Add a badge for the functional tests (#1319)

* add badge

* fix badge URL

* fix badge url

* fix pipeline badge

* Fix typo in pipeline badge markdown

* Update workflow names for the badges

* Update badge names

* Undo name change

* redo name changes

* use reference links

create workflow

fix lint

set cancel to false

add needs

add more jobs

add composite action

fix typos

add hello name

add create pfx

fix tabbing in create PFX

push on action updates

move env to main workflow

add import pfx

fix typo in actions

add shell to import pfx

add get thumbprint

test pwsh

correct action names

fix env variable for import

fix step names

try real import action

use pw w import

fix indents in thumbprint

add install selenium

add setup sg

combine some steps

add missing env

test product

add missing apos

mod on push

add missing id

try id on action

fix on push

write output

move id

test tp

remove pipe to null

cat

get env

comment out extra steps

look at files

look at more files

look at x

more write host

put tp back

move id

id on both

test input

try env

123

fix 123 typo

use output

test id on step

cleanup output

setup params

test the product

test 2 products

fix product alias variable

switch to teams

switch to prod params, add email

fix indent

use email action not composite

fix comment

Test Defender for email notify

add schedule back

fail on push

use dev params

updated email

test teams

pub to private repo

restore from cache

add with path repo

cd repo

more repo

add repo to import mod

re run

change order

add quotes

change module name

create dir first

remove create dir

use full key

delete caches

set tokn

install gh

comment

reorder

set repo

Comment better

add write privs

change restore order

add quotes to dirs

cleanup the clear cache

use double quotes for program files

test cache

ignore program files

list modules

Change SG dir

add program files back

fix typo

align cache restore

fix path

import selenium

install selenium

hide ast and azure

delete unused steps

fix lint

remove 2 steps

clear cache

fix needs

name clear cache

remove comment

delete 3 caches

remove commas

fix keys

fix keys

debug

fix keys

fix keys

remove newlines

fix keys

use bash array

fix var typo

fix variable

test w 3 products

add email

rewrite cache

comment out exch

fix needs

fix cache key

improve cache

fix email typo

add break to drop out of loop

move teams to separate workflow

set unique name

add push path

comment out all but checkout

comment out clear cache

comment out everything

slim and trim

add permissions

fix permissions

restore publish

fix permissions

add needs

remove workflow call

fix needs

back to workflow

pass secrets to workflow call

add secrets to action

use with for passing secrets

add missing $

fix lint

use env

from reusable workflow to composite

test var

fix value

use secrets

remove echo

use env

wip

wip

wip

wip

fix thumb

complete test

fix inputs

move thumb to env

remove extra inputs

get thumb from env

fix colon

env for thumb

new step for thumb

use with

use output

fix needs

fix needs

input the thumb

fix thumb

fix thumb

fix outputs

read all

fix perms

fix perms

put publish into reusable workflow

fix permissions

add push

put cache in own workflow

set cache permissions

add push

cache write all

constrain delete cache

use job id

test tenant 2

add sharepoint

add exchange

add defender

fix cache dependencies

added all nightly tests - ka-boom!

fix lint

pass github.job

add new inputs

fix needs

hardcode alias

hardcode alias

hard card alias

add entra

fix cache

fix bugs in inputs

fix issues in other products

Fix Checkov

Comment out debugging.

