From 173e72cc72a492b065176a3122b41bd97cb86c28 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 19 Sep 2022 13:05:21 +0200 Subject: [PATCH 01/85] linter --- .github/workflows/linter.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 683f0e1c4a..af409cf677 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -27,3 +27,11 @@ jobs: DEFAULT_BRANCH: ${{ github.base_ref }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FILTER_REGEX_EXCLUDE: '[module.tests.ps1|Get\-ModulesAsMarkdownTable.ps1|.*yml]' + + # Analyze repository with PSRule + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + with: + modules: PSRule.Rules.Azure + baseline: Azure.Default From dc031fc9ca39380a47d875aea890bf85475e5bfe Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 19 Sep 2022 14:58:15 +0200 Subject: [PATCH 02/85] exclude parameters --- ps-rule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index 0e744129d9..2b4b323671 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -41,7 +41,7 @@ input: configuration: # Enable automatic expansion of Azure parameter files. - AZURE_PARAMETER_FILE_EXPANSION: true + # AZURE_PARAMETER_FILE_EXPANSION: true # Enable automatic expansion of Azure Bicep source files. AZURE_BICEP_FILE_EXPANSION: true From 9a0a600b6b7811cb3e69694e83281db0201ab17e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 19 Sep 2022 18:26:44 +0200 Subject: [PATCH 03/85] pathIgnore --- ps-rule.yaml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index a56f01414c..92357e437d 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -30,14 +30,21 @@ output: input: pathIgnore: # Ignore other files in the repository. - - '.vscode/' - - '.github/' - - '*.md' + # - '.azuredevops/' + # - '.github/' + # - '.vscode/' + # - 'constructs/' + # - 'docs/' + # - 'utilities' + - '**/*' + # - '*.md' + # # - '!**/.tests/*.bicep' + # Exclude modules but not tests. - - 'modules/**/*.bicep' + # - 'modules/**/*.bicep' - '!modules/**/*.test.bicep' - - 'modules/**/*version.json' + # - 'modules/**/*version.json' configuration: # Enable automatic expansion of Azure parameter files. From 855f16172ecf8710f4113450a444b7886c2e0359 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 10:55:33 +0200 Subject: [PATCH 04/85] clean up token replacement --- .../workflows/ms.resources.resourcegroups.yml | 182 +++++++++--------- 1 file changed, 91 insertions(+), 91 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index dd79505e8e..ca5e073009 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -91,19 +91,17 @@ jobs: matrix: moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - - name: Checkout uses: actions/checkout@v3 - name: Set environment variables uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: Azure Login - uses: Azure/login@v1 - with: - creds: ${{ env.AZURE_CREDENTIALS }} - enable-AzPSSession: true - + # - name: Azure Login + # uses: Azure/login@v1 + # with: + # creds: ${{ env.AZURE_CREDENTIALS }} + # enable-AzPSSession: true # [Token replacement] task(s) # --------------------------- - name: 'Replace tokens in template file' @@ -112,8 +110,8 @@ jobs: azPSVersion: 'latest' inlineScript: | $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - $parameterFilePath = "" - $customParameterFileTokens = "" + # # $parameterFilePath = "" + # # $customParameterFileTokens = "" # Grouping task logs Write-Output '::group::Replace tokens in template file' @@ -121,22 +119,23 @@ jobs: . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') # Get target files - $targetFileList = @($templateFilePath) - if(-not [String]::IsNullOrEmpty($parameterFilePath)) { - $targetFileList += $parameterFilePath - } + # # $targetFileList = @($templateFilePath) + # # if(-not [String]::IsNullOrEmpty($parameterFilePath)) { + # # $targetFileList += $parameterFilePath + # # } - # Get Service Principal Object ID - $context = Get-AzContext - Write-Output 'Checking context' - $context - $servicePrincipalAppId = $context.Account.Id - $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId - $servicePrincipalObjectId = $servicePrincipal.Id + # # Get Service Principal Object ID + # $context = Get-AzContext + # Write-Output 'Checking context' + # $context + # $servicePrincipalAppId = $context.Account.Id + # $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId + # $servicePrincipalObjectId = $servicePrincipal.Id # Construct Token Function Input $ConvertTokensInputs = @{ - FilePathList = $targetFileList + # # FilePathList = $targetFileList + FilePathList = @($templateFilePath) Tokens = @{} TokenPrefix = '${{ env.tokenPrefix }}' TokenSuffix = '${{ env.tokenSuffix }}' @@ -176,16 +175,16 @@ jobs: # Invoke Token Replacement Functionality [For Module] $null = Convert-TokensInFileList @ConvertTokensInputs - # Get target files for modules dependencies - $DependencyParameterFilePaths = [System.Collections.ArrayList]@() - $DependencyParameterFolders = Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies') -Recurse -Filter 'parameters' -Directory - foreach ($FolderPath in $DependencyParameterFolders.FullName) { - $DependencyParameterFilePaths += Get-ChildItem -Path $FolderPath -Recurse -Filter '*.json' - } - $ConvertTokensInputs.FilePathList = $DependencyParameterFilePaths + # # # Get target files for modules dependencies + # # $DependencyParameterFilePaths = [System.Collections.ArrayList]@() + # # $DependencyParameterFolders = Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies') -Recurse -Filter 'parameters' -Directory + # # foreach ($FolderPath in $DependencyParameterFolders.FullName) { + # # $DependencyParameterFilePaths += Get-ChildItem -Path $FolderPath -Recurse -Filter '*.json' + # # } + # # $ConvertTokensInputs.FilePathList = $DependencyParameterFilePaths - # Invoke Token Replacement Functionality [For Dependencies] - $null = Convert-TokensInFileList @ConvertTokensInputs + # # # Invoke Token Replacement Functionality [For Dependencies] + # # $null = Convert-TokensInFileList @ConvertTokensInputs Write-Output '::endgroup::' @@ -197,65 +196,66 @@ jobs: inputPath: 'modules/Microsoft.Resources/resourceGroups/${{ matrix.moduleTestFilePaths }}' - ############################ - # Deployment validation # - ############################ - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + # ############################ + # # Deployment validation # + # ############################ + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From 81b5a9f872a9896e64df5c0f4526d2780c085187 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 11:44:08 +0200 Subject: [PATCH 05/85] clean up token replacement further --- .github/workflows/ms.resources.resourcegroups.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index ca5e073009..28afe1f969 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -163,12 +163,12 @@ jobs: $ConvertTokensInputs.Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' } - # Add custom tokens (passed in via the pipeline) - if(-not [String]::IsNullOrEmpty($customParameterFileTokens)) { - $customTokens = $customParameterFileTokens| ConvertFrom-Json -AsHashTable - Write-Verbose ('Using custom parameter file tokens [{0}]' -f ($customTokens.Keys -join ', ')) -Verbose - $ConvertTokensInputs.Tokens += $customTokens - } + # # Add custom tokens (passed in via the pipeline) + # if(-not [String]::IsNullOrEmpty($customParameterFileTokens)) { + # $customTokens = $customParameterFileTokens| ConvertFrom-Json -AsHashTable + # Write-Verbose ('Using custom parameter file tokens [{0}]' -f ($customTokens.Keys -join ', ')) -Verbose + # $ConvertTokensInputs.Tokens += $customTokens + # } Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose From 7aa8000c649722bf395596847b01d1d8a976894f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 11:55:09 +0200 Subject: [PATCH 06/85] resize token replacement --- .../workflows/ms.resources.resourcegroups.yml | 55 +++++-------------- 1 file changed, 14 insertions(+), 41 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 28afe1f969..3119d8d7d6 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -110,20 +110,12 @@ jobs: azPSVersion: 'latest' inlineScript: | $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # $parameterFilePath = "" - # # $customParameterFileTokens = "" # Grouping task logs Write-Output '::group::Replace tokens in template file' # Load used functions . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - # Get target files - # # $targetFileList = @($templateFilePath) - # # if(-not [String]::IsNullOrEmpty($parameterFilePath)) { - # # $targetFileList += $parameterFilePath - # # } - # # Get Service Principal Object ID # $context = Get-AzContext # Write-Output 'Checking context' @@ -132,60 +124,41 @@ jobs: # $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId # $servicePrincipalObjectId = $servicePrincipal.Id - # Construct Token Function Input - $ConvertTokensInputs = @{ - # # FilePathList = $targetFileList - FilePathList = @($templateFilePath) - Tokens = @{} - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - # Add enforced tokens - $ConvertTokensInputs.Tokens += @{ + # Polulate tokens + $Tokens = @{ resourceGroupName = '${{ env.resourceGroupName }}' subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' tenantId = '${{ env.ARM_TENANT_ID }}' } - # Add local (source control) tokens + ## Add local (source control) tokens $tokenMap = @{} foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } } Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $ConvertTokensInputs.Tokens += $tokenMap + $Tokens += $tokenMap - # Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($ConvertTokensInputs.Tokens['namePrefix'])){ + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $ConvertTokensInputs.Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' } - # # Add custom tokens (passed in via the pipeline) - # if(-not [String]::IsNullOrEmpty($customParameterFileTokens)) { - # $customTokens = $customParameterFileTokens| ConvertFrom-Json -AsHashTable - # Write-Verbose ('Using custom parameter file tokens [{0}]' -f ($customTokens.Keys -join ', ')) -Verbose - # $ConvertTokensInputs.Tokens += $customTokens - # } + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose # Invoke Token Replacement Functionality [For Module] $null = Convert-TokensInFileList @ConvertTokensInputs - # # # Get target files for modules dependencies - # # $DependencyParameterFilePaths = [System.Collections.ArrayList]@() - # # $DependencyParameterFolders = Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies') -Recurse -Filter 'parameters' -Directory - # # foreach ($FolderPath in $DependencyParameterFolders.FullName) { - # # $DependencyParameterFilePaths += Get-ChildItem -Path $FolderPath -Recurse -Filter '*.json' - # # } - # # $ConvertTokensInputs.FilePathList = $DependencyParameterFilePaths - - # # # Invoke Token Replacement Functionality [For Dependencies] - # # $null = Convert-TokensInFileList @ConvertTokensInputs - Write-Output '::endgroup::' # Run analysis by using the PSRule GitHub action. From 15ceeaa37f87e954d0748439ce72bb03ad71ba42 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:38:46 +0200 Subject: [PATCH 07/85] typo --- .github/workflows/ms.resources.resourcegroups.