Release 5.0.0 (2024-08-20)

Upgrading

This is a major release and it not compatible with any previous versions.
To use this version you must start a new TRE deployment.

Changes

• Complete rewrite of code in Python using IAC and configuration management tools Pulumi and Ansible

What's Changed

• Release v4.0.1 candidate by @jemrobinson in #1324
• Proof-of-concept migration to Pulumi for deployment by @jemrobinson in #1316
• Release v4.0.2 candidate by @jemrobinson in #1353
• Release v4.0.3 candidate by @jemrobinson in #1365
• Add instructions for installing documentation build dependencies by @JimMadge in #1370
• Update docs with how to resize VMs by @edwardchalstrey1 in #1367
• Update Badges by @JimMadge in #1371
• Update Powershell module requirements by @craddm in #1368
• Allow -UseDeviceAuthentication switch in Deploy_SHM.ps1 by @craddm in #1378
• Prevent removal of backup data during dry run by @JimMadge in #1383
• Pulumi: Fix user list retrieval by @craddm in #1386
• Policy for software package requests by @jemrobinson in #1387
• Add firewall to Pulumi by @jemrobinson in #1375
• Add arrow CRAN package to Tier 3 allowlist by @craddm in #1391
• ⬆️ Update caching in allowlists workflow by @jemrobinson in #1395
• Update user management guide to explain adding users to security group and changing a phone number by @edwardchalstrey1 in #1389
• Add Python type-hinting throughout Pulumi codebase by @jemrobinson in #1390
• Add instructions for GPU VM resizing by @edwardchalstrey1 in #1399
• Simplify Pulumi secret handling by @jemrobinson in #1400
• Add separate docs section GPU VMs and specify NVIDIA required by @edwardchalstrey1 in #1406
• Add Linux update server proxy by @jemrobinson in #1404
• Remove reference to unused System Administrators Security Group by @edwardchalstrey1 in #1407
• Add automated updates to Pulumi by @jemrobinson in #1412
• Refactor SRD creation by @jemrobinson in #1416
• Add SHM bastion by @jemrobinson in #1417
• Fix allowlist generation by @jemrobinson in #1422
• Update SRD image by @jemrobinson in #1421
• Fix incorrect logic around automated PR creation by @jemrobinson in #1426
• Update PyPI and CRAN allow lists by @github-actions in #1425
• Add new servicebus endpoints for self-service password reset by @edwardchalstrey1 in #1423
• Update PyPI and CRAN allow lists by @github-actions in #1428
• Update PyPI and CRAN allow lists by @github-actions in #1429
• Remove egress steps not carried out by System Manager by @edwardchalstrey1 in #1434
• Update SRE user troubleshooting by @edwardchalstrey1 in #1435
• Update SRD package versions by @github-actions in #1433
• Update PyPI and CRAN allow lists by @github-actions in #1437
• Update SRD package versions by @github-actions in #1440
• Add RPostgreSQL to t3 extra cran allowlist by @edwardchalstrey1 in #1441
• Revert "Add RPostgreSQL to t3 extra cran allowlist" by @JimMadge in #1442
• Better package name matching for Nexus by @craddm in #1447
• Update PyPI and CRAN allow lists by @github-actions in #1454
• Update PyPI and CRAN allow lists by @github-actions in #1456
• Update SRD package versions by @github-actions in #1460
• Update VM resizing note to suggest stopping the VM before increasing the quota by @edwardchalstrey1 in #1408
• Add data preparation guidance (including data integrity) by @JimMadge in #1459
• Migrate docs to readthedocs.io by @JimMadge in #1453
• Create users with no password expiry on AD by @craddm in #1461
• Modify location of requirements.txt in Dockerfile by @craddm in #1464
• Merge documentation changes into release branch by @JimMadge in #1468
• cherrypick devcontainer fix to release branch by @JimMadge in #1469
• Update servicebus endpoints used for self-service password reset by @jemrobinson in #1466
• Correct path to Scriberia cartoon in README.md by @JimMadge in #1475
• Replace deprecated Set-AzDiagnosticSetting by @jemrobinson in #1470
