Merge pull request #213 from TrimarcJake/testing

2025.1.1 Release
jakehildreth · Jan 1, 2025 · 0319732 · 0319732
2 parents b887800 + 0d1eac9
commit 0319732
Show file tree

Hide file tree

Showing 72 changed files with 3,542 additions and 998 deletions.
diff --git a/.cspell.json b/.cspell.json
@@ -0,0 +1,53 @@
+{
+  "import": [
+    "@cspell/dict-powershell/cspell-ext.json",
+    "@cspell/dict-csharp/cspell-ext.json"
+  ],
+
+  "version": "0.2",
+  "language": "en",
+
+    "words": [
+        "RSAT",
+        "Artefacts",
+        "NTDS",
+        "Hildreth"
+    ],
+
+    "ignoreWords": [
+        "malconfiguration",
+        "sarif",
+        "psscriptanalyzer",
+        "DEVSKIM",
+        "KICS",
+        "pscustomobject",
+        "certutil",
+        "certsvc",
+        "setreg",
+        "contoso",
+        "SCHANNEL",
+        "RSATAD",
+        "Dism",
+        "getreg",
+        "Dacl",
+        "Calver"
+    ],
+
+    "flagWords": [
+    ],
+
+    "patterns": [
+        {
+          "name": "ALL-CAPS-WORDS",
+          "pattern": "/\b[A-Z0-9]+\b/g",
+          "description": "Any word in ALL CAPS."
+        }
+    ],
+
+    "ignoreRegExpList": [
+        "ALL-CAPS-WORDS",
+        "Email",
+        "github.com/",
+        "@"
+    ]
+}
diff --git a/.github/workflows/Create External Help.yml b/.github/workflows/Create External Help.yml
@@ -0,0 +1,32 @@
+name: 📚 Create External Help
+
+on:
+  pull_request:
+  #push:
+  workflow_dispatch:
+
+jobs:
+  package_help:
+    # The New-ExternalHelpCab cmdlet uses makecab, which depends on Windows.
+    runs-on: windows-latest
+    steps:
+      - name: ✅ Checkout Repository
+        uses: actions/checkout@v4
+      - name: 📁 Display the Path
+        shell: pwsh
+        run: echo ${env:PATH}
+      - name: 🔢 Display the Version
+        shell: pwsh
+        run: $PSVersionTable
+      - name: 📖 Create and Package External PowerShell Help
+        shell: pwsh
+        run: |
+          Install-Module -Name PlatyPS -Scope CurrentUser -Force -SkipPublisherCheck
+          Import-Module -Name PlatyPS -Force
+          #Copy-Item ".\Help\en-US\Locksmith-help.xml" ".\Help\en-US"
+          $params = @{
+              CabFilesFolder  = ".\en-US"
+              LandingPagePath = ".\Docs\Locksmith.md"
+              OutputFolder    = ".\en-US"
+          }
+          New-ExternalHelpCab @params
diff --git a/.github/workflows/Deploy MkDocs.yml b/.github/workflows/Deploy MkDocs.yml
@@ -0,0 +1,64 @@
+name: 📖 Deploy MkDocs to GitHub
+# Install, build, and deploy MkDocs to GitHub Pages using content from the Docs folder.
+
+on:
+  pull_request:
+    branches:
+      - main
+      - testing
+  push:
+    branches:
+      #- main  # The branch you want to deploy from
+      - testing
+    paths:  # Only deploy MkDocs when the contents of the docs folder change or when this workflow changes
+      - 'Docs/**'
+      - '.github/workflows/Deploy MkDocs.yml'
+      - './mkdocs.yml'
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ✅ Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: 🐍 Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'  # specify the Python version
+
+      - name: ➕ Install Dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install mkdocs mkdocs-material
+
+      - name: 👷‍♂️ Build & Deploy MkDocs
+        run: |
+          mkdocs build
+          mkdocs gh-deploy --force
+
+      # Combine markdown files to create the MkDocs index and the repository readme file.
+      - name: 📖 Update Index & Readme
+        shell: pwsh
+        run: |
+          Write-Output 'Updating Docs\Index.md & \Readme.md'
+          Copy-Item README.md Docs/index.md
+      #    [int16]$LineNumber = (Select-String -Path '.\docs\index.md' -Pattern 'Summary' -List).LineNumber + 1
+      #    $IndexTop = Get-Content -Path ./docs/index.md -TotalCount $LineNumber
+      #    $ModuleContent = Get-Content -Path ./docs/Locksmith.md | Select-Object -Skip 12
+      #    $FooterContent = "`n</Details>`n"
+      #    $CombinedContent = $IndexTop + $ModuleContent + $FooterContent
+      #    $CombinedContent | Set-Content -Path ./docs/index.md
+      #    $ModuleContent = $ModuleContent.Replace( '](' , '](./docs/' )
+      #    $CombinedContent = $IndexTop + $ModuleContent
+      #    $CombinedContent | Set-Content -Path ./README.md
+      #    Copy-Item ./docs/index.md ./README.md
+
+      # NOTE: git-auto-commit-action only runs on Linux-based platforms.
+      - name: 💾 Commit Changes
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: 'Copy MkDocs README to index'
+          file_pattern: 'README.md Docs/index.md'
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -3,35 +3,15 @@
 ---
   name: MegaLinter
 
