From c3f9a77111996d87d9bdf25a5f000e7b9ebc8a12 Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Thu, 19 Dec 2024 11:23:30 +0800 Subject: [PATCH 1/9] add azdev scan - Pro task --- azure-pipelines.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 21b97897924..a4d96cab774 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -193,6 +193,37 @@ jobs: fi displayName: "azdev scan on Modified Extensions" +- job: AzdevScanProModifiedExtensions + displayName: "azdev scan - Pro on Modified Extensions" + dependsOn: AzdevScanModifiedExtensions + condition: and(succeeded(), eq(variables['Build.Reason'], 'PullRequest')) + continueOnError: true + pool: + name: 'pool-ubuntu-2004' + steps: + - task: UsePythonVersion@0 + displayName: 'Use Python 3.11' + inputs: + versionSpec: 3.11 + - template: .azure-pipelines/templates/azdev_setup.yml + - bash: | + #!/usr/bin/env bash + set -ev + source ./env/bin/activate + git fetch origin --depth=1 $(System.PullRequest.TargetBranch) + declare -A secret_files + for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do + detected=$(azdev scan --confidence-level MEDIUM -f $FILE | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") + if [ $detected == 'True' ]; then + echo "Secrets detected from "$FILE", Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix." 1>&2 + secret_files+=$FILE + fi + done + if [ "${#secret_files[@]}" -gt 0 ]; then + exit 1 + fi + displayName: "azdev scan - Pro on Modified Extensions" + #- job: IndexRefDocVerify # displayName: "Verify Ref Docs" # continueOnError: true From 7e7bc78ca97d3c490f255c64c82a1cccbc19e28e Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Mon, 6 Jan 2025 11:39:14 +0800 Subject: [PATCH 2/9] test --- .../latest/recordings/test_containerapp_java_component.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/containerapp/azext_containerapp/tests/latest/recordings/test_containerapp_java_component.yaml b/src/containerapp/azext_containerapp/tests/latest/recordings/test_containerapp_java_component.yaml index b4a74ee0d01..bad4ef621b7 100644 --- a/src/containerapp/azext_containerapp/tests/latest/recordings/test_containerapp_java_component.yaml +++ b/src/containerapp/azext_containerapp/tests/latest/recordings/test_containerapp_java_component.yaml @@ -24,7 +24,7 @@ interactions: uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.OperationalInsights/workspaces/containerapp-env000004?api-version=2023-09-01 response: body: - string: '{"properties":{"customerId":"027b63f7-ebff-4050-a03e-3dab3ef49730","provisioningState":"Creating","sku":{"name":"PerGB2018","lastSkuUpdate":"2024-11-02T02:28:32.888776Z"},"retentionInDays":30,"features":{"legacy":0,"searchVersion":1,"enableLogAccessUsingOnlyResourcePermissions":true},"workspaceCapping":{"dailyQuotaGb":-1.0,"quotaNextResetTime":"2024-11-02T11:00:00Z","dataIngestionStatus":"RespectQuota"},"publicNetworkAccessForIngestion":"Enabled","publicNetworkAccessForQuery":"Enabled","createdDate":"2024-11-02T02:28:32.888776Z","modifiedDate":"2024-11-02T02:28:32.888776Z"},"location":"eastus","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.OperationalInsights/workspaces/containerapp-env000004","name":"containerapp-env000004","type":"Microsoft.OperationalInsights/workspaces","etag":"\"8c000ec0-0000-0100-0000-67258e500000\""}' + string: '{"properties":{"customerId":"027b63f7-ebff-4050-a03e-3dab3ef49730","provisioningState":"Creating","sku":{"name":"PerGB2018","lastSkuUpdate":"2024-11-02T02:28:32.888776Z"},"retentionInDays":30,"features":{"legacy":0,"searchVersion":1,"enableLogAccessUsingOnlyResourcePermissions":true},"workspaceCapping":{"dailyQuotaGb":-1.0,"quotaNextResetTime":"2024-11-02T11:00:00Z","dataIngestionStatus":"RespectQuota"},"publicNetworkAccessForIngestion":"Enabled","publicNetworkAccessForQuery":"Enabled","createdDate":"2024-11-02T02:28:32.888776Z","modifiedDate":"2024-11-02T02:28:32.888776Z"},"location":"eastus","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.OperationalInsights/workspaces/containerapp-env000004","name":"containerapp-env000004","type":"Microsoft.OperationalInsights/workspaces","etag":"\"8c000ec0-0000-0100-0000-67258e500000\"","access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCIsImtpZCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3LyIsImlhdCI6MTcxNTc1NjQxNywibmJmIjoxNzE1NzU2NDE3LCJleHAiOjE3MTU3NjIwNDcsIl9jbGFpbV9uYW1lcyI6eyJncm91cHMiOiJzcmMxIn0sIl9jbGFpbV9zb3VyY2VzIjp7InNyYzEiOnsiZW5kcG9pbnQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0LzcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0Ny91c2Vycy81MDRjMzRmNC04Mzg5LTQ5MjAtYWVjOS0wYzU5NWI1MDg3NDAvZ2V0TWVtYmVyT2JqZWN0cyJ9fSwiYWNyIjoiMSIsImFpbyI6IkFWUUFxLzhXQUFBQVpyUUpPQXhVcWMrRnR2dXJybEJ3ZkxBcTJWYk9rUCtvdS9Tc0RSeE01QnVTQlBNeEJZdis3blorblBEYWRrMXptczllWUM0SFZiUHhQNlhFdzZHOStteWtscFVGb0JDeDV4a2YyZ0NnR3ljPSIsImFtciI6WyJwd2QiLCJyc2EiLCJtZmEiXSwiYXBwaWQiOiIwNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDYiLCJhcHBpZGFjciI6IjAiLCJjYXBvbGlkc19sYXRlYmluZCI6WyIyOTM5OWNmOS05YjZiLTQyMDUtYjViMy0xM2ExMzRlOWIyMzMiXSwiZGV2aWNlaWQiOiIzNzIwMzljZC1jMjVhLTQ1M2MtYWUzNi00MWE5YjkyOGZkOWMiLCJmYW1pbHlfbmFtZSI6IkNhbyIsImdpdmVuX25hbWUiOiJYdXlhbmciLCJpZHR5cCI6InVzZXIiLCJpcGFkZHIiOiIyNDA0OmY4MDE6OTAwMDoxODpiOWNmOjljYjY6NjMwNzpjODhhIiwibmFtZSI6Ilh1eWFuZyBDYW8iLCJvaWQiOiI1MDRjMzRmNC04Mzg5LTQ5MjAtYWVjOS0wYzU5NWI1MDg3NDAiLCJvbnByZW1fc2lkIjoiUy0xLTUtMjEtMjE0Njc3MzA4NS05MDMzNjMyODUtNzE5MzQ0NzA3LTI0MzMxMTgiLCJwdWlkIjoiMTAwMzIwMDAyRTY4MUM0NCIsInJoIjoiMC5BUm9BdjRqNWN2R0dyMEdScXkxODBCSGJSMFpJZjNrQXV0ZFB1a1Bhd2ZqMk1CTWFBTTQuIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwic3ViIjoiTk9WU19jeTBDcDBrOUhtV0h2MFkwbFlBRFplQzlhaGZZMmJMQk10TzBrcyIsInRpZCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsInVuaXF1ZV9uYW1lIjoieHV5Y2FvQG1pY3Jvc29mdC5jb20iLCJ1cG4iOiJ4dXljYW9AbWljcm9zb2Z0LmNvbSIsInV0aSI6IjRRSjNlZTFpQ2tpSVMzNkRBeDVYQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbImI3OWZiZjRkLTNlZjktNDY4OS04MTQzLTc2YjE5NGU4NTUwOSJdLCJ4bXNfY2FlIjoiMSIsInhtc19jYyI6WyJDUDEiXSwieG1zX2ZpbHRlcl9pbmRleCI6WyIyNiJdLCJ4bXNfcmQiOiIwLjQyTGxZQlJpbEFJQSIsInhtc19zc20iOiIxIiwieG1zX3RjZHQiOjEyODkyNDE1NDd9.LxHDDDfpsLSySFoivehF6qyN7gyxeQiBJqvpQb4FkIMGdXrALtU8ZYhdniQPkGRzcJw7vaIePBO0PHa-HzGXZ4RorD2yFZIwzzilNA25d1d3ePdczd6nRX8_sjzARp92i9WeTzUV04Jn8aoUAwfHa-Q5ezeMejXv2jWNQ7BlMM0Jr7nMI6gbqtOAh1zUDXBLejDF-suUUSwb8nhG1PWm1NABv1YveSV0mstuNx7P7vGglreq07_FEAAked2YOEBlcOOUQVrnegeYIryKDX82GniRv2uwYyBuwkh5gcrTMdV0RIB-STheow_6yI-1BqPQRjen25zef92bqCDSBCCvBQ","refresh_token":"0.ARoAv4j5cvGGr0GRqy180BHbR5V3sATbjRpGu-4C-eG_e0YaAM4.AgABAwEAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P--UF2yf2WjxqdaZ-4OOSgOXRUvnae39e1rSFDXLjZ1W59a1I6vObe_sQb9n-FDMfH6LiqbBkuCtdF0IjC5aOruD8Sc9WhTmOij4gLn1Q175eAAmUrWbYmkEa3anvjUfJkzdX_vyfF6FkSHrSnmx3hYjae8Cncd-FMjN1aknANH7ZWVhEWDx2vJ4wkPKrx4OPe8OQDI-8sXv6K0d6WRV_yrCbhGn7tkpjIRv4ZjPuE42EDZghOcKAkMUgZnwudaDCugZagXcr6nCxgzMpSI0BF_5Y6RV2ujLuqziGfgOio3N-sOkH_7KJitm0jVd8k7aX_S4u9TB2TLwmDP10ZqU3UQtegRyASalQuP1VZedBhF27O7z9-7zKbik3cORYB9IBysewHKakS18LWSUXbcvlZ4SBYmmLkdUr_jQepk-BsndAEge-2kfecNyrG9n3IJhUez1lfgA5AM0XnoqrVMF0LS30Tn5TcIgpDGJVQqb0Nz0IwDJGk0CeCWaBzW5izJsA3mH05AV4peXJK4UEGQ-BXOc6K6f2WiMZlXUX-EuSww7BJxsuihRLQi0cdl1pgI-Sy-n_5JeSOHOlbmqpZuSMmRrOndigP6QDHZiqskEuELUYZxq1_v9VyzupDfYiJ7TeWG3CtvwIItHpfNI1l25liwCRoJ0vj-xTJr0X1FPlBplTqBxZBbZrr-HbQOqmMxKUE3ZCCDa9rJMGiaQj9yGtu_w6TnVgwzcsyE-DZHeH-5P5O59UtduxvesHa34_iS59p7QzNNVc0jpBoLkcExbIo89jp-PxisyToLPUdxphnHySykdp8Q-_Z6mh9O1KQve4a9vajRbYgMcBn1JYAljY_Ryfxc4tqnIapLBsWNnXOtVQ_FJHAkCwZm5Jy6k-vNeWyah892cGp45BQnyb8SSVywRt8uP8DWLzaJRDnIpgX2V-UoiypUekfKcCjSjrVTGRNn69muAYI6B3k6XkAf6fiKViXyMgtDfRjR9B364A3pwqsyZXCODjFKM0iQkR_1C5RGbFL1mNe9mwkJoydbzWrvQEvY3CCh2kN4qWzAmBkDFCyYMPgDFuE3YHT2OvGIQ3F8-Kl5ERiFSMh6nBi8FHMFPer91jKRfhK_P89yui2yis6hkBFgS9BjN6SApDF100ofRs8","foci":"1","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCJ9.eyJhdWQiOiIwNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDYiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L3YyLjAiLCJpYXQiOjE3MTU3NTY0MTcsIm5iZiI6MTcxNTc1NjQxNywiZXhwIjoxNzE1NzYwMzE3LCJhaW8iOiJBWVFBZS84V0FBQUFaaGN5VU81bXhnWnlUY3B2Y2ZaekNBYWRmQ05Sd1RmaEQvZ0ZZandONkttK1R5K2REQ0FIL01YZjRPRUpUS0taMUI1c09uRjc4WDRrWGVTckVzbGdFQTFJYnUzY0wyQkdiT2lVNy9rc2xUZzdkajgxTldiRXl6VmI0SEg2OXRYdnRSZGo4d2lpbjRzNmdMU1RRU21ETm8vVXdmRkdkcENxSzNLVjh0YjgydHc9IiwibmFtZSI6Ilh1eWFuZyBDYW8iLCJub25jZSI6Ijg5NzkyMTQ2M2IwNjY0N2YzMzBmNmQ3ZDA3OWNhMzI3N2MyOTAzNzAwMjNkYzNlOGNkNDAyMWIzYTdjN2EwZWIiLCJvaWQiOiI1MDRjMzRmNC04Mzg5LTQ5MjAtYWVjOS0wYzU5NWI1MDg3NDAiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ4dXljYW9AbWljcm9zb2Z0LmNvbSIsInB1aWQiOiIxMDAzMjAwMDJFNjgxQzQ0IiwicmgiOiIwLkFSb0F2NGo1Y3ZHR3IwR1JxeTE4MEJIYlI1VjNzQVRialJwR3UtNEMtZUdfZTBZYUFNNC4iLCJzdWIiOiJJVUJPeUlxWFdfdEdmbzFlRmQ0MnU3MkNreEoxdlZQS0lYRExadHRVa0JvIiwidGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3IiwidXRpIjoiNFFKM2VlMWlDa2lJUzM2REF4NVhBQSIsInZlciI6IjIuMCJ9.D20-x4uiyKnSCHVNOz7HhVAkvGB1zkb3-VdsZxDFlIuDNWZX44N4IWCtyKScXDnBtkgl22kS9LMmv2gWs2R9iFyn388Bs0XBY16qATH24spOo_DsC-uxkUXj3uO-jGdEHrg37MGkUhc0dbNiMLkXbvWxvndiBjCVbDEJXCMWeLULOUrKF8tpjahrr5Cus1fySeggb-DbgSgRxGh8q0DpZKjq_Wf98Gu_TSg0Dmi93UsQL6k-cThl-pClcFDYe6Fu4T0Y54MER9Je4uKxgi4PaT2BUEbF-ZZXL7IOICzFz8BPmJ2M_gZegDnX9fnYz0WCZpTiZNmpt_5rHDTyxXgH8A","client_info":"eyJ1aWQiOiI1MDRjMzRmNC04Mzg5LTQ5MjAtYWVjOS0wYzU5NWI1MDg3NDAiLCJ1dGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3In0"}' headers: