disable AAD user operations on dev container environment (#151)

## Purpose

This is a workaround for pipeline check

## Does this introduce a breaking change?
<!-- Mark one with an "x". -->
```
[ ] Yes
[x] No
```

## Pull Request Type
What kind of change does this Pull Request introduce?

<!-- Please check the one that applies to this PR using "x". -->
```
[x] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:
```

.github/workflows/validation-sample-workflow.yml

@@ -15,7 +15,7 @@ jobs:
       - uses: actions/checkout@v4
 
       # https://github.com/microsoft/template-validation-action
-      - uses: microsoft/template-validation-action@v0.3.3
+      - uses: microsoft/template-validation-action@v0.3.5
         id: validation
         with:
           validateAzd: true

infra/bicep/hooks/postprovision.sh

@@ -10,20 +10,30 @@ GREEN='\033[0;32m'
 NC='\033[0m' # No Color
 
 echo ""
-echo -e "${GREEN}INFO:${NC} Updating container apps connection ..."
-
-# refresh service connection, via customers-service
-az containerapp connection create mysql-flexible --subscription $subscriptionId -g $resourceGroupName \
-  --connection $sqlConnectName --source-id $customersServiceId --target-id $sqlDatabaseId --client-type springBoot \
-  --user-identity client-id=$appUserIdentityClientId subs-id=$subscriptionId mysql-identity-id=$sqlAdminIdentityId \
-    user-object-id=$AAD_USER_ID \
-  -c $customersServiceName -y > /dev/null
-
-# Allow user to visit Spring Boot Admin dashboard
-az role assignment create --role "Container Apps ManagedEnvironments Contributor" \
-  --scope $containerAppsEnvironmentId \
-  --assignee $AAD_USER_ID \
-  --description "allow user to visit Spring Boot Admin dashboard" > /dev/null
+
+# Skip AAD_USER_ID related operations in pipeline environment (CREATE_ROLE_FOR_USER == false)
+if [[ "$CREATE_ROLE_FOR_USER" == false ]]; then
+
+  echo -e "${GREEN}INFO:${NC} CREATE_ROLE_FOR_USER = false, missed AAD_USER_ID"
+  echo -e "${GREEN}INFO:${NC} Should create service connection manually"
+
+else
+
+  echo -e "${GREEN}INFO:${NC} Updating container apps connection ..."
+
+  # refresh service connection, via customers-service
+  az containerapp connection create mysql-flexible --subscription $subscriptionId -g $resourceGroupName \
+    --connection $sqlConnectName --source-id $customersServiceId --target-id $sqlDatabaseId --client-type springBoot \
+    --user-identity client-id=$appUserIdentityClientId subs-id=$subscriptionId mysql-identity-id=$sqlAdminIdentityId \
+      user-object-id=$AAD_USER_ID \
+    -c $customersServiceName -y > /dev/null
+
+  # Allow user to visit Spring Boot Admin dashboard
+  az role assignment create --role "Container Apps ManagedEnvironments Contributor" \
+    --scope $containerAppsEnvironmentId \
+    --assignee $AAD_USER_ID \
+    --description "allow user to visit Spring Boot Admin dashboard" > /dev/null
+fi
 
 echo ""
 echo -e "${GREEN}INFO:${NC} Deploy finish succeed!"

infra/bicep/hooks/preprovision.sh

@@ -11,6 +11,11 @@ else
     exit 1
 fi
 
+if [[ "$CREATE_ROLE_FOR_USER" == false ]]; then
+    echo -e "${GREEN}INFO:${NC} CREATE_ROLE_FOR_USER = false, skipping AAD_USER_ID."
+    exit 0
+fi
+
 # Check input AAD User Id
 echo -e "${GREEN}INFO:${NC} Checking AAD_USER_ID: '$AAD_USER_ID'"
 if [[ $AAD_USER_ID =~ ^\{?[A-F0-9a-f]{8}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{12}\}?$ ]]; then