• Update PyPI and CRAN allow lists by @github-actions in #1477
• Correct link on citation badge by @JimMadge in #1474
• Add CODEOWNERS for docs by @jemrobinson in #1478
• Update documentation dependencies by @JimMadge in #1476
• Enable pdf and html downloads on readthedocs by @JimMadge in #1462
• Update SRD package versions by @github-actions in #1482
• Updating SSL certificate doc + gitignore change + undo duplication of docs building by @edwardchalstrey1 in #1432
• Mount data and user directories in SRD by @jemrobinson in #1480
• Change servicebus firewall rule by @craddm in #1485
• Folder typo for SHM deployment by @edwardchalstrey1 in #1488
• Update SRD package versions by @github-actions in #1489
• Force az login before reading Pulumi encryption key by @jemrobinson in #1490
• Clarify PR template by @jemrobinson in #1491
• Offline linkcheck by @JimMadge in #1486
• Pulumi: Add Git and Markdown servers by @jemrobinson in #1492
• Fixing the build warnings for documentation by @craddm in #1483
• Add Nexus repositories by @jemrobinson in #1499
• Pin container images by @JimMadge in #1501
• Automate user synchronisation by @jemrobinson in #1500
• Switch CLI interface to Typer by @jemrobinson in #1502
• Refactor config files by @jemrobinson in #1510
• Add portal.azure.com to lychee ignore list by @JimMadge in #1520
• Bump certifi from 2023.5.7 to 2023.7.22 in /docs by @dependabot in #1517
• Change allowed FQDN for ADConnect endpoints by @craddm in #1505
• Fix for Powershell package expansion script by @jemrobinson in #1521
• Update PyPI and CRAN allow lists by @github-actions in #1522
• Fix update package versions by @jemrobinson in #1523
• Update SRD package versions by @github-actions in #1524
• Update release 4.0.4 by @jemrobinson in #1519
• Pulumi: Migrate pyproject to PyPA standard and hatch by @JimMadge in #1506
• Improve Pulumi Logger behaviour by @jemrobinson in #1526
• Add type checking by @jemrobinson in #1527
• Update typer hierarchy by @jemrobinson in #1530
• Update SRD package versions by @github-actions in #1528
• Rename SRD to workspace by @jemrobinson in #1532
• Fix typing of external APIs by @jemrobinson in #1533
• Use pip-compile for package resolution by @jemrobinson in #1514
• Disable logging from Pulumi dynamic components by @jemrobinson in #1534
• Update Pulumi resource ordering by @jemrobinson in #1536
• Add pip-tools to NON_IMPORTABLE_PACKAGES by @edwardchalstrey1 in #1537
• Update deprecation warning for MS RDS by @craddm in #1542
• Release checklist GH issue template by @edwardchalstrey1 in #1543
• Add May 2023 DSG to versioning by @jemrobinson in #1545
• Add explanation of how to change allowed inbound IP addresses by @craddm in #1484
• Update SRD package versions by @github-actions in #1547
• Pulumi: add backup by @jemrobinson in #1546
• Release v4.1.0 cloud init changes by @edwardchalstrey1 in #1548
• Pulumi auto-update of Docker images by @jemrobinson in #1552
• Update Pulumi Docker images by @github-actions in #1553
• Remove MS Remote Desktop support by @craddm in #1535
• Update SRE networking by @jemrobinson in #1555
• Update Pulumi Docker images by @github-actions in #1559
• Add SRE routing by @jemrobinson in #1560
• Update Pulumi Docker images by @github-actions in #1562
• Update PyPI and CRAN allow lists by @github-actions in #1563
• Drop custom Pulumi whoami by @jemrobinson in #1564
• Update Pulumi Docker images by @github-actions in #1565
• Pulumi: Lazy load Guacamole users when performing admin tasks by @jemrobinson in #1568
• Pulumi: Allow only specified user IP addresses by @jemrobinson in #1572
• Pulumi: deployment fixes by @jemrobinson in #1577
• Pulumi: Improve SSL labs score by @jemrobinson in #1576
• Update SRD package versions by @github-actions in #1578
• Improve exception message tracking by @jemrobinson in #1583
• Update PyPI and CRAN allow lists by @github-actions in #1579
