Release 5.3.1 (2025-01-28)

Release Highlights

• Fixes issue with expiring SSL certificate
• Updates Nexus image to fix an initialisation problem

Upgrading from 5.3.0

Run the following command to upgrade an existing SRE

dsh deploy sre YOURSRENAME

What's Changed

• Hotfix: Renew SSL certificate in Pulumi #2380
• Hotfix: update Nexus image by @jemrobinson in #2387

Full Changelog: v5.3.0...v5.3.1

Release 5.3.0 (2025-01-20)

Release Highlights

• Adds/fixes support for Tier 0 and Tier 1 SREs
• Adds a reference section for the command line interface to the documentation

Upgrading from 5.2.1

Run the following command to upgrade an existing SRE

dsh deploy sre YOURSRENAME

What's Changed

• Bump ansible-core from 2.18.0 to 2.18.1 in /.hatch by @dependabot in #2329
• Add command reference to documentation by @craddm in #2238
• Bump the production-dependencies group with 6 updates by @dependabot in #2332
• Remove support for Internet Service Tag for Data Provider IP addresses by @craddm in #2331
• Bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 by @dependabot in #2342
• Bump the production-dependencies group across 1 directory with 14 updates by @dependabot in #2344
• Bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 by @dependabot in #2339
• Retrieve SRE sub name and use that when connecting to guac database by @craddm in #2351
• Merge latest (v5.2.0) into develop by @jemrobinson in #2353
• Bump stefanzweifel/git-auto-commit-action from 5.0.1 to 5.1.0 by @dependabot in #2358
• Bump the production-dependencies group with 4 updates by @dependabot in #2357
• Merge 5.2.1 changes into develop by @JimMadge in #2359
• Bump supported version to latest release by @jemrobinson in #2360
• Modifying Firewall rules to provide Internet Access to T0/T1 by @cptanalatriste in #2327
• Release v5.3.0 by @JimMadge in #2364

Full Changelog: v5.2.1...v5.3.0

Release 5.2.1 (2025-01-13)

Release Highlights

• Fixes guacamole-user-sync crash which was limiting SREs to a maximum of 10 users
• Fixes problem with listing users when SRE and SHM are deployed to different subscriptions

Upgrading from 5.2.0

Run the following command to upgrade an existing SRE

dsh deploy sre YOURSRENAME

What's Changed

• Guacamole user synchronisation problems by @jemrobinson in #2352
• Retrieve SRE sub name and use that when connecting to guac database by @craddm in #2354

Full Changelog: v5.2.0...v5.2.1

Release 5.2.0 (2024-12-05)

Release Highlights

• More logs collected in the log analytics workspace
  • Storage
    • Ingress and egress stores
    • Desired state files
    • Users' home directories
    • Container configuration and persistent state
  • Container services
  • Firewall
• Better CLI feedback and error messages
• Documentation improvements

Known issues

Backup is not functional. Following the notice in the documentation will not enable backup.

Upgrading from 5.1.0

In order to upgrade, you will need to carry out the following steps.

⚠️ Some manual interventions are needed. Please ensure that your data is appropriately backed-up before starting. ⚠️

Step-by-step upgrade instructions

N.B. throughout the instructions below, replace YOURSRENAME with the lower-case name of your SRE

Create an upgrade JSON file with the following contents

{
  "nameTable": {
    "sre_data_component": "urn:pulumi:shm-blue-sre-YOURSRENAME::data-safe-haven::dsh:sre:DataComponent::sre_data",
    "sre_desired_state_component": "urn:pulumi:shm-blue-sre-YOURSRENAME::data-safe-haven::dsh:sre:DesiredStateComponent::sre_desired_state"
  },
  "resources": [
    {
      "type": "dsh:sre:NFSV3StorageAccountComponent",
      "name": "sre_data_storage_account_data_private_sensitive",
      "component": true,
      "parent": "sre_data_component"
    },
    {
      "type": "dsh:sre:NFSV3StorageAccountComponent",
      "name": "sre_desired_state_storage_account",
      "component": true,
      "parent": "sre_desired_state_component"
    }
  ]
}

Apply the upgrade JSON as follows

dsh pulumi run YOURSRENAME 'import --file /full/path/to/your/upgrade.json --yes'
dsh pulumi run YOURSRENAME 'state unprotect --all'

Note that the first command might fail - the import should still have succeeded though.

