Currently output from PSRule can be filtered to a specific set of outcomes by setting Output.Outcome through an environment variable or ps-rule.yaml.

However this is common case that a parameter to configure directly on the action can be provided.

For the v2 release we need to:

• Flag v0 tasks as deprecated.
• Remove the preview flag from v2 tasks.

Description of the issue

My tasks were working fine in the Azure DevOps hosted agent.

I just installed the self-hosted agent locally on Windows 11 x64. I already have PSRule 2.2.0 and PSRule.Rules.Azure 1.17.1 installed.

The self-hosted agent runs as the NETWORK SERVICE user.

It looks like it might be trying to uninstall or reinstall the modules, and it's erroring out.

Configuration

Yaml configuration of the extension.

      - task: ps-rule-install@2
        displayName: Install PSRule.Rules.Azure PS module
        condition: and(succeeded(), eq('${{parameters.runPSRuleTests}}', true))
        inputs:
          module: PSRule.Rules.Azure
          latest: false
          prerelease: false

Expected behaviour

Expected it to work as it did in a hosted agent.

Error output

Starting: Install PSRule.Rules.Azure PS module
==============================================================================
Task         : Install PSRule module
Description  : Install a PowerShell module containing rules.
Version      : 1.0.2207007
Author       : Bernie White
Help         : https://github.com/Microsoft/PSRule-pipelines/blob/main/docs/tasks.md#ps-rule-install
==============================================================================

[info] Using PreRelease: False
[info] Checking PowerShellGet
[info] Checking module: PSRule.Rules.Azure
[info] Installing module: PSRule.Rules.Azure
##[warning]The version '2.2.0' of module 'PSRule' is currently in use. Retry the operation after closing the applications.
##[warning]The version '1.17.1' of module 'PSRule.Rules.Azure' is currently in use. Retry the operation after closing the applications.
##[error]No match was found for the specified search criteria and module names 'PSRule.Rules.Azure'.
Finishing: Install PSRule.Rules.Azure PS module

Task in use and version:

• Task: ps-rule-install@2

Additional context

I tried commenting out the ps-rule-install task, as I already have the modules installed locally.

The next task, ps-rule-assert, failed in a similar manner as it too attempted to install the modules.

I next attempted to uninstall the modules from my machine to see if I could progress. I was blocked again with a similar message that they were in use.

I closed all terminals and powershell sessions and stopped VSCode (in which I have the PSRule extension installed). This seemed to allow me to uninstall the modules and run the job again.

This time I'm getting the following:

Starting: Run PSRule validation tests on Azure template files
==============================================================================
Task         : PSRule analysis
Description  : Run analysis with PSRule.
Version      : 2.0.2207007
Author       : Bernie White
Help         : https://github.com/Microsoft/PSRule-pipelines/blob/main/docs/tasks.md#ps-rule-assert
==============================================================================
[info] Source 'C:\agent\_work\1\s\.ps-rule\' does not exist.

Checking PSRule
[info] Using repository: PSGallery
##[error]The 'Get-InstalledModule' command was found in the module 'PowerShellGet', but the module could not be loaded. For more information, run 'Import-Module PowerShellGet'.
Finishing: Run PSRule validation tests on Azure template file

Bump PSRule dependency to v1.11.0.

Description of the issue

Azure Pipeline may run stable PSRule tasks versions. And the version is not always correctly reflected in output.

A very large Azure DevOps customer I'm working with enquired today why this isn't published by Microsoft and verified. They are unable to use unverified 3rd party marketplace items.

https://marketplace.visualstudio.com/items?itemName=bewhite.ps-rule

Note that the GitHub Actions version is verified. https://github.com/marketplace/actions/psrule

Are there any plans to do verify this for Azure DevOps?

The PSRule version v2.0.0-B2201161 and greater supports SARIF as an output format. We need to update the action validation set to permit Sarif to be used as an output format.

Update PSRule dependency to v1.1.0.

Add validation of repository files using GitHub Actions.

Bump PSRule dependency to v1.6.0.

Description of the issue

Azure Devops Pipelines throwing an error which requires node10 version updates of this extension to be released.

##[warning]This task uses Node 6 execution handler, which will be removed March 31st 2022. If you are the developer of the task - please consider the migration guideline to Node 10 handler - https://aka.ms/migrateTaskNode10 (check this page also if you would like to disable Node 6 deprecation warnings). If you are the user - feel free to reach out to the owners of this task to proceed on migration.

Using: 0.0.2111007

Description of the issue

after recent update pipelines started failing, stating that VstsTaskSdk.psd1 file is not found

Configuration

Yaml configuration of the extension.

pool:
      vmImage: "windows-latest"
....
    steps:
      - task: ps-rule-assert@2
        displayName: "Run PSRule scan"
        inputs:
          path: "$(System.DefaultWorkingDirectory)"
          inputType: "repository"
          inputPath: "$(projectDirectory)/devops/infrastructure/bicep/*.bicep"
          source:
          modules: "PSRule.Rules.Azure"
          outputFormat: "NUnit3"
          outputPath: "$(Pipeline.Workspace)/PSRule/ps-rule-results.xml"

Expected behaviour

task runs successfully

Error output

Capture any error messages.

