust>=2.20.0
-# WebSocket and communication libraries  
-websockets>=12.0
-websocket-client>=1.6.0
-pytest>=7.4.0
-backoff>=2.0.0
-
-# Data processing and YAML configuration
-numpy>=1.24.0
-python-dotenv>=1.0.0
-python-json-logger>=2.0.0
-jinja2>=3.1.0
-typing-extensions>=4.8.0
-langdetect>=1.0.9
-PyYAML>=6.0.0
-pyyaml-include>=1.3.0
-
-# Audio processing for Live Voice API and samples
-sounddevice>=0.4.6
-pyaudio>=0.2.11
-wave  # Part of standard library, but may need explicit declaration
-
-# Database drivers
-pymongo>=4.6.0
-rapidfuzz>=3.13.0
+## Core FastAPI microservices stack
+fastapi>=0.104.0
+uvicorn[standard]>=0.24.0
+pydantic>=2.5.0
+pydantic-settings>=2.1.0
+starlette>=0.27.0
+redis>=5.0.0
+aiohttp>=3.9.0
+python-multipart>=0.0.6
+pyjwt
+
+# Azure services - Linux App Service compatible versions
+azure-cosmos>=4.5.0
+azure-identity>=1.15.0
+azure-storage-blob>=12.19.0
+azure-cognitiveservices-speech>=1.45.0
+azure-communication-callautomation>=1.4.0
+azure-communication-identity>=1.5.0
+azure-keyvault-secrets>=4.7.0
+azure-eventgrid>=4.10.0
+
+# Azure monitoring and telemetry
+azure-monitor-opentelemetry>=1.6.11
+opentelemetry-sdk
+opentelemetry-instrumentation
+opentelemetry-instrumentation-fastapi
+opentelemetry-instrumentation-requests
+opentelemetry-instrumentation-urllib
+opentelemetry-instrumentation-urllib3
+opentelemetry-instrumentation-openai-v2
+
+# Azure + misc
+azure-core>=1.29.0
+colorama>=0.4.6
+
+# AI and OpenAI integration
+openai>=1.50.0
+
+# HTTP clients - stable versions
+httpx>=0.27.0
+aiofiles>=23.0.0
+
+# Async and networking tools
+tenacity>=8.5.0
+# Load testing (moved from end)
+locust>=2.20.0
+# WebSocket and communication libraries  
+websockets>=12.0
+websocket-client>=1.6.0
+pytest>=7.4.0
+backoff>=2.0.0
+
+# Data processing and YAML configuration
+numpy>=1.24.0
+python-dotenv>=1.0.0
+python-json-logger>=2.0.0
+jinja2>=3.1.0
+typing-extensions>=4.8.0
+langdetect>=1.0.9
+PyYAML>=6.0.0
+pyyaml-include>=1.3.0
+
+# Audio processing for Live Voice API and samples
+sounddevice>=0.4.6
+pyaudio>=0.2.11
+# wave is in the Python standard library; no pip package required
+
+# Database drivers
+pymongo>=4.6.0
+rapidfuzz>=3.13.0
+
+# Testing and linting tools
+locust