Merge branch 'main' of https://github.com/microsoft/AzureTRE into tam…

…irkamara/4148-cmk-in-gh-actions

.devcontainer/devcontainer.json

@@ -29,7 +29,7 @@
     // Mount docker socket for docker builds
     "type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock",
     // Mounts the github cli login details from the host machine to the container (~/.config/gh/hosts.yml)
-    "type=bind,source=${env:HOME}${env:USERPROFILE}/.config,target=/home/vscode/.config",
+    "type=bind,source=${env:HOME}${env:USERPROFILE}/.config,target=/home/vscode/.config"
   ],
   "remoteUser": "vscode",
   "containerEnv": {
@@ -44,20 +44,13 @@
       // Set *default* container specific settings.json values on container create.
       "settings": {
         "terminal.integrated.defaultProfile.linux": "bash",
+        "editor.formatOnPaste": true,
+        "editor.formatOnSave": true,
         "python.pythonPath": "/usr/local/bin/python",
-        "python.linting.enabled": true,
-        "python.linting.pylintEnabled": false,
-        "python.linting.flake8Enabled": true,
         "python.formatting.provider": "black",
         "python.formatting.autopep8Path": "/usr/local/py-utils/bin/autopep8",
         "python.formatting.blackPath": "/usr/local/py-utils/bin/black",
         "python.formatting.yapfPath": "/usr/local/py-utils/bin/yapf",
-        "python.linting.banditPath": "/usr/local/py-utils/bin/bandit",
-        "python.linting.flake8Path": "/usr/local/py-utils/bin/flake8",
-        "python.linting.mypyPath": "/usr/local/py-utils/bin/mypy",
-        "python.linting.pycodestylePath": "/usr/local/py-utils/bin/pycodestyle",
-        "python.linting.pydocstylePath": "/usr/local/py-utils/bin/pydocstyle",
-        "python.linting.pylintPath": "/usr/local/py-utils/bin/pylint",
         "python.testing.unittestEnabled": false,
         "python.testing.pytestEnabled": true,
         "python.testing.pytestArgs": [
@@ -275,8 +268,12 @@
       "extensions": [
         "ms-python.python",
         "ms-python.pylance",
+        "ms-python.flake8",
+        "nwgh.bandit",
         "hashicorp.terraform",
         "github.vscode-pull-request-github",
+        "gitHub.copilot",
+        "github.copilot-chat",
         "getporter.porter-vscode",
         "davidanson.vscode-markdownlint",
         "editorconfig.editorconfig",
@@ -291,5 +288,8 @@
     8000
   ],
   // Run commands after the container is created.
-  "postCreateCommand": "./.devcontainer/scripts/post-create.sh"
+  "postCreateCommand": "./.devcontainer/scripts/post-create.sh",
+  "initializeCommand": [
+    "./.devcontainer/scripts/initialize"
+  ]
 }

.devcontainer/scripts/initialize

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+mkdir -p "$HOME/.azure" "$HOME/.config" || true

.devcontainer/scripts/initialize.cmd

@@ -0,0 +1,2 @@
+@echo off
+mkdir %USERPROFILE%\.azure %USERPROFILE%\.config || exit /b 0

.github/actions/devcontainer_run_command/action.yml

@@ -190,9 +190,19 @@ runs:
     - name: Run command in DevContainer
       shell: bash
       run: |
+        # Write command to a command.sh script file
+        cat <<EOF >> ./command.sh
+        #!/bin/bash
+        set -x
+        ${{ inputs.COMMAND }}
+        EOF
+
+        chmod +x ./command.sh
+
         docker run --rm --mount \
           "type=bind,src=${{ github.workspace }},dst=/workspaces/tre" \
           -v /var/run/docker.sock:/var/run/docker.sock \
+          -v "./command.sh:/workspaces/tre/command.sh" \
           --workdir /workspaces/tre \
           --user vscode \
           -e TF_INPUT="0" \
@@ -261,4 +271,7 @@ runs:
           -e TF_VAR_external_key_store_id="${{ inputs.EXTERNAL_KEY_STORE_ID }}" \
           -e E2E_TESTS_NUMBER_PROCESSES="${{ inputs.E2E_TESTS_NUMBER_PROCESSES }}" \
           '${{ inputs.CI_CACHE_ACR_NAME }}${{ env.ACR_DOMAIN_SUFFIX }}/tredev:${{ inputs.DEVCONTAINER_TAG }}' \
-        bash -c "${{ inputs.COMMAND }}"
+        bash -c -x "./command.sh"
+
+        # Clean up temporary script file
+        rm ./command.sh

.github/workflows/build_validation_develop.yml

@@ -1,11 +1,11 @@
 ---
 name: Build Validation
 
-on:  # yamllint disable-line rule:truthy
+on: # yamllint disable-line rule:truthy
   pull_request:
     branches:
       - main
-      - 'feature/**'
+      - "feature/**"
 
 # for each ref (branch/pr) run just the most recent,
 # cancel other pending/running ones
@@ -112,7 +112,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VALIDATE_TERRAFORM_TFLINT: true
           TERRAFORM_TFLINT_CONFIG_FILE: .tflint_core.hcl
-          FILTER_REGEX_INCLUDE: './core/.*'
+          FILTER_REGEX_INCLUDE: "./core/.*"
 
       - name: Workspace Tags
         if: ${{ steps.filter.outputs.terraform_workspaces == 'true' }}
@@ -123,7 +123,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VALIDATE_TERRAFORM_TFLINT: true
           TERRAFORM_TFLINT_CONFIG_FILE: .tflint_workspaces.hcl
-          FILTER_REGEX_INCLUDE: './templates/workspaces/.*'
+          FILTER_REGEX_INCLUDE: "./templates/workspaces/.*"
 
       - name: Workspace Services Tags
         if: ${{ steps.filter.outputs.terraform_workspace_services == 'true' }}
@@ -134,8 +134,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VALIDATE_TERRAFORM_TFLINT: true
           TERRAFORM_TFLINT_CONFIG_FILE: .tflint_workspace_services.hcl
-          FILTER_REGEX_INCLUDE: './templates/workspaces/.*'
-          FILTER_REGEX_EXCLUDE: '.*user_resource.*'
+          FILTER_REGEX_INCLUDE: "./templates/workspaces/.*"
+          FILTER_REGEX_EXCLUDE: ".*user_resource.*"
 
       - name: User Resources Tags
         if: ${{ steps.filter.outputs.terraform_workspace_services == 'true' }}
@@ -146,7 +146,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VALIDATE_TERRAFORM_TFLINT: true
           TERRAFORM_TFLINT_CONFIG_FILE: .tflint_user_resources.hcl
-          FILTER_REGEX_INCLUDE: './templates/workspace_services/.*/user_resources/.*'
+          FILTER_REGEX_INCLUDE: "./templates/workspace_services/.*/user_resources/.*"
 
       - name: Shared Services Tags
         if: ${{ steps.filter.outputs.terraform_shared_services == 'true' }}
@@ -157,4 +157,4 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VALIDATE_TERRAFORM_TFLINT: true
           TERRAFORM_TFLINT_CONFIG_FILE: .tflint_shared_services.hcl
-          FILTER_REGEX_INCLUDE: './templates/shared_services/.*'
+          FILTER_REGEX_INCLUDE: "./templates/shared_services/.*"

.github/workflows/codeql-analysis.yml

@@ -12,13 +12,13 @@
 #
 name: "CodeQL"
 
-on:  # yamllint disable-line rule:truthy
+on: # yamllint disable-line rule:truthy
   push:
     branches: [main]
   pull_request:
     branches: [main]
   schedule:
-    - cron: '41 3 * * 5'
+    - cron: "41 3 * * 5"
 
