Update dependencies (#49)

Author: BernieWhite

.github/workflows/azure-analyze.yaml

@@ -23,18 +23,24 @@ on:
       - main
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   analyze:
     name: Analyze repository
     runs-on: ubuntu-latest
+    permissions:
+      # actions: read
+      contents: read
+      # security-events: write
     if: github.repository != 'Azure/PSRule.Rules.Azure-quickstart'
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       # Run analysis by using the PSRule GitHub action.
       - name: Run PSRule analysis
-        uses: microsoft/ps-rule@v2.9.0
+        uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
         with:
           modules: PSRule.Rules.Azure
           outputFormat: Sarif
@@ -44,13 +50,13 @@ jobs:
       # If you have GitHub Advanced Security you can upload PSRule scan results.
       # Uncomment the next step to use this feature.
       # - name: Upload results to security tab
-      #   uses: github/codeql-action/upload-sarif@v2
+      #   uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
       #   if: always()
       #   with:
       #     sarif_file: reports/ps-rule-results.sarif
 
       - name: Upload results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         if: always()
         with:
           name: PSRule-Sarif

.github/workflows/ci.yaml

@@ -0,0 +1,65 @@
+#
+# Run CI tests
+#
+
+# Note:
+# This workflow is designed to run only in Azure/PSRule.Rules.Azure-quickstart.
+# You can safely deleted this file if you have templated this repository to your GitHub organization.
+
+# For PSRule documentation see:
+# https://aka.ms/ps-rule
+
+# For action details see:
+# https://aka.ms/ps-rule-action
+
+name: CI
+
+# Run for main or PRs against main
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    if: github.repository == 'Azure/PSRule.Rules.Azure-quickstart'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Check repository content
+        uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
+        with:
+          modules: PSRule.Rules.MSFT.OSS
+
+      - name: Check Azure samples
+        uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
+        with:
+          modules: PSRule.Rules.Azure
+          outputFormat: Sarif
+          outputPath: reports/ps-rule-results.sarif
+          summary: true
+
+      - name: Upload results to security tab
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+        if: always()
+        with:
+          sarif_file: reports/ps-rule-results.sarif
+
+      - name: Upload results
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        if: always()
+        with:
+          name: PSRule-Sarif
+          path: reports/ps-rule-results.sarif
+          retention-days: 1
+          if-no-files-found: error

.github/workflows/ms-analyze.yaml

@@ -0,0 +1,9 @@
+{
+  "version": 1,
+  "modules": {
+    "PSRule.Rules.Azure": {
+      "version": "1.41.3",
+      "integrity": "sha512-yvMcfOsu8KWxTxT94ZxiXTYN3wbD4CmsEQpSSjeHGDyJcDKTlSGFW7YC7XW48qEqN0BFi7aTxGfAyM3FAb5vog=="
+    }
+  }
+}

ps-rule.lock.json

@@ -22,6 +22,17 @@ requires:
   PSRule: '@pre >=2.9.0'
   PSRule.Rules.Azure: '@pre >=1.34.2'
 
+# Add PSRule v3 format configuration
+format:
+  bicep:
+    type:
+      - '.bicep'
+    enabled: true
+  bicepparam:
+    type:
+      - '.bicepparam'
+    enabled: true
+
 # Use PSRule for Azure.
 include:
   module:
@@ -33,6 +44,7 @@ output:
     - 'en-US'
 
 input:
+  fileObjects: true
   pathIgnore:
     # Ignore other files in the repository.
     - '**'