Acceptance Criteria Checklist (DoD)

[anfibiacreativa]

The following checklist must be complete before a template is published.

Repository Management

• Standards compliant README.md as the one in the example, is in place
• License is in place. Make sure you choose the correct license
• Security guidelines are in place
• Contribution guidelines are in place
• Code of conduct is in place
• Issue template is in place
• Language, model, and relevant technology topic labels are added, including azd-templates and ai-azd-templates (The latter is being created)
• Repo description is in place, describing the use case and technologies used in the solution

Source code structure and conventions

• GitHub Actions (This refers to .github/workflows/azure-dev.yml or custom workflow to run on a GitHub runner) is in place
• DevContainer (/.devcontainer folder where applicable) configuration is in place
• Infrastructure as code is in place (/infra folder where applicable, manifest files or code generators in the case of Aspire and similar )
• Azure services configuration (/azure.yml file) is in place
• Minimum coverage tests are in place

Functional requirements

• azd up successfully provisions and deploys a functional app
• GitHub Actions run tasks without errors
• DevContainer has been tested locally and runs
• Codespaces run [locally and in browser]
• All tests pass

In the absence of e2e tests,

• The application has been manually tested to work as per the requirement

Security requirements

• Microsoft Managed Identity is implemented
• microsoft/security-devops-action is integrated to the CI/CD pipeline and the analyzer were ran

When a service selected doesn't support Managed Identity, the corresponding issue must have been reported and the security considerations section in the readme, should clearly explain the alternatives.

• Azure Key Vault is a preferred alternative

The following items are not strictly enforced but may prevent the template from being added to the gallery.

Project code follows standard structure, per language. Please check one.

• Yes, follows standards
• No, doesn't follow standards

Code follows recommended style guide

• Yes, follows style guide
• No, doesn't follow style guide

[anfibiacreativa]

@pamelafox can you please confirm the security requirements are met and close the issue when done. Thank you!

[pamelafox]

Hm, we dont have a security guidelines section yet. We do have https://github.com/Azure-Samples/azure-search-openai-demo/blob/main/docs/productionizing.md#additional-security-measures which somewhat covers up but doesnt mention secret scanning. I guess we have to add another section to our long readme. Is that what you're doing for https://github.com/Azure-Samples/azure-search-openai-javascript ?

[mattgotteiner]

I get a 404 when I navigate to this link.
https://github.com/Azure-Samples/azd-template-artifacts/blob/main/SECURITY.md

Are we supposed to add our own security guidelines? I did not find a SECURITY.md file in azure-search-openai-javascript either