feat: update pipeline

[MounirAbdousNventive]

GitHub Issue or Internal Use Azure Devops Work Item ID:

Proposed Changes

• Bug fix
• Feature
• Code style update (formatting)
• Refactoring (no functional changes, no api changes)
• Build or CI related changes
• Documentation content changes
• Other, please describe:

What is the current behavior?

What is the new behavior?

Checklist

Please check that your PR fulfills the following requirements:

• Documentation has been added/updated.

Other information

[Copilot]

Pull request overview

This PR modernizes the Azure infrastructure and CI/CD pipeline by migrating from Azure CDN to Azure Front Door and implementing comprehensive infrastructure-as-code improvements. The changes also include minor frontend SCSS variable naming convention updates.

Changes:

• Migrated from Azure CDN (Standard_Microsoft) to Azure Front Door with optional Premium SKU and WAF support
• Updated Terraform provider to azurerm ~> 4.58 and added comprehensive variable validation
• Refactored Azure DevOps pipeline with environment-specific deployments, caching, and improved orchestration
• Changed SCSS private variable naming convention from $_ to $- prefix

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 18 comments.

Show a summary per file

File	Description
terraform/variables.tf	Added subscription_id, location, frontdoor_sku variables with validation rules
terraform/provider.tf	Upgraded azurerm provider to ~> 4.58, updated backend configuration, removed old data sources
terraform/main.tf	Complete rewrite: migrated from CDN to Front Door, added resource group creation, WAF support, improved CORS and compression
terraform/outputs.tf	New file with comprehensive outputs for resource details and Front Door endpoints
terraform/env/staging.tfvars	Removed staging environment (now uses uat)
terraform/env/dev.tfvars	Added full configuration with all required variables
frontend/src/themes/theme.ts	Updated CSS variable naming comment from customProperties to custom-properties
frontend/src/styles/mixins/_generics.scss	Changed private variable from $_font-base-size to $-font-base-size
frontend/src/styles/_variables.scss	Updated MUI custom property CSS variable references to use hyphens
frontend/src/styles/_export.scss	Changed private variables from $_ prefix to $- prefix
azure-pipelines.yml	Restructured with emoji display names, added PR triggers, updated versioning
azure-pipeline/terraform_steps.yml	Added version parameter, emoji display names, improved summary output
azure-pipeline/terraform_plan.yml	Added terraformVersion and dependsOn parameters, updated display names
azure-pipeline/environments_loop.yml	Complete rewrite: added environment-specific configuration, approval gates, dependency management
azure-pipeline/deploy_validation.yml	Enhanced approval gate with detailed instructions, renamed parameter to dependsOn
azure-pipeline/deploy_frontend.yml	Migrated to bash scripts, updated for Front Door, improved artifact handling
azure-pipeline/build_frontend.yml	Added caching, linting/type-checking for PRs, improved artifact publishing

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The default Terraform version is set to "1.10.3", but the Terraform configuration requires version ">= 1.14.0" in provider.tf, and the main pipeline specifies version "1.14.4". Update this default value to match "1.14.4" to prevent version mismatch issues.

Suggested change

	default: "1.10.3"
	default: "1.14.4"

[Copilot]

The default Terraform version parameter is set to "1.10.3", but the Terraform configuration requires version ">= 1.14.0" in provider.tf, and the main pipeline specifies version "1.14.4". Update this default value to match "1.14.4" to prevent version mismatch issues.

Suggested change

	default: "1.10.3"
	default: "1.14.4"

[Copilot]

The storage account naming logic in the pipeline (st + PROJECT_SHORT_NAME + environment) doesn't match the Terraform logic which uses substr(replace("st${var.project_short_name}${var.environment}", "-", ""), 0, 24). If PROJECT_SHORT_NAME or the environment contains hyphens, the pipeline variable won't match the actual storage account name created by Terraform, causing deployment failures. The pipeline should use the same logic or reference the Terraform output.

Suggested change

	value: st$(PROJECT_SHORT_NAME)${{ parameters.environment }}
	value: ${{ substring(replace(format('st{0}{1}', variables['PROJECT_SHORT_NAME'], parameters.environment), '-', ''), 0, 24) }}

[Copilot]

The default Node.js version parameter is set to "22.x", but the main pipeline specifies "24.x" in the global variables. This inconsistency could lead to builds using different Node.js versions depending on how the template is called. Update the default to match "24.x" or ensure the parameter is always passed explicitly.

Suggested change

	default: "22.x"
	default: "24.x"

[Copilot]

The provider configuration sets prevent_deletion_if_contains_resources to false, which allows resource groups to be deleted even when they contain resources. This is dangerous for production environments as it could lead to accidental data loss. Consider making this configurable per environment or setting it to true for production to prevent accidental deletions.

[Copilot]

CORS configuration allows all origins ("*") which could be a security risk for a production application. Consider restricting allowed_origins to specific domains, especially for production environments. If wildcard is necessary for development, consider making this configurable per environment.

[Copilot]

The parameter name has been changed from "lastCommand" to "command" which is clearer, but this is a breaking change. Ensure all references to this template have been updated to use the new parameter name.

[Copilot]

The subscription_id variable is required but not provided in the environment-specific tfvars files (qa.tfvars, uat.tfvars, prod.tfvars). Only dev.tfvars includes a comment about setting it. The pipeline's commandOptions in environments_loop.yml don't include -var="subscription_id=..." for any environment, which will cause Terraform to fail when trying to apply these configurations. Either add the subscription_id to each environment's tfvars file, pass it via the pipeline's commandOptions, or ensure it's defined in the variable groups.

Suggested change

	sensitive = true
	sensitive = true
	default = ""

[Copilot]

The default Terraform version is set to "1.10.3", but the Terraform configuration requires version ">= 1.14.0" in provider.tf, and the main pipeline specifies version "1.14.4". Update this default value to match "1.14.4" to prevent version mismatch issues.

Suggested change

	default: "1.10.3"
	default: "1.14.4"

[Copilot]

The isValidationBuild parameter is set to true for PR builds, but the template doesn't seem to be called with this parameter set in the PR stage. Verify that this parameter is being properly utilized to ensure linting and type checking only run during PR validation as intended.