• Fix deployment issues with MSSQL and PyPi mirrors by @craddm in #1582
• Pulumi: SRE DNS filtering by @jemrobinson in #1566
• Update PyPI and CRAN allow lists by @github-actions in #1588
• Update SRD package versions by @github-actions in #1587
• Updates for Release v4.1.0 by @craddm in #1590
• Release v4.1.0 by @craddm in #1586
• Remove CoCalc by @craddm in #1554
• Merge 'latest' into 'develop' by @craddm in #1593
• Add script to automate account deletion by @edwardchalstrey1 in #1508
• Add @craddm to CODEOWNERS by @jemrobinson in #1594
• Update PyPI and CRAN allow lists by @github-actions in #1595
• Remove pulumi testing files from develop branch by @craddm in #1597
• Reorganise Pulumi folder by @jemrobinson in #1599
• Fix Nexus issues by @jemrobinson in #1604
• Pulumi: Add update AAD sync script by @jemrobinson in #1605
• Package fixes for testing database functionality by @jemrobinson in #1606
• Update PyPI and CRAN allow lists by @github-actions in #1601
• Allow az credential to get tokens for any tenant by @JimMadge in #1610
• Add timeout for guac postgres queries by @craddm in #1608
• Update SRD package versions by @github-actions in #1616
• Pulumi: Add smoke tests by @jemrobinson in #1614
• Move pulumi stack working directory initialisation by @JimMadge in #1618
• Update SRD package versions by @github-actions in #1622
• Bump urllib3 from 2.0.2 to 2.0.6 in /docs by @dependabot in #1625
• Improve Pulumi error messages by @craddm in #1624
• Update PyPI and CRAN allow lists by @github-actions in #1627
• Update PyPI and CRAN allow lists by @github-actions in #1631
• Update SRD package versions by @github-actions in #1630
• Improve Python documentation by @jemrobinson in #1635
• Use Pulumi random provider by @jemrobinson in #1629
• Pulumi: Fix selectors not updating by @JimMadge in #1621
• Bump urllib3 from 2.0.6 to 2.0.7 in /docs by @dependabot in #1647
• Remove hyphens from SHM and SRE names by @craddm in #1650
• Update PyPI and CRAN allow lists by @github-actions in #1646
• Update SRD package versions by @github-actions in #1652
• Pulumi: Improve login flow by @JimMadge in #1617
• Update PyPI and CRAN allow lists by @github-actions in #1654
• Add all contributors table and instructions for how to update by @edwardchalstrey1 in #1649
• Update PyPI and CRAN allow lists by @github-actions in #1656
• Update PyPI and CRAN allow lists by @github-actions in #1668
• Update SRD package versions by @github-actions in #1669
• Update devcontainer configuration by @craddm in #1662
• Update outdated parameters that cause breaking change warnings by @craddm in #1663
• Change default lun from lun1 to lun0 by @craddm in #1667
• Add context command by @JimMadge in #1655
• Pulumi: Update dependencies, enable pinning by @JimMadge in #1660
• Remove unneeded opening bracket in SRE network configuration script by @craddm in #1670
• Update PyPI and CRAN allow lists by @github-actions in #1671
• Use memory for the /tmp directory by @craddm in #1672
• Factor out storage creation from SHM scripts by @craddm in #1673
• Add missing import for logging module by @JimMadge in #1681
• Update PyPI and CRAN allow lists by @github-actions in #1682
• Update help text for Powershell command shmId andsreId arguments by @craddm in #1683
• Update contributors by @JimMadge in #1684
• Document removal of persistent SRE storage accounts by @craddm in #1685
• docs: update @helendduncan as a contributor by @JimMadge in #1686
• Update PyPI and CRAN allow lists by @github-actions in #1688
• Update SRD package versions by @github-actions in #1692
• Update PyPI and CRAN allow lists by @github-actions in #1693
• Update PyPI and CRAN allow lists by @github-actions in #1694
• Update DBeaver drivers using Github workflow by @craddm in #1696
• Update SRD package versions by @github-actions in #1698
• Bump jinja2 from 3.1.2 to 3.1.3 in /docs by @dependabot in #1700
• Update SRD package versions by @github-actions in #1701
