Merge branch 'master' into dependabot/npm_and_yarn/fsevents-1.2.13

.github/workflows/delete-slot.yml

@@ -13,15 +13,23 @@ env:
   RESOURCE_GROUP: appserviceblogsite
   SLOT_NAME: pr-${{ github.event.number }}
 
+#OIDC
+permissions:
+    id-token: write
+    contents: read
+
 jobs:
   delete-slot:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Log into Azure CLI with service principal
-      uses: azure/[email protected]
+    #OIDC
+    - name: Run Azure Login with OIDC
+      uses: azure/login@v2
       with:
-        creds: ${{ secrets.ANTARES_BLOG_SITE_SP }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: Delete slot on staging site
       run: | 

.github/workflows/deploy-to-gh-pages.yml

@@ -4,26 +4,26 @@ on:
   push:
     branches:
     - master
+  # Run build every day at 00:00 UTC every day for future-dated articles
   schedule:
-    - cron:  '0 0 * * *'  # Run build every day at 00:00 UTC every day for future-dated articles
+    - cron:  '0 0 * * *' 
 
 permissions:
   contents: write
   pages: write
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     steps:
     - name: Check out repo
       uses: actions/checkout@v1
 
-    - name: Set up Ruby 2.6
+    - name: Set up Ruby 3.0
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.0
+        ruby-version: '3.0'
 
     - name: Install Ruby dependencies
       run: |

.github/workflows/deploy-to-staging-site.yml

@@ -12,6 +12,10 @@ env:
   RESOURCE_GROUP: appserviceblogsite
   SLOT_NAME: pr-${{ github.event.number }}
 
+permissions:
+    id-token: write
+    contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -20,10 +24,10 @@ jobs:
     - name: Check out repo
       uses: actions/checkout@v1
 
-    - name: Set up Ruby 2.6
+    - name: Set up Ruby 3.0
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: '2.6'
+        ruby-version: '3.0'
         bundler-cache: true
 
     - name: Install Ruby dependencies
@@ -40,21 +44,33 @@ jobs:
       run: cd _site && zip -r ../blog.zip .
 
     - name: Upload artifact for deployment job
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: jekyll-app
         path: blog.zip
 
   set-up-test-env:
     name: Create test env
     runs-on: ubuntu-latest
+    permissions:
+     id-token: write
+     contents: read
 
     steps:
-    - name: Log into Azure CLI with service principal
-      uses: azure/login@v1.1
+    - name: Run Azure Login with OIDC
+      uses: azure/login@v2
       with:
-        creds: ${{ secrets.ANTARES_BLOG_SITE_SP }}
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
+    - name: Azure CLI script
+      uses: azure/CLI@v2
+      with:
+        azcliversion: latest
+        inlineScript: |
+          az account show
+
     - name: Create slot on staging site
       run: | 
         az webapp deployment slot create \
@@ -67,25 +83,36 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build, set-up-test-env]
     environment:
-      name: "PR #${{ github.event.number }}"
+      name: "production"
       url: "${{ steps.deploy-to-webapp.outputs.webapp-url }}"
     permissions:
+      id-token: write
+      contents: read
       pull-requests: write
-    
+
     steps:
-    - name: Log into Azure CLI with service principal
-      uses: azure/[email protected]
+    - name: Run Azure Login with OIDC
+      uses: azure/login@v2
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+    - name: Azure CLI script
+      uses: azure/CLI@v2
       with:
-        creds: ${{ secrets.ANTARES_BLOG_SITE_SP }}
+        azcliversion: latest
+        inlineScript: |
+          az account show
 
     - name: Download artifact from build job
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4
       with:
         name: jekyll-app
 
     - name: Deploy to slot on staging site
-      uses: azure/webapps-deploy@v1
-      with: 
+      uses: Azure/webapps-deploy@v3.0.0
+      with:
         app-name: ${{ env.WEBAPP_NAME }}
         slot-name: ${{ env.SLOT_NAME }}
         package: blog.zip

CONTRIBUTING.md

@@ -33,6 +33,9 @@ The App Service Team Blog is a great place to share content with our users. Befo
 
 1. Get contributor access to the repository. Email Jeff Martinez with your GitHub username. This will allow you to submit pull requests without creating and maintaining your own fork of the repository.
 
