Merge branch 'testing' into patch-1

.cspell.json

@@ -0,0 +1,53 @@
+{
+  "import": [
+    "@cspell/dict-powershell/cspell-ext.json",
+    "@cspell/dict-csharp/cspell-ext.json"
+  ],
+
+  "version": "0.2",
+  "language": "en",
+
+    "words": [
+        "RSAT",
+        "Artefacts",
+        "NTDS",
+        "Hildreth"
+    ],
+
+    "ignoreWords": [
+        "malconfiguration",
+        "sarif",
+        "psscriptanalyzer",
+        "DEVSKIM",
+        "KICS",
+        "pscustomobject",
+        "certutil",
+        "certsvc",
+        "setreg",
+        "contoso",
+        "SCHANNEL",
+        "RSATAD",
+        "Dism",
+        "getreg",
+        "Dacl",
+        "Calver"
+    ],
+
+    "flagWords": [
+    ],
+
+    "patterns": [
+        {
+          "name": "ALL-CAPS-WORDS",
+          "pattern": "/\b[A-Z0-9]+\b/g",
+          "description": "Any word in ALL CAPS."
+        }
+    ],
+
+    "ignoreRegExpList": [
+        "ALL-CAPS-WORDS",
+        "Email",
+        "github.com/",
+        "@"
+    ]
+}

.github/workflows/Create External Help.yml

@@ -0,0 +1,32 @@
+name: 📚 Create External Help
+
+on:
+  pull_request:
+  #push:
+  workflow_dispatch:
+
+jobs:
+  package_help:
+    # The New-ExternalHelpCab cmdlet uses makecab, which depends on Windows.
+    runs-on: windows-latest
+    steps:
+      - name: ✅ Checkout Repository
+        uses: actions/checkout@v4
+      - name: 📁 Display the Path
+        shell: pwsh
+        run: echo ${env:PATH}
+      - name: 🔢 Display the Version
+        shell: pwsh
+        run: $PSVersionTable
+      - name: 📖 Create and Package External PowerShell Help
+        shell: pwsh
+        run: |
+          Install-Module -Name PlatyPS -Scope CurrentUser -Force -SkipPublisherCheck
+          Import-Module -Name PlatyPS -Force
+          #Copy-Item ".\Help\en-US\Locksmith-help.xml" ".\Help\en-US"
+          $params = @{
+              CabFilesFolder  = ".\en-US"
+              LandingPagePath = ".\Docs\Locksmith.md"
+              OutputFolder    = ".\en-US"
+          }
+          New-ExternalHelpCab @params

.github/workflows/Deploy MkDocs.yml

@@ -0,0 +1,59 @@
+name: 📖 Deploy MkDocs to GitHub
+# Install, build, and deploy MkDocs to GitHub Pages using content from the Docs folder.
+
+on:
+  push:
+    branches:
+      - main  # The branch you want to deploy from
+    paths:  # Only deploy MkDocs when the contents of the docs folder change or when this workflow changes.
+      - 'Docs/**'
+      - '.github/workflows/Deploy MkDocs.yml'
+      - './mkdocs.yml'
+    workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ✅ Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: 🐍 Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'  # specify the Python version
+
+      - name: ➕ Install Dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install mkdocs mkdocs-material
+
+      - name: 👷‍♂️ Build & Deploy MkDocs
+        run: |
+          mkdocs build
+          mkdocs gh-deploy --force
+
+      # Combine markdown files to create the MkDocs index and the repository readme file.
+      - name: 📖 Update Index & Readme
+        shell: pwsh
+        run: |
+          Write-Output 'Updating Docs\Index.md & \Readme.md'
+          Copy-Item ./README.md ./docs/index.md
+      #    [int16]$LineNumber = (Select-String -Path '.\docs\index.md' -Pattern 'Summary' -List).LineNumber + 1
+      #    $IndexTop = Get-Content -Path ./docs/index.md -TotalCount $LineNumber
+      #    $ModuleContent = Get-Content -Path ./docs/Locksmith.md | Select-Object -Skip 12
+      #    $FooterContent = "`n</Details>`n"
+      #    $CombinedContent = $IndexTop + $ModuleContent + $FooterContent
+      #    $CombinedContent | Set-Content -Path ./docs/index.md
+      #    $ModuleContent = $ModuleContent.Replace( '](' , '](./docs/' )
+      #    $CombinedContent = $IndexTop + $ModuleContent
+      #    $CombinedContent | Set-Content -Path ./README.md
+      #    Copy-Item ./docs/index.md ./README.md
+
+      # NOTE: git-auto-commit-action only runs on Linux-based platforms.
+      #- name: 💾 Commit Changes
+      #  uses: stefanzweifel/git-auto-commit-action@v5
+      #  with:
+      #    commit_message: 'Copy MkDocs index to README'
+      #    file_pattern: 'docs/index.md README.md'

