From 173e72cc72a492b065176a3122b41bd97cb86c28 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 19 Sep 2022 13:05:21 +0200 Subject: [PATCH 01/82] linter --- .github/workflows/linter.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 683f0e1c4a..af409cf677 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -27,3 +27,11 @@ jobs: DEFAULT_BRANCH: ${{ github.base_ref }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FILTER_REGEX_EXCLUDE: '[module.tests.ps1|Get\-ModulesAsMarkdownTable.ps1|.*yml]' + + # Analyze repository with PSRule + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + with: + modules: PSRule.Rules.Azure + baseline: Azure.Default From a4b0c10ffcbc32ad26289511109be486fd0213fc Mon Sep 17 00:00:00 2001 From: Elena Batanero <46710322+elbatane@users.noreply.github.com> Date: Mon, 19 Sep 2022 14:51:12 +0200 Subject: [PATCH 02/82] Create ps-rule.yaml (#2066) --- ps-rule.yaml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 ps-rule.yaml diff --git a/ps-rule.yaml b/ps-rule.yaml new file mode 100644 index 0000000000..0e744129d9 --- /dev/null +++ b/ps-rule.yaml @@ -0,0 +1,57 @@ +# +# PSRule for Azure configuration +# + +# Please see the documentation for all configuration options: +# https://aka.ms/ps-rule/options +# https://aka.ms/ps-rule-azure/options + +# Configure binding for local rules. +binding: + preferTargetInfo: true + targetType: + - type + - resourceType + +# Require minimum versions of modules. +requires: + PSRule: '@pre >=2.4.0' + PSRule.Rules.Azure: '@pre >=1.19.2' + +# Use PSRule for Azure. +include: + module: + - PSRule.Rules.Azure + +output: + culture: + - 'en-US' + +input: + pathIgnore: + + # Ignore other files in the repository. + - '.vscode/' + - '.github/' + - '*.md' + + # Exclude modules but not tests. + - 'modules/**/*.bicep' + - '!modules/**/*.test.bicep' + +configuration: + # Enable automatic expansion of Azure parameter files. + AZURE_PARAMETER_FILE_EXPANSION: true + + # Enable automatic expansion of Azure Bicep source files. + AZURE_BICEP_FILE_EXPANSION: true + + # Configures the number of seconds to wait for build Bicep files. + AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 10 + +# Suppression ignores rules for a specific Azure resource by name. +# suppression: +# Azure.KeyVault.Logs: +# - kvtest001 +# Azure.Storage.BlobPublicAccess: +# - sttest001 From dc031fc9ca39380a47d875aea890bf85475e5bfe Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 19 Sep 2022 14:58:15 +0200 Subject: [PATCH 03/82] exclude parameters --- ps-rule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index 0e744129d9..2b4b323671 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -41,7 +41,7 @@ input: configuration: # Enable automatic expansion of Azure parameter files. - AZURE_PARAMETER_FILE_EXPANSION: true + # AZURE_PARAMETER_FILE_EXPANSION: true # Enable automatic expansion of Azure Bicep source files. AZURE_BICEP_FILE_EXPANSION: true From b1533f18c8014d3aa3ad52a150ab94578ba0cb78 Mon Sep 17 00:00:00 2001 From: Karel De Winter <40666689+kareldewinter@users.noreply.github.com> Date: Mon, 19 Sep 2022 17:28:46 +0200 Subject: [PATCH 04/82] [Hackaton] First test for PSRule exclusions on KeyVault (#2067) * Changed KeyVault workflow * Changed inputPath for KeyVault workflow * Comment other steps * Added exclude modules for version.json * Enable custom rules exclusions * Suppression of Azure.Resource.UseTags * Added suppression with namePrefix * Uncomment validation steps --- .github/workflows/ms.keyvault.vaults.yml | 18 +++++++++++ ps-rule.yaml | 40 +++++++++++++----------- 2 files changed, 40 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 248035cc5b..535903f37d 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -81,6 +81,24 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' + job_psrule_test: + name: 'PsRule Analyze repository' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + + # Run analysis by using the PSRule GitHub action. + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{ env.modulePath }}/' + ############################# # Deployment validation # ############################# diff --git a/ps-rule.yaml b/ps-rule.yaml index 0e744129d9..a56f01414c 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -10,8 +10,8 @@ binding: preferTargetInfo: true targetType: - - type - - resourceType + - type + - resourceType # Require minimum versions of modules. requires: @@ -21,27 +21,27 @@ requires: # Use PSRule for Azure. include: module: - - PSRule.Rules.Azure + - PSRule.Rules.Azure output: culture: - - 'en-US' + - 'en-US' input: pathIgnore: + # Ignore other files in the repository. + - '.vscode/' + - '.github/' + - '*.md' - # Ignore other files in the repository. - - '.vscode/' - - '.github/' - - '*.md' - - # Exclude modules but not tests. - - 'modules/**/*.bicep' - - '!modules/**/*.test.bicep' + # Exclude modules but not tests. + - 'modules/**/*.bicep' + - '!modules/**/*.test.bicep' + - 'modules/**/*version.json' configuration: # Enable automatic expansion of Azure parameter files. - AZURE_PARAMETER_FILE_EXPANSION: true + AZURE_PARAMETER_FILE_EXPANSION: false # Enable automatic expansion of Azure Bicep source files. AZURE_BICEP_FILE_EXPANSION: true @@ -49,9 +49,13 @@ configuration: # Configures the number of seconds to wait for build Bicep files. AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 10 +rule: + # Enable custom rules that don't exist in the baseline + includeLocal: false + exclude: + # Ignore the following rules for all resources + - Azure.KeyVault.PurgeProtect # Suppression ignores rules for a specific Azure resource by name. -# suppression: -# Azure.KeyVault.Logs: -# - kvtest001 -# Azure.Storage.BlobPublicAccess: -# - sttest001 +suppression: + Azure.Resource.UseTags: + - <>kvvmin001 From c71f513721782077d2624997963b836dec4ddad2 Mon Sep 17 00:00:00 2001 From: Elena Batanero <46710322+elbatane@users.noreply.github.com> Date: Mon, 19 Sep 2022 17:45:24 +0200 Subject: [PATCH 05/82] [Hackathon] Token replacement for the resource group module (#2068) * Added ps-rule.yaml * testing psrule * fixing typo yml * fixed typo * testing input path * Added token replacement task * Adding Azure login task * checking context * adding write-output * Adding setEnvironmentVariables * Added matrix and needs * Testing inputPath /${{ matrix.moduleTestFilePaths }} * Uncommented workflow Co-authored-by: Elena Batanero Garcia --- .../workflows/ms.resources.resourcegroups.yml | 122 +++++++++++++++++- 1 file changed, 119 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 17916c688f..dd79505e8e 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -81,9 +81,125 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - ############################# - # Deployment validation # - ############################# + job_psrule_test: + name: 'PsRule Analyze repository' + runs-on: ubuntu-latest + needs: + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: Azure Login + uses: Azure/login@v1 + with: + creds: ${{ env.AZURE_CREDENTIALS }} + enable-AzPSSession: true + + # [Token replacement] task(s) + # --------------------------- + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + $parameterFilePath = "" + $customParameterFileTokens = "" + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Get target files + $targetFileList = @($templateFilePath) + if(-not [String]::IsNullOrEmpty($parameterFilePath)) { + $targetFileList += $parameterFilePath + } + + # Get Service Principal Object ID + $context = Get-AzContext + Write-Output 'Checking context' + $context + $servicePrincipalAppId = $context.Account.Id + $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId + $servicePrincipalObjectId = $servicePrincipal.Id + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = $targetFileList + Tokens = @{} + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + # Add enforced tokens + $ConvertTokensInputs.Tokens += @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + # Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $ConvertTokensInputs.Tokens += $tokenMap + + # Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($ConvertTokensInputs.Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $ConvertTokensInputs.Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Add custom tokens (passed in via the pipeline) + if(-not [String]::IsNullOrEmpty($customParameterFileTokens)) { + $customTokens = $customParameterFileTokens| ConvertFrom-Json -AsHashTable + Write-Verbose ('Using custom parameter file tokens [{0}]' -f ($customTokens.Keys -join ', ')) -Verbose + $ConvertTokensInputs.Tokens += $customTokens + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + # Get target files for modules dependencies + $DependencyParameterFilePaths = [System.Collections.ArrayList]@() + $DependencyParameterFolders = Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies') -Recurse -Filter 'parameters' -Directory + foreach ($FolderPath in $DependencyParameterFolders.FullName) { + $DependencyParameterFilePaths += Get-ChildItem -Path $FolderPath -Recurse -Filter '*.json' + } + $ConvertTokensInputs.FilePathList = $DependencyParameterFilePaths + + # Invoke Token Replacement Functionality [For Dependencies] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # Run analysis by using the PSRule GitHub action. + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + with: + modules: 'PSRule.Rules.Azure' + inputPath: 'modules/Microsoft.Resources/resourceGroups/${{ matrix.moduleTestFilePaths }}' + + + ############################ + # Deployment validation # + ############################ job_module_deploy_validation: runs-on: ubuntu-20.04 name: 'Deployment validation' From 9a0a600b6b7811cb3e69694e83281db0201ab17e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 19 Sep 2022 18:26:44 +0200 Subject: [PATCH 06/82] pathIgnore --- ps-rule.yaml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index a56f01414c..92357e437d 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -30,14 +30,21 @@ output: input: pathIgnore: # Ignore other files in the repository. - - '.vscode/' - - '.github/' - - '*.md' + # - '.azuredevops/' + # - '.github/' + # - '.vscode/' + # - 'constructs/' + # - 'docs/' + # - 'utilities' + - '**/*' + # - '*.md' + # # - '!**/.tests/*.bicep' + # Exclude modules but not tests. - - 'modules/**/*.bicep' + # - 'modules/**/*.bicep' - '!modules/**/*.test.bicep' - - 'modules/**/*version.json' + # - 'modules/**/*version.json' configuration: # Enable automatic expansion of Azure parameter files. From 9cc1d1f3dc77befc1c2fbe1839da66b5fcc378dd Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman <44262238+karthikvenkat17@users.noreply.github.com> Date: Tue, 20 Sep 2022 08:45:06 +0100 Subject: [PATCH 07/82] [Hackathon] PSRule addition for VNet resource (#2070) * setting json expansion to false * add psrule to vnet workflow * exclude tagging psrule * custom psrule.yaml per module * typo in psrule.yaml * updated typo in psrule.yaml * uncomment deployment job Co-authored-by: Karthik Venkatraman --- .../workflows/ms.network.virtualnetworks.yml | 34 ++++++++-- .../virtualNetworks/.test/vnet-ps-rule.yaml | 63 +++++++++++++++++++ ps-rule.yaml | 1 + 3 files changed, 92 insertions(+), 6 deletions(-) create mode 100644 modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index dcd2810438..f09c176e38 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -60,6 +60,26 @@ jobs: removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + job_psrule_validation: + runs-on: ubuntu-20.04 + name: 'psrule-validation' + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: Run PSRule analysis + uses: microsoft/ps-rule@main + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{ env.modulePath }}/' + outputFormat: Sarif + option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' + + + ######################### # Static validation # ######################### @@ -81,9 +101,11 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - ############################# - # Deployment validation # - ############################# + + + # ############################# + # # Deployment validation # + # ############################# job_module_deploy_validation: runs-on: ubuntu-20.04 name: 'Deployment validation' @@ -113,9 +135,9 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - ################## - # Publishing # - ################## + # ################## + # # Publishing # + # ################## job_publish_module: name: 'Publishing' if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' diff --git a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml new file mode 100644 index 0000000000..a82192e29f --- /dev/null +++ b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml @@ -0,0 +1,63 @@ +# +# PSRule for Azure configuration +# + +# Please see the documentation for all configuration options: +# https://aka.ms/ps-rule/options +# https://aka.ms/ps-rule-azure/options + +# Configure binding for local rules. +binding: + preferTargetInfo: true + targetType: + - type + - resourceType + +# Require minimum versions of modules. +requires: + PSRule: '@pre >=2.4.0' + PSRule.Rules.Azure: '@pre >=1.19.2' + +# Use PSRule for Azure. +include: + module: + - PSRule.Rules.Azure + +output: + culture: + - 'en-US' + +input: + pathIgnore: + # Ignore other files in the repository. + - '.vscode/' + - '.github/' + - '*.md' + + # Exclude modules but not tests. + - 'modules/**/*.bicep' + - '!modules/**/*.test.bicep' + - 'modules/**/*version.json' + +configuration: + # Enable automatic expansion of Azure parameter files. + AZURE_PARAMETER_FILE_EXPANSION: false + + # Enable automatic expansion of Azure Bicep source files. + AZURE_BICEP_FILE_EXPANSION: true + + # Configures the number of seconds to wait for build Bicep files. + AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 10 + +rule: + # Enable custom rules that don't exist in the baseline + includeLocal: false + exclude: + # Ignore the following rules for all resources + - Azure.Resource.UseTags + +# Suppression ignores rules for a specific Azure resource by name. +#suppression: +# Azure.Resource.UseTags: +# - <>kvvmin001 + diff --git a/ps-rule.yaml b/ps-rule.yaml index a56f01414c..4b24175416 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -55,6 +55,7 @@ rule: exclude: # Ignore the following rules for all resources - Azure.KeyVault.PurgeProtect + # Suppression ignores rules for a specific Azure resource by name. suppression: Azure.Resource.UseTags: From 855f16172ecf8710f4113450a444b7886c2e0359 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 10:55:33 +0200 Subject: [PATCH 08/82] clean up token replacement --- .../workflows/ms.resources.resourcegroups.yml | 182 +++++++++--------- 1 file changed, 91 insertions(+), 91 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index dd79505e8e..ca5e073009 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -91,19 +91,17 @@ jobs: matrix: moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - - name: Checkout uses: actions/checkout@v3 - name: Set environment variables uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: Azure Login - uses: Azure/login@v1 - with: - creds: ${{ env.AZURE_CREDENTIALS }} - enable-AzPSSession: true - + # - name: Azure Login + # uses: Azure/login@v1 + # with: + # creds: ${{ env.AZURE_CREDENTIALS }} + # enable-AzPSSession: true # [Token replacement] task(s) # --------------------------- - name: 'Replace tokens in template file' @@ -112,8 +110,8 @@ jobs: azPSVersion: 'latest' inlineScript: | $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - $parameterFilePath = "" - $customParameterFileTokens = "" + # # $parameterFilePath = "" + # # $customParameterFileTokens = "" # Grouping task logs Write-Output '::group::Replace tokens in template file' @@ -121,22 +119,23 @@ jobs: . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') # Get target files - $targetFileList = @($templateFilePath) - if(-not [String]::IsNullOrEmpty($parameterFilePath)) { - $targetFileList += $parameterFilePath - } + # # $targetFileList = @($templateFilePath) + # # if(-not [String]::IsNullOrEmpty($parameterFilePath)) { + # # $targetFileList += $parameterFilePath + # # } - # Get Service Principal Object ID - $context = Get-AzContext - Write-Output 'Checking context' - $context - $servicePrincipalAppId = $context.Account.Id - $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId - $servicePrincipalObjectId = $servicePrincipal.Id + # # Get Service Principal Object ID + # $context = Get-AzContext + # Write-Output 'Checking context' + # $context + # $servicePrincipalAppId = $context.Account.Id + # $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId + # $servicePrincipalObjectId = $servicePrincipal.Id # Construct Token Function Input $ConvertTokensInputs = @{ - FilePathList = $targetFileList + # # FilePathList = $targetFileList + FilePathList = @($templateFilePath) Tokens = @{} TokenPrefix = '${{ env.tokenPrefix }}' TokenSuffix = '${{ env.tokenSuffix }}' @@ -176,16 +175,16 @@ jobs: # Invoke Token Replacement Functionality [For Module] $null = Convert-TokensInFileList @ConvertTokensInputs - # Get target files for modules dependencies - $DependencyParameterFilePaths = [System.Collections.ArrayList]@() - $DependencyParameterFolders = Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies') -Recurse -Filter 'parameters' -Directory - foreach ($FolderPath in $DependencyParameterFolders.FullName) { - $DependencyParameterFilePaths += Get-ChildItem -Path $FolderPath -Recurse -Filter '*.json' - } - $ConvertTokensInputs.FilePathList = $DependencyParameterFilePaths + # # # Get target files for modules dependencies + # # $DependencyParameterFilePaths = [System.Collections.ArrayList]@() + # # $DependencyParameterFolders = Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies') -Recurse -Filter 'parameters' -Directory + # # foreach ($FolderPath in $DependencyParameterFolders.FullName) { + # # $DependencyParameterFilePaths += Get-ChildItem -Path $FolderPath -Recurse -Filter '*.json' + # # } + # # $ConvertTokensInputs.FilePathList = $DependencyParameterFilePaths - # Invoke Token Replacement Functionality [For Dependencies] - $null = Convert-TokensInFileList @ConvertTokensInputs + # # # Invoke Token Replacement Functionality [For Dependencies] + # # $null = Convert-TokensInFileList @ConvertTokensInputs Write-Output '::endgroup::' @@ -197,65 +196,66 @@ jobs: inputPath: 'modules/Microsoft.Resources/resourceGroups/${{ matrix.moduleTestFilePaths }}' - ############################ - # Deployment validation # - ############################ - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + # ############################ + # # Deployment validation # + # ############################ + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From 81b5a9f872a9896e64df5c0f4526d2780c085187 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 11:44:08 +0200 Subject: [PATCH 09/82] clean up token replacement further --- .github/workflows/ms.resources.resourcegroups.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index ca5e073009..28afe1f969 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -163,12 +163,12 @@ jobs: $ConvertTokensInputs.Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' } - # Add custom tokens (passed in via the pipeline) - if(-not [String]::IsNullOrEmpty($customParameterFileTokens)) { - $customTokens = $customParameterFileTokens| ConvertFrom-Json -AsHashTable - Write-Verbose ('Using custom parameter file tokens [{0}]' -f ($customTokens.Keys -join ', ')) -Verbose - $ConvertTokensInputs.Tokens += $customTokens - } + # # Add custom tokens (passed in via the pipeline) + # if(-not [String]::IsNullOrEmpty($customParameterFileTokens)) { + # $customTokens = $customParameterFileTokens| ConvertFrom-Json -AsHashTable + # Write-Verbose ('Using custom parameter file tokens [{0}]' -f ($customTokens.Keys -join ', ')) -Verbose + # $ConvertTokensInputs.Tokens += $customTokens + # } Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose From 7aa8000c649722bf395596847b01d1d8a976894f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 11:55:09 +0200 Subject: [PATCH 10/82] resize token replacement --- .../workflows/ms.resources.resourcegroups.yml | 55 +++++-------------- 1 file changed, 14 insertions(+), 41 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 28afe1f969..3119d8d7d6 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -110,20 +110,12 @@ jobs: azPSVersion: 'latest' inlineScript: | $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # $parameterFilePath = "" - # # $customParameterFileTokens = "" # Grouping task logs Write-Output '::group::Replace tokens in template file' # Load used functions . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - # Get target files - # # $targetFileList = @($templateFilePath) - # # if(-not [String]::IsNullOrEmpty($parameterFilePath)) { - # # $targetFileList += $parameterFilePath - # # } - # # Get Service Principal Object ID # $context = Get-AzContext # Write-Output 'Checking context' @@ -132,60 +124,41 @@ jobs: # $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId # $servicePrincipalObjectId = $servicePrincipal.Id - # Construct Token Function Input - $ConvertTokensInputs = @{ - # # FilePathList = $targetFileList - FilePathList = @($templateFilePath) - Tokens = @{} - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - # Add enforced tokens - $ConvertTokensInputs.Tokens += @{ + # Polulate tokens + $Tokens = @{ resourceGroupName = '${{ env.resourceGroupName }}' subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' tenantId = '${{ env.ARM_TENANT_ID }}' } - # Add local (source control) tokens + ## Add local (source control) tokens $tokenMap = @{} foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } } Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $ConvertTokensInputs.Tokens += $tokenMap + $Tokens += $tokenMap - # Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($ConvertTokensInputs.Tokens['namePrefix'])){ + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $ConvertTokensInputs.Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' } - # # Add custom tokens (passed in via the pipeline) - # if(-not [String]::IsNullOrEmpty($customParameterFileTokens)) { - # $customTokens = $customParameterFileTokens| ConvertFrom-Json -AsHashTable - # Write-Verbose ('Using custom parameter file tokens [{0}]' -f ($customTokens.Keys -join ', ')) -Verbose - # $ConvertTokensInputs.Tokens += $customTokens - # } + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose # Invoke Token Replacement Functionality [For Module] $null = Convert-TokensInFileList @ConvertTokensInputs - # # # Get target files for modules dependencies - # # $DependencyParameterFilePaths = [System.Collections.ArrayList]@() - # # $DependencyParameterFolders = Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies') -Recurse -Filter 'parameters' -Directory - # # foreach ($FolderPath in $DependencyParameterFolders.FullName) { - # # $DependencyParameterFilePaths += Get-ChildItem -Path $FolderPath -Recurse -Filter '*.json' - # # } - # # $ConvertTokensInputs.FilePathList = $DependencyParameterFilePaths - - # # # Invoke Token Replacement Functionality [For Dependencies] - # # $null = Convert-TokensInFileList @ConvertTokensInputs - Write-Output '::endgroup::' # Run analysis by using the PSRule GitHub action. From f10a381bd9ea2fe6787e269f3dee5aa0ba7e08f3 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman <44262238+karthikvenkat17@users.noreply.github.com> Date: Tue, 20 Sep 2022 11:36:17 +0100 Subject: [PATCH 11/82] [Hackathon] Added suppression group for dependency resources (#2071) * suppress dependancy * comment deployment validation job * add supress yaml * supress yaml poc * rule filter * suppress rule filter * add baseline for suppression * baseline for suppression * filed suppress poc * suppress poc * psrule suppression * Updates to suppression yaml Co-authored-by: Karthik Venkatraman --- .ps-rule/dep-suppress.Rule.yaml | 14 ++++++++++++++ .../virtualNetworks/.test/vnet-ps-rule.yaml | 4 ++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 .ps-rule/dep-suppress.Rule.yaml diff --git a/.ps-rule/dep-suppress.Rule.yaml b/.ps-rule/dep-suppress.Rule.yaml new file mode 100644 index 0000000000..04681c9def --- /dev/null +++ b/.ps-rule/dep-suppress.Rule.yaml @@ -0,0 +1,14 @@ +--- +# Synopsis: Suppress Rules for dependancies +apiVersion: github.com/microsoft/PSRule/v1 +kind: SuppressionGroup +metadata: + name: 'SuppressDependancy' +spec: + if: + name: '.' + startsWith: + - 'dep' + + + \ No newline at end of file diff --git a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml index a82192e29f..589d2ab3b7 100644 --- a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml +++ b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml @@ -58,6 +58,6 @@ rule: # Suppression ignores rules for a specific Azure resource by name. #suppression: -# Azure.Resource.UseTags: -# - <>kvvmin001 +# Azure.Identity.UserAssignedName: +# - 'dep*' From 15ceeaa37f87e954d0748439ce72bb03ad71ba42 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:38:46 +0200 Subject: [PATCH 12/82] typo --- .github/workflows/ms.resources.resourcegroups.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 3119d8d7d6..4b9c15d6dd 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -124,7 +124,7 @@ jobs: # $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId # $servicePrincipalObjectId = $servicePrincipal.Id - # Polulate tokens + # Populate tokens $Tokens = @{ resourceGroupName = '${{ env.resourceGroupName }}' subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' From 153fad882e40c8064d5fc6c19b5a25c4d4a735d4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:47:14 +0200 Subject: [PATCH 13/82] modulePath --- .../workflows/ms.resources.resourcegroups.yml | 22 +++---------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 4b9c15d6dd..9714d72c00 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -82,7 +82,7 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule Analyze repository' + name: 'PsRule in-flight validation' runs-on: ubuntu-latest needs: - job_initialize_pipeline @@ -97,13 +97,6 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - # - name: Azure Login - # uses: Azure/login@v1 - # with: - # creds: ${{ env.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # [Token replacement] task(s) - # --------------------------- - name: 'Replace tokens in template file' uses: azure/powershell@v1 with: @@ -116,14 +109,6 @@ jobs: # Load used functions . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - # # Get Service Principal Object ID - # $context = Get-AzContext - # Write-Output 'Checking context' - # $context - # $servicePrincipalAppId = $context.Account.Id - # $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId - # $servicePrincipalObjectId = $servicePrincipal.Id - # Populate tokens $Tokens = @{ resourceGroupName = '${{ env.resourceGroupName }}' @@ -160,14 +145,13 @@ jobs: $null = Convert-TokensInFileList @ConvertTokensInputs Write-Output '::endgroup::' - # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: 'modules/Microsoft.Resources/resourceGroups/${{ matrix.moduleTestFilePaths }}' - + inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' # ############################ # # Deployment validation # From c0ed856f073c0ffd3b5779103529227b372cfd0f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:52:27 +0200 Subject: [PATCH 14/82] job name --- .github/workflows/ms.resources.resourcegroups.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 9714d72c00..8e6e3a73c2 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -82,7 +82,7 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule in-flight validation' + name: 'PsRule inflight validation' runs-on: ubuntu-latest needs: - job_initialize_pipeline From dea25f8088f8bd2ce2cafe4c7d243cb261ffdf4d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:54:24 +0200 Subject: [PATCH 15/82] no psrule --- .../workflows/ms.resources.resourcegroups.yml | 126 +++++++++--------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 8e6e3a73c2..8a396eb1f5 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -81,77 +81,77 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - job_psrule_test: - name: 'PsRule inflight validation' - runs-on: ubuntu-latest - needs: - - job_initialize_pipeline - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' + # job_psrule_test: + # name: 'PsRule inflight validation' + # runs-on: ubuntu-latest + # needs: + # - job_initialize_pipeline + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: Checkout + # uses: actions/checkout@v3 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } + # # Populate tokens + # $Tokens = @{ + # resourceGroupName = '${{ env.resourceGroupName }}' + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = @($templateFilePath) + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs - Write-Output '::endgroup::' - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' + # Write-Output '::endgroup::' + # # Run analysis by using the PSRule GitHub action. + # - name: Run PSRule analysis + # uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # with: + # modules: 'PSRule.Rules.Azure' + # inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' # ############################ # # Deployment validation # From d2a89d85666ad8215ea7f0beea212dd298e1ee21 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:55:56 +0200 Subject: [PATCH 16/82] no psrule step --- .../workflows/ms.resources.resourcegroups.yml | 143 +++++++++--------- 1 file changed, 72 insertions(+), 71 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 8a396eb1f5..274d7753e0 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -81,77 +81,78 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - # job_psrule_test: - # name: 'PsRule inflight validation' - # runs-on: ubuntu-latest - # needs: - # - job_initialize_pipeline - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - # steps: - # - name: Checkout - # uses: actions/checkout@v3 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' - # # Run analysis by using the PSRule GitHub action. - # - name: Run PSRule analysis - # uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # with: - # modules: 'PSRule.Rules.Azure' - # inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' + job_psrule_test: + name: 'PsRule inflight validation' + runs-on: ubuntu-latest + needs: + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # # Run analysis by using the PSRule GitHub action. + # - name: Run PSRule analysis + # uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # with: + # modules: 'PSRule.Rules.Azure' + # inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' # ############################ # # Deployment validation # From 19cfe714f962aefda8918417dc427b1f7f1155e1 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 12:57:33 +0200 Subject: [PATCH 17/82] fix inputpath --- .github/workflows/ms.resources.resourcegroups.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 274d7753e0..c24891d422 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -146,13 +146,13 @@ jobs: Write-Output '::endgroup::' - # # Run analysis by using the PSRule GitHub action. - # - name: Run PSRule analysis - # uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # with: - # modules: 'PSRule.Rules.Azure' - # inputPath: '${{modulePath}}/${{ matrix.moduleTestFilePaths }}' + # Run analysis by using the PSRule GitHub action. + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{env.modulePath}}/${{ matrix.moduleTestFilePaths }}' # ############################ # # Deployment validation # From 20e405bea37d67321cac2278189faaacbbd7ca4b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:03:32 +0200 Subject: [PATCH 18/82] comment out continue on error option --- .github/workflows/ms.resources.resourcegroups.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index c24891d422..7d399272ec 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -149,7 +149,7 @@ jobs: # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 - continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' inputPath: '${{env.modulePath}}/${{ matrix.moduleTestFilePaths }}' From 4a07c2a078df3235fa04fc85a1e57e87370c22ba Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:11:13 +0200 Subject: [PATCH 19/82] Align KV --- .github/workflows/ms.keyvault.vaults.yml | 184 ++++++++++++------ .../workflows/ms.resources.resourcegroups.yml | 8 +- 2 files changed, 124 insertions(+), 68 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 535903f37d..4af837dbcb 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -82,8 +82,14 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule Analyze repository' + name: 'PsRule inflight validation' runs-on: ubuntu-latest + needs: + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - name: Checkout uses: actions/checkout@v3 @@ -91,73 +97,123 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 7d399272ec..9f7125e256 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -152,11 +152,11 @@ jobs: # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{env.modulePath}}/${{ matrix.moduleTestFilePaths }}' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # ############################ - # # Deployment validation # - # ############################ + # ############################# + # # Deployment validation # + # ############################# # job_module_deploy_validation: # runs-on: ubuntu-20.04 # name: 'Deployment validation' From 589d70464205f297159b2193b73a0d3a039b4615 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:14:47 +0200 Subject: [PATCH 20/82] kv no psrule --- .github/workflows/ms.keyvault.vaults.yml | 120 +++++++++++------------ 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 4af837dbcb..5c182dad91 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -93,66 +93,66 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' - - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' + + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # # Populate tokens + # $Tokens = @{ + # resourceGroupName = '${{ env.resourceGroupName }}' + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } + + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap + + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } + + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = @($templateFilePath) + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } + + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs + + # Write-Output '::endgroup::' + + # # Run analysis by using the PSRule GitHub action. + # - name: Run PSRule analysis + # uses: microsoft/ps-rule@v2.4.0 + # # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # with: + # modules: 'PSRule.Rules.Azure' + # inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' # ############################# # # Deployment validation # From 0b6c7ad4b2c0cb8dcaac02237ea35ea2b42fa519 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:16:23 +0200 Subject: [PATCH 21/82] replace --- .github/workflows/ms.keyvault.vaults.yml | 104 +++++++++++------------ 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 5c182dad91..88ff8748f5 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -93,58 +93,58 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' # # Run analysis by using the PSRule GitHub action. # - name: Run PSRule analysis From 393bfb54dd0ed9c81a74ea734c925eb228f0b952 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:18:22 +0200 Subject: [PATCH 22/82] no replace --- .github/workflows/ms.keyvault.vaults.yml | 96 ++++++++++++------------ 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 88ff8748f5..ee7cb005dd 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -97,54 +97,54 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' + + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # # Populate tokens + # $Tokens = @{ + # resourceGroupName = '${{ env.resourceGroupName }}' + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } + + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap + + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } + + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = @($templateFilePath) + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } + + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs + + # Write-Output '::endgroup::' # # Run analysis by using the PSRule GitHub action. # - name: Run PSRule analysis From 16fab3698a20d0aa55a16135c743adf67d859cff Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:19:05 +0200 Subject: [PATCH 23/82] replace 1 --- .github/workflows/ms.keyvault.vaults.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index ee7cb005dd..1d2f5440d1 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -97,14 +97,14 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' # # Load used functions # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') From 75f8b6cb1336032bef553f4b60d5578e6c5f774b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:21:38 +0200 Subject: [PATCH 24/82] indent --- .github/workflows/ms.keyvault.vaults.yml | 112 +++++++++++------------ 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 1d2f5440d1..19c89f5d5a 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -97,62 +97,62 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' - - # # Run analysis by using the PSRule GitHub action. - # - name: Run PSRule analysis - # uses: microsoft/ps-rule@v2.4.0 - # # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # with: - # modules: 'PSRule.Rules.Azure' - # inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # Run analysis by using the PSRule GitHub action. + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' # ############################# # # Deployment validation # From 5c417dbfdfffa0285698bb08a0a04d7e7be2703d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:26:44 +0200 Subject: [PATCH 25/82] align vnet --- .../workflows/ms.network.virtualnetworks.yml | 92 +++++++++++++++++-- 1 file changed, 84 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index f09c176e38..b575293cc0 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -60,26 +60,102 @@ jobs: removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} - job_psrule_validation: + ######################### + # Static validation # + ######################### + job_module_pester_validation: runs-on: ubuntu-20.04 - name: 'psrule-validation' + name: 'Static validation' steps: - - name: Checkout + - name: 'Checkout' uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' + moduleTestFilePath: '${{ env.moduleTestFilePath }}' + + job_psrule_test: + name: 'PsRule inflight validation' + runs-on: ubuntu-latest + needs: + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: Checkout + uses: actions/checkout@v3 - name: Set environment variables uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis - uses: microsoft/ps-rule@main + uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' outputFormat: Sarif option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - - ######################### # Static validation # ######################### @@ -101,7 +177,7 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - + # ############################# # # Deployment validation # From 09a730f1fb144b963daca64a279246868a279dd4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:29:07 +0200 Subject: [PATCH 26/82] align vnet and enable deployment --- .github/workflows/ms.keyvault.vaults.yml | 126 +++++++++--------- .../workflows/ms.network.virtualnetworks.yml | 36 +---- .../workflows/ms.resources.resourcegroups.yml | 126 +++++++++--------- 3 files changed, 133 insertions(+), 155 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 19c89f5d5a..b59a7022de 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -154,66 +154,66 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # ############################# - # # Deployment validation # - # ############################# - # job_module_deploy_validation: - # runs-on: ubuntu-20.04 - # name: 'Deployment validation' - # needs: - # - job_initialize_pipeline - # - job_module_pester_validation - # - job_psrule_test - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # location: '${{ env.location }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - # ################## - # # Publishing # - # ################## - # job_publish_module: - # name: 'Publishing' - # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - # runs-on: ubuntu-20.04 - # needs: - # - job_module_deploy_validation - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Publishing' - # uses: ./.github/actions/templates/publishModule - # with: - # templateFilePath: '${{ env.modulePath }}/deploy.bicep' - # templateSpecsRGName: '${{ env.templateSpecsRGName }}' - # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - # templateSpecsDescription: '${{ env.templateSpecsDescription }}' - # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - # bicepRegistryName: '${{ env.bicepRegistryName }}' - # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + - job_psrule_test + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index b575293cc0..36fd81746c 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -156,38 +156,16 @@ jobs: outputFormat: Sarif option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - ######################### - # Static validation # - ######################### - job_module_pester_validation: - runs-on: ubuntu-20.04 - name: 'Static validation' - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ env.modulePath }}' - moduleTestFilePath: '${{ env.moduleTestFilePath }}' - - - - # ############################# - # # Deployment validation # - # ############################# + ############################# + # Deployment validation # + ############################# job_module_deploy_validation: runs-on: ubuntu-20.04 name: 'Deployment validation' needs: - job_initialize_pipeline - job_module_pester_validation + - job_psrule_test strategy: fail-fast: false matrix: @@ -211,9 +189,9 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - # ################## - # # Publishing # - # ################## + ################## + # Publishing # + ################## job_publish_module: name: 'Publishing' if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 9f7125e256..30050f14c0 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -154,66 +154,66 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # ############################# - # # Deployment validation # - # ############################# - # job_module_deploy_validation: - # runs-on: ubuntu-20.04 - # name: 'Deployment validation' - # needs: - # - job_initialize_pipeline - # - job_module_pester_validation - # - job_psrule_test - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # location: '${{ env.location }}' - # resourceGroupName: '${{ env.resourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - # ################## - # # Publishing # - # ################## - # job_publish_module: - # name: 'Publishing' - # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - # runs-on: ubuntu-20.04 - # needs: - # - job_module_deploy_validation - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Publishing' - # uses: ./.github/actions/templates/publishModule - # with: - # templateFilePath: '${{ env.modulePath }}/deploy.bicep' - # templateSpecsRGName: '${{ env.templateSpecsRGName }}' - # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - # templateSpecsDescription: '${{ env.templateSpecsDescription }}' - # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - # bicepRegistryName: '${{ env.bicepRegistryName }}' - # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + - job_psrule_test + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From fd465281ec4786bdbb12bf71af48fc481bc2a56b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:31:35 +0200 Subject: [PATCH 27/82] linter test removed --- .github/workflows/linter.