 # for each ref (branch/pr) run just the most recent,
 # cancel other pending/running ones
@@ -38,7 +38,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['python', 'java', 'javascript', 'typescript']
+        language: ["python", "java", "javascript", "typescript"]
 
     steps:
       - name: Checkout repository

.github/workflows/deploy_tre_reusable.yml

@@ -436,9 +436,14 @@ jobs:
         uses: ./.github/actions/devcontainer_run_command
         with:
           # Although porter publish will build automatically, our makefile build target includes logic that should run
-          COMMAND: >-
-            for i in {1..3}; do make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }}
-            && ec=0 && break || ec=\$? && sleep 30; done; (exit \$ec)
+          COMMAND: |
+            # Loop to retry the make command up to 3 times
+            for i in {1..3}; do
+              make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }} && ec=0 && break || ec=\$? && sleep 30;
+            done;
+
+            # Exit with the last status code
+            (exit \$ec)
           DEVCONTAINER_TAG: ${{ inputs.DEVCONTAINER_TAG }}
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
           AZURE_ENVIRONMENT: ${{ vars.AZURE_ENVIRONMENT }}
@@ -482,9 +487,14 @@ jobs:
         uses: ./.github/actions/devcontainer_run_command
         with:
           # Although porter publish will build automatically, our makefile build target includes logic that should run
-          COMMAND: >-
-            for i in {1..3}; do make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }}
-            && ec=0 && break || ec=\$? && sleep 30; done; (exit \$ec)
+          COMMAND: |
+            # Loop to retry the make command up to 3 times
+            for i in {1..3}; do
+            make bundle-build bundle-publish DIR=${{ matrix.BUNDLE_DIR }} && ec=0 && break || ec=\$? && sleep 30;
+            done
+
+            # Exit with the last status code
+            (exit \$ec)
           DEVCONTAINER_TAG: ${{ inputs.DEVCONTAINER_TAG }}
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
           AZURE_ENVIRONMENT: ${{ vars.AZURE_ENVIRONMENT }}
@@ -526,9 +536,14 @@ jobs:
       - name: Register bundle
         uses: ./.github/actions/devcontainer_run_command
         with:
-          COMMAND: >-
-            for i in {1..3}; do make bundle-register DIR=${{ matrix.BUNDLE_DIR }}
-            && ec=0 && break || ec=\$? && sleep 10; done; (exit \$ec)
+          COMMAND: |
+            # Loop to retry the make command up to 3 times
+            for i in {1..3}; do
+              make bundle-register DIR=${{ matrix.BUNDLE_DIR }} && ec=0 && break || ec=\$? && sleep 10;
+            done
+
+            # Exit with the last status code
+            (exit \$ec)
           DEVCONTAINER_TAG: ${{ inputs.DEVCONTAINER_TAG }}
           CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}}
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
@@ -586,9 +601,14 @@ jobs:
       - name: Register bundle
         uses: ./.github/actions/devcontainer_run_command
         with:
-          COMMAND: >-
-            for i in {1..3}; do make bundle-register DIR=${{ matrix.BUNDLE_DIR }}
-            && ec=0 && break || ec=\$? && sleep 10; done; (exit \$ec)
+          COMMAND: |
+            # Loop to retry the make command up to 3 times
+            for i in {1..3}; do
+              make bundle-register DIR=${{ matrix.BUNDLE_DIR }} && ec=0 && break || ec=\$? && sleep 10;
+            done;
+
+            # Exit with the last status code
+            (exit \$ec)
           DEVCONTAINER_TAG: ${{ inputs.DEVCONTAINER_TAG }}
           CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}}
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
@@ -635,9 +655,14 @@ jobs:
       - name: Register bundle
         uses: ./.github/actions/devcontainer_run_command
         with:
-          COMMAND: >-
-            for i in {1..3}; do make bundle-register DIR=${{ matrix.BUNDLE_DIR }}
-            && ec=0 && break || ec=\$? && sleep 10; done; (exit \$ec)
+          COMMAND: |
+            # Loop to retry the make command up to 3 times
+            for i in {1..3}; do
+              make bundle-register DIR=${{ matrix.BUNDLE_DIR }} && ec=0 && break || ec=\$? && sleep 10;
+            done;
+
+            # Exit with the last status code
+            (exit \$ec)
           DEVCONTAINER_TAG: ${{ inputs.DEVCONTAINER_TAG }}
           CI_CACHE_ACR_NAME: ${{ secrets.CI_CACHE_ACR_NAME}}
           AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
@@ -875,3 +900,4 @@ jobs:
         with:
           junit_files: "artifacts/**/*.xml"
           check_name: "E2E Test Results"
+          comment_mode: off