feat: Infrastructure and CI/CD for test environment

.env.example

@@ -33,9 +33,10 @@ AZURE_DEVOPS_ORG=your-org-name
 AZURE_DEVOPS_PAT=abcdef1234567890abcdef1234567890abcdef1234567890
 
 # Microsoft Teams Bot
-# Note: TEAMS_APP_ID and TEAMS_APP_PASSWORD are stored in Key Vault, not .env
-# The bot loads credentials from Key Vault at runtime using managed identity
-AZURE_KEY_VAULT_NAME=your-key-vault-name
+# Note: TEAMS_APP_ID and TEAMS_APP_PASSWORD are managed via GitHub Secrets
+# and set as environment variables during deployment
+TEAMS_APP_ID=your-teams-app-id
+TEAMS_APP_PASSWORD=your-teams-app-password
 
 # Local Development
 PORT=8000

.github/workflows/test.yml

@@ -72,7 +72,6 @@ jobs:
   unit-tests:
     name: Unit Tests
     runs-on: ubuntu-latest
-    needs: [build-bot]
 
     steps:
       - name: Checkout code
@@ -83,19 +82,37 @@ jobs:
         with:
           dotnet-version: ${{ env.DOTNET_VERSION }}
 
-      - name: Run tests
+      - name: Restore dependencies
+        run: dotnet restore ./Pennie.sln
+
+      - name: Build solution
+        run: dotnet build ./Pennie.sln --configuration Release --no-restore
+
+      - name: Run unit tests
         run: |
-          # TODO: Implement unit tests
-          # dotnet test ./tests/unit/ --configuration Release --collect:"XPlat Code Coverage"
-          echo "Unit tests would run here"
+          dotnet test ./tests/PennieBot.Tests.csproj \
+            --configuration Release \
+            --no-build \
+            --verbosity normal \
+            --logger "trx;LogFileName=test-results.trx" \
+            --collect:"XPlat Code Coverage" \
+            --results-directory ./TestResults
+
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-results
+          path: ./TestResults
 
       - name: Upload coverage
         if: always()
         uses: codecov/codecov-action@v4
         with:
-          files: ./coverage.xml
+          directory: ./TestResults
           flags: unittests
           name: codecov-umbrella
+          fail_ci_if_error: false
 
   validate-bicep:
     name: Validate Bicep Templates

.gitignore

@@ -4,6 +4,10 @@
 .env.*.local
 *.env
 
+# Local development config (contains secrets)
+appsettings.local.json
+bot/appsettings.local.json
+
 # Azure and Keys
 *.pfx
 *.p12
@@ -118,3 +122,4 @@ ApplicationInsights.config
 bot/*.zip
 bot/publish-*/
 bot/teams-manifest/*.zip
+src/*.zip

CLAUDE.md

@@ -105,14 +105,26 @@ Pennie uses Microsoft's official Azure DevOps MCP Server for work item operation
 
 ## Deployment Strategy
 
-### Target Environment (KnowAll Ltd - Internal Deployment)
-- **Resource Group**: `TMinus15Agents` (existing in KnowAll Ltd tenant)
+### Target Environments (KnowAll Ltd - Internal Deployment)
+
+**CRITICAL: Each environment uses a SEPARATE resource group. Never deploy test to prod or vice versa.**
+
+| Environment | Resource Group | VM Name | Description |
+|-------------|----------------|---------|-------------|
+| **Production** | `TMinus15Agents` | `pennie-vm-prod` | Live production environment |
+| **Test** | `TMinus15Agents-Test` | `pennie-vm-test` | Test/staging environment (uses Spot VM) |
+
 - **Location**: `uksouth` (single-region deployment for UK data residency)
 - **Subscription**: See `.env` file (not committed to Git)
 - **AI Hub**: `knowall-ai-foundry` (existing, UK South)
 - **AI Project**: `T-Minus-15 Agents` (existing)
 - **OpenAI Model**: GPT-4o (2024-08-06) - verified available in UK South
 
+**GitHub Environment Configuration**:
+- Each GitHub environment (`prod`, `test`) has its own `AZURE_RESOURCE_GROUP` secret
+- The workflow reads from the environment-scoped secret, not a repo-level secret
+- Test environment uses Spot VM (`useSpotVM: true`) for 60-80% cost savings
+
 **Note for Other Deployers**: This is KnowAll's internal configuration. Choose your own region based on compliance needs. GPT-4o is available in UK South, East US 2, Sweden Central, and other regions.
 
 ### Deployment Scripts
@@ -146,7 +158,7 @@ az deployment sub create \
   --template-file infra/main.bicep \
   --parameters environmentName=prod
 ```
-- Deploys AI Foundry Hub, Project, Storage, Key Vault, Monitoring
+- Deploys AI Foundry Hub, Project, Storage, Monitoring
 - Windows VM for Teams Bot (future phase)
 
 ### GitHub Actions Workflow
@@ -179,7 +191,7 @@ Values already configured in `.env`:
 
 - All components must reside within the organization's Azure tenant
 - No external services required
-- Secrets managed via GitHub Secrets and Azure Key Vault
+- Secrets managed via GitHub Secrets (set as environment variables during deployment)
 - Authentication uses managed identity, not PAT tokens where possible
 
 ## Repository Structure

Pennie.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PennieBot", "bot\PennieBot.csproj", "{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PennieBot.Tests", "tests\PennieBot.Tests.csproj", "{B2C3D4E5-F6A7-8901-BCDE-F23456789012}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A1B2C3D4-E5F6-7890-ABCD-EF1234567890}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B2C3D4E5-F6A7-8901-BCDE-F23456789012}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B2C3D4E5-F6A7-8901-BCDE-F23456789012}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B2C3D4E5-F6A7-8901-BCDE-F23456789012}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B2C3D4E5-F6A7-8901-BCDE-F23456789012}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal

agent-config.json

@@ -137,7 +137,7 @@
     "owner": "Ben Weeks",
     "owner_email": "ben.weeks@outlook.com",
     "license": "MIT",
-    "repository": "https://github.com/benweeks/GetPenn.ie",
+    "repository": "https://github.com/KnowAll-AI/GetPenn.ie",
     "deployment_region": "uksouth",
     "model_info": {
       "name": "GPT-4o",