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index af409cf677..683f0e1c4a 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -27,11 +27,3 @@ jobs: DEFAULT_BRANCH: ${{ github.base_ref }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FILTER_REGEX_EXCLUDE: '[module.tests.ps1|Get\-ModulesAsMarkdownTable.ps1|.*yml]' - - # Analyze repository with PSRule - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: PSRule.Rules.Azure - baseline: Azure.Default From e919e8b4b5f9ae6aa10ee03b890a23c22dc29e90 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:33:23 +0200 Subject: [PATCH 28/82] psrule back --- ps-rule.yaml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index 406b6355b5..a0dbe090f4 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -30,21 +30,14 @@ output: input: pathIgnore: # Ignore other files in the repository. - # - '.azuredevops/' - # - '.github/' - # - '.vscode/' - # - 'constructs/' - # - 'docs/' - # - 'utilities' - - '**/*' - # - '*.md' - # # - '!**/.tests/*.bicep' - + - '.vscode/' + - '.github/' + - '*.md' # Exclude modules but not tests. - # - 'modules/**/*.bicep' + - 'modules/**/*.bicep' - '!modules/**/*.test.bicep' - # - 'modules/**/*version.json' + - 'modules/**/*version.json' configuration: # Enable automatic expansion of Azure parameter files. @@ -62,7 +55,7 @@ rule: exclude: # Ignore the following rules for all resources - Azure.KeyVault.PurgeProtect - + # Suppression ignores rules for a specific Azure resource by name. suppression: Azure.Resource.UseTags: From b91e86c487c67dfd6ce3e2b425d08f3ac1adacde Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 13:36:22 +0200 Subject: [PATCH 29/82] vnet no deploy --- .../workflows/ms.network.virtualnetworks.yml | 120 +++++++++--------- 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 36fd81746c..5ff87b325b 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -159,63 +159,63 @@ jobs: ############################# # Deployment validation # ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - - job_psrule_test - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From 7a202b3f20fba622dcc62fd1bda60205daf51d09 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 20 Sep 2022 14:01:54 +0200 Subject: [PATCH 30/82] comment deployment --- .github/workflows/ms.keyvault.vaults.yml | 126 +++++++++--------- .../workflows/ms.network.virtualnetworks.yml | 6 +- .../workflows/ms.resources.resourcegroups.yml | 126 +++++++++--------- 3 files changed, 129 insertions(+), 129 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index b59a7022de..19c89f5d5a 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -154,66 +154,66 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - - job_psrule_test - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 5ff87b325b..7a7feeeeb8 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -156,9 +156,9 @@ jobs: outputFormat: Sarif option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - ############################# - # Deployment validation # - ############################# + # ############################# + # # Deployment validation # + # ############################# # job_module_deploy_validation: # runs-on: ubuntu-20.04 # name: 'Deployment validation' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 30050f14c0..9f7125e256 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -154,66 +154,66 @@ jobs: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - - job_psrule_test - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' From 04924d574db799fc11bc57e70b211ed02c9223a4 Mon Sep 17 00:00:00 2001 From: Erika Gressi <56914614+eriqua@users.noreply.github.com> Date: Tue, 20 Sep 2022 14:29:33 +0200 Subject: [PATCH 31/82] [Hackaton] Align 3 module workflows to use PSRule test matrix (#2065) * linter * exclude parameters * pathIgnore * clean up token replacement * clean up token replacement further * resize token replacement * typo * modulePath * job name * no psrule * no psrule step * fix inputpath * comment out continue on error option * Align KV * kv no psrule * replace * no replace * replace 1 * indent * align vnet * align vnet and enable deployment * linter test removed * psrule back * vnet no deploy * comment deployment --- .github/workflows/ms.keyvault.vaults.yml | 184 ++++++++++------ .../workflows/ms.network.virtualnetworks.yml | 192 +++++++++++------ .../workflows/ms.resources.resourcegroups.yml | 202 +++++++----------- ps-rule.yaml | 2 +- 4 files changed, 324 insertions(+), 256 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 535903f37d..19c89f5d5a 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -82,8 +82,14 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule Analyze repository' + name: 'PsRule inflight validation' runs-on: ubuntu-latest + needs: + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - name: Checkout uses: actions/checkout@v3 @@ -91,73 +97,123 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index f09c176e38..7a7feeeeb8 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -60,26 +60,6 @@ jobs: removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} - job_psrule_validation: - runs-on: ubuntu-20.04 - name: 'psrule-validation' - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: Run PSRule analysis - uses: microsoft/ps-rule@main - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/' - outputFormat: Sarif - option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - - - ######################### # Static validation # ######################### @@ -101,67 +81,141 @@ jobs: modulePath: '${{ env.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' - - - # ############################# - # # Deployment validation # - # ############################# - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' + job_psrule_test: + name: 'PsRule inflight validation' + runs-on: ubuntu-latest needs: - - job_initialize_pipeline - - job_module_pester_validation + - job_initialize_pipeline strategy: fail-fast: false matrix: moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 + - name: Checkout + uses: actions/checkout@v3 - name: Set environment variables uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # Run analysis by using the PSRule GitHub action. + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + outputFormat: Sarif + option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' + + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' # ################## # # Publishing # # ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index dd79505e8e..9f7125e256 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -82,7 +82,7 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule Analyze repository' + name: 'PsRule inflight validation' runs-on: ubuntu-latest needs: - job_initialize_pipeline @@ -91,84 +91,52 @@ jobs: matrix: moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - - name: Checkout uses: actions/checkout@v3 - name: Set environment variables uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: Azure Login - uses: Azure/login@v1 - with: - creds: ${{ env.AZURE_CREDENTIALS }} - enable-AzPSSession: true - - # [Token replacement] task(s) - # --------------------------- - name: 'Replace tokens in template file' uses: azure/powershell@v1 with: azPSVersion: 'latest' inlineScript: | $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - $parameterFilePath = "" - $customParameterFileTokens = "" # Grouping task logs Write-Output '::group::Replace tokens in template file' # Load used functions . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - # Get target files - $targetFileList = @($templateFilePath) - if(-not [String]::IsNullOrEmpty($parameterFilePath)) { - $targetFileList += $parameterFilePath - } - - # Get Service Principal Object ID - $context = Get-AzContext - Write-Output 'Checking context' - $context - $servicePrincipalAppId = $context.Account.Id - $servicePrincipal = Get-AzADServicePrincipal -ApplicationId $servicePrincipalAppId - $servicePrincipalObjectId = $servicePrincipal.Id - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = $targetFileList - Tokens = @{} - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - # Add enforced tokens - $ConvertTokensInputs.Tokens += @{ + # Populate tokens + $Tokens = @{ resourceGroupName = '${{ env.resourceGroupName }}' subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' tenantId = '${{ env.ARM_TENANT_ID }}' } - # Add local (source control) tokens + ## Add local (source control) tokens $tokenMap = @{} foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } } Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $ConvertTokensInputs.Tokens += $tokenMap + $Tokens += $tokenMap - # Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($ConvertTokensInputs.Tokens['namePrefix'])){ + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $ConvertTokensInputs.Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' } - # Add custom tokens (passed in via the pipeline) - if(-not [String]::IsNullOrEmpty($customParameterFileTokens)) { - $customTokens = $customParameterFileTokens| ConvertFrom-Json -AsHashTable - Write-Verbose ('Using custom parameter file tokens [{0}]' -f ($customTokens.Keys -join ', ')) -Verbose - $ConvertTokensInputs.Tokens += $customTokens + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' } Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose @@ -176,86 +144,76 @@ jobs: # Invoke Token Replacement Functionality [For Module] $null = Convert-TokensInFileList @ConvertTokensInputs - # Get target files for modules dependencies - $DependencyParameterFilePaths = [System.Collections.ArrayList]@() - $DependencyParameterFolders = Get-ChildItem -Path (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies') -Recurse -Filter 'parameters' -Directory - foreach ($FolderPath in $DependencyParameterFolders.FullName) { - $DependencyParameterFilePaths += Get-ChildItem -Path $FolderPath -Recurse -Filter '*.json' - } - $ConvertTokensInputs.FilePathList = $DependencyParameterFilePaths - - # Invoke Token Replacement Functionality [For Dependencies] - $null = Convert-TokensInFileList @ConvertTokensInputs - Write-Output '::endgroup::' # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: 'modules/Microsoft.Resources/resourceGroups/${{ matrix.moduleTestFilePaths }}' - - - ############################ - # Deployment validation # - ############################ - job_module_deploy_validation: - runs-on: ubuntu-20.04 - name: 'Deployment validation' - needs: - - job_initialize_pipeline - - job_module_pester_validation - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' - - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' - runs-on: ubuntu-20.04 - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # runs-on: ubuntu-20.04 + # name: 'Deployment validation' + # needs: + # - job_initialize_pipeline + # - job_module_pester_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # resourceGroupName: '${{ env.resourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + # runs-on: ubuntu-20.04 + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ env.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/ps-rule.yaml b/ps-rule.yaml index 4b24175416..a0dbe090f4 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -55,7 +55,7 @@ rule: exclude: # Ignore the following rules for all resources - Azure.KeyVault.PurgeProtect - + # Suppression ignores rules for a specific Azure resource by name. suppression: Azure.Resource.UseTags: From 5c737f106c11f948b64132c8f16ac5a071262af4 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman <44262238+karthikvenkat17@users.noreply.github.com> Date: Tue, 20 Sep 2022 16:27:39 +0100 Subject: [PATCH 32/82] [Hackathon] PSRule output in markdown (#2072) * output formatting * psrule output summary * output summary psrule * xml output * markdown output * publish output always * adding output to github summary * filter psrule outcome * psrul outcome env * outcome filter psrule * outcome filter psrule * output summary filter psrule * output to file psrule * adding output github summary Co-authored-by: Karthik Venkatraman --- .github/workflows/ms.network.virtualnetworks.yml | 14 +++++++++++++- .../virtualNetworks/.test/vnet-ps-rule.yaml | 3 +++ ps-rule.yaml | 1 + 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 7a7feeeeb8..ffc885a1bc 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -34,6 +34,7 @@ env: ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}' + jobs: ########################### # Initialize pipeline # @@ -153,8 +154,19 @@ jobs: with: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - outputFormat: Sarif + outputFormat: Markdown + outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' + + # - name: 'PSRule test summary' + # uses: EnricoMi/publish-unit-test-result-action@v1 + # if: always() + # with: + # files: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.xml' + + - name: Output to Github summaries + if: always() + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY # ############################# # # Deployment validation # diff --git a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml index 589d2ab3b7..7012418c3c 100644 --- a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml +++ b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml @@ -26,6 +26,9 @@ include: output: culture: - 'en-US' + outcome: 'Fail' + as: 'Summary' + input: pathIgnore: diff --git a/ps-rule.yaml b/ps-rule.yaml index a0dbe090f4..151c9a2173 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -27,6 +27,7 @@ output: culture: - 'en-US' + input: pathIgnore: # Ignore other files in the repository. From b9c0b5a445775652df92bace12e05c4f09cf0c9b Mon Sep 17 00:00:00 2001 From: elisa anzelmo Date: Wed, 21 Sep 2022 11:21:10 +0200 Subject: [PATCH 33/82] [Hackaton] Psrule output on csv format with detailed results (#2089) * select xml output with summary * outout format as json * json without summary * no outcome, summary on output md * no outcome filter, summaery on, markdown * no summary, no outcome, markdown * output csv, detail * output csv, summary, no outcome * wide format, no summarized, no outcome * no summary, no outcome, output yaml * csv + details - no outcome and no summary --- .github/workflows/ms.keyvault.vaults.yml | 2 +- .github/workflows/ms.network.virtualnetworks.yml | 14 +++++++++----- .github/workflows/ms.resources.resourcegroups.yml | 2 +- .../virtualNetworks/.test/vnet-ps-rule.yaml | 6 +++--- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 19c89f5d5a..ece5a08f75 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -82,7 +82,7 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule inflight validation' + name: 'PsRule pre-flight validation' runs-on: ubuntu-latest needs: - job_initialize_pipeline diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index ffc885a1bc..905e8915e0 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -83,7 +83,7 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule inflight validation' + name: 'PsRule pre-flight validation' runs-on: ubuntu-latest needs: - job_initialize_pipeline @@ -154,10 +154,14 @@ jobs: with: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - outputFormat: Markdown - outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' + outputFormat: Csv + outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - + + - name: Output to Github Logs + if: always() + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + # - name: 'PSRule test summary' # uses: EnricoMi/publish-unit-test-result-action@v1 # if: always() @@ -166,7 +170,7 @@ jobs: - name: Output to Github summaries if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' >> $GITHUB_STEP_SUMMARY # ############################# # # Deployment validation # diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 9f7125e256..c1bb79b548 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -82,7 +82,7 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' job_psrule_test: - name: 'PsRule inflight validation' + name: 'PsRule pre-flight validation' runs-on: ubuntu-latest needs: - job_initialize_pipeline diff --git a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml index 7012418c3c..e36dc447ac 100644 --- a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml +++ b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml @@ -26,9 +26,9 @@ include: output: culture: - 'en-US' - outcome: 'Fail' - as: 'Summary' - + #outcome: 'Fail' + #as: 'Summary' + input: pathIgnore: From f16b43288859f85a3f5d699020f9a8250438967d Mon Sep 17 00:00:00 2001 From: elisa anzelmo Date: Wed, 21 Sep 2022 14:37:49 +0200 Subject: [PATCH 34/82] [Hackaton] csv output on Keyvault module (#2091) * kv summart csv no outcome * print summary * outcome all, format csv as summary * csv detailed all * csv all detail execution supresswaring * rull.pass log information * empty options with summary on * csv test --- .github/workflows/ms.keyvault.vaults.yml | 116 ++++++++++++----------- ps-rule.yaml | 11 ++- 2 files changed, 71 insertions(+), 56 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index ece5a08f75..d6ec346e70 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -86,10 +86,10 @@ jobs: runs-on: ubuntu-latest needs: - job_initialize_pipeline - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - name: Checkout uses: actions/checkout@v3 @@ -97,54 +97,54 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' + + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # # Populate tokens + # $Tokens = @{ + # resourceGroupName = '${{ env.resourceGroupName }}' + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } + + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap + + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } + + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = @($templateFilePath) + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } + + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs + + # Write-Output '::endgroup::' # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis @@ -152,7 +152,17 @@ jobs: # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + inputPath: '${{ env.modulePath }}/' + outputFormat: Csv + outputPath: '${{ env.modulePath }}-output.csv' + + - name: Output to Github Logs + if: always() + run: cat '${{ env.modulePath }}-output.csv' + + - name: Output to Github summaries + if: always() + run: cat '${{ env.modulePath }}-output.csv' >> $GITHUB_STEP_SUMMARY # ############################# # # Deployment validation # diff --git a/ps-rule.yaml b/ps-rule.yaml index 151c9a2173..0a1e9f91b7 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -23,9 +23,14 @@ include: module: - PSRule.Rules.Azure +execution: + suppressedRuleWarning: false + output: culture: - 'en-US' + outcome: 'All' + #as: 'Summary' input: @@ -58,6 +63,6 @@ rule: - Azure.KeyVault.PurgeProtect # Suppression ignores rules for a specific Azure resource by name. -suppression: - Azure.Resource.UseTags: - - <>kvvmin001 +# suppression: +# Azure.Resource.UseTags: +# - <>kvvmin001 From 16971bd48e9ce6ed364edf31676982b3783c9d7a Mon Sep 17 00:00:00 2001 From: Elena Batanero <46710322+elbatane@users.noreply.github.com> Date: Wed, 21 Sep 2022 17:44:38 +0200 Subject: [PATCH 35/82] [Hackathon] Set PSRule output script (#2093) * suppress dependancy * comment deployment validation job * add supress yaml * supress yaml poc * rule filter * suppress rule filter * add baseline for suppression * baseline for suppression * TEsting supressiongroup * testing supressSelector * testing supression group * Create test.md * Update test.md * Added csv to md powershell script and results * Updated md * Delete test.md * Updates to PSRule output script * PS output script changes * Putting the virtualnetworks workflow back from hack/topic6 * removed output md and csv * removing baseline Co-authored-by: Karthik Venkatraman Co-authored-by: Elena Batanero Garcia --- .../workflows/ms.network.virtualnetworks.yml | 7 +- .ps-rule/dep-suppress.Rule.yaml | 7 +- .../virtualNetworks/.test/vnet-ps-rule.yaml | 2 - .../PSRuleValidation/Set-PSRuleOutput.ps1 | 118 ++++++++++++++++++ 4 files changed, 123 insertions(+), 11 deletions(-) create mode 100644 utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 905e8915e0..b29dcaffcf 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -34,7 +34,6 @@ env: ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}' - jobs: ########################### # Initialize pipeline # @@ -86,7 +85,7 @@ jobs: name: 'PsRule pre-flight validation' runs-on: ubuntu-latest needs: - - job_initialize_pipeline + - job_initialize_pipeline strategy: fail-fast: false matrix: @@ -160,7 +159,7 @@ jobs: - name: Output to Github Logs if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' # - name: 'PSRule test summary' # uses: EnricoMi/publish-unit-test-result-action@v1 @@ -170,7 +169,7 @@ jobs: - name: Output to Github summaries if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' >> $GITHUB_STEP_SUMMARY + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' >> $GITHUB_STEP_SUMMARY # ############################# # # Deployment validation # diff --git a/.ps-rule/dep-suppress.Rule.yaml b/.ps-rule/dep-suppress.Rule.yaml index 04681c9def..0eedcfb968 100644 --- a/.ps-rule/dep-suppress.Rule.yaml +++ b/.ps-rule/dep-suppress.Rule.yaml @@ -7,8 +7,5 @@ metadata: spec: if: name: '.' - startsWith: - - 'dep' - - - \ No newline at end of file + startsWith: + - 'dep' diff --git a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml index e36dc447ac..c88663641a 100644 --- a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml +++ b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml @@ -29,7 +29,6 @@ output: #outcome: 'Fail' #as: 'Summary' - input: pathIgnore: # Ignore other files in the repository. @@ -58,7 +57,6 @@ rule: exclude: # Ignore the following rules for all resources - Azure.Resource.UseTags - # Suppression ignores rules for a specific Azure resource by name. #suppression: # Azure.Identity.UserAssignedName: diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 new file mode 100644 index 0000000000..36af10e843 --- /dev/null +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -0,0 +1,118 @@ +function Set-PSRuleOutput { + [CmdletBinding(SupportsShouldProcess)] + param ( + [Parameter(Mandatory)] + [String] $inputFilePath, + + [Parameter(Mandatory = $false)] + [string] $outputFilePath = './output.md' + ) + + # Import CSV output and filter by results + + $results = Import-Csv -Path $inputFilePath + + $passedRules = @() + $failedRules = @() + + $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } + $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } + + + #Create Summary table + + $headerTable = [System.Collections.ArrayList]@( + '# Output Summary ', + '', + '| Total No. of Rules Processed | Rules Passed :white_check_mark: | Rules Failed :x: |', + '| :-- | :-- | :-- |' + ) + + $headerTable += ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count) + $headerTable += [System.Collections.ArrayList]@( + '') + + # Create markdown file with header table + Out-File -FilePath $outputFilePath -NoClobber -InputObject $headerTable + + + if ($failedRules.Count -gt 0) { + + #Create Failing table + + $failContent = [System.Collections.ArrayList]@( + '# Rules Failed', + '', + '| RuleName | TargetName | Synopsis |', + '| :-- | :-- | :-- |' + ) + + foreach ($content in $failedRules ) { + # Shorten the target name for deployment resoure type + if ($content.TargetType -eq 'Microsoft.Resources/deployments') { + $content.TargetName = $content.TargetName.replace('/home/runner/work/ResourceModules/ResourceModules/modules/', '') + } + + # Build hyperlinks to PSrule documentation for the rules + $TemplatesBaseUrl = 'https://azure.github.io/PSRule.Rules.Azure/en/rules' + try { + $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName + $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl + $resourceLink = "[" + $content.RuleName + "](" + $PSRuleReferenceUrl + ")" + } + catch { + Write-Warning "Unable to build url for $content.RuleName" + $resourceLink = $content.RuleName + } + $failContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) + + } + #Append markdown with failed rules table + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent + } + + # Create Passing table + if ($passedRules.Count -gt 0) { + + $passContent = [System.Collections.ArrayList]@( + '# Rules Passed', + '', + '| RuleName | TargetName | Synopsis |', + '| :-- | :-- | :-- |' + ) + + foreach ($content in $passedRules ) { + # Shorten the target name for deployment resoure type + if ($content.TargetType -eq 'Microsoft.Resources/deployments') { + $content.TargetName = $content.TargetName.replace('/home/runner/work/ResourceModules/ResourceModules/modules/', '') + } + + # Build hyperlinks to PSrule documentation for the rules + $TemplatesBaseUrl = 'https://azure.github.io/PSRule.Rules.Azure/en/rules' + try { + $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName + $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl + $resourceLink = "[" + $content.RuleName + "](" + $PSRuleReferenceUrl + ")" + } + catch { + Write-Warning "Unable to build url for $content.RuleName" + $resourceLink = $content.RuleName + } + + $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) + + } + + $passContent += [System.Collections.ArrayList]@( + '') + + #Append markdown with passed rules table + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent + + } + + +} + + + From bca177c0409cd08b71c33b6651f7b720571ab101 Mon Sep 17 00:00:00 2001 From: elisa anzelmo Date: Thu, 22 Sep 2022 10:12:32 +0200 Subject: [PATCH 36/82] [Hackaton] Added PSRule Output to job summary (#2110) * Create ps-rule.yaml (#2066) * [Hackaton] First test for PSRule exclusions on KeyVault (#2067) * Changed KeyVault workflow * Changed inputPath for KeyVault workflow * Comment other steps * Added exclude modules for version.json * Enable custom rules exclusions * Suppression of Azure.Resource.UseTags * Added suppression with namePrefix * Uncomment validation steps * [Hackathon] Token replacement for the resource group module (#2068) * Added ps-rule.yaml * testing psrule * fixing typo yml * fixed typo * testing input path * Added token replacement task * Adding Azure login task * checking context * adding write-output * Adding setEnvironmentVariables * Added matrix and needs * Testing inputPath /${{ matrix.moduleTestFilePaths }} * Uncommented workflow Co-authored-by: Elena Batanero Garcia * [Hackathon] PSRule addition for VNet resource (#2070) * setting json expansion to false * add psrule to vnet workflow * exclude tagging psrule * custom psrule.yaml per module * typo in psrule.yaml * updated typo in psrule.yaml * uncomment deployment job Co-authored-by: Karthik Venkatraman * [Hackathon] Added suppression group for dependency resources (#2071) * suppress dependancy * comment deployment validation job * add supress yaml * supress yaml poc * rule filter * suppress rule filter * add baseline for suppression * baseline for suppression * filed suppress poc * suppress poc * psrule suppression * Updates to suppression yaml Co-authored-by: Karthik Venkatraman * [Hackaton] Align 3 module workflows to use PSRule test matrix (#2065) * linter * exclude parameters * pathIgnore * clean up token replacement * clean up token replacement further * resize token replacement * typo * modulePath * job name * no psrule * no psrule step * fix inputpath * comment out continue on error option * Align KV * kv no psrule * replace * no replace * replace 1 * indent * align vnet * align vnet and enable deployment * linter test removed * psrule back * vnet no deploy * comment deployment * [Hackathon] PSRule output in markdown (#2072) * output formatting * psrule output summary * output summary psrule * xml output * markdown output * publish output always * adding output to github summary * filter psrule outcome * psrul outcome env * outcome filter psrule * outcome filter psrule * output summary filter psrule * output to file psrule * adding output github summary Co-authored-by: Karthik Venkatraman * [Hackaton] Psrule output on csv format with detailed results (#2089) * select xml output with summary * outout format as json * json without summary * no outcome, summary on output md * no outcome filter, summaery on, markdown * no summary, no outcome, markdown * output csv, detail * output csv, summary, no outcome * wide format, no summarized, no outcome * no summary, no outcome, output yaml * csv + details - no outcome and no summary * [Hackaton] csv output on Keyvault module (#2091) * kv summart csv no outcome * print summary * outcome all, format csv as summary * csv detailed all * csv all detail execution supresswaring * rull.pass log information * empty options with summary on * csv test * [Hackathon] Set PSRule output script (#2093) * suppress dependancy * comment deployment validation job * add supress yaml * supress yaml poc * rule filter * suppress rule filter * add baseline for suppression * baseline for suppression * TEsting supressiongroup * testing supressSelector * testing supression group * Create test.md * Update test.md * Added csv to md powershell script and results * Updated md * Delete test.md * Updates to PSRule output script * PS output script changes * Putting the virtualnetworks workflow back from hack/topic6 * removed output md and csv * removing baseline Co-authored-by: Karthik Venkatraman Co-authored-by: Elena Batanero Garcia * psoutput from workflow * suppressed warnings * added summary markdown * addedd summary mkd for pass rules * updated failing title Co-authored-by: Elena Batanero <46710322+elbatane@users.noreply.github.com> Co-authored-by: Karel De Winter <40666689+kareldewinter@users.noreply.github.com> Co-authored-by: Elena Batanero Garcia Co-authored-by: Karthik Venkatraman <44262238+karthikvenkat17@users.noreply.github.com> Co-authored-by: Karthik Venkatraman Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../workflows/ms.network.virtualnetworks.yml | 31 +++++++++++---- .../virtualNetworks/.test/vnet-ps-rule.yaml | 3 ++ .../PSRuleValidation/Set-PSRuleOutput.ps1 | 39 ++++++++++++------- 3 files changed, 51 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index b29dcaffcf..2fd94c7e7e 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -157,19 +157,34 @@ jobs: outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - - name: Output to Github Logs + - name: 'Set PSRule Output' if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + # Grouping task logs + Write-Output '::group::Setting Output' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') - # - name: 'PSRule test summary' - # uses: EnricoMi/publish-unit-test-result-action@v1 - # if: always() - # with: - # files: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.xml' + # Populate tokens + $Input = @{ + inputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + outputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' + } + + Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Set PSRule Output Functionality + $null = Set-PSRuleOutput @Input + + Write-Output '::endgroup::' - name: Output to Github summaries if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' >> $GITHUB_STEP_SUMMARY + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY # ############################# # # Deployment validation # diff --git a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml index c88663641a..5b96b4abf4 100644 --- a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml +++ b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml @@ -23,6 +23,9 @@ include: module: - PSRule.Rules.Azure +execution: + suppressedRuleWarning: false + output: culture: - 'en-US' diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index 36af10e843..be9e296736 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -39,14 +39,17 @@ if ($failedRules.Count -gt 0) { #Create Failing table - + $failContent = [System.Collections.ArrayList]@( '# Rules Failed', '', + '
', + 'Rules Failed', + '', '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' ) - + foreach ($content in $failedRules ) { # Shorten the target name for deployment resoure type if ($content.TargetType -eq 'Microsoft.Resources/deployments') { @@ -58,15 +61,19 @@ try { $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl - $resourceLink = "[" + $content.RuleName + "](" + $PSRuleReferenceUrl + ")" - } - catch { + $resourceLink = '[' + $content.RuleName + '](' + $PSRuleReferenceUrl + ')' + } catch { Write-Warning "Unable to build url for $content.RuleName" $resourceLink = $content.RuleName } $failContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) - + } + $failContent += [System.Collections.ArrayList]@( + '', + '
', + '' + ) #Append markdown with failed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent } @@ -77,6 +84,10 @@ $passContent = [System.Collections.ArrayList]@( '# Rules Passed', '', + '
', + 'Rules Passed', + '', + '', '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' ) @@ -92,20 +103,20 @@ try { $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl - $resourceLink = "[" + $content.RuleName + "](" + $PSRuleReferenceUrl + ")" - } - catch { + $resourceLink = '[' + $content.RuleName + '](' + $PSRuleReferenceUrl + ')' + } catch { Write-Warning "Unable to build url for $content.RuleName" $resourceLink = $content.RuleName } - + $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) } - $passContent += [System.Collections.ArrayList]@( - '') - + '', + '
', + '' + ) #Append markdown with passed rules table Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent @@ -114,5 +125,5 @@ } - + From f7fd0c468d9d04a84ab00c0d32fa56246bd93f6a Mon Sep 17 00:00:00 2001 From: Fabio Masciotra Date: Thu, 22 Sep 2022 11:38:08 +0200 Subject: [PATCH 37/82] [Hackaton] Hack/topic6 virtual network PSrule on GitHub Action (#2111) * hackaton: action.yml * update action * update * update * update * output * deleted commented block Co-authored-by: Fabio Masciotra --- .../templates/validateModulePSRule/action.yml | 134 ++++++++++++++ .../workflows/ms.network.virtualnetworks.yml | 170 +++++++++--------- ps-rule.yaml | 5 +- 3 files changed, 225 insertions(+), 84 deletions(-) create mode 100644 .github/actions/templates/validateModulePSRule/action.yml diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml new file mode 100644 index 0000000000..d1e753bb54 --- /dev/null +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -0,0 +1,134 @@ +######################################################### +## 'Validate module with PSRule' Composite Action ## +######################################################### +## +## This composite action contains the logic to validate a module using a set of PSRule tests +## +######################################################### +## +##-------------------------------------------## +## ACTION PARAMETERS ## +##-------------------------------------------## +## +## |==================================================================================================================================================| +## | Parameter | Required | Default | Description | Example | +## |--------------------------|----------|---------|--------------------------------------|-----------------------------------------------------------| +## | modulePath | true | '' | The path to the module's folder | 'modules/Microsoft.ApiManagement/service' | +## | moduleTestFilePath | true | '' | The path to the module PSRule tests. | 'utilities/pipelines/staticValidation/module.tests.ps1' | +## |==================================================================================================================================================| +## +##---------------------------------------------## + +name: 'Execute PSRule module tests' +description: 'Execute PSRule module tests (if any)' + +inputs: + modulePath: + description: "The path to the module's folder" + required: true + default: '' + moduleTestFilePath: + description: 'The path to the test file' + required: true + default: '' + subscriptionId: + description: 'The subscription ID to deploy to' + required: false + managementGroupId: + description: 'The management group ID to deploy to' + required: false + +runs: + using: 'composite' + steps: + # [Module PSRule Test] task(s) + #----------------------------- + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + $templateFilePath = '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}' + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + resourceGroupName = '${{ env.resourceGroupName }}' + subscriptionId = '${{ inputs.subscriptionId }}' + managementGroupId = '${{ inputs.managementGroupId }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = @($templateFilePath) + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs + + Write-Output '::endgroup::' + + # Run analysis by using the PSRule GitHub action. + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}' + outputFormat: Csv + outputPath: '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.csv' + # option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' + + - name: 'Set PSRule Output' + if: always() + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + # Grouping task logs + Write-Output '::group::Setting Output' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') + + # Populate tokens + $Input = @{ + inputFilePath = '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.csv' + outputFilePath = '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' + } + + Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Set PSRule Output Functionality + $null = Set-PSRuleOutput @Input + + Write-Output '::endgroup::' + + - name: Output to Github summaries + shell: pwsh + if: always() + run: cat '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 2fd94c7e7e..6736acfeb9 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -97,94 +97,102 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 + - name: Set PSRule validation + uses: ./.github/actions/templates/validateModulePSRule with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' - - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - outputFormat: Csv - outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' - option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - - - name: 'Set PSRule Output' - if: always() - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - # Grouping task logs - Write-Output '::group::Setting Output' + modulePath: ${{ env.modulePath }} + moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' + + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # # Populate tokens + # $Tokens = @{ + # resourceGroupName = '${{ env.resourceGroupName }}' + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } + + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap + + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } + + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = @($templateFilePath) + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } + + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs + + # Write-Output '::endgroup::' + + # # Run analysis by using the PSRule GitHub action. + # - name: Run PSRule analysis + # uses: microsoft/ps-rule@v2.4.0 + # # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # with: + # modules: 'PSRule.Rules.Azure' + # inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # outputFormat: Csv + # outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + # option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' + + # - name: 'Set PSRule Output' + # if: always() + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # # Grouping task logs + # Write-Output '::group::Setting Output' - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') - # Populate tokens - $Input = @{ - inputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' - outputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' - } + # # Populate tokens + # $Input = @{ + # inputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' + # outputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' + # } - Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose + # Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose - # Invoke Set PSRule Output Functionality - $null = Set-PSRuleOutput @Input + # # Invoke Set PSRule Output Functionality + # $null = Set-PSRuleOutput @Input - Write-Output '::endgroup::' + # Write-Output '::endgroup::' - - name: Output to Github summaries - if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY + # - name: Output to Github summaries + # if: always() + # run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY # ############################# # # Deployment validation # diff --git a/ps-rule.yaml b/ps-rule.yaml index 0a1e9f91b7..5d6208f63d 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -29,10 +29,9 @@ execution: output: culture: - 'en-US' - outcome: 'All' + #outcome: 'All' #as: 'Summary' - input: pathIgnore: # Ignore other files in the repository. @@ -61,7 +60,7 @@ rule: exclude: # Ignore the following