Download the Pulumi state file

dsh pulumi run YOURSRENAME 'stack export --file /full/path/to/a/local/file.json'

Open the Pulumi state file in an editor and find-and-replace the following strings

From	To
dsh:sre:DataComponent$azure-native:storage:StorageAccount::sre_data_storage_account_data_private_sensitive	dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount::sre_data_storage_account_data_private_sensitive
dsh:sre:DataComponent$azure-native:storage:StorageAccount$azure-native:network:PrivateEndpoint::sre_data_storage_account_data_private_sensitive	dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount$azure-native:network:PrivateEndpoint::sre_data_storage_account_data_private_sensitive
dsh:sre:DataComponent$azure-native:storage:StorageAccount$azure-native:storage:BlobContainer	dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount$azure-native:storage:BlobContainer
dsh:sre:DataComponent$azure-native:storage:StorageAccount$pulumi-python:dynamic:Resource	dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount$pulumi-python:dynamic:Resource
dsh:sre:DataComponent$azure-native:storage:StorageAccount$azure-native:network:PrivateDnsZoneGroup::sre_data_storage_account_data_private_sensitive	dsh:sre:DataComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount$azure-native:network:PrivateDnsZoneGroup::sre_data_storage_account_data_private_sensitive
dsh:sre:DesiredStateComponent$azure-native:storage:StorageAccount	dsh:sre:DesiredStateComponent$dsh:sre:NFSV3StorageAccountComponent$azure-native:storage:StorageAccount

Upload the edited Pulumi state file

dsh pulumi run YOURSRENAME 'stack import --file /full/path/to/a/local/file.json'

Deploy using v5.2.0 which will complete the rest of the upgrade

dsh sre deploy ultramarine

What's Changed

• Cleaner exit when user credentials are incorrect by @craddm in #2296
• Print SRE FQDN when deployment finishes by @craddm in #2297
• Add logging for container instances by @JimMadge in #2295
• Merge latest (v5.1.0) into develop by @craddm in #2304
• Bump the production-dependencies group with 8 updates by @dependabot in #2306
• Add firewall logs by @JimMadge in #2308
• Update release checklist by @JimMadge in #2305
• Add workspace log docs by @craddm in #2312
• Ingest logs for blob containers by @JimMadge in #2310
• Add logging for file shares by @JimMadge in #2319
• Bump karancode/yamllint-github-action from 2.1.1 to 3.0.0 by @dependabot in #2324
• Bump the production-dependencies group with 9 updates by @dependabot in #2323
• Correct T2/3 PyPI/CRAN proxy information by @JimMadge in #2317
• Check that a user belongs to the correct SHM domain when registering with an SRE by @craddm in #2292
• [WIP] Add downloadable template security checklist by @craddm in #2328
• Release v5.2.0 by @JimMadge in #2326

Full Changelog: v5.1.0...v5.2.0

Release 5.1.0 (2024-11-21)

Release Highlights

• Logs from workspaces are now collected in a centralised log analytics workspace
• Research user IP address fields in the SRE configuration can now be set to Internet, rather than a specific IP address
• Bug fixes and documentation improvements

⚠️ Update requires manual intervention ⚠️

In order to update to 5.1.0, you will need to do the following:

N.B. throughout the instructions below, replace YOURSRENAME with the lower-case name of your SRE, and YOURSHMNAME with the lower-case name of your SHM. fqdn refers to the fully-qualified domain name from the SHM config, which can be checked using dsh config show-shm.

Delete the Hedgedoc, Identity, Gitea, and remote desktop container groups

The groups can be deleted via the portal or using Azure CLI.

