Merge pull request #197 from SamErde/update-actions

Maintenance for actions and settings

Author: jakehildreth

.cspell.json

@@ -0,0 +1,53 @@
+{
+  "import": [
+    "@cspell/dict-powershell/cspell-ext.json",
+    "@cspell/dict-csharp/cspell-ext.json"
+  ],
+
+  "version": "0.2",
+  "language": "en",
+
+    "words": [
+        "RSAT",
+        "Artefacts",
+        "NTDS",
+        "Hildreth"
+    ],
+
+    "ignoreWords": [
+        "malconfiguration",
+        "sarif",
+        "psscriptanalyzer",
+        "DEVSKIM",
+        "KICS",
+        "pscustomobject",
+        "certutil",
+        "certsvc",
+        "setreg",
+        "contoso",
+        "SCHANNEL",
+        "RSATAD",
+        "Dism",
+        "getreg",
+        "Dacl",
+        "Calver"
+    ],
+
+    "flagWords": [
+    ],
+
+    "patterns": [
+        {
+          "name": "ALL-CAPS-WORDS",
+          "pattern": "/\b[A-Z0-9]+\b/g",
+          "description": "Any word in ALL CAPS."
+        }
+    ],
+
+    "ignoreRegExpList": [
+        "ALL-CAPS-WORDS",
+        "Email",
+        "github.com/",
+        "@"
+    ]
+}

.github/workflows/mega-linter.yml

@@ -3,16 +3,16 @@
 ---
   name: MegaLinter
 
-  # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main
+  # Trigger mega-linter at every pull request.
   on:
     # Comment this line to trigger action only on pull-requests
     # (not recommended if you don't pay for GH Actions)
     # push:
 
     pull_request:
-      branches:
+      # branches:
         # - main
-        - testing
+        # - testing
         # - dev
         # - experimental
 
@@ -44,9 +44,9 @@
       # Give the default GITHUB_TOKEN write permission to commit and push, comment
       # issues & post new PR; remove the ones you do not need
       permissions:
-        contents: write
-        issues: write
-        pull-requests: write
+        contents: read
+        issues: read
+        pull-requests: read
 
       steps:
 
@@ -58,15 +58,15 @@
 
             # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
             # improve performance
-            fetch-depth: 0
+            # fetch-depth: 0
 
         # MegaLinter
         - name: MegaLinter
 
           # You can override MegaLinter flavor used to have faster performances
           # More info at https://megalinter.io/flavors/
           # The dotnet flavor includes PowerShell, MD, YAML, JSON, spelling, and more.
-          uses: oxsecurity/megalinter/flavors/dotnet@v7.7.0
+          uses: oxsecurity/megalinter/flavors/dotnet@v8.3.0
 
           id: ml
 
@@ -78,19 +78,19 @@
             # main. Override with true if you always want to lint all sources
             #
             # To validate the entire codebase, set to:
-            # VALIDATE_ALL_CODEBASE: true
+            VALIDATE_ALL_CODEBASE: true
             #
             # To validate only diff with main, set to:
             # VALIDATE_ALL_CODEBASE: >-
             #   ${{
             #     github.event_name == 'push' &&
             #     contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
             #   }}
-            VALIDATE_ALL_CODEBASE: >-
-              ${{
-                github.event_name == 'push' &&
-                contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
-              }}
+            # VALIDATE_ALL_CODEBASE: >-
+            #   ${{
+            #     github.event_name == 'push' &&
+            #     contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
+            #   }}
 
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -113,69 +113,3 @@
             path: |
               megalinter-reports
               mega-linter.log
-
-        # Set APPLY_FIXES_IF var for use in future steps
-        - name: Set APPLY_FIXES_IF var
-          run: |
-            printf 'APPLY_FIXES_IF=%s\n' "${{
-              steps.ml.outputs.has_updated_sources == 1 &&
-              (
-                env.APPLY_FIXES_EVENT == 'all' ||
-                env.APPLY_FIXES_EVENT == github.event_name
-              ) &&
-              (
-                github.event_name == 'push' ||
-                github.event.pull_request.head.repo.full_name == github.repository
-              )
-            }}" >> "${GITHUB_ENV}"
-
-        # Set APPLY_FIXES_IF_* vars for use in future steps
-        - name: Set APPLY_FIXES_IF_* vars
-          run: |
-            printf 'APPLY_FIXES_IF_PR=%s\n' "${{
-              env.APPLY_FIXES_IF == 'true' &&
-              env.APPLY_FIXES_MODE == 'pull_request'
-            }}" >> "${GITHUB_ENV}"
-            printf 'APPLY_FIXES_IF_COMMIT=%s\n' "${{
-              env.APPLY_FIXES_IF == 'true' &&
-              env.APPLY_FIXES_MODE == 'commit' &&
-              (!contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref))
-            }}" >> "${GITHUB_ENV}"
-
-        # Create pull request if applicable
-        # (for now works only on PR from same repository, not from forks)
-        - name: Create Pull Request with applied fixes
-          uses: peter-evans/create-pull-request@v5
-          id: cpr
-          if: env.APPLY_FIXES_IF_PR == 'true'
-          with:
-            token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
-            commit-message: "[MegaLinter] Apply linters automatic fixes"
-            title: "[MegaLinter] Apply linters automatic fixes"
-            labels: bot
-
-        - name: Create PR output
-          if: env.APPLY_FIXES_IF_PR == 'true'
-          run: |
-            echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
-            echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
-
-        # Push new commit if applicable
-        # (for now works only on PR from same repository, not from forks)
-        - name: Prepare commit
-          if: env.APPLY_FIXES_IF_COMMIT == 'true'
-          run: sudo chown -Rc $UID .git/
-
-        - name: Commit and push applied linter fixes
-          uses: stefanzweifel/git-auto-commit-action@v5
-          if: env.APPLY_FIXES_IF_COMMIT == 'true'
-          with:
-            branch: >-
-              ${{
-                github.event.pull_request.head.ref ||
-                github.head_ref ||
-                github.ref
-              }}
-            commit_message: "[MegaLinter] Apply linters fixes"
-            commit_user_name: megalinter-bot
-            commit_user_email: megalinter@dotdot.horse

.github/workflows/powershell.yml

@@ -13,7 +13,6 @@ on:
   push:
     branches: [ "testing" ]
   pull_request:
-    branches: [ "testing" ]
   schedule:
     - cron: '41 14 * * 4'
 
@@ -29,7 +28,7 @@ jobs:
     name: PSScriptAnalyzer
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Run PSScriptAnalyzer
         uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
@@ -44,6 +43,6 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif

.gitignore

@@ -1,12 +1,6 @@
-.DS_Store
-.vs/*
-.vscode/*
-ADCSIssues.CSV
-ADCSRemediation.CSV
 Artefacts/*
 Examples/Output/*
 Ignore/*
-Invoke-RevertLocksmith.ps1
 Lib/Core/*
 Lib/Default/*
 Lib/Standard/*
@@ -19,3 +13,23 @@ Sources/*/bin
 Sources/*/*/obj
 Sources/*/*/bin
 Sources/packages/*
+
+### Visual Studio / Code ###
+.vs/*
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+### Module Output Files ###
+ADCSIssues.CSV
+ADCSRemediation.CSV
+Locksmith*ADCSIssues.CSV
+Locksmith*ADCSRemediation.CSV
+Invoke-RevertLocksmith.ps1
+
+### OS Files ###
+.DS_Store
+Thumbs.db