diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..f9ba8cf --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,9 @@ +# Microsoft Open Source Code of Conduct + +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). + +Resources: + +- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) +- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) +- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..c8eae57 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,33 @@ + +> Please provide us with the following information: +> --------------------------------------------------------------- + +### This issue is for a: (mark with an `x`) +``` +- [ ] bug report -> please search issues before submitting +- [ ] feature request +- [ ] documentation issue or request +- [ ] regression (a behavior that used to work and stopped in a new release) +``` + +### Minimal steps to reproduce +> + +### Any log messages given by the failure +> + +### Expected/desired behavior +> + +### OS and Version? +> Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?) + +### Versions +> + +### Mention any other details that might be useful + +> --------------------------------------------------------------- +> Thanks! We'll be in touch soon. \ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ab05e29 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,45 @@ +## Purpose + +* ... + +## Does this introduce a breaking change? + +``` +[ ] Yes +[ ] No +``` + +## Pull Request Type +What kind of change does this Pull Request introduce? + + +``` +[ ] Bugfix +[ ] Feature +[ ] Code style update (formatting, local variables) +[ ] Refactoring (no functional changes, no api changes) +[ ] Documentation content changes +[ ] Other... Please describe: +``` + +## How to Test +* Get the code + +``` +git clone [repo-address] +cd [repo-name] +git checkout [branch-name] +npm install +``` + +* Test the code + +``` +``` + +## What to Check +Verify that the following are valid +* ... + +## Other Information + \ No newline at end of file diff --git a/.github/workflows/azure-dev-delete-deploy.yml b/.github/workflows/azure-dev-delete-deploy.yml new file mode 100644 index 0000000..d4163df --- /dev/null +++ b/.github/workflows/azure-dev-delete-deploy.yml @@ -0,0 +1,52 @@ +name: Manual delete the Azure deployed resource +on: + workflow_dispatch: + +permissions: + id-token: write + contents: read + actions: read + security-events: write + +jobs: + deploy: + runs-on: ubuntu-latest + env: + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install azd + uses: Azure/setup-azd@v1.0.0 + + - name: Install .NET 9 + uses: actions/setup-dotnet@v3 + with: + dotnet-version: '9.0.x' + + - name: Log in with Azure (Federated Credentials) + if: ${{ env.AZURE_CLIENT_ID != '' }} + run: | + echo 'login with federated credentials' + azd auth login ` + --client-id "$Env:AZURE_CLIENT_ID" ` + --federated-credential-provider "github" ` + --tenant-id "$Env:AZURE_TENANT_ID" + shell: pwsh + + - name: Azd Down and Purge existing Infrastructure + continue-on-error: true + run: | + echo 'running azd down --no-prompt --force --purge' + azd down --no-prompt --force --purge + env: + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + CREATE_ROLE_FOR_USER: false \ No newline at end of file diff --git a/.github/workflows/azure-dev-deploy.yml b/.github/workflows/azure-dev-deploy.yml new file mode 100644 index 0000000..924887f --- /dev/null +++ b/.github/workflows/azure-dev-deploy.yml @@ -0,0 +1,69 @@ +name: Manual Deploy to Azure +on: + workflow_dispatch: + +permissions: + id-token: write + contents: read + actions: read + security-events: write + +jobs: + deploy: + runs-on: ubuntu-latest + env: + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install azd + uses: Azure/setup-azd@v1.0.0 + + - name: Install .NET 9 + uses: actions/setup-dotnet@v3 + with: + dotnet-version: '9.0.x' + + - name: Log in with Azure (Federated Credentials) + if: ${{ env.AZURE_CLIENT_ID != '' }} + run: | + echo 'login with federated credentials' + azd auth login ` + --client-id "$Env:AZURE_CLIENT_ID" ` + --federated-credential-provider "github" ` + --tenant-id "$Env:AZURE_TENANT_ID" + shell: pwsh + + - name: Azd Down and Purge existing Infrastructure + continue-on-error: true + run: | + echo 'running azd down --no-prompt --force --purge' + azd down --no-prompt --force --purge + env: + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + CREATE_ROLE_FOR_USER: false + + - name: Provision Infrastructure + run: | + echo 'Provision Infrastructure azd provision' + azd provision --no-prompt + env: + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + CREATE_ROLE_FOR_USER: true + + - name: Deploy Application + run: azd deploy --no-prompt + env: + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} \ No newline at end of file diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml new file mode 100644 index 0000000..bae345d --- /dev/null +++ b/.github/workflows/azure-dev.yml @@ -0,0 +1,80 @@ +on: + workflow_dispatch: + push: + branches: + - main + +permissions: + id-token: write + contents: read + actions: read + security-events: write + +jobs: + deploy: + runs-on: ubuntu-latest + env: + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install azd + uses: Azure/setup-azd@v1.0.0 + + - name: Install .NET 9 + uses: actions/setup-dotnet@v3 + with: + dotnet-version: '9.0.x' + + - name: Log in with Azure (Federated Credentials) + if: ${{ env.AZURE_CLIENT_ID != '' }} + run: | + azd auth login ` + --client-id "$Env:AZURE_CLIENT_ID" ` + --federated-credential-provider "github" ` + --tenant-id "$Env:AZURE_TENANT_ID" + shell: pwsh + + - name: Run Microsoft Security DevOps Analysis + uses: microsoft/security-devops-action@v1 + id: msdo + with: + tools: templateanalyzer + + - name: Upload results to Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: ${{ steps.msdo.outputs.sarifFile }} + + - name: Log in with Azure (Federated Credentials) + if: ${{ env.AZURE_CLIENT_ID != '' }} + run: | + echo 'login with federated credentials' + azd auth login ` + --client-id "$Env:AZURE_CLIENT_ID" ` + --federated-credential-provider "github" ` + --tenant-id "$Env:AZURE_TENANT_ID" + shell: pwsh + + - name: Provision Infrastructure + run: | + echo 'Provision Infrastructure azd provision' + azd provision --no-prompt + env: + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + CREATE_ROLE_FOR_USER: false + + - name: Deploy Application + run: azd deploy --no-prompt + env: + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} \ No newline at end of file diff --git a/.github/workflows/pr-gate.yml b/.github/workflows/pr-gate.yml new file mode 100644 index 0000000..532b93f --- /dev/null +++ b/.github/workflows/pr-gate.yml @@ -0,0 +1,59 @@ +name: AI Gallery Template Gate Validation +on: + workflow_dispatch: + pull_request: + branches: + - main + +permissions: + contents: read + id-token: write + pull-requests: write + security-events: write + +jobs: + validation: + runs-on: ubuntu-latest + env: + AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} + AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }} + AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - name: Get PR branch URL + id: get_pr_branch_url + run: | + PR_REPO_URL="https://github.com/${{ github.event.pull_request.head.repo.full_name }}" + PR_BRANCH_NAME=${{ github.event.pull_request.head.ref }} + echo "PR_REPO_URL=${PR_REPO_URL}" >> $GITHUB_ENV + echo "PR_BRANCH_NAME=${PR_BRANCH_NAME}" >> $GITHUB_ENV + + - uses: actions/checkout@v4 + - id: validation + uses: microsoft/template-validation-action@v0.0.2 + with: + repositoryURL: ${{ env.PR_REPO_URL }} + branch: ${{ env.PR_BRANCH_NAME }} + env: + PR_BRANCH_NAME: ${{ env.PR_BRANCH_NAME }} + PR_REPO_URL: ${{ env.PR_REPO_URL }} + + - name: Read file content + if: always() + id: read_validation_result + run: | + cat ${{ steps.validation.outputs.resultFile }} + FILE_CONTENT=$(cat ${{ steps.validation.outputs.resultFile }}) + echo "validation_result<> $GITHUB_ENV + echo "$FILE_CONTENT" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + + - name: Post comment on PR + if: always() + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + COMMENT_BODY: ${{ env.validation_result }} + run: | + gh pr comment ${{ github.event.pull_request.number }} --body "${{ env.COMMENT_BODY }}" \ No newline at end of file