From cc097a6de749f1ecd81e3673c1f6fd09ea5c0ef2 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Wed, 15 Oct 2025 10:06:10 +1000 Subject: [PATCH 1/7] Bump PSRule for Azure module to latest version --- ps-rule.lock.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ps-rule.lock.json b/ps-rule.lock.json index 682d430..8d2c896 100644 --- a/ps-rule.lock.json +++ b/ps-rule.lock.json @@ -2,8 +2,8 @@ "version": 1, "modules": { "PSRule.Rules.Azure": { - "version": "1.41.3", - "integrity": "sha512-yvMcfOsu8KWxTxT94ZxiXTYN3wbD4CmsEQpSSjeHGDyJcDKTlSGFW7YC7XW48qEqN0BFi7aTxGfAyM3FAb5vog==" + "version": "1.46.0", + "integrity": "sha512-JpWngKuESmvPtGRwWTCy4MtS29QvIAo/3ejgGazUX755oXj7Z+Tw7/MXXHzjVlzGIhZ+Lz8WDarElmPJzlmlLQ==" } } } \ No newline at end of file From 0f96b7ece12d5a15676b2b8f4c2012e2367689c2 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Wed, 15 Oct 2025 10:23:26 +1000 Subject: [PATCH 2/7] Bump Bicep version --- ps-rule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index 29d47fc..4a735e6 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -71,7 +71,7 @@ configuration: AZURE_BICEP_CHECK_TOOL: true # Configure the minimum version of the Bicep CLI. - AZURE_BICEP_MINIMUM_VERSION: '0.25.53' + AZURE_BICEP_MINIMUM_VERSION: '0.38.33' AZURE_DEPLOYMENT_NONSENSITIVE_PARAMETER_NAMES: - keys From 886cdc0674d3bb0468dec6ca56d4b3f314a7b0e0 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Wed, 15 Oct 2025 10:33:56 +1000 Subject: [PATCH 3/7] Use a specific version of Bicep for consistency --- .github/workflows/azure-analyze.yaml | 7 +++++++ .github/workflows/ci.yaml | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/.github/workflows/azure-analyze.yaml b/.github/workflows/azure-analyze.yaml index 03557f8..2d49cad 100644 --- a/.github/workflows/azure-analyze.yaml +++ b/.github/workflows/azure-analyze.yaml @@ -38,6 +38,10 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + # Install a specific version of Bicep for consistency across CI runs. + - name: Install Bicep + run: az bicep install --version v0.38.33 + # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0 @@ -46,6 +50,9 @@ jobs: outputFormat: Sarif outputPath: reports/ps-rule-results.sarif summary: true + env: + # Use Bicep from Azure CLI. + PSRULE_AZURE_BICEP_USE_AZURE_CLI: true # If you have GitHub Advanced Security you can upload PSRule scan results. # Uncomment the next step to use this feature. diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5c0fd35..00b096b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -45,6 +45,10 @@ jobs: with: modules: PSRule.Rules.MSFT.OSS + # Install a specific version of Bicep for consistency across CI runs. + - name: Install Bicep + run: az bicep install --version v0.38.33 + - name: Check Azure samples uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0 with: @@ -52,6 +56,9 @@ jobs: outputFormat: Sarif outputPath: reports/ps-rule-results.sarif summary: true + env: + # Use Bicep from Azure CLI. + PSRULE_AZURE_BICEP_USE_AZURE_CLI: true - name: Upload results to security tab uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5 From 954ad2dab5b0f2e7e9aa97d4bfe9e030b0ecb6c0 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Tue, 13 Jan 2026 14:25:34 +1000 Subject: [PATCH 4/7] Update version --- .github/workflows/azure-analyze.yaml | 2 +- ps-rule.lock.json | 6 +++--- ps-rule.yaml | 1 - 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/azure-analyze.yaml b/.github/workflows/azure-analyze.yaml index ac74d6b..53b9630 100644 --- a/.github/workflows/azure-analyze.yaml +++ b/.github/workflows/azure-analyze.yaml @@ -40,7 +40,7 @@ jobs: # Install a specific version of Bicep for consistency across CI runs. - name: Install Bicep - run: az bicep install --version v0.38.33 + run: az bicep install --version v0.39.26 # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis diff --git a/ps-rule.lock.json b/ps-rule.lock.json index 8d2c896..134821f 100644 --- a/ps-rule.lock.json +++ b/ps-rule.lock.json @@ -2,8 +2,8 @@ "version": 