Merge branch 'Azure:master' into master

.github/actions/entrypoint.ps1

@@ -10,12 +10,40 @@ if ($mainTemplateChanged -eq $true)
 {
     Write-Host "Running ARM-TTK on MainTemplate.json file!"
     $MainTemplateTestResults = Test-AzTemplate -TemplatePath "$PackageFolderPath" -File mainTemplate.json
-    $MainTemplateTestPassed =  $MainTemplateTestResults | Where-Object { -not $_.Failed }
-    Write-Output $MainTemplateTestPassed
+    # SKIP ANY ERRORS ON contentProductId AND id 
+    $filterTestResults = New-Object System.Collections.ArrayList
+    $hasContentProductIdError = $false
+    foreach($testInfo in $MainTemplateTestResults)
+    {
+        if ($testInfo.Name -eq 'IDs Should Be Derived From ResourceIDs' -and $testInfo.Errors.Count -gt 0)
+        {
+            foreach ($errorInfo in $testInfo.Errors)
+            {
+                if ($errorInfo.Exception.Message -like '*"contentProductId"*' -or 
+                $errorInfo.Exception.Message -like '*"id"*')
+                {
+                    $hasContentProductIdError = $true
+                }
+                else 
+                {
+                    $filterTestResults.Add($testInfo)
+                }
+            }
+        }
+        else {
+            if ($null -ne $testInfo.Summary -and $hasContentProductIdError -eq $true)
+            {
+                $testInfo.Summary.Fail = $testInfo.Summary.Fail - 1
+                $testInfo.Summary.Pass = $testInfo.Summary.Pass + 1
+            }
 
-    $MainTemplateTestFailures =  $MainTemplateTestResults | Where-Object { -not $_.Passed }
+            $filterTestResults.Add($testInfo)
+        }
+    }
+
+    Write-Output $filterTestResults
 
-    if ($MainTemplateTestFailures) {
+    if ($filterTestResults[$filterTestResults.Count - 1].Summary.Fail -gt 0) {
         Write-Host "Please review and rectify the 'MainTemplate.json' file as some of the ARM-TTK tests did not pass!"
         exit 1
     } 

.github/workflows/AddLabel.yaml

@@ -0,0 +1,40 @@
+# ADD P0 LABEL IF THE PULL REQUEST IS FROM EXTERNAL PUBLISHER I.E ISV'S
+name: "Pull Request Labeler"
+
+on:  
+  pull_request:
+    branches:
+      - master
+    paths:
+      - Solutions/**
+
+jobs:
+  solutionNameDetails:
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/getSolutionName.yaml
+    secrets: inherit
+
+  solutionPublisherDetail:
+    needs: solutionNameDetails
+    uses: ./.github/workflows/neworexistingsolution.yaml
+    if: ${{ needs.solutionNameDetails.outputs.solutionName != '' && !github.event.pull_request.head.repo.fork }} 
+    with: 
+      solutionName: ${{ needs.solutionNameDetails.outputs.solutionName }}
+    secrets: inherit
+
+  Labeler:
+    runs-on: ubuntu-latest
+    needs: solutionPublisherDetail
+    if: ${{ !contains(fromJson(vars.INTERNAL_PUBLISHERS),needs.solutionPublisherDetail.outputs.solutionPublisherId) && needs.solutionPublisherDetail.outputs.solutionPublisherId != ''}}
+    steps:
+      - name: Add Label Notification
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['P0']
+            })
+            

.github/workflows/addComment.yaml

@@ -0,0 +1,30 @@
+name: Pull Request Comment
+
+on:  
+  workflow_call:
+    inputs:
+      message:
+        required: true
+        type: string
+      prNumber:
+        required: false
+        type: string
+
+jobs:
+  comment:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@29423367f079522048aa7c63f671593b0556ffd5
+        with:
+          script: |
+            $message = "${{ inputs.message }}"
+            $prNumber = "${{ inputs.prNumber }}"
+            console.log('message ' + $message + ', prNumber ' + $prNumber)
+            $prNumber = $prNumber ? $prNumber : context.issue.number
+
+            github.rest.issues.createComment({
+              issue_number: $prNumber,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: $message
+            })