remove debug, fix checkov

fix pipelines runs for the new dirs

fix merge conflicts

fix checkov

suppress checkov error for cache

fix lint

clean up everything for release to prod

Set Defender back to dev params

Set Defender back to prod

always run variants

.github/actions/extract-email/action.yaml

@@ -0,0 +1,40 @@
+name: Extract Email
+description: Extract the emails to notify on failure
+outputs:
+  emails:
+    value: ${{ steps.emails-output.outputs.emails }}
+runs:
+  using: "composite"
+  steps:
+    - run: |
+        $productAlias = $env:Alias
+        $params = $env:TestParams
+        $products = $params.split("|")
+        foreach ($product in $products)
+        {
+          [String]$emails = ""
+          $attributes = $product.split(",")
+          foreach ($attribute in $attributes)
+          {
+            # Split the key from the value
+            $keyAndValue = $attribute.split("=")
+            $key = $keyAndValue[0]
+            $value = $keyAndValue[1]
+            if($key.ToLower() -eq "alias")
+            {
+              $alias = $value
+            }
+            elseif($key.ToLower() -eq "emails")
+            {
+              $emails = $value
+            }
+          }
+          if($alias -eq $productAlias)
+          {
+            # Pass emails to later job for notification.
+            echo emails=$emails >> $env:GITHUB_OUTPUT
+            break
+          }
+        }
+      id: emails-output
+      shell: powershell

.github/actions/get-thumbprint/action.yaml

@@ -0,0 +1,21 @@
+name: Get Thumbprint
+description: Extract the thumbprint from the x509 certificate
+inputs:
+  PfxPassword:
+    required: true
+    description: "The PFX password"
+outputs:
+  thumbprint:
+    value: ${{ steps.thumbprint-output.outputs.thumbprint }}
+runs:
+  using: "composite"
+  steps:
+    - run: |
+        cd repo
+        $x509 = Get-PfxCertificate -FilePath ./key.pfx -Password (ConvertTo-SecureString -String "${{ inputs.PfxPassword }}" -AsPlainText -Force)
+        $Thumbprint = $x509.ThumbPrint
+        # Pass thumbprint to later job.
+        echo thumbprint=$Thumbprint >> $env:GITHUB_OUTPUT
+      id: thumbprint-output
+      # -Password flag requires PS 6+
+      shell: pwsh

.github/actions/import-pfx/action.yaml

@@ -0,0 +1,22 @@
+name: Import PFX
+description: Create and import the PFX certificate
+inputs:
+  PfxBase64:
+    required: true
+    description: "The PFX as base64"
+  PfxPassword:
+    required: true
+    description: "The PFX password"
+runs:
+  using: "composite"
+  steps:
+    - run: |
+        cd repo
+        # Create PFX
+        New-Item -ItemType file -Path ./key.txt
+        Set-Content -Path ./key.txt -Value "${{ inputs.PfxBase64 }}"
+        certutil -decode ./key.txt ./key.pfx
+        # Import FPX
+        # Pipe to Out-Null to hide the thumbprint
+        Import-PfxCertificate -Password (ConvertTo-SecureString -String "${{ inputs.PfxPassword }}" -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My -FilePath ./key.pfx | Out-Null
+      shell: powershell

