azure-search-openai-demo icon indicating copy to clipboard operation
azure-search-openai-demo copied to clipboard

Published 20 hours ago verified publisher icon Azure-Samples

feat: add github+ado pipelines for validations

Open juju4 opened this issue 1 year ago • 2 comments

Purpose

Ensure project matches usual development standards and security through opensource tools and continuous pipeline.

Does this introduce a breaking change?

[x] No

Pull Request Type

This adds a validations pipeline with github actions and azure-pipelines, mostly around the four following tools

  • pre-commit
  • checkov
  • psrule
  • template-analyze/msdo
[x] Refactoring (no functional changes, no api changes)
[x] Other... Please describe: CI

How to Test

PR is adding automated tests to project

What to Check

Few minors fixes were included (pre-commit, codespell). Else, pending

  • pre-commit: Module docstring appears after code (code seen on line 1).
  • checkov:
Passed checks: 10, Failed checks: 14, Skipped checks: 0
  • template-analyzer
    Active results: 35

Some starter follow-up changes in https://github.com/juju4/azure-search-openai-demo/tree/devel-checkov but functionalities not tested From a security perspective, I would also add a security component like AppGateway or Frontdoor in front of cognitive services along fixing things like storage account completely exposed to Internet. Ideally I would also separate the bicep code between what is control plane/identity/rbac and data plane. In large companies, this is often differentiated and asking for Owner/User Access Administrator is kind of asking the key to kingdom (of the subscription for owner but of tenant with User Access Administrator...)

juju4 avatar Jun 17 '23 20:06 juju4

There are a lot of changes in this PR, can you please break it into smaller, individual PRs?

Also, see #325 for a workflow to run template analyser and Python test suite.

I suggest the following PRs:

  • Python formatting changes
  • Template/bicep linting review once #325 is merged
  • PSScriptAnalyzer
  • pre-commit hooks
  • ...

tonybaloney avatar Jun 21 '23 01:06 tonybaloney

I reverted any changed to existing files and now PR contains only new CI with continueOnError to allow separate fix. If want more split, just say.

juju4 avatar Jun 24 '23 18:06 juju4

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed.

github-actions[bot] avatar Sep 01 '23 01:09 github-actions[bot]

The project now has workflows for github and ADO, so I'll close this. Thanks for your contribution!

pamelafox avatar Mar 07 '24 14:03 pamelafox