From 0732980fc2df584d05975da35c0f47f543a4cbf5 Mon Sep 17 00:00:00 2001
From: Colin Saliceti <colin.saliceti@ukdevops.co.uk>
Date: Fri, 20 Sep 2024 11:08:42 +0100
Subject: [PATCH 1/2] Remove NET_BIND_SERVICE container capability

Increase security by preventing processes inside the container from
opening connections on privileged ports (0-1024).
All applications running on AKS run on unprivileged ports.
---
 aks/application/resources.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/aks/application/resources.tf b/aks/application/resources.tf
index 2b29db9..994c8b7 100644
--- a/aks/application/resources.tf
+++ b/aks/application/resources.tf
@@ -179,7 +179,6 @@ resource "kubernetes_deployment" "main" {
 
             capabilities {
               drop = ["ALL"]
-              add  = ["NET_BIND_SERVICE"]
             }
           }
         }

From 681ee1c3a29279555db8d16f39c82922a8280c09 Mon Sep 17 00:00:00 2001
From: Colin Saliceti <colin.saliceti@ukdevops.co.uk>
Date: Fri, 20 Sep 2024 11:24:35 +0100
Subject: [PATCH 2/2] Pin terraform-docs action to 1.2.2

The 1.3.0 version fails with error:
Error: Uncommitted change(s) has been found!
---
 .github/workflows/lint.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index a618e28..f447220 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -7,10 +7,10 @@ jobs:
     name: Terraform Format
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: "1.4.5"
+          terraform_version: "1.9.5"
       - name: Check formatting
         run: terraform fmt -recursive -check
 
@@ -18,8 +18,8 @@ jobs:
     name: Terraform Docs
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: terraform-docs/gh-actions@main
+      - uses: actions/checkout@v4
+      - uses: terraform-docs/gh-actions@v1.2.2
         with:
           find-dir: .
           fail-on-diff: true
@@ -34,6 +34,6 @@ jobs:
     name: YAML
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Check formatting
         uses: karancode/yamllint-github-action@v2.1.1