In the portal, you will find the container groups in the SRE resource group, shm-YOURSHMNAME-sre-YOURSRENAME-rg. The name of the container groups follow the format shm-YOURSHMNAME-sre-YOURSRENAME-container-group-X, where X is the software within the group.

az container delete --name shm-YOURSHMNAME-sre-YOURSRENAME-container-group-hedgedoc --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg
az container delete --name shm-YOURSHMNAME-sre-YOURSRENAME-container-group-identity --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg
az container delete --name shm-YOURSHMNAME-sre-YOURSRENAME-container-group-gitea --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg
az container delete --name shm-YOURSHMNAME-sre-YOURSRENAME-container-group-remote-desktop --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg

Remove the DNS records for the deleted container groups

The CNAME and A records for the Hedgedoc, Identity, and Gitea resources need to be deleted from the public and private DNS zones.

This can be done in the portal, looking in the public DNS Zone for your SRE - YOURSRENAME.fqdn - for CNAME records, and the private DNS Zone - privatelink.YOURSRENAME.fqdn- for the A records.

Alternatively, use the Azure CLI, as below.

az network dns record-set cname delete --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg --zone `YOURSRENAME.fqdn` --name identity
az network dns record-set cname delete --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg --zone `YOURSRENAME.fqdn` --name gitea
az network dns record-set cname delete --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg --zone `YOURSRENAME.fqdn` --name hedgedoc

az network private-dns record-set a delete --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg --zone `privatelink.YOURSRENAME.fqdn` --name identity
az network private-dns record-set a delete --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg --zone `privatelink.YOURSRENAME.fqdn` --name gitea
az network private-dns record-set a delete --resource-group shm-YOURSHMNAME-sre-YOURSRENAME-rg --zone `privatelink.YOURSRENAME.fqdn` --name hedgedoc

Delete the manually deleted resources from the Pulumi state

Run the following DSH CLI commands, ensuring that you have replaced the placeholders with the appropriate SHM and SRE names.

dsh pulumi run YOURSRENAME 'state delete urn:pulumi:shm-YOURSHMNAME-sre-YOURSRENAME::data-safe-haven::dsh:sre:IdentityComponent$pulumi-python:dynamic:Resource::sre_identity_entra_application --target-dependents'
dsh pulumi run YOURSRENAME 'state delete urn:pulumi:shm-YOURSHMNAME-sre-YOURSRENAME::data-safe-haven::dsh:sre:RemoteDesktopComponent$pulumi-python:dynamic:Resource::sre_remote_desktop_entra_application --target-dependents'

N.B. The $ character in the URN above may need to be escaped appropriately for your operating system. As written above, the command will work appropriately on Unix-based systems.

Delete pulumi_vars.yaml from blob storage

The pulumi_vars.yaml file needs to be deleted from blob storage. In the portal, navigate to the storage account for the desired state in the SRE's resource group. Open the desiredstate blob container through the storage browser. In the vars folder, delete the file pulumi_vars.yaml.

Delete the Entra groups and applications

Delete the Microsoft Entra groups and applications previously created by dsh.
These are now managed by Pulumi, which will not be able to run correctly if resources with identical names already exist.

The groups to be deleted are:

Data Safe Haven SRE YOURSRENAME Administrators
Data Safe Haven SRE YOURSRENAME Privileged Users
Data Safe Haven SRE YOURSRENAME Users

The applications to be deleted are:

Data Safe Haven (YOURSHMNAME) Service Principal
sre-YOURSRENAME-guacamole
sre-YOURSRENAME-apricot

Redeploy the SHM and SRE

Finally, redeploy the SHM and SRE from release 5.1.0

dsh shm deploy
dsh sre deploy YOURSRENAME

SRE config files

The method of sanitising SRE names when creating remote configuration files has changed. Previously, hyphens or underscores in the SRE name were removed from the name used for the remote configuration file. If you have an SRE with a hyphen or underscore, you should download the configuration file before upgrading to v5.1.0. Upload the configuration again once you have upgraded to v5.1.0.

What's Changed

• Bump the production-dependencies group with 13 updates by @dependabot in #2244
• Update all contributors by @JimMadge in #2257
• Merge release v5.0.1 into develop by @JimMadge in #2258
• Bump the production-dependencies group with 5 updates by @dependabot in #2259
• Update contributors names by @jemrobinson in #2260
• Bump ruff from 0.7.0 to 0.7.1 in the production-dependencies group by @dependabot in #2264
• Use Pulumi to create Entra applications by @jemrobinson in #2248
• Add confirmation checks and check for deployed SREs before teardown operations by @craddm in #2266
• Add additional documentation about the configuration of copy and paste by @craddm in #2265
• Enable monitoring agent to transmit to log analytics workspace by @craddm in #2279
• Bump lycheeverse/lychee-action from 2.0.2 to 2.1.0 by @dependabot in #2286
• Bump the production-dependencies group across 1 directory with 9 updates by @dependabot in #2287
• Allow 'Internet' for data providers IP by @JimMadge in #2247
• Change method of sanitising SRE names by @craddm in #2284
• [Documentation] Changing suggested SKU to Standard_D8s_v5 by @cptanalatriste in #2290
• docs: update @cptanalatriste as a contributor by @JimMadge in #2293
• Add documentation on updating SRE configurations by @craddm in #2291
• Bump the production-dependencies group with 8 updates by @dependabot in #2298

New Contributors

• @cptanalatriste made their first contribution in #2290

Full Changelog: v5.0.1...v5.1.0

Release 5.0.1 (2024-10-24)

Release Highlights

• Bug fixes
• Support for deployment of SREs to different subscriptions from their SHM
• Enhanced user experience and documentation

⚠️ Update Requires Manual Intervention ⚠️

In order to upgrade from v5.0.0 you will need to delete the Microsoft Entra groups and applications previously created by dsh.
These are now managed by Pulumi, which will not be able to run correctly if resources with identical names already exist

You will also need to rerun the dsh shm deploy command, as some resources have been added to the SHM.

What's Changed

• ⬆️ Update Python dependencies by @github-actions in #2118
• ⬆️ Update Python dependencies by @github-actions in #2139
• Merge v5.0.0 release back into develop by @jemrobinson in #2151
• Pin pyproject dependencies by @jemrobinson in #2154
• ⬆️ Bump typer from 0.12.4 to 0.12.5 by @dependabot in #2161
• ⬆️ Bump types-requests from 2.32.0.20240622 to 2.32.0.20240712 by @dependabot in #2162
• ⬆️ Bump black from 24.4.2 to 24.8.0 by @dependabot in #2163
• ⬆️ Bump ansible-dev-tools from 24.7.2 to 24.8.0 by @dependabot in #2165
• Add project metadata to pyproject.toml by @jemrobinson in #2166
• ⬆️ Bump ruff from 0.5.0 to 0.6.2 by @dependabot in #2164
• ⬆️ Bump coverage from 7.5.4 to 7.6.1 by @dependabot in #2168
• ⬆️ Bump mypy from 1.10.1 to 1.11.2 by @dependabot in #2169
• ⬆️ Bump rich from 13.7.1 to 13.8.0 by @dependabot in #2167
• ⬆️ Bump types-pyyaml from 6.0.12.20240311 to 6.0.12.20240808 by @dependabot in #2170
• ⬆️ Bump ansible from 10.2.0 to 10.3.0 by @dependabot in #2172
• Group dependabot updates into a smaller number of PRs by @jemrobinson in #2171
• ⬆️ Bump the production-dependencies group with 4 updates by @dependabot in #2177
• Update installation instructions by @jemrobinson in #2155
• Replace emoji codes with characters in README by @JimMadge in #2178
• ⬆️ Bump ruff from 0.6.2 to 0.6.3 in the production-dependencies group by @dependabot in #2179
• ⬆️ Bump peter-evans/create-pull-request from 6.1.0 to 7.0.1 by @dependabot in #2182
• ⬆️ Bump cryptography from 43.0.0 to 43.0.1 in /.hatch by @dependabot in #2180
• ⬆️ Bump cryptography from 43.0.0 to 43.0.1 by @dependabot in #2181
• ⬆️ Bump the production-dependencies group across 1 directory with 7 updates by @dependabot in #2186
• ⬆️ Bump the production-dependencies group with 7 updates by @dependabot in #2183
• ⬆️ Bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 by @dependabot in #2190
• ⬆️ Bump the production-dependencies group with 13 updates by @dependabot in #2191
• Update mount points by @JimMadge in #2092
• Add ansible vars file by @JimMadge in #2115
• ⬆️ Bump peter-evans/create-pull-request from 7.0.2 to 7.0.5 by @dependabot in #2193
• ⬆️ Bump the production-dependencies group with 11 updates by @dependabot in #2194
• Show invalid config by @JimMadge in #2189
• docs: add @mattwestby as a contributor by @JimMadge in #2198
• Tidy ansible by @JimMadge in #2192
• Replace install deb script with Ansible tasks by @JimMadge in #2205
• Add log messages for SRE deployment by @JimMadge in #2204
• Update devcontainer by @craddm in #2206
• Raise exception when admin group name is not found by @craddm in #2196
• Bump the production-dependencies group with 7 updates by @dependabot in #2208
• Update to v0.6.0 of guacamole-user-sync by @jemrobinson in #2214
• Add notes on workspace VM sizes by @JimMadge in #2213
• Only print user tables for deployed SREs by @craddm in #2216
• Switch to psycopg[binary] by @jemrobinson in #2217
• Replace DBeaver with Beekeeper Studio by @JimMadge in #2218
• Use appropriate provider for SHM DNS record by @JimMadge in #2202
• Bump the production-dependencies group with 6 updates by @dependabot in #2224
• Update smoke tests for new mount locations by @JimMadge in #2219
• Modify workspace VM cloud-init to facilitate disk mounting and LDAP login by @craddm in #2223
• Move security group creation to Pulumi by @jemrobinson in #2160
• Use correct paths to shared, input, and output drives on desktop by @craddm in #2227
• Catch config upload validation errors by @craddm in #2211
• Add list of supported regions by @JimMadge in #2230
• Remove desktop files for gitea/hedgedoc by @JimMadge in #2226
• Remove ANSI escape sequences from logfile by @JimMadge in #2231
• Bump lycheeverse/lychee-action from 1.10.0 to 2.0.1 by @dependabot in #2236
• Bump the production-dependencies group with 10 updates by @dependabot in #2235
• Simplify code for checking config availability and SRE deployment status by @craddm in #2234
• Add internet by @JimMadge in #2233
• Fix Pulumi/dsh Python mismatch by @jemrobinson in #2240
• Bump lycheeverse/lychee-action from 2.0.1 to 2.0.2 by @dependabot in #2245
• Use SHM name instead of description for Entra app by @craddm in #2243
• Merge develop changes in 5.0.1rc1 by @JimMadge in #2246
• Unchangable Pulumi workspace configuration by @JimMadge in #2237
• Improve DNS delegation feedback by @JimMadge in #2253
• Standardise subscription logging by @jemrobinson in #2255
• Management documentation updates by @craddm in #2254
• Release 5.0.1 by @jemrobinson in #2251

Full Changelog: v5.0.0...v5.0.1

Release 5.0.0 (2024-08-20)

Upgrading

This is a major release and it not compatible with any previous versions.
To use this version you must start a new TRE deployment.

Changes

• Complete rewrite of code in Python using IAC and configuration management tools Pulumi and Ansible

What's Changed

• Release v4.0.1 candidate by @jemrobinson in #1324
• Proof-of-concept migration to Pulumi for deployment by @jemrobinson in #1316
• Release v4.0.2 candidate by @jemrobinson in #1353
• Release v4.0.3 candidate by @jemrobinson in #1365
• Add instructions for installing documentation build dependencies by @JimMadge in #1370
• Update docs with how to resize VMs by @edwardchalstrey1 in #1367
• Update Badges by @JimMadge in #1371
• Update Powershell module requirements by @craddm in #1368
• Allow -UseDeviceAuthentication switch in Deploy_SHM.ps1 by @craddm in #1378
• Prevent removal of backup data during dry run by @JimMadge in #1383
• Pulumi: Fix user list retrieval by @craddm in #1386
• Policy for software package requests by @jemrobinson in #1387
• Add firewall to Pulumi by @jemrobinson in #1375
• Add arrow CRAN package to Tier 3 allowlist by @craddm in #1391
• ⬆️ Update caching in allowlists workflow by @jemrobinson in #1395
• Update user management guide to explain adding users to security group and changing a phone number by @edwardchalstrey1 in #1389
• Add Python type-hinting throughout Pulumi codebase by @jemrobinson in #1390
• Add instructions for GPU VM resizing by @edwardchalstrey1 in #1399
• Simplify Pulumi secret handling by @jemrobinson in #1400
• Add separate docs section GPU VMs and specify NVIDIA required by @edwardchalstrey1 in #1406
• Add Linux update server proxy by @jemrobinson in #1404
• Remove reference to unused System Administrators Security Group by @edwardchalstrey1 in #1407
• Add automated updates to Pulumi by @jemrobinson in #1412
• Refactor SRD creation by @jemrobinson in #1416
• Add SHM bastion by @jemrobinson in #1417
• Fix allowlist generation by @jemrobinson in #1422
• Update SRD image by @jemrobinson in #1421
• Fix incorrect logic around automated PR creation by @jemrobinson in #1426
• Update PyPI and CRAN allow lists by @github-actions in #1425
• Add new servicebus endpoints for self-service password reset by @edwardchalstrey1 in #1423
• Update PyPI and CRAN allow lists by @github-actions in #1428
• Update PyPI and CRAN allow lists by @github-actions in #1429
• Remove egress steps not carried out by System Manager by @edwardchalstrey1 in #1434
• Update SRE user troubleshooting by @edwardchalstrey1 in #1435
• Update SRD package versions by @github-actions in #1433
• Update PyPI and CRAN allow lists by @github-actions in #1437
• Update SRD package versions by @github-actions in #1440
• Add RPostgreSQL to t3 extra cran allowlist by @edwardchalstrey1 in #1441
• Revert "Add RPostgreSQL to t3 extra cran allowlist" by @JimMadge in #1442
• Better package name matching for Nexus by @craddm in #1447
• Update PyPI and CRAN allow lists by @github-actions in #1454
• Update PyPI and CRAN allow lists by @github-actions in #1456
• Update SRD package versions by @github-actions in #1460
• Update VM resizing note to suggest stopping the VM before increasing the quota by @edwardchalstrey1 in #1408
• Add data preparation guidance (including data integrity) by @JimMadge in #1459
• Migrate docs to readthedocs.io by @JimMadge in #1453
• Create users with no password expiry on AD by @craddm in #1461
• Modify location of requirements.txt in Dockerfile by @craddm in #1464
• Merge documentation changes into release branch by @JimMadge in #1468
• cherrypick devcontainer fix to release branch by @JimMadge in #1469
• Update servicebus endpoints used for self-service password reset by @jemrobinson in #1466
• Correct path to Scriberia cartoon in README.md by @JimMadge in #1475
• Replace deprecated Set-AzDiagnosticSetting by @jemrobinson in #1470
• Update PyPI and CRAN allow lists by @github-actions in #1477
• Correct link on citation badge by @JimMadge in #1474
• Add CODEOWNERS for docs by @jemrobinson in #1478
• Update documentation dependencies by @JimMadge in #1476
• Enable pdf and html downloads on readthedocs by @JimMadge in #1462
• Update SRD package versions by @github-actions in #1482
• Updating SSL certificate doc + gitignore change + undo duplication of docs building by @edwardchalstrey1 in #1432
• Mount data and user directories in SRD by @jemrobinson in #1480
• Change servicebus firewall rule by @craddm in #1485
• Folder typo for SHM deployment by @edwardchalstrey1 in #1488
• Update SRD package versions by @github-actions in #1489
• Force az login before reading Pulumi encryption key by @jemrobinson in #1490
• Clarify PR template by @jemrobinson in #1491
• Offline linkcheck by @JimMadge in #1486
• Pulumi: Add Git and Markdown servers by @jemrobinson in #1492
• Fixing the build warnings for documentation by @craddm in #1483
• Add Nexus repositories by @jemrobinson in #1499
• Pin container images by @JimMadge in #1501
• Automate user synchronisation by @jemrobinson in #1500
• Switch CLI interface to Typer by @jemrobinson in #1502
• Refactor config files by @jemrobinson in #1510
• Add portal.azure.com to lychee ignore list by @JimMadge in #1520
• Bump certifi from 2023.5.7 to 2023.7.22 in /docs by @dependabot in https://github.com/alan-turing-...

Release 5.0.0rc2 (2024-06-26)

Known Issues

⚠️ This release is not ready for production usage. ⚠️

• ClamAV not configured
• Unstable container service IP addresses
• Lacking Nvidia utils

What's Changed

• Use pip-compile for package resolution by @jemrobinson in #1514
• Add pip-tools to NON_IMPORTABLE_PACKAGES by @edwardchalstrey1 in #1537
• Add May 2023 DSG to versioning by @jemrobinson in #1545
• Release v4.1.0 cloud init changes by @edwardchalstrey1 in #1548
• Update SRD package versions by @github-actions in #1578
• Update PyPI and CRAN allow lists by @github-actions in #1579
• Fix deployment issues with MSSQL and PyPi mirrors by @craddm in #1582
• Update PyPI and CRAN allow lists by @github-actions in #1588
• Update SRD package versions by @github-actions in #1587
• Updates for Release v4.1.0 by @craddm in #1590
• Release v4.1.0 by @craddm in #1586
• Remove CoCalc by @craddm in #1554
• Merge 'latest' into 'develop' by @craddm in #1593
• Add script to automate account deletion by @edwardchalstrey1 in #1508
• Add @craddm to CODEOWNERS by @jemrobinson in #1594
• Update PyPI and CRAN allow lists by @github-actions in #1595
• Remove pulumi testing files from develop branch by @craddm in #1597
• Update PyPI and CRAN allow lists by @github-actions in #1601
• Update SRD package versions by @github-actions in #1616
• Update SRD package versions by @github-actions in #1622
• Bump urllib3 from 2.0.2 to 2.0.6 in /docs by @dependabot in #1625
• Improve Pulumi error messages by @craddm in #1624
• Update PyPI and CRAN allow lists by @github-actions in #1627
• Update PyPI and CRAN allow lists by @github-actions in #1631
• Update SRD package versions by @github-actions in #1630
• Improve Python documentation by @jemrobinson in #1635
• Use Pulumi random provider by @jemrobinson in #1629
• Pulumi: Fix selectors not updating by @JimMadge in #1621
• Bump urllib3 from 2.0.6 to 2.0.7 in /docs by @dependabot in #1647
• Remove hyphens from SHM and SRE names by @craddm in #1650
• Update PyPI and CRAN allow lists by @github-actions in #1646
• Update SRD package versions by @github-actions in #1652
• Pulumi: Improve login flow by @JimMadge in #1617
• Update PyPI and CRAN allow lists by @github-actions in #1654
• Add all contributors table and instructions for how to update by @edwardchalstrey1 in #1649
• Update PyPI and CRAN allow lists by @github-actions in #1656
• Update PyPI and CRAN allow lists by @github-actions in #1668
• Update SRD package versions by @github-actions in #1669
• Update devcontainer configuration by @craddm in #1662
• Update outdated parameters that cause breaking change warnings by @craddm in #1663
• Change default lun from lun1 to lun0 by @craddm in #1667
• Add context command by @JimMadge in #1655
• Pulumi: Update dependencies, enable pinning by @JimMadge in #1660
• Remove unneeded opening bracket in SRE network configuration script by @craddm in #1670
• Update PyPI and CRAN allow lists by @github-actions in #1671
• Use memory for the /tmp directory by @craddm in #1672
• Factor out storage creation from SHM scripts by @craddm in #1673
• Add missing import for logging module by @JimMadge in #1681
• Update PyPI and CRAN allow lists by @github-actions in #1682
• Update help text for Powershell command shmId andsreId arguments by @craddm in #1683
• Update contributors by @JimMadge in #1684
• Document removal of persistent SRE storage accounts by @craddm in #1685
• docs: update @helendduncan as a contributor by @JimMadge in #1686
• Update PyPI and CRAN allow lists by @github-actions in #1688
• Update SRD package versions by @github-actions in #1692
• Update PyPI and CRAN allow lists by @github-actions in #1693
• Update PyPI and CRAN allow lists by @github-actions in #1694
• Update DBeaver drivers using Github workflow by @craddm in #1696
• Update SRD package versions by @github-actions in #1698
• Bump jinja2 from 3.1.2 to 3.1.3 in /docs by @dependabot in #1700
• Update SRD package versions by @github-actions in #1701
• Update PyPI and CRAN allow lists by @github-actions in #1702
• Update PyPI and CRAN allow lists by @github-actions in #1703
• Handle no selected context by @JimMadge in #1691
• Add basic config commands by @JimMadge in #1674
• Fixing DBeaver driver issues on T2+ SREs by @craddm in #1704
• Use Pydantic for validation and serialisation by @JimMadge in #1661
• Improve handling of spaces in file paths by @craddm in #1705
• Update PyPI and CRAN allow lists by @github-actions in #1706
• Create pulumi container by @jemrobinson in #1711
• Fix private link scope by @jemrobinson in #1713
• Improve handling of SRE names by @JimMadge in #1699
• Apply changes from updated black version by @jemrobinson in #1718
• Bump black version by @JimMadge in #1719
• Fix some issues with context handling at deployment time by @jemrobinson in #1716
• Update SRD package versions by @github-actions in #1723
• Correct file path for clamonacc service by @craddm in #1725
• Add additional multiple data provider guidance to docs by @craddm in #1707
• Update SRD package versions by @github-actions in #1727
• Fix PostgreSQL permiss...