access-control-allow-origin: - '*' From 11283bd56ff4ce67b9550c4507c661fc76cf0179 Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Mon, 6 Jan 2025 11:55:21 +0800 Subject: [PATCH 3/9] error msg style --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index a4d96cab774..01b112af970 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -184,7 +184,7 @@ jobs: for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do detected=$(azdev scan -f $FILE | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") if [ $detected == 'True' ]; then - echo "Secrets detected from "$FILE", Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix." 1>&2 + echo "\033[0;31mSecrets detected from \033[0m"$FILE"\033[0;31m, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" 1>&2 secret_files+=$FILE fi done From 4a069093fe4f3113c4c719d0a432934889788bf1 Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Mon, 6 Jan 2025 11:58:42 +0800 Subject: [PATCH 4/9] continue on failure --- azure-pipelines.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 01b112af970..4def170ac59 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -182,7 +182,7 @@ jobs: git fetch origin --depth=1 $(System.PullRequest.TargetBranch) declare -A secret_files for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do - detected=$(azdev scan -f $FILE | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") + detected=$(azdev scan -f $FILE --continue-on-failure| python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") if [ $detected == 'True' ]; then echo "\033[0;31mSecrets detected from \033[0m"$FILE"\033[0;31m, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" 1>&2 secret_files+=$FILE @@ -213,9 +213,9 @@ jobs: git fetch origin --depth=1 $(System.PullRequest.TargetBranch) declare -A secret_files for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do - detected=$(azdev scan --confidence-level MEDIUM -f $FILE | python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") + detected=$(azdev scan --confidence-level MEDIUM -f $FILE --continue-on-failure| python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") if [ $detected == 'True' ]; then - echo "Secrets detected from "$FILE", Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix." 1>&2 + echo "\033[0;31mSecrets detected from \033[0m"$FILE"\033[0;31m, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" 1>&2 secret_files+=$FILE fi done From 185479df7edd3a2ee7e53a62d5db689e09cc5be1 Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Mon, 6 Jan 2025 13:10:20 +0800 Subject: [PATCH 5/9] echo -> printf --- azure-pipelines.