.github/workflows/mega-linter.yml

@@ -3,16 +3,16 @@
 ---
   name: MegaLinter
 
-  # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main
+  # Trigger mega-linter at every pull request.
   on:
     # Comment this line to trigger action only on pull-requests
     # (not recommended if you don't pay for GH Actions)
     # push:
 
     pull_request:
-      branches:
+      # branches:
         # - main
-        - testing
+        # - testing
         # - dev
         # - experimental
 
@@ -44,9 +44,9 @@
       # Give the default GITHUB_TOKEN write permission to commit and push, comment
       # issues & post new PR; remove the ones you do not need
       permissions:
-        contents: write
-        issues: write
-        pull-requests: write
+        contents: read
+        issues: read
+        pull-requests: read
 
       steps:
 
@@ -58,15 +58,15 @@
 
             # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
             # improve performance
-            fetch-depth: 0
+            # fetch-depth: 0
 
         # MegaLinter
         - name: MegaLinter
 
           # You can override MegaLinter flavor used to have faster performances
           # More info at https://megalinter.io/flavors/
           # The dotnet flavor includes PowerShell, MD, YAML, JSON, spelling, and more.
-          uses: oxsecurity/megalinter/flavors/dotnet@v7.7.0
+          uses: oxsecurity/megalinter/flavors/dotnet@v8.3.0
 
           id: ml
 
@@ -78,19 +78,19 @@
             # main. Override with true if you always want to lint all sources
             #
             # To validate the entire codebase, set to:
-            # VALIDATE_ALL_CODEBASE: true
+            VALIDATE_ALL_CODEBASE: true
             #
             # To validate only diff with main, set to:
             # VALIDATE_ALL_CODEBASE: >-
             #   ${{
             #     github.event_name == 'push' &&
             #     contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
             #   }}
-            VALIDATE_ALL_CODEBASE: >-
-              ${{
-                github.event_name == 'push' &&
-                contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
-              }}
+            # VALIDATE_ALL_CODEBASE: >-
+            #   ${{
+            #     github.event_name == 'push' &&
+            #     contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
+            #   }}
 
