From 31f74de355b3cd49f4b7effe806e746c3c6e5ac4 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Wed, 28 Aug 2024 12:17:09 +0800 Subject: [PATCH 01/17] first workflow --- .github/workflows/1.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/1.yaml diff --git a/.github/workflows/1.yaml b/.github/workflows/1.yaml new file mode 100644 index 00000000..0b32b6d3 --- /dev/null +++ b/.github/workflows/1.yaml @@ -0,0 +1,28 @@ +name: First Workflow + +on: + workflow_dispatch: + +jobs: + job1: + runs-on: ubuntu-latest + steps: + - name: Set environment variable + run: echo "MY_VARIABLE=Hello from job1" >> $GITHUB_ENV + + - name: Echo phrase for job1 + run: echo "This is job1" + + job2: + runs-on: ubuntu-latest + needs: job1 + steps: + - name: Echo phrase for job2 + run: echo "This is job2 and MY_VARIABLE is ${{ needs.job1.outputs.MY_VARIABLE }}" + env: + MY_VARIABLE: ${{ needs.job1.outputs.MY_VARIABLE }} + - name: Cowsays + uses: mscoutermarsh/cowsays-action@master + with: + text: 'Ready for prod--hsip it! and MY_VARIABLE is ${{ needs.job1.outputs.MY_VARIABLE }}' + color: 'magenta' From 9b7ecfed653d9922d5c90cebad74a0396553676f Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Wed, 28 Aug 2024 12:24:02 +0800 Subject: [PATCH 02/17] env.MY_VARIABLE --- .github/workflows/1.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/1.yaml b/.github/workflows/1.yaml index 0b32b6d3..f95d2932 100644 --- a/.github/workflows/1.yaml +++ b/.github/workflows/1.yaml @@ -2,7 +2,8 @@ name: First Workflow on: workflow_dispatch: - +env: + MY_VARIABLE: "Hello from workflow" jobs: job1: runs-on: ubuntu-latest @@ -18,11 +19,11 @@ jobs: needs: job1 steps: - name: Echo phrase for job2 - run: echo "This is job2 and MY_VARIABLE is ${{ needs.job1.outputs.MY_VARIABLE }}" + run: echo "This is job2 and MY_VARIABLE is ${{ env.MY_VARIABLE }}" env: - MY_VARIABLE: ${{ needs.job1.outputs.MY_VARIABLE }} + MY_VARIABLE: ${{ env.MY_VARIABLE }} - name: Cowsays uses: mscoutermarsh/cowsays-action@master with: - text: 'Ready for prod--hsip it! and MY_VARIABLE is ${{ needs.job1.outputs.MY_VARIABLE }}' + text: 'Ready for prod--hsip it! and MY_VARIABLE is ${{ env.MY_VARIABLE }}' color: 'magenta' From c82f4e429e18be57a06eae0d846ebca185578139 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Wed, 28 Aug 2024 12:37:31 +0800 Subject: [PATCH 03/17] hellojob2 --- .github/workflows/1.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/1.yaml b/.github/workflows/1.yaml index f95d2932..cd382fff 100644 --- a/.github/workflows/1.yaml +++ b/.github/workflows/1.yaml @@ -1,15 +1,17 @@ name: First Workflow on: - workflow_dispatch: + workflow_dispatch: + env: MY_VARIABLE: "Hello from workflow" + jobs: job1: runs-on: ubuntu-latest steps: - name: Set environment variable - run: echo "MY_VARIABLE=Hello from job1" >> $GITHUB_ENV + run: echo "HelloJob2=Hello from job1" >> $GITHUB_ENV - name: Echo phrase for job1 run: echo "This is job1" @@ -19,11 +21,11 @@ jobs: needs: job1 steps: - name: Echo phrase for job2 - run: echo "This is job2 and MY_VARIABLE is ${{ env.MY_VARIABLE }}" + run: echo "This is job2 and MY_VARIABLE is ${{ env.MY_VARIABLE }} and HelloJob2 is ${{ env.HelloJob2 }}" env: - MY_VARIABLE: ${{ env.MY_VARIABLE }} + JOB2_VARIABLE: ${{ env.MY_VARIABLE }} - name: Cowsays uses: mscoutermarsh/cowsays-action@master with: - text: 'Ready for prod--hsip it! and MY_VARIABLE is ${{ env.MY_VARIABLE }}' - color: 'magenta' + text: 'Ready for prod--ship it! and MY_VARIABLE is ${{ env.MY_VARIABLE }} and HelloJob2 is ${{ env.HelloJob2 }}' + color: 'magenta' \ No newline at end of file From cefa722213c94d4399a9c4dc69034e97965dd156 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Wed, 28 Aug 2024 12:56:08 +0800 Subject: [PATCH 04/17] Resolves #2 --- .../src/RazorPagesTestSample/Data/Message.cs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/Application/src/RazorPagesTestSample/Data/Message.cs b/src/Application/src/RazorPagesTestSample/Data/Message.cs index