TEST: Automation safety check - DO NOT MERGE

.github/workflows/arm-ttk-validations.yaml

@@ -20,7 +20,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          fetch-depth: 0
+          fetch-depth: 10
       - shell: pwsh
         id: step1
         name: Identify Changes in PR

.github/workflows/aws-s3-bundle-update.yaml

@@ -0,0 +1,106 @@
+name: AWS-S3 DataConnector Bundle Auto-Update
+run-name: Auto-updating AWS-S3 bundles for ${{ github.event.pull_request.head.ref }}
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      # Trigger when any of these files in AWS-S3 directory change
+      - 'DataConnectors/AWS-S3/*.ps1'
+      - 'DataConnectors/AWS-S3/*.py'
+      - 'DataConnectors/AWS-S3/*.md'
+      - 'DataConnectors/AWS-S3/CloudFormation/**'
+      - 'DataConnectors/AWS-S3/Enviornment/**'
+      - 'DataConnectors/AWS-S3/Utils/**'
+      # Don't trigger on zip file changes (to avoid recursion)
+      - '!DataConnectors/AWS-S3/*.zip'
+      # Don't trigger on bundle automation documentation changes (not bundled)
+      - '!DataConnectors/AWS-S3/BUNDLE_AUTOMATION.md'
+
+  # Allow manual workflow dispatch for testing
+  workflow_dispatch:
+
+jobs:
+  auto-update-bundles:
+    # Security: Block workflow execution on forked repositories
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.APPLICATION_ID }}
+          private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
+
+      - name: Checkout PR branch with sparse checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+          ref: ${{ github.event.pull_request.head.ref }}
+          fetch-depth: 2  # Just need HEAD and parent for git diff
+          persist-credentials: false  # Security: Don't persist credentials after checkout
+          sparse-checkout: |
+            DataConnectors/AWS-S3
+            .script
+          sparse-checkout-cone-mode: false
+
+      - name: Restore bundling script from base branch
+        run: |
+          # Security: Use trusted script from base branch to prevent malicious PR modifications
+          # Fetch the base branch to ensure we have the reference
+          git fetch origin ${{ github.base_ref || 'master' }}:refs/remotes/origin/${{ github.base_ref || 'master' }}
+          git checkout origin/${{ github.base_ref || 'master' }} -- .script/bundleAwsS3Scripts.sh
+          chmod +x .script/bundleAwsS3Scripts.sh
+
+      - name: Check if auto-update needed
+        id: check_update
+        run: |
+          # Skip if this commit already updated bundles (prevent loops)
+          if git log -1 --name-only | grep -q "ConfigAwsS3DataConnectorScripts.*\.zip"; then
+            echo "skip=true" >> $GITHUB_OUTPUT
+            echo "Bundles already updated in latest commit"
+          else
+            echo "skip=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Update bundles
+        if: steps.check_update.outputs.skip != 'true'
+        run: |
+          .script/bundleAwsS3Scripts.sh
+
+      - name: Commit updated bundles
+        if: steps.check_update.outputs.skip != 'true'
+        env:
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
+          # Configure remote with token for push (needed due to persist-credentials: false)
+          git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}.git
+
+          # Stage zip files
+          git add DataConnectors/AWS-S3/ConfigAwsS3DataConnectorScripts*.zip
+
+          # Check if there are changes to commit
+          if ! git diff --cached --quiet; then
+            git commit -m "Auto-update AWS-S3 DataConnector bundles
+
+            - Updated ConfigAwsS3DataConnectorScripts.zip
+            - Updated ConfigAwsS3DataConnectorScriptsGov.zip
+            - Changes triggered by: ${{ github.event.pull_request.head.sha }}
+
+            [skip ci]"
+
+            git push origin ${{ github.event.pull_request.head.ref }}
+
+            echo "✅ Successfully updated and committed bundle files"
+          else
+            echo "ℹ️ No bundle changes detected"
+          fi

.github/workflows/codeql-analysis.yml

@@ -32,7 +32,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript', 'python', 'ruby', 'actions' ]
+        language: [ 'javascript', 'python', 'ruby', 'actions', 'csharp' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'actions' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
@@ -51,6 +51,16 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
         queries: security-extended,security-and-quality
 
+    # ℹ️ Setup DotNet Versions to building C# projects
+    - name: Setup DotNet Versions
+      uses: actions/setup-dotnet@v5
+      with:
+        dotnet-version: | 
+          6.0.x
+          7.0.x
+          8.0.x
+          9.0.x
+
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild

.github/workflows/content-validations.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/data-connector-validations.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/detection-template-schema-validations.yaml

@@ -15,6 +15,8 @@ jobs:
         PRNUM: ${{ github.event.pull_request.number }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Need HEAD and parent for git diff
       - name: Use .NET Core SDK ${{ env.dotnetSdkVersion }}
         uses: actions/setup-dotnet@v4
         with:

.github/workflows/detection-validations.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/documents-link-validation.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/hyperlinkValidator.yaml

@@ -28,7 +28,7 @@ jobs:
         env:
           GeneratedToken: ${{ steps.generate_token.outputs.token }}
         with:
-          fetch-depth: 0
+          fetch-depth: 10
           token: ${{ env.GeneratedToken }}
       - shell: pwsh
         id: step1

.github/workflows/json-syntax-validation.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/kql-validations.yaml

@@ -15,6 +15,8 @@ jobs:
         PRNUM: ${{ github.event.pull_request.number }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Need HEAD and parent for git diff
       - name: Use .NET Core SDK ${{ env.dotnetSdkVersion }}
         uses: actions/setup-dotnet@v4
         with:

.github/workflows/logo-validation.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/non-ascii-validations.yaml

@@ -15,6 +15,8 @@ jobs:
         dotnetSdkVersion: 3.1.401
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Need HEAD and parent for git diff
       - name: Use .NET Core SDK ${{ env.dotnetSdkVersion }}
         uses: actions/setup-dotnet@v4
         with:

.github/workflows/playbook-validations.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/runAsimSchemaAndDataTesters.yaml

@@ -2,7 +2,7 @@
 # The script runs ASIM Schema and Data testers on the "eco-connector-test" workspace.
 name: Run ASIM tests on "ASIM-SchemaDataTester-GithubShared" workspace
 on:
-  pull_request_target:
+  pull_request:
     types: [opened, edited, reopened, synchronize, labeled]
     branches:
       - master
@@ -419,4 +419,4 @@ jobs:
           echo "Downloading script from the master: $url"
           curl -o "$filePath" "$url"
           # Execute the script
-          python "$filePath"
+          python "$filePath"

.github/workflows/sample-data-validation.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/slash-command-armttk.yaml

@@ -46,7 +46,7 @@ jobs:
         if: steps.get-pr.outputs.is_fork == 'false'
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          fetch-depth: 0
+          fetch-depth: 10
           ref: ${{ steps.get-pr.outputs.head_sha }}
           persist-credentials: false
       - shell: pwsh

.github/workflows/solution-validations.yaml

@@ -19,6 +19,8 @@ jobs:
         SYSTEM_PULLREQUEST_ISFORK: ${{ github.event.pull_request.head.repo.fork }}
       steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Only need HEAD and parent for git diff
       - run: npm install -g npm@6.14.18;which npm;npm -v
       - name: npm install
         run: npm install

.github/workflows/update-solutions-analyzer.yml

@@ -0,0 +1,109 @@
+name: Update Solutions Analyzer CSV Files
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'Solutions/**/*.json'
+      - 'Solutions/**/Parsers/**/*.yaml'
+      - 'Solutions/**/Parsers/**/*.yml'
+      - 'Tools/Solutions Analyzer/map_solutions_connectors_tables.py'
+  workflow_dispatch:  # Allow manual trigger
+  schedule:
+    # Run weekly on Monday at 2 AM UTC to catch any missed changes
+    - cron: '0 2 * * 1'
+
+jobs:
+  update-csv:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: |
+          pip install json5
+
+      - name: Run Solutions Analyzer
+        run: |
+          cd "Tools/Solutions Analyzer"
+          python map_solutions_connectors_tables.py
+
+      # Note: Documentation generation removed - docs are now hosted in a separate repo
+      # See: https://github.com/oshezaf/sentinelninja/tree/main/Solutions%20Docs
+
+      - name: Check for changes
+        id: check_changes
+        run: |
+          if git diff --quiet "Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" "Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv"; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create Pull Request
+        if: steps.check_changes.outputs.changed == 'true'
+        id: create_pr
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore: Update Solutions Analyzer CSV files'
+          branch: solutions-analyzer-update
+          delete-branch: true
+          title: 'chore: Update Solutions Analyzer CSV files'
+          body: |
+            ## Automated Solutions Analyzer Update
+
+            This PR contains automated updates to:
+            - Solutions connector-to-tables mapping CSV
+            - Solutions issues and exceptions report CSV
+
+            Generated by the Solutions Analyzer workflow.
+
+            **Note:** Documentation is now hosted separately at https://github.com/oshezaf/sentinelninja
+
+            **Triggered by:** ${{ github.event_name }}
+            **Workflow run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          labels: automated
+          add-paths: |
+            Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv
+            Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv
+
+      - name: Enable auto-merge
+        if: steps.check_changes.outputs.changed == 'true' && steps.create_pr.outputs.pull-request-number != ''
+        run: |
+          gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} --auto --squash
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create summary
+        if: steps.check_changes.outputs.changed == 'true'
+        run: |
+          echo "### Solutions Analyzer Pull Request Created :white_check_mark:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "A pull request has been created with updated CSV files." >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Modified files:**" >> $GITHUB_STEP_SUMMARY
+          echo "- Tools/Solutions Analyzer/solutions_connectors_tables_mapping.csv" >> $GITHUB_STEP_SUMMARY
+          echo "- Tools/Solutions Analyzer/solutions_connectors_tables_issues_and_exceptions_report.csv" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Note:** Documentation is hosted at https://github.com/oshezaf/sentinelninja" >> $GITHUB_STEP_SUMMARY
+
+      - name: No changes summary
+        if: steps.check_changes.outputs.changed == 'false'
+        run: |
+          echo "### Solutions Analyzer :information_source:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "No changes detected. CSV files are already up-to-date." >> $GITHUB_STEP_SUMMARY