Merge remote-tracking branch 'original/master'

# Conflicts:
#	Solutions/WithSecureElementsViaFunction/Data Connectors/WithSecureElementsViaFunctionConn.zip
#	Solutions/WithSecureElementsViaFunction/Data Connectors/requirements.txt

Author: gloo-shock

.github/workflows/ScanSecrets.yaml

@@ -10,7 +10,7 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
       with:
-        fetch-depth: 0
+        fetch-depth: 10
     - name: Secret Scanning
       uses: trufflesecurity/trufflehog@main
       with:

.github/workflows/arm-ttk-validations.yaml

@@ -20,7 +20,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          fetch-depth: 0
+          fetch-depth: 10
       - shell: pwsh
         id: step1
         name: Identify Changes in PR

.github/workflows/aws-s3-bundle-update.yaml

@@ -0,0 +1,106 @@
+name: AWS-S3 DataConnector Bundle Auto-Update
+run-name: Auto-updating AWS-S3 bundles for ${{ github.event.pull_request.head.ref }}
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      # Trigger when any of these files in AWS-S3 directory change
+      - 'DataConnectors/AWS-S3/*.ps1'
+      - 'DataConnectors/AWS-S3/*.py'
+      - 'DataConnectors/AWS-S3/*.md'
+      - 'DataConnectors/AWS-S3/CloudFormation/**'
+      - 'DataConnectors/AWS-S3/Enviornment/**'
+      - 'DataConnectors/AWS-S3/Utils/**'
+      # Don't trigger on zip file changes (to avoid recursion)
+      - '!DataConnectors/AWS-S3/*.zip'
+      # Don't trigger on bundle automation documentation changes (not bundled)
+      - '!DataConnectors/AWS-S3/BUNDLE_AUTOMATION.md'
+  
+  # Allow manual workflow dispatch for testing
+  workflow_dispatch:
+
+jobs:
+  auto-update-bundles:
+    # Security: Block workflow execution on forked repositories
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.APPLICATION_ID }}
+          private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
+      
+      - name: Checkout PR branch with sparse checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+          ref: ${{ github.event.pull_request.head.ref }}
+          fetch-depth: 2  # Just need HEAD and parent for git diff
+          persist-credentials: false  # Security: Don't persist credentials after checkout
+          sparse-checkout: |
+            DataConnectors/AWS-S3
+            .script
+          sparse-checkout-cone-mode: false
+      
+      - name: Restore bundling script from base branch
+        run: |
+          # Security: Use trusted script from base branch to prevent malicious PR modifications
+          # Fetch the base branch to ensure we have the reference
+          git fetch origin ${{ github.base_ref || 'master' }}:refs/remotes/origin/${{ github.base_ref || 'master' }}
+          git checkout origin/${{ github.base_ref || 'master' }} -- .script/bundleAwsS3Scripts.sh
+          chmod +x .script/bundleAwsS3Scripts.sh
+      
+      - name: Check if auto-update needed
+        id: check_update
+        run: |
+          # Skip if this commit already updated bundles (prevent loops)
+          if git log -1 --name-only | grep -q "ConfigAwsS3DataConnectorScripts.*\.zip"; then
+            echo "skip=true" >> $GITHUB_OUTPUT
+            echo "Bundles already updated in latest commit"
+          else
+            echo "skip=false" >> $GITHUB_OUTPUT
+          fi
+      
+      - name: Update bundles
+        if: steps.check_update.outputs.skip != 'true'
+        run: |
+          .script/bundleAwsS3Scripts.sh
+      
+      - name: Commit updated bundles
+        if: steps.check_update.outputs.skip != 'true'
+        env:
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          
+          # Configure remote with token for push (needed due to persist-credentials: false)
+          git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}.git
+          
+          # Stage zip files
+          git add DataConnectors/AWS-S3/ConfigAwsS3DataConnectorScripts*.zip
+          
+          # Check if there are changes to commit
+          if ! git diff --cached --quiet; then
+            git commit -m "Auto-update AWS-S3 DataConnector bundles
+            
+            - Updated ConfigAwsS3DataConnectorScripts.zip
+            - Updated ConfigAwsS3DataConnectorScriptsGov.zip
+            - Changes triggered by: ${{ github.event.pull_request.head.sha }}
+            
+            [skip ci]"
+            
+            git push origin ${{ github.event.pull_request.head.ref }}
+            
+            echo "✅ Successfully updated and committed bundle files"
+          else
+            echo "ℹ️ No bundle changes detected"
+          fi

.github/workflows/codeql-analysis.yml

@@ -32,7 +32,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript', 'python', 'ruby', 'actions' ]
+        language: [ 'javascript', 'python', 'ruby', 'actions', 'csharp' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'actions' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
@@ -51,6 +51,16 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
         queries: security-extended,security-and-quality
 
+    # ℹ️ Setup DotNet Versions to building C# projects
+    - name: Setup DotNet Versions
+      uses: actions/setup-dotnet@v5
+      with:
+        dotnet-version: | 
+          6.0.x
+          7.0.x
+          8.0.x
+          9.0.x
+
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild

.github/workflows/content-validations.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/data-connector-validations.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/detection-template-schema-validations.yaml

@@ -15,6 +15,8 @@ jobs:
         PRNUM: ${{ github.event.pull_request.number }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Need HEAD and parent for git diff
       - name: Use .NET Core SDK ${{ env.dotnetSdkVersion }}
         uses: actions/setup-dotnet@v4
         with:

.github/workflows/detection-validations.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/documents-link-validation.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/hyperlinkValidator.yaml

@@ -28,7 +28,7 @@ jobs:
         env:
           GeneratedToken: ${{ steps.generate_token.outputs.token }}
         with:
-          fetch-depth: 0
+          fetch-depth: 10
           token: ${{ env.GeneratedToken }}
       - shell: pwsh
         id: step1