1, "modules": { "PSRule.Rules.Azure": { - "version": "1.46.0", - "integrity": "sha512-JpWngKuESmvPtGRwWTCy4MtS29QvIAo/3ejgGazUX755oXj7Z+Tw7/MXXHzjVlzGIhZ+Lz8WDarElmPJzlmlLQ==" + "version": "1.47.0", + "integrity": "sha512-LaF5k4DxEQHzVfen9W+ocMMUVvI6pFr++zqhsh9Cdxvz+2GBx/OMROOkswNr4D2V2uZ4DCM8Gg2TyLXWtHTKiQ==" } } -} \ No newline at end of file +} diff --git a/ps-rule.yaml b/ps-rule.yaml index 4a735e6..c3765b6 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -19,7 +19,6 @@ execution: # Require minimum versions of modules. requires: - PSRule: '@pre >=2.9.0' PSRule.Rules.Azure: '@pre >=1.34.2' # Add PSRule v3 format configuration From a2e024208be076e07dff3272e4c690e9118bbf15 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Tue, 13 Jan 2026 14:37:32 +1000 Subject: [PATCH 5/7] Testing --- .github/workflows/ci.yaml | 2 +- ps-rule.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f7bdefc..6eb0450 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -47,7 +47,7 @@ jobs: # Install a specific version of Bicep for consistency across CI runs. - name: Install Bicep - run: az bicep install --version v0.38.33 + run: az bicep install --version v0.39.26 - name: Check Azure samples uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0 diff --git a/ps-rule.yaml b/ps-rule.yaml index c3765b6..862c56c 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -70,7 +70,7 @@ configuration: AZURE_BICEP_CHECK_TOOL: true # Configure the minimum version of the Bicep CLI. - AZURE_BICEP_MINIMUM_VERSION: '0.38.33' + # AZURE_BICEP_MINIMUM_VERSION: '0.39.26' AZURE_DEPLOYMENT_NONSENSITIVE_PARAMETER_NAMES: - keys From 2256676c7c4b48b4b3fac6547e80c9415347d849 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Tue, 13 Jan 2026 14:55:25 +1000 Subject: [PATCH 6/7] Update --- ps-rule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ps-rule.yaml b/ps-rule.yaml index 862c56c..9d93de6 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -70,7 +70,7 @@ configuration: AZURE_BICEP_CHECK_TOOL: true # Configure the minimum version of the Bicep CLI. - # AZURE_BICEP_MINIMUM_VERSION: '0.39.26' + AZURE_BICEP_MINIMUM_VERSION: '0.39.26' AZURE_DEPLOYMENT_NONSENSITIVE_PARAMETER_NAMES: - keys From 07acbd37b85ab82d30697c66123eabcf7a8f9ef5 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Tue, 13 Jan 2026 15:05:19 +1000 Subject: [PATCH 7/7] Testing --- .github/workflows/azure-analyze.yaml | 11 +++++------ .github/workflows/ci.yaml | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/azure-analyze.yaml b/.github/workflows/azure-analyze.yaml index 53b9630..215f2a2 100644 --- a/.github/workflows/azure-analyze.yaml +++ b/.github/workflows/azure-analyze.yaml @@ -39,9 +39,8 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # Install a specific version of Bicep for consistency across CI runs. - - name: Install Bicep - run: az bicep install --version v0.39.26 - + # - name: Install Bicep + # run: az bicep install --version v0.39.26 # Run analysis by using the PSRule GitHub action. - name: Run PSRule analysis uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0 @@ -50,9 +49,9 @@ jobs: outputFormat: Sarif outputPath: reports/ps-rule-results.sarif summary: true - env: - # Use Bicep from Azure CLI. - PSRULE_AZURE_BICEP_USE_AZURE_CLI: true + # env: + # # Use Bicep from Azure CLI. + # PSRULE_AZURE_BICEP_USE_AZURE_CLI: true # If you have GitHub Advanced Security you can upload PSRule scan results. # Uncomment the next step to use this feature. diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6eb0450..857d12d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -46,9 +46,8 @@ jobs: modules: PSRule.Rules.MSFT.OSS # Install a specific version of Bicep for consistency across CI runs. - - name: Install Bicep - run: az bicep install --version v0.39.26 - + # - name: Install Bicep + # run: az bicep install --version v0.39.26 - name: Check Azure samples uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0 with: @@ -56,9 +55,9 @@ jobs: outputFormat: Sarif outputPath: reports/ps-rule-results.sarif summary: true - env: - # Use Bicep from Azure CLI. - PSRULE_AZURE_BICEP_USE_AZURE_CLI: true + # env: + # # Use Bicep from Azure CLI. + # PSRULE_AZURE_BICEP_USE_AZURE_CLI: true - name: Upload results to security tab uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.29.5