-  # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main
+  # Trigger mega-linter at every pull request.
   on:
-    # Comment this line to trigger action only on pull-requests
-    # (not recommended if you don't pay for GH Actions)
-    # push:
-
     pull_request:
-      branches:
+      # branches:
         # - main
-        - testing
+        # - testing
         # - dev
         # - experimental
 
-  # Comment env block if you do not want to apply fixes
-  # env:
-  #   # Apply linter fixes configuration
-  #   #
-  #   # When active, APPLY_FIXES must also be defined as environment variable
-  #   # (in github/workflows/mega-linter.yml or other CI tool)
-  #   APPLY_FIXES: all
-
-  #   # Decide which event triggers application of fixes in a commit or a PR
-  #   # (pull_request, push, all)
-  #   APPLY_FIXES_EVENT: pull_request
-
-  #   # If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
-  #   # or posted in a PR (pull_request)
-  #   APPLY_FIXES_MODE: commit
-
   concurrency:
     group: ${{ github.ref }}-${{ github.workflow }}
     cancel-in-progress: true
@@ -40,13 +20,10 @@
     megalinter:
       name: MegaLinter
       runs-on: ubuntu-latest
-
-      # Give the default GITHUB_TOKEN write permission to commit and push, comment
-      # issues & post new PR; remove the ones you do not need
       permissions:
-        contents: write
-        issues: write
-        pull-requests: write
+        contents: read
+        issues: read
+        pull-requests: read
 
       steps:
 
@@ -56,17 +33,16 @@
           with:
             token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
 
-            # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
-            # improve performance
-            fetch-depth: 0
+            # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performance
+            # fetch-depth: 0
 
         # MegaLinter
         - name: MegaLinter
 
           # You can override MegaLinter flavor used to have faster performances
           # More info at https://megalinter.io/flavors/
           # The dotnet flavor includes PowerShell, MD, YAML, JSON, spelling, and more.
-          uses: oxsecurity/megalinter/flavors/dotnet@v7.7.0
+          uses: oxsecurity/megalinter/flavors/dotnet@v8.3.0
 
           id: ml
 
@@ -78,19 +54,19 @@
             # main. Override with true if you always want to lint all sources
             #
             # To validate the entire codebase, set to:
-            # VALIDATE_ALL_CODEBASE: true
+            VALIDATE_ALL_CODEBASE: true
             #
             # To validate only diff with main, set to:
             # VALIDATE_ALL_CODEBASE: >-
             #   ${{
             #     github.event_name == 'push' &&
             #     contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
             #   }}
-            VALIDATE_ALL_CODEBASE: >-
-              ${{
-                github.event_name == 'push' &&
-                contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
-              }}
+            # VALIDATE_ALL_CODEBASE: >-
+            #   ${{
+            #     github.event_name == 'push' &&
+            #     contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
+            #   }}
 
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -100,7 +76,7 @@
             # Uncomment to disable copy-paste and spell checks
             # DISABLE: COPYPASTE,SPELL
             DISABLE_ERRORS: true
-            DISABLE_LINTERS: SPELL_LYCHEE
+            DISABLE_LINTERS: EDITORCONFIG_EDITORCONFIG_CHECKER, SPELL_LYCHEE
             # Uncomment DISABLE_ERRORS_LINTERS if you want to turn errors back on selectively.
             # DISABLE_ERRORS_LINTERS: REPOSITORY_DEVSKIM,REPOSITORY_KICS,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL,SPELL_CSPELL
 