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 3119d8d7d6..4b9c15d6dd 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -124,7 +124,7 @@ jobs: # $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId # $servicePrincipalObjectId = $servicePrincipal.Id - # Polulate tokens + # Populate tokens $Tokens = @{ resourceGroupName = '${{ env.resourceGroupName }}' subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' From 153fad882e40c8064d5fc6c19b5a25c4d4a735d4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:47:14 +0200 Subject: [PATCH 08/85] modulePath --- .../workflows/ms.resources.resourcegroups.yml | 22 +++---------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 4b9c15d6dd..9714d72c00 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -82,7 +82,7 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule Analyze repository' + name: 'PsRule in-flight validation' runs-on: ubuntu-latest needs: - job_initialize_pipeline @@ -97,13 +97,6 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - # - name: Azure Login - # uses: Azure/login@v1 - # with: - # creds: ${{ env.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # [Token replacement] task(s) - # --------------------------- - name: 'Replace tokens in template file' uses: azure/powershell@v1 with: @@ -116,14 +109,6 @@ jobs: # Load used functions . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - # # Get Service Principal Object ID - # $context = Get-AzContext - # Write-Output 'Checking context' - # $context - # $servicePrincipalAppId = $context.Account.Id - # $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId - # $servicePrincipalObjectId = $servicePrincipal.Id - # Populate tokens $Tokens = @{ resourceGroupName = '${{ env.resourceGroupName }}' @@ -160,14 +145,13 @@ jobs: $null = Convert-TokensInFileList @ConvertTokensInputs Write-Output '::endgroup::' - # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: 'modules/Microsoft.Resources/resourceGroups/${{ matrix.moduleTestFilePaths }}' - + inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' # ############################ # # Deployment validation # From c0ed856f073c0ffd3b5779103529227b372cfd0f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:52:27 +0200 Subject: [PATCH 09/85] job name --- .github/workflows/ms.resources.resourcegroups.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 9714d72c00..8e6e3a73c2 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -82,7 +82,7 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule in-flight validation' + name: 'PsRule inflight validation' runs-on: ubuntu-latest needs: - job_initialize_pipeline From dea25f8088f8bd2ce2cafe4c7d243cb261ffdf4d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:54:24 +0200 Subject: [PATCH 10/85] no psrule --- .../workflows/ms.resources.resourcegroups.yml | 126 +++++++++--------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 8e6e3a73c2..8a396eb1f5 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -81,77 +81,77 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - job_psrule_test: - name: 'PsRule inflight validation' - runs-on: ubuntu-latest - needs: - - job_initialize_pipeline - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' + # job_psrule_test: + # name: 'PsRule inflight validation' + # runs-on: ubuntu-latest + # needs: + # - job_initialize_pipeline + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: Checkout + # uses: actions/checkout@v3 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } + # # Populate tokens + # $Tokens = @{ + # resourceGroupName = '${{ env.resourceGroupName }}' + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = @($templateFilePath) + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs - Write-Output '::endgroup::' - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' + # Write-Output '::endgroup::' + # # Run analysis by using the PSRule GitHub action. + # - name: Run PSRule analysis + # uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # with: + # modules: 'PSRule.Rules.Azure' + # inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' # ############################ # # Deployment validation # From d2a89d85666ad8215ea7f0beea212dd298e1ee21 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:55:56 +0200 Subject: [PATCH 11/85] no psrule step --- .../workflows/ms.resources.resourcegroups.yml | 143 +++++++++--------- 1 file changed, 72 insertions(+), 71 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 8a396eb1f5..274d7753e0 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -81,77 +81,78 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - # job_psrule_test: - # name: 'PsRule inflight validation' - # runs-on: ubuntu-latest - # needs: - # - job_initialize_pipeline - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - # steps: - # - name: Checkout - # uses: actions/checkout@v3 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' - # # Run analysis by using the PSRule GitHub action. - # - name: Run PSRule analysis - # uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # with: - # modules: 'PSRule.Rules.Azure' - # inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' + job_psrule_test: + name: 'PsRule inflight validation' + runs-on: ubuntu-latest + needs: + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # # Run analysis by using the PSRule GitHub action. + # - name: Run PSRule analysis + # uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # with: + # modules: 'PSRule.Rules.Azure' + # inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' # ############################ # # Deployment validation # From 19cfe714f962aefda8918417dc427b1f7f1155e1 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:57:33 +0200 Subject: [PATCH 12/85] fix inputpath --- .github/workflows/ms.resources.resourcegroups.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 274d7753e0..c24891d422 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -146,13 +146,13 @@ jobs: Write-Output '::endgroup::' - # # Run analysis by using the PSRule GitHub action. - # - name: Run PSRule analysis - # uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # with: - # modules: 'PSRule.Rules.Azure' - # inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' + # Run analysis by using the PSRule GitHub action. + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{env.modulePath}}/${{ matrix.moduleTestFilePaths }}' # ############################ # # Deployment validation # From 20e405bea37d67321cac2278189faaacbbd7ca4b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:03:32 +0200 Subject: [PATCH 13/85] comment out continue on error option --- .github/workflows/ms.resources.resourcegroups.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index c24891d422..7d399272ec 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -149,7 +149,7 @@ jobs: # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 - continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' inputPath: '${{env.modulePath}}/${{ matrix.moduleTestFilePaths }}' From 4a07c2a078df3235fa04fc85a1e57e87370c22ba Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:11:13 +0200 Subject: [PATCH 14/85] Align KV --- .github/workflows/ms.keyvault.vaults.yml | 184 ++++++++++++------ .../workflows/ms.resources.resourcegroups.yml | 8 +- 2 files changed, 124 insertions(+), 68 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 535903f37d..4af837dbcb 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -82,8 +82,14 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule Analyze repository' + name: 'PsRule inflight validation' runs-on: ubuntu-latest + needs: + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - name: Checkout uses: actions/checkout@v3 @@ -91,73 +97,123 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 7d399272ec..9f7125e256 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -152,11 +152,11 @@ jobs: # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{env.modulePath}}/${{ matrix.moduleTestFilePaths }}' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # ############################ - # # Deployment validation # - # ############################ + # ############################# + # # Deployment validation # + # ############################# # job_module_deploy_validation: # runs-on: ubuntu-20.04 # name: 'Deployment validation' From 589d70464205f297159b2193b73a0d3a039b4615 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:14:47 +0200 Subject: [PATCH 15/85] kv no psrule --- .github/workflows/ms.keyvault.vaults.yml | 120 +++++++++++------------ 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 4af837dbcb..5c182dad91 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -93,66 +93,66 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' - - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' + + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # # Populate tokens + # $Tokens = @{ + # resourceGroupName = '${{ env.resourceGroupName }}' + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } + + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap + + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } + + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = @($templateFilePath) + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } + + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs + + # Write-Output '::endgroup::' + + # # Run analysis by using the PSRule GitHub action. + # - name: Run PSRule analysis + # uses: microsoft/ps-rule@v2.4.0 + # # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # with: + # modules: 'PSRule.Rules.Azure' + # inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' # ############################# # # Deployment validation # From 0b6c7ad4b2c0cb8dcaac02237ea35ea2b42fa519 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:16:23 +0200 Subject: [PATCH 16/85] replace --- .github/workflows/ms.keyvault.vaults.yml | 104 +++++++++++------------ 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 5c182dad91..88ff8748f5 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -93,58 +93,58 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' # # Run analysis by using the PSRule GitHub action. # - name: Run PSRule analysis From 393bfb54dd0ed9c81a74ea734c925eb228f0b952 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:18:22 +0200 Subject: [PATCH 17/85] no replace --- .github/workflows/ms.keyvault.vaults.yml | 96 ++++++++++++------------ 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 88ff8748f5..ee7cb005dd 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -97,54 +97,54 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' + + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # # Populate tokens + # $Tokens = @{ + # resourceGroupName = '${{ env.resourceGroupName }}' + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } + + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap + + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } + + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = @($templateFilePath) + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } + + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs + + # Write-Output '::endgroup::' # # Run analysis by using the PSRule GitHub action. # - name: Run PSRule analysis From 16fab3698a20d0aa55a16135c743adf67d859cff Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:19:05 +0200 Subject: [PATCH 18/85] replace 1 --- .github/workflows/ms.keyvault.vaults.