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -113,69 +113,3 @@
             path: |
               megalinter-reports
               mega-linter.log
-
-        # Set APPLY_FIXES_IF var for use in future steps
-        - name: Set APPLY_FIXES_IF var
-          run: |
-            printf 'APPLY_FIXES_IF=%s\n' "${{
-              steps.ml.outputs.has_updated_sources == 1 &&
-              (
-                env.APPLY_FIXES_EVENT == 'all' ||
-                env.APPLY_FIXES_EVENT == github.event_name
-              ) &&
-              (
-                github.event_name == 'push' ||
-                github.event.pull_request.head.repo.full_name == github.repository
-              )
-            }}" >> "${GITHUB_ENV}"
-
-        # Set APPLY_FIXES_IF_* vars for use in future steps
-        - name: Set APPLY_FIXES_IF_* vars
-          run: |
-            printf 'APPLY_FIXES_IF_PR=%s\n' "${{
-              env.APPLY_FIXES_IF == 'true' &&
-              env.APPLY_FIXES_MODE == 'pull_request'
-            }}" >> "${GITHUB_ENV}"
-            printf 'APPLY_FIXES_IF_COMMIT=%s\n' "${{
-              env.APPLY_FIXES_IF == 'true' &&
-              env.APPLY_FIXES_MODE == 'commit' &&
-              (!contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref))
-            }}" >> "${GITHUB_ENV}"
-
-        # Create pull request if applicable
-        # (for now works only on PR from same repository, not from forks)
-        - name: Create Pull Request with applied fixes
-          uses: peter-evans/create-pull-request@v5
-          id: cpr
-          if: env.APPLY_FIXES_IF_PR == 'true'
-          with:
-            token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
-            commit-message: "[MegaLinter] Apply linters automatic fixes"
-            title: "[MegaLinter] Apply linters automatic fixes"
-            labels: bot
-
-        - name: Create PR output
-          if: env.APPLY_FIXES_IF_PR == 'true'
-          run: |
-            echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
-            echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
-
-        # Push new commit if applicable
-        # (for now works only on PR from same repository, not from forks)
-        - name: Prepare commit
-          if: env.APPLY_FIXES_IF_COMMIT == 'true'
-          run: sudo chown -Rc $UID .git/
-
-        - name: Commit and push applied linter fixes
-          uses: stefanzweifel/git-auto-commit-action@v5
-          if: env.APPLY_FIXES_IF_COMMIT == 'true'
-          with:
-            branch: >-
-              ${{
-                github.event.pull_request.head.ref ||
-                github.head_ref ||
-                github.ref
-              }}
-            commit_message: "[MegaLinter] Apply linters fixes"
-            commit_user_name: megalinter-bot
-            commit_user_email: [email protected]

.github/workflows/powershell.yml

@@ -13,7 +13,6 @@ on:
   push:
     branches: [ "testing" ]
   pull_request:
-    branches: [ "testing" ]
   schedule:
     - cron: '41 14 * * 4'
 
@@ -29,7 +28,7 @@ jobs:
     name: PSScriptAnalyzer
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Run PSScriptAnalyzer
         uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
@@ -44,6 +43,6 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif

.gitignore

@@ -1,12 +1,6 @@
-.DS_Store
-.vs/*
-.vscode/*
-ADCSIssues.CSV
-ADCSRemediation.CSV
 Artefacts/*
 Examples/Output/*
 Ignore/*
-Invoke-RevertLocksmith.ps1
 Lib/Core/*
 Lib/Default/*
 Lib/Standard/*
@@ -19,3 +13,23 @@ Sources/*/bin
 Sources/*/*/obj
 Sources/*/*/bin
 Sources/packages/*
+
+### Visual Studio / Code ###
+.vs/*
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+### Module Output Files ###
+ADCSIssues.CSV
+ADCSRemediation.CSV
+Locksmith*ADCSIssues.CSV
+Locksmith*ADCSRemediation.CSV
+Invoke-RevertLocksmith.ps1
+
+### OS Files ###
+.DS_Store
+Thumbs.db

.readthedocs.yaml

@@ -0,0 +1,25 @@
+# https://docs.readthedocs.io/en/stable/config-file/index.html
+
+# .readthedocs.yaml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.12"
+
+mkdocs:
+  configuration: mkdocs.yml
+
+python:
+  install:
+    - requirements: docs/requirements.txt
+
+# # Build PDF & ePub
+formats: all
+#   - epub
+#   - pdf

.vscode/extensions.json

@@ -4,5 +4,6 @@
   "recommendations": [
     "editorconfig.editorconfig",
     "ms-vscode.PowerShell",
+    "streetsidesoftware.code-spell-checker"
   ]
 }