diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index ba98489cc..82b37c35a 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -4,9 +4,6 @@ on: pull_request: branches: - main - - # TODO: Branch for integration testing, to be removed before integration into main. - - ps-rule paths: - "**.bicep" - "ps-rule.yaml" @@ -20,7 +17,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 @@ -51,10 +48,11 @@ jobs: with: fetch-depth: 0 - # Add pipeline tests for Azure Well-Architected Framework + # Add pipeline tests for Azure Well-Architected Framework. + # See https://aka.ms/ps-rule-action for configuration options. - name: Run PSRule analysis - uses: Microsoft/ps-rule@v2.1.0 + uses: Microsoft/ps-rule@v2.3.2 with: modules: PSRule.Rules.Azure - baseline: Azure.GA_2022_03 + baseline: Azure.GA_2022_06 continue-on-error: true diff --git a/.ps-rule/Minimum.Rule.yaml b/.ps-rule/Minimum.Rule.yaml index c16ecbf47..af5c2d71f 100644 --- a/.ps-rule/Minimum.Rule.yaml +++ b/.ps-rule/Minimum.Rule.yaml @@ -1,3 +1,11 @@ +# +# Suppression and rules for the minimum sample configuration. +# + +# NOTE: +# For details on authoring suppression groups see: +# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_SuppressionGroups/ +# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Expressions/ --- # Synopsis: Ignore the minimum sample configuration. @@ -12,12 +20,15 @@ spec: - Azure.PublicIP.AvailabilityZone - Azure.VNG.VPNActiveActive - Azure.PublicIP.StandardSKU + - Azure.VNET.UseNSGs if: allOf: - type: '.' in: - Microsoft.Network/azureFirewalls - Microsoft.Network/publicIPAddresses + - Microsoft.Network/virtualNetworks + - Microsoft.Network/virtualNetworkGateways - source: 'Template' endsWith: - 'minimum.sample.bicep' diff --git a/.ps-rule/Unsupported.Rule.yaml b/.ps-rule/Unsupported.Rule.yaml new file mode 100644 index 000000000..7cc38de4b --- /dev/null +++ b/.ps-rule/Unsupported.Rule.yaml @@ -0,0 +1,25 @@ +# +# Suppression and rules for unsupported scenarios. +# + +# NOTE: +# For details on authoring suppression groups see: +# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_SuppressionGroups/ +# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Expressions/ + +--- +# Synopsis: Ignore availability zones for Azure Bastion public IP which is not supported. https://github.com/Azure/PSRule.Rules.Azure/issues/1442 +apiVersion: github.com/microsoft/PSRule/v1 +kind: SuppressionGroup +metadata: + name: ALZ.PublicIPForBastion +spec: + rule: + - Azure.PublicIP.AvailabilityZone + if: + allOf: + - name: '.' + contains: bastion + - type: '.' + in: + - Microsoft.Network/publicIPAddresses diff --git a/ps-rule.yaml b/ps-rule.yaml index 5cb19afd0..c42e074be 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -4,6 +4,9 @@ # Please see the documentation for all configuration options: # https://aka.ms/ps-rule-azure +# https://aka.ms/ps-rule-azure/options +# https://aka.ms/ps-rule/options +# https://aka.ms/ps-rule-azure/bicep # Use rules from the following modules/ include: @@ -12,8 +15,8 @@ include: # Require a minimum version of modules that include referenced baseline. requires: - PSRule: '@pre >=2.1.0' - PSRule.Rules.Azure: '@pre >=1.15.2' + PSRule: '@pre >=2.3.2' + PSRule.Rules.Azure: '@pre >=1.18.1' # Reference the repository in output. repository: