ci: add psrule validation in both github and ADO

[juju4]

Change(s):

• Lint validation of ARM templates with https://github.com/Azure/PSRule.Rules.Azure/; this does not fix repository ARM template, CI are set to continue-on-error to avoid failing pipeline but still see output.

Reason for Change(s):

• Ensure ARM templates best practices are applied

Version Updated:

• N/A

Testing Completed:

• Yes, Github Actions

Checked that the validations are passing and have addressed any issues that are present:

• ok

Example output:
https://github.com/juju4/Azure-Sentinel/actions/runs/4152879216/jobs/7184135632#step:3:37

[v-atulyadav]

Hi @rushriva, please provide your feedback.Thanks

[v-atulyadav]

Hi @rushriva, can you please provide your feedback on this. Thanks

[v-atulyadav]

Hi @rushriva, please provide your feedback.Thanks

[v-atulyadav]

Hi @rushriva, can you please provide your feedback on this. Thanks

[v-atulyadav]

Hi @rushriva, could you please provide your feedback on this. Thanks

[v-atulyadav]

Hi @rushriva, can you please provide your feedback on this. Thanks

[v-atulyadav]

Hi @rushriva, could you please provide your feedback. Thanks

Hi @juju4, please update your branch from master and push the branch again. Thanks

[juju4]

current master merged

[v-atulyadav]

Hi @vakohl, please provide your feedback on this request. Thanks

[v-atulyadav]

Hi @vakohl, could you please provide your feedback on this request. Thanks

[v-atulyadav]

Hi @vakohl, please provide your feedback on this request. Thanks

[v-atulyadav]

Hi @vakohl,
could you please provide your feedback on this request.
Thanks

[v-atulyadav]

Hi @vakohl,
please provide your feedback on this request.
Thanks

[v-atulyadav]

Hi @vakohl,
could you please provide your feedback on this request.
Thanks

[v-atulyadav]

Hi @vakohl,
please provide your feedback on this request.
Thanks

[v-atulyadav]

Hi @vakohl,
could you please provide your feedback on this request.
Thanks

[v-atulyadav]

Hi @daxesht, could you please provide your feedback on this. Thanks

[v-atulyadav]

Hi @daxesht, please provide your feedback on this. Thanks

[v-atulyadav]

Hi @daxesht, could you please provide your feedback on this. Thanks

[v-atulyadav]

Hi @daxesht, please provide your feedback on this. Thanks

[juju4]

Any update on this or path forward?

[v-atulyadav]

Hi @juju4, I apologize for the inconvenience. We will provide you with an update by the 13th. Please update your branch from master in the meantime. Thanks

[v-atulyadav]

Hi @juju4, Having analyzed the contents, we are not able to determine the reason for this change. Could you please elaborate on this and provide screenshots of this functionality if possible? Also the changes you are requesting are for both Github workflows and Azure pipelines, can't we handle this in one place instead of both? It would also be great if we could connect over a call to discuss further. Thanks

[v-atulyadav]

Hi @juju4, waiting for your response over above comments and also please resolve branch conflicts. Thanks

[v-atulyadav]

Hi @juju4, please check comments above and act accordingly. Thanks

[v-atulyadav]

Hi @juju4, I am looking forward to your response to the above comments, as well as the resolution of branch conflicts. Thanks

[v-atulyadav]

Hi @juju4, please respond over above comments and also please resolve branch conflicts. Thanks

[v-atulyadav]

Hi @juju4, please check comments above and act accordingly. Thanks

[v-atulyadav]

Hi @juju4, hope you are doing well. Just wanted to check if you got a chance to look at the feedback shared. Please feel free to reach out to us for any queries and/or support. Thanks

[juju4]

The content of the PR has been explained in #7323 (comment) aka "Lint validation of ARM templates with https://github.com/Azure/PSRule.Rules.Azure/".
It applies to both Github Action and ADO because ultimately it should be available to whatever backend is used as pipeline with Sentinel Repository feature.

It adds no functionality outside of validating more content but goes further than existing validations. similar to #7056

[v-atulyadav]

Noted @juju4,
We will check internally and provide you with an update as soon as possible.
Thanks

[vakohl]

The content of the PR has been explained in #7323 (comment) aka "Lint validation of ARM templates with https://github.com/Azure/PSRule.Rules.Azure/". It applies to both Github Action and ADO because ultimately it should be available to whatever backend is used as pipeline with Sentinel Repository feature.

It adds no functionality outside of validating more content but goes further than existing validations. similar to #7056

Hi @mkchiliveri , Can you please have a look? Seems related to our build pipeline

[v-atulyadav]

Hi @juju4,
We will provide you with an update on this PR by the middle of next week, and if we find any difficulty, we will reach out to you.
Thanks

[mkchiliveri]

Hi @juju4,

As discussed, can you please check on if we can enforce this rule only on files committed as part of PR so that author can take an action immediately instead of the full review.

[juju4]

Per Azure/ResourceModules#2150, not possible directly either.
Possible workaround mentioned:

1. first retrieves changed files, then 2. applies token replacement, then 3. runs psrule only on diff retrieved by step 1

Within github actions, maybe like microsoft/PSRule#688 with dependency on tj-actions/changed-files
Within ADO, I don't see a way to do it except PR is single commit which is unlikely. That would be using git diff --name-only --relative --diff-filter AMCR HEAD^ HEAD . as said in https://stackoverflow.com/questions/72451778/azure-devops-pipeline-get-modified-or-added-files-only

[v-atulyadav]

Hi @juju4, as discussed we will take this as internal feature and try to develop this in future. Thanks