##[error]File not found: 'D:\a\_tasks\ps-rule-assert_8804fc31-b62f-4d49-b2a1-c80dc0879dae\2.0.2205045\ps_modules\VstsTaskSdk\VstsTaskSdk.psd1'

Task in use and version:

Task : PSRule analysis
Description : Run analysis with PSRule.
Version : 2.0.2205045

from devops extensions tab:
Installed version
2.0.0 (Latest)
Last updated
May 17, 2022 at 5:48 PM GMT+2

Additional context

got same error both for @1 and @2 versions of ps-rule-assert task

Currently V2 tasks support Node 10. We should add support for Node 16 since this is the latest for Azure DevOps.

For back compatibility we should support either Node 10 or Node 16, with a thought for PSRule V3 (future) tasks only supporting Node 16.

Upgrading Tasks to Node 16

Bump PSRule dependency to v1.4.0.

Update included PSRule version to v1.0.0.

Bump PSRule dependency to v1.8.0.

PSRule v0.21.0 added support for an additional output format Markdown. Support should be added for Markdown with the outputFormat input parameter.

Description of the issue

Examples in documentation show outputType instead of outputFormat. The input outputType is not valid and is ignored.

Description of the issue

Task randomly fails with 'Error code 5' when running a scan on bicep templates. I say randomly, since rerun of same task (identical configuration) can succeed, or fail a few more times before eventually succeeding.
Task runs for 3-5 mins before failing

Configuration
We do not run "Install PSRule module" task prior to this task. ps-rule-assert@1 is a first task in a job.
Job is running on Microsoft-hosted agent
Image: windows-latest

Yaml configuration of the extension.

      - task: ps-rule-assert@1
        displayName: "Run PSRule scan"
        inputs:
          path: "$(System.DefaultWorkingDirectory)"
          inputType: "inputPath"
          inputPath: "$(projectDirectory)/devops/infrastructure/bicep/*.bicep"
          source:
          modules: "PSRule.Rules.Azure"
          outputFormat: "NUnit3"
          outputPath: "$(Pipeline.Workspace)/PSRule/ps-rule-results.xml"

Expected behaviour

Task to succeed in providing scan results

Error output

Last logs before error:
From repository: {Repo-name}
on : refs/pull/6814/merge
at : 36f6dae96fa568f1c1349feb42dc7c3080cb8321

Then error:

##[error]Exit code 5 returned from process: file name 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe', arguments '-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". ([scriptblock]::Create('if ([Console]::InputEncoding -is [Text.UTF8Encoding] -and [Console]::InputEncoding.GetPreamble().Length -ne 0) { [Console]::InputEncoding = New-Object Text.UTF8Encoding $false } if (!$PSHOME) { $null = Get-Item -LiteralPath ''variable:PSHOME'' } else { Import-Module -Name ([System.IO.Path]::Combine($PSHOME, ''Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1'')) ; Import-Module -Name ([System.IO.Path]::Combine($PSHOME, ''Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1'')) }')) 2>&1 | ForEach-Object { Write-Verbose $_.Exception.Message -Verbose } ; Import-Module -Name 'D:\a\_tasks\ps-rule-assert_8804fc31-b62f-4d49-b2a1-c80dc0879dae\1.0.2201013\ps_modules\VstsTaskSdk\VstsTaskSdk.psd1' -ArgumentList @{ NonInteractive = $true } -ErrorAction Stop ; $VerbosePreference = 'SilentlyContinue' ; $DebugPreference = 'SilentlyContinue' ; Invoke-VstsTaskScript -ScriptBlock ([scriptblock]::Create('. ''D:\a\_tasks\ps-rule-assert_8804fc31-b62f-4d49-b2a1-c80dc0879dae\1.0.2201013\powershell.ps1'''))"'.

Task in use and version:

• Task: ps-rule-assert
• Version: SHOULD be 1.5.0, we have latest version installed. DevOps logs mention v 1.0.2201013, not sure what's that

From DevOps extension details:
Installed version
1.5.0 (Latest)

From task execution log:
Task : PSRule analysis
Description : Run analysis with PSRule.
Version : 1.0.2201013

Additional context

Additional logs:

 Checking module: PSRule.Rules.Azure
  - Installing module
  - Using version: 1.14.3

[info] Using Version: 2.0.1
[info] Using PWD: D:\a\_tasks\ps-rule-assert_8804fc31-b62f-4d49-b2a1-c80dc0879dae\1.0.2201013
[info] Using Path: D:\a\1\s
[info] Using Source: D:\a\1\s
[info] Using Baseline: 
[info] Using Conventions: 
[info] Using InputType: inputPath
[info] Using InputPath: D:\a\1\s\projectName\devops\infrastructure\bicep\*.bicep
[info] Using OutputFormat: NUnit3
[info] Using OutputPath: D:\a\1\PSRule\ps-rule-results.xml

Update to the latest extension icon.

Currently the inputType of repository uses custom code to scan the repository for files.