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index ee7cb005dd..1d2f5440d1 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -97,14 +97,14 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' # # Load used functions # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') From 75f8b6cb1336032bef553f4b60d5578e6c5f774b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:21:38 +0200 Subject: [PATCH 19/85] indent --- .github/workflows/ms.keyvault.vaults.yml | 112 +++++++++++------------ 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 1d2f5440d1..19c89f5d5a 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -97,62 +97,62 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' - - # # Run analysis by using the PSRule GitHub action. - # - name: Run PSRule analysis - # uses: microsoft/ps-rule@v2.4.0 - # # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # with: - # modules: 'PSRule.Rules.Azure' - # inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # Run analysis by using the PSRule GitHub action. + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' # ############################# # # Deployment validation # From 5c417dbfdfffa0285698bb08a0a04d7e7be2703d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:26:44 +0200 Subject: [PATCH 20/85] align vnet --- .../workflows/ms.network.virtualnetworks.yml | 92 +++++++++++++++++-- 1 file changed, 84 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index f09c176e38..b575293cc0 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -60,26 +60,102 @@ jobs: removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} - job_psrule_validation: + ######################### + # Static validation # + ######################### + job_module_pester_validation: runs-on: ubuntu-20.04 - name: 'psrule-validation' + name: 'Static validation' steps: - - name: Checkout + - name: 'Checkout' uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' + moduleTestFilePath: '${{ env.moduleTestFilePath }}' + + job_psrule_test: + name: 'PsRule inflight validation' + runs-on: ubuntu-latest + needs: + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: Checkout + uses: actions/checkout@v3 - name: Set environment variables uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis - uses: microsoft/ps-rule@main + uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' outputFormat: Sarif option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - - ######################### # Static validation # ######################### @@ -101,7 +177,7 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - + # ############################# # # Deployment validation # From 09a730f1fb144b963daca64a279246868a279dd4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:29:07 +0200 Subject: [PATCH 21/85] align vnet and enable deployment --- .github/workflows/ms.keyvault.vaults.yml | 126 +++++++++--------- .../workflows/ms.network.virtualnetworks.yml | 36 +---- .../workflows/ms.resources.resourcegroups.yml | 126 +++++++++--------- 3 files changed, 133 insertions(+), 155 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 19c89f5d5a..b59a7022de 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -154,66 +154,66 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # ############################# - # # Deployment validation # - # ############################# - # job_module_deploy_validation: - # runs-on: ubuntu-20.04 - # name: 'Deployment validation' - # needs: - # - job_initialize_pipeline - # - job_module_pester_validation - # - job_psrule_test - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # location: '${{ env.location }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - # ################## - # # Publishing # - # ################## - # job_publish_module: - # name: 'Publishing' - # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - # runs-on: ubuntu-20.04 - # needs: - # - job_module_deploy_validation - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Publishing' - # uses: ./.github/actions/templates/publishModule - # with: - # templateFilePath: '${{ env.modulePath }}/deploy.bicep' - # templateSpecsRGName: '${{ env.templateSpecsRGName }}' - # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - # templateSpecsDescription: '${{ env.templateSpecsDescription }}' - # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - # bicepRegistryName: '${{ env.bicepRegistryName }}' - # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + - job_psrule_test + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index b575293cc0..36fd81746c 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -156,38 +156,16 @@ jobs: outputFormat: Sarif option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - ######################### - # Static validation # - ######################### - job_module_pester_validation: - runs-on: ubuntu-20.04 - name: 'Static validation' - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ env.modulePath }}' - moduleTestFilePath: '${{ env.moduleTestFilePath }}' - - - - # ############################# - # # Deployment validation # - # ############################# + ############################# + # Deployment validation # + ############################# job_module_deploy_validation: runs-on: ubuntu-20.04 name: 'Deployment validation' needs: - job_initialize_pipeline - job_module_pester_validation + - job_psrule_test strategy: fail-fast: false matrix: @@ -211,9 +189,9 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - # ################## - # # Publishing # - # ################## + ################## + # Publishing # + ################## job_publish_module: name: 'Publishing' if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 9f7125e256..30050f14c0 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -154,66 +154,66 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # ############################# - # # Deployment validation # - # ############################# - # job_module_deploy_validation: - # runs-on: ubuntu-20.04 - # name: 'Deployment validation' - # needs: - # - job_initialize_pipeline - # - job_module_pester_validation - # - job_psrule_test - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # location: '${{ env.location }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - # ################## - # # Publishing # - # ################## - # job_publish_module: - # name: 'Publishing' - # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - # runs-on: ubuntu-20.04 - # needs: - # - job_module_deploy_validation - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Publishing' - # uses: ./.github/actions/templates/publishModule - # with: - # templateFilePath: '${{ env.modulePath }}/deploy.bicep' - # templateSpecsRGName: '${{ env.templateSpecsRGName }}' - # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - # templateSpecsDescription: '${{ env.templateSpecsDescription }}' - # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - # bicepRegistryName: '${{ env.bicepRegistryName }}' - # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + - job_psrule_test + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From f7e7ae616b3f7bd582d56713a28ed19db5d2da85 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 14:50:32 +0200 Subject: [PATCH 22/85] conflicts --- .github/workflows/ms.keyvault.vaults.yml | 35 ------ .../workflows/ms.network.virtualnetworks.yml | 118 ------------------ .../workflows/ms.resources.resourcegroups.yml | 66 ---------- 3 files changed, 219 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 3d8d0730cd..19c89f5d5a 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -154,40 +154,6 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' -<<<<<<< HEAD - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - - job_psrule_test - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' -======= # ############################# # # Deployment validation # # ############################# @@ -220,7 +186,6 @@ jobs: # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' ->>>>>>> hack/topic6 # ################## # # Publishing # diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index a307d3d940..7a7feeeeb8 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -84,7 +84,6 @@ jobs: job_psrule_test: name: 'PsRule inflight validation' runs-on: ubuntu-latest -<<<<<<< HEAD needs: - job_initialize_pipeline strategy: @@ -157,90 +156,6 @@ jobs: outputFormat: Sarif option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - - job_psrule_test -======= - needs: - - job_initialize_pipeline ->>>>>>> hack/topic6 - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' - - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - outputFormat: Sarif - option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - # ############################# # # Deployment validation # # ############################# @@ -274,38 +189,6 @@ jobs: # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' -<<<<<<< HEAD - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' -======= # ################## # # Publishing # # ################## @@ -336,4 +219,3 @@ jobs: # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' ->>>>>>> hack/topic6 diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 9f3763b140..9f7125e256 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -154,71 +154,6 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' -<<<<<<< HEAD - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - - job_psrule_test - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' -======= # ############################# # # Deployment validation # # ############################# @@ -282,4 +217,3 @@ jobs: # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' ->>>>>>> hack/topic6 From 3a260c916360f149e5816d71dfba1d4fa1a0a438 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 16:16:57 +0200 Subject: [PATCH 23/85] suppressedRuleWarning --- ps-rule.