rules for all resources - Azure.KeyVault.PurgeProtect - + - Azure.Resource.UseTags # Suppression ignores rules for a specific Azure resource by name. # suppression: # Azure.Resource.UseTags: From 7dd75417fd88f140a6cbf707818384ab77148ca3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 22 Sep 2022 11:58:40 +0200 Subject: [PATCH 38/82] job summary out --- .github/actions/templates/validateModulePSRule/action.yml | 8 ++++---- .github/workflows/ms.network.virtualnetworks.yml | 4 +++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index d1e753bb54..e356694bb6 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -128,7 +128,7 @@ runs: Write-Output '::endgroup::' - - name: Output to Github summaries - shell: pwsh - if: always() - run: cat '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' >> $GITHUB_STEP_SUMMARY + # - name: Output to Github summaries + # shell: pwsh + # if: always() + # run: cat '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 6736acfeb9..3db718ced9 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -104,7 +104,9 @@ jobs: moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - + - name: Output to Github summaries + if: always() + run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY # - name: 'Replace tokens in template file' # uses: azure/powershell@v1 # with: From 16bd91a21034e31bb58b92def1f42bcec3df1c28 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 22 Sep 2022 13:02:49 +0200 Subject: [PATCH 39/82] Print to job schedule back to action --- .github/actions/templates/validateModulePSRule/action.yml | 8 ++++---- .github/workflows/ms.network.virtualnetworks.yml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index e356694bb6..0ff2997d16 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -128,7 +128,7 @@ runs: Write-Output '::endgroup::' - # - name: Output to Github summaries - # shell: pwsh - # if: always() - # run: cat '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' >> $GITHUB_STEP_SUMMARY + - name: Output to Github summaries + # shell: bash + if: always() + run: cat '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 3db718ced9..25bf60be8e 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -104,9 +104,9 @@ jobs: moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - - name: Output to Github summaries - if: always() - run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY + # - name: Output to Github summaries + # if: always() + # run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY # - name: 'Replace tokens in template file' # uses: azure/powershell@v1 # with: From e90593b1c6d29454f30d4f359fcd090e794bf7d4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 22 Sep 2022 13:06:04 +0200 Subject: [PATCH 40/82] action shell --- .github/actions/templates/validateModulePSRule/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 0ff2997d16..a53e299bc6 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -129,6 +129,6 @@ runs: Write-Output '::endgroup::' - name: Output to Github summaries - # shell: bash + shell: bash if: always() run: cat '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' >> $GITHUB_STEP_SUMMARY From 09270f61796d62aa9516fc27fe3a8a1103538a14 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 22 Sep 2022 14:24:37 +0200 Subject: [PATCH 41/82] remove module input --- .github/actions/templates/validateModulePSRule/action.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index a53e299bc6..aae731530c 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -23,10 +23,6 @@ name: 'Execute PSRule module tests' description: 'Execute PSRule module tests (if any)' inputs: - modulePath: - description: "The path to the module's folder" - required: true - default: '' moduleTestFilePath: description: 'The path to the test file' required: true From c48e66d00e2a212190e099a635c6fdad2854ab6b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 22 Sep 2022 14:26:33 +0200 Subject: [PATCH 42/82] cleanup vnet --- .../workflows/ms.network.virtualnetworks.yml | 91 ------------------- 1 file changed, 91 deletions(-) diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 25bf60be8e..9109ada5a4 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -104,97 +104,6 @@ jobs: moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # - name: Output to Github summaries - # if: always() - # run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' - - # # Run analysis by using the PSRule GitHub action. - # - name: Run PSRule analysis - # uses: microsoft/ps-rule@v2.4.0 - # # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # with: - # modules: 'PSRule.Rules.Azure' - # inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # outputFormat: Csv - # outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' - # option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - - # - name: 'Set PSRule Output' - # if: always() - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # # Grouping task logs - # Write-Output '::group::Setting Output' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') - - # # Populate tokens - # $Input = @{ - # inputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' - # outputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' - # } - - # Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Set PSRule Output Functionality - # $null = Set-PSRuleOutput @Input - - # Write-Output '::endgroup::' - - # - name: Output to Github summaries - # if: always() - # run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY # ############################# # # Deployment validation # From da2a9de872246d93e44cdeaac605ec465eacbe5e Mon Sep 17 00:00:00 2001 From: Erika Gressi <56914614+eriqua@users.noreply.github.com> Date: Thu, 22 Sep 2022 14:29:36 +0200 Subject: [PATCH 43/82] [Hackaton] Fix job summary output in GH action (#2112) * linter * exclude parameters * pathIgnore * clean up token replacement * clean up token replacement further * resize token replacement * typo * modulePath * job name * no psrule * no psrule step * fix inputpath * comment out continue on error option * Align KV * kv no psrule * replace * no replace * replace 1 * indent * align vnet * align vnet and enable deployment * linter test removed * psrule back * vnet no deploy * comment deployment * job summary out * Print to job schedule back to action * action shell * remove module input * cleanup vnet --- .../templates/validateModulePSRule/action.yml | 6 +- .../workflows/ms.network.virtualnetworks.yml | 89 ------------------- 2 files changed, 1 insertion(+), 94 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index d1e753bb54..aae731530c 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -23,10 +23,6 @@ name: 'Execute PSRule module tests' description: 'Execute PSRule module tests (if any)' inputs: - modulePath: - description: "The path to the module's folder" - required: true - default: '' moduleTestFilePath: description: 'The path to the test file' required: true @@ -129,6 +125,6 @@ runs: Write-Output '::endgroup::' - name: Output to Github summaries - shell: pwsh + shell: bash if: always() run: cat '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 6736acfeb9..9109ada5a4 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -105,95 +105,6 @@ jobs: subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' - - # # Run analysis by using the PSRule GitHub action. - # - name: Run PSRule analysis - # uses: microsoft/ps-rule@v2.4.0 - # # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # with: - # modules: 'PSRule.Rules.Azure' - # inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # outputFormat: Csv - # outputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' - # option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - - # - name: 'Set PSRule Output' - # if: always() - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # # Grouping task logs - # Write-Output '::group::Setting Output' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') - - # # Populate tokens - # $Input = @{ - # inputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.csv' - # outputFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' - # } - - # Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Set PSRule Output Functionality - # $null = Set-PSRuleOutput @Input - - # Write-Output '::endgroup::' - - # - name: Output to Github summaries - # if: always() - # run: cat '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}-output.md' >> $GITHUB_STEP_SUMMARY - # ############################# # # Deployment validation # # ############################# From f4c8e31e692d9e18e4931927b046228d3b1863cf Mon Sep 17 00:00:00 2001 From: Fabio Masciotra Date: Thu, 22 Sep 2022 16:02:05 +0200 Subject: [PATCH 44/82] [hackaton]: Hack/topic6 fabmas/psrule test updated RG, KV, VNET (#2113) * update * update * kv update * ps1 * update Co-authored-by: Fabio Masciotra --- .../templates/validateModulePSRule/action.yml | 3 +- .github/workflows/ms.keyvault.vaults.yml | 80 +++---------------- .../workflows/ms.network.virtualnetworks.yml | 1 - .../workflows/ms.resources.resourcegroups.yml | 76 +++--------------- ps-rule.yaml | 8 +- .../PSRuleValidation/Set-PSRuleOutput.ps1 | 12 +-- 6 files changed, 35 insertions(+), 145 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index aae731530c..2696c0b87c 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -13,8 +13,9 @@ ## |==================================================================================================================================================| ## | Parameter | Required | Default | Description | Example | ## |--------------------------|----------|---------|--------------------------------------|-----------------------------------------------------------| -## | modulePath | true | '' | The path to the module's folder | 'modules/Microsoft.ApiManagement/service' | ## | moduleTestFilePath | true | '' | The path to the module PSRule tests. | 'utilities/pipelines/staticValidation/module.tests.ps1' | +## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | +## | managementGroupId | false | '' | The managementGroupId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | ## |==================================================================================================================================================| ## ##---------------------------------------------## diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index d6ec346e70..e7a5b9e66b 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -85,11 +85,11 @@ jobs: name: 'PsRule pre-flight validation' runs-on: ubuntu-latest needs: - - job_initialize_pipeline - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - name: Checkout uses: actions/checkout@v3 @@ -97,72 +97,12 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' - - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + - name: Set PSRule validation + uses: ./.github/actions/templates/validateModulePSRule with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/' - outputFormat: Csv - outputPath: '${{ env.modulePath }}-output.csv' - - - name: Output to Github Logs - if: always() - run: cat '${{ env.modulePath }}-output.csv' - - - name: Output to Github summaries - if: always() - run: cat '${{ env.modulePath }}-output.csv' >> $GITHUB_STEP_SUMMARY + moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' # ############################# # # Deployment validation # diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 9109ada5a4..1ae28606d7 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -100,7 +100,6 @@ jobs: - name: Set PSRule validation uses: ./.github/actions/templates/validateModulePSRule with: - modulePath: ${{ env.modulePath }} moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index c1bb79b548..6dd3f78b7a 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -85,74 +85,24 @@ jobs: name: 'PsRule pre-flight validation' runs-on: ubuntu-latest needs: - - job_initialize_pipeline + - job_initialize_pipeline strategy: fail-fast: false matrix: moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' - - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: Set PSRule validation + uses: ./.github/actions/templates/validateModulePSRule + with: + moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' # ############################# # # Deployment validation # diff --git a/ps-rule.yaml b/ps-rule.yaml index 5d6208f63d..7c66b607a7 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -57,10 +57,10 @@ configuration: rule: # Enable custom rules that don't exist in the baseline includeLocal: false - exclude: - # Ignore the following rules for all resources - - Azure.KeyVault.PurgeProtect - - Azure.Resource.UseTags + #exclude: + # Ignore the following rules for all resources + # - Azure.KeyVault.PurgeProtect + # - Azure.Resource.UseTags # Suppression ignores rules for a specific Azure resource by name. # suppression: # Azure.Resource.UseTags: diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index be9e296736..0a8b0a7aa4 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -24,7 +24,7 @@ $headerTable = [System.Collections.ArrayList]@( '# Output Summary ', '', - '| Total No. of Rules Processed | Rules Passed :white_check_mark: | Rules Failed :x: |', + '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', '| :-- | :-- | :-- |' ) @@ -41,10 +41,10 @@ #Create Failing table $failContent = [System.Collections.ArrayList]@( - '# Rules Failed', + '# Failed Rules', '', '
', - 'Rules Failed', + 'Failed Rules', '', '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' @@ -82,10 +82,10 @@ if ($passedRules.Count -gt 0) { $passContent = [System.Collections.ArrayList]@( - '# Rules Passed', + '# Passed Rules', '', '
', - 'Rules Passed', + 'Passed Rules', '', '', '| RuleName | TargetName | Synopsis |', @@ -109,7 +109,7 @@ $resourceLink = $content.RuleName } - $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) + $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) } $passContent += [System.Collections.ArrayList]@( From 4e994d885ca5f19294b308cea8e262684c7a62e8 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman <44262238+karthikvenkat17@users.noreply.github.com> Date: Thu, 22 Sep 2022 16:56:23 +0100 Subject: [PATCH 45/82] [Hackathon] Suppress rules where not required (#2115) * exclude tags for min * typo in ps-rule yaml * update suppression yaml * keyvault rule exclusions Co-authored-by: Karthik Venkatraman --- .ps-rule/min-suppress.Rule.yaml | 16 ++++++++++++++++ ps-rule.yaml | 10 +++++----- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 .ps-rule/min-suppress.Rule.yaml diff --git a/.ps-rule/min-suppress.Rule.yaml b/.ps-rule/min-suppress.Rule.yaml new file mode 100644 index 0000000000..9c984ea8da --- /dev/null +++ b/.ps-rule/min-suppress.Rule.yaml @@ -0,0 +1,16 @@ +--- +# Synopsis: Suppress Rules for min tests +apiVersion: github.com/microsoft/PSRule/v1 +kind: SuppressionGroup +metadata: + name: 'Suppressmin' +spec: + rule: + - Azure.Resource.UseTags + - Azure.KeyVault.Logs + if: + name: '.' + contains: + - 'min' + + \ No newline at end of file diff --git a/ps-rule.yaml b/ps-rule.yaml index 7c66b607a7..9ee2318a42 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -57,11 +57,11 @@ configuration: rule: # Enable custom rules that don't exist in the baseline includeLocal: false - #exclude: + exclude: # Ignore the following rules for all resources - # - Azure.KeyVault.PurgeProtect - # - Azure.Resource.UseTags + - Azure.KeyVault.PurgeProtect + # Suppression ignores rules for a specific Azure resource by name. # suppression: -# Azure.Resource.UseTags: -# - <>kvvmin001 +# Azure.KeyVault.PurgeProtect: +# - '*min*' From 81477ed7e827038e50d358a058331cb32217d024 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 11:25:11 +0100 Subject: [PATCH 46/82] kv test --- .github/workflows/ms.keyvault.vaults.yml | 24 ------------------- .github/workflows/template.module.yml | 30 +++++++++++++++++++++--- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 4988d558f3..a45960cbd8 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -70,30 +70,6 @@ jobs: modulePath: '${{ env.modulePath }}' - job_psrule_test: - name: 'PsRule pre-flight validation' - runs-on: ubuntu-latest - needs: - - job_initialize_pipeline - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: Set PSRule validation - uses: ./.github/actions/templates/validateModulePSRule - with: - moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - - ############################## # Call reusable workflow # ############################## diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index 4ed84c4daf..94c40783d4 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -29,8 +29,8 @@ jobs: # Static validation # ######################### job_module_static_validation: - runs-on: ubuntu-20.04 name: 'Static validation' + runs-on: ubuntu-20.04 if: (fromJson(inputs.workflowInput)).staticValidation == 'true' steps: - name: 'Checkout' @@ -47,12 +47,36 @@ jobs: modulePath: '${{ inputs.modulePath }}' moduleTestFilePath: '${{ env.moduleTestFilePath }}' + ######################### + # PsRule validation # + ######################### + job_psrule_test: + name: 'PsRule pre-flight validation' + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: Set PSRule validation + uses: ./.github/actions/templates/validateModulePSRule + with: + moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + ############################# # Deployment validation # ############################# job_module_deploy_validation: - runs-on: ubuntu-20.04 name: 'Deployment validation' + runs-on: ubuntu-20.04 if: | !cancelled() && (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && @@ -86,8 +110,8 @@ jobs: ################## job_publish_module: name: 'Publishing' - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' runs-on: ubuntu-20.04 + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' needs: - job_module_deploy_validation steps: From 5ec0d0ab2044d4e67d08e9ec425818af315f31f3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 11:30:39 +0100 Subject: [PATCH 47/82] disable deployment --- .github/workflows/template.module.yml | 131 +++++++++++++------------- 1 file changed, 66 insertions(+), 65 deletions(-) diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index 94c40783d4..6a45e84245 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -67,72 +67,73 @@ jobs: - name: Set PSRule validation uses: ./.github/actions/templates/validateModulePSRule with: - moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} + moduleTestFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - name: 'Deployment validation' - runs-on: ubuntu-20.04 - if: | - !cancelled() && - (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && - needs.job_module_static_validation.result != 'failure' - needs: - - job_module_static_validation - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ fromJson(inputs.workflowInput).removeDeployment }}' + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # name: 'Deployment validation' + # runs-on: ubuntu-20.04 + # if: | + # !cancelled() && + # (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && + # needs.job_module_static_validation.result != 'failure' + # needs: + # - job_module_static_validation + # - job_psrule_test + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ fromJson(inputs.workflowInput).removeDeployment }}' - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - runs-on: ubuntu-20.04 - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ inputs.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' - publishLatest: '${{ env.publishLatest }}' + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # runs-on: ubuntu-20.04 + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ inputs.