.github/workflows/addCommentOnContentPR.yaml

@@ -0,0 +1,44 @@
+name: Add Comment on Content PR On Merge
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - Solutions/**
+    types: [closed]
+
+jobs:
+  checkAutomatedPR:
+    if: ${{ github.event.pull_request.merged && !github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/checkAutomatedPR.yaml
+
+  getAuthorName:
+    runs-on: ubuntu-latest
+    needs: checkAutomatedPR
+    if: ${{ needs.checkAutomatedPR.outputs.isAutomatedPR == 'False' && !github.event.pull_request.head.repo.fork }} 
+    outputs:
+      authorName: ${{ steps.step1.outputs.authorName }}
+    steps:
+      - shell: pwsh
+        id: step1
+        run: |
+          $authorName = '${{ github.event.client_payload.github.actor }}'
+          if ($authorName -eq '')
+          {
+            $authorName = "${{ github.event.pull_request.user.login }}"
+          }
+          Write-Output "authorName=$authorName" >> $env:GITHUB_OUTPUT
+          Write-Host "Author Name is $authorName"
+  
+  solutionNameDetails:
+    if: ${{ github.event.pull_request.merged && !github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/getSolutionName.yaml
+    secrets: inherit
+
+  addCommentOnContentPROnMerge:
+    needs: [solutionNameDetails, getAuthorName, checkAutomatedPR]
+    if: ${{ needs.solutionNameDetails.outputs.solutionName != '' && needs.checkAutomatedPR.outputs.isAutomatedPR == 'False' && !github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/addComment.yaml
+    with:
+      message: "@${{ needs.getAuthorName.outputs.authorName }} This pull request has been merged. If this should be followed by creating a new/updated solution package, please comment `/package` below to generate the solution package. Before you begin, please review the pre-requisites guidance for package generation [here](https://github.com/Azure/Azure-Sentinel/blob/master/README.md)"

.github/workflows/addCommentOnPackagedPR.yaml

@@ -0,0 +1,36 @@
+name: Add Comment on Packaged PR on Merge
+
+on:
+  pull_request:
+    branches:
+      - master
+    types: [closed]
+
+jobs:
+  if_merged:
+    if: ${{ github.event.pull_request.merged && !github.event.pull_request.head.repo.fork }}
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+    - uses: actions/github-script@29423367f079522048aa7c63f671593b0556ffd5
+      id: addComment
+      with:
+        script: |
+          const childPRDescription = context.payload.pull_request.body
+          console.log('PR description is ' + childPRDescription)
+          if (childPRDescription != null && childPRDescription.includes('Automation have successfully generated package'))
+          {
+            // Add comment on packaged PR i.e. child PR
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "The solution package has now been merged into master. To make this package available on the Microsoft Sentinel Content hub, review the publishing guidance [here](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions#step-3--publish-your-solution)"
+            })
+          }
+          else
+          {
+            console.log('Skipping addition of comment as PR is not an auto generated PR!')
+          }

.github/workflows/addLabelOnPr.yaml

@@ -0,0 +1,26 @@
+name: Add Label on Pull Request
+
+on:  
+  workflow_call:
+    inputs:
+      labelName:
+        required: true
+        type: string
+
+jobs:
+  addLabelOnPR:
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@29423367f079522048aa7c63f671593b0556ffd5
+        name: Add Label To Pull Request
+        with:
+          script: |
+            $labelName = "${{ inputs.labelName }}"
+            console.log('PR Number : ' + context.issue.number + ', LabelName ' + $labelName)
+            github.rest.issues.addLabels({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                labels: [$labelName]
+            })

.github/workflows/allowedWorkflowRun.yaml

@@ -0,0 +1,37 @@
+name: Allowed To Run Workflow
+
+on:
+  workflow_call:
+    outputs:
+      isWorkflowRunAllowed:
+        description: "Is Allowed to run this workflow!"
+        value: ${{ jobs.allowedWorkflowRunUsers.outputs.isWorkflowRunAllowed }}
+
+env:
+  ALLOWED_USERS: "${{ vars.ALLOWEDUSERS }}"
+
+jobs:
+  allowedWorkflowRunUsers:
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    name: Is Workflow Run Allowed To Current User
+    runs-on: ubuntu-latest
+    outputs:
+      isWorkflowRunAllowed: ${{ steps.getWorkflowRunAllowedStatus.outputs.isWorkflowRunAllowed }}
+    steps:
+      - name: Is Current User Allowed
+        shell: pwsh
+        id: getWorkflowRunAllowedStatus
+        run: |          
+          $allowedUsers = "${{ env.ALLOWED_USERS }}"
+          $currentUser = "${{ github.actor }}"
+          $isAllowedUser = $allowedUsers.Contains($currentUser)
+          Write-Host "currentUser $currentUser , isAllowedUser $isAllowedUser"
+          if ($isAllowedUser)
+          {
+            Write-Host "User is allowed to perform execution of workflow!"
+          }
+          else
+          {
+            Write-Host "User is Not allowed to perform execution of workflow!"
+          }
+          Write-Output "isWorkflowRunAllowed=$isAllowedUser" >> $env:GITHUB_OUTPUT

