Skip to content

Update CONTRIBUTING.md to use a Fork Based workflow#5

Merged
danieljurek merged 2 commits intoAzure:mainfrom
ellismg:ellismg/update-contributing
Jul 7, 2022
Merged

Update CONTRIBUTING.md to use a Fork Based workflow#5
danieljurek merged 2 commits intoAzure:mainfrom
ellismg:ellismg/update-contributing

Conversation

@ellismg
Copy link
Member

@ellismg ellismg commented Jul 7, 2022

We no longer need to use topic branches and should be doing fork based
workflows now.

@ellismg
Update CONTRIBUTING.md to use a Fork Based workflow
d3d8fc3 
We no longer need to use topic branches and should be doing fork based
workflows now.
@ellismg
Exclude NOTICE.txt from cspell
f8efc25 
This file is auto-generated from existing content based on all the
packages we import. There is no reason to spell check this file.
@danieljurek danieljurek enabled auto-merge (squash) July 7, 2022 20:48
@azure-sdk
Copy link
Collaborator

azure-sdk commented Jul 7, 2022

VSCode Extension Installation Instructions

  1. Download the extension at https://azuresdkreleasepreview.blob.core.windows.net/azd/vscode/pr/5/azure-dev-0.1.0.vsix
  2. Extract the extension from the compressed file
  3. In vscode
    a. Open "Extensions" (Ctrl+Shift+X)
    b. Click the ...\ menu at top of Extensions sidebar
    c. Click "Install from VSIX"
    d. Select location of downloaded file

@azure-sdk
Copy link
Collaborator

azure-sdk commented Jul 7, 2022

Azure Dev CLI Install Instructions

Install scripts

Make sure you've uninstalled the npm package if it's still on your system using npm uninstall -g @azure/az-dev-cli

MacOS/Linux

May elevate using sudo on some platforms and configurations

curl -fsSL https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/5/uninstall-azd.sh | bash;
curl -fsSL https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/5/install-azd.sh | bash -s -- --base-url https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/5 --version '' --verbose

Windows

powershell -c "Set-ExecutionPolicy Bypass Process; irm 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/5/uninstall-azd.ps1' > uninstall-azd.ps1; ./uninstall-azd.ps1;"
powershell -c "Set-ExecutionPolicy Bypass Process; irm 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/5/install-azd.ps1' > install-azd.ps1; ./install-azd.ps1 -BaseUrl 'https://azuresdkreleasepreview.blob.core.windows.net/azd/standalone/pr/5' -Version '' -Verbose;"

Standalone Binary

Container

docker run -it azdevcliextacr.azurecr.io/azure-dev:pr-5

@danieljurek danieljurek merged commit 2b665d7 into Azure:main Jul 7, 2022
@spboyer spboyer mentioned this pull request Feb 25, 2026
Open
jongio added a commit to jongio/azure-dev that referenced this pull request Feb 27, 2026
@jongio
fix: address Copilot review feedback
5219936 
- Use merged_at instead of merged for reliable merge detection (thread Azure#1)
- Expand isDocOnlyPr to handle doc-adjacent assets (thread Azure#2)
- Replace N+1 API calls with git.getTree for doc inventory (thread Azure#3)
- Fix README trigger types to match actual workflow config (thread Azure#5)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio added a commit to jongio/azure-dev that referenced this pull request Feb 28, 2026
@jongio
security: comprehensive hardening from red team assessment
05628b6 
- Pin actions to commit SHAs (actions/checkout, azure/login)
- Cap all_open/list mode to MAX_PRS_PER_RUN=20
- Cap AI output: MAX_REASON_LENGTH=200, MAX_SUMMARY_LENGTH=500
- Add MAX_IMPACTS=15 to limit AI-generated impact count
- Add MAX_CONTENT_SIZE_BYTES=50KB per doc file
- Sanitize doc manifest content (titles, topics, headings)
- Reject unknown repos from AI output (not just warn)
- Validate repo format with regex (owner/repo)
- Block path traversal in AI-returned paths
- Sanitize PR title in log output (strip control chars)
- Strip HTML from existing PR body in closeCompanionPrs
- Remove error messages from tracking comment (prevent data leak)
- Upper-bound PR number input to 999999
- Rename TRUSTED_DOC_INVENTORY to DOC_INVENTORY tag

Red team findings addressed: Azure#2, Azure#5, Azure#6, Azure#8, Azure#9, Azure#10, Azure#11
Admin items remaining: Azure#1 (env gating), Azure#3 (token scope), Azure#4 (OIDC vars)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danieljurek danieljurek danieljurek approved these changes

@wbreza wbreza Awaiting requested review from wbreza wbreza is a code owner

@vhvb1989 vhvb1989 Awaiting requested review from vhvb1989 vhvb1989 is a code owner

@hemarina hemarina Awaiting requested review from hemarina hemarina is a code owner

@jongio jongio Awaiting requested review from jongio

@weikanglim weikanglim Awaiting requested review from weikanglim weikanglim is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ellismg @azure-sdk @danieljurek