Add exercise 5 task 3

Author: feaselkl

Solution/Exercise-03/Task-2/main.bicep

@@ -50,7 +50,7 @@ resource containerRegistry 'Microsoft.ContainerRegistry/registries@2020-11-01-pr
   }
 }
 
-resource appServicePlan 'Microsoft.Web/serverFarms@2020-12-01' = {
+resource appServicePlan 'Microsoft.Web/serverFarms@2022-09-01' = {
   name: appServicePlanName
   location: location
   kind: 'linux'

Solution/Exercise-05/Task-3/main.bicep

@@ -0,0 +1,123 @@
+@description('Environment of the web app')
+param environment string = 'dev'
+
+@description('Location of services')
+param location string = resourceGroup().location
+
+var webAppName = '${uniqueString(resourceGroup().id)}-${environment}'
+var appServicePlanName = '${uniqueString(resourceGroup().id)}-mpnp-asp'
+var logAnalyticsName = '${uniqueString(resourceGroup().id)}-mpnp-la'
+var appInsightsName = '${uniqueString(resourceGroup().id)}-mpnp-ai'
+var sku = 'P0V3'
+var registryName = '${uniqueString(resourceGroup().id)}mpnpreg'
+var registrySku = 'Standard'
+var imageName = 'techexcel/dotnetcoreapp'
+var startupCommand = ''
+var redisCacheName = '${uniqueString(resourceGroup().id)}-mpnp-redis'
+var redisCacheSku = 'Basic'
+
+resource redisCache 'Microsoft.Cache/Redis@2023-08-01' = {
+  name: redisCacheName
+  location: location
+  properties: {
+    sku: {
+      name: redisCacheSku
+      family: 'C'
+      capacity: 0
+    }
+    enableNonSslPort: false
+    minimumTlsVersion: '1.2'
+    redisConfiguration: {
+      'maxmemory-policy': 'volatile-lru'
+    }
+  }
+}
+
+resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = {
+  name: logAnalyticsName
+  location: location
+  properties: {
+    sku: {
+      name: 'PerGB2018'
+    }
+    retentionInDays: 90
+    workspaceCapping: {
+      dailyQuotaGb: 1
+    }
+  }
+}
+
+resource appInsights 'Microsoft.Insights/components@2020-02-02-preview' = {
+  name: appInsightsName
+  location: location
+  kind: 'web'
+  properties: {
+    Application_Type: 'web'
+    WorkspaceResourceId: logAnalyticsWorkspace.id
+  }
+}
+
+resource containerRegistry 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' = {
+  name: registryName
+  location: location
+  sku: {
+    name: registrySku
+  }
+  properties: {
+    adminUserEnabled: true
+  }
+}
+
+resource appServicePlan 'Microsoft.Web/serverFarms@2022-09-01' = {
+  name: appServicePlanName
+  location: location
+  kind: 'linux'
+  properties: {
+    reserved: true
+  }
+  sku: {
+    name: sku
+  }
+}
+
+resource appServiceApp 'Microsoft.Web/sites@2020-12-01' = {
+  name: webAppName
+  location: location
+  properties: {
+    serverFarmId: appServicePlan.id
+    httpsOnly: true
+    clientAffinityEnabled: false
+    siteConfig: {
+      linuxFxVersion: 'DOCKER|${containerRegistry.name}.azurecr.io/${uniqueString(resourceGroup().id)}/${imageName}'
+      http20Enabled: true
+      minTlsVersion: '1.2'
+      appCommandLine: startupCommand
+      appSettings: [
+        {
+          name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE'
+          value: 'false'
+        }
+        {
+          name: 'DOCKER_REGISTRY_SERVER_URL'
+          value: 'https://${containerRegistry.name}.azurecr.io'
+        }
+        {
+          name: 'DOCKER_REGISTRY_SERVER_USERNAME'
+          value: containerRegistry.name
+        }
+        {
+          name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
+          value: containerRegistry.listCredentials().passwords[0].value
+        }
+        {
+          name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
+          value: appInsights.properties.InstrumentationKey
+        }
+        ]
+      }
+    }
+}
+
+output application_name string = appServiceApp.name
+output application_url string = appServiceApp.properties.hostNames[0]
+output container_registry_name string = containerRegistry.name