ea99cbd6..69eff042 100644 --- a/src/Application/src/RazorPagesTestSample/Data/Message.cs +++ b/src/Application/src/RazorPagesTestSample/Data/Message.cs @@ -7,9 +7,15 @@ public class Message { public int Id { get; set; } - [Required] + /// + /// Gets or sets the text of the message. + /// + /// + /// The text should be a string with a maximum length of 250 characters. + /// + [Required] /// [Required] [DataType(DataType.Text)] - [StringLength(200, ErrorMessage = "There's a 200 character limit on messages. Please shorten your message.")] + [StringLength(250, ErrorMessage = "There's a 250 character limit on messages. Please shorten your message.")] public string Text { get; set; } } #endregion From 3490abef7f512f904236ab0610b204e568dcfd44 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 09:26:25 +0800 Subject: [PATCH 05/17] deploy azure resrouces --- .github/workflows/deploy.yml | 52 ++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..904782d1 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,52 @@ + # We only want to run this script manually. + on: + workflow_dispatch + + # Environment variables are defined in an "env" section. + # We set the target environment to dev. + # Open the deploy-advanced.yml file to see how we can accept user input + # instead of needing to change this file to switch environments. + env: + targetEnv: dev + + # The overall workflow name will be Azure Bicep. This will show up in the + # GitHub Action page. + name: Azure Bicep + jobs: + # This script has one job: build and deploy the IaC resources + build-and-deploy: + # We run this on an Ubuntu-based GitHub hosted runner. This hosted runner + # has certain software already installed, including az cli + runs-on: ubuntu-latest + steps: + # Check out the code. This grabs code from the repository and + # makes it available to the GitHub hosted runner. It will usually be the + # first task for any workflow + - uses: actions/checkout@main + + # Log into Azure using a federated credential. We have already set up the + # federation process in a prior step, so we need to pass in the following: + # Client ID = Application registration ID + # Tenant ID = Application owner organization ID (previously called Tenant ID in Azure) + # Subscription ID + # https://github.com/azure/login + - uses: azure/login@v2.1.1 + with: + client-id: $ + tenant-id: $ + subscription-id: $ + # We also need to ensure that enable-AzPSSession is true. This is important for + # using OIDC in Azure. If we were to pass in a client secret instead, we would not need + # this setting enabled + enable-AzPSSession: true + + # Deploy ARM template + - name: Run ARM deploy + # https://github.com/azure/arm-deploy + uses: azure/arm-deploy@v1 + with: + subscriptionId: $ + resourceGroupName: $ + template: ./InfrastructureAsCode/main.bicep + # Use the environment variable called targetEnv + parameters: environment=$ From 698e69cefc8e6ec2dbc8f6f3a53cb5826a1662de Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 09:39:08 +0800 Subject: [PATCH 06/17] secrets --- .github/workflows/deploy.yml | 79 ++++++++++++++---------------------- 1 file changed, 31 insertions(+), 48 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 904782d1..fb6905d0 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,52 +1,35 @@ - # We only want to run this script manually. - on: - workflow_dispatch +name: Azure Bicep - # Environment variables are defined in an "env" section. - # We set the target environment to dev. - # Open the deploy-advanced.yml file to see how we can accept user input - # instead of needing to change this file to switch environments. - env: - targetEnv: dev +on: + workflow_dispatch - # The overall workflow name will be Azure Bicep. This will show up in the - # GitHub Action page. - name: Azure Bicep - jobs: - # This script has one job: build and deploy the IaC resources - build-and-deploy: - # We run this on an Ubuntu-based GitHub hosted runner. This hosted