Azure · jtracey93 · Aug 15, 2022 · May 27, 2022 · May 27, 2022 · May 27, 2022
diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml
@@ -4,9 +4,6 @@ on:
   pull_request:
     branches:
       - main
-
-      # TODO: Branch for integration testing, to be removed before integration into main.
-      - ps-rule
     paths:
       - "**.bicep"
       - "ps-rule.yaml"
@@ -20,7 +17,7 @@ jobs:
 
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
@@ -51,10 +48,11 @@ jobs:
         with:
           fetch-depth: 0
 
-      # Add pipeline tests for Azure Well-Architected Framework
+      # Add pipeline tests for Azure Well-Architected Framework.
+      # See https://aka.ms/ps-rule-action for configuration options.
       - name: Run PSRule analysis
-        uses: Microsoft/ps-rule@v2.1.0
+        uses: Microsoft/ps-rule@v2.3.2
         with:
           modules: PSRule.Rules.Azure
-          baseline: Azure.GA_2022_03
+          baseline: Azure.GA_2022_06
         continue-on-error: true
diff --git a/.ps-rule/Minimum.Rule.yaml b/.ps-rule/Minimum.Rule.yaml
@@ -1,3 +1,11 @@
+#
+# Suppression and rules for the minimum sample configuration.
+#
+
+# NOTE:
+# For details on authoring suppression groups see:
+# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_SuppressionGroups/
+# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Expressions/
 
 ---
 # Synopsis: Ignore the minimum sample configuration.
@@ -12,12 +20,15 @@ spec:
   - Azure.PublicIP.AvailabilityZone
   - Azure.VNG.VPNActiveActive
   - Azure.PublicIP.StandardSKU
+  - Azure.VNET.UseNSGs
   if:
     allOf:
     - type: '.'
       in:
       - Microsoft.Network/azureFirewalls
       - Microsoft.Network/publicIPAddresses
+      - Microsoft.Network/virtualNetworks
+      - Microsoft.Network/virtualNetworkGateways
     - source: 'Template'
       endsWith:
       - 'minimum.sample.bicep'
diff --git a/.ps-rule/Unsupported.Rule.yaml b/.ps-rule/Unsupported.Rule.yaml
@@ -0,0 +1,25 @@
+#
+# Suppression and rules for unsupported scenarios.
+#
+
+# NOTE:
+# For details on authoring suppression groups see:
+# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_SuppressionGroups/
+# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Expressions/
+
+---
+# Synopsis: Ignore availability zones for Azure Bastion public IP which is not supported. https://github.com/Azure/PSRule.Rules.Azure/issues/1442
+apiVersion: github.com/microsoft/PSRule/v1
+kind: SuppressionGroup
+metadata:
+  name: ALZ.PublicIPForBastion
+spec:
+  rule:
+  - Azure.PublicIP.AvailabilityZone
+  if:
+    allOf:
+    - name: '.'
+      contains: bastion
+    - type: '.'
+      in:
+      - Microsoft.Network/publicIPAddresses
diff --git a/ps-rule.yaml b/ps-rule.yaml
@@ -4,6 +4,9 @@
 
 # Please see the documentation for all configuration options:
 # https://aka.ms/ps-rule-azure
+# https://aka.ms/ps-rule-azure/options
+# https://aka.ms/ps-rule/options
+# https://aka.ms/ps-rule-azure/bicep
 
 # Use rules from the following modules/
 include:
@@ -12,8 +15,8 @@ include:
 
 # Require a minimum version of modules that include referenced baseline.
 requires:
-  PSRule: '@pre >=2.1.0'
-  PSRule.Rules.Azure: '@pre >=1.15.2'
+  PSRule: '@pre >=2.3.2'
+  PSRule.Rules.Azure: '@pre >=1.18.1'
 
 # Reference the repository in output.
 repository: