Merge pull request #496 from microsoft/dev

chore: merging dev changes to main branch

Author: Roopan-Microsoft

.github/workflows/deploy-waf.yml

@@ -117,6 +117,7 @@ jobs:
               enableMonitoring=true \
               enablePrivateNetworking=true \
               enableScalability=true \
+              createdBy="Pipeline" \
               
 
       - name: Send Notification on Failure

docs/ACRBuildAndPushGuide.md

@@ -0,0 +1,95 @@
+# Azure Container Registry (ACR) – Build & Push Guide
+
+This guide provides step-by-step instructions to build and push Docker images for **WebApp** and **Backend** services into Azure Container Registry (ACR).
+
+## 📋 Prerequisites
+Before starting, ensure you have:
+- An active [Azure Subscription](https://portal.azure.com/)
+- [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) installed and logged in
+- [Docker Desktop](https://docs.docker.com/get-docker/) installed and running
+- Access to your Azure Container Registry (ACR)
+- To create an Azure Container Registry (ACR), you can refer to the following guides:
+
+    - [Create Container Registry using Azure CLI](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-azure-cli)
+
+    - [Create Container Registry using Azure Portal](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal?tabs=azure-cli)
+
+    - [Create Container Registry using PowerShell](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-powershell)
+
+    - [Create Container Registry using ARM Template](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-geo-replication-template)
+
+    - [Create Container Registry using Bicep](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-bicep?tabs=CLI)
+
+---
+
+Login to ACR :
+``` bash
+az acr login --name $ACR_NAME
+```
+
+## 🚀 Build and Push Images
+
+**Backend :** 
+ 
+ ```bash 
+az acr login --name <containerregname>
+docker build --no-cache -f docker/Backend.Dockerfile -t <acrloginserver>/<repo>:<tagname> .
+docker push <acrloginserver>/<repo>:<tagname>
+ ```
+
+ If you want to update image tag and image manually you can follow below steps:
+- Go to your **Container App** in the [Azure Portal](https://portal.azure.com/#home).
+- In the left menu, select **Containers**.
+- Under your container, update:
+
+    - Image source → Azure Container Registry / Docker Hub.
+
+    - Image name → myapp/backend.
+
+    - Tag → change to the new one you pushed (e.g., v2).
+
+- Click **Save** → this will create a new revision automatically with the updated image.
+
+![alt text](./images/ContainerApp.png)
+
+**WebApp :**
+
+```bash
+az acr login --name <containerregname>
+docker build --no-cache -f docker/Frontend.Dockerfile -t <acrloginserver>/<repo>:<tagname> .
+docker push <acrloginserver>/<repo>:<tagname>
+```
+
+If you want to update image tag and image manually you can follow below steps:
+- Go to your App Service in the [Azure Portal](https://portal.azure.com/#home).
+- In the left menu, select Deployment → Deployment Center
+- Under Container settings, you can configure:
+
+    - Image Source → (e.g., Azure Container Registry / Docker Hub / Other).
+
+    - Image Name → e.g., myapp/backend.
+
+    - Tag → e.g., v1.2.3.
+
+![alt text](./images/AppServiceContainer.png)
+
+
+## ✅ Verification
+
+Run the following command to verify that images were pushed successfully:
+```bash
+az acr repository list --name $ACR_NAME --output table
+```
+
+You should see repositories in the output.
+
+## 📝 Notes
+
+- Always use meaningful tags (v1.0.0, staging, prod) instead of just latest.
+
+- If you are pushing from a CI/CD pipeline, make sure the pipeline agent has access to Docker and ACR.
+
+- For private images, ensure your services (e.g., Azure Container Apps, AKS, App Service) are configured with appropriate ACR pull permissions.
+
+
+

docs/CustomizingAzdParameters.md

@@ -13,7 +13,7 @@ By default this template will use the environment name as the prefix to prevent
 | `AZURE_ENV_OPENAI_LOCATION`     | string | `<User selects during deployment>`   | Specifies the region for OpenAI resource deployment.                                                |
 | `AZURE_ENV_MODEL_DEPLOYMENT_TYPE` | string | `GlobalStandard` | Defines the deployment type for the AI model (e.g., Standard, GlobalStandard).                     |
 | `AZURE_ENV_MODEL_NAME`          | string | `gpt-4o`          | Specifies the name of the GPT model to be deployed.                                                |
-| `AZURE_ENV_FOUNDRY_PROJECT_ID`          | string | `<Existing Workspace Id>`          | Set this if you want to reuse an AI Foundry Project instead of creating a new one.                                                |                        
+| `AZURE_EXISTING_AI_PROJECT_RESOURCE_ID`          | string | `<Existing Workspace Id>`          | Set this if you want to reuse an AI Foundry Project instead of creating a new one.                                                |                        
 | `AZURE_ENV_MODEL_VERSION`       | string | `2024-08-06`      | Version of the GPT model to be used for deployment.                                                |
 | `AZURE_ENV_MODEL_CAPACITY`       | int | `150`      | Sets the GPT model capacity.                                                |
 | `AZURE_ENV_IMAGETAG`            | string | `latest`          | Docker image tag used for container deployments.                                                   |

docs/DeploymentGuide.md

@@ -61,6 +61,23 @@ By default, the `azd up` command uses the [`main.parameters.json`](../infra/main
 
 For **production deployments**, the repository also provides [`main.waf.parameters.json`](../infra/main.waf.parameters.json), which applies a [Well-Architected Framework (WAF) aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:
 
+  **Prerequisite** — Enable the Microsoft.Compute/EncryptionAtHost feature for every subscription (and region, if required) where you plan to deploy VMs or VM scale sets with `encryptionAtHost: true`. Repeat the registration steps below for each target subscription (and for each region when applicable). This step is required for **WAF-aligned** (production) deployments.
+
+  Steps to enable the feature:
+  1. Set the target subscription:
+     Run: <code>az account set --subscription "&lt;YourSubscriptionId&gt;"</code>
+  2. Register the feature (one time per subscription):
+     Run: <code>az feature register --name EncryptionAtHost --namespace Microsoft.Compute</code>
+  3. Wait until registration completes and shows "Registered":
+     Run: <code>az feature show --name EncryptionAtHost --namespace Microsoft.Compute --query properties.state -o tsv</code>
+  4. Refresh the provider (if required):
+     Run: <code>az provider register --namespace Microsoft.Compute</code>
+  5. Re-run the deployment after registration is complete.
+
+  Note: Feature registration can take several minutes. Ensure the feature is registered before attempting deployments that require encryptionAtHost.
+
+  Reference: Azure Host Encryption — https://learn.microsoft.com/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-cli
+
   - Enhanced network security (e.g., Network protection with private endpoints)
   - Stricter access controls and managed identities
   - Logging, monitoring, and diagnostics enabled by default