runner - # has certain software already installed, including az cli - runs-on: ubuntu-latest - steps: - # Check out the code. This grabs code from the repository and - # makes it available to the GitHub hosted runner. It will usually be the - # first task for any workflow - - uses: actions/checkout@main +env: + targetEnv: dev - # Log into Azure using a federated credential. We have already set up the - # federation process in a prior step, so we need to pass in the following: - # Client ID = Application registration ID - # Tenant ID = Application owner organization ID (previously called Tenant ID in Azure) - # Subscription ID - # https://github.com/azure/login - - uses: azure/login@v2.1.1 - with: - client-id: $ - tenant-id: $ - subscription-id: $ - # We also need to ensure that enable-AzPSSession is true. This is important for - # using OIDC in Azure. If we were to pass in a client secret instead, we would not need - # this setting enabled - enable-AzPSSession: true +jobs: + build-and-deploy: + runs-on: ubuntu-latest + permissions: + contents: read + pages: write + id-token: write + steps: + # Checkout code + - uses: actions/checkout@main - # Deploy ARM template - - name: Run ARM deploy - # https://github.com/azure/arm-deploy - uses: azure/arm-deploy@v1 - with: - subscriptionId: $ - resourceGroupName: $ - template: ./InfrastructureAsCode/main.bicep - # Use the environment variable called targetEnv - parameters: environment=$ + # Log into Azure + - uses: azure/login@v2.1.1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + enable-AzPSSession: true + + # Deploy ARM template + - name: Run ARM deploy + uses: azure/arm-deploy@v1 + with: + subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + resourceGroupName: ${{ secrets.AZURE_RG }} + template: ./src/InfrastructureAsCode/main.bicep + parameters: environment=${{ env.targetEnv }} \ No newline at end of file From 1f81d52dc5e252be32139cceef269eee65fc2d47 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 10:04:30 +0800 Subject: [PATCH 07/17] bicep --- src/InfrastructureAsCode/main.bicep | 92 ++++++++++++++++++++++++++++- 1 file changed, 90 insertions(+), 2 deletions(-) diff --git a/src/InfrastructureAsCode/main.bicep b/src/InfrastructureAsCode/main.bicep index 6dc69618..d8e740d2 100644 --- a/src/InfrastructureAsCode/main.bicep +++ b/src/InfrastructureAsCode/main.bicep @@ -8,10 +8,98 @@ var webAppName = '${uniqueString(resourceGroup().id)}-${environment}' var appServicePlanName = '${uniqueString(resourceGroup().id)}-mpnp-asp' var logAnalyticsName = '${uniqueString(resourceGroup().id)}-mpnp-la' var appInsightsName = '${uniqueString(resourceGroup().id)}-mpnp-ai' -var sku = 'S1' +var sku = 'P0V3' var registryName = '${uniqueString(resourceGroup().id)}mpnpreg' var registrySku = 'Standard' var imageName = 'techexcel/dotnetcoreapp' var startupCommand = '' -// TODO: complete this script + +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' = { + name: logAnalyticsName + location: location + properties: { + sku: { + name: 'PerGB2018' + } + retentionInDays: 90 + workspaceCapping: { + dailyQuotaGb: 1 + } + } +} + +resource appInsights 'Microsoft.Insights/components@2020-02-02-preview' = { + name: appInsightsName + location: location + kind: 'web' + properties: { + Application_Type: 'web' + WorkspaceResourceId: logAnalyticsWorkspace.id + } +} + +resource containerRegistry 'Microsoft.ContainerRegistry/registries@2020-11-01-preview' = { + name: registryName + location: location + sku: { + name: registrySku + } + properties: { + adminUserEnabled: true + } +} + +resource appServicePlan 'Microsoft.Web/serverFarms@2022-09-01' = { + name: appServicePlanName + location: location + kind: 'linux' + properties: { + reserved: true + } + sku: { + name: sku + } +} + +resource appServiceApp 'Microsoft.Web/sites@2020-12-01' = { + name: webAppName + location: location + properties: { + serverFarmId: appServicePlan.id + httpsOnly: true + clientAffinityEnabled: false + siteConfig: { + linuxFxVersion: 'DOCKER|${containerRegistry.name}.azurecr.io/${uniqueString(resourceGroup().id)}/${imageName}' + http20Enabled: true + minTlsVersion: '1.2' + appCommandLine: startupCommand + appSettings: [ + { + name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE' + value: 'false' + } + { + name: 'DOCKER_REGISTRY_SERVER_URL' + value: 'https://${containerRegistry.name}.azurecr.io' + } + { + name: 'DOCKER_REGISTRY_SERVER_USERNAME' + value: containerRegistry.name + } + { + name: 'DOCKER_REGISTRY_SERVER_PASSWORD' + value: containerRegistry.listCredentials().passwords[0].value + } + { + name: 'APPINSIGHTS_INSTRUMENTATIONKEY' + value: appInsights.properties.InstrumentationKey + } + ] + } + } +} + +output application_name string = appServiceApp.name +output application_url string = appServiceApp.properties.hostNames[0] +output container_registry_name string = containerRegistry.name From 79ee116456f7d26ce4ae43d63594488ea4dac4a3 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 10:48:21 +0800 Subject: [PATCH 08/17] test --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index fb6905d0..93d5fa1e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -4,7 +4,7 @@ on: workflow_dispatch env: - targetEnv: dev + targetEnv: test jobs: build-and-deploy: From 3b8bdfbc034c09022ff05648f10a0fe3a726eaf7 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 10:51:23 +0800 Subject: [PATCH 09/17] prod --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 93d5fa1e..7b245e7a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -4,7 +4,7 @@ on: workflow_dispatch env: - targetEnv: test + targetEnv: prod jobs: build-and-deploy: From af2aefff3c81ec2232504fef399649fc4f99f3e8 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 11:43:08 +0800 Subject: [PATCH 10/17] 3.3 --- .github/workflows/dotnet-deploy.yml | 135 ++++++++++++++++++ .../src/RazorPagesTestSample/Dockerfile | 18 +++ 2 files changed, 153 insertions(+) create mode 100644 .github/workflows/dotnet-deploy.yml create mode 100644 src/Application/src/RazorPagesTestSample/Dockerfile diff --git a/.github/workflows/dotnet-deploy.yml b/.github/workflows/dotnet-deploy.yml new file mode 100644 index 00000000..a3adb07d --- /dev/null +++ b/.github/workflows/dotnet-deploy.yml @@ -0,0 +1,135 @@ +name: .NET CI + +env: + registryName: 4ipc27j2pg3fkmpnpreg.azurecr.io + repositoryName: techexcel/dotnetcoreapp + dockerFolderPath: ./src/Application/src/RazorPagesTestSample + tag: ${{github.run_number}} + +on: + push: + branches: [ main ] + paths: src/Application/** + pull_request: + branches: [ main ] + paths: src/Application/** + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Setup .NET + uses: actions/setup-dotnet@v3 + with: + dotnet-version: 8.0 + + - name: Restore dependencies + run: dotnet restore ./src/Application/src/RazorPagesTestSample/RazorPagesTestSample.csproj + - name: Build + run: dotnet build --no-restore ./src/Application/src/RazorPagesTestSample/RazorPagesTestSample.csproj + - name: Test + run: dotnet test --no-build --verbosity normal ./src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj + - uses: actions/github-script@v6 + if: failure() + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + let body = "${{ env.build_name }} Workflow Failure \n Build Number: ${{ github.run_number }} \n Build Log: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} \n SHA: [${{ github.sha }}](https://github.com/${{ github.repository }}/commit/${{ github.sha }}) \n"; + github.