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # publishLatest: '${{ env.publishLatest }}' From ecfcb775118a26cad9ffdc18ac550ea69c8837c3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 11:39:24 +0100 Subject: [PATCH 48/82] templateFilePath --- .../templates/validateModulePSRule/action.yml | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 2696c0b87c..b27f6aa34e 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -10,13 +10,13 @@ ## ACTION PARAMETERS ## ##-------------------------------------------## ## -## |==================================================================================================================================================| -## | Parameter | Required | Default | Description | Example | -## |--------------------------|----------|---------|--------------------------------------|-----------------------------------------------------------| -## | moduleTestFilePath | true | '' | The path to the module PSRule tests. | 'utilities/pipelines/staticValidation/module.tests.ps1' | -## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | -## | managementGroupId | false | '' | The managementGroupId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | -## |==================================================================================================================================================| +## |=================================================================================================================================================================| +## | Parameter | Required | Default | Description | Example | +## |--------------------------|----------|---------|--------------------------------------|--------------------------------------------------------------------------| +## | templateFilePath | true | '' | The path to the module PSRule tests. | 'modules/Microsoft.ApiManagement/service/.test/common/deploy.test.bicep' | +## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | +## | managementGroupId | false | '' | The managementGroupId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | +## |=================================================================================================================================================================| ## ##---------------------------------------------## @@ -24,7 +24,7 @@ name: 'Execute PSRule module tests' description: 'Execute PSRule module tests (if any)' inputs: - moduleTestFilePath: + templateFilePath: description: 'The path to the test file' required: true default: '' @@ -45,7 +45,7 @@ runs: with: azPSVersion: 'latest' inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}' + $templateFilePath = '${{ inputs.templateFilePath}}' # Grouping task logs Write-Output '::group::Replace tokens in template file' @@ -95,9 +95,9 @@ runs: # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}' + inputPath: '${{ inputs.templateFilePath}}' outputFormat: Csv - outputPath: '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.csv' + outputPath: '${{ inputs.templateFilePath}}-output.csv' # option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - name: 'Set PSRule Output' @@ -114,8 +114,8 @@ runs: # Populate tokens $Input = @{ - inputFilePath = '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.csv' - outputFilePath = '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' + inputFilePath = '${{ inputs.templateFilePath}}-output.csv' + outputFilePath = '${{ inputs.templateFilePath}}-output.md' } Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose @@ -128,4 +128,4 @@ runs: - name: Output to Github summaries shell: bash if: always() - run: cat '${{ env.modulePath }}/${{ inputs.moduleTestFilePath }}-output.md' >> $GITHUB_STEP_SUMMARY + run: cat '${{ inputs.templateFilePath}}-output.md' >> $GITHUB_STEP_SUMMARY From b71e87c922dcfa323552163f03c7d655a789286f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 11:42:57 +0100 Subject: [PATCH 49/82] templateFilePath in workflow template --- .github/workflows/template.module.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index 6a45e84245..92c557d348 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -67,7 +67,7 @@ jobs: - name: Set PSRule validation uses: ./.github/actions/templates/validateModulePSRule with: - moduleTestFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' From c8603c5d5c80c729ed82658963f127c6422e5d11 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 11:44:24 +0100 Subject: [PATCH 50/82] disable pester --- .github/workflows/template.module.yml | 36 +++++++++++++-------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index 92c557d348..f9790a42d6 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -28,24 +28,24 @@ jobs: ######################### # Static validation # ######################### - job_module_static_validation: - name: 'Static validation' - runs-on: ubuntu-20.04 - if: (fromJson(inputs.workflowInput)).staticValidation == 'true' - steps: - - name: 'Checkout' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ inputs.modulePath }}' - moduleTestFilePath: '${{ env.moduleTestFilePath }}' + # job_module_static_validation: + # name: 'Static validation' + # runs-on: ubuntu-20.04 + # if: (fromJson(inputs.workflowInput)).staticValidation == 'true' + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Run tests' + # uses: ./.github/actions/templates/validateModulePester + # with: + # modulePath: '${{ inputs.modulePath }}' + # moduleTestFilePath: '${{ env.moduleTestFilePath }}' ######################### # PsRule validation # From 348ce2bcb0c042d4b4932faacdf0fb2e6afebec1 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 12:47:46 +0100 Subject: [PATCH 51/82] psrule action update --- .../templates/validateModulePSRule/action.yml | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index b27f6aa34e..7932731979 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -92,40 +92,40 @@ runs: # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' inputPath: '${{ inputs.templateFilePath}}' outputFormat: Csv outputPath: '${{ inputs.templateFilePath}}-output.csv' - # option: '${{ env.modulePath }}/.test/vnet-ps-rule.yaml' - - name: 'Set PSRule Output' + - name: 'Parse CSV content' if: always() uses: azure/powershell@v1 with: azPSVersion: 'latest' inlineScript: | # Grouping task logs - Write-Output '::group::Setting Output' + Write-Output '::group::Parse CSV content' # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleOutput.ps1') + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleGitHubOutput.ps1') - # Populate tokens - $Input = @{ - inputFilePath = '${{ inputs.templateFilePath}}-output.csv' - outputFilePath = '${{ inputs.templateFilePath}}-output.md' + # Populate parameter input + $ParameterInput = @{ + inputFilePath = '${{ inputs.templateFilePath}}-output.csv' + outputFilePath = '${{ inputs.templateFilePath}}-output.md' + skipPassedRulesReport = $false } Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose # Invoke Set PSRule Output Functionality - $null = Set-PSRuleOutput @Input + $null = Set-PSRuleGitHubOutput @ParameterInput Write-Output '::endgroup::' - - name: Output to Github summaries - shell: bash - if: always() - run: cat '${{ inputs.templateFilePath}}-output.md' >> $GITHUB_STEP_SUMMARY + - name: Output to GitHub job summaries + if: always() + shell: pwsh + run: Get-Content '${{ inputs.templateFilePath}}-output.md' >> $env:GITHUB_STEP_SUMMARY From 0e0b8612aba3f960b7267e267bac7b2fd4b610f6 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 12:51:59 +0100 Subject: [PATCH 52/82] psrule action update --- .github/actions/templates/validateModulePSRule/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 7932731979..720e8ffdc3 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -126,6 +126,6 @@ runs: Write-Output '::endgroup::' - name: Output to GitHub job summaries - if: always() - shell: pwsh - run: Get-Content '${{ inputs.templateFilePath}}-output.md' >> $env:GITHUB_STEP_SUMMARY + if: always() + shell: pwsh + run: Get-Content '${{ inputs.templateFilePath}}-output.md' >> $env:GITHUB_STEP_SUMMARY From 09aa0b6457cf79568de4954548c74e72b95d5b49 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 12:55:55 +0100 Subject: [PATCH 53/82] remove not used script --- .../PSRuleValidation/Set-PSRuleOutput.ps1 | 129 ------------------ 1 file changed, 129 deletions(-) delete mode 100644 utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 deleted file mode 100644 index 0a8b0a7aa4..0000000000 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ /dev/null @@ -1,129 +0,0 @@ -function Set-PSRuleOutput { - [CmdletBinding(SupportsShouldProcess)] - param ( - [Parameter(Mandatory)] - [String] $inputFilePath, - - [Parameter(Mandatory = $false)] - [string] $outputFilePath = './output.md' - ) - - # Import CSV output and filter by results - - $results = Import-Csv -Path $inputFilePath - - $passedRules = @() - $failedRules = @() - - $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } - $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } - - - #Create Summary table - - $headerTable = [System.Collections.ArrayList]@( - '# Output Summary ', - '', - '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', - '| :-- | :-- | :-- |' - ) - - $headerTable += ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count) - $headerTable += [System.Collections.ArrayList]@( - '') - - # Create markdown file with header table - Out-File -FilePath $outputFilePath -NoClobber -InputObject $headerTable - - - if ($failedRules.Count -gt 0) { - - #Create Failing table - - $failContent = [System.Collections.ArrayList]@( - '# Failed Rules', - '', - '
', - 'Failed Rules', - '', - '| RuleName | TargetName | Synopsis |', - '| :-- | :-- | :-- |' - ) - - foreach ($content in $failedRules ) { - # Shorten the target name for deployment resoure type - if ($content.TargetType -eq 'Microsoft.Resources/deployments') { - $content.TargetName = $content.TargetName.replace('/home/runner/work/ResourceModules/ResourceModules/modules/', '') - } - - # Build hyperlinks to PSrule documentation for the rules - $TemplatesBaseUrl = 'https://azure.github.io/PSRule.Rules.Azure/en/rules' - try { - $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName - $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl - $resourceLink = '[' + $content.RuleName + '](' + $PSRuleReferenceUrl + ')' - } catch { - Write-Warning "Unable to build url for $content.RuleName" - $resourceLink = $content.RuleName - } - $failContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) - - } - $failContent += [System.Collections.ArrayList]@( - '', - '
', - '' - ) - #Append markdown with failed rules table - Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent - } - - # Create Passing table - if ($passedRules.Count -gt 0) { - - $passContent = [System.Collections.ArrayList]@( - '# Passed Rules', - '', - '
', - 'Passed Rules', - '', - '', - '| RuleName | TargetName | Synopsis |', - '| :-- | :-- | :-- |' - ) - - foreach ($content in $passedRules ) { - # Shorten the target name for deployment resoure type - if ($content.TargetType -eq 'Microsoft.Resources/deployments') { - $content.TargetName = $content.TargetName.replace('/home/runner/work/ResourceModules/ResourceModules/modules/', '') - } - - # Build hyperlinks to PSrule documentation for the rules - $TemplatesBaseUrl = 'https://azure.github.io/PSRule.Rules.Azure/en/rules' - try { - $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName - $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl - $resourceLink = '[' + $content.RuleName + '](' + $PSRuleReferenceUrl + ')' - } catch { - Write-Warning "Unable to build url for $content.RuleName" - $resourceLink = $content.RuleName - } - - $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) - - } - $passContent += [System.Collections.ArrayList]@( - '', - '
', - '' - ) - #Append markdown with passed rules table - Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent - - } - - -} - - - From 13f14fe89bf591e83e3ab29e88b4cf7f5b29beca Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 12:57:11 +0100 Subject: [PATCH 54/82] update old workflows --- .../workflows/ms.network.virtualnetworks.yml | 24 ------------------- .../workflows/ms.resources.resourcegroups.yml | 24 ------------------- 2 files changed, 48 deletions(-) diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 280a7145c7..36701407d7 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -71,30 +71,6 @@ jobs: modulePath: '${{ env.modulePath }}' - job_psrule_test: - name: 'PsRule pre-flight validation' - runs-on: ubuntu-latest - needs: - - job_initialize_pipeline - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: Set PSRule validation - uses: ./.github/actions/templates/validateModulePSRule - with: - moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - - ############################## # Call reusable workflow # ############################## diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 6a5de42478..942c6369f5 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -70,30 +70,6 @@ jobs: modulePath: '${{ env.modulePath }}' - job_psrule_test: - name: 'PsRule pre-flight validation' - runs-on: ubuntu-latest - needs: - - job_initialize_pipeline - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: Set PSRule validation - uses: ./.github/actions/templates/validateModulePSRule - with: - moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - - ############################## # Call reusable workflow # ############################## From fe031b2b6d26f4d216dcc76791ea64f9ffa5c014 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 13:36:09 +0100 Subject: [PATCH 55/82] remove not used setting --- .../virtualNetworks/.test/vnet-ps-rule.yaml | 67 ------------------- 1 file changed, 67 deletions(-) delete mode 100644 modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml diff --git a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml b/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml deleted file mode 100644 index 5b96b4abf4..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/.test/vnet-ps-rule.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# -# PSRule for Azure configuration -# - -# Please see the documentation for all configuration options: -# https://aka.ms/ps-rule/options -# https://aka.ms/ps-rule-azure/options - -# Configure binding for local rules. -binding: - preferTargetInfo: true - targetType: - - type - - resourceType - -# Require minimum versions of modules. -requires: - PSRule: '@pre >=2.4.0' - PSRule.Rules.Azure: '@pre >=1.19.2' - -# Use PSRule for Azure. -include: - module: - - PSRule.Rules.Azure - -execution: - suppressedRuleWarning: false - -output: - culture: - - 'en-US' - #outcome: 'Fail' - #as: 'Summary' - -input: - pathIgnore: - # Ignore other files in the repository. - - '.vscode/' - - '.github/' - - '*.md' - - # Exclude modules but not tests. - - 'modules/**/*.bicep' - - '!modules/**/*.test.bicep' - - 'modules/**/*version.json' - -configuration: - # Enable automatic expansion of Azure parameter files. - AZURE_PARAMETER_FILE_EXPANSION: false - - # Enable automatic expansion of Azure Bicep source files. - AZURE_BICEP_FILE_EXPANSION: true - - # Configures the number of seconds to wait for build Bicep files. - AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 10 - -rule: - # Enable custom rules that don't exist in the baseline - includeLocal: false - exclude: - # Ignore the following rules for all resources - - Azure.Resource.UseTags -# Suppression ignores rules for a specific Azure resource by name. -#suppression: -# Azure.Identity.UserAssignedName: -# - 'dep*' - From f18bffb4207045d1d6b16fe3d1c8534938c4486f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 13:38:34 +0100 Subject: [PATCH 56/82] template update --- .../templates/validateModulePSRule/action.yml | 2 +- .github/workflows/template.module.yml | 167 +++++++++--------- 2 files changed, 85 insertions(+), 84 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 720e8ffdc3..945032cf51 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -92,7 +92,7 @@ runs: # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 - continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' inputPath: '${{ inputs.templateFilePath}}' diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index f9790a42d6..b244a1240f 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -28,24 +28,24 @@ jobs: ######################### # Static validation # ######################### - # job_module_static_validation: - # name: 'Static validation' - # runs-on: ubuntu-20.04 - # if: (fromJson(inputs.workflowInput)).staticValidation == 'true' - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Run tests' - # uses: ./.github/actions/templates/validateModulePester - # with: - # modulePath: '${{ inputs.modulePath }}' - # moduleTestFilePath: '${{ env.moduleTestFilePath }}' + job_module_static_validation: + name: 'Static validation' + runs-on: ubuntu-20.04 + if: (fromJson(inputs.workflowInput)).staticValidation == 'true' + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ inputs.modulePath }}' + moduleTestFilePath: '${{ env.moduleTestFilePath }}' ######################### # PsRule validation # @@ -57,6 +57,7 @@ jobs: fail-fast: false matrix: moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project steps: - name: Checkout uses: actions/checkout@v3 @@ -71,69 +72,69 @@ jobs: subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # ############################# - # # Deployment validation # - # ############################# - # job_module_deploy_validation: - # name: 'Deployment validation' - # runs-on: ubuntu-20.04 - # if: | - # !cancelled() && - # (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && - # needs.job_module_static_validation.result != 'failure' - # needs: - # - job_module_static_validation - # - job_psrule_test - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # location: '${{ env.location }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ fromJson(inputs.workflowInput).removeDeployment }}' + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + name: 'Deployment validation' + runs-on: ubuntu-20.04 + if: | + !cancelled() && + (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && + needs.job_module_static_validation.result != 'failure' + needs: + - job_module_static_validation + - job_psrule_test + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' + location: '${{ env.location }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ fromJson(inputs.workflowInput).removeDeployment }}' - # ################## - # # Publishing # - # ################## - # job_publish_module: - # name: 'Publishing' - # runs-on: ubuntu-20.04 - # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' - # needs: - # - job_module_deploy_validation - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Publishing' - # uses: ./.github/actions/templates/publishModule - # with: - # templateFilePath: '${{ inputs.modulePath }}/deploy.bicep' - # templateSpecsRGName: '${{ env.templateSpecsRGName }}' - # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - # templateSpecsDescription: '${{ env.templateSpecsDescription }}' - # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - # bicepRegistryName: '${{ env.bicepRegistryName }}' - # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' - # publishLatest: '${{ env.publishLatest }}' + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + runs-on: ubuntu-20.04 + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ inputs.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + publishLatest: '${{ env.publishLatest }}' From 9dc0952127f4943dc156b44228b637af34d559af Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 13:55:21 +0100 Subject: [PATCH 57/82] update action output --- .../templates/validateModulePSRule/action.yml | 12 ++++++------ .github/workflows/ms.network.virtualnetworks.yml | 1 - .github/workflows/template.module.yml | 3 +-- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 945032cf51..8e86f22c3b 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -92,12 +92,12 @@ runs: # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ inputs.templateFilePath}}' + inputPath: '${{ inputs.templateFilePath}}/' outputFormat: Csv - outputPath: '${{ inputs.templateFilePath}}-output.csv' + outputPath: '${{ inputs.templateFilePath}}/PSRule-output.csv' - name: 'Parse CSV content' if: always() @@ -113,8 +113,8 @@ runs: # Populate parameter input $ParameterInput = @{ - inputFilePath = '${{ inputs.templateFilePath}}-output.csv' - outputFilePath = '${{ inputs.templateFilePath}}-output.md' + inputFilePath = '${{ inputs.templateFilePath}}/PSRule-output.csv' + outputFilePath = '${{ inputs.templateFilePath}}/PSRule-output.md' skipPassedRulesReport = $false } @@ -128,4 +128,4 @@ runs: - name: Output to GitHub job summaries if: always() shell: pwsh - run: Get-Content '${{ inputs.templateFilePath}}-output.md' >> $env:GITHUB_STEP_SUMMARY + run: Get-Content '${{ inputs.templateFilePath}}/PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 36701407d7..b7df31293b 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -29,7 +29,6 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/template.module.yml' - - '.github/workflows/template.module.yml' - '.github/workflows/ms.network.virtualnetworks.yml' - 'modules/Microsoft.Network/virtualNetworks/**' - 'utilities/pipelines/**' diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index b244a1240f..dc3353c507 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -57,7 +57,6 @@ jobs: fail-fast: false matrix: moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} - continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project steps: - name: Checkout uses: actions/checkout@v3 @@ -84,7 +83,7 @@ jobs: needs.job_module_static_validation.result != 'failure' needs: - job_module_static_validation - - job_psrule_test + # - job_psrule_test # Ignoring dependency whilst PSRule gets bedded in, in this project strategy: fail-fast: false matrix: From 26f07a7bb866ab4cadc9fdad21f9ce217f2df744 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 14:06:23 +0100 Subject: [PATCH 58/82] update action output as file --- .github/actions/templates/validateModulePSRule/action.