Merge branch 'Entity-Work-#5-Diana's-Half' of https://github.com/Azur…

…e/Azure-Sentinel into Entity-Work-#5-Diana's-Half

.azure-pipelines/kqlValidations.yaml

@@ -12,10 +12,20 @@ jobs:
       inputs:
         packageType: 'sdk'
         version: '$(dotnetSdkVersion)'
+    - task: AzureKeyVault@2
+      inputs:
+        keyVaultName: 'keyvaultforcatgithub'
+        secretsFilter: 'GITHUBAPPID,GITHUBAPPINSTALLATIONID,GITHUBAPPPRIVATEKEY'
+        ConnectedServiceName: 'eco-connector-test-service-connection'
+        runAsPreJob: true
     - task: DotNetCoreCLI@2
       displayName: 'Run kql validation tests'
+      env:
+        GITHUBAPPID: $(GITHUBAPPID)
+        GITHUBAPPINSTALLATIONID: $(GITHUBAPPINSTALLATIONID)
+        GITHUBAPPPRIVATEKEY: $(GITHUBAPPPRIVATEKEY)
       inputs:
         command: 'test'
         arguments: '--configuration $(buildConfiguration)'
         publishTestResults: true
-        projects: '**/Kqlvalidations.Tests.csproj'
+        projects: '**/Kqlvalidations.Tests.csproj'

.github/workflows/package-command.yaml

@@ -2,144 +2,111 @@ name: Package Command
 env:
   APPINSIGHTS: "${{ vars.APPINSIGHTS }}"
   DEFAULTPACKAGEVERSION: "${{ vars.DEFAULTPACKAGEVERSION }}"
-  BLOB_CONN_STRING: "${{ secrets.BLOB_CONN_STRING }}"
   BASE_FOLDER_PATH: "${{ vars.BASEFOLDERPATH }}"
   BRANCH_NAME: "${{ github.event.client_payload.pull_request.head.ref || github.event.client_payload.pullRequestBranchName }}"
-  ADO_TOKEN: "${{ secrets.ADO_TOKEN }}"
-  ADO_BASE_URL: "${{ vars.ADO_BASE_URL }}"
-  ADO_AREAPATH: "${{ vars.ADO_AREAPATH }}"
-  ADO_TEAMPROJECT: "${{ vars.ADO_TEAMPROJECT }}"
-  ADO_PARENT_LINK: "${{ vars.ADO_PARENT_LINK }}"
-  GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-  PAT_TOKEN: ${{ secrets.PAT }}
+  GITHUB_APPS_ID: "${{ secrets.APPLICATION_ID }}"
+  GITHUB_APPS_KEY: "${{ secrets.APPLICATION_PRIVATE_KEY }}"
 
 on:
   repository_dispatch:
     types: [package-command, Package-command, PACKAGE-command]
-jobs:
-  solutionNameDetails:
-    if: ${{ !github.event.pull_request.head.repo.fork && !contains(github.event.client_payload.pull_request.head.ref , 'dependabot/') && !contains(github.event.client_payload.pullRequestBranchName , 'dependabot/') }}
-    uses: ./.github/workflows/getSolutionName.yaml
-    secrets: inherit
 
-  # BELOW JOB WILL CHECK IF WE NEED TO SKIP PACKAGE CREATION OR NOT
-  checkSkipPackagingDetails:
-    if: ${{ needs.solutionNameDetails.outputs.solutionName != '' && !github.event.pull_request.head.repo.fork }}
-    uses: ./.github/workflows/checkSkipPackagingInfo.yaml
-    secrets: inherit
-    needs: solutionNameDetails
-    with: 
-      solutionName: "${{ needs.solutionNameDetails.outputs.solutionName }}"
+concurrency:
+  group: "GroupName-PackageCommand-${{ github.event.client_payload.pull_request.number || github.run_id }}"
+  cancel-in-progress: true
 
-  neworexistingsolution:
-    needs: [solutionNameDetails, checkSkipPackagingDetails]
-    uses: ./.github/workflows/neworexistingsolution.yaml
-    if: ${{ needs.solutionNameDetails.outputs.solutionName != '' && needs.checkSkipPackagingDetails.outputs.isPackagingRequired == 'True' }}
-    with: 
-      solutionName: "${{ needs.solutionNameDetails.outputs.solutionName }}"
-    secrets: inherit
+permissions:
+  contents: write
+  pull-requests: write
 