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 4def170ac59..0deea300848 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -184,7 +184,7 @@ jobs: for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do detected=$(azdev scan -f $FILE --continue-on-failure| python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") if [ $detected == 'True' ]; then - echo "\033[0;31mSecrets detected from \033[0m"$FILE"\033[0;31m, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" 1>&2 + printf "\033[0;31mSecrets detected from %s, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" "$FILE" secret_files+=$FILE fi done @@ -215,7 +215,7 @@ jobs: for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do detected=$(azdev scan --confidence-level MEDIUM -f $FILE --continue-on-failure| python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") if [ $detected == 'True' ]; then - echo "\033[0;31mSecrets detected from \033[0m"$FILE"\033[0;31m, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" 1>&2 + printf "\033[0;31mSecrets detected from %s, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" "$FILE" secret_files+=$FILE fi done From aeb6109ecdc35482d2472c75fc304eb9b4152513 Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Mon, 6 Jan 2025 13:31:49 +0800 Subject: [PATCH 6/9] revert test change --- .../latest/recordings/test_containerapp_java_component.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/containerapp/azext_containerapp/tests/latest/recordings/test_containerapp_java_component.yaml b/src/containerapp/azext_containerapp/tests/latest/recordings/test_containerapp_java_component.yaml index bad4ef621b7..b4a74ee0d01 100644 --- a/src/containerapp/azext_containerapp/tests/latest/recordings/test_containerapp_java_component.yaml +++ b/src/containerapp/azext_containerapp/tests/latest/recordings/test_containerapp_java_component.yaml @@ -24,7 +24,7 @@ interactions: uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest.rg000001/providers/Microsoft.OperationalInsights/workspaces/containerapp-env000004?api-version=2023-09-01 response: body: - string: '{"properties":{"customerId":"027b63f7-ebff-4050-a03e-3dab3ef49730","provisioningState":"Creating","sku":{"name":"PerGB2018","lastSkuUpdate":"2024-11-02T02:28:32.888776Z"},"retentionInDays":30,"features":{"legacy":0,"searchVersion":1,"enableLogAccessUsingOnlyResourcePermissions":true},"workspaceCapping":{"dailyQuotaGb":-1.0,"quotaNextResetTime":"2024-11-02T11:00:00Z","dataIngestionStatus":"RespectQuota"},"publicNetworkAccessForIngestion":"Enabled","publicNetworkAccessForQuery":"Enabled","createdDate":"2024-11-02T02:28:32.888776Z","modifiedDate":"2024-11-02T02:28:32.888776Z"},"location":"eastus","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.OperationalInsights/workspaces/containerapp-env000004","name":"containerapp-env000004","type":"Microsoft.OperationalInsights/workspaces","etag":"\"8c000ec0-0000-0100-0000-67258e500000\"","access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCIsImtpZCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3LyIsImlhdCI6MTcxNTc1NjQxNywibmJmIjoxNzE1NzU2NDE3LCJleHAiOjE3MTU3NjIwNDcsIl9jbGFpbV9uYW1lcyI6eyJncm91cHMiOiJzcmMxIn0sIl9jbGFpbV9zb3VyY2VzIjp7InNyYzEiOnsiZW5kcG9pbnQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0LzcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0Ny91c2Vycy81MDRjMzRmNC04Mzg5LTQ5MjAtYWVjOS0wYzU5NWI1MDg3NDAvZ2V0TWVtYmVyT2JqZWN0cyJ9fSwiYWNyIjoiMSIsImFpbyI6IkFWUUFxLzhXQUFBQVpyUUpPQXhVcWMrRnR2dXJybEJ3ZkxBcTJWYk9rUCtvdS9Tc0RSeE01QnVTQlBNeEJZdis3blorblBEYWRrMXptczllWUM0SFZiUHhQNlhFdzZHOStteWtscFVGb0JDeDV4a2YyZ0NnR3ljPSIsImFtciI6WyJwd2QiLCJyc2EiLCJtZmEiXSwiYXBwaWQiOiIwNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDYiLCJhcHBpZGFjciI6IjAiLCJjYXBvbGlkc19sYXRlYmluZCI6WyIyOTM5OWNmOS05YjZiLTQyMDUtYjViMy0xM2ExMzRlOWIyMzMiXSwiZGV2aWNlaWQiOiIzNzIwMzljZC1jMjVhLTQ1M2MtYWUzNi00MWE5YjkyOGZkOWMiLCJmYW1pbHlfbmFtZSI6IkNhbyIsImdpdmVuX25hbWUiOiJYdXlhbmciLCJpZHR5cCI6InVzZXIiLCJpcGFkZHIiOiIyNDA0OmY4MDE6OTAwMDoxODpiOWNmOjljYjY6NjMwNzpjODhhIiwibmFtZSI6Ilh1eWFuZyBDYW8iLCJvaWQiOiI1MDRjMzRmNC04Mzg5LTQ5MjAtYWVjOS0wYzU5NWI1MDg3NDAiLCJvbnByZW1fc2lkIjoiUy0xLTUtMjEtMjE0Njc3MzA4NS05MDMzNjMyODUtNzE5MzQ0NzA3LTI0MzMxMTgiLCJwdWlkIjoiMTAwMzIwMDAyRTY4MUM0NCIsInJoIjoiMC5BUm9BdjRqNWN2R0dyMEdScXkxODBCSGJSMFpJZjNrQXV0ZFB1a1Bhd2ZqMk1CTWFBTTQuIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwic3ViIjoiTk9WU19jeTBDcDBrOUhtV0h2MFkwbFlBRFplQzlhaGZZMmJMQk10TzBrcyIsInRpZCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsInVuaXF1ZV9uYW1lIjoieHV5Y2FvQG1pY3Jvc29mdC5jb20iLCJ1cG4iOiJ4dXljYW9AbWljcm9zb2Z0LmNvbSIsInV0aSI6IjRRSjNlZTFpQ2tpSVMzNkRBeDVYQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbImI3OWZiZjRkLTNlZjktNDY4OS04MTQzLTc2YjE5NGU4NTUwOSJdLCJ4bXNfY2FlIjoiMSIsInhtc19jYyI6WyJDUDEiXSwieG1zX2ZpbHRlcl9pbmRleCI6WyIyNiJdLCJ4bXNfcmQiOiIwLjQyTGxZQlJpbEFJQSIsInhtc19zc20iOiIxIiwieG1zX3RjZHQiOjEyODkyNDE1NDd9.LxHDDDfpsLSySFoivehF6qyN7gyxeQiBJqvpQb4FkIMGdXrALtU8ZYhdniQPkGRzcJw7vaIePBO0PHa-HzGXZ4RorD2yFZIwzzilNA25d1d3ePdczd6nRX8_sjzARp92i9WeTzUV04Jn8aoUAwfHa-Q5ezeMejXv2jWNQ7BlMM0Jr7nMI6gbqtOAh1zUDXBLejDF-suUUSwb8nhG1PWm1NABv1YveSV0mstuNx7P7vGglreq07_FEAAked2YOEBlcOOUQVrnegeYIryKDX82GniRv2uwYyBuwkh5gcrTMdV0RIB-STheow_6yI-1BqPQRjen25zef92bqCDSBCCvBQ","refresh_token":"0.ARoAv4j5cvGGr0GRqy180BHbR5V3sATbjRpGu-4C-eG_e0YaAM4.AgABAwEAAADnfolhJpSnRYB1SVj-Hgd8AgDs_wUA9P--UF2yf2WjxqdaZ-4OOSgOXRUvnae39e1rSFDXLjZ1W59a1I6vObe_sQb9n-FDMfH6LiqbBkuCtdF0IjC5aOruD8Sc9WhTmOij4gLn1Q175eAAmUrWbYmkEa3anvjUfJkzdX_vyfF6FkSHrSnmx3hYjae8Cncd-FMjN1aknANH7ZWVhEWDx2vJ4wkPKrx4OPe8OQDI-8sXv6K0d6WRV_yrCbhGn7tkpjIRv4ZjPuE42EDZghOcKAkMUgZnwudaDCugZagXcr6nCxgzMpSI0BF_5Y6RV2ujLuqziGfgOio3N-sOkH_7KJitm0jVd8k7aX_S4u9TB2TLwmDP10ZqU3UQtegRyASalQuP1VZedBhF27O7z9-7zKbik3cORYB9IBysewHKakS18LWSUXbcvlZ4SBYmmLkdUr_jQepk-BsndAEge-2kfecNyrG9n3IJhUez1lfgA5AM0XnoqrVMF0LS30Tn5TcIgpDGJVQqb0Nz0IwDJGk0CeCWaBzW5izJsA3mH05AV4peXJK4UEGQ-BXOc6K6f2WiMZlXUX-EuSww7BJxsuihRLQi0cdl1pgI-Sy-n_5JeSOHOlbmqpZuSMmRrOndigP6QDHZiqskEuELUYZxq1_v9VyzupDfYiJ7TeWG3CtvwIItHpfNI1l25liwCRoJ0vj-xTJr0X1FPlBplTqBxZBbZrr-HbQOqmMxKUE3ZCCDa9rJMGiaQj9yGtu_w6TnVgwzcsyE-DZHeH-5P5O59UtduxvesHa34_iS59p7QzNNVc0jpBoLkcExbIo89jp-PxisyToLPUdxphnHySykdp8Q-_Z6mh9O1KQve4a9vajRbYgMcBn1JYAljY_Ryfxc4tqnIapLBsWNnXOtVQ_FJHAkCwZm5Jy6k-vNeWyah892cGp45BQnyb8SSVywRt8uP8DWLzaJRDnIpgX2V-UoiypUekfKcCjSjrVTGRNn69muAYI6B3k6XkAf6fiKViXyMgtDfRjR9B364A3pwqsyZXCODjFKM0iQkR_1C5RGbFL1mNe9mwkJoydbzWrvQEvY3CCh2kN4qWzAmBkDFCyYMPgDFuE3YHT2OvGIQ3F8-Kl5ERiFSMh6nBi8FHMFPer91jKRfhK_P89yui2yis6hkBFgS9BjN6SApDF100ofRs8","foci":"1","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkwxS2ZLRklfam5YYndXYzIyeFp4dzFzVUhIMCJ9.eyJhdWQiOiIwNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDYiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L3YyLjAiLCJpYXQiOjE3MTU3NTY0MTcsIm5iZiI6MTcxNTc1NjQxNywiZXhwIjoxNzE1NzYwMzE3LCJhaW8iOiJBWVFBZS84V0FBQUFaaGN5VU81bXhnWnlUY3B2Y2ZaekNBYWRmQ05Sd1RmaEQvZ0ZZandONkttK1R5K2REQ0FIL01YZjRPRUpUS0taMUI1c09uRjc4WDRrWGVTckVzbGdFQTFJYnUzY0wyQkdiT2lVNy9rc2xUZzdkajgxTldiRXl6VmI0SEg2OXRYdnRSZGo4d2lpbjRzNmdMU1RRU21ETm8vVXdmRkdkcENxSzNLVjh0YjgydHc9IiwibmFtZSI6Ilh1eWFuZyBDYW8iLCJub25jZSI6Ijg5NzkyMTQ2M2IwNjY0N2YzMzBmNmQ3ZDA3OWNhMzI3N2MyOTAzNzAwMjNkYzNlOGNkNDAyMWIzYTdjN2EwZWIiLCJvaWQiOiI1MDRjMzRmNC04Mzg5LTQ5MjAtYWVjOS0wYzU5NWI1MDg3NDAiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ4dXljYW9AbWljcm9zb2Z0LmNvbSIsInB1aWQiOiIxMDAzMjAwMDJFNjgxQzQ0IiwicmgiOiIwLkFSb0F2NGo1Y3ZHR3IwR1JxeTE4MEJIYlI1VjNzQVRialJwR3UtNEMtZUdfZTBZYUFNNC4iLCJzdWIiOiJJVUJPeUlxWFdfdEdmbzFlRmQ0MnU3MkNreEoxdlZQS0lYRExadHRVa0JvIiwidGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3IiwidXRpIjoiNFFKM2VlMWlDa2lJUzM2REF4NVhBQSIsInZlciI6IjIuMCJ9.D20-x4uiyKnSCHVNOz7HhVAkvGB1zkb3-VdsZxDFlIuDNWZX44N4IWCtyKScXDnBtkgl22kS9LMmv2gWs2R9iFyn388Bs0XBY16qATH24spOo_DsC-uxkUXj3uO-jGdEHrg37MGkUhc0dbNiMLkXbvWxvndiBjCVbDEJXCMWeLULOUrKF8tpjahrr5Cus1fySeggb-DbgSgRxGh8q0DpZKjq_Wf98Gu_TSg0Dmi93UsQL6k-cThl-pClcFDYe6Fu4T0Y54MER9Je4uKxgi4PaT2BUEbF-ZZXL7IOICzFz8BPmJ2M_gZegDnX9fnYz0WCZpTiZNmpt_5rHDTyxXgH8A","client_info":"eyJ1aWQiOiI1MDRjMzRmNC04Mzg5LTQ5MjAtYWVjOS0wYzU5NWI1MDg3NDAiLCJ1dGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3In0"}' + string: '{"properties":{"customerId":"027b63f7-ebff-4050-a03e-3dab3ef49730","provisioningState":"Creating","sku":{"name":"PerGB2018","lastSkuUpdate":"2024-11-02T02:28:32.888776Z"},"retentionInDays":30,"features":{"legacy":0,"searchVersion":1,"enableLogAccessUsingOnlyResourcePermissions":true},"workspaceCapping":{"dailyQuotaGb":-1.0,"quotaNextResetTime":"2024-11-02T11:00:00Z","dataIngestionStatus":"RespectQuota"},"publicNetworkAccessForIngestion":"Enabled","publicNetworkAccessForQuery":"Enabled","createdDate":"2024-11-02T02:28:32.888776Z","modifiedDate":"2024-11-02T02:28:32.888776Z"},"location":"eastus","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest.rg000001/providers/Microsoft.OperationalInsights/workspaces/containerapp-env000004","name":"containerapp-env000004","type":"Microsoft.OperationalInsights/workspaces","etag":"\"8c000ec0-0000-0100-0000-67258e500000\""}' headers: access-control-allow-origin: - '*' From b5d31be1dc3a62c9d75c429d2d84bfcccb7eb727 Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Wed, 8 Jan 2025 10:33:07 +0800 Subject: [PATCH 7/9] rename task --- azure-pipelines.