Azure · eriqua · Sep 19, 2022 · Sep 19, 2022 · Sep 19, 2022 · Sep 19, 2022
@@ -0,0 +1,125 @@
+name: '.Platform: PR Check PSRule pre-flight validation'
+
+on:
+  pull_request:
+    branches:
+      - main
+
+env:
+  variablesPath: 'settings.yml'
+  modulesPath: 'modules'
+  TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}'
+
+jobs:
+  psrule:
+    name: 'PSRule validation'
+    runs-on: ubuntu-20.04
+    steps:
+      # Analyze module library with PSRule
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set environment variables
+        uses: ./.github/actions/templates/setEnvironmentVariables
+        with:
+          variablesPath: ${{ env.variablesPath }}
+      - name: 'Replace tokens in template file'
+        uses: azure/powershell@v1
+        with:
+          azPSVersion: 'latest'
+          inlineScript: |
+            # Grouping task logs
+            Write-Output '::group::Replace tokens in template file'
+
+            # Load used functions
+            . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1')
+
+            # Populate tokens
+            $Tokens = @{
+              subscriptionId    = '${{ secrets.ARM_SUBSCRIPTION_ID }}'
+              managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}'
+              tenantId          = '${{ env.ARM_TENANT_ID }}'
+            }
+
+            ## Add local (source control) tokens
+            $tokenMap = @{}
+            foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) {
+              $tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value }
+            }
+            Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose
+            $Tokens += $tokenMap
+
+            ## Swap 'namePrefix' token if empty and provided as a GitHub secret
+            if([String]::IsNullOrEmpty($Tokens['namePrefix'])){
+              Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose
+              $Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}'
+            }
+
+            # Get File Path List
+            $modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}'
+            $moduleTestFiles = [System.Collections.ArrayList]@()
+            $moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name
+
+            # Construct Token Function Input
+            $ConvertTokensInputs = @{
+              FilePathList = $moduleTestFiles
+              Tokens       = $Tokens
+              TokenPrefix  = '${{ env.tokenPrefix }}'
+              TokenSuffix  = '${{ env.tokenSuffix }}'
+            }
+
+            Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose
+
+            # Invoke Token Replacement Functionality [For Module]
+            $null = Convert-TokensInFileList @ConvertTokensInputs -verbose
+
+            Write-Output '::endgroup::'
+      - name: Run PSRule analysis
+        uses: microsoft/[email protected]
+        continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project
+        env:
+          PSRULE_INPUT_IGNOREUNCHANGEDPATH: true
+        with:
+          modules: 'PSRule.Rules.Azure'
+          inputPath: '${{ env.modulesPath }}/'
+          outputFormat: Csv
+          outputPath: '${{ env.modulesPath }}/PSRule-output.csv'
+      - name: 'Parse CSV content'
+        uses: azure/powershell@v1
+        with:
+          azPSVersion: 'latest'
+          inlineScript: |
+            # Grouping task logs
+            Write-Output '::group::Parse CSV content'
+
+            # Load used functions
+            . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleGitHubOutput.ps1')
+
+            # Populate parameter input
+            $ParameterInput = @{
+              inputFilePath           = '${{ env.modulesPath }}/PSRule-output.csv'
+              outputFilePath          = '${{ env.modulesPath }}/PSRule-output.md'
+              skipPassedRulesReport   = $true
+            }
+
+            # Invoke function
+            $null = Set-PSRuleGitHubOutput @ParameterInput
+
+            Write-Output '::endgroup::'
+      - name: Output to GitHub job summaries
+        if: always()
+        shell: pwsh
+        run: |
+          # Grouping task logs
+          Write-Output '::group::Output to GitHub job summaries'
+
+          $mdPSRuleOutputFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}/PSRule-output.md'
+
+          if (-not (Test-Path $mdPSRuleOutputFilePath)) {
+            Write-Warning ('Input file [{0}] not found' -f $mdPSRuleOutputFilePath)
+            return ''
+          } else {
+            Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY
+            Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) -Verbose
+          }
+
+          Write-Output '::endgroup::'
@@ -32,6 +32,7 @@ output:
     - 'en-US'
 
 input:
+  ignoreUnchangedPath: true
   pathIgnore:
     # Ignore other files in the repository.
     - '**/*'
-Original file line number
+Diff line change
@@ Expand Up / @@ -32,6 +32,7 @@ output: @@
         - 'en-US'
     input:
+      ignoreUnchangedPath: true
       pathIgnore:
         # Ignore other files in the repository.
         - '**/*'
@@ Expand Down @@