.github/actions/test-product/action.yaml

@@ -0,0 +1,94 @@
+name: Test Product
+description: Run the Pester tests for a given product
+inputs:
+  Thumbprint:
+    required: true
+    description: "The certificate thumbprint"
+  Alias:
+    required: true
+    description: "The alias of the product being tested"
+  TestParams:
+    required: true
+    description: "The set of parameters used to defined the test"
+runs:
+  using: "composite"
+  steps:
+    - run: |
+        Import-Module -Name Selenium
+        cd repo
+        # Read thumbprint from previous step.
+        $thumbprint = "${{ inputs.Thumbprint }}"
+        $productAlias = "${{ inputs.Alias }}"
+        $params = "${{ inputs.TestParams }}"
+        # Split into products
+        $products = $params.split("|")
+        foreach ($product in $products)
+        {
+          [String]$alias = ""
+          [String]$domain = ""
+          [String]$display = ""
+          [String]$appid = ""
+          [String]$productname = ""
+          [String]$variant = ""
+          [String]$m365 = ""
+          $paramsAsHashTable = @{}
+          $attributes = $product.split(",")
+          foreach ($attribute in $attributes)
+          {
+            # Split the key from the value
+            $keyAndValue = $attribute.split("=")
+            $key = $keyAndValue[0]
+            $value = $keyAndValue[1]
+            if($key.ToLower() -eq "alias")
+            {
+              $alias = $value
+            }
+            elseif($key.ToLower() -eq "tenantdomain")
+            {
+              $domain = $attribute
+            }
+            elseif($key.ToLower() -eq "tenantdisplayname")
+            {
+              $display = $attribute
+            }
+            elseif($key.ToLower() -eq "appid")
+            {
+              $appid = $attribute
+            }
+            elseif($key.ToLower() -eq "productname")
+            {
+              $productname = $attribute
+            }
+            elseif($key.ToLower() -eq "variant")
+            {
+              $variant = $attribute
+            }
+            elseif($key.ToLower() -eq "m365environment")
+            {
+              $m365 = $attribute
+            }
+          }
+          if($alias -eq $productAlias)
+          {
+            # Split out the key and value for each parameter
+            $domainKeyAndValue = $domain.split("=")
+            $displayKeyAndValue = $display.split("=")
+            $appidKeyAndValue = $appid.split("=")
+            $productnameKeyAndValue = $productname.split("=")
+            $variantKeyAndValue = $variant.split("=")
+            $m365KeyAndValue =$m365.split("=")
+            # Add both to the hash table
+            $paramsAsHashTable.Add($domainKeyAndValue[0], $domainKeyAndValue[1])
+            $paramsAsHashTable.Add($displayKeyAndValue[0], $displayKeyAndValue[1])
+            $paramsAsHashTable.Add($appidKeyAndValue[0], $appidKeyAndValue[1])
+            $paramsAsHashTable.Add($productnameKeyAndValue[0], $productnameKeyAndValue[1])
+            if($variantKeyAndValue[0] -ne "")
+            {
+              $paramsAsHashTable.Add($variantKeyAndValue[0], $variantKeyAndValue[1])
+            }
+            $paramsAsHashTable.Add($m365KeyAndValue[0], $m365KeyAndValue[1])
+            # Test the product
+            ./Testing/Functional/Products/Tests/CallProductTests.ps1 -params $paramsAsHashTable -thumbprint $thumbprint
+          }
+        }
+      shell: powershell

.github/workflows/check_security.yaml

@@ -23,5 +23,7 @@ jobs:
         uses: actions/checkout@v4
       - name: Setup Config File
         run: cp Testing/Linting/MegaLinter/.mega-linter-security.yml .mega-linter.yml
+      - name: Setup Checkov File
+        run: cp Testing/Linting/MegaLinter/.checkov.yml .checkov.yml
       - name: Check Security
         uses: oxsecurity/megalinter/flavors/security@latest

.github/workflows/clear_cache.yaml

@@ -0,0 +1,41 @@
+# Purpose: The purpose of this workflow is to delete all caches in the repo, as it has limited total cache storage.
+# Warning: This can disrupt other workflows that are using caches. Run with caution.
+
+name: Clear Caches
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+# NOTE: This skip is not honored by Checkov.
+# checkov:skip=CKV2_GHA_1:Write permissions required to clear cache.
+permissions: write-all
+
+jobs:
+  cleanup:
+    name: Clear Cache
+    runs-on: ubuntu-latest
+    # checkov:skip=CKV2_GHA_1:Write permissions required to clear cache.
+    permissions: write-all
+    # Run even if one of the functional tests have failed
+    # We always want to clean up the caches that we create
+    if: always()
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+      - name: Cleanup
+        run: |
+          gh extension install actions/gh-actions-cache
+          cacheKeys=$(gh actions-cache list -R $REPO)
+          set +e
+          for cacheKey in $cacheKeys
+          do
+            if [[ $cacheKey == scubagear-directory-${{ github.run_id }} ]] ||[[ $cacheKey == powershell-directory-${{ github.run_id }} ]] || [[ $cacheKey == opa-directory-${{ github.run_id }} ]]
+            then
+              echo "Deleting" $cacheKey
+              gh actions-cache delete $cacheKey --confirm
+            fi
+          done
+        env:
+          GH_TOKEN: ${{ github.token }}
+          REPO: ${{ github.repository }}