microsoft
diff --git a/‎Media/0502_Branches.png
35.2 KB b/‎Media/0502_Branches.png
35.2 KB
diff --git a/‎docs/05_fix_performance_issue/0502.md
Lines changed: 11 additions & 66 deletions b/‎docs/05_fix_performance_issue/0502.md
Lines changed: 11 additions & 66 deletions
@@ -7,13 +7,6 @@ parent: 'Exercise 05: Fix a performance issue using GitHub Copilot'
 
 # Task 02 - Remediate in code and create a pull request summary (20 minutes)
 
-- Ask Copilot a question in the repository: https://docs.github.com/en/enterprise-cloud@latest/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom
-- Create an Issue and a feature branch
-- Find the relevant calling code -- might want to ask GitHub Copilot "Is this code optimized for performance?"
-- Update the code to make it faster
-- Check in, use GitHub Copilot to create a pull request summary, and have another team member review the PR before merging into prod
-- Let deployment complete and ensure that the web application is faster now
-
 ## Introduction
 
 In the prior task, you identified which application call is performing the worst. In this task, the MP&P team would like you to use GitHub Copilot to resolve this issue, once again following the Git Flow: creating an Issue, creating a feature branch, resolving the issue, committing changes, creating a pull request, and deploying code out to each environment by way of a GitHub Actions workflow.
@@ -46,70 +39,22 @@ In this task, you will improve the performance of the Team Messaging System.
 
 ## Solution
 
-TODO:
 <details markdown="block">
 <summary>Expand this section to view the solution</summary>
 
-1. Select **Settings** in your repo, then **Code security and analysis**. Select **Enable** on "Dependabot alerts" and "Dependabot security updates."
-
-    ![Enabled Dependabot alerts and security updates](../../Media/EnableDependabot.png)
-
-    **Note** This will also automatically enable "Dependency graph."
-2. Navigate to [https://github.com/electron/electron/blob/main/SECURITY.md](https://github.com/electron/electron/blob/main/SECURITY.md) for information about security policies. This is an example of a sample security policy that you could use for this exercise.
-3. In your GitHub repo, select **Security**, **Policy**, and **Start setup**
-
-   ![Start the security policy setup](../../Media/StartSecurityPolicySetup.png)
-
-4. Paste the security policy into the Markdown file (you can overwrite what is there now) and update it for the Munson's Pickles and Preserves Team Messaging System and the GitHub repo your code is in. Then, commit the changes to the main branch.
-
-   ![Commit the updated security policy](../../Media/CommitSecurityPolicy.png)
-
-5. Next, we need to enable CodeQL. Select **Settings** and then **Code security and analysis**.
-6. Scroll down if needed and select **Set up** in "Code scanning" for "CodeQL analysis."
-
-    ![Setup CodeQL analysis](../../Media/CodeQLAnalysisSetup.png)
-
-7. If you select "Default", the code scan will immediately be run. For this exercise, select **Advanced**.
-
-    ![Select Default](../../Media/CodeQLAdvanced.png)
-
-8. By choosing the advanced option, you can see the YAML for the pipeline that actually performs the code check. We don't need to make any changes here, but it's something you should be familiar with. An easy change to make in this file would be if you want to adjust the schedule of when the scan runs.
-
-    ![Commit the CodeQL YAML](../../Media/CodeQLYAMLCommit.png)
-
-    After you've reviewed the YAML, commit the change to main.
-
-    ![Commit the change](../../Media/CodeQLCommitChange.png)
-
-9. After you've committed the change, select **Actions** and you should see your CodeQL Scan workflow running.
-
-    ![CodeQL scan running](../../Media/CodeQLScanRunning.png)
-
-10. After about 5 minutes, you should see the workflow has completed.
-
-    ![Workflow complete](../../Media/CodeQLWorkflowComplete.png)
-
-11. After it's complete, go back to **Settings** and **Code security and analysis**. Then, select the ellipsis **...** next to the "Set up" menu. From the ellipsis dropdown, explore each of the first two options: "View last scan log" and "View Code Scanning alerts." You will find one High-risk vulnerability around arbitrary file access during archive extraction.
-
-    {: .note }
-    > This page will still show "Set up" because we chose the Advanced option instead of Basic.
-
-    ![View code scanning results](../../Media/CodeQLViewResults.png)
+1. In order to [ask an exploratory question about the repository](https://docs.github.com/en/enterprise-cloud@latest/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-exploratory-questions-about-a-repository), select the GitHub copilot icon at the top-right of a page. Then, ask a question such as "Where can I find the AnalyzeMessages code?"
 
-12. Select the alert and then choose "Show more" to view details on the security issue. It turns out that an attacker could traverse to an arbitrary directory based on the way the MP&P staff wrote this function. In order to correct the function and prevent a directory traversal attack, replace `WriteToDirectory()` with the following code:
+    Alternatively, you could perform a code search within Visual Studio Code, looking for this text within the `/src/` directory.
+2. Once you have located the relevant code, navigate to your GitHub repository and create a new issue. You can do so either by selecting the **Issues** menu and then selecting the **New issue** button, or by navigating to the **Projects** menu, selecting your Kanban board, and then selecting the **Add Item** option for the **Backlog** card. Enter the text for your issue. If you add via the board, make sure to associate your issue with the repository. Keep track of your issue number for a later commit.
+3. Create a feature branch by selecting the **Code** menu for your repository, then selecting the **Branches** link next to the branch drop-down.
 
-    ```csharp
-    public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
-    {
-        string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName));
-        string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar);
-        if (!destFileName.StartsWith(fullDestDirPath)) {
-            throw new System.InvalidOperationException("Entry is outside the target dir: " + destFileName);
-        }
-        entry.ExtractToFile(destFileName);
-    }
-    ```
+   ![Select the branches link](../../Media/0502_Branches.png)
 
-    Commit the code and create a pull request to the main branch. You should then see a CodeQL scan for the pull request, and after it succeeds, complete the pull request. Then, return to the code scanning results view and confirm that no issues remain on the list.
+   After that, select **New branch** and enter a name, such as `performance-improvement`. Select **Create new branch** to complete the process in GitHub. Then, fetch your changes locally and check out the new branch.
+4. Return to Visual Studio Code. In the file `src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs`, highlight the `OnPostAnalyzeMessagesAsync()` method and ask GitHub Copilot a question such as "Is this code optimized for performance?" The response should indicate several reasons why this is sub-optimal code and offer a modified version that will perform better. Replace the existing code with a faster-running version.
+5. Check in your changes, using GitHub Copilot to generate a commit message for you. Be sure to include "Resolves #X" in the commit message, where X is the issue number you created. Push the changes into the remote feature branch.
+6. Create a pull request and assign it to another member of your team. Use GitHub Copilot Enterprise to generate a reasonable pull request summary.
+7. After your team member completes the code review, complete the merge. Then, navigate to the **Actions** tab and ensure that the **.NET CI** workflow runs successfully.
+8. Once deployment completes successfully, navigate to your production website, `{your_random_code}-prod.azurewebsites.net`. Perform the same testing you did in the prior task: add several messages, delete several messages, select the **Analyze** button multiple times, and refresh the page. Try a variety of these activities in different orders so you can ensure functionality remains as it was before, but the performance of the **Analyze** button is significantly faster.
 
 </details>