-  createpackage:
+jobs:
+  validate-and-create-package:
+    if: ${{ !github.event.pull_request.head.repo.fork && !contains(github.event.client_payload.pull_request.head.ref , 'dependabot/') && !contains(github.event.client_payload.pullRequestBranchName , 'dependabot/') }}
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs: [solutionNameDetails, neworexistingsolution]
-    env:
-      RUNID: "${{ github.run_id }}" 
-      PULL_REQUEST_NUMBER: "${{ github.event.client_payload.pull_request.number && github.event.client_payload.pull_request.number || github.event.client_payload.pullRequestNumber }}"
-      SOLUTION_NAME: "${{ needs.solutionNameDetails.outputs.solutionName }}"
-      SOLUTION_SUPPORTED_BY: "${{ needs.neworexistingsolution.outputs.solutionSupportedBy }}"
-      SOLUTION_OFFER_ID: "${{ needs.neworexistingsolution.outputs.solutionOfferId }}"
-      IS_NEW_SOLUTION: "${{ needs.neworexistingsolution.outputs.isNewSolution }}"
-    outputs:
-      isCreatePackage: ${{ steps.step1.outputs.isCreatePackage }}
-      packageCreationPath: "${{ steps.step1.outputs.packageCreationPath }}"
-      packageVersion: "${{ steps.step1.outputs.packageVersion }}"
-      blobName: "${{ steps.step1.outputs.blobName }}"
-      dataFileLink: "${{ steps.step1.outputs.dataFileLink }}"
-      dataFolderPath: "${{ steps.step1.outputs.dataFolderPath }}"
-      solutionBaseFolderPath: "${{ steps.step1.outputs.solutionBaseFolderPath }}"
-      dataInputFileName: "${{ steps.step1.outputs.dataInputFileName }}"
     steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@46e4a501e119d39574a54e53a06c9a705efc55c9
+        with:
+          app-id: ${{ env.GITHUB_APPS_ID }}
+          private-key: ${{ env.GITHUB_APPS_KEY }}
+
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
+        env:
+          GeneratedToken: ${{ steps.generate_token.outputs.token }}
         with:
+          ref: "${{ env.BRANCH_NAME }}"
           fetch-depth: 2
-          ref: ${{ env.BRANCH_NAME }}
-          token: ${{ env.PAT_TOKEN }}
-      - shell: pwsh
-        id: step1
-        name: Check & Initiate Package Creation Process
-        run: |
-          $instrumentationKey = "${{ env.APPINSIGHTS }}"
-          $defaultPackageVersion = "${{ vars.defaultPackageVersion }}"
-          $solutionSupportedBy = "${{ env.SOLUTION_SUPPORTED_BY }}"
-          $solutionOfferId = "${{ env.SOLUTION_OFFER_ID }}"
-          $runId = "${{ env.RUNID }}"
-          $solutionName = "${{ needs.solutionNameDetails.outputs.solutionName }}"
-          $pullRequestNumber = "${{ github.event.client_payload.pull_request.number && github.event.client_payload.pull_request.number || github.event.client_payload.pullRequestNumber }}"
-          $isNewSolution = "${{ env.IS_NEW_SOLUTION }}"
-
-          Write-Host "RunId = $runId, defaultPackageVersion = $defaultPackageVersion, solutionOfferId = $solutionOfferId, SOLUTION_NAME = $solutionName, PULL_REQUEST_NUMBER = $pullRequestNumber, isNewSolution = $isNewSolution"
-          . ./Tools/Create-Azure-Sentinel-Solution/common/LogAppInsights.ps1
-          try
-          {
-            $customProperties = @{ 'RunId'="$runId"; 'PullRequestNumber'="$pullRequestNumber"; 'EventName'="Create Package"; 'IsNewSolution'='$isNewSolution';'SolutionOfferId'='$solutionOfferId';'SolutionSupportedBy'='$solutionSupportedBy';'SolutionName'='$solutionName'; }
-            Send-AppInsightsEventTelemetry -InstrumentationKey $instrumentationKey -EventName "Create Package" -CustomProperties $customProperties
-
-            if ($solutionName -eq '' -or $null -eq $solutionName)
-            {
-              Write-Output "::warning:: Package-Creation : Skipping as Solution name is blank."
-              Send-AppInsightsTraceTelemetry -InstrumentationKey $instrumentationKey -Message "Execution for create-package started and received blank solutionName for Job Run Id : $runId" -Severity Information -CustomProperties $customProperties
-            }
-            else
-            {
-              Send-AppInsightsTraceTelemetry -InstrumentationKey $instrumentationKey -Message "Execution for create-package started for Solution Name : $solutionName, Job Run Id : $runId" -Severity Information -CustomProperties $customProperties
+          token: ${{ env.GeneratedToken}}
 
