Merge branch 'release-v5.0.0' into latest-v4.2.2

.all-contributorsrc

@@ -590,6 +590,25 @@
         "bug",
         "review"
       ]
+    },
+    {
+      "login": "J0shev",
+      "name": "Josh Everett",
+      "avatar_url": "https://avatars.githubusercontent.com/u/17052866?v=4",
+      "profile": "https://github.com/J0shev",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "dsj976",
+      "name": "David Salvador Jasin",
+      "avatar_url": "https://avatars.githubusercontent.com/u/57944311?v=4",
+      "profile": "https://github.com/dsj976",
+      "contributions": [
+        "bug",
+        "doc"
+      ]
     }
   ],
   "contributorsSortAlphabetically": true,

.devcontainer/Dockerfile

@@ -1,50 +1,42 @@
-ARG VARIANT=3.10
-FROM python:${VARIANT}-buster
+ARG VARIANT=3.12
+ARG DISTRIBUTION="bookworm"
+FROM python:${VARIANT}-${DISTRIBUTION}
 
-RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y install --no-install-recommends apt-transport-https \
-    ca-certificates \
-    curl \
-    git \
-    gnupg \
-    libssl-dev \
-    lsb-release \
-    python3-sphinx \
-    sudo
-
-# Set package versions
-ARG AZURE_CLI_VERSION="2.58.0"
-ARG PWSH_VERSION="7.4.3"
+RUN apt-get update \
+    && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends \
+        git \
+        libssl-dev \
+        python3-sphinx
 
 # Install Azure-CLI
-# Get Microsoft signing key
-RUN sudo mkdir -p /etc/apt/keyrings \
-  && curl -sLS https://packages.microsoft.com/keys/microsoft.asc | \
-      gpg --dearmor | \
-      sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null \
-  && sudo chmod go+r /etc/apt/keyrings/microsoft.gpg \
-  && AZ_DIST=$(lsb_release -cs) \
-  && echo "deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_DIST main" | \
-      sudo tee /etc/apt/sources.list.d/azure-cli.list \
-  && sudo apt-get update \
-  && sudo apt-get install azure-cli=$AZURE_CLI_VERSION-1~$AZ_DIST
+RUN apt-get update \
+    && apt-get -y install --no-install-recommends \
+        apt-transport-https \
+        ca-certificates \
+        curl \
+        gnupg \
+        lsb-release
+RUN mkdir -p /etc/apt/keyrings \
+    && curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /etc/apt/keyrings/microsoft.gpg \
+    && chmod go+r /etc/apt/keyrings/microsoft.gpg
 
-# Install Powershell
-# Pull different binaries from Github depending on system architecture
-# The standard APT method currently only works for `amd64`
-# Set up TARGETARCH variable to use to pull the right binaries for the current architecture.
-ARG TARGETARCH
-RUN if [ "${TARGETARCH}" = "arm64" ]; \
-  then \
-    DEBARCH="arm64"; \
-  else \
-    DEBARCH="x86"; \
-  fi; \
-  curl -L -o /tmp/powershell.tar.gz https://github.com/PowerShell/PowerShell/releases/download/v${PWSH_VERSION}/powershell-${PWSH_VERSION}-linux-$DEBARCH.tar.gz \
-  && mkdir -p /opt/microsoft/powershell/7 \
-  && tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \
-  && chmod +x /opt/microsoft/powershell/7/pwsh \
-  && ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
+# Set package versions
+ARG AZURE_CLI_VERSION="2.59.0"
+ARG DISTRIBUTION
+
+# Add the Azure CLI repository
+RUN cat <<EOF > /etc/apt/sources.list.d/azure-cli.sources
+Types: deb
+URIs: https://packages.microsoft.com/repos/azure-cli/
+Suites: $(lsb_release -cs)
+Components: main
+Architectures: $(dpkg --print-architecture)
+Signed-by: /etc/apt/keyrings/microsoft.gpg
+EOF
+
+RUN apt-get update \
+   && apt-get -y install azure-cli=${AZURE_CLI_VERSION}-1~${DISTRIBUTION}
 
 # Create non-root user and give them sudo access
 ARG USERNAME=deploydsh
@@ -64,9 +56,8 @@ USER $USERNAME
 COPY ./docs/requirements.txt /build/requirements.txt
 RUN pip3 install -r /build/requirements.txt
 
-# Install/check needed powershell modules
-COPY ./deployment/CheckRequirements.ps1 /build/CheckRequirements.ps1
-COPY ./deployment/common/Logging.psm1 /build/common/Logging.psm1
-RUN pwsh -Command "& {Set-PSRepository -Name PSGallery -InstallationPolicy Trusted}" \
-  && pwsh -File /build/CheckRequirements.ps1 -InstallMissing  -IncludeDev\
-  && sudo rm -rf /build/
+# Set PATH for pulumi - pulumi installed as feature to work round installing as root
+ENV PATH=$PATH:/home/${USERNAME}/.pulumi/bin
+
+# Install hatch to build the dsh cli tool
+RUN pip3 install hatch