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/ps-rule.yaml b/ps-rule.yaml index eb0ef803db..a85e0f7db3 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -20,6 +20,7 @@ requires: execution: notProcessedWarning: false + suppressedRuleWarning: false # Use PSRule for Azure. include: From 00e25159b56f1a68bdd9bc2ba98035a9620ff2a7 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 21:06:15 +0200 Subject: [PATCH 24/85] enable deployment --- .../workflows/ms.resources.resourcegroups.yml | 126 +++++++++--------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 9f7125e256..30050f14c0 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -154,66 +154,66 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # ############################# - # # Deployment validation # - # ############################# - # job_module_deploy_validation: - # runs-on: ubuntu-20.04 - # name: 'Deployment validation' - # needs: - # - job_initialize_pipeline - # - job_module_pester_validation - # - job_psrule_test - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # location: '${{ env.location }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - # ################## - # # Publishing # - # ################## - # job_publish_module: - # name: 'Publishing' - # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - # runs-on: ubuntu-20.04 - # needs: - # - job_module_deploy_validation - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Publishing' - # uses: ./.github/actions/templates/publishModule - # with: - # templateFilePath: '${{ env.modulePath }}/deploy.bicep' - # templateSpecsRGName: '${{ env.templateSpecsRGName }}' - # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - # templateSpecsDescription: '${{ env.templateSpecsDescription }}' - # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - # bicepRegistryName: '${{ env.bicepRegistryName }}' - # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + - job_psrule_test + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From 0dda740751a1f6b09b8deb172116ce553be8dc64 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 19:43:17 +0200 Subject: [PATCH 25/85] linter csv --- .github/workflows/linter.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index af409cf677..e5a433cb4e 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -33,5 +33,16 @@ jobs: uses: microsoft/ps-rule@v2.4.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: - modules: PSRule.Rules.Azure - baseline: Azure.Default + modules: 'PSRule.Rules.Azure' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + outputFormat: Csv + outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' + + - name: Output to Github Logs + if: always() + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + + - name: Output to Github summaries + if: always() + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' >> $GITHUB_STEP_SUMMARY From 5917a86250762bc1ddf9b91dfb1b0d964660e160 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 19:46:54 +0200 Subject: [PATCH 26/85] path to ignore --- ps-rule.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index e6f83a8325..afb16fb012 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -40,21 +40,9 @@ output: input: pathIgnore: # Ignore other files in the repository. - # - '.azuredevops/' - # - '.github/' - # - '.vscode/' - # - 'constructs/' - # - 'docs/' - # - 'utilities' - '**/*' - # - '*.md' - # # - '!**/.tests/*.bicep' - - - # Exclude modules but not tests. - # - 'modules/**/*.bicep' + # Do not ignore tests. - '!modules/**/*.test.bicep' - # - 'modules/**/*version.json' configuration: # Enable automatic expansion of Azure parameter files. From 729a9c69b9cda461c715d0fad7ed0aad89a93d92 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 19:47:46 +0200 Subject: [PATCH 27/85] execution --- ps-rule.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index afb16fb012..e1f4a76ca0 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -18,10 +18,6 @@ requires: PSRule: '@pre >=2.4.0' PSRule.Rules.Azure: '@pre >=1.19.2' -execution: - notProcessedWarning: false - suppressedRuleWarning: false - # Use PSRule for Azure. include: module: @@ -29,6 +25,7 @@ include: execution: suppressedRuleWarning: false + notProcessedWarning: false output: culture: From c19be048fcb168217afa1bc53c4d0d52535be889 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 19:49:21 +0200 Subject: [PATCH 28/85] disable rg deployment --- .../workflows/ms.resources.resourcegroups.yml | 126 +++++++++--------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 849e5ecb3b..c1bb79b548 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -154,66 +154,66 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - - job_psrule_test - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From 8e26711753f07180e3cc453f17cabfb31177fe0f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 19:51:23 +0200 Subject: [PATCH 29/85] 2 jobs --- .github/workflows/linter.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index e5a433cb4e..679fbe2927 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -28,6 +28,10 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FILTER_REGEX_EXCLUDE: '[module.tests.ps1|Get\-ModulesAsMarkdownTable.ps1|.*yml]' + psrule: + name: PSRule + runs-on: ubuntu-latest + steps: # Analyze repository with PSRule - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 From 0d6d1d14e067d3f3479af0bcab2638ca8406ca59 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 19:54:33 +0200 Subject: [PATCH 30/85] inputpath --- .github/workflows/linter.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 679fbe2927..4ee5a5036e 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -38,15 +38,14 @@ jobs: continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + inputPath: 'modules/' outputFormat: Csv - outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' - option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' + outputPath: 'modules/PSRule-output.csv' - name: Output to Github Logs if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + run: cat 'modules/PSRule-output.csv' - name: Output to Github summaries if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' >> $GITHUB_STEP_SUMMARY + run: cat 'modules/PSRule-output.csv' >> $GITHUB_STEP_SUMMARY From d9220500ffabc230e306111822ed723a11315de2 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 19:57:23 +0200 Subject: [PATCH 31/85] add init --- .github/workflows/linter.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 4ee5a5036e..cb3e1de4c2 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -33,6 +33,12 @@ jobs: runs-on: ubuntu-latest steps: # Analyze repository with PSRule + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project @@ -41,11 +47,9 @@ jobs: inputPath: 'modules/' outputFormat: Csv outputPath: 'modules/PSRule-output.csv' - - name: Output to Github Logs if: always() run: cat 'modules/PSRule-output.csv' - - name: Output to Github summaries if: always() run: cat 'modules/PSRule-output.csv' >> $GITHUB_STEP_SUMMARY From 289e5a13f164ea7b2a939a9ab7a19072994acbed Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 20:01:02 +0200 Subject: [PATCH 32/85] variables --- .github/workflows/linter.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index cb3e1de4c2..16f136f107 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -2,6 +2,10 @@ name: '.Platform: Linter' on: [pull_request] +env: + variablesPath: 'settings.yml' + modulesPath: 'modules' + jobs: build: name: Linter @@ -44,12 +48,12 @@ jobs: continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: 'modules/' + inputPath: '${{ modulesPath }}/' outputFormat: Csv - outputPath: 'modules/PSRule-output.csv' + outputPath: '${{ modulesPath }}/PSRule-output.csv' - name: Output to Github Logs if: always() - run: cat 'modules/PSRule-output.csv' + run: cat '${{ modulesPath }}/PSRule-output.csv' - name: Output to Github summaries if: always() - run: cat 'modules/PSRule-output.csv' >> $GITHUB_STEP_SUMMARY + run: cat '${{ modulesPath }}/PSRule-output.csv' >> $GITHUB_STEP_SUMMARY From 18b729a5a86f275b2818b771fdb40a6b7cf03368 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 20:02:06 +0200 Subject: [PATCH 33/85] env variables --- .github/workflows/linter.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 16f136f107..05b1376512 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -48,12 +48,12 @@ jobs: continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ modulesPath }}/' + inputPath: '${{ env.modulesPath }}/' outputFormat: Csv - outputPath: '${{ modulesPath }}/PSRule-output.csv' + outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - name: Output to Github Logs if: always() - run: cat '${{ modulesPath }}/PSRule-output.csv' + run: cat '${{ env.modulesPath }}/PSRule-output.csv' - name: Output to Github summaries if: always() - run: cat '${{ modulesPath }}/PSRule-output.csv' >> $GITHUB_STEP_SUMMARY + run: cat '${{ env.modulesPath }}/PSRule-output.csv' >> $GITHUB_STEP_SUMMARY From c2c19616f8737a862f695009c5b020faec789916 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 20:09:52 +0200 Subject: [PATCH 34/85] call function --- .github/workflows/linter.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 05b1376512..749117135b 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -54,6 +54,27 @@ jobs: - name: Output to Github Logs if: always() run: cat '${{ env.modulesPath }}/PSRule-output.csv' + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') + + # Populate parameter input + $ParameterInput = @{ + inputFilePath = '${{ env.modulesPath }}/PSRule-output.csv' + outputFilePath = '${{ env.modulesPath }}/PSRule-output.md' + } + + # Invoke function + $null = Set-PSRuleOutput @ParameterInput + + Write-Output '::endgroup::' - name: Output to Github summaries if: always() - run: cat '${{ env.modulesPath }}/PSRule-output.csv' >> $GITHUB_STEP_SUMMARY + run: cat '${{ env.modulesPath }}/PSRule-output.md' >> $GITHUB_STEP_SUMMARY From 0f7848d2aa997b5c32764af23384523a2939c387 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 20:31:54 +0200 Subject: [PATCH 35/85] md detail summary --- .../PSRuleValidation/Set-PSRuleOutput.ps1 | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 36af10e843..b7ea66f473 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -39,14 +39,16 @@ if ($failedRules.Count -gt 0) { #Create Failing table - + $failContent = [System.Collections.ArrayList]@( '# Rules Failed', '', + '
