fpittelo · fpittelo · Nov 23, 2025 · Nov 22, 2025 · Nov 22, 2025 · Nov 22, 2025
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -5,6 +5,7 @@ This document explains the modular deployment and destroy workflows for the Alpi
 ## Overview
 
 The deployment and destroy processes have been modularized into distinct, triggerable workflows. This allows for:
+
 - **Efficiency**: Only deploy what you need (backend, infrastructure, or application)
 - **Flexibility**: Run workflows independently or orchestrated together
 - **Cost Optimization**: Avoid unnecessary operations (e.g., running Terraform when only frontend changes)
@@ -14,29 +15,35 @@ The deployment and destroy processes have been modularized into distinct, trigge
 ### Deployment Workflows
 
 #### 1. `deploy-backend.yaml` - Backend Storage Deployment
+
 **Purpose**: Creates the remote Terraform state storage in Azure (Blob Storage)
 
 **When to use**:
+
 - First-time setup for a new environment
 - Rarely needed after initial setup
 - Only if backend storage was accidentally deleted
 
 **What it creates**:
+
 - Azure Resource Group: `{env}-bkd-alpinebot`
 - Azure Storage Account: `{env}bkdalpinebotsa`
 - Azure Storage Container: `{env}-bkd-alpinebot-co`
 
 **Trigger**: Manual (workflow_dispatch)
 
 #### 2. `deploy-infra.yaml` - Infrastructure Deployment
+
 **Purpose**: Deploys all infrastructure using Terraform
 
 **When to use**:
+
 - When infrastructure code changes (modules, main.tf, variables, etc.)
 - When scaling resources
 - When adding/removing Azure services
 
 **What it deploys**:
+
 - Azure Resource Group
 - Key Vault
 - OpenAI Cognitive Account
@@ -52,14 +59,17 @@ The deployment and destroy processes have been modularized into distinct, trigge
 **Trigger**: Manual (workflow_dispatch)
 
 #### 3. `deploy-app.yaml` - Application Deployment
+
 **Purpose**: Builds and deploys only the frontend React application
 
 **When to use**:
+
 - On every frontend code change
 - When updating UI/UX
 - Most frequent deployment workflow
 
 **What it does**:
+
 - Installs npm dependencies
 - Builds React application
 - Deploys build artifacts to Azure Web App
@@ -69,14 +79,17 @@ The deployment and destroy processes have been modularized into distinct, trigge
 **Trigger**: Manual (workflow_dispatch)
 
 #### 4. `deploy.yaml` - Full Environment Orchestrator
+
 **Purpose**: Orchestrates backend, infrastructure, and application deployment in sequence
 
 **When to use**:
+
 - Complete environment setup
 - When you want to control which components to deploy
 - Backward compatibility with old workflow
 
 **Features**:
+
 - Optional backend deployment (default: false)
 - Optional infrastructure deployment (default: true)
 - Optional application deployment (default: true)
@@ -87,29 +100,35 @@ The deployment and destroy processes have been modularized into distinct, trigge
 ### Destroy Workflows
 
 #### 1. `destroy-app.yaml` - Application Destroy
+
 **Purpose**: Stops the Web App deployment
 
 **When to use**:
+
 - To stop the running application without destroying infrastructure
 - Temporary shutdown to save costs
 - Before redeploying a fresh build
 
 **What it does**:
+
 - Stops the Azure Web App
 
 **Note**: Does not delete the App Service resource, only stops it
 
 **Trigger**: Manual (workflow_dispatch)
 
 #### 2. `destroy-infra.yaml` - Infrastructure Destroy
+
 **Purpose**: Destroys all Terraform-managed infrastructure
 
 **When to use**:
+
 - Tearing down an environment
 - Before major infrastructure changes
 - Cleanup after testing
 
 **What it destroys**:
+
 - All resources created by Terraform
 - Does NOT destroy backend storage (state remains safe)
 
@@ -118,13 +137,16 @@ The deployment and destroy processes have been modularized into distinct, trigge
 **Trigger**: Manual (workflow_dispatch)
 
 #### 3. `destroy-backend.yaml` - Backend Storage Destroy
+
 **Purpose**: Destroys the backend Terraform state storage
 
 **When to use**:
+
 - Complete environment teardown
 - WARNING: This deletes your Terraform state!
 
 **What it destroys**:
+
 - Storage Container
 - Storage Account
 - Resource Group
@@ -136,13 +158,16 @@ The deployment and destroy processes have been modularized into distinct, trigge
 **Trigger**: Manual (workflow_dispatch)
 
 #### 4. `destroy.yaml` - Full Environment Orchestrator
+
 **Purpose**: Orchestrates destruction of app, infrastructure, and backend in sequence
 
 **When to use**:
+
 - Complete environment teardown
 - When you want control over what to destroy
 
 **Features**:
+
 - Optional app destroy (default: true)
 - Optional infrastructure destroy (default: true)
 - Optional backend destroy (default: false) - protected by default
@@ -153,13 +178,15 @@ The deployment and destroy processes have been modularized into distinct, trigge
 ## Usage Examples
 
 ### Scenario 1: First-Time Environment Setup
+
 ```
 1. Run: deploy-backend.yaml (env: dev)
 2. Run: deploy-infra.yaml (env: dev)
 3. Run: deploy-app.yaml (env: dev)
 ```
 
 Or use the orchestrator:
+
 ```
 1. Run: deploy.yaml
    - environment: dev
@@ -169,24 +196,28 @@ Or use the orchestrator:
 ```
 