• Update PyPI and CRAN allow lists by @github-actions in #1702
• Update PyPI and CRAN allow lists by @github-actions in #1703
• Handle no selected context by @JimMadge in #1691
• Add basic config commands by @JimMadge in #1674
• Fixing DBeaver driver issues on T2+ SREs by @craddm in #1704
• Use Pydantic for validation and serialisation by @JimMadge in #1661
• Improve handling of spaces in file paths by @craddm in #1705
• Update PyPI and CRAN allow lists by @github-actions in #1706
• Create pulumi container by @jemrobinson in #1711
• Fix private link scope by @jemrobinson in #1713
• Improve handling of SRE names by @JimMadge in #1699
• Apply changes from updated black version by @jemrobinson in #1718
• Bump black version by @JimMadge in #1719
• Fix some issues with context handling at deployment time by @jemrobinson in #1716
• Update SRD package versions by @github-actions in #1723
• Correct file path for clamonacc service by @craddm in #1725
• Add additional multiple data provider guidance to docs by @craddm in #1707
• Update SRD package versions by @github-actions in #1727
• Fix PostgreSQL permissions and data schema, and relevant docs by @craddm in #1708
• Update to Ruff v0.2 by @jemrobinson in #1731
• Minor DSC fixes by @jemrobinson in #1729
• Update SRD package versions by @github-actions in #1728
• Drop deprecated NetworkProfile option for ContainerGroups by @jemrobinson in #1734
• Increase apt proxy server disk to 64 Gb by @craddm in #1726
• Upgrade to PostgreSQL flexible server by @jemrobinson in #1735
• Use built-in Pulumi bcrypt by @jemrobinson in #1740
• Remove omsagent from build image by @craddm in #1732
• Add links to guides for terminal, Xfce, and Guacamole by @craddm in #1737
• Update software on guacamole server by @craddm in #1741
• Update PyPI and CRAN allow lists by @github-actions in #1742
• Update Nexus proxy server for T2/T3 package access by @craddm in #1744
• Update CodiMD server version by @craddm in #1743
• Update SRD package versions by @github-actions in #1746
• Install dev dependencies in container by @JimMadge in #1747
• Update PyPI and CRAN allow lists by @github-actions in #1748
• Add guidance on resizing NFS shares by @JimMadge in #1749
• Update documents to reflect change to Microsoft Entra ID by @craddm in #1665
• Improve hardcoded domains and IP addresses by @JimMadge in #1745
• Add script to renew NFS share Stored Access Policies by @JimMadge in #1739
• Update SRD package versions by @github-actions in #1750
• Update SRD package versions by @github-actions in #1758
• Update PyPI and CRAN allow lists by @github-actions in #1760
• Add Roadmap by @JimMadge in #1757
• Update PyPI and CRAN allow lists by @github-actions in #1761
• Updates from pen test by @JimMadge in #1763
• Restructure processes section of docs by @JimMadge in #1766
• Release v4.2.0 by @JimMadge in #1754
• Merge v4.2.0 into develop by @JimMadge in #1767
• Update PyPI and CRAN allow lists by @github-actions in #1769
• Merge develop into python-migration by @jemrobinson in #1768
• Minor Pulumi deployment fixes by @jemrobinson in #1765
• Update PyPI and CRAN allow lists by @github-actions in #1770
• Migrate deployment code to Python/Pulumi by @jemrobinson in #1773
• Bump cryptography from 41.0.7 to 42.0.4 by @dependabot in #1774
• Fix Docker versions script by @jemrobinson in #1775
• Remove pwsh by @JimMadge in #1752
• Remove remaining pwsh things by @JimMadge in #1779
• Bump idna from 3.4 to 3.7 in /docs by @dependabot in #1785
• Bump idna from 3.6 to 3.7 by @dependabot in #1786
• Add AzureAD/EntraID functionality by @jemrobinson in #1778
• Add dependabot configuration by @JimMadge in #1787
• Update firewall rules to parity with 4.2.0 by @craddm in #1781
• Change AllowExternalAzureAutomationOperations to a network rule by @jemrobinson in #1804
• Bump actions/setup-python from 4 to 5 by @dependabot in #1798
• Bump peter-evans/create-pull-request from 4.2.4 to 6.0.3 by @dependabot in #1796
• Bump actions/cache from 3 to 4 by @dependabot in #1793
• Bump lycheeverse/lychee-action from 1.7.0 to 1.9.3 by @dependabot in #1791
• Update docs by @JimMadge in #1806
• Bump myst-parser from 1.0.0 to 2.0.0 in /docs by @dependabot in #1800
• Update dependabot config by @JimMadge in #1803
• Bump karancode/yamllint-github-action from 2.0.0 to 2.1.1 by @dependabot in #1790
• Bump actions/checkout from 2 to 4 by @dependabot in #1808
• Correct Python version by @JimMadge in #1811
• Add UniqueList annotated type by @JimMadge in #1815
• Use Apricot for authentication/identity by @jemrobinson in #1772
• Fix Docker image updater action by @jemrobinson in #1822
• Update Pulumi Docker images by @github-actions in #1825
• Remove SHM DC by @jemrobinson in #1805
• Add local DNS for SRE identity server by @jemrobinson in #1821
• Create Enum for ports by @JimMadge in #1819
• Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 by @dependabot in #1829
• Fix dependabot by @jemrobinson in #1827
• Update Python dependencies by @github-actions in #1831
• Update Dockerfile and devcontainer for pulumi/python by @craddm in #1834
• Update Python dependencies by @github-actions in #1842
• ⬆️ Bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 by @dependabot in #1843
• ⬆️ Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 by @dependabot in #1844
• Run tests and linting on all PRs by @JimMadge in #1845
• Separate config classes by @jemrobinson in #1840
• Pulumi storage fixes, including adding encryption key by @craddm in #1839
• Move pulumi context settings and persistent data by @JimMadge in #1820
• File structuring by @jemrobinson in #1848
• Break circular dependency in Context by @jemrobinson in #1853
• Move update servers to SRE by @jemrobinson in #1847
• Update Python dependencies by @github-actions in #1861
• Add warning messages to automatic PRs by @jemrobinson in #1863
• Simplify SREProvisioningManager by @jemrobinson in #1858
• Remove unused SHM data component by @jemrobinson in #1860
• Add test for help function by @jemrobinson in #1855
• Fix identity server deployment by @jemrobinson in #1865
• Basic deployment docs by @jemrobinson in #1867
• Lint caddyfiles by @jemrobinson in #1856
• Use Entra ID throughout by @jemrobinson in #1869
• Move encrypted_key to DSHPulumiConfig by @JimMadge in #1854
• Add option to run tests with code coverage by @craddm in #1866
• Run coverage on PRs from forks by @jemrobinson in #1875
• Update coverage workflow trigger by @jemrobinson in #1876
• Use workflow structure suggested by py-cov-action by @jemrobinson in #1877
• Restructure commands by @JimMadge in #1870
• Remove unused components by @jemrobinson in #1874
• Update docs for commands restructure by @JimMadge in #1880
• ⬆️ Update Python dependencies by @github-actions in #1884
• Fix inconsistent firewall rules by @jemrobinson in #1883
• Protect against configuration changes by @JimMadge in #1881
• Update GitHub templates by @jemrobinson in #1887
• Move SHM firewall to SRE by @jemrobinson in #1872
• Regular maintenance updates for Linux VMs by @craddm in #1885
• Arbitrary pulumi commands by @JimMadge in #1888
• Update labels in GitHub templates by @jemrobinson in #1901
• ⬆️ Update Python dependencies by @github-actions in #1906
• Don't generate coverage for tests by @JimMadge in #1907
• Add pulumi tests by @jemrobinson in #1894
• ⬆️ Bump requests from 2.31.0 to 2.32.0 in /docs by @dependabot in #1910
• ⬆️ Bump requests from 2.31.0 to 2.32.0 by @dependabot in #1912
• Remove Azure Automation from SHM by @jemrobinson in #1911
• Enable Azure api tests by @JimMadge in #1913
• Fix next_occurrence function by @jemrobinson in #1893
• ⬆️ Update Python dependencies by @github-actions in #1918
• Suppress warnings in config template by @JimMadge in #1920
• Validate SHM/SRE for user commands by @JimMadge in #1921
• Clarify context add subscription argument by @JimMadge in #1919
• Release v4.2.1 by @jemrobinson in #1915
• ⬆️ Update Python dependencies by @github-actions in #1925
• Merge v4.2.1 changes into develop by @jemrobinson in #1924
• Add action to update RTD docs by @JimMadge in #1927
• ⬆️ Update Pulumi Docker images by @github-actions in #1929
• Add more informative error messages to context commands by @craddm in #1916
• Move log analytics to SRE by @jemrobinson in #1928
• ⬆️ Update Python dependencies by @github-actions in #1934
• ⬆️ Update Pulumi Docker images by @github-actions in #1933
• Bump azure-identity from 1.16.0 to 1.16.1 by @dependabot in #1935
• Remove SRE index by @jemrobinson in #1930
• ⬆️ Update Python dependencies by @github-actions in #1937
• docs: add @J0shev as a contributor by @JimMadge in #1941
• Logging by @JimMadge in #1936
• Remove broken link to git cheat sheet by @JimMadge in #1949
• Reduce number of files opened during testing by @jemrobinson in #1951
• ⬆️ Bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #1940
• Fix SSL certificate error by @jemrobinson in #1939
• Separate SHM and SRE configs by @jemrobinson in #1943
• Add console module by @JimMadge in #1948
• ⬆️ Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 by @dependabot in #1959
• ⬆️ Update Python dependencies by @github-actions in #1958
• Correct test file name by @JimMadge in #1960
• Adjust Pulumi message logging by @JimMadge in #1957
• Fix for multiline errors when writing to log files by @jemrobinson in #1953
• Change package version specifiers to be lower limits by @jemrobinson in #1964
• Change public IP address SKU from basic to standard by @craddm in #1966
• Updating user guidance on shared drives by @dsj976 in #1967
• docs: add @dsj976 as a contributor by @JimMadge in #1968
• Add comments/docstrings to exceptions by @craddm in #1873
• Merge SHM and context resource deployment by @jemrobinson in #1963
• Remove unused code by @jemrobinson in #1970
• Update Ubuntu VM images by @craddm in #1909
• Fix EntraApplication resource issues by @jemrobinson in #1975
• Add new priority for workspace denied by @JimMadge in #1974
• ⬆️ Update Python dependencies by @github-actions in #1979
• Fix rogue highlighting by @jemrobinson in #1985
• Fix certificate teardown failure by @jemrobinson in #1983
• Add 'force' option to SRE teardown by @jemrobinson in #1982
• Stop deployment from non-approved IP addresses by @jemrobinson in #1977
• Add abc decorators to DshResourceProvider by @jemrobinson in #1981
• ⬆️ Update Pulumi Docker images by @github-actions in #1990
• Ensure blob backup storage policy uses OperationalStore by @craddm in #1988
• Fix tests with IP check by @JimMadge in #1992
• ⬆️ Update Python dependencies by @github-actions in #1991
• Update link in docs for VPN instructions by @craddm in #1993
• Ensure that Entra applications get deleted at teardown by @jemrobinson in #2003
• Update project roadmap by @JimMadge in #2005
• Use DockerHub credentials by @jemrobinson in #2007
• Refactor Azure authentication classes by @jemrobinson in #2002
• ⬆️ Update Python dependencies by @github-actions in #2013
• ⬆️ Update Pulumi Docker images by @github-actions in #2012
• Docker hotfix by @craddm in #2004
• Ensure that Pulumi encryption key is created during SHM deployment by @jemrobinson in #2011
• Clean Pulumi state during cleanup by @jemrobinson in #2009
• Fix AzureSdk call by @jemrobinson in #2015
• Release v4.2.2 by @jemrobinson in #1955
• Merge v4.2.2 changes into develop by @jemrobinson in #2016
• Add location specifiers to network resources by @jemrobinson in #2023
• SRE deployment fixes by @jemrobinson in #2026
• Exclude doi.org from lychee link check by @JimMadge in #2030
• ⬆️ Update Python dependencies by @github-actions in #2029
• Allow unencrypted storage for Azure credential tokens by @craddm in #2032
• User register docs by @JimMadge in #2031