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 8e86f22c3b..85cf88bc35 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -95,9 +95,9 @@ runs: continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project with: modules: 'PSRule.Rules.Azure' - inputPath: '${{ inputs.templateFilePath}}/' + inputPath: '${{ inputs.templateFilePath}}' outputFormat: Csv - outputPath: '${{ inputs.templateFilePath}}/PSRule-output.csv' + outputPath: '${{ inputs.templateFilePath}}-PSRule-output.csv' - name: 'Parse CSV content' if: always() @@ -113,8 +113,8 @@ runs: # Populate parameter input $ParameterInput = @{ - inputFilePath = '${{ inputs.templateFilePath}}/PSRule-output.csv' - outputFilePath = '${{ inputs.templateFilePath}}/PSRule-output.md' + inputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.csv' + outputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' skipPassedRulesReport = $false } From 0f20d942ac1ac56c418753348e36d5e1d3148ab8 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 14:13:24 +0100 Subject: [PATCH 59/82] update job summary file --- .github/actions/templates/validateModulePSRule/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 85cf88bc35..fde88dbff9 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -128,4 +128,4 @@ runs: - name: Output to GitHub job summaries if: always() shell: pwsh - run: Get-Content '${{ inputs.templateFilePath}}/PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY + run: Get-Content '${{ inputs.templateFilePath}}-PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY From d605eb5a22071bbca8a08cddc0a9a0365151593c Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 15:16:54 +0100 Subject: [PATCH 60/82] PsRule --- .github/workflows/template.module.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index dc3353c507..2e474c8788 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -48,10 +48,10 @@ jobs: moduleTestFilePath: '${{ env.moduleTestFilePath }}' ######################### - # PsRule validation # + # PSRule validation # ######################### job_psrule_test: - name: 'PsRule pre-flight validation' + name: 'PSRule pre-flight validation' runs-on: ubuntu-20.04 strategy: fail-fast: false From 68cd41c7c7322d742e1dfbce1582ef436d8687f5 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 16:05:20 +0100 Subject: [PATCH 61/82] comment other jobs --- .../templates/validateModulePSRule/action.yml | 19 +- .github/workflows/template.module.yml | 172 +++++++++--------- 2 files changed, 102 insertions(+), 89 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index fde88dbff9..f13067131f 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -125,7 +125,20 @@ runs: Write-Output '::endgroup::' - - name: Output to GitHub job summaries + # - name: Output to GitHub job summaries + # if: always() + # shell: pwsh + # run: Get-Content '${{ inputs.templateFilePath}}-PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY + + - name: 'Output to GitHub job summaries' if: always() - shell: pwsh - run: Get-Content '${{ inputs.templateFilePath}}-PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + # Grouping task logs + Write-Output '::group::Output to GitHub job summaries' + + Get-Content '${{ inputs.templateFilePath}}-PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY + + Write-Output '::endgroup::' diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index 2e474c8788..6b729c6440 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -25,27 +25,27 @@ env: TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}' jobs: - ######################### - # Static validation # - ######################### - job_module_static_validation: - name: 'Static validation' - runs-on: ubuntu-20.04 - if: (fromJson(inputs.workflowInput)).staticValidation == 'true' - steps: - - name: 'Checkout' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Run tests' - uses: ./.github/actions/templates/validateModulePester - with: - modulePath: '${{ inputs.modulePath }}' - moduleTestFilePath: '${{ env.moduleTestFilePath }}' + # ######################### + # # Static validation # + # ######################### + # job_module_static_validation: + # name: 'Static validation' + # runs-on: ubuntu-20.04 + # if: (fromJson(inputs.workflowInput)).staticValidation == 'true' + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Run tests' + # uses: ./.github/actions/templates/validateModulePester + # with: + # modulePath: '${{ inputs.modulePath }}' + # moduleTestFilePath: '${{ env.moduleTestFilePath }}' ######################### # PSRule validation # @@ -71,69 +71,69 @@ jobs: subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - ############################# - # Deployment validation # - ############################# - job_module_deploy_validation: - name: 'Deployment validation' - runs-on: ubuntu-20.04 - if: | - !cancelled() && - (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && - needs.job_module_static_validation.result != 'failure' - needs: - - job_module_static_validation - # - job_psrule_test # Ignoring dependency whilst PSRule gets bedded in, in this project - strategy: - fail-fast: false - matrix: - moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} - steps: - - name: 'Checkout' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' - location: '${{ env.location }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ fromJson(inputs.workflowInput).removeDeployment }}' + # ############################# + # # Deployment validation # + # ############################# + # job_module_deploy_validation: + # name: 'Deployment validation' + # runs-on: ubuntu-20.04 + # if: | + # !cancelled() && + # (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && + # needs.job_module_static_validation.result != 'failure' + # needs: + # - job_module_static_validation + # # - job_psrule_test # Ignoring dependency whilst PSRule gets bedded in, in this project + # strategy: + # fail-fast: false + # matrix: + # moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' + # location: '${{ env.location }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ fromJson(inputs.workflowInput).removeDeployment }}' - ################## - # Publishing # - ################## - job_publish_module: - name: 'Publishing' - runs-on: ubuntu-20.04 - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' - needs: - - job_module_deploy_validation - steps: - - name: 'Checkout' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' - uses: ./.github/actions/templates/publishModule - with: - templateFilePath: '${{ inputs.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' - publishLatest: '${{ env.publishLatest }}' + # ################## + # # Publishing # + # ################## + # job_publish_module: + # name: 'Publishing' + # runs-on: ubuntu-20.04 + # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' + # needs: + # - job_module_deploy_validation + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Publishing' + # uses: ./.github/actions/templates/publishModule + # with: + # templateFilePath: '${{ inputs.modulePath }}/deploy.bicep' + # templateSpecsRGName: '${{ env.templateSpecsRGName }}' + # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + # templateSpecsDescription: '${{ env.templateSpecsDescription }}' + # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + # bicepRegistryName: '${{ env.bicepRegistryName }}' + # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + # publishLatest: '${{ env.publishLatest }}' From 9e35804230fb343a8a28d52ceca7073046f514ff Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 16:19:20 +0100 Subject: [PATCH 62/82] test path --- .../templates/validateModulePSRule/action.yml | 9 +- .../Set-PSRuleGitHubOutput.ps1 | 202 +++++++++--------- 2 files changed, 112 insertions(+), 99 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index f13067131f..b2c2f6336b 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -139,6 +139,13 @@ runs: # Grouping task logs Write-Output '::group::Output to GitHub job summaries' - Get-Content '${{ inputs.templateFilePath}}-PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY + $mdPSRuleOutputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' + + if (-not (Test-Path $mdPSRuleOutputFilePath)) { + Write-Warning "Input File [$inputFilePath] not found" + return '' + } else { + Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY + } Write-Output '::endgroup::' diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 index 6fd90f51d8..48f925c442 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 @@ -41,116 +41,122 @@ function Set-PSRuleGitHubOutput { # Import CSV output and filter by results # ########################################### - $results = Import-Csv -Path $inputFilePath + if (-not (Test-Path $inputFilePath)) { + Write-Warning "Input File [$inputFilePath] not found" + return '' + } else { - $passedRules = @() - $failedRules = @() + $results = Import-Csv -Path $inputFilePath - $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } - $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } + $passedRules = @() + $failedRules = @() - ###################### - # Set output content # - ###################### + $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } + $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } - # Header - $header = [System.Collections.ArrayList]@( - '# PSRule pre-flight validation summary ', - '' - ) - Out-File -FilePath $outputFilePath -NoClobber -InputObject $header + ###################### + # Set output content # + ###################### - if ($failedRules.Count -eq 0) { - # No failure content - $noFailuresContent = ('## :rocket: All [{0}] rules passed, YAY! :rocket:' -f $results.Count) - Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $noFailuresContent - } else { - # Failure content - - ## Header table - $headerTable = [System.Collections.ArrayList]@( - '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', - '| :-- | :-- | :-- |' - ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count), + # Header + $header = [System.Collections.ArrayList]@( + '# PSRule pre-flight validation summary ', '' ) - Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerTable - - ## List of failed rules - $failContent = [System.Collections.ArrayList]@( - '', - '
', - 'List of Failed Rules', - '', - '## Failed Rules', - '', - '| RuleName | TargetName | Synopsis |', - '| :-- | :-- | :-- |' - ) - foreach ($content in $failedRules ) { - # Shorten the target name for deployment resoure type - if ($content.TargetType -eq 'Microsoft.Resources/deployments') { - $content.TargetName = $content.TargetName.replace('/home/runner/work/ResourceModules/ResourceModules/modules/', '') - } - - # Build hyperlinks to PSRule documentation for the rules - $TemplatesBaseUrl = 'https://azure.github.io/PSRule.Rules.Azure/en/rules' - try { - $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName - $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl - $resourceLink = '[{0}]({1})' -f $content.RuleName, $PSRuleReferenceUrl - } catch { - Write-Warning ('Unable to build url for rule [{0}]' -f $content.RuleName) - $resourceLink = $content.RuleName + Out-File -FilePath $outputFilePath -NoClobber -InputObject $header + + if ($failedRules.Count -eq 0) { + # No failure content + $noFailuresContent = ('## :rocket: All [{0}] rules passed, YAY! :rocket:' -f $results.Count) + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $noFailuresContent + } else { + # Failure content + + ## Header table + $headerTable = [System.Collections.ArrayList]@( + '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', + '| :-- | :-- | :-- |' + ('| {0} | {1} | {2} |' -f $results.Count, $passedRules.Count , $failedRules.Count), + '' + ) + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $headerTable + + ## List of failed rules + $failContent = [System.Collections.ArrayList]@( + '', + '
', + 'List of Failed Rules', + '', + '## Failed Rules', + '', + '| RuleName | TargetName | Synopsis |', + '| :-- | :-- | :-- |' + ) + foreach ($content in $failedRules ) { + # Shorten the target name for deployment resoure type + if ($content.TargetType -eq 'Microsoft.Resources/deployments') { + $content.TargetName = $content.TargetName.replace('/home/runner/work/ResourceModules/ResourceModules/modules/', '') + } + + # Build hyperlinks to PSRule documentation for the rules + $TemplatesBaseUrl = 'https://azure.github.io/PSRule.Rules.Azure/en/rules' + try { + $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName + $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl + $resourceLink = '[{0}]({1})' -f $content.RuleName, $PSRuleReferenceUrl + } catch { + Write-Warning ('Unable to build url for rule [{0}]' -f $content.RuleName) + $resourceLink = $content.RuleName + } + $failContent += ('| {0} | `{1}` | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) } - $failContent += ('| {0} | `{1}` | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) + $failContent += [System.Collections.ArrayList]@( + '', + '
', + '' + ) + # Append to output + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent } - $failContent += [System.Collections.ArrayList]@( - '', - '
', - '' - ) - # Append to output - Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $failContent - } - if (($passedRules.Count -gt 0) -and -not $skipPassedRulesReport) { - # List of passed rules - $passContent = [System.Collections.ArrayList]@( - '', - '
', - 'List of Passed Rules', - '', - '## Passed Rules', - '', - '| RuleName | TargetName | Synopsis |', - '| :-- | :-- | :-- |' - ) - foreach ($content in $passedRules ) { - # Shorten the target name for deployment resoure type - if ($content.TargetType -eq 'Microsoft.Resources/deployments') { - $content.TargetName = $content.TargetName.replace('/home/runner/work/ResourceModules/ResourceModules/modules/', '') - } + if (($passedRules.Count -gt 0) -and -not $skipPassedRulesReport) { + # List of passed rules + $passContent = [System.Collections.ArrayList]@( + '', + '
', + 'List of Passed Rules', + '', + '## Passed Rules', + '', + '| RuleName | TargetName | Synopsis |', + '| :-- | :-- | :-- |' + ) + foreach ($content in $passedRules ) { + # Shorten the target name for deployment resoure type + if ($content.TargetType -eq 'Microsoft.Resources/deployments') { + $content.TargetName = $content.TargetName.replace('/home/runner/work/ResourceModules/ResourceModules/modules/', '') + } + + # Build hyperlinks to PSRule documentation for the rules + $TemplatesBaseUrl = 'https://azure.github.io/PSRule.Rules.Azure/en/rules' + try { + $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName + $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl + $resourceLink = '[{0}]({1})' -f $content.RuleName, $PSRuleReferenceUrl + } catch { + Write-Warning 'Unable to build url for rule [{0}]' -f $content.RuleName + $resourceLink = $content.RuleName + } + $passContent += ('| {0} | `{1}` | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) - # Build hyperlinks to PSRule documentation for the rules - $TemplatesBaseUrl = 'https://azure.github.io/PSRule.Rules.Azure/en/rules' - try { - $PSRuleReferenceUrl = '{0}/{1}' -f $TemplatesBaseUrl, $content.RuleName - $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl - $resourceLink = '[{0}]({1})' -f $content.RuleName, $PSRuleReferenceUrl - } catch { - Write-Warning 'Unable to build url for rule [{0}]' -f $content.RuleName - $resourceLink = $content.RuleName } - $passContent += ('| {0} | `{1}` | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) - + $passContent += [System.Collections.ArrayList]@( + '', + '
', + '' + ) + # Append to output + Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent } - $passContent += [System.Collections.ArrayList]@( - '', - '
', - '' - ) - # Append to output - Out-File -FilePath $outputFilePath -Append -NoClobber -InputObject $passContent } } From 9797e18720f3df9c11d3156627846ae8b0d9ce54 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 16:23:03 +0100 Subject: [PATCH 63/82] write warning --- .github/actions/templates/validateModulePSRule/action.yml | 4 ++-- .../pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index b2c2f6336b..27dbde3b81 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -142,8 +142,8 @@ runs: $mdPSRuleOutputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' if (-not (Test-Path $mdPSRuleOutputFilePath)) { - Write-Warning "Input File [$inputFilePath] not found" - return '' + Write-Warning ('Input File [{0}] not found' -f $mdPSRuleOutputFilePath) + return '' } else { Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY } diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 index 48f925c442..7ffccf4f99 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 @@ -42,7 +42,7 @@ function Set-PSRuleGitHubOutput { ########################################### if (-not (Test-Path $inputFilePath)) { - Write-Warning "Input File [$inputFilePath] not found" + Write-Warning ('Input File [{0}] not found' -f $inputFilePath) return '' } else { From 9c415fe710631e0539f2db354cd333efae6795f2 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 16:25:34 +0100 Subject: [PATCH 64/82] action shell --- .../templates/validateModulePSRule/action.yml | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 27dbde3b81..6c6683ab37 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -132,20 +132,18 @@ runs: - name: 'Output to GitHub job summaries' if: always() - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - # Grouping task logs - Write-Output '::group::Output to GitHub job summaries' + shell: pwsh + run: | + # Grouping task logs + Write-Output '::group::Output to GitHub job summaries' - $mdPSRuleOutputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' + $mdPSRuleOutputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' - if (-not (Test-Path $mdPSRuleOutputFilePath)) { - Write-Warning ('Input File [{0}] not found' -f $mdPSRuleOutputFilePath) - return '' - } else { - Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY - } + if (-not (Test-Path $mdPSRuleOutputFilePath)) { + Write-Warning ('Input File [{0}] not found' -f $mdPSRuleOutputFilePath) + return '' + } else { + Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY + } - Write-Output '::endgroup::' + Write-Output '::endgroup::' From 01c0ffc51369d6f86981dc86e86d5d7cf448deb2 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 16:34:46 +0100 Subject: [PATCH 65/82] update step --- .../actions/templates/validateModulePSRule/action.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 6c6683ab37..8946b3311b 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -118,18 +118,13 @@ runs: skipPassedRulesReport = $false } - Write-Verbose "Set PS Rule Output with following parameters:`n $($Input | ConvertTo-Json -Depth 10)" -Verbose + Write-Verbose "Set PS Rule Output with following parameters:`n $($ParameterInput | ConvertTo-Json -Depth 10)" -Verbose # Invoke Set PSRule Output Functionality $null = Set-PSRuleGitHubOutput @ParameterInput Write-Output '::endgroup::' - # - name: Output to GitHub job summaries - # if: always() - # shell: pwsh - # run: Get-Content '${{ inputs.templateFilePath}}-PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY - - name: 'Output to GitHub job summaries' if: always() shell: pwsh @@ -140,10 +135,11 @@ runs: $mdPSRuleOutputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' if (-not (Test-Path $mdPSRuleOutputFilePath)) { - Write-Warning ('Input File [{0}] not found' -f $mdPSRuleOutputFilePath) + Write-Warning ('Input file [{0}] not found' -f $mdPSRuleOutputFilePath) return '' } else { Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY + Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) } Write-Output '::endgroup::' From 71076ef2957599ac23f48ed987b4cefe1437c66d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 16:39:29 +0100 Subject: [PATCH 66/82] update step no grouping --- .github/actions/templates/validateModulePSRule/action.