.devcontainer/devcontainer.json

@@ -1,21 +1,24 @@
-// Development container for the Data Safe Haven project
+// Development container for the Data Safe Haven project pulumi
 {
-	"name": "Turing Data Safe Haven",
-	"build": {
-		"context": "..",
-		"dockerfile": "Dockerfile"
-	},
-	"customizations": {
-		"vscode": {
-			"settings": {
-				"terminal.integrated.defaultProfile.linux": "bash"
-			},
-			"extensions": [
-				"github.vscode-pull-request-github",
-				"ms-vscode.powershell",
-				"ms-vscode.azure-account"
-			]
-		}
-	},
-	"remoteUser": "deploydsh"
+    "name": "Turing Data Safe Haven",
+    "build": {
+        "context": "..",
+        "dockerfile": "Dockerfile"
+    },
+    "settings": {
+        "terminal.integrated.defaultProfile.linux": "bash"
+    },
+    "extensions": [
+        "github.vscode-pull-request-github",
+        "ms-vscode.azure-account",
+        "ms-python.python",
+        "christian-kohler.path-intellisense"
+    ],
+    "remoteUser": "deploydsh",
+    "features": {
+        "ghcr.io/devcontainers-contrib/features/pulumi:1": {
+            "version": "latest",
+            "bashCompletion": true
+        }
+    }
 }

.github/ISSUE_TEMPLATE/deployment_bug_report.md

@@ -2,7 +2,7 @@
 name: Deployment bug report
 about: Report a bug that occurs during deployment
 title: "<short description of issue>"
-labels: "type: deployment bug"
+labels: "bug"
 assignees: ""
 ---
 
@@ -20,12 +20,24 @@ Before reporting a problem please check the following. Replace the empty checkbo
 
 ## :computer: System information
 
-- **Operating System:** <!-- Which operating system are you using: Windows, Linux, macOS etc. -->
-- **Data Safe Haven version:** <!-- Which version of the Data Safe Haven are you using: 3.0.0, 3.1.1 etc. -->
+- **Operating System:** <!-- Which operating system you are using: Windows, Linux, macOS etc. -->
+- **Data Safe Haven version:** <!-- Which version of the Data Safe Haven you are using: 3.0.0, 3.1.1 etc. If this is on a branch use `branch name @ 7-letter commit-id` -->
 
-## :cactus: Powershell module versions
+## :package: Packages
 
-<!-- Paste the output of deployment/CheckRequirements.ps1 here -->
+<details>
+<summary>List of packages</summary>
+
+<!--
+Powershell: Run `deployment/CheckRequirements.ps1` and paste the output below
+Python: Run `hatch run pip freeze` and paste the output below
+-->
+
+```none
+Paste list of packages here
+```
+
+</details>
 
 ## :no_entry_sign: Describe the problem
 

.github/ISSUE_TEMPLATE/documentation_improvement.md

@@ -2,7 +2,7 @@
 name: Documentation improvement
 about: Request changes to Data Safe Haven documentation
 title: "<short description of issue>"
-labels: "type: documentation"
+labels: "documentation"
 assignees: ""
 ---
 

.github/ISSUE_TEMPLATE/enhancement_request.md

@@ -2,7 +2,7 @@
 name: Enhancement request
 about: Request new features or upgrades to existing features
 title: "<short description of issue>"
-labels: "type: enhancement"
+labels: "enhancement"
 assignees: ""
 ---
 

.github/ISSUE_TEMPLATE/release_checklist.md

@@ -2,7 +2,7 @@
 name: Release checklist
 about: Log completion of required actions for release testing
 title: "Release: <version number>"
-labels: "type: release-candidate"
+labels: "release candidate"
 assignees: ""
 ---
 
@@ -25,11 +25,11 @@ Refer to the [Deployment](https://data-safe-haven.readthedocs.io/en/latest/deplo
 ### For minor releases and above
 
 - [ ] Deploy an SHM from this branch and save a transcript of the deployment logs
-- [ ] Build an SRE compute image (SRD) and save transcripts of the logs
 - Using the new image, deploy a tier 2 and a tier 3 SRE
     - [ ] Save the transcript of your tier 2 SRE deployment
     - [ ] Save the transcript of your tier 3 SRE deployment
 - [ ] Complete the [Security evaluation checklist](https://data-safe-haven.readthedocs.io/en/latest/deployment/security_checklist.html) from the deployment documentation
+- [ ] Add the new versions tag as an active build on [Read The Docs](https://readthedocs.org) (You can add as a hidden build, before release, to preview)
 
 ### For major releases only