.github/workflows/arm-ttk-validations.yaml

@@ -22,6 +22,13 @@ jobs:
           
           $hasmainTemplateChanged = $false
           $hasCreateUiDefinitionTemplateChanged = $false
+          
+          $isChangeInSolutionsFolder = [bool]($diff | Where-Object {$_ -like 'Solutions/*'})
+          if (!$isChangeInSolutionsFolder)
+          {
+            Write-Host "Skipping as change is not in Solutions folder!"
+            exit 0
+          }
 
           $requiredFiles = @("mainTemplate.json", "createUiDefinition.json")
           $filteredFiles = $diff | Where-Object {$_ -match ($requiredFiles -Join "|")}

.github/workflows/checkAutomatedPR.yaml

@@ -0,0 +1,37 @@
+name: Check if Automated Pull Request
+
+on:
+  workflow_call:
+    outputs:
+      isAutomatedPR:
+        description: "Is Automated PR"
+        value: ${{ jobs.checkAutomatedPR.outputs.isAutomatedPR }}
+
+
+env:
+  BRANCH_NAME: "${{ github.event.client_payload.pull_request.head.ref }}"
+
+jobs:
+  checkAutomatedPR:
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    runs-on: ubuntu-latest
+    outputs:
+      isAutomatedPR: ${{ steps.ValidateAutomatedPR.outputs.isAutomatedPR }}
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
+        with:
+          fetch-depth: 0
+          ref: "${{ env.BRANCH_NAME }}"
+      - shell: pwsh
+        id: ValidateAutomatedPR
+        run: |
+          $prBodyContent = "${{ github.event.issue.body }}"
+          $isAutomatedPR = $false
+          if ($prBodyContent -like '*Automation have successfully*')
+          {
+            Write-Host "This Pull Request is autogenerated!"
+            $isAutomatedPR = $true
+          }
+          
+          Write-Output "isAutomatedPR=$isAutomatedPR" >> $env:GITHUB_OUTPUT
+          Write-Host "Is this Pull Request autogenerated $isAutomatedPR"

.github/workflows/checkPRContentChange.yaml

@@ -0,0 +1,50 @@
+name: Check For PR Content And Add Label
+
+on:  
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "Solutions/**"
+
+env:
+  BRANCH_NAME: "${{ github.event.client_payload.pull_request.head.ref }}"
+
+jobs:
+  solutionNameDetails:
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/getSolutionName.yaml
+    secrets: inherit
+
+  checkPRContent:
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    name: Check PR Content And Add Label
+    runs-on: ubuntu-latest
+    needs: solutionNameDetails
+    env:
+      SOLUTION_NAME: "${{ needs.solutionNameDetails.outputs.solutionName }}"
+    outputs:
+      hasContentPackageChange: ${{ steps.changesInPR.outputs.hasContentPackageChange }}
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
+        with:
+          fetch-depth: 0
+          ref: "${{ env.BRANCH_NAME }}"
+      - name: Identify Changes in PR
+        shell: pwsh
+        id: changesInPR
+        run: |
+          $instrumentationKey = "${{ vars.APPINSIGHTS }}"
+          $runId = "${{ github.run_id }}"
+          $solutionName = "${{ needs.solutionNameDetails.outputs.solutionName }}"
+          $pullRequestNumber = "${{ github.event.number }}"
+          Write-Host "PR Number $pullRequestNumber"
+          ./.script/package-automation/checkPRContentChange.ps1 $solutionName $pullRequestNumber $runId $instrumentationKey
+
+  addLabelWhenContentPackage:
+    name: Add Label of Content Package
+    needs: checkPRContent
+    if: ${{ needs.checkPRContent.outputs.hasContentPackageChange == 'True' && !github.event.pull_request.head.repo.fork }} 
+    uses: ./.github/workflows/addLabelOnPr.yaml
+    with:
+      labelName: "Content-Package"