• Better logging during SRE provisioning by @jemrobinson in #2033
• Stop unnecessary resource recreation by @jemrobinson in #2034
• Add workspace packages by @JimMadge in #1892
• Suppress logging from AzureSdk and GraphApi in Pulumi dynamic components by @jemrobinson in #2018
• Purge Key Vault during SRE teardown by @jemrobinson in #2017
• Use a single resource group for all SRE resources by @jemrobinson in #2014
• Add polkit rule to allow colord by @JimMadge in #2048
• Fix Ansible lint warning by @JimMadge in #2047
• Add auditd configuration by @JimMadge in #2024
• Fix construction of apt package lists by @JimMadge in #2052
• Add Entra documentation by @jemrobinson in #2039
• Fix smoke tests by @JimMadge in #2050
• ⬆️ Update Python dependencies by @github-actions in #2058
• ⬆️ Update Pulumi Docker images by @github-actions in #2057
• Fix teardown --force by @jemrobinson in #2060
• Fix shared Entra directory by @jemrobinson in #2054
• Postgres database component fixes by @JimMadge in #2059
• Improve config error messages by @craddm in #2020
• Fix context commands by @jemrobinson in #2065
• Improve credential logging and choice by @jemrobinson in #2064
• Update resource tags by @jemrobinson in #2073
• Miscellaneous fixes from TRESA testing by @jemrobinson in #2068
• Fix IP address in list by @jemrobinson in #2076
• ⬆️ Update Python dependencies by @github-actions in #2081
• ⬆️ Update Pulumi Docker images by @github-actions in #2080
• Fix check for storage account names by @jemrobinson in #2079
• Add required PAM rule after pam_systemd.so by @JimMadge in #2074
• Move entra documentation by @jemrobinson in #2083
• Configure Clam AV by @JimMadge in #2021
• Fix or remove legacy workflows by @JimMadge in #2085
• Catch exception when not logged into az cli during SHM deploy by @jemrobinson in #2091
• Silence apt-news and esm-cache services by @jemrobinson in #2090
• Customise xrdp by @jemrobinson in #2088
• Add RStudio by @jemrobinson in #2093
• Use ubuntu-drivers to install Nvidia drivers by @JimMadge in #2089
• Set xfce4 defaults by @jemrobinson in #2098
• Add validator for IP overlap by @JimMadge in #2087
• Merge v4.2.2 from 'latest' into 'release-v5.0.0' by @jemrobinson in #2109
• Fix clamonacc service timeout by @JimMadge in #2108
• Add application icons by @jemrobinson in #2103
• Improve VM SKU documentation and errors by @jemrobinson in #2111
• Fix pulumi colours by @jemrobinson in #2113
• ⬆️ Update Python dependencies by @jemrobinson in #2119
• Remove notify to non-existent handler by @JimMadge in #2122
• Ansible: create icons directory by @jemrobinson in #2121
• Fix Python and R repository smoke tests by @craddm in #2114
• Add document section for fixing backups after SRE deployment by @craddm in #2127
• Disable light locker by @JimMadge in #2126
• Fix database password escaping by @jemrobinson in #2125
• Update user guide by @jemrobinson in #2130
• Disable xfce4 screensaver rather than light-locker (add user docs) by @JimMadge in #2128
• Fixes for AzureSdk blob handling by @jemrobinson in #2132
• Mandate minimum TLS version of 1.2 for all storage accounts by @craddm in #2133
• Improve application gateway security by @jemrobinson in #2138
• Update Nexus Allowlist container images by @JimMadge in #2116
• Reduce application gateway costs by @jemrobinson in #2140
• Reduce storage costs by @jemrobinson in #2136
• List of SRE configs available in the current context by @craddm in #2129
• Catch Graph API timeout exception by @jemrobinson in #2142
• Add --tier option to provide default settings by @jemrobinson in #2143
• Fix Guacamole copy/paste configuration by @JimMadge in #2149
• Add security checklist by @JimMadge in #2141
• Update allowed authentication methods by @jemrobinson in #2147

New Contributors

• @dependabot made their first contribution in #1517
• @dsj976 made their first contribution in #1967

Full Changelog: v4.2.2...v5.0.0