Azure · eriqua · Sep 19, 2022 · Sep 19, 2022 · Sep 19, 2022 · Sep 19, 2022
diff --git a/.github/workflows/platform.linter.yml b/.github/workflows/platform.linter.yml
@@ -5,6 +5,12 @@ on:
   pull_request:
     branches:
       - main
+      - hack/topic6
+
+env:
+  variablesPath: 'settings.yml'
+  modulesPath: 'modules'
+  TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}'
 
 jobs:
   build:
@@ -31,3 +37,105 @@ jobs:
           DEFAULT_BRANCH: ${{ github.base_ref }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           FILTER_REGEX_EXCLUDE: '[module.tests.ps1|Get\-ModulesAsMarkdownTable.ps1|.*yml]'
+
+  # Discuss if running on PR to the whole repo (current implementation) or only on files changed
+  psrule:
+    name: PSRule
+    runs-on: ubuntu-latest
+    steps:
+      # Analyze repository with PSRule
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set environment variables
+        uses: ./.github/actions/templates/setEnvironmentVariables
+        with:
+          variablesPath: ${{ env.variablesPath }}
+      - name: 'Replace tokens in template file'
+        uses: azure/powershell@v1
+        with:
+          azPSVersion: 'latest'
+          inlineScript: |
+            # Grouping task logs
+            Write-Output '::group::Replace tokens in template file'
+
+            # Load used functions
+            . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1')
+
+            # Populate tokens
+            $Tokens = @{
+              resourceGroupName = '${{ env.resourceGroupName }}'
+              subscriptionId    = '${{ secrets.ARM_SUBSCRIPTION_ID }}'
+              managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}'
+              tenantId          = '${{ env.ARM_TENANT_ID }}'
+            }
+
+            ## Add local (source control) tokens
+            $tokenMap = @{}
+            foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) {
+              $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value }
+            }
+            Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose
+            $Tokens += $tokenMap
+
+            ## Swap 'namePrefix' token if empty and provided as a GitHub secret
+            if([String]::IsNullOrEmpty($Tokens['namePrefix'])){
+              Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose
+              $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}'
+            }
+
+            # Get File Path List
+            $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}'
+            $moduleTestFiles = [System.Collections.ArrayList]@()
+            # $moduleTestFiles += Get-ChildItem -Path $modulesFolderPath -Filter *.test.bicep -Recurse -Force -Name
+            # Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name | Join-Path $env:GITHUB_WORKSPACE '$._'
+            $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name
+            # | ForEach-Object {$_.root} | Join-Path -ChildPath "Subdir"
+
+            # Construct Token Function Input
+            $ConvertTokensInputs = @{
+              FilePathList = $moduleTestFiles
+              Tokens       = $Tokens
+              TokenPrefix  = '${{ env.tokenPrefix }}'
+              TokenSuffix  = '${{ env.tokenSuffix }}'
+            }
+
+            Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose
+
+            # Invoke Token Replacement Functionality [For Module]
+            # $null =
+            Convert-TokensInFileList @ConvertTokensInputs -verbose
+
+            Write-Output '::endgroup::'
+      - name: Run PSRule analysis
+        uses: microsoft/[email protected]
+        continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project
+        with:
+          modules: 'PSRule.Rules.Azure'
+          inputPath: '${{ env.modulesPath }}/'
+          outputFormat: Csv
+          outputPath: '${{ env.modulesPath }}/PSRule-output.csv'
+      - name: 'Parse CSV content'
+        uses: azure/powershell@v1
+        with:
+          azPSVersion: 'latest'
+          inlineScript: |
+            # Grouping task logs
+            Write-Output '::group::Parse CSV content'
+
+            # Load used functions
+            . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1')
+
+            # Populate parameter input
+            $ParameterInput = @{
+              inputFilePath           = '${{ env.modulesPath }}/PSRule-output.csv'
+              outputFilePath          = '${{ env.modulesPath }}/PSRule-output.md'
+              skipPassedRulesReport   = $true
+            }
+
+            # Invoke function
+            $null = Set-PSRuleOutput @ParameterInput
+
+            Write-Output '::endgroup::'
+      - name: Output to GitHub job summaries
+        if: always()
+        run: cat '${{ env.modulesPath }}/PSRule-output.md' >> $GITHUB_STEP_SUMMARY