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: "${{ env.build_name }} Workflow ${{ github.run_number }} Failed! ", + body: body + }); + + dockerBuildPush: + runs-on: ubuntu-latest + needs: build + + steps: + - uses: actions/checkout@v3 + + - name: Docker Login + # You may pin to the exact commit or the version. + # uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + uses: docker/login-action@v1.9.0 + with: + # Server address of Docker registry. If not set then will default to Docker Hub + registry: ${{ secrets.ACR_LOGIN_SERVER }} + # Username used to log against the Docker registry + username: ${{ secrets.ACR_USERNAME }} + # Password or personal access token used to log against the Docker registry + password: ${{ secrets.ACR_PASSWORD }} + # Log out from the Docker registry at the end of a job + logout: true + + - name: Docker Build + run: docker build -t $registryName/$repositoryName:$tag --build-arg build_version=$tag $dockerFolderPath + + - name: Docker Push + run: docker push $registryName/$repositoryName:$tag + + deploy-to-dev: + + runs-on: ubuntu-latest + needs: dockerBuildPush + environment: + name: dev + url: https://4ipc27j2pg3fk-dev.azurewebsites.net/ + + steps: + - name: 'Login via Azure CLI' + uses: azure/login@v2.1.1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - uses: azure/webapps-deploy@v2 + with: + app-name: '4ipc27j2pg3fk-dev' + images: 4ipc27j2pg3fkmpnpreg.azurecr.io/techexcel/dotnetcoreapp:${{github.run_number}} + + deploy-to-test: + + runs-on: ubuntu-latest + needs: deploy-to-dev + environment: + name: test + url: https://4ipc27j2pg3fk-test.azurewebsites.net/ + + steps: + - uses: actions/checkout@v3 + + - name: 'Login via Azure CLI' + uses: azure/login@v2.1.1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - uses: azure/webapps-deploy@v2 + with: + app-name: '4ipc27j2pg3fk-test' + images: 4ipc27j2pg3fkmpnpreg.azurecr.io/techexcel/dotnetcoreapp:${{github.run_number}} + + deploy-to-prod: + + runs-on: ubuntu-latest + needs: deploy-to-test + environment: + name: prod + url: https://4ipc27j2pg3fk-prod.azurewebsites.net/ + + steps: + - uses: actions/checkout@v3 + + - name: 'Login via Azure CLI' + uses: azure/login@v2.1.1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - uses: azure/webapps-deploy@v2 + with: + app-name: '4ipc27j2pg3fk-prod' + images: 4ipc27j2pg3fkmpnpreg.azurecr.io/techexcel/dotnetcoreapp:${{github.run_number}} \ No newline at end of file diff --git a/src/Application/src/RazorPagesTestSample/Dockerfile b/src/Application/src/RazorPagesTestSample/Dockerfile new file mode 100644 index 00000000..ab3fcaf2 --- /dev/null +++ b/src/Application/src/RazorPagesTestSample/Dockerfile @@ -0,0 +1,18 @@ +FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env +WORKDIR /app + +# Copy csproj and restore as distinct layers +COPY *.csproj ./ +RUN dotnet restore + +# Copy everything else and build +COPY . ./ +RUN dotnet publish -c Release -o out + +# Build runtime image +FROM mcr.microsoft.com/dotnet/aspnet:8.0 +WORKDIR /app +COPY --from=build-env /app/out . +# Default ASP.NET port changed with .NET 8.0 +ENV ASPNETCORE_HTTP_PORTS=80 +ENTRYPOINT ["dotnet", "RazorPagesTestSample.dll"] \ No newline at end of file From 294c1cc162910fbf0538ea968a5e59af0ac30131 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 11:48:24 +0800 Subject: [PATCH 11/17] HELLO --- src/Application/src/RazorPagesTestSample/Pages/Index.cshtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml index f7645733..3c7dc13f 100644 --- a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml +++ b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml @@ -1,7 +1,7 @@ @page @model IndexModel @{ - ViewData["Title"] = "Munson's Pickles and Preserves Team Messaging System"; + ViewData["Title"] = "Munson's Pickles and Preserves Team Messaging System HELLO!!!!"; }

@ViewData["Title"]