docs/05_fix_performance_issue/0503.md

@@ -1,112 +1,51 @@
----
-title: '3. Implement auto-scaling in template'
-layout: default
-nav_order: 3
-parent: 'Exercise 05: Fix a performance issue using GitHub Copilot'
----
-
-# Task 03 - Implement auto-scaling in the template (20 minutes)
-
-## Introduction
-
-The Munson's Pickles and Preserves Team Messaging System is up and running! They even have a proper Git Flow to protect against unintended changes to the main branch, and are recording application telemetry into App Insights. Before we are truly production-ready, though, there is one topic we have to cover: security.
-
-One good DevOps practice is to enable protections against code-level vulnerabilities, and GitHub provides a number of useful features in this area. First, there are Issues, which allow developers or users to open 'tickets' indicating bugs to be fixed or potential vulnerabilities. If your organization prefers security flaws to be reported in a location other than GitHub, you have the option to provide a custom Security policy which describes the process for reporting.
-
-In addition to these manual processes, GitHub also provides automated tools for scanning code for common errors. In this task, you will utilize the built-in Dependabot, which provides alerts if your repository contains libraries, packages, or external dependencies with known vulnerabilities. You will also set up a workflow with CodeQL, which can scan your source code for common coding errors or basic security flaws. This will help to ensure that the Team Messaging System contains code without any known vulnerabilities.
-
-## Description
-
-In this task, you will improve the security of your repository using some of GitHub's built-in tools.
-
-1. Ask GitHub Copilot, "What do I need in a GitHub repository's security file?"
-2. Find the repository's Security policy. If there is an existing policy, make an edit and merge your change back into the main branch. Otherwise, create a policy using the template provided. GitHub Security policies are Markdown documents that indicate the preferred way to report security vulnerabilities for the repository.
-3. Ask GitHub Copilot, "How do I enable Dependabot alerts on a GitHub repository?" Then, enable Dependabot alerts for the repository. Dependabot is an automated tool that creates a pull request when any dependencies in the code base has a known vulnerability.
-4. Ask GitHub Copilot, "How do I create a code scanning workflow in a GitHub repository?" After that, set up and run a Code scanning workflow for the repository using GitHub's 'CodeQL Analysis.' This workflow can run either on each pull request or on a schedule, and it checks your code for common vulnerabilities or errors.
-5. Ask GitHub Copilot, "How can I view the results of a CodeQL analysis in GitHub?" Then, navigate to the results.
-6. You should have one security issue from code scanning. Review the security issue and read up on how to correct the issue. Create a new GitHub Issue and feature branch. Then, resolve the issue, using GitHub Copilot to assist you.
-
-## Success Criteria
-
-- In GitHub, you should be able to view the 'closed' pull request which either created or updated the Security policy (SECURITY.md file).
-- Additionally, you should be able to view a new 'open' pull request created by Dependabot requesting an update of a dependency.
-- Finally, you should be able to view the results of the CodeQL Analysis in the Security tab.
-
-## Learning Resources
-
-- [Learn more about adding a security policy to your repository](https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository).
-- [Learn more about Dependabot and vulnerable dependencies](https://docs.github.com/en/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies).
-- [Learn more about automated code scanning and understanding results](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code).
-
-## Tips
-
-- If you are stuck, check out the 'Security' tab of your repository on GitHub.
-
-## Solution
-
-<details markdown="block">
-<summary>Expand this section to view the solution</summary>
-
-1. Select **Settings** in your repo, then **Code security and analysis**. Select **Enable** on "Dependabot alerts" and "Dependabot security updates."
-
-    ![Enabled Dependabot alerts and security updates](../../Media/EnableDependabot.png)
-
-    **Note** This will also automatically enable "Dependency graph."
-2. Navigate to [https://github.com/electron/electron/blob/main/SECURITY.md](https://github.com/electron/electron/blob/main/SECURITY.md) for information about security policies. This is an example of a sample security policy that you could use for this exercise.
-3. In your GitHub repo, select **Security**, **Policy**, and **Start setup**
-
-   ![Start the security policy setup](../../Media/StartSecurityPolicySetup.png)
-
-4. Paste the security policy into the Markdown file (you can overwrite what is there now) and update it for the Munson's Pickles and Preserves Team Messaging System and the GitHub repo your code is in. Then, commit the changes to the main branch.
-
-   ![Commit the updated security policy](../../Media/CommitSecurityPolicy.png)
-
-5. Next, we need to enable CodeQL. Select **Settings** and then **Code security and analysis**.
-6. Scroll down if needed and select **Set up** in "Code scanning" for "CodeQL analysis."
-
-    ![Setup CodeQL analysis](../../Media/CodeQLAnalysisSetup.png)
-
-7. If you select "Default", the code scan will immediately be run. For this exercise, select **Advanced**.
-
-    ![Select Default](../../Media/CodeQLAdvanced.png)
-