-              $baseFolderPath = "/home/runner/work/Azure-Sentinel/Azure-Sentinel/"
-              Set-PSRepository PSGallery -InstallationPolicy Trusted
-              Install-Module powershell-yaml
-              ./.script/package-automation/package-generator.ps1 $solutionName $pullRequestNumber $runId $instrumentationKey $defaultPackageVersion $solutionOfferId $baseFolderPath $isNewSolution
-            }
-          }
-          catch
+      - id: checkAutomatedPR
+        name: check-Automated-PR
+        env:
+          BranchName: ${{ github.event.pull_request.head.ref || github.event.client_payload.pull_request.head.ref || github.event.client_payload.pullRequestBranchName }}
+        shell: pwsh
+        run: |
+          $pullRequestBranchName = "$env:BranchName"
+          Write-Host "Pull Request Branch Name is $pullRequestBranchName"
+          $isAutomatedPR = $false
+          if ($pullRequestBranchName -like '*automated-pr')
           {
-            Send-AppInsightsExceptionTelemetry -InstrumentationKey $instrumentationKey -Exception $_.Exception -CustomProperties @{ 'RunId'="$runId"; 'SolutionName'="$solutionName"; 'PullRequestNumber'="$pullRequestNumber"; 'ErrorDetails'="CreatePackage : Error occured in catch block: $_"; 'EventName'="Create Package"; 'SolutionOfferId'="$solutionOfferId"; }
-            exit 1
+            Write-Host "Skipping packaging as it is an automated pr!"
+            $isAutomatedPR = $true
           }
+          Write-Output "isAutomatedPR=$isAutomatedPR" >> $env:GITHUB_OUTPUT
+          Write-Host "Is this Pull Request autogenerated $isAutomatedPR"
+
+      - id: validateAndCreatePackage
+        name: validate-create-package
+        if: ${{ success() && steps.checkAutomatedPR.outputs.isAutomatedPR == 'False' }}
+        env:
+          RUNID: "${{ github.run_id }}" 
+          PULL_REQUEST_NUMBER: "${{ github.event.client_payload.pull_request.number || github.event.client_payload.pullRequestNumber }}"
+        shell: pwsh
+        run: |
+          $runId = "${{ env.RUNID }}"
+          $instrumentationKey = "${{ env.APPINSIGHTS }}"
+          $pullRequestNumber = "${{ env.PULL_REQUEST_NUMBER }}"
+          $defaultPackageVersion = "${{ env.DEFAULTPACKAGEVERSION }}"
+          $baseFolderPath = "${{ env.BASE_FOLDER_PATH }}"
+          Set-PSRepository PSGallery -InstallationPolicy Trusted
+          Install-Module powershell-yaml
+          ./.script/package-automation/package-service.ps1 $runId $pullRequestNumber $instrumentationKey $baseFolderPath $defaultPackageVersion
 
       - name: Upload Artifacts
         id: uploadPackageArtifacts
+        if: ${{ success() && (steps.validateAndCreatePackage.outcome == 'success' && env.IS_CREATE_PACKAGE && env.PACKAGE_CREATION_PATH != '' && env.BLOBNAME != '') }}
         uses: actions/upload-artifact@e0057a5b76f2fdad976135e8dd7b691e632b9056
         env:
-          BLOBNAME: "${{ steps.step1.outputs.blobName }}"
-          PACKAGE_CREATION_PATH: "${{ steps.step1.outputs.packageCreationPath }}"
-          DATA_FOLDER_PATH: "${{ steps.step1.outputs.dataFolderPath }}"
-          DATA_INPUT_FILE_NAME: "${{ steps.step1.outputs.dataInputFileName }}"
-          SOLUTION_NAME: "${{ needs.solutionNameDetails.outputs.solutionName }}"
-          SOLUTION_SUPPORTED_BY: "${{ needs.neworexistingsolution.outputs.solutionSupportedBy }}"
+          BLOBNAME: "${{ steps.validateAndCreatePackage.outputs.blobName }}"
+          PACKAGE_CREATION_PATH: "${{ steps.validateAndCreatePackage.outputs.packageCreationPath }}"
+          DATA_FOLDER_PATH: "${{ steps.validateAndCreatePackage.outputs.dataFolderPath }}"
+          DATA_INPUT_FILE_NAME: "${{ steps.validateAndCreatePackage.outputs.dataInputFileName }}"
+          SOLUTION_NAME: "${{ steps.validateAndCreatePackage.outputs.solutionName }}"
+          SOLUTION_SUPPORTED_BY: "${{ steps.validateAndCreatePackage.outputs.solutionSupportedBy }}"
           RUNID: "${{ github.run_id }}" 
-          PULL_REQUEST_NUMBER: "${{ github.event.client_payload.pull_request.number && github.event.client_payload.pull_request.number || github.event.client_payload.pullRequestNumber }}"
-          IS_CREATE_PACKAGE: ${{ steps.step1.outputs.isCreatePackage }}
-        if: ${{ success() && (steps.step1.outcome == 'success' && env.IS_CREATE_PACKAGE && env.PACKAGE_CREATION_PATH != '' && env.BLOBNAME != '') }}
+          PULL_REQUEST_NUMBER: "${{ github.event.client_payload.pull_request.number || github.event.client_payload.pullRequestNumber }}"
+          IS_CREATE_PACKAGE: ${{ steps.validateAndCreatePackage.outputs.isCreatePackage }}
         with: 
           name: "${{ env.BLOBNAME }}"
           path: "${{ env.PACKAGE_CREATION_PATH }}"
 