From 9c3c85caa2e1f11850608bc124278962f4543f65 Mon Sep 17 00:00:00 2001 From: Thomas Huang <41164046+chhtw@users.noreply.github.com> Date: Thu, 29 Aug 2024 12:02:18 +0800 Subject: [PATCH 12/17] Create CODEOWNERS --- CODEOWNERS | 1 + 1 file changed, 1 insertion(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..5c073d45 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +/src/Application/ chhtw From 527b2d7458d62c4c4a72fff96a96d6dee4ff857f Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 12:03:25 +0800 Subject: [PATCH 13/17] test policy --- CODEOWNERS | 1 + 1 file changed, 1 insertion(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..b948efc4 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +/src/Application/ chhtw \ No newline at end of file From 9fa7ab6a422191d3af62f03625b637dac83cad77 Mon Sep 17 00:00:00 2001 From: Thomas Huang <41164046+chhtw@users.noreply.github.com> Date: Thu, 29 Aug 2024 12:10:26 +0800 Subject: [PATCH 14/17] Create codeql.yml --- .github/workflows/codeql.yml | 94 ++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..40a8c0ab --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,94 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '42 3 * * 0' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: csharp + build-mode: none + - language: ruby + build-mode: none + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From 39d2d3be4a5747114b53ba6cce71064124ac9afe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Aug 2024 04:27:04 +0000 Subject: [PATCH 15/17] Bump rexml from 3.2.8 to 3.3.6 Bumps [rexml](https://github.com/ruby/rexml) from 3.2.8 to 3.3.6. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.2.8...v3.3.6) --- updated-dependencies: - dependency-name: rexml dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 154 +++++++++++++++++++++++++-------------------------- 1 file changed, 77 insertions(+), 77 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f51988b9..a93526f5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,80 +1,80 @@ -GEM - remote: https://rubygems.org/ - specs: - addressable (2.8.1) - public_suffix (>= 2.0.2, < 6.0) - colorator (1.1.0) - concurrent-ruby (1.1.10) - em-websocket (0.5.3) - eventmachine (>= 0.12.9) - http_parser.rb (~> 0) - eventmachine (1.2.7) - ffi (1.15.5) - forwardable-extended (2.6.0) - http_parser.rb (0.8.0) - i18n (1.12.0) - concurrent-ruby (~> 1.0) - jekyll (4.3.0) - addressable (~> 2.4) - colorator (~> 1.0) - em-websocket (~> 0.5) - i18n (~> 1.0) - jekyll-sass-converter (>= 2.0, < 4.0) - jekyll-watch (~> 2.0) - kramdown (~> 2.3, >= 2.3.1) - kramdown-parser-gfm (~> 1.0) - liquid (~> 4.0) - mercenary (>= 0.3.6, < 0.5) - pathutil (~> 0.9) - rouge (>= 3.0, < 5.0) - safe_yaml (~> 1.0) - terminal-table (>= 1.8, < 4.0) - webrick (~> 1.7) - jekyll-sass-converter (2.2.0) - sassc (> 2.0.1, < 3.0) - jekyll-seo-tag (2.8.0) - jekyll (>= 3.8, < 5.0) - jekyll-watch (2.2.1) - listen (~> 3.0) - just-the-docs (0.4.2) - jekyll (>= 3.8.5) - jekyll-seo-tag (>= 2.0) - rake (>= 12.3.1) - kramdown (2.4.0) - rexml - kramdown-parser-gfm (1.1.0) - kramdown (~> 2.0) - liquid (4.0.3) - listen (3.7.1) - rb-fsevent (~> 0.10, >= 0.10.3) - rb-inotify (~> 0.9, >= 0.9.10) - mercenary (0.4.0) - pathutil (0.16.2) - forwardable-extended (~> 2.6) - public_suffix (5.0.0) - rake (13.0.6) - rb-fsevent (0.11.2) - rb-inotify (0.10.1) - ffi (~> 1.0) - rexml (3.2.8) - strscan (>= 3.0.9) - rouge (4.0.0) - safe_yaml (1.0.5) - sassc (2.4.0) - ffi (~> 1.9) - strscan (3.0.9) - terminal-table (3.0.2) - unicode-display_width (>= 1.1.1, < 3) - unicode-display_width (2.3.0) - webrick (1.7.0) - -PLATFORMS - arm64-darwin-21 - x86_64-darwin-19 - x86_64-linux - -DEPENDENCIES - jekyll (~> 4.3) +GEM + remote: https://rubygems.org/ + specs: + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + colorator (1.1.0) + concurrent-ruby (1.1.10) + em-websocket (0.5.3) + eventmachine (>= 0.12.9) + http_parser.rb (~> 0) + eventmachine (1.2.7) + ffi (1.15.5) + forwardable-extended (2.6.0) + http_parser.rb (0.8.0) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + jekyll (4.3.0) + addressable (~> 2.4) + colorator (~> 1.0) + em-websocket (~> 0.5) + i18n (~> 1.0) + jekyll-sass-converter (>= 2.0, < 4.0) + jekyll-watch (~> 2.0) + kramdown (~> 2.3, >= 2.3.1) + kramdown-parser-gfm (~> 1.0) + liquid (~> 4.0) + mercenary (>= 0.3.6, < 0.5) + pathutil (~> 0.9) + rouge (>= 3.0, < 5.0) + safe_yaml (~> 1.0) + terminal-table (>= 1.8, < 4.0) + webrick (~> 1.7) + jekyll-sass-converter (2.2.0) + sassc (> 2.0.1, < 3.0) + jekyll-seo-tag (2.8.0) + jekyll (>= 3.8, < 5.0) + jekyll-watch (2.2.1) + listen (~> 3.0) + just-the-docs (0.4.2) + jekyll (>= 3.8.5) + jekyll-seo-tag (>= 2.0) + rake (>= 12.3.1) + kramdown (2.4.0) + rexml + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) + liquid (4.0.3) + listen (3.7.1) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + mercenary (0.4.0) + pathutil (0.16.2) + forwardable-extended (~> 2.6) + public_suffix (5.0.0) + rake (13.0.6) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.3.6) + strscan + rouge (4.0.0) + safe_yaml (1.0.5) + sassc (2.4.0) + ffi (~> 1.9) + strscan (3.1.