Merge branch 'main' into PSScriptAnalyzerAction

.github/workflows/CI.yaml

@@ -19,7 +19,7 @@ jobs:
     runs-on: [ ubuntu-latest ]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/CleanupTempRepos.yaml

@@ -22,7 +22,7 @@ jobs:
       githubOwner: ${{ steps.check.outputs.githubOwner }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -61,7 +61,7 @@ jobs:
     needs: [ Check ]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/Deploy.yaml

@@ -53,7 +53,7 @@ jobs:
       defaultBcContainerHelperVersion: ${{ steps.CreateInputs.outputs.defaultBcContainerHelperVersion }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -78,7 +78,7 @@ jobs:
     needs: [ Inputs ]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -115,7 +115,7 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/E2E.yaml

@@ -52,7 +52,7 @@ jobs:
       githubOwner: ${{ steps.check.outputs.githubOwner }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -101,7 +101,7 @@ jobs:
       appSourceAppRepo: ${{ steps.setup.outputs.appSourceAppRepo }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -125,7 +125,7 @@ jobs:
       scenarios: ${{ steps.Analyze.outputs.scenarios }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -206,7 +206,7 @@ jobs:
     strategy: ${{ fromJson(needs.Analyze.outputs.scenarios) }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -242,7 +242,7 @@ jobs:
     strategy: ${{ fromJson(needs.Analyze.outputs.scenarios) }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -278,7 +278,7 @@ jobs:
     strategy: ${{ fromJson(needs.Analyze.outputs.publictestruns) }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -326,7 +326,7 @@ jobs:
     strategy: ${{ fromJson(needs.Analyze.outputs.privatetestruns) }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -375,7 +375,7 @@ jobs:
     strategy: ${{ fromJson(needs.Analyze.outputs.releases) }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -420,7 +420,7 @@ jobs:
     if: always() && (!Cancelled()) && (needs.SetupRepositories.result == 'Success') && (needs.TestAlGoPublic.result == 'Success' || needs.TestAlGoPublic.result == 'Skipped') && (needs.TestAlGoPrivate.result == 'Success' || needs.TestAlGoPrivate.result == 'Skipped') && (needs.TestAlGoUpgrade.result == 'Success' || needs.TestAlGoUpgrade.result == 'Skipped') && (needs.Scenario.result == 'Success' || needs.Scenario.result == 'Skipped')
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/powershell.yaml

@@ -21,7 +21,7 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/pre-commit.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: windows-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
       with:
         egress-policy: audit
 

.github/workflows/scorecard-analysis.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

Actions/AL-Go-Helper.ps1

@@ -2090,11 +2090,11 @@ function CheckAndCreateProjectFolder {
 Function AnalyzeProjectDependencies {
     Param(
         [string] $baseFolder,
-        [string[]] $projects,
-        [ref] $buildAlso,
-        [ref] $projectDependencies
+        [string[]] $projects
     )
 
+    $additionalProjectsToBuild = @{}
+    $projectDependencies = @{}
     $appDependencies = @{}
     Write-Host "Analyzing projects in $baseFolder"
 