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 8946b3311b..c87cb844b7 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -129,9 +129,6 @@ runs: if: always() shell: pwsh run: | - # Grouping task logs - Write-Output '::group::Output to GitHub job summaries' - $mdPSRuleOutputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' if (-not (Test-Path $mdPSRuleOutputFilePath)) { @@ -139,7 +136,6 @@ runs: return '' } else { Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY - Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) + Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) -Verbose } - Write-Output '::endgroup::' From e9a11edbc1c4ae25359a91352e20cbe7fe0ab161 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 16:51:47 +0100 Subject: [PATCH 67/82] regroup --- .../templates/validateModulePSRule/action.yml | 4 ++++ .../workflows/platform.librarycheck.psrule.yml | 16 +++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index c87cb844b7..4cfdb5c730 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -129,6 +129,9 @@ runs: if: always() shell: pwsh run: | + # Grouping task logs + Write-Output '::group::Output to GitHub job summaries' + $mdPSRuleOutputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' if (-not (Test-Path $mdPSRuleOutputFilePath)) { @@ -139,3 +142,4 @@ runs: Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) -Verbose } + Write-Output '::endgroup::' diff --git a/.github/workflows/platform.librarycheck.psrule.yml b/.github/workflows/platform.librarycheck.psrule.yml index 20362bef06..92771e90d0 100644 --- a/.github/workflows/platform.librarycheck.psrule.yml +++ b/.github/workflows/platform.librarycheck.psrule.yml @@ -106,4 +106,18 @@ jobs: - name: Output to GitHub job summaries if: always() shell: pwsh - run: Get-Content '${{ env.modulesPath }}/PSRule-output.md' >> $env:GITHUB_STEP_SUMMARY + run: | + # Grouping task logs + Write-Output '::group::Output to GitHub job summaries' + + $mdPSRuleOutputFilePath = '${{ env.modulesPath }}/PSRule-output.md' + + if (-not (Test-Path $mdPSRuleOutputFilePath)) { + Write-Warning ('Input file [{0}] not found' -f $mdPSRuleOutputFilePath) + return '' + } else { + Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY + Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) -Verbose + } + + Write-Output '::endgroup::' From 352421cdf9a2a3449a70bdc905f1f014b38a6986 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 20:44:29 +0100 Subject: [PATCH 68/82] undo template comment --- .github/workflows/template.module.yml | 172 +++++++++++++------------- 1 file changed, 86 insertions(+), 86 deletions(-) diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index 6b729c6440..2e474c8788 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -25,27 +25,27 @@ env: TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}' jobs: - # ######################### - # # Static validation # - # ######################### - # job_module_static_validation: - # name: 'Static validation' - # runs-on: ubuntu-20.04 - # if: (fromJson(inputs.workflowInput)).staticValidation == 'true' - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Run tests' - # uses: ./.github/actions/templates/validateModulePester - # with: - # modulePath: '${{ inputs.modulePath }}' - # moduleTestFilePath: '${{ env.moduleTestFilePath }}' + ######################### + # Static validation # + ######################### + job_module_static_validation: + name: 'Static validation' + runs-on: ubuntu-20.04 + if: (fromJson(inputs.workflowInput)).staticValidation == 'true' + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ inputs.modulePath }}' + moduleTestFilePath: '${{ env.moduleTestFilePath }}' ######################### # PSRule validation # @@ -71,69 +71,69 @@ jobs: subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # ############################# - # # Deployment validation # - # ############################# - # job_module_deploy_validation: - # name: 'Deployment validation' - # runs-on: ubuntu-20.04 - # if: | - # !cancelled() && - # (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && - # needs.job_module_static_validation.result != 'failure' - # needs: - # - job_module_static_validation - # # - job_psrule_test # Ignoring dependency whilst PSRule gets bedded in, in this project - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # location: '${{ env.location }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ fromJson(inputs.workflowInput).removeDeployment }}' + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + name: 'Deployment validation' + runs-on: ubuntu-20.04 + if: | + !cancelled() && + (fromJson(inputs.workflowInput)).deploymentValidation == 'true' && + needs.job_module_static_validation.result != 'failure' + needs: + - job_module_static_validation + # - job_psrule_test # Ignoring dependency whilst PSRule gets bedded in, in this project + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJson(inputs.moduleTestFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ inputs.modulePath }}/${{ matrix.moduleTestFilePaths }}' + location: '${{ env.location }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ fromJson(inputs.workflowInput).removeDeployment }}' - # ################## - # # Publishing # - # ################## - # job_publish_module: - # name: 'Publishing' - # runs-on: ubuntu-20.04 - # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' - # needs: - # - job_module_deploy_validation - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Publishing' - # uses: ./.github/actions/templates/publishModule - # with: - # templateFilePath: '${{ inputs.modulePath }}/deploy.bicep' - # templateSpecsRGName: '${{ env.templateSpecsRGName }}' - # templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - # templateSpecsDescription: '${{ env.templateSpecsDescription }}' - # templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - # bicepRegistryName: '${{ env.bicepRegistryName }}' - # bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - # bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - # bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' - # publishLatest: '${{ env.publishLatest }}' + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + runs-on: ubuntu-20.04 + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || fromJson(inputs.workflowInput).prerelease == 'true' + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ inputs.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + publishLatest: '${{ env.publishLatest }}' From 30208f088ebeca8ff8ec830c8e3aee9d62ff68f4 Mon Sep 17 00:00:00 2001 From: Erika Gressi <56914614+eriqua@users.noreply.github.com> Date: Fri, 17 Feb 2023 20:47:51 +0100 Subject: [PATCH 69/82] Update .github/actions/templates/validateModulePSRule/action.yml Co-authored-by: Alexander Sehr --- .github/actions/templates/validateModulePSRule/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index 4cfdb5c730..e6c63df0cb 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -118,7 +118,7 @@ runs: skipPassedRulesReport = $false } - Write-Verbose "Set PS Rule Output with following parameters:`n $($ParameterInput | ConvertTo-Json -Depth 10)" -Verbose + Write-Verbose ('Set PS Rule Output with following parameters:`n{0}' -f (ConvertTo-Json $ParameterInput -Depth 10)) -Verbose # Invoke Set PSRule Output Functionality $null = Set-PSRuleGitHubOutput @ParameterInput From 7787a611505bb690448512eb76f23a7035b772f2 Mon Sep 17 00:00:00 2001 From: Erika Gressi <56914614+eriqua@users.noreply.github.com> Date: Fri, 17 Feb 2023 20:48:12 +0100 Subject: [PATCH 70/82] Update .github/actions/templates/validateModulePSRule/action.yml Co-authored-by: Alexander Sehr --- .github/actions/templates/validateModulePSRule/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index e6c63df0cb..68f52a4d58 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -132,7 +132,7 @@ runs: # Grouping task logs Write-Output '::group::Output to GitHub job summaries' - $mdPSRuleOutputFilePath = '${{ inputs.templateFilePath}}-PSRule-output.md' + $mdPSRuleOutputFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ inputs.templateFilePath}}-PSRule-output.md' if (-not (Test-Path $mdPSRuleOutputFilePath)) { Write-Warning ('Input file [{0}] not found' -f $mdPSRuleOutputFilePath) From 69f7c2ca1f377456230d5233f24b6fcd4fde0163 Mon Sep 17 00:00:00 2001 From: Erika Gressi <56914614+eriqua@users.noreply.github.com> Date: Fri, 17 Feb 2023 20:49:00 +0100 Subject: [PATCH 71/82] Update .github/workflows/platform.librarycheck.psrule.yml Co-authored-by: Alexander Sehr --- .github/workflows/platform.librarycheck.psrule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/platform.librarycheck.psrule.yml b/.github/workflows/platform.librarycheck.psrule.yml index 92771e90d0..1edab024ab 100644 --- a/.github/workflows/platform.librarycheck.psrule.yml +++ b/.github/workflows/platform.librarycheck.psrule.yml @@ -110,7 +110,7 @@ jobs: # Grouping task logs Write-Output '::group::Output to GitHub job summaries' - $mdPSRuleOutputFilePath = '${{ env.modulesPath }}/PSRule-output.md' + $mdPSRuleOutputFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}/PSRule-output.md' if (-not (Test-Path $mdPSRuleOutputFilePath)) { Write-Warning ('Input file [{0}] not found' -f $mdPSRuleOutputFilePath) From eb44755c7772e5707ef354ef849e23cba7958dee Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 20:51:17 +0100 Subject: [PATCH 72/82] remove script init --- .../pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 index 7ffccf4f99..f483042d1a 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 @@ -48,8 +48,8 @@ function Set-PSRuleGitHubOutput { $results = Import-Csv -Path $inputFilePath - $passedRules = @() - $failedRules = @() + # $passedRules = @() + # $failedRules = @() $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } From 5310ea5553fe9831af8fcb683f2645e1c6327c3f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 17 Feb 2023 20:55:01 +0100 Subject: [PATCH 73/82] psrule job name --- .github/workflows/platform.librarycheck.psrule.yml | 2 +- .github/workflows/template.module.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/platform.librarycheck.psrule.yml b/.github/workflows/platform.librarycheck.psrule.yml index 1edab024ab..a739222ada 100644 --- a/.github/workflows/platform.librarycheck.psrule.yml +++ b/.github/workflows/platform.librarycheck.psrule.yml @@ -12,7 +12,7 @@ env: jobs: psrule: - name: PSRule + name: 'PSRule validation' runs-on: ubuntu-20.04 steps: # Analyze module library with PSRule diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index 2e474c8788..7c47a0f9fd 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -51,7 +51,7 @@ jobs: # PSRule validation # ######################### job_psrule_test: - name: 'PSRule pre-flight validation' + name: 'PSRule validation' runs-on: ubuntu-20.04 strategy: fail-fast: false From 11c72971fb075840c1039d872c524d9d87e3c9e3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 20 Feb 2023 09:37:24 +0100 Subject: [PATCH 74/82] cleanup --- .../pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 index f483042d1a..95848c53f6 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleGitHubOutput.ps1 @@ -48,9 +48,6 @@ function Set-PSRuleGitHubOutput { $results = Import-Csv -Path $inputFilePath - # $passedRules = @() - # $failedRules = @() - $passedRules += $results | Where-Object { $_.Outcome -EQ 'Pass' } $failedRules += $results | Where-Object { $_.Outcome -EQ 'Fail' } From c87ee2a547c1dfb30f4b0674f47067e92ab7c031 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 20 Feb 2023 09:43:24 +0100 Subject: [PATCH 75/82] condition --- .github/workflows/template.module.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/template.module.yml b/.github/workflows/template.module.yml index 7c47a0f9fd..9d85af6037 100644 --- a/.github/workflows/template.module.yml +++ b/.github/workflows/template.module.yml @@ -53,6 +53,7 @@ jobs: job_psrule_test: name: 'PSRule validation' runs-on: ubuntu-20.04 + if: (fromJson(inputs.workflowInput)).staticValidation == 'true' strategy: fail-fast: false matrix: From 87702992d7f8b4366afa57367b6dcadf48f4846e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 21 Feb 2023 11:35:14 +0100 Subject: [PATCH 76/82] psrule on diff --- .github/workflows/platform.prcheck.psrule.yml | 125 ++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 .github/workflows/platform.prcheck.psrule.yml diff --git a/.github/workflows/platform.prcheck.psrule.yml b/.github/workflows/platform.prcheck.psrule.yml new file mode 100644 index 0000000000..eb1e02d7cc --- /dev/null +++ b/.github/workflows/platform.prcheck.psrule.yml @@ -0,0 +1,125 @@ +name: '.Platform: PR Check PSRule pre-flight validation' + +on: + pull_request: + branches: + - main + +env: + variablesPath: 'settings.yml' + modulesPath: 'modules' + TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}' + +jobs: + psrule: + name: 'PSRule validation' + runs-on: ubuntu-20.04 + steps: + # Analyze module library with PSRule + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Get File Path List + $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' + $moduleTestFiles = [System.Collections.ArrayList]@() + $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = $moduleTestFiles + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs -verbose + + Write-Output '::endgroup::' + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.4.0 + continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + env: + PSRULE_INPUT_IGNOREUNCHANGEDPATH: true + with: + modules: 'PSRule.Rules.Azure' + inputPath: '${{ env.modulesPath }}/' + outputFormat: Csv + outputPath: '${{ env.modulesPath }}/PSRule-output.csv' + - name: 'Parse CSV content' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + # Grouping task logs + Write-Output '::group::Parse CSV content' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleGitHubOutput.ps1') + + # Populate parameter input + $ParameterInput = @{ + inputFilePath = '${{ env.modulesPath }}/PSRule-output.csv' + outputFilePath = '${{ env.modulesPath }}/PSRule-output.md' + skipPassedRulesReport = $true + } + + # Invoke function + $null = Set-PSRuleGitHubOutput @ParameterInput + + Write-Output '::endgroup::' + - name: Output to GitHub job summaries + if: always() + shell: pwsh + run: | + # Grouping task logs + Write-Output '::group::Output to GitHub job summaries' + + $mdPSRuleOutputFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}/PSRule-output.md' + + if (-not (Test-Path $mdPSRuleOutputFilePath)) { + Write-Warning ('Input file [{0}] not found' -f $mdPSRuleOutputFilePath) + return '' + } else { + Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY + Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) -Verbose + } + + Write-Output '::endgroup::' From 7a4057acce246717b5dc38d32d203b8e0763722a Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 21 Feb 2023 11:44:58 +0100 Subject: [PATCH 77/82] remove token replacement --- .github/workflows/platform.prcheck.psrule.yml | 110 +++++++++--------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/.github/workflows/platform.prcheck.psrule.yml b/.github/workflows/platform.prcheck.psrule.yml index eb1e02d7cc..22637cf829 100644 --- a/.github/workflows/platform.prcheck.psrule.yml +++ b/.github/workflows/platform.prcheck.psrule.yml @@ -18,61 +18,61 @@ jobs: # Analyze module library with PSRule - name: Checkout uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Get File Path List - $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' - $moduleTestFiles = [System.Collections.ArrayList]@() - $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = $moduleTestFiles - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs -verbose - - Write-Output '::endgroup::' + # - name: Set environment variables + # uses: ./.github/actions/templates/setEnvironmentVariables + # with: + # variablesPath: ${{ env.variablesPath }} + # - name: 'Replace tokens in template file' + # uses: azure/powershell@v1 + # with: + # azPSVersion: 'latest' + # inlineScript: | + # # Grouping task logs + # Write-Output '::group::Replace tokens in template file' + + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # # Populate tokens + # $Tokens = @{ + # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + # tenantId = '${{ env.ARM_TENANT_ID }}' + # } + + # ## Add local (source control) tokens + # $tokenMap = @{} + # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + # } + # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + # $Tokens += $tokenMap + + # ## Swap 'namePrefix' token if empty and provided as a GitHub secret + # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + # } + + # # Get File Path List + # $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' + # $moduleTestFiles = [System.Collections.ArrayList]@() + # $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name + + # # Construct Token Function Input + # $ConvertTokensInputs = @{ + # FilePathList = $moduleTestFiles + # Tokens = $Tokens + # TokenPrefix = '${{ env.tokenPrefix }}' + # TokenSuffix = '${{ env.tokenSuffix }}' + # } + + # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # # Invoke Token Replacement Functionality [For Module] + # $null = Convert-TokensInFileList @ConvertTokensInputs -verbose + + # Write-Output '::endgroup::' - name: Run PSRule analysis uses: microsoft/ps-rule@v2.4.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project From c9e77cfe8802ddee11dfbb362a330eb35f048aa4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 21 Feb 2023 11:56:05 +0100 Subject: [PATCH 78/82] bump version --- .github/workflows/platform.prcheck.psrule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/platform.prcheck.psrule.yml b/.github/workflows/platform.prcheck.psrule.yml index 22637cf829..2b815f49d3 100644 --- a/.github/workflows/platform.prcheck.psrule.yml +++ b/.github/workflows/platform.prcheck.psrule.yml @@ -74,7 +74,7 @@ jobs: # Write-Output '::endgroup::' - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 + uses: microsoft/ps-rule@v2.7.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project env: PSRULE_INPUT_IGNOREUNCHANGEDPATH: true From 97af2003be86aeb1fe05932cf1537bada2aa6538 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 21 Feb 2023 12:01:08 +0100 Subject: [PATCH 79/82] ignoreUnchangedPath yaml --- ps-rule.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/ps-rule.yaml b/ps-rule.yaml index 1efe9161f8..cc7ec995da 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -37,6 +37,7 @@ input: - '**/*' # Do not ignore tests. - '!modules/**/*.test.bicep' + ignoreUnchangedPath: true configuration: # Enable automatic expansion of Azure parameter files. From dd54271dafb10cefb486ab9620c2abae01f6b79f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 21 Feb 2023 12:04:09 +0100 Subject: [PATCH 80/82] token replacement --- .github/workflows/platform.prcheck.psrule.yml | 114 +++++++++--------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/.github/workflows/platform.prcheck.psrule.yml b/.github/workflows/platform.prcheck.psrule.yml index 2b815f49d3..56ec50acb7 100644 --- a/.github/workflows/platform.prcheck.psrule.yml +++ b/.github/workflows/platform.prcheck.psrule.yml @@ -18,66 +18,66 @@ jobs: # Analyze module library with PSRule - name: Checkout uses: actions/checkout@v3 - # - name: Set environment variables - # uses: ./.github/actions/templates/setEnvironmentVariables - # with: - # variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Get File Path List - # $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' - # $moduleTestFiles = [System.Collections.ArrayList]@() - # $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = $moduleTestFiles - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs -verbose - - # Write-Output '::endgroup::' + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Replace tokens in template file' + uses: azure/powershell@v1 + with: + azPSVersion: 'latest' + inlineScript: | + # Grouping task logs + Write-Output '::group::Replace tokens in template file' + + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') + + # Populate tokens + $Tokens = @{ + subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' + tenantId = '${{ env.ARM_TENANT_ID }}' + } + + ## Add local (source control) tokens + $tokenMap = @{} + foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { + $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } + } + Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose + $Tokens += $tokenMap + + ## Swap 'namePrefix' token if empty and provided as a GitHub secret + if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ + Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose + $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' + } + + # Get File Path List + $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' + $moduleTestFiles = [System.Collections.ArrayList]@() + $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name + + # Construct Token Function Input + $ConvertTokensInputs = @{ + FilePathList = $moduleTestFiles + Tokens = $Tokens + TokenPrefix = '${{ env.tokenPrefix }}' + TokenSuffix = '${{ env.tokenSuffix }}' + } + + Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose + + # Invoke Token Replacement Functionality [For Module] + $null = Convert-TokensInFileList @ConvertTokensInputs -verbose + + Write-Output '::endgroup::' - name: Run PSRule analysis uses: microsoft/ps-rule@v2.7.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - env: - PSRULE_INPUT_IGNOREUNCHANGEDPATH: true + # env: + # PSRULE_INPUT_IGNOREUNCHANGEDPATH: true with: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulesPath }}/' From cacc7cd4a19b897761433165a064e2449257238e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 21 Feb 2023 14:06:49 +0100 Subject: [PATCH 81/82] ignoreUnchangedPath --- ps-rule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index cc7ec995da..f5fcaa2201 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -32,12 +32,12 @@ output: - 'en-US' input: + ignoreUnchangedPath: true pathIgnore: # Ignore other files in the repository. - '**/*' # Do not ignore tests. - '!modules/**/*.test.bicep' - ignoreUnchangedPath: true configuration: # Enable automatic expansion of Azure parameter files. From 7e8b2cee70b223ba34ebb00e1d77031aa205b21f Mon Sep 17 00:00:00 2001 From: Erika Gressi <56914614+eriqua@users.noreply.github.com> Date: Sat, 1 Apr 2023 16:54:51 +0200 Subject: [PATCH 82/82] Update platform.prcheck.psrule.yml --- .github/workflows/platform.prcheck.psrule.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/platform.prcheck.psrule.yml b/.github/workflows/platform.prcheck.psrule.yml index 56ec50acb7..17bbb12846 100644 --- a/.github/workflows/platform.prcheck.psrule.yml +++ b/.github/workflows/platform.prcheck.psrule.yml @@ -74,10 +74,10 @@ jobs: Write-Output '::endgroup::' - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.7.0 + uses: microsoft/ps-rule@v2.8.0 continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - # env: - # PSRULE_INPUT_IGNOREUNCHANGEDPATH: true + env: + PSRULE_INPUT_IGNOREUNCHANGEDPATH: true with: modules: 'PSRule.Rules.Azure' inputPath: '${{ env.modulesPath }}/'