Acceptance Criteria Checklist (DoD)

[anfibiacreativa]

The following checklist must be complete before a template is published.

Repository Management

• [x] Standards compliant README.md as the one in the example, is in place
• [x] License is in place. Make sure you choose the correct license
• [ ] Security guidelines are in place
• [x] Contribution guidelines are in place
• [x] Code of conduct is in place
• [x] Issue template is in place
• [x] Language, model, and relevant technology topic labels are added, including azd-templates and ai-azd-templates (The latter is being created)
• [x] Repo description is in place, describing the use case and technologies used in the solution

Source code structure and conventions

• [x] GitHub Actions (This refers to .github/workflows/azure-dev.yml or custom workflow to run on a GitHub runner) is in place
• [x] DevContainer (/.devcontainer folder where applicable) configuration is in place
• [x] Infrastructure as code is in place (/infra folder where applicable, manifest files or code generators in the case of Aspire and similar )
• [x] Azure services configuration (/azure.yml file) is in place
• [x] Minimum coverage tests are in place

Functional requirements

• [x] azd up successfully provisions and deploys a functional app
• [x] GitHub Actions run tasks without errors
• [x] DevContainer has been tested locally and runs
• [x] Codespaces run [locally and in browser]
• [x] All tests pass

In the absence of e2e tests,

• [x] The application has been manually tested to work as per the requirement

Security requirements

• [x] Microsoft Managed Identity is implemented
• [x] microsoft/security-devops-action is integrated to the CI/CD pipeline and the analyzer were ran

When a service selected doesn't support Managed Identity, the corresponding issue must have been reported and the security considerations section in the readme, should clearly explain the alternatives.

• Azure Key Vault is a preferred alternative

The following items are not strictly enforced but may prevent the template from being added to the gallery.

Project code follows standard structure, per language. Please check one.

• [x] Yes, follows standards
• [ ] No, doesn't follow standards

Code follows recommended style guide

• [x] Yes, follows style guide
• [ ] No, doesn't follow style guide

[anfibiacreativa]

@pamelafox can you please confirm the security requirements are met and close the issue when done. Thank you!

[pamelafox]

Hm, we dont have a security guidelines section yet. We do have https://github.com/Azure-Samples/azure-search-openai-demo/blob/main/docs/productionizing.md#additional-security-measures which somewhat covers up but doesnt mention secret scanning. I guess we have to add another section to our long readme. Is that what you're doing for https://github.com/Azure-Samples/azure-search-openai-javascript ?

[mattgotteiner]

I get a 404 when I navigate to this link. https://github.com/Azure-Samples/azd-template-artifacts/blob/main/SECURITY.md

Are we supposed to add our own security guidelines? I did not find a SECURITY.md file in azure-search-openai-javascript either