', + 'GitHub private repository', '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' ) - + foreach ($content in $failedRules ) { # Shorten the target name for deployment resoure type if ($content.TargetType -eq 'Microsoft.Resources/deployments') { @@ -58,15 +60,16 @@ try { $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl - $resourceLink = "[" + $content.RuleName + "](" + $PSRuleReferenceUrl + ")" - } - catch { + $resourceLink = '[' + $content.RuleName + '](' + $PSRuleReferenceUrl + ')' + } catch { Write-Warning "Unable to build url for $content.RuleName" $resourceLink = $content.RuleName } $failContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) - + } + $failContent += [System.Collections.ArrayList]@( + '
') #Append markdown with failed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent } @@ -92,13 +95,12 @@ try { $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl - $resourceLink = "[" + $content.RuleName + "](" + $PSRuleReferenceUrl + ")" - } - catch { + $resourceLink = '[' + $content.RuleName + '](' + $PSRuleReferenceUrl + ')' + } catch { Write-Warning "Unable to build url for $content.RuleName" $resourceLink = $content.RuleName } - + $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) } @@ -114,5 +116,5 @@ } - + From 393c348cd431aa439a80e4e03a703ebd1b9a116d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 20:35:00 +0200 Subject: [PATCH 36/85] new lines --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index b7ea66f473..35b9f37ba7 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -45,6 +45,7 @@ '', '
', 'GitHub private repository', + '', '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' ) @@ -69,7 +70,9 @@ } $failContent += [System.Collections.ArrayList]@( - '
') + '', + '', + '') #Append markdown with failed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent } From 6cf317b0d91f9d1178c61e0fecc11c90a1e15521 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 20:43:19 +0200 Subject: [PATCH 37/85] details pass and fail --- .github/workflows/linter.yml | 7 ++----- .../pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 13 ++++++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 749117135b..585bb60c67 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -51,10 +51,7 @@ jobs: inputPath: '${{ env.modulesPath }}/' outputFormat: Csv outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - - name: Output to Github Logs - if: always() - run: cat '${{ env.modulesPath }}/PSRule-output.csv' - - name: 'Replace tokens in template file' + - name: 'Parse CSV content' uses: azure/powershell@v1 with: azPSVersion: 'latest' @@ -75,6 +72,6 @@ jobs: $null = Set-PSRuleOutput @ParameterInput Write-Output '::endgroup::' - - name: Output to Github summaries + - name: Output to GitHub job summaries if: always() run: cat '${{ env.modulesPath }}/PSRule-output.md' >> $GITHUB_STEP_SUMMARY diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 35b9f37ba7..8127fa3395 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -41,10 +41,10 @@ #Create Failing table $failContent = [System.Collections.ArrayList]@( - '# Rules Failed', + '## Rules Failed', '', '
', - 'GitHub private repository', + 'List of Rules Failed', '', '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' @@ -81,7 +81,10 @@ if ($passedRules.Count -gt 0) { $passContent = [System.Collections.ArrayList]@( - '# Rules Passed', + '## Rules Passed', + '', + '
', + 'List of Rules Passed', '', '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' @@ -109,14 +112,14 @@ } $passContent += [System.Collections.ArrayList]@( + '', + '
', '') #Append markdown with passed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent } - - } From d930a7af6cba08f7b308dc69240f526dd133d7e4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:08:02 +0200 Subject: [PATCH 38/85] moduleTestFiles --- .github/workflows/linter.yml | 52 ++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 585bb60c67..c67b24a3db 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -43,6 +43,58 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Get File Path List + $moduleTestFiles = @() + $moduleTestFiles += Get-ChildItem -Path '${{ env.modulesPath }} -Filter *.test.bicep -Recurse -File -Name + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = $moduleTestFiles + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project From bc4539812ac71fb6fee4520213beffb6a8df3504 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:15:51 +0200 Subject: [PATCH 39/85] moduleTest --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index c67b24a3db..49be52bf17 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -78,7 +78,7 @@ jobs: # Get File Path List $moduleTestFiles = @() - $moduleTestFiles += Get-ChildItem -Path '${{ env.modulesPath }} -Filter *.test.bicep -Recurse -File -Name + $moduleTestFiles += Get-ChildItem -Path '${{ env.modulesPath }}' -Filter *.test.bicep -Recurse -File -Name # Construct Token Function Input $ConvertTokensInputs = @{ From ddd803f80d3d6683a8807a0cbe24da499cf8ad74 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:20:24 +0200 Subject: [PATCH 40/85] join path --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 49be52bf17..27e78951d0 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -78,7 +78,7 @@ jobs: # Get File Path List $moduleTestFiles = @() - $moduleTestFiles += Get-ChildItem -Path '${{ env.modulesPath }}' -Filter *.test.bicep -Recurse -File -Name + $moduleTestFiles += Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}') -Filter *.test.bicep -Recurse -File -Name # Construct Token Function Input $ConvertTokensInputs = @{ From 6a87be4f62772315bb1cb66bdd50341b8d7f43e1 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:28:55 +0200 Subject: [PATCH 41/85] modulesFolderPath --- .github/workflows/linter.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 27e78951d0..d9c6257380 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -77,9 +77,12 @@ jobs: } # Get File Path List + $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' + Write-Verbose $modulesFolderPath -Verbose $moduleTestFiles = @() - $moduleTestFiles += Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}') -Filter *.test.bicep -Recurse -File -Name - + $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -File -Name + Write-Verbose '$($moduleTestFiles.Count)' -Verbose + Write-Verbose '$($moduleTestFiles.GetType())' -Verbose # Construct Token Function Input $ConvertTokensInputs = @{ FilePathList = $moduleTestFiles From 72d7987e1e635c3a30c8668a36d67c7c0a4fc496 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:32:41 +0200 Subject: [PATCH 42/85] modulesFolderPath collection --- .github/workflows/linter.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index d9c6257380..568f645477 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -79,10 +79,10 @@ jobs: # Get File Path List $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' Write-Verbose $modulesFolderPath -Verbose - $moduleTestFiles = @() + $moduleTestFiles = [System.Collections.ArrayList]@() $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -File -Name - Write-Verbose '$($moduleTestFiles.Count)' -Verbose - Write-Verbose '$($moduleTestFiles.GetType())' -Verbose + Write-Verbose $($moduleTestFiles.Count) -Verbose + Write-Verbose $($moduleTestFiles.GetType()) -Verbose # Construct Token Function Input $ConvertTokensInputs = @{ FilePathList = $moduleTestFiles From f674dcc0f741f453f77a75744c4fa82390deb021 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:38:08 +0200 Subject: [PATCH 43/85] modulesFolderPath no filter --- .github/workflows/linter.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 568f645477..b5dc99f406 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -79,8 +79,10 @@ jobs: # Get File Path List $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' Write-Verbose $modulesFolderPath -Verbose + $moduleTestFiles = [System.Collections.ArrayList]@() - $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -File -Name + $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Recurse -File -Name + # -Filter *.test.bicep Write-Verbose $($moduleTestFiles.Count) -Verbose Write-Verbose $($moduleTestFiles.GetType()) -Verbose # Construct Token Function Input From a84b424056da1276bad5eac188bf2185b20efd2a Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:39:30 +0200 Subject: [PATCH 44/85] modulesFolderPath no file --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index b5dc99f406..412e678415 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -81,7 +81,7 @@ jobs: Write-Verbose $modulesFolderPath -Verbose $moduleTestFiles = [System.Collections.ArrayList]@() - $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Recurse -File -Name + $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Recurse # -Filter *.test.bicep Write-Verbose $($moduleTestFiles.Count) -Verbose Write-Verbose $($moduleTestFiles.GetType()) -Verbose From 057a4c2f71ba1a73f5c50ce0b5d721dcb895159d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:46:02 +0200 Subject: [PATCH 45/85] force --- .github/workflows/linter.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 412e678415..9ead8722aa 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -81,8 +81,8 @@ jobs: Write-Verbose $modulesFolderPath -Verbose $moduleTestFiles = [System.Collections.ArrayList]@() - $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Recurse - # -Filter *.test.bicep + $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -Force -Name + Write-Verbose $($moduleTestFiles.Count) -Verbose Write-Verbose $($moduleTestFiles.GetType()) -Verbose # Construct Token Function Input From a60f695f8f702f1d42252f4ca757aceb99f62843 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:49:53 +0200 Subject: [PATCH 46/85] cleanup --- .github/workflows/linter.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 9ead8722aa..d29549539d 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -78,13 +78,9 @@ jobs: # Get File Path List $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' - Write-Verbose $modulesFolderPath -Verbose - $moduleTestFiles = [System.Collections.ArrayList]@() $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -Force -Name - Write-Verbose $($moduleTestFiles.Count) -Verbose - Write-Verbose $($moduleTestFiles.GetType()) -Verbose # Construct Token Function Input $ConvertTokensInputs = @{ FilePathList = $moduleTestFiles From a62af964e55971aefa163430fb37ecf7b0383a3b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 21:54:41 +0200 Subject: [PATCH 47/85] root --- .github/workflows/linter.