fix: Fix team integration citation issue and pipeline issue

[Pavan-Microsoft]

Purpose

This pull request introduces several improvements to the CI/CD pipelines, Azure authentication, and resource management, focusing on enhanced security, dynamic resource naming, and better integration with Azure services. The most significant changes include switching to Azure AD authentication for PostgreSQL, dynamically generating resource group and solution names during deployment, and consistently passing managed identity credentials throughout backend service initializations.

CI/CD and Azure Resource Management Improvements:

• Added steps in .github/workflows/ci.yml to dynamically generate unique resource group and solution suffix names for each deployment, ensuring resource isolation and easier management. These outputs are now propagated to subsequent jobs. [1] [2] [3] [4]
• Updated Makefile deploy target to validate required environment variables and pass resource group and location to azd env new, improving deployment reliability and clarity.

Security and Azure Authentication Enhancements:

• Migrated PostgreSQL authentication in CI and backend code from hardcoded credentials to Azure AD service principal tokens, using the azure-identity library for secure token acquisition. [1] [2] [3] [4] [5]
• Updated all backend service initializations (azure_blob_storage_client.py, azure_computer_vision_client.py) to consistently pass the managed identity client ID for Azure credential acquisition, supporting RBAC and improved security posture. [1] [2] [3]

Pipeline Tagging and Image Management:

• Changed Docker image tags and cache references for the main branch from latest to latest_waf in both build and CI workflows, ensuring clear separation of images intended for WAF-enabled deployments. [1] [2]

General Maintenance and Miscellaneous:

• Updated the devcontainer base image to use python:3.11-bookworm for improved compatibility and security. (.devcontainer/Dockerfile)
• Removed hardcoded PostgreSQL credentials from logs and Makefile output, reflecting the switch to secure authentication. [1] [2]
• Minor fixes to release workflow triggers and package installation in dependabot security update workflow. [1] [2]

These changes collectively enhance security, reliability, and maintainability of the deployment and backend service infrastructure.

Does this introduce a breaking change?

• Yes
• No

How to Test

• Get the code

git clone [repo-address]
cd [repo-name]
git checkout [branch-name]
npm install

What to Check

Verify that the team integration, deployment and pipeline.