Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: securing terraform configs and bumping deps #162

Merged
merged 2 commits into from
Jul 30, 2024
Merged

chore: securing terraform configs and bumping deps #162

merged 2 commits into from
Jul 30, 2024

Conversation

pauldotyu
Copy link
Contributor

@pauldotyu pauldotyu commented Jul 26, 2024
edited
Loading

Purpose

  • Securing Terraform configs and replacing tfsec with trivy
  • Bumping deps within all projects
  • Bumping base container images in Dockerfiles

Does this introduce a breaking change?

[ ] Yes
[x] No

Pull Request Type

What kind of change does this Pull Request introduce?

[ ] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[x] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

  • Get the code
  • Run trivy scan on the infra/terraform directory to ensure there are no config errors
  • Run the azd command to ensure deployment still works
git clone https://github.com/pauldotyu/aks-store-demo.git
cd aks-store-demo

# init new environment and set variables 
azd env new
azd env set AZURE_LOCATION uksouth
azd env set AKS_NODE_POOL_VM_SIZE standard_d2s_v5
azd env set DEPLOY_AZURE_WORKLOAD_IDENTITY true
azd env set DEPLOY_AZURE_OPENAI true
azd env set AZURE_OPENAI_LOCATION uksouth
azd env set DEPLOY_AZURE_SERVICE_BUS true
azd env set DEPLOY_AZURE_COSMOSDB true
azd env set AZURE_COSMOSDB_FAILOVER_LOCATION southeastasia
azd env set DEPLOY_OBSERVABILITY_TOOLS true

# provision azure infra
azd provision

# overwrite the registry to point to newer containers
azd env set AZURE_REGISTRY_URI ghcr.io/pauldotyu

# deploy the app
azd deploy

What to Check

Verify that the following are valid

  • Ensure the AKS Store Demo app is deployed, and you can access it via web browser

Other Information

@pauldotyu
chore: securing terraform configs
80c4b60 
and replacing tfsec with trivy

Signed-off-by: Paul Yu <[email protected]>
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@pauldotyu pauldotyu changed the title chore: securing terraform configs chore: securing terraform configs and bumping deps Jul 26, 2024
@pauldotyu pauldotyu force-pushed the main branch 4 times, most recently from ee88864 to 4e10b97 Compare July 26, 2024 19:53
@pauldotyu pauldotyu merged commit f619ca1 into Azure-Samples:main Jul 30, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smurawski smurawski smurawski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pauldotyu @smurawski