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + unicode-display_width (2.3.0) + webrick (1.7.0) + +PLATFORMS + arm64-darwin-21 + x86_64-darwin-19 + x86_64-linux + +DEPENDENCIES + jekyll (~> 4.3) just-the-docs (= 0.4.2) BUNDLED WITH From 86db06c7a02d50d445b9f3c6b7f47309a935ca40 Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 12:58:08 +0800 Subject: [PATCH 16/17] fix securiyt issue --- .gitignore | 1 + .../src/RazorPagesTestSample/Pages/Index.cshtml.cs | 6 +++++- src/Application/src/RazorPagesTestSample/config.json | 4 ---- .../RazorPagesTestSample.Tests.csproj | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) delete mode 100644 src/Application/src/RazorPagesTestSample/config.json diff --git a/.gitignore b/.gitignore index 9bea4330..251796ae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .DS_Store + src/Application/src/RazorPagesTestSample/config.json \ No newline at end of file diff --git a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs index 2e6d94bb..6794900d 100644 --- a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs +++ b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs @@ -94,7 +94,11 @@ public async Task OnPostAnalyzeMessagesAsync() public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory) { - string destFileName = Path.Combine(destDirectory, entry.FullName); + string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName)); + string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar); + if (!destFileName.StartsWith(fullDestDirPath)) { + throw new System.InvalidOperationException("Entry is outside the target dir: " + destFileName); + } entry.ExtractToFile(destFileName); } } diff --git a/src/Application/src/RazorPagesTestSample/config.json b/src/Application/src/RazorPagesTestSample/config.json deleted file mode 100644 index 1a3874d4..00000000 --- a/src/Application/src/RazorPagesTestSample/config.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "registry_key": "8yYKDsFTjatiQI9nVcsoQ1P3rdnh+P5Mlz9gVBgVgx+ACRArmBQ3", - "registry_type": "AzureContainerRegistry" -} \ No newline at end of file diff --git a/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj b/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj index a66e0a92..a0f5f511 100644 --- a/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj +++ b/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj @@ -13,7 +13,7 @@ - + From 8fa7e422eadd5ed1fd58202b1b19222046dbc6ad Mon Sep 17 00:00:00 2001 From: Thomas Huang Date: Thu, 29 Aug 2024 14:05:54 +0800 Subject: [PATCH 17/17] bicep redis --- src/InfrastructureAsCode/main.bicep | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/InfrastructureAsCode/main.bicep b/src/InfrastructureAsCode/main.bicep index d8e740d2..de60bad3 100644 --- a/src/InfrastructureAsCode/main.bicep +++ b/src/InfrastructureAsCode/main.bicep @@ -100,6 +100,20 @@ resource appServiceApp 'Microsoft.Web/sites@2020-12-01' = { } } +resource redisCache 'Microsoft.Cache/Redis@2022-06-01' = { + name: '${uniqueString(resourceGroup().id)}-redis' + location: location + properties: { + sku: { + name: 'Basic' + family: 'C' + capacity: 0 + } + enableNonSslPort: false + minimumTlsVersion: '1.2' + } +} + output application_name string = appServiceApp.name output application_url string = appServiceApp.properties.hostNames[0] output container_registry_name string = containerRegistry.name