PSRule v0.20.0-B2008002 introduces a similar process natively within the engine. It also observes file exclusions from .gitignore and the Input.PathIgnore option.

We should update to use this feature.

References

PSRule change log

Description of the issue

Tasks that use Node 10 should declare they require agent version minimumAgentVersion = 2.144.0 since this was the first agent version that supported Node 10.

Additional context

Upgrading Tasks to Node 10

Description of the issue

In Azure Devops pipeline, getting an error about configuration file found which should be treated as informational.
Could this be converted to info level in the extension?

It's currently failing the task out.

##[error]Bicep (0.4.1008) compilation of '/home/vsts/work/1/s/adfrowpe.bicep' failed with: /home/vsts/work/1/s/adfrowpe.bicep(1,1) : Info Bicep Linter Configuration: Custom bicepconfig.json file found (/home/vsts/work/1/s/bicepconfig.json).

Module in use and version:

Using PSRule v1.10.0-B2111024+8dc57907efe733ededf307d1c87a5af5253dea93
Using PSRule.Rules.Azure v1.11.0-B2111014

See Azure/bicep#4851

Description of the issue

If a module fails to install, an PowerShell error will be generated in output but this doesn't stop the pipeline.

If the module is not installed, included rules can not be run.

Expected behaviour

If any module fails to install, the action should error.

Failing to install a module could be a transient issue.

Task in use and version:

• Task: ps-rule-assert
• Version: 1.0.0

An issue occurs in latest unreleased task when attempting to load old and newer versions of PSRule.

Currently rules modules can be installed from the PowerShell Gallery. There isn't a way currently to use a private feed, however this would be helpful for internal publishing within an organization.

PSRule provides an ability to use a baseline to configure binding and rule sets.

Currently this option is not exposed as a configurable option within the ps-rule-assert task.

Update included PSRule version to v0.20.0.

Currently the PSRule version is always the latest version for the task.

Moving forward with PSRule v2. In the short term we need to test PSRule v2 preview versions. But longer term, giving a choice of PSRule version would be helpful.

Related to microsoft/ps-rule#132

Update included PSRule version to v0.19.0.

Update PSRule dependency to v1.2.0.

Update included PSRule version to v0.17.0.

Update repository to align to OSS guidelines.

Update included PSRule version to v0.18.0.

Bump PSRule dependency to v1.7.2.

An issue with the latest unreleased task.

The specified module
     | '/home/vsts/work/_tasks/ps-rule-install_0848dd65-bc06-4882-ae15-e2609d7fab0d/2.0.2204011/ps_modules/VstsTaskSdk' was not loaded because no valid module file was found in any module directory.

Update included PSRule version to v0.21.0.

PSRule v0.19.0 introduced module version constraints that determine module versions that can be used. This information could also be used to restore the correct module versions instead of having to do this over multiple ps-rule-install tasks.

Reference

PSRule change log

Currently PSRule will automatically detect and use ps-rule.yaml for options from the current working path when the assert task is run.

In some cases it may be desirable to have an options file for different use cases. While Assert-PSRule exposes an -Option parameter that can be set to an alternative file path, it is not currently exposed as an option that can be set in the pipeline.

Adding an additional parameter to set the option file would be useful for some use cases.

Add assert and install tasks for PSRule v2 support.

Bump PSRule dependency to v1.7.0.

Bump PSRule dependency to v1.5.0.

Azure DevOps uses different versioning for tasks vs extension. It's not clear for customers when troubleshooting which version they are using from the task version only, although they are interrelated. See #385.

Ideally we should inject in some additional information in the output to make is easier to understand what extension version is installed.

An error is occurs in the latest unreleased assert task. Path is incorrectly handled by nesting into workspace path.

Hi, I have an issue or maybe my own understanding is wrong on how to make custom rule. Namely, I wanted to make simple check of existence of Tags within Bicep file. I've setup ps-rule.yaml file in which I set cofnfiguration for expansion because of the Bicep code and I've created .ps-rule folder with countryTag.Rule.ps1 with custom rule. Whichever approach I make in creating the rule it always fails. Built-in PSRule works great and it actually sees which resources I'm trying to deploy and therefore pulls out all related Azure Well Architecture Framework rules and compare it with PASS/FAIL flags correctly. My custom rule is being run as I can see it on the beginning of the report but it is always in FAIL status no matter what I do and in the setup that I currently have I expect it to PASS. Screenshots of all mentioned PSRules files are below alongside with portion of the Bicep code that shows the tag existence.

.ps-rule/countryTag.Rule.ps1:

ps-rule.yaml:

Bicep code:

When I tried different approach by fulfilling the countryTag.Rule.ps1 with this code I received again FAIL status. This time I deliberately made correction on the bicep file so that all builtin checks to pass. Only custom rule didn't :

Update included PSRule version to v1.0.1.

Conventions provide additional extensibility for PSRule, we should allow these to be specified from the assert task.

Bump PSRule dependency to v1.9.0

Update included PSRule version to v0.18.1.

Related to: microsoft/ps-rule#140.

We should probably add the same change to the Azure pipelines task.