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index d29549539d..1ebf6f738a 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -79,7 +79,9 @@ jobs: # Get File Path List $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' $moduleTestFiles = [System.Collections.ArrayList]@() - $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -Force -Name + # $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -Force -Name + $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name + # Construct Token Function Input $ConvertTokensInputs = @{ From 3baec7b23d01765bec321071ab89083067068e88 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 22:17:25 +0200 Subject: [PATCH 48/85] noroot --- .github/workflows/linter.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 1ebf6f738a..ae99467535 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -80,7 +80,8 @@ jobs: $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' $moduleTestFiles = [System.Collections.ArrayList]@() # $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -Force -Name - $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name + # Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name | Join-Path $env:GITHUB_WORKSPACE '$._' + $moduleTestFiles += Get-ChildItem -Filter *.test.bicep -Recurse -Force -Name | ForEach-Object {$_.root} | Join-Path -ChildPath "Subdir" # Construct Token Function Input From de1233e5dcfdb336814fcece614cc9a0bf64fee6 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 22:23:13 +0200 Subject: [PATCH 49/85] convert verbose --- .github/workflows/linter.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index ae99467535..665602b991 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -81,7 +81,7 @@ jobs: $moduleTestFiles = [System.Collections.ArrayList]@() # $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -Force -Name # Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name | Join-Path $env:GITHUB_WORKSPACE '$._' - $moduleTestFiles += Get-ChildItem -Filter *.test.bicep -Recurse -Force -Name | ForEach-Object {$_.root} | Join-Path -ChildPath "Subdir" + $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name | ForEach-Object {$_.root} | Join-Path -ChildPath "Subdir" # Construct Token Function Input @@ -95,7 +95,8 @@ jobs: Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs + # $null = + Convert-TokensInFileList @ConvertTokensInputs -verbose Write-Output '::endgroup::' From 21e5a32532f3e72e8bee13158b30cd0516bcb687 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 21 Sep 2022 22:29:36 +0200 Subject: [PATCH 50/85] no pipe --- .github/workflows/linter.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 665602b991..7d0e53bcf3 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -81,7 +81,8 @@ jobs: $moduleTestFiles = [System.Collections.ArrayList]@() # $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -Force -Name # Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name | Join-Path $env:GITHUB_WORKSPACE '$._' - $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name | ForEach-Object {$_.root} | Join-Path -ChildPath "Subdir" + $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name + # | ForEach-Object {$_.root} | Join-Path -ChildPath "Subdir" # Construct Token Function Input From 89f3a24d6df5ed89462eeede0fcc38660d952aeb Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 19:16:15 +0200 Subject: [PATCH 51/85] yay --- .../PSRuleValidation/Set-PSRuleOutput.ps1 | 41 +++++++++++-------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 9c5f5d7393..fd3f08703c 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -18,28 +18,37 @@ $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } - - #Create Summary table - - $headerTable = [System.Collections.ArrayList]@( - '# Output Summary ', - '', - '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', - '| :-- | :-- | :-- |' + #Create header and first output + $header = [System.Collections.ArrayList]@( + '# PSRule Summary ', + '' ) + Out-File -FilePath $outputFilePath -NoClobber -InputObject $header - $headerTable += ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count) - $headerTable += [System.Collections.ArrayList]@( - '') - - # Create markdown file with header table - Out-File -FilePath $outputFilePath -NoClobber -InputObject $headerTable - + if ($failedRules.Count -gt 0) { + # Create header content + $headerContent = [System.Collections.ArrayList]@( + 'YAY!' + ) + # Append header content + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerContent + } if ($failedRules.Count -gt 0) { + # Create header table + $headerTable = [System.Collections.ArrayList]@( + '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', + '| :-- | :-- | :-- |' + ) + $headerTable += ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count) + $headerTable += [System.Collections.ArrayList]@( + '' + ) - #Create Failing table + # Append header table + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerTable + # Create Failing table $failContent = [System.Collections.ArrayList]@( '', '
', From e3324dd70ed8a4f4acdc8a30caf1b8ba02007453 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 19:24:33 +0200 Subject: [PATCH 52/85] token secret --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 7d0e53bcf3..8522d5ad6b 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -5,6 +5,7 @@ on: [pull_request] env: variablesPath: 'settings.yml' modulesPath: 'modules' + TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}' jobs: build: @@ -84,7 +85,6 @@ jobs: $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name # | ForEach-Object {$_.root} | Join-Path -ChildPath "Subdir" - # Construct Token Function Input $ConvertTokensInputs = @{ FilePathList = $moduleTestFiles From 084b06ab0fd19e6b28b402b1b6877ff8e31285b8 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 19:32:28 +0200 Subject: [PATCH 53/85] skip passed --- .github/workflows/linter.yml | 5 +++-- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 8 +++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 8522d5ad6b..439709aff3 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -122,8 +122,9 @@ jobs: # Populate parameter input $ParameterInput = @{ - inputFilePath = '${{ env.modulesPath }}/PSRule-output.csv' - outputFilePath = '${{ env.modulesPath }}/PSRule-output.md' + inputFilePath = '${{ env.modulesPath }}/PSRule-output.csv' + outputFilePath = '${{ env.modulesPath }}/PSRule-output.md' + skipPassedRulesReport = $true } # Invoke function diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index fd3f08703c..c2bcbeebb7 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -5,11 +5,13 @@ [String] $inputFilePath, [Parameter(Mandatory = $false)] - [string] $outputFilePath = './output.md' + [string] $outputFilePath = './output.md', + + [Parameter(Mandatory = $false)] + [switch] $skipPassedRulesReport ) # Import CSV output and filter by results - $results = Import-Csv -Path $inputFilePath $passedRules = @() @@ -89,7 +91,7 @@ } # Create Passing table - if ($passedRules.Count -gt 0) { + if (($passedRules.Count -gt 0) -and -not $skipPassedRulesReport) { $passContent = [System.Collections.ArrayList]@( '', From a53defe256ce3d55e1433aee42896aae25ed4eff Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 19:36:09 +0200 Subject: [PATCH 54/85] rocket --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index c2bcbeebb7..0ebd95b7e6 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -28,9 +28,10 @@ Out-File -FilePath $outputFilePath -NoClobber -InputObject $header if ($failedRules.Count -gt 0) { + # if ($failedRules.Count -eq 0) { # Create header content $headerContent = [System.Collections.ArrayList]@( - 'YAY!' + 'All $($results.Count) rules passed, YAY! :rocket:' ) # Append header content Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerContent From 658b2c49c03e641ac2feb9248809dcb410827896 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 19:44:01 +0200 Subject: [PATCH 55/85] noFailuresContent --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 0ebd95b7e6..7e4d24a4fb 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -30,11 +30,9 @@ if ($failedRules.Count -gt 0) { # if ($failedRules.Count -eq 0) { # Create header content - $headerContent = [System.Collections.ArrayList]@( - 'All $($results.Count) rules passed, YAY! :rocket:' - ) + $noFailuresContent = ('All [{0}] rules passed, YAY! :rocket:' -f $results.Count) # Append header content - Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerContent + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $noFailuresContent } if ($failedRules.Count -gt 0) { @@ -132,7 +130,6 @@ ) #Append markdown with passed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent - } } From de2c95bacf285f744a4a394ab048688633beff5d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 19:50:31 +0200 Subject: [PATCH 56/85] yay Content --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 7e4d24a4fb..6b6808360e 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -30,7 +30,7 @@ if ($failedRules.Count -gt 0) { # if ($failedRules.Count -eq 0) { # Create header content - $noFailuresContent = ('All [{0}] rules passed, YAY! :rocket:' -f $results.Count) + $noFailuresContent = ('## All {0} rules passed, YAY! :rocket:' -f $results.Count) # Append header content Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $noFailuresContent } From a3c96287ba4ec110cf485af584bbbd56e8e4b14c Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 19:50:54 +0200 Subject: [PATCH 57/85] yay Content if the case --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 6b6808360e..9456f38def 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -27,8 +27,7 @@ ) Out-File -FilePath $outputFilePath -NoClobber -InputObject $header - if ($failedRules.Count -gt 0) { - # if ($failedRules.Count -eq 0) { + if ($failedRules.Count -eq 0) { # Create header content $noFailuresContent = ('## All {0} rules passed, YAY! :rocket:' -f $results.Count) # Append header content From 6dd8b88851429cef88ea04f90317aeebd1429309 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 19:51:31 +0200 Subject: [PATCH 58/85] double rocket --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 9456f38def..19e0ed4735 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -29,7 +29,7 @@ if ($failedRules.Count -eq 0) { # Create header content - $noFailuresContent = ('## All {0} rules passed, YAY! :rocket:' -f $results.Count) + $noFailuresContent = ('## :rocket: All {0} rules passed, YAY! :rocket:' -f $results.Count) # Append header content Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $noFailuresContent } From cadcdb1cd04d80d7bbcaec9c9c872b2e3e74cad3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 20:01:17 +0200 Subject: [PATCH 59/85] cleanup --- .../PSRuleValidation/Set-PSRuleOutput.ps1 | 29 ++++++------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 19e0ed4735..660d9002af 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -20,7 +20,8 @@ $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } - #Create header and first output + # Set content + # Header $header = [System.Collections.ArrayList]@( '# PSRule Summary ', '' @@ -28,14 +29,12 @@ Out-File -FilePath $outputFilePath -NoClobber -InputObject $header if ($failedRules.Count -eq 0) { - # Create header content + # No failure content $noFailuresContent = ('## :rocket: All {0} rules passed, YAY! :rocket:' -f $results.Count) - # Append header content Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $noFailuresContent - } - - if ($failedRules.Count -gt 0) { - # Create header table + } else { + # Failure content + # Header table $headerTable = [System.Collections.ArrayList]@( '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', '| :-- | :-- | :-- |' @@ -44,11 +43,9 @@ $headerTable += [System.Collections.ArrayList]@( '' ) - - # Append header table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerTable - # Create Failing table + # Failed rules $failContent = [System.Collections.ArrayList]@( '', '