@@ -113,69 +89,3 @@
             path: |
               megalinter-reports
               mega-linter.log
-
-        # Set APPLY_FIXES_IF var for use in future steps
-        - name: Set APPLY_FIXES_IF var
-          run: |
-            printf 'APPLY_FIXES_IF=%s\n' "${{
-              steps.ml.outputs.has_updated_sources == 1 &&
-              (
-                env.APPLY_FIXES_EVENT == 'all' ||
-                env.APPLY_FIXES_EVENT == github.event_name
-              ) &&
-              (
-                github.event_name == 'push' ||
-                github.event.pull_request.head.repo.full_name == github.repository
-              )
-            }}" >> "${GITHUB_ENV}"
-
-        # Set APPLY_FIXES_IF_* vars for use in future steps
-        - name: Set APPLY_FIXES_IF_* vars
-          run: |
-            printf 'APPLY_FIXES_IF_PR=%s\n' "${{
-              env.APPLY_FIXES_IF == 'true' &&
-              env.APPLY_FIXES_MODE == 'pull_request'
-            }}" >> "${GITHUB_ENV}"
-            printf 'APPLY_FIXES_IF_COMMIT=%s\n' "${{
-              env.APPLY_FIXES_IF == 'true' &&
-              env.APPLY_FIXES_MODE == 'commit' &&
-              (!contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref))
-            }}" >> "${GITHUB_ENV}"
-
-        # Create pull request if applicable
-        # (for now works only on PR from same repository, not from forks)
-        - name: Create Pull Request with applied fixes
-          uses: peter-evans/create-pull-request@v5
-          id: cpr
-          if: env.APPLY_FIXES_IF_PR == 'true'
-          with:
-            token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
-            commit-message: "[MegaLinter] Apply linters automatic fixes"
-            title: "[MegaLinter] Apply linters automatic fixes"
-            labels: bot
-
-        - name: Create PR output
-          if: env.APPLY_FIXES_IF_PR == 'true'
-          run: |
-            echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
-            echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
-
-        # Push new commit if applicable
-        # (for now works only on PR from same repository, not from forks)
-        - name: Prepare commit
-          if: env.APPLY_FIXES_IF_COMMIT == 'true'
-          run: sudo chown -Rc $UID .git/
-
-        - name: Commit and push applied linter fixes
-          uses: stefanzweifel/git-auto-commit-action@v5
-          if: env.APPLY_FIXES_IF_COMMIT == 'true'
-          with:
-            branch: >-
-              ${{
-                github.event.pull_request.head.ref ||
-                github.head_ref ||
-                github.ref
-              }}
-            commit_message: "[MegaLinter] Apply linters fixes"
-            commit_user_name: megalinter-bot
-            commit_user_email: [email protected]
diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml
@@ -13,7 +13,6 @@ on:
   push:
     branches: [ "testing" ]
   pull_request:
-    branches: [ "testing" ]
   schedule:
     - cron: '41 14 * * 4'
 
@@ -29,7 +28,7 @@ jobs:
     name: PSScriptAnalyzer
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Run PSScriptAnalyzer
         uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
@@ -44,6 +43,6 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
diff --git a/.gitignore b/.gitignore
@@ -1,12 +1,6 @@
-.DS_Store
-.vs/*
-.vscode/*
-ADCSIssues.CSV
-ADCSRemediation.CSV
 Artefacts/*
 Examples/Output/*
 Ignore/*
-Invoke-RevertLocksmith.ps1
 Lib/Core/*
 Lib/Default/*
 Lib/Standard/*
@@ -19,3 +13,23 @@ Sources/*/bin
 Sources/*/*/obj
 Sources/*/*/bin
 Sources/packages/*
+
+### Visual Studio / Code ###
+.vs/*
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+### Module Output Files ###
+ADCSIssues.CSV
+ADCSRemediation.CSV
+Locksmith*ADCSIssues.CSV
+Locksmith*ADCSRemediation.CSV
+Invoke-RevertLocksmith.ps1
+
+### OS Files ###
+.DS_Store
+Thumbs.db