diff --git a/.github/actions/templates/validateModulePSRule/action.yml b/.github/actions/templates/validateModulePSRule/action.yml index aae731530c..2696c0b87c 100644 --- a/.github/actions/templates/validateModulePSRule/action.yml +++ b/.github/actions/templates/validateModulePSRule/action.yml @@ -13,8 +13,9 @@ ## |==================================================================================================================================================| ## | Parameter | Required | Default | Description | Example | ## |--------------------------|----------|---------|--------------------------------------|-----------------------------------------------------------| -## | modulePath | true | '' | The path to the module's folder | 'modules/Microsoft.ApiManagement/service' | ## | moduleTestFilePath | true | '' | The path to the module PSRule tests. | 'utilities/pipelines/staticValidation/module.tests.ps1' | +## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | +## | managementGroupId | false | '' | The managementGroupId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | ## |==================================================================================================================================================| ## ##---------------------------------------------## diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index d6ec346e70..e7a5b9e66b 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -85,11 +85,11 @@ jobs: name: 'PsRule pre-flight validation' runs-on: ubuntu-latest needs: - - job_initialize_pipeline - # strategy: - # fail-fast: false - # matrix: - # moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + - job_initialize_pipeline + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - name: Checkout uses: actions/checkout@v3 @@ -97,72 +97,12 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - # - name: 'Replace tokens in template file' - # uses: azure/powershell@v1 - # with: - # azPSVersion: 'latest' - # inlineScript: | - # $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # # Grouping task logs - # Write-Output '::group::Replace tokens in template file' - - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # # Populate tokens - # $Tokens = @{ - # resourceGroupName = '${{ env.resourceGroupName }}' - # subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - # tenantId = '${{ env.ARM_TENANT_ID }}' - # } - - # ## Add local (source control) tokens - # $tokenMap = @{} - # foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - # $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - # } - # Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - # $Tokens += $tokenMap - - # ## Swap 'namePrefix' token if empty and provided as a GitHub secret - # if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - # Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - # $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - # } - - # # Construct Token Function Input - # $ConvertTokensInputs = @{ - # FilePathList = @($templateFilePath) - # Tokens = $Tokens - # TokenPrefix = '${{ env.tokenPrefix }}' - # TokenSuffix = '${{ env.tokenSuffix }}' - # } - - # Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # # Invoke Token Replacement Functionality [For Module] - # $null = Convert-TokensInFileList @ConvertTokensInputs - - # Write-Output '::endgroup::' - - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project + - name: Set PSRule validation + uses: ./.github/actions/templates/validateModulePSRule with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/' - outputFormat: Csv - outputPath: '${{ env.modulePath }}-output.csv' - - - name: Output to Github Logs - if: always() - run: cat '${{ env.modulePath }}-output.csv' - - - name: Output to Github summaries - if: always() - run: cat '${{ env.modulePath }}-output.csv' >> $GITHUB_STEP_SUMMARY + moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' # ############################# # # Deployment validation # diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 9109ada5a4..1ae28606d7 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -100,7 +100,6 @@ jobs: - name: Set PSRule validation uses: ./.github/actions/templates/validateModulePSRule with: - modulePath: ${{ env.modulePath }} moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index c1bb79b548..6dd3f78b7a 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -85,74 +85,24 @@ jobs: name: 'PsRule pre-flight validation' runs-on: ubuntu-latest needs: - - job_initialize_pipeline + - job_initialize_pipeline strategy: fail-fast: false matrix: moduleTestFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set environment variables - uses: ./.github/actions/templates/setEnvironmentVariables - with: - variablesPath: ${{ env.variablesPath }} - - name: 'Replace tokens in template file' - uses: azure/powershell@v1 - with: - azPSVersion: 'latest' - inlineScript: | - $templateFilePath = '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' - # Grouping task logs - Write-Output '::group::Replace tokens in template file' - - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') - - # Populate tokens - $Tokens = @{ - resourceGroupName = '${{ env.resourceGroupName }}' - subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' - tenantId = '${{ env.ARM_TENANT_ID }}' - } - - ## Add local (source control) tokens - $tokenMap = @{} - foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { - $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } - } - Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose - $Tokens += $tokenMap - - ## Swap 'namePrefix' token if empty and provided as a GitHub secret - if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ - Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose - $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' - } - - # Construct Token Function Input - $ConvertTokensInputs = @{ - FilePathList = @($templateFilePath) - Tokens = $Tokens - TokenPrefix = '${{ env.tokenPrefix }}' - TokenSuffix = '${{ env.tokenSuffix }}' - } - - Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose - - # Invoke Token Replacement Functionality [For Module] - $null = Convert-TokensInFileList @ConvertTokensInputs - - Write-Output '::endgroup::' - - # Run analysis by using the PSRule GitHub action. - - name: Run PSRule analysis - uses: microsoft/ps-rule@v2.4.0 - # continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project - with: - modules: 'PSRule.Rules.Azure' - inputPath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + - name: Checkout + uses: actions/checkout@v3 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: Set PSRule validation + uses: ./.github/actions/templates/validateModulePSRule + with: + moduleTestFilePath: ${{ matrix.moduleTestFilePaths }} + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' # ############################# # # Deployment validation # diff --git a/ps-rule.yaml b/ps-rule.yaml index 5d6208f63d..7c66b607a7 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -57,10 +57,10 @@ configuration: rule: # Enable custom rules that don't exist in the baseline includeLocal: false - exclude: - # Ignore the following rules for all resources - - Azure.KeyVault.PurgeProtect - - Azure.Resource.UseTags + #exclude: + # Ignore the following rules for all resources + # - Azure.KeyVault.PurgeProtect + # - Azure.Resource.UseTags # Suppression ignores rules for a specific Azure resource by name. # suppression: # Azure.Resource.UseTags: diff --git a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 index be9e296736..0a8b0a7aa4 100644 --- a/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 +++ b/utilities/pipelines/PSRuleValidation/Set-PSRuleOutput.ps1 @@ -24,7 +24,7 @@ $headerTable = [System.Collections.ArrayList]@( '# Output Summary ', '', - '| Total No. of Rules Processed | Rules Passed :white_check_mark: | Rules Failed :x: |', + '| Total No. of Processed Rules| Passed Rules :white_check_mark: | Failed Rules :x: |', '| :-- | :-- | :-- |' ) @@ -41,10 +41,10 @@ #Create Failing table $failContent = [System.Collections.ArrayList]@( - '# Rules Failed', + '# Failed Rules', '', '
', - 'Rules Failed', + 'Failed Rules', '', '| RuleName | TargetName | Synopsis |', '| :-- | :-- | :-- |' @@ -82,10 +82,10 @@ if ($passedRules.Count -gt 0) { $passContent = [System.Collections.ArrayList]@( - '# Rules Passed', + '# Passed Rules', '', '
', - 'Rules Passed', + 'Passed Rules', '', '', '| RuleName | TargetName | Synopsis |', @@ -109,7 +109,7 @@ $resourceLink = $content.RuleName } - $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) + $passContent += ('| {0} | {1} | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis) } $passContent += [System.Collections.ArrayList]@(