', @@ -59,7 +56,6 @@ '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' ) - foreach ($content in $failedRules ) { # Shorten the target name for deployment resoure type if ($content.TargetType -eq 'Microsoft.Resources/deployments') { @@ -77,20 +73,18 @@ $resourceLink = $content.RuleName } $failContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) - } $failContent += [System.Collections.ArrayList]@( '', '
', '' ) - #Append markdown with failed rules table + # Append markdown with failed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent } - # Create Passing table + # Passed rules if (($passedRules.Count -gt 0) -and -not $skipPassedRulesReport) { - $passContent = [System.Collections.ArrayList]@( '', '
', @@ -101,7 +95,6 @@ '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' ) - foreach ($content in $passedRules ) { # Shorten the target name for deployment resoure type if ($content.TargetType -eq 'Microsoft.Resources/deployments') { @@ -127,10 +120,6 @@ '
', '' ) - #Append markdown with passed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent } } - - - From 085750d266257d9935d3f87240c9ea2a7e28192e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 20:07:04 +0200 Subject: [PATCH 60/85] header content --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 660d9002af..6cec71daa2 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -38,11 +38,13 @@ $headerTable = [System.Collections.ArrayList]@( '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', '| :-- | :-- | :-- |' - ) - $headerTable += ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count) - $headerTable += [System.Collections.ArrayList]@( + ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count), '' ) + # $headerTable += ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count) + # $headerTable += [System.Collections.ArrayList]@( + # '' + # ) Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerTable # Failed rules From 5bbc4e290a84c022a602623554c141d190247da9 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 20:08:21 +0200 Subject: [PATCH 61/85] header --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 6cec71daa2..022832eaaa 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -23,7 +23,7 @@ # Set content # Header $header = [System.Collections.ArrayList]@( - '# PSRule Summary ', + '# PSRule pre-flight validation summary ', '' ) Out-File -FilePath $outputFilePath -NoClobber -InputObject $header From f46300708e7fa458c79cf8c65922542d9f326899 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 20:11:28 +0200 Subject: [PATCH 62/85] cleanup --- .../pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 022832eaaa..a8b2dbed1a 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -41,13 +41,9 @@ ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count), '' ) - # $headerTable += ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count) - # $headerTable += [System.Collections.ArrayList]@( - # '' - # ) Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerTable - # Failed rules + # List of failed rules $failContent = [System.Collections.ArrayList]@( '', '
', @@ -85,7 +81,7 @@ Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent } - # Passed rules + # List of passed rules if (($passedRules.Count -gt 0) -and -not $skipPassedRulesReport) { $passContent = [System.Collections.ArrayList]@( '', @@ -122,6 +118,7 @@ '
', '' ) + # Append markdown with passed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent } } From e34183664d38a8155c27c9b571c8e780e3a79247 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 20:15:38 +0200 Subject: [PATCH 63/85] cleanerup --- .../PSRuleValidation/Set-PSRuleOutput.ps1 | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index a8b2dbed1a..4771aa17e9 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -11,7 +11,10 @@ [switch] $skipPassedRulesReport ) - # Import CSV output and filter by results + ########################################### + # Import CSV output and filter by results # + ########################################### + $results = Import-Csv -Path $inputFilePath $passedRules = @() @@ -20,7 +23,10 @@ $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } - # Set content + ###################### + # Set output content # + ###################### + # Header $header = [System.Collections.ArrayList]@( '# PSRule pre-flight validation summary ', @@ -34,7 +40,8 @@ Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $noFailuresContent } else { # Failure content - # Header table + + ## Header table $headerTable = [System.Collections.ArrayList]@( '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', '| :-- | :-- | :-- |' @@ -43,7 +50,7 @@ ) Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerTable - # List of failed rules + ## List of failed rules $failContent = [System.Collections.ArrayList]@( '', '
', @@ -77,12 +84,12 @@ '
', '' ) - # Append markdown with failed rules table + # Append to output Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent } - # List of passed rules if (($passedRules.Count -gt 0) -and -not $skipPassedRulesReport) { + # List of passed rules $passContent = [System.Collections.ArrayList]@( '', '
', @@ -109,7 +116,6 @@ Write-Warning "Unable to build url for $content.RuleName" $resourceLink = $content.RuleName } - $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) } @@ -118,7 +124,7 @@ '
', '' ) - # Append markdown with passed rules table + # Append to output Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent } } From 86aa6b9e662ca4c7c2b83923a34f8370071f7585 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 20:17:53 +0200 Subject: [PATCH 64/85] tbd --- utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 4771aa17e9..b3896d243c 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -27,7 +27,7 @@ # Set output content # ###################### - # Header + # Header //TBD: Remove? $header = [System.Collections.ArrayList]@( '# PSRule pre-flight validation summary ', '' From d07aae667546893505e40837f51224c9c2fa7b0d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 4 Oct 2022 19:02:58 +0200 Subject: [PATCH 65/85] test on kv only --- .github/workflows/linter.yml | 5 ++--- .ps-rule/dep-suppress.Rule.yaml | 2 +- .ps-rule/min-suppress.Rule.yaml | 5 ++--- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 439709aff3..1e329468e5 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -100,13 +100,12 @@ jobs: Convert-TokensInFileList @ConvertTokensInputs -verbose Write-Output '::endgroup::' - - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulesPath }}/' + inputPath: '${{ env.modulesPath }}/Microsoft.KeyVault/vaults' outputFormat: Csv outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - name: 'Parse CSV content' @@ -115,7 +114,7 @@ jobs: azPSVersion: 'latest' inlineScript: | # Grouping task logs - Write-Output '::group::Replace tokens in template file' + Write-Output '::group::Parse CSV content' # Load used functions . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') diff --git a/.ps-rule/dep-suppress.Rule.yaml b/.ps-rule/dep-suppress.Rule.yaml index 0eedcfb968..e5b1c0a1bd 100644 --- a/.ps-rule/dep-suppress.Rule.yaml +++ b/.ps-rule/dep-suppress.Rule.yaml @@ -3,7 +3,7 @@ apiVersion: github.com/microsoft/PSRule/v1 kind: SuppressionGroup metadata: - name: 'SuppressDependancy' + name: 'SuppressDependency' spec: if: name: '.' diff --git a/.ps-rule/min-suppress.Rule.yaml b/.ps-rule/min-suppress.Rule.yaml index 9c984ea8da..85b70eb2c0 100644 --- a/.ps-rule/min-suppress.Rule.yaml +++ b/.ps-rule/min-suppress.Rule.yaml @@ -3,7 +3,7 @@ apiVersion: github.com/microsoft/PSRule/v1 kind: SuppressionGroup metadata: - name: 'Suppressmin' + name: 'SuppressMin' spec: rule: - Azure.Resource.UseTags @@ -12,5 +12,4 @@ spec: name: '.' contains: - 'min' - - \ No newline at end of file + From 4121f34d1fd9627eb0313f78948ad3503652ec98 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 4 Oct 2022 19:19:46 +0200 Subject: [PATCH 66/85] test on kv only change --- modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep b/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep index 99ecd3a4b4..d336874338 100644 --- a/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep +++ b/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep @@ -3,6 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // + @description('Optional. The name of the resource group to deploy for testing purposes') @maxLength(90) param resourceGroupName string = 'ms.keyvault.vaults-${serviceShort}-rg' From 950c54280f1d047cbc6962a8c3ccdcb8186d4c57 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 4 Oct 2022 19:27:56 +0200 Subject: [PATCH 67/85] test on kv only change path --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 1e329468e5..67a5c913cf 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -105,7 +105,7 @@ jobs: continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulesPath }}/Microsoft.KeyVault/vaults' + inputPath: '${{ env.modulesPath }}/Microsoft.KeyVault/vaults/' outputFormat: Csv outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - name: 'Parse CSV content' From d204934f6c3376f11a1ea281fb4a3b995393227e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 4 Oct 2022 19:32:08 +0200 Subject: [PATCH 68/85] library --- .github/workflows/linter.yml | 2 +- .../Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 67a5c913cf..86748f1fbe 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -105,7 +105,7 @@ jobs: continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulesPath }}/Microsoft.KeyVault/vaults/' + inputPath: '${{ env.modulesPath }}/' outputFormat: Csv outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - name: 'Parse CSV content' diff --git a/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep b/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep index d336874338..99ecd3a4b4 100644 --- a/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep +++ b/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep @@ -3,7 +3,6 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // - @description('Optional. The name of the resource group to deploy for testing purposes') @maxLength(90) param resourceGroupName string = 'ms.keyvault.vaults-${serviceShort}-rg' From 361905e372655a967ad88037bc593eb2fd6956cf Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 4 Oct 2022 19:39:36 +0200 Subject: [PATCH 69/85] comment --- .github/workflows/linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 86748f1fbe..40269f5db6 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -33,6 +33,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FILTER_REGEX_EXCLUDE: '[module.tests.ps1|Get\-ModulesAsMarkdownTable.ps1|.