Release 4.2.2 (2024-07-15)

⚠️ Update Requires Manual Intervention ⚠️

If you are using a 4.2.x SHM and want to upgrade to 4.2.2, please follow the steps below:

For the SHM:

1. Add a docker section to your SHM config with a username and personal access token (following the SHM deployment instructions)
2. Re-run Setup_SHM_Networking.ps1 -shmId {shm} from deployment/safe_haven_management/setup

For any SRE that you deployed using an earlier 4.2.x version:

1. Delete the GUACAMOLE-SRE-{sreId} VM and associated resources from the
   RG_SHM_{shmId}_SRE_{sreId}_REMOTE_DESKTOP resource group
2. Re-run the deployment script Deploy_SRE.ps1 -shmId {shm} -sreId {sre} -VmSizes {as before} from deployment/secure_research_environment/setup

Known issues

• As for 4.2.0, 4.2.1

Bug Fixes

• Workaround for an issue where Let's Encrypt refused to provide certificates for uppercase FQDNs #1938
• Fix for change in Azure supported public IP address SKU for VPNs, which prevented deployment of the virtual network gateway for accessing domain controllers #1947
• Require supply of Docker Hub credentials to work round change in Docker download rate limits #1994
• Update approved IP address list for Ubuntu apt repositories
• Update to backup policy rules for Blob storage #1988

Full Changelog: v4.2.1...v4.2.2

Release 4.2.1 (2024-05-31)

⚠️ Update Requires Manual Intervention ⚠️

If you are using a 4.2.0 SHM and want to upgrade to 4.2.1, please follow the steps below:

1. Delete the GUACAMOLE-SRE-{sreId} VM and associated resources from the RG_SHM_{shmId}_SRE_{sreId}_REMOTE_DESKTOP resource group
2. Re-run the deployment script Deploy_SRE.ps1 -shmId {shm} -sreId {sre} -VmSizes {as before} from deployment/secure_research_environment/setup

Known issues

• As for 4.2.0

Bug Fixes

• Update Guacamole to 1.5.5 to avoid this known bug

Full Changelog: v4.2.0...v4.2.1