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 0deea300848..b701023c133 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -164,8 +164,8 @@ jobs: ADO_PULL_REQUEST_LATEST_COMMIT: HEAD ADO_PULL_REQUEST_TARGET_BRANCH: $(System.PullRequest.TargetBranch) -- job: AzdevScanModifiedExtensions - displayName: "azdev scan on Modified Extensions" +- job: AzdevScanModifiedExtensionsHigh + displayName: "azdev scan ( High Confidence ) on Modified Extensions" condition: and(succeeded(), eq(variables['Build.Reason'], 'PullRequest')) pool: name: 'pool-ubuntu-2004' @@ -191,10 +191,10 @@ jobs: if [ "${#secret_files[@]}" -gt 0 ]; then exit 1 fi - displayName: "azdev scan on Modified Extensions" + displayName: "azdev scan ( High Confidence ) on Modified Extensions" -- job: AzdevScanProModifiedExtensions - displayName: "azdev scan - Pro on Modified Extensions" +- job: AzdevScanProModifiedExtensionsMedium + displayName: "azdev scan ( Medium Confidence ) on Modified Extensions" dependsOn: AzdevScanModifiedExtensions condition: and(succeeded(), eq(variables['Build.Reason'], 'PullRequest')) continueOnError: true @@ -222,7 +222,7 @@ jobs: if [ "${#secret_files[@]}" -gt 0 ]; then exit 1 fi - displayName: "azdev scan - Pro on Modified Extensions" + displayName: "azdev scan ( Medium Confidence ) on Modified Extensions" #- job: IndexRefDocVerify # displayName: "Verify Ref Docs" From fc909cec298d2353937d54d9e36484a255eb42e8 Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Wed, 8 Jan 2025 10:33:36 +0800 Subject: [PATCH 8/9] fix --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index b701023c133..a1e0a32d2c5 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -195,7 +195,7 @@ jobs: - job: AzdevScanProModifiedExtensionsMedium displayName: "azdev scan ( Medium Confidence ) on Modified Extensions" - dependsOn: AzdevScanModifiedExtensions + dependsOn: AzdevScanModifiedExtensionsHigh condition: and(succeeded(), eq(variables['Build.Reason'], 'PullRequest')) continueOnError: true pool: From 3276765530ac887a5d87af2882fa8a6b788455d9 Mon Sep 17 00:00:00 2001 From: Yishi Wang Date: Wed, 8 Jan 2025 13:46:33 +0800 Subject: [PATCH 9/9] refine error guidance --- azure-pipelines.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index a1e0a32d2c5..85705bed0fd 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -184,7 +184,7 @@ jobs: for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do detected=$(azdev scan -f $FILE --continue-on-failure| python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") if [ $detected == 'True' ]; then - printf "\033[0;31mSecrets detected from %s, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" "$FILE" + printf "\033[0;31mSecrets detected from %s, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m\n" "$FILE" secret_files+=$FILE fi done @@ -215,7 +215,7 @@ jobs: for FILE in `git diff --name-only --diff-filter=AM origin/$(System.PullRequest.TargetBranch)` ; do detected=$(azdev scan --confidence-level MEDIUM -f $FILE --continue-on-failure| python -c "import sys, json; print(json.load(sys.stdin)['secrets_detected'])") if [ $detected == 'True' ]; then - printf "\033[0;31mSecrets detected from %s, Please remove or replace it. You can run 'azdev scan'/'azdev mask' locally to fix.\033[0m" "$FILE" + printf "\033[0;31mSecrets detected from %s, Please remove or replace it. You can run 'azdev scan --confidence-level MEDIUM'/'azdev mask --confidence-level MEDIUM' locally to fix.\033[0m\n" "$FILE" secret_files+=$FILE fi done