azure-search-openai-demo icon indicating copy to clipboard operation
azure-search-openai-demo copied to clipboard

Published 20 hours ago verified publisher icon Azure-Samples

Acceptance Criteria Checklist (DoD)

Open anfibiacreativa opened this issue 9 months ago • 3 comments

The following checklist must be complete before a template is published.

Repository Management

  • [x] Standards compliant README.md as the one in the example, is in place
  • [x] License is in place. Make sure you choose the correct license
  • [ ] Security guidelines are in place
  • [x] Contribution guidelines are in place
  • [x] Code of conduct is in place
  • [x] Issue template is in place
  • [x] Language, model, and relevant technology topic labels are added, including azd-templates and ai-azd-templates (The latter is being created)
  • [x] Repo description is in place, describing the use case and technologies used in the solution

Source code structure and conventions

  • [x] GitHub Actions (This refers to .github/workflows/azure-dev.yml or custom workflow to run on a GitHub runner) is in place
  • [x] DevContainer (/.devcontainer folder where applicable) configuration is in place
  • [x] Infrastructure as code is in place (/infra folder where applicable, manifest files or code generators in the case of Aspire and similar )
  • [x] Azure services configuration (/azure.yml file) is in place
  • [x] Minimum coverage tests are in place

Functional requirements

  • [x] azd up successfully provisions and deploys a functional app
  • [x] GitHub Actions run tasks without errors
  • [x] DevContainer has been tested locally and runs
  • [x] Codespaces run [locally and in browser]
  • [x] All tests pass

In the absence of e2e tests,

  • [x] The application has been manually tested to work as per the requirement

Security requirements

When a service selected doesn't support Managed Identity, the corresponding issue must have been reported and the security considerations section in the readme, should clearly explain the alternatives.

  • Azure Key Vault is a preferred alternative

The following items are not strictly enforced but may prevent the template from being added to the gallery.

Project code follows standard structure, per language. Please check one.

  • [x] Yes, follows standards
  • [ ] No, doesn't follow standards

Code follows recommended style guide

  • [x] Yes, follows style guide
  • [ ] No, doesn't follow style guide

anfibiacreativa avatar May 14 '24 11:05 anfibiacreativa

@pamelafox can you please confirm the security requirements are met and close the issue when done. Thank you!

anfibiacreativa avatar May 14 '24 11:05 anfibiacreativa

Hm, we dont have a security guidelines section yet. We do have https://github.com/Azure-Samples/azure-search-openai-demo/blob/main/docs/productionizing.md#additional-security-measures which somewhat covers up but doesnt mention secret scanning. I guess we have to add another section to our long readme. Is that what you're doing for https://github.com/Azure-Samples/azure-search-openai-javascript ?

pamelafox avatar May 14 '24 13:05 pamelafox

I get a 404 when I navigate to this link. https://github.com/Azure-Samples/azd-template-artifacts/blob/main/SECURITY.md

Are we supposed to add our own security guidelines? I did not find a SECURITY.md file in azure-search-openai-javascript either

mattgotteiner avatar May 22 '24 14:05 mattgotteiner