+> **NOTE**
+You cannot contribute from a forked repository
+
 ### Set up your environment
 
 1. Download and install the [Ruby development kit](https://jekyllrb.com/docs/installation/)

_pages/team_pages/java.md

@@ -13,7 +13,7 @@ pagination:
     after: 2
 ---
 
-App Service supports Java SE and Tomcat applications on Windows and Linux. Use the REST APIs to deploy your .jar or .war files. You can also use the [Zulu OpenJDK for Azure Docker images](https://hub.docker.com/_/microsoft-java-jdk) to deploy a custom container, fully supported by Azure.
+App Service supports Java SE and Tomcat applications on Windows and Linux. Use the REST APIs to deploy your .jar or .war files. You can also use the [Container images for the Microsoft Build of OpenJDK](https://learn.microsoft.com/en-us/java/openjdk/containers) to deploy a custom container, fully supported by Azure.
 
 ## Helpful resources
 

_posts/2021-06-22-Root-CA-on App-Service-Guide.md

@@ -6,21 +6,22 @@ toc_sticky: true
 category: certsdomains
 ---
 
-App Service has a list of Trusted Root Certificates which you cannot modify in the multi-tenant variant version of App Service, but you can load your own CA certificate in the Trusted Root Store in an App Service Environment (ASE), which is a single-tenant environment in App Service. (The Free, Basic, Standard, and Premium App Service Plans are all multi-tenant, and the Isolated Plans are single-tenant.)
+App Service has a list of Trusted Root Certificates which you cannot modify in the multi-tenant Windows variant version of App Service, but you can load your own Certificate Authority (CA) certificate in the Trusted Root Store in an App Service Environment (ASE), which is a single-tenant environment in App Service. (The Free, Basic, Standard, and Premium App Service Plans are all multi-tenant, and the Isolated Plans are single-tenant.)
 
-When an app hosted on Azure App Service, tries to connect to a remote endpoint over SSL, it is important that the certificate on remote endpoint service is issued by a Trusted Root CA. If the certificate on the remote service is a self-signed certificate or a private CA certificate, then it will not be trusted by the instance hosting your app and the SSL handshake will fail with this error:
+When an Windows app hosted on Azure App Service tries to connect to a remote endpoint over SSL, it is important that the certificate on the remote endpoint service is issued by a Trusted Root CA. If the certificate on the remote service is a self-signed certificate or a private CA certificate, then it will not be trusted by the instance hosting your app and the SSL handshake will fail with this error:
 
 ``` 
 "Could not establish trust relationship for the SSL/TLS secure channel". 
 ```
 
-In this situtation, there are two solutions:
+In this situation, there are two solutions:
 
 1. Use a certificate that is issued by one of the Trusted Root Certificate Authorities in App Service on the remote server. 
     - [How to get a list of Trusted Root CA on App Service using Kudu](#how-to-get-a-list-of-trusted-root-ca-on-app-service-using-kudu)
 1. If the remote service endpoint certificate could not be changed or there is a need to use a private CA certificate, host your app on an App Service Environment (ASE) and load your own CA certificate in the Trusted Root Store
     - [How to load your own CA certificate to the Trusted Root Store in ASE](https://docs.microsoft.com/en-us/azure/app-service/environment/certificates#private-client-certificate)
 
+In the multi-tenant Linux and Windows Container variant version of App Service you can [load certificates](https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code?tabs=linux#load-certificate-in-linuxwindows-containers) and leverage them following a typical approach depending on the image used to update the Trusted Root Store.
 
 ## How to get a list of Trusted Root CA on App Service using Kudu