-8. By choosing the advanced option, you can see the YAML for the pipeline that actually performs the code check. We don't need to make any changes here, but it's something you should be familiar with. An easy change to make in this file would be if you want to adjust the schedule of when the scan runs.
-
-    ![Commit the CodeQL YAML](../../Media/CodeQLYAMLCommit.png)
-
-    After you've reviewed the YAML, commit the change to main.
-
-    ![Commit the change](../../Media/CodeQLCommitChange.png)
-
-9. After you've committed the change, select **Actions** and you should see your CodeQL Scan workflow running.
-
-    ![CodeQL scan running](../../Media/CodeQLScanRunning.png)
-
-10. After about 5 minutes, you should see the workflow has completed.
-
-    ![Workflow complete](../../Media/CodeQLWorkflowComplete.png)
-
-11. After it's complete, go back to **Settings** and **Code security and analysis**. Then, select the ellipsis **...** next to the "Set up" menu. From the ellipsis dropdown, explore each of the first two options: "View last scan log" and "View Code Scanning alerts." You will find one High-risk vulnerability around arbitrary file access during archive extraction.
-
-    {: .note }
-    > This page will still show "Set up" because we chose the Advanced option instead of Basic.
-
-    ![View code scanning results](../../Media/CodeQLViewResults.png)
-
-12. Select the alert and then choose "Show more" to view details on the security issue. It turns out that an attacker could traverse to an arbitrary directory based on the way the MP&P staff wrote this function. In order to correct the function and prevent a directory traversal attack, replace `WriteToDirectory()` with the following code:
-
-    ```csharp
-    public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
-    {
-        string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName));
-        string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar);
-        if (!destFileName.StartsWith(fullDestDirPath)) {
-            throw new System.InvalidOperationException("Entry is outside the target dir: " + destFileName);
-        }
-        entry.ExtractToFile(destFileName);
-    }
-    ```
-
-    Commit the code and create a pull request to the main branch. You should then see a CodeQL scan for the pull request, and after it succeeds, complete the pull request. Then, return to the code scanning results view and confirm that no issues remain on the list.
-
-</details>
+---
+title: '3. Add support for Azure Cache for Redis'
+layout: default
+nav_order: 3
+parent: 'Exercise 05: Fix a performance issue using GitHub Copilot'
+---
+
+# Task 03 - Add support for Azure Cache for Redis (30 minutes)
+
+## Introduction
+
+The Munson's Pickles and Preserves development team has learned a considerable amount from you. They are running into one more problem they would like your assistance with. At certain points of the day, users overwhelm the Team Messaging System, causing performance issues at critical points in the day. They would like your assistance in deploying a caching tier to reduce some of the load on their databases. They would like to make this deployment in a way that supports their new infrastructure as code mode of operation. Their developers will handle making code changes to support this new caching layer.
+
+{: .note }
+> The actual Team Messaging System that we have used in this demo operates on a built-in memory cache on the web server. For that reason, this task is more in line with a standard database-driven web application than the one you have worked with so far.
+
+## Description
+
+In this task, you will update the infrastructure as code Bicep script and create an instance of Azure Cache for Redis for the Team Messaging System web application.
+
+1. Create an Issue and a feature branch associated with your infrastructure as code changes.
+2. Use GitHub Copilot to add support for the Basic SKU (C0) of Azure Cache for Redis.
+3. Check in your changes and have GitHub Copilot assist on creating the commit message.
+4. Create a pull request to the main branch, using GitHub Copilot Enterprise to create a pull request summary. Have another team member review and approve your code before you merge the code into the main branch.
+5. Ensure that the deployment completes (including a manual execution of the Azure Bicep workflow) and review your resource group in the Azure Portal to ensure that Azure Cache for Redis exists.
+
+## Success Criteria
+
+- In GitHub, you should see a successful execution of the **Azure Bicep** GitHub Actions workflow.
+- In the Azure Portal, you should see your Azure Cache for Redis instance.
+
+## Learning Resources
+
+- [Quickstart: Create an Azure Cache for Redis using Bicep](https://learn.microsoft.com/azure/azure-cache-for-redis/cache-redis-cache-bicep-provision?tabs=CLI).
+
+## Tips
+
+- If you receive an error message like the following:
+
+    > The subscription is not registered to use namespace 'Microsoft.Cache'. See https://aka.ms/rps-not-found for how to register subscriptions.
+
+    Be sure to enable the **Microsoft.Cache** namespace [in the Azure Portal](https://learn.microsoft.com/azure/azure-resource-manager/troubleshooting/error-register-resource-provider?tabs=azure-portal).
+
+## Solution
+
+<details markdown="block">
+<summary>Expand this section to view the solution</summary>
+
+- The final Bicep script is [in the solution folder]((https://github.com/microsoft/TechExcel-Accelerate-developer-productivity-with-GitHub-Copilot-and-Dev-Box/blob/main/Solution/Exercise-05/Task-3/main.bicep)). Before looking at this script, try to use GitHub Copilot to generate the changes to your existing `/src/InfrastructureAsCode/main.bicep` file. You may wish to use a prompt such as "Please add in a Basic C0 instance of Azure Cache for Redis." Then, you may wish to compare what GitHub Copilot generated.
+
+</details>