Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add azure pipeline CI #7039

Merged
merged 1 commit into from
Dec 3, 2024
Merged

Conversation

janechu
Copy link
Collaborator

@janechu janechu commented Dec 3, 2024

Pull Request

πŸ“– Description

This is the first step in replacing the github pipeline with an azure pipeline in order to add additional security checks.

πŸ‘©β€πŸ’» Reviewer Notes

Unfortunately, there is no way to test this until it is on the master branch. The steps mirror those found in the current CI.

πŸ“‘ Test Plan

  • Commit this change
  • Test run in Azure
  • Fix any issues

βœ… Checklist

General

  • I have included a change request file using $ npm run change
  • I have added tests for my changes.
  • I have tested my changes.
  • I have updated the project documentation to reflect my changes.
  • I have read the CONTRIBUTING documentation and followed the standards for this project.

@janechu janechu self-assigned this Dec 3, 2024
@janechu janechu force-pushed the users/janechu/add-azure-pipeline-template branch from f9d87d2 to 9f97c06 Compare December 3, 2024 19:33
Copy link
Collaborator

@awentzel awentzel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Jane,
I'm curious what security checks are needed that GitHub doesn't have. GitHub has been leading the way with their security tools so it's a surprising twist I'd like to learn more about. Thanks

@janechu
Copy link
Collaborator Author

janechu commented Dec 3, 2024

Hi Jane, I'm curious what security checks are needed that GitHub doesn't have. GitHub has been leading the way with their security tools so it's a surprising twist I'd like to learn more about. Thanks

It is Microsoft policy to use "Governed Pipeline Templates" for the entire organization where production code is involved, and the check we don't have specifically is their credential scanning, so we have 2 gaps we're filling with this.

Edit: Also to note, we are in an evolving landscape, so using the governed pipeline templates makes it easier for security teams to add/update certain checks without us re-visiting or having to directly be involved in the process.

@janechu janechu merged commit 67a4e8f into master Dec 3, 2024
5 of 7 checks passed
@janechu janechu deleted the users/janechu/add-azure-pipeline-template branch December 3, 2024 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants