NET9 (#70)

ondfisk · Nov 17, 2024 · 304176d · 304176d
1 parent 9986d67
commit 304176d
Show file tree

Hide file tree

Showing 10 changed files with 93 additions and 152 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,6 +1,6 @@
-FROM mcr.microsoft.com/devcontainers/dotnet:9.0
+FROM mcr.microsoft.com/devcontainers/dotnet:dev-9.0-bookworm-slim
 
 USER vscode
 
-RUN dotnet tool install --global dotnet-ef --prerelease \
+RUN dotnet tool install --global dotnet-ef \
     && dotnet tool install --global dotnet-outdated-tool
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,21 +1,21 @@
 {
-  "name": "C# 9 and MS SQL",
+  "name": "GitHub Demo",
   "dockerComposeFile": "docker-compose.yml",
   "service": "app",
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
   "features": {
-    "ghcr.io/devcontainers/features/azure-cli": {
+    "ghcr.io/devcontainers/features/azure-cli:1.2.5": {
       "installBicep": true,
       "extensions": "serviceconnector-passwordless"
     },
-    "ghcr.io/devcontainers/features/docker-outside-of-docker": {},
-    "ghcr.io/devcontainers/features/dotnet": {
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1.6.0": {},
+    "ghcr.io/devcontainers/features/dotnet:2.1.3": {
       "version": "lts"
     },
-    "ghcr.io/devcontainers/features/powershell": {
+    "ghcr.io/devcontainers/features/powershell:1.5.0": {
       "modules": "Microsoft.Graph.Authentication,Microsoft.Graph.Applications"
     },
-    "ghcr.io/jlaundry/devcontainer-features/mssql-odbc-driver": {}
+    "ghcr.io/jlaundry/devcontainer-features/mssql-odbc-driver:1.0.2": {}
   },
   "customizations": {
     "vscode": {

diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -1,6 +1,4 @@
 ---
-version: "3"
-
 services:
   app:
     build:
@@ -17,7 +15,7 @@ services:
     network_mode: service:db
 
   db:
-    image: mcr.microsoft.com/mssql/server:latest
+    image: mcr.microsoft.com/mssql/server:2022-latest
     restart: unless-stopped
     environment:
       MSSQL_SA_PASSWORD: <YourStrong@Passw0rd>

diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
@@ -1,26 +1,7 @@
 ---
 quiet: true
 skip-check:
-  - CKV_AZURE_13 # Ensure App Service Authentication is set on Azure App Service
-  - CKV_AZURE_17 # Ensure the web app has 'Client Certificates (Incoming client certificates)' set
-  - CKV_AZURE_23 # Ensure that 'Auditing' is set to 'On' for SQL servers
-  - CKV_AZURE_24 # Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers
-  - CKV_AZURE_25 # Ensure that 'Threat Detection types' is set to 'All'
-  - CKV_AZURE_26 # Ensure that 'Send Alerts To' is enabled for MSSQL servers
-  - CKV_AZURE_27 # Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers
-  - CKV_AZURE_35 # Ensure default network access rule for Storage Accounts is set to deny
-  - CKV_AZURE_59 # Ensure that Storage Accounts disallow public access
-  - CKV_AZURE_63 # Ensure that App service enables HTTP logging
-  - CKV_AZURE_65 # Ensure that App service enables detailed error messages
-  - CKV_AZURE_66 # Ensure that App service enables failed request tracing
-  - CKV_AZURE_80 # Ensure that 'Net Framework' version is the latest, if used as a part of the web app
-  - CKV_AZURE_88 # Ensure that App Services use Azure Files
-  - CKV_AZURE_109 # Ensure that Key Vault allows firewall rules settings
-  - CKV_AZURE_113 # Ensure that SQL server disables public network access
-  - CKV_AZURE_212 # Ensure App Service has a minimum number of instances for failover
-  - CKV_AZURE_222 # Ensure that Azure Web App public network access is disabled
-  - CKV_AZURE_225 # Ensure the App Service Plan is zone redundant
-  - CKV_AZURE_229 # Ensure the Azure SQL Database Namespace is zone redundant
+  - CKV_AZURE* # Azure checks are skipped as we rely on Azure Policy instead
 skip-path:
   - bin
   - obj
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -10,15 +10,15 @@ name: Lint
       - main
   workflow_dispatch:
 
-permissions:
-  contents: read
+permissions: {}
 
 jobs:
   build:
     name: Lint
     runs-on: ubuntu-latest
 
     permissions:
+      contents: read
       statuses: write
 
     steps:
@@ -33,10 +33,6 @@ jobs:
         uses: super-linter/super-linter@v7.1.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          VALIDATE_CSHARP: false # temporary workaround for linter not supporting .NET 9
-          VALIDATE_CSS: false
-          VALIDATE_CSS_PRETTIER: false
           VALIDATE_DOTNET_SLN_FORMAT_ANALYZERS: false # temporary workaround for linter not supporting .NET 9
           VALIDATE_DOTNET_SLN_FORMAT_STYLE: false # temporary workaround for linter not supporting .NET 9
-          VALIDATE_DOTNET_SLN_FORMAT_WHITESPACE: false # temporary workaround for linter not supporting .NET 9
           VALIDATE_JSCPD: false
diff --git a/GitHubDemo.sln b/GitHubDemo.sln
@@ -3,13 +3,13 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.0.31903.59
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{BC8272E9-6C86-4529-ABF5-ADE357F95895}"
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{597B0C74-47E0-4058-A130-31F966A48ED4}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MovieApi", "src\MovieApi\MovieApi.csproj", "{113B8C8A-EB3A-44A6-A9E0-74CDCEA4B167}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MovieApi", "src\MovieApi\MovieApi.csproj", "{F0C0F4B9-056C-4693-8F6B-499A35F509F0}"
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{2C67BE85-4D03-4846-BAD6-1B12237DC24E}"
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{38D7A021-4D84-45D6-87C8-FF75C3ABEEC3}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MovieApi.Tests", "tests\MovieApi.Tests\MovieApi.Tests.csproj", "{233E184E-373C-4010-AF96-F4E6010F837C}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MovieApi.Tests", "tests\MovieApi.Tests\MovieApi.Tests.csproj", "{9B920ED7-9B16-42CF-AEA3-E705EB95E05F}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -20,17 +20,17 @@ Global
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{113B8C8A-EB3A-44A6-A9E0-74CDCEA4B167}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{113B8C8A-EB3A-44A6-A9E0-74CDCEA4B167}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{113B8C8A-EB3A-44A6-A9E0-74CDCEA4B167}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{113B8C8A-EB3A-44A6-A9E0-74CDCEA4B167}.Release|Any CPU.Build.0 = Release|Any CPU
-		{233E184E-373C-4010-AF96-F4E6010F837C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{233E184E-373C-4010-AF96-F4E6010F837C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{233E184E-373C-4010-AF96-F4E6010F837C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{233E184E-373C-4010-AF96-F4E6010F837C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F0C0F4B9-056C-4693-8F6B-499A35F509F0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F0C0F4B9-056C-4693-8F6B-499A35F509F0}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F0C0F4B9-056C-4693-8F6B-499A35F509F0}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F0C0F4B9-056C-4693-8F6B-499A35F509F0}.Release|Any CPU.Build.0 = Release|Any CPU
+		{9B920ED7-9B16-42CF-AEA3-E705EB95E05F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{9B920ED7-9B16-42CF-AEA3-E705EB95E05F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{9B920ED7-9B16-42CF-AEA3-E705EB95E05F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{9B920ED7-9B16-42CF-AEA3-E705EB95E05F}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
-		{113B8C8A-EB3A-44A6-A9E0-74CDCEA4B167} = {BC8272E9-6C86-4529-ABF5-ADE357F95895}
-		{233E184E-373C-4010-AF96-F4E6010F837C} = {2C67BE85-4D03-4846-BAD6-1B12237DC24E}
+		{F0C0F4B9-056C-4693-8F6B-499A35F509F0} = {597B0C74-47E0-4058-A130-31F966A48ED4}
+		{9B920ED7-9B16-42CF-AEA3-E705EB95E05F} = {38D7A021-4D84-45D6-87C8-FF75C3ABEEC3}
 	EndGlobalSection
 EndGlobal
diff --git a/README.md b/README.md
@@ -95,7 +95,7 @@ This project demonstrates a number of capabilities in GitHub and Microsoft Azure
 To lint repository locally run (from WSL):
 
 ```bash
-docker run -e DEFAULT_BRANCH=main -e RUN_LOCAL=true -e FIX_JSON_PRETTIER=true -e FIX_YAML_PRETTIER=true -e VALIDATE_CSHARP=false -e VALIDATE_DOTNET_SLN_FORMAT_ANALYZERS=false -e VALIDATE_DOTNET_SLN_FORMAT_STYLE=false -e VALIDATE_DOTNET_SLN_FORMAT_WHITESPACE=false -e VALIDATE_JSCPD=false -v .:/tmp/lint --rm ghcr.io/super-linter/super-linter:latest
+docker run -e DEFAULT_BRANCH=main -e RUN_LOCAL=true -e FIX_JSON_PRETTIER=true -e FIX_JSON=true -e FIX_YAML_PRETTIER=true -e VALIDATE_JSCPD=false -e VALIDATE_DOTNET_SLN_FORMAT_ANALYZERS=false -e VALIDATE_DOTNET_SLN_FORMAT_STYLE=false -v .:/tmp/lint --rm ghcr.io/super-linter/super-linter:latest
 ```
 
 You can find the Azure DevOps version [here](https://dev.azure.com/ondfisk/AzureDevOpsDemo).
diff --git a/infrastructure/main.bicep b/infrastructure/main.bicep
@@ -12,7 +12,7 @@ param stagingDatabaseSku string = 'Basic'
 var deploymentSlotName = 'staging'
 var stagingDatabaseName = '${databaseName}Staging'
 
-resource webApp 'Microsoft.Web/sites@2023-12-01' = {
+resource webApp 'Microsoft.Web/sites@2024-04-01' = {
   name: webAppName
   location: location
   kind: 'app,linux,container'
@@ -21,52 +21,60 @@ resource webApp 'Microsoft.Web/sites@2023-12-01' = {
   }
   properties: {
     serverFarmId: appServicePlanId
-    reserved: true
-    hyperV: false
     siteConfig: {
       acrUseManagedIdentityCreds: true
-      alwaysOn: true
-      detailedErrorLoggingEnabled: true
-      ftpsState: 'Disabled'
       healthCheckPath: '/healthz'
-      http20Enabled: true
-      httpLoggingEnabled: true
-      minTlsVersion: '1.2'
-      scmMinTlsVersion: '1.2'
     }
-    httpsOnly: true
-    publicNetworkAccess: 'Enabled'
   }
-}
 
-resource deploymentSlot 'Microsoft.Web/sites/slots@2023-12-01' = {
-  name: deploymentSlotName
-  parent: webApp
-  location: location
-  kind: 'app,linux,container'
-  identity: {
-    type: 'SystemAssigned'
+  resource slotConfigNames 'config' = {
+    name: 'slotConfigNames'
+    properties: {
+      appSettingNames: [
+        'APPLICATIONINSIGHTS_CONNECTION_STRING'
+        'AZURE_SQL_CONNECTIONSTRING'
+      ]
+      azureStorageConfigNames: []
+      connectionStringNames: []
+    }
   }
-  properties: {
-    serverFarmId: appServicePlanId
-    reserved: true
-    hyperV: false
-    siteConfig: {
-      acrUseManagedIdentityCreds: true
-      alwaysOn: true
-      detailedErrorLoggingEnabled: true
-      ftpsState: 'Disabled'
-      healthCheckPath: '/healthz'
-      http20Enabled: true
-      httpLoggingEnabled: true
-      minTlsVersion: '1.2'
-      scmMinTlsVersion: '1.2'
+
+  resource appSettings 'config' = {
+    name: 'appsettings'
+    properties: {
+      APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString
+      ApplicationInsightsAgent_EXTENSION_VERSION: '~3'
+      AZURE_SQL_CONNECTIONSTRING: 'Server=tcp:${sqlServer.properties.fullyQualifiedDomainName},1433;Initial Catalog=${databaseName};Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication=ActiveDirectoryManagedIdentity'
+      XDT_MicrosoftApplicationInsights_Mode: 'Recommended'
     }
-    httpsOnly: true
-    publicNetworkAccess: 'Enabled'
   }
-}
 
+  resource deploymentSlot 'slots' = {
+    name: deploymentSlotName
+    location: location
+    kind: 'app,linux,container'
+    identity: {
+      type: 'SystemAssigned'
+    }
+    properties: {
+      serverFarmId: appServicePlanId
+      siteConfig: {
+        acrUseManagedIdentityCreds: true
+        healthCheckPath: '/healthz'
+      }
+    }
+
+    resource stagingAppSettings 'config' = {
+      name: 'appsettings'
+      properties: {
+        APPLICATIONINSIGHTS_CONNECTION_STRING: stagingApplicationInsights.properties.ConnectionString
+        ApplicationInsightsAgent_EXTENSION_VERSION: '~3'
+        AZURE_SQL_CONNECTIONSTRING: 'Server=tcp:${sqlServer.properties.fullyQualifiedDomainName},1433;Initial Catalog=${stagingDatabaseName};Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication=ActiveDirectoryManagedIdentity'
+        XDT_MicrosoftApplicationInsights_Mode: 'Recommended'
+      }
+    }
+  }
+}
 
 resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
   name: webAppName
@@ -78,31 +86,7 @@ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
   }
 }
 
-resource appSettings 'Microsoft.Web/sites/config@2023-12-01' = {
-  name: 'appsettings'
-  parent: webApp
-  properties: {
-    APPLICATIONINSIGHTS_CONNECTION_STRING: applicationInsights.properties.ConnectionString
-    ApplicationInsightsAgent_EXTENSION_VERSION: '~3'
-    AZURE_SQL_CONNECTIONSTRING: 'Server=tcp:${sqlServer.properties.fullyQualifiedDomainName},1433;Initial Catalog=${databaseName};Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication=ActiveDirectoryManagedIdentity'
-    XDT_MicrosoftApplicationInsights_Mode: 'Recommended'
-  }
-}
-
-resource slotConfigNames 'Microsoft.Web/sites/config@2023-12-01' = {
-  name: 'slotConfigNames'
-  parent: webApp
-  properties: {
-    appSettingNames: [
-      'APPLICATIONINSIGHTS_CONNECTION_STRING'
-      'AZURE_SQL_CONNECTIONSTRING'
-    ]
-    azureStorageConfigNames: []
-    connectionStringNames: []
-  }
-}
-
-resource stagingApplicationInsights 'Microsoft.Insights/components@2020-02-02'= {
+resource stagingApplicationInsights 'Microsoft.Insights/components@2020-02-02' = {
   name: '${webAppName}-staging'
   location: location
   kind: 'web'
@@ -112,18 +96,7 @@ resource stagingApplicationInsights 'Microsoft.Insights/components@2020-02-02'=
   }
 }
 
-resource stagingAppSettings 'Microsoft.Web/sites/slots/config@2023-12-01' = {
-  name: 'appsettings'
-  parent: deploymentSlot
-  properties: {
-    APPLICATIONINSIGHTS_CONNECTION_STRING: stagingApplicationInsights.properties.ConnectionString
-    ApplicationInsightsAgent_EXTENSION_VERSION: '~3'
-    AZURE_SQL_CONNECTIONSTRING: 'Server=tcp:${sqlServer.properties.fullyQualifiedDomainName},1433;Initial Catalog=${stagingDatabaseName};Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication=ActiveDirectoryManagedIdentity'
-    XDT_MicrosoftApplicationInsights_Mode: 'Recommended'
-  }
-}
-
-resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = {
+resource sqlServer 'Microsoft.Sql/servers@2024-05-01-preview' = {
   name: sqlServerName
   location: location
   identity: {
@@ -137,7 +110,6 @@ resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = {
       principalType: 'Group'
       sid: sqlAdminGroupId
     }
-    minimalTlsVersion: '1.2'
   }
 
   resource azureServices 'firewallRules' = {
@@ -147,24 +119,22 @@ resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = {
       endIpAddress: '0.0.0.0'
     }
   }
-}
 
-resource database 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
-  parent: sqlServer
-  name: databaseName
-  location: location
-  sku: {
-    name: databaseSku
+  resource database 'databases' = {
+    name: databaseName
+    location: location
+    sku: {
+      name: databaseSku
+    }
+    properties: {}
   }
-  properties: {}
-}
 
-resource stagingDatabase 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
-  parent: sqlServer
-  name: stagingDatabaseName
-  location: location
-  sku: {
-    name: stagingDatabaseSku
+  resource stagingDatabase 'databases' = {
+    name: stagingDatabaseName
+    location: location
+    sku: {
+      name: stagingDatabaseSku
+    }
+    properties: {}
   }
-  properties: {}
 }
diff --git a/src/MovieApi/MovieApi.csproj b/src/MovieApi/MovieApi.csproj
@@ -6,22 +6,18 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <EnableSdkContainerSupport>true</EnableSdkContainerSupport>
     <ContainerRepository>ondfisk-githubdemo</ContainerRepository>
-    <ContainerBaseImage>mcr.microsoft.com/dotnet/aspnet:9.0-bookworm-slim</ContainerBaseImage>
+    <ContainerBaseImage>mcr.microsoft.com/dotnet/aspnet:9.0-azurelinux3.0-amd64</ContainerBaseImage>
     <UserSecretsId>daa757f0-b8d5-4679-8e0a-c60b6cb633eb</UserSecretsId>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" Version="1.13.1" />
     <PackageReference Include="Azure.Monitor.OpenTelemetry.AspNetCore" Version="1.2.0" />
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.0-rc.2.24474.3" />
-    <PackageReference Include="Microsoft.EntityframeworkCore.Design" Version="9.0.0-rc.2.24474.1">
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.0" />
+    <PackageReference Include="Microsoft.EntityframeworkCore.Design" Version="9.0.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.EntityframeworkCore.SqlServer" Version="9.0.0-rc.2.24474.1" />
-    <PackageReference Include="System.Drawing.Common" Version="8.0.10" />
-    <PackageReference Include="System.Private.Uri" Version="4.3.2" />
-    <PackageReference Include="System.Text.Json" Version="9.0.0-rc.2.24473.5" />
+    <PackageReference Include="Microsoft.EntityframeworkCore.SqlServer" Version="9.0.0" />
   </ItemGroup>
 
 </Project>