 ### Scenario 2: Frontend Code Change
+
 ```
 1. Run: deploy-app.yaml (env: dev)
 ```
 
 ### Scenario 3: Infrastructure Update
+
 ```
 1. Run: deploy-infra.yaml (env: dev)
 2. Run: deploy-app.yaml (env: dev)  # Re-deploy app if needed
 ```
 
 ### Scenario 4: Complete Environment Teardown
+
 ```
 1. Run: destroy-app.yaml (env: dev)
 2. Run: destroy-infra.yaml (env: dev)
 3. Run: destroy-backend.yaml (env: dev)  # Only if you want to delete state
 ```
 
 Or use the orchestrator:
+
 ```
 1. Run: destroy.yaml
    - environment: dev
@@ -196,6 +227,7 @@ Or use the orchestrator:
 ```
 
 ### Scenario 5: Temporary Shutdown
+
 ```
 1. Run: destroy-app.yaml (env: dev)
 # Infrastructure remains, just the app is stopped
@@ -204,13 +236,15 @@ Or use the orchestrator:
 ## Environment Support
 
 All workflows support three environments:
+
 - `dev` - Development environment
 - `qa` - Quality Assurance/Testing environment
 - `main` - Production environment
 
 ## Required Secrets
 
 All workflows require these GitHub secrets to be configured:
+
 - `AZURE_CLIENT_ID` - Azure Service Principal Client ID
 - `AZURE_TENANT_ID` - Azure Tenant ID
 - `AZURE_SUBSCRIPTION_ID` - Azure Subscription ID
@@ -220,8 +254,6 @@ All workflows require these GitHub secrets to be configured:
 - `POSTGRESQL_ADMIN_PASSWORD` - PostgreSQL admin password
 - `GOOGLE_CLIENT_ID` - Google OAuth Client ID
 - `GOOGLE_CLIENT_SECRET` - Google OAuth Client Secret
-- `MICROSOFT_CLIENT_ID` - Microsoft OAuth Client ID
-- `MICROSOFT_CLIENT_SECRET` - Microsoft OAuth Client Secret
 
 ## Best Practices
 
@@ -236,35 +268,42 @@ All workflows require these GitHub secrets to be configured:
 ## Troubleshooting
 
 ### Backend already exists error
+
 - This is normal if backend was already created
 - Skip the backend deployment step or use orchestrator with `deploy_backend: false`
 
 ### Terraform state lock error
+
 - Wait for other Terraform operations to complete
 - Check if another workflow is running
 
 ### Web App not found during destroy
+
 - The resource may already be deleted
 - Check Azure Portal to verify
 - This is generally safe to ignore
 
 ### Permission errors
+
 - Verify all required secrets are configured
 - Check Azure Service Principal permissions
 - Ensure OIDC federation is properly configured
 
 ## Migration from Old Workflows
 
 The old monolithic workflows have been replaced with:
+
 - `deploy.yaml` - Now an orchestrator with options
 - `destroy.yaml` - Now an orchestrator with options
 
 **Key differences**:
+
 - More granular control over what gets deployed/destroyed
 - Optional components via boolean inputs
 - Better efficiency by skipping unnecessary steps
 
 **Backward compatibility**:
+
 - The orchestrator workflows maintain similar behavior
 - Can still deploy full environment in one run
 - Choose which components to deploy/destroy
diff --git a/.github/workflows/deploy-function.yaml b/.github/workflows/deploy-function.yaml
@@ -0,0 +1,63 @@
+name: Deploy Function App
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment to deploy function app to'
+        required: true
+        type: choice
+        options:
+          - dev
+          - qa
+          - main
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy-function:
+    name: Deploy Azure Function App
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.environment }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set environment
+        id: setenv
+        run: |
+          echo "ENVIRONMENT=${{ github.event.inputs.environment }}" >> $GITHUB_ENV
+          echo "environment=${{ github.event.inputs.environment }}" >> $GITHUB_OUTPUT
+
+      - name: Login To Azure Using OIDC
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          allow-no-subscriptions: false
+          enable-AzPSSession: false
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install Dependencies
+        run: |
+          cd backend
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Deploy to Azure Function App
+        uses: Azure/functions-action@v1
+        with:
+          app-name: ${{ env.ENVIRONMENT }}-alpinebot-func
+          package: ./backend
+
+      - name: Output deployment information
+        run: |
+          echo "Function App deployed successfully to: ${{ env.ENVIRONMENT }}-alpinebot-func"
+          echo "Function URL: https://${{ env.ENVIRONMENT }}-alpinebot-func.azurewebsites.net"
diff --git a/.github/workflows/deploy-infra.yaml b/.github/workflows/deploy-infra.yaml
@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
     inputs:
       environment:
-        description: 'Environment to deploy infrastructure to'
+        description: "Environment to deploy infrastructure to"
         required: true
         type: choice
         options:
@@ -52,8 +52,6 @@ jobs:
           echo "TF_VAR_postgresql_admin_username=${{ secrets.POSTGRESQL_ADMIN_USERNAME }}" >> $GITHUB_ENV
           echo "TF_VAR_google_client_id=${{ secrets.GOOGLE_CLIENT_ID }}" >> $GITHUB_ENV
           echo "TF_VAR_google_client_secret=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> $GITHUB_ENV
-          echo "TF_VAR_microsoft_client_id=${{ secrets.MICROSOFT_CLIENT_ID }}" >> $GITHUB_ENV
-          echo "TF_VAR_microsoft_client_secret=${{ secrets.MICROSOFT_CLIENT_SECRET }}" >> $GITHUB_ENV
 
       - name: Set Up Terraform
         uses: hashicorp/setup-terraform@v2