*yml]' + # Discuss if running on PR to the whole repo (current implementation) or only on files changed psrule: name: PSRule runs-on: ubuntu-latest From ffb336388061656f385a31369b9de518d1942135 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 10 Oct 2022 17:07:47 +0200 Subject: [PATCH 70/85] suppress ms rg --- .ps-rule/dep-suppress.Rule.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.ps-rule/dep-suppress.Rule.yaml b/.ps-rule/dep-suppress.Rule.yaml index e5b1c0a1bd..16399d8be9 100644 --- a/.ps-rule/dep-suppress.Rule.yaml +++ b/.ps-rule/dep-suppress.Rule.yaml @@ -9,3 +9,4 @@ spec: name: '.' startsWith: - 'dep' + - 'ms.' From 6bca85c8c2ee2b1f20a75abe21a0323467ec5b90 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 10 Oct 2022 17:43:52 +0200 Subject: [PATCH 71/85] suppress privatelink --- .ps-rule/dep-suppress.Rule.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.ps-rule/dep-suppress.Rule.yaml b/.ps-rule/dep-suppress.Rule.yaml index 16399d8be9..9ace1e259a 100644 --- a/.ps-rule/dep-suppress.Rule.yaml +++ b/.ps-rule/dep-suppress.Rule.yaml @@ -10,3 +10,4 @@ spec: startsWith: - 'dep' - 'ms.' + - 'privatelink.'' From 4fabf3a9dd493dbe0a5e967dc817fda19cdb9875 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 11:35:03 +0200 Subject: [PATCH 72/85] reduce scope --- .github/workflows/linter.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 40269f5db6..d61a327c4e 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -106,7 +106,8 @@ jobs: continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulesPath }}/' + # inputPath: '${{ env.modulesPath }}/' + inputPath: '${{ env.modulesPath }}/Microsoft.ApiManagement/service/' outputFormat: Csv outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - name: 'Parse CSV content' From 9d874c0aaa4e22b8b1da809a365afcc314d7ae81 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 11:38:44 +0200 Subject: [PATCH 73/85] reduce scope csv --- .github/workflows/linter.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index d61a327c4e..ea6f0a79c0 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -109,7 +109,8 @@ jobs: # inputPath: '${{ env.modulesPath }}/' inputPath: '${{ env.modulesPath }}/Microsoft.ApiManagement/service/' outputFormat: Csv - outputPath: '${{ env.modulesPath }}/PSRule-output.csv' + # outputPath: '${{ env.modulesPath }}/PSRule-output.csv' + outputPath: '${{ env.modulesPath }}/Microsoft.ApiManagement/service/PSRule-output.csv' - name: 'Parse CSV content' uses: azure/powershell@v1 with: From 8105f814c8441fc5395cba371451ed4dbd55e70c Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 11:40:41 +0200 Subject: [PATCH 74/85] reduce scope csv kv --- .github/workflows/linter.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index ea6f0a79c0..fe06414637 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -107,10 +107,10 @@ jobs: with: modules: 'PSRule.Rules.Azure' # inputPath: '${{ env.modulesPath }}/' - inputPath: '${{ env.modulesPath }}/Microsoft.ApiManagement/service/' + inputPath: '${{ env.modulesPath }}/Microsoft.KeyVault/' outputFormat: Csv # outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - outputPath: '${{ env.modulesPath }}/Microsoft.ApiManagement/service/PSRule-output.csv' + outputPath: '${{ env.modulesPath }}/Microsoft.KeyVault/PSRule-output.csv' - name: 'Parse CSV content' uses: azure/powershell@v1 with: From f9b826fe55e833a541bd01acaa19c8e131d3165e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 11:46:12 +0200 Subject: [PATCH 75/85] 242 --- .github/actions/templates/validateModulePSRule/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 9f25acea98..e4152d3cc1 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -91,7 +91,7 @@ runs: # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 + uses: microsoft/ps-rule@v2.4.2 # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' From 69fa3791ac7676bde3b15efc282c230d42c7177e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 11:48:28 +0200 Subject: [PATCH 76/85] remove require --- ps-rule.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index e1fe3eeaa3..b6fed9ec9f 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -15,7 +15,7 @@ binding: # Require minimum versions of modules. requires: - PSRule: '@pre >=2.4.0' + # PSRule: '@pre >=2.4.0' PSRule.Rules.Azure: '@pre >=1.19.2' # Use PSRule for Azure. @@ -56,7 +56,7 @@ rule: exclude: # Ignore the following rules for all resources - Azure.KeyVault.PurgeProtect - + # Suppression ignores rules for a specific Azure resource by name. # suppression: # Azure.KeyVault.PurgeProtect: From c60eb483afc2902fada3a7937b342678dc0be0e2 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 15:21:02 +0200 Subject: [PATCH 77/85] 250 --- .github/actions/templates/validateModulePSRule/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index e4152d3cc1..14c4ad4d76 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -91,7 +91,7 @@ runs: # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.2 + uses: microsoft/ps-rule@v2.5.0 # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' From ac2a1933eb26afd9106d2a1efdd94c785e5484c9 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 15:30:59 +0200 Subject: [PATCH 78/85] 250 linter --- .github/actions/templates/validateModulePSRule/action.yml | 2 +- .github/workflows/linter.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 14c4ad4d76..9f25acea98 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -91,7 +91,7 @@ runs: # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.5.0 + uses: microsoft/ps-rule@v2.4.0 # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index fe06414637..464519e7c8 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -102,7 +102,7 @@ jobs: Write-Output '::endgroup::' - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 + uses: microsoft/ps-rule@v2.5.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' From 412687395c7c4b4e6f036bc12b7c941d33db67da Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 15:31:43 +0200 Subject: [PATCH 79/85] 240 linter --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 464519e7c8..fe06414637 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -102,7 +102,7 @@ jobs: Write-Output '::endgroup::' - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.5.0 + uses: microsoft/ps-rule@v2.4.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' From fba2d2c12c9166a820364c83ad9e3a87b5299fe7 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 15:43:41 +0200 Subject: [PATCH 80/85] requires 240 linter --- ps-rule.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/ps-rule.yaml b/ps-rule.yaml index b6fed9ec9f..1bd554fe34 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -15,6 +15,7 @@ binding: # Require minimum versions of modules. requires: + PSRule: '2.4.0' # PSRule: '@pre >=2.4.0' PSRule.Rules.Azure: '@pre >=1.19.2' From 3bbee13c2f20c201f96158aafa4481fe0716f255 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 12 Oct 2022 15:47:01 +0200 Subject: [PATCH 81/85] include 240 --- ps-rule.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index 1bd554fe34..40efd1043b 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -15,12 +15,14 @@ binding: # Require minimum versions of modules. requires: - PSRule: '2.4.0' + # PSRule: '2.5.0' # PSRule: '@pre >=2.4.0' PSRule.Rules.Azure: '@pre >=1.19.2' # Use PSRule for Azure. include: + versions: + - 2.4.0 module: - PSRule.Rules.Azure From a56cd66e7e5ee04ea5efaac484d11120816660d9 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 18 Oct 2022 16:16:07 +0200 Subject: [PATCH 82/85] EoF --- .ps-rule/dep-suppress.Rule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ps-rule/dep-suppress.Rule.yaml b/.ps-rule/dep-suppress.Rule.yaml index 9ace1e259a..6dc96bce1e 100644 --- a/.ps-rule/dep-suppress.Rule.yaml +++ b/.ps-rule/dep-suppress.Rule.yaml @@ -10,4 +10,4 @@ spec: startsWith: - 'dep' - 'ms.' - - 'privatelink.'' + - 'privatelink.' From cc6968e853c1294e5dd6964b1be10e4db9a5b9e5 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 18 Oct 2022 16:22:36 +0200 Subject: [PATCH 83/85] update inputpath to all modules --- .github/workflows/linter.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index fe06414637..40269f5db6 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -106,11 +106,9 @@ jobs: continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - # inputPath: '${{ env.modulesPath }}/' - inputPath: '${{ env.modulesPath }}/Microsoft.KeyVault/' + inputPath: '${{ env.modulesPath }}/' outputFormat: Csv - # outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - outputPath: '${{ env.modulesPath }}/Microsoft.KeyVault/PSRule-output.csv' + outputPath: '${{ env.modulesPath }}/PSRule-output.csv' - name: 'Parse CSV content' uses: azure/powershell@v1 with: From e444749aa3a610d3d28a3c90faf324e1f2199adb Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 13 Dec 2022 18:54:49 +0100 Subject: [PATCH 84/85] clean psrule settings --- ps-rule.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index 40efd1043b..088b834cf7 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -15,14 +15,11 @@ binding: # Require minimum versions of modules. requires: - # PSRule: '2.5.0' - # PSRule: '@pre >=2.4.0' + PSRule: '@pre >=2.4.0' PSRule.Rules.Azure: '@pre >=1.19.2' # Use PSRule for Azure. include: - versions: - - 2.4.0 module: - PSRule.Rules.Azure From 23f1be185d87c8b9231aa4b84b163c47992657b6 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 13 Dec 2022 18:57:52 +0100 Subject: [PATCH 85/85] pipeline trigger --- .github/workflows/platform.linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/platform.linter.yml b/.github/workflows/platform.linter.yml index 83fe787548..6a04359de4 100644 --- a/.github/workflows/platform.linter.yml +++ b/.github/workflows/platform.linter.yml @@ -5,6 +5,7 @@ on: pull_request: branches: - main + - hack/topic6 env: variablesPath: 'settings.yml'