From 72952e9e105df8c556ff2b6293bfeba366db7c24 Mon Sep 17 00:00:00 2001 From: Marcus Robinson Date: Fri, 18 Jul 2025 14:22:42 +0000 Subject: [PATCH 1/4] Prep for release 0.25.0 Fixes #142 --- .devcontainer/devcontainer.json | 2 +- .github/actions/devcontainer_run_command/action.yml | 2 ++ .github/workflows/deploy_tre_reusable.yml | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index bcf1926..826b6bb 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -18,7 +18,7 @@ "DOCKER_GROUP_ID": "${localEnv:DOCKER_GROUP_ID}", "INTERACTIVE": "true", "UPSTREAM_REPO": "microsoft/AzureTRE", - "UPSTREAM_REPO_VERSION": "v0.24.0", + "UPSTREAM_REPO_VERSION": "v0.25.0", "GITHUB_TOKEN": "" } }, diff --git a/.github/actions/devcontainer_run_command/action.yml b/.github/actions/devcontainer_run_command/action.yml index 4e32920..d60d147 100644 --- a/.github/actions/devcontainer_run_command/action.yml +++ b/.github/actions/devcontainer_run_command/action.yml @@ -277,6 +277,8 @@ runs: -e PRIVATE_AGENT_SUBNET_ID=${{ inputs.PRIVATE_AGENT_SUBNET_ID }} \ -e TF_VAR_private_agent_subnet_id=${{ inputs.PRIVATE_AGENT_SUBNET_ID }} \ -e TF_VAR_auto_grant_workspace_consent="${{ (inputs.AUTO_GRANT_WORKSPACE_CONSENT != '' && inputs.AUTO_GRANT_WORKSPACE_CONSENT) || 'false' }}" \ + -e TF_VAR_enable_dns_policy="${{ (inputs.ENABLE_DNS_POLICY != '' && inputs.ENABLE_DNS_POLICY) || 'false' }}" \ + -e TF_VAR_allowed_dns='${{ (toJson(inputs.ALLOWED_DNS) != '""' && inputs.ALLOWED_DNS) || '[]' }}' \ -e E2E_TESTS_NUMBER_PROCESSES="${{ inputs.E2E_TESTS_NUMBER_PROCESSES }}" \ '${{ inputs.CI_CACHE_ACR_NAME }}${{ env.ACR_DOMAIN_SUFFIX }}/tredev:${{ inputs.DEVCONTAINER_TAG }}' \ bash -c -x "./command.sh" diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index 3c6dcd3..acad837 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -348,6 +348,8 @@ jobs: USER_MANAGEMENT_ENABLED: ${{ vars.USER_MANAGEMENT_ENABLED }} PRIVATE_AGENT_SUBNET_ID: ${{ secrets.PRIVATE_AGENT_SUBNET_ID }} AUTO_GRANT_WORKSPACE_CONSENT: ${{ vars.AUTO_GRANT_WORKSPACE_CONSENT }} + ENABLE_DNS_POLICY: ${{ vars.ENABLE_DNS_POLICY }} + ALLOWED_DNS: ${{ vars.ALLOWED_DNS }} - name: API Healthcheck uses: ./.github/actions/devcontainer_run_command From 7b12200c9fe7b284d47b19e14df2157e437753b7 Mon Sep 17 00:00:00 2001 From: Marcus Robinson Date: Fri, 18 Jul 2025 14:39:15 +0000 Subject: [PATCH 2/4] bypass linting --- .github/workflows/deploy_tre_reusable.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index acad837..2ad056b 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -1,5 +1,6 @@ --- name: Deploy Azure TRE Reusable +# yamllint disable rule:line-length rule:comments-indentation on: # yamllint disable-line rule:truthy workflow_call: @@ -236,7 +237,8 @@ jobs: az acr login --name "${{ secrets.CI_CACHE_ACR_NAME }}" && ec=0 && break || ec="$?" && sleep 10 done if [ "$ec" != 0 ]; then - echo "::error::Failed to login to ACR after 3 attempts. Make sure to run the pipleline on the main branch first." + echo "::error::Failed to login to ACR after 3 attempts. Make sure to run the" \ + "pipleline on the main branch first." fi # shellcheck disable=SC2242 (exit "$ec") @@ -401,7 +403,7 @@ jobs: BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm"} - {BUNDLE_TYPE: "user_resource", BUNDLE_DIR: "\\${AZURETRE_HOME}/templates/workspace_services/guacamole/user_resources/guacamole-azure-import-reviewvm"} - # Add your custom Bundles below this + # Add your custom Bundles below this environment: ${{ inputs.environmentName }} steps: - name: Checkout From 549834188532c7b99581da9385ecbcbe395ee36b Mon Sep 17 00:00:00 2001 From: Marcus Robinson Date: Fri, 18 Jul 2025 14:42:33 +0000 Subject: [PATCH 3/4] fix linting --- .github/actions/devcontainer_run_command/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/devcontainer_run_command/action.yml b/.github/actions/devcontainer_run_command/action.yml index d60d147..94d02dd 100644 --- a/.github/actions/devcontainer_run_command/action.yml +++ b/.github/actions/devcontainer_run_command/action.yml @@ -1,6 +1,7 @@ --- name: "run_command" description: "Run a command in a devcontainer" +# yamllint disable rule:line-length inputs: COMMAND: description: "The command you want to run in the Devcontainer." From fc8946036c56fa43d96074304547a5b3c35888dc Mon Sep 17 00:00:00 2001 From: Marcus Robinson Date: Fri, 18 Jul 2025 14:52:23 +0000 Subject: [PATCH 4/4] fix merge issue --- .github/actions/devcontainer_run_command/action.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/actions/devcontainer_run_command/action.yml b/.github/actions/devcontainer_run_command/action.yml index 94d02dd..0611dad 100644 --- a/.github/actions/devcontainer_run_command/action.yml +++ b/.github/actions/devcontainer_run_command/action.yml @@ -151,6 +151,14 @@ inputs: description: "When set to true removes the need for users to manually grant consent when creating new workspaces" required: false default: "false" + ENABLE_DNS_POLICY: + description: "Enable the DNS security policy" + required: false + default: "false" + ALLOWED_DNS: + description: "Add allowed domain name to the DNS security policy" + required: false + default: "[]" runs: using: composite