       - name: Upload Data File Artifacts
         id: uploadDataFileArtifact
+        if: ${{ success() && (steps.validateAndCreatePackage.outcome == 'success' && env.DATA_FOLDER_PATH != '' && env.DATA_INPUT_FILE_NAME != '') }}
         uses: actions/upload-artifact@e0057a5b76f2fdad976135e8dd7b691e632b9056
         env:
-          DATA_FOLDER_PATH: "${{ steps.step1.outputs.dataFolderPath }}"
-          DATA_INPUT_FILE_NAME: "${{ steps.step1.outputs.dataInputFileName }}"
-        if: ${{ success() && (steps.step1.outcome == 'success' && env.DATA_FOLDER_PATH != '' && env.DATA_INPUT_FILE_NAME != '') }}
+          DATA_FOLDER_PATH: "${{ steps.validateAndCreatePackage.outputs.dataFolderPath }}"
+          DATA_INPUT_FILE_NAME: "${{ steps.validateAndCreatePackage.outputs.dataInputFileName }}"
         with: 
           name: "${{ env.DATA_INPUT_FILE_NAME }}"
           path: "${{ env.DATA_FOLDER_PATH }}"
 
       - name: Push changes to Existing PR
+        if: ${{ success() && steps.uploadDataFileArtifact.outcome == 'success'}}
         run: |
           git config --global user.email "noreply@github.com"
           git config --global user.name "Github Bot"
           git add -A
           git commit -m '[skip ci] Github Bot Added package to Pull Request!'
-          git push
+          git push

.github/workflows/slash-command-dispatch.yaml

@@ -1,14 +1,20 @@
 name: Slash Command Dispatch
 env:
-    REPO_OWNER: "${{ vars.REPO_OWNER }}"
-    REPO_NAME: "${{ vars.REPO_NAME }}"
-    GITHUB_TOKEN: "${{ secrets.PAT }}"
+  REPO_OWNER: "${{ vars.REPO_OWNER }}"
+  REPO_NAME: "${{ vars.REPO_NAME }}"
+  GITHUB_APPS_ID: "${{ secrets.APPLICATION_ID }}"
+  GITHUB_APPS_KEY: "${{ secrets.APPLICATION_PRIVATE_KEY }}"
+
 on:
   issue_comment:
     types: [created]
   pull_request:
     types: [ closed ]
 
+concurrency:
+  group: "GroupName-SlashCommand-${{ github.event.issue.number || github.run_id }}"
+  cancel-in-progress: true
+
 jobs:
   checkAutomatedPR:
     if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork && github.event.issue.pull_request && (contains(github.event.comment.body, '/package') || contains(github.event.comment.body, '/Package')) }}
@@ -24,10 +30,20 @@ jobs:
     needs: [pullRequestStatus, checkAutomatedPR]
     if: ${{ needs.pullRequestStatus.outputs.isPullRequestMerged == 'False' && needs.checkAutomatedPR.outputs.isAutomatedPR == 'False' && !github.event.pull_request.head.repo.fork}}
     steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@46e4a501e119d39574a54e53a06c9a705efc55c9
+        with:
+          app-id: ${{ env.GITHUB_APPS_ID }}
+          private-key: ${{ env.GITHUB_APPS_KEY }}
+
       - name: Slash Command Dispatch
         uses: peter-evans/slash-command-dispatch@67dfeb76529b35541a7c536976cba367cd2d364b
+        env:
+          GeneratedToken: ${{ steps.generate_token.outputs.token }}
         with:
-          token: ${{ env.GITHUB_TOKEN }}
+          token: ${{ env.GeneratedToken }}
+          permission: none
           commands: |
             package
             Package