From f81487de3e3b3623bab6ba0b0adf971902c819a4 Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Tue, 22 Apr 2025 15:20:24 -0700 Subject: [PATCH 1/4] fix: Exclude VMSS Flex with Standalone VMs --- .../kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql | 1 + 1 file changed, 1 insertion(+) diff --git a/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql b/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql index 4440490b0..95b0e8b56 100644 --- a/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql +++ b/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql @@ -3,6 +3,7 @@ resources | where type == "microsoft.compute/virtualmachinescalesets" | where isempty(tostring(tags['aks-managed-poolName'])) +| where isnotempty(sku) | project name, id, tags | join kind=leftouter ( resources From acb539dec1f8601e97cb43be059bc8fbe0872ccc Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Tue, 22 Apr 2025 15:29:54 -0700 Subject: [PATCH 2/4] fix: CoPilot suggestion to use tostring() --- .../kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql b/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql index 95b0e8b56..77e196df3 100644 --- a/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql +++ b/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql @@ -3,7 +3,7 @@ resources | where type == "microsoft.compute/virtualmachinescalesets" | where isempty(tostring(tags['aks-managed-poolName'])) -| where isnotempty(sku) +| where isnotempty(tostring(sku)) | project name, id, tags | join kind=leftouter ( resources From fa92de0055b9c71a056e0d1df1a002caee3be2df Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Thu, 1 May 2025 07:04:43 -0700 Subject: [PATCH 3/4] doc: Added additional description to KQL. --- .../kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql b/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql index 77e196df3..624feb691 100644 --- a/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql +++ b/azure-resources/Compute/virtualMachineScaleSets/kql/ee66ff65-9aa3-2345-93c1-25827cf79f44.kql @@ -1,5 +1,5 @@ // Azure Resource Graph Query -// Find VMSS instances associated with autoscale settings when autoscale is disabled +// Find VMSS instances (excluding VMSS Flex associated with standalone VMs) associated with autoscale settings when autoscale is disabled resources | where type == "microsoft.compute/virtualmachinescalesets" | where isempty(tostring(tags['aks-managed-poolName'])) From 60102b1ca432a90ab6dd1291ea6d85fc08a8dde1 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 1 May 2025 11:40:25 -0500 Subject: [PATCH 4/4] Remove old build reccommendation workflow --- .../scripts/build-recommendation-object.ps1 | 39 -------- .../workflows/build-recommendation-object.yml | 99 ------------------- 2 files changed, 138 deletions(-) delete mode 100644 .github/scripts/build-recommendation-object.ps1 delete mode 100644 .github/workflows/build-recommendation-object.yml diff --git a/.github/scripts/build-recommendation-object.ps1 b/.github/scripts/build-recommendation-object.ps1 deleted file mode 100644 index 060453f42..000000000 --- a/.github/scripts/build-recommendation-object.ps1 +++ /dev/null @@ -1,39 +0,0 @@ -install-module powershell-yaml -force -scope currentuser - -function Build-APRLJsonObject { - param ( - [string[]]$path - ) - - $kqlfiles = Get-ChildItem -Path $path -Recurse -Filter "*.kql" - $yamlfiles = Get-ChildItem -Path $path -Recurse -Filter "*.yaml" - - $yamlobj = foreach($file in $yamlfiles){ - $content = Get-Content $file.FullName -Raw | ConvertFrom-Yaml - $content | Select-Object aprlGuid,recommendationTypeId,recommendationMetadataState,learnMoreLink,recommendationControl,longDescription,pgVerified,description,potentialBenefits,tags,recommendationResourceType,recommendationImpact,automationAvailable,query - } - - $kqlobj = foreach($file in $kqlfiles){ - $content = Get-Content $file.FullName -Raw - [PSCustomObject]@{ - AprlGUID = $file.Name -replace ".kql","" - Query = $content - } - } - - $aprlobj = foreach($obj in $yamlobj){ - $obj.query = $($kqlobj.Where{$_.AprlGUID -eq $obj.aprlGuid}).Query - $obj - } - return $aprlobj -} - -#Try to build and export the object. If it fails, catch the error and exit with code 1 -try{ - Build-APRLJsonObject -path @("./azure-resources","./azure-specialized-workloads","./azure-waf") | ConvertTo-Json -Depth 20 | Out-File -FilePath "./tools/data/recommendations.json" -Force - exit 0 -} -catch{ - Write-Error $_.Exception.Message - exit 1 -} diff --git a/.github/workflows/build-recommendation-object.yml b/.github/workflows/build-recommendation-object.yml deleted file mode 100644 index f38cb3560..000000000 --- a/.github/workflows/build-recommendation-object.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: Update Recommendation Object on Pull Request - -on: - pull_request_target: - types: - - edited - - opened - - reopened - - synchronize - paths: - - 'azure-resources/**/*.yaml' - - 'azure-resources/**/*.kql' - - 'azure-specialized-workloads/**/*.yaml' - - 'azure-specialized-workloads/**/*.kql' - - 'azure-waf/**/*.yaml' - - 'azure-waf/**/*.kql' - branches: [update-recommendation-object] - workflow_dispatch: - -env: - github_user_name: 'github-actions' - github_email: '41898282+github-actions[bot]@users.noreply.github.com' - github_commit_message: 'Generate Updated Recommendation Object' - github_pr_number: ${{ github.event.number }} - github_pr_repo: ${{ github.event.pull_request.head.repo.full_name }} - -permissions: - contents: read - -jobs: - update-json-object: - environment: BuildObject - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - - - name: Show env - run: env | sort - - - name: Check out PR - run: | - echo "==> Check out PR..." - gh pr checkout "$github_pr_number" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Configure local git - run: | - echo "git user name : $github_user_name" - git config --global user.name "$github_user_name" - echo "git user email : $github_email" - git config --global user.email "$github_email" - - - name: Run Object Generation Script - run: | - pwsh .github/scripts/build-recommendation-object.ps1 - shell: pwsh - - - name: Check git status - run: | - echo "==> Check git status..." - git status --short --branch - - - name: Stage changes - run: | - echo "==> Stage changes..." - mapfile -t STATUS_LOG < <(git status --short | grep .) - if [ ${#STATUS_LOG[@]} -gt 0 ]; then - echo "Found changes to the following files:" - printf "%s\n" "${STATUS_LOG[@]}" - git add --all - else - echo "No changes to add." - fi - - - name: Push changes - run: | - echo "==> Check git diff..." - mapfile -t GIT_DIFF < <(git diff --cached) - printf "%s\n" "${GIT_DIFF[@]}" - if [ ${#GIT_DIFF[@]} -gt 0 ]; then - echo "==> Commit changes..." - git commit --message "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]" - echo "==> Push changes..." - echo "Pushing changes to: $github_pr_repo" - git push "https://$GITHUB_TOKEN@github.com/$github_pr_repo.git" - else - echo "No changes found." - fi - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}