@@ -2123,9 +2123,17 @@ Function AnalyzeProjectDependencies {
         $unknownDependencies = @()
         $apps = @()
         Sort-AppFoldersByDependencies -appFolders $folders -baseFolder $baseFolder -WarningAction SilentlyContinue -unknownDependencies ([ref]$unknownDependencies) -knownApps ([ref]$apps) | Out-Null
+
+        # If the project is using project dependencies, add the unknown dependencies to the list of dependencies
+        # If not, the unknown dependencies are ignored
+        $dependenciesForProject = @()
+        if ($projectSettings.useProjectDependencies -eq $true) {
+            $dependenciesForProject = @($unknownDependencies | ForEach-Object { $_.Split(':')[0] })
+        }
+
         $appDependencies."$project" = @{
             "apps"         = $apps
-            "dependencies" = @($unknownDependencies | ForEach-Object { $_.Split(':')[0] })
+            "dependencies" = $dependenciesForProject
         }
     }
     # AppDependencies is a hashtable with the following structure
@@ -2160,42 +2168,42 @@ Function AnalyzeProjectDependencies {
                 # Add this project and all projects on which that project has a dependency to the list of dependencies for the current project
                 foreach($depProject in $depProjects) {
                     $foundDependencies += $depProject
-                    if ($projectDependencies.Value.Keys -contains $depProject) {
-                        $foundDependencies += $projectDependencies.value."$depProject"
+                    if ($projectDependencies.Keys -contains $depProject) {
+                        $foundDependencies += $projectDependencies."$depProject"
                     }
                 }
             }
             $foundDependencies = @($foundDependencies | Select-Object -Unique)
             # foundDependencies now contains all projects that the current project has a dependency on
             # Update ref variable projectDependencies for this project
-            if ($projectDependencies.Value.Keys -notcontains $project) {
+            if ($projectDependencies.Keys -notcontains $project) {
                 # Loop through the list of projects for which we already built a dependency list
                 # Update the dependency list for that project if it contains the current project, which might lead to a changed dependency list
                 # This is needed because we are looping through the projects in a any order
-                $keys = @($projectDependencies.value.Keys)
+                $keys = @($projectDependencies.Keys)
                 foreach($key in $keys) {
-                    if ($projectDependencies.value."$key" -contains $project) {
-                        $projectDeps = @( $projectDependencies.value."$key" )
-                        $projectDependencies.value."$key" = @( @($projectDeps + $foundDependencies) | Select-Object -Unique )
-                        if (Compare-Object -ReferenceObject $projectDependencies.value."$key" -differenceObject $projectDeps) {
+                    if ($projectDependencies."$key" -contains $project) {
+                        $projectDeps = @( $projectDependencies."$key" )
+                        $projectDependencies."$key" = @( @($projectDeps + $foundDependencies) | Select-Object -Unique )
+                        if (Compare-Object -ReferenceObject $projectDependencies."$key" -differenceObject $projectDeps) {
                             Write-Host "Add ProjectDependencies $($foundDependencies -join ',') to $key"
                         }
                     }
                 }
                 Write-Host "Set ProjectDependencies for $project to $($foundDependencies -join ',')"
-                $projectDependencies.value."$project" = $foundDependencies
+                $projectDependencies."$project" = $foundDependencies
             }
             if ($foundDependencies) {
                 Write-Host "Found dependencies to projects: $($foundDependencies -join ", ")"
-                # Add project to buildAlso for this dependency to ensure that this project also gets build when the dependency is built
+                # Add project to additionalProjectsToBuild for this dependency to ensure that this project also gets build when the dependency is built
                 foreach($dependency in $foundDependencies) {
-                    if ($buildAlso.value.Keys -contains $dependency) {
-                        if ($buildAlso.value."$dependency" -notcontains $project) {
-                            $buildAlso.value."$dependency" += @( $project )
+                    if ($additionalProjectsToBuild.Keys -contains $dependency) {
+                        if ($additionalProjectsToBuild."$dependency" -notcontains $project) {
+                            $additionalProjectsToBuild."$dependency" += @( $project )
                         }
                     }
                     else {
-                        $buildAlso.value."$dependency" = @( $project )
+                        $additionalProjectsToBuild."$dependency" = @( $project )
                     }
                 }
             }
@@ -2215,7 +2223,11 @@ Function AnalyzeProjectDependencies {
         $no++
     }
 
-    return @($projectsOrder)
+    return [PSCustomObject]@{
+        FullProjectsOrder = $projectsOrder
+        AdditionalProjectsToBuild = $additionalProjectsToBuild
+        ProjectDependencies = $projectDependencies
+    }
 }
 
 function GetBaseFolder {

Actions/CheckForUpdates/CheckForUpdates.ps1

@@ -49,7 +49,7 @@ $templateUrl = $templateUrl -replace "^(https:\/\/)(www\.)(.*)$", '$1$3'
 # TemplateUrl is now always a full url + @ and a branch name
 
 # CheckForUpdates will read all AL-Go System files from the Template repository and compare them to the ones in the current repository
-# CheckForUpdates will apply changes to the AL-Go System files based on AL-Go repo settings, such as "runs-on", "useProjectDependencies", etc.
+# CheckForUpdates will apply changes to the AL-Go System files based on AL-Go repo settings, such as "runs-on" etc.
 # if $update is set to Y, CheckForUpdates will also update the AL-Go System files in the current repository using a PR or a direct commit (if $directCommit is set to true)
 # if $update is set to N, CheckForUpdates will only check for updates and output a warning if there are updates available
 # if $downloadLatest is set to true, CheckForUpdates will download the latest version of the template repository, else it will use the templateSha setting in the .github/AL-Go-Settings file
@@ -115,11 +115,10 @@ $updateFiles = @()
 # $removeFiles will hold an array of files, which needs to be removed
 $removeFiles = @()
 
-# If useProjectDependencies is true, we need to calculate the dependency depth for all projects
 # Dependency depth determines how many build jobs we need to run sequentially
 # Every build job might spin up multiple jobs in parallel to build the projects without unresolved deependencies
 $depth = 1
-if ($repoSettings.useProjectDependencies -and $projects.Count -gt 1) {
+if ($projects.Count -gt 1) {
     Import-Module (Join-Path -Path $PSScriptRoot -ChildPath "..\DetermineProjectsToBuild\DetermineProjectsToBuild.psm1" -Resolve) -DisableNameChecking
     $allProjects, $projectsToBuild, $projectDependencies, $buildOrder = Get-ProjectsToBuild -baseFolder $baseFolder -buildAllProjects $true -maxBuildDepth 100
     $depth = $buildOrder.Count

Actions/DetermineProjectsToBuild/DetermineProjectsToBuild.psm1

@@ -222,7 +222,6 @@ function Get-ProjectsToBuild {
         Write-Host "Found AL-Go Projects: $($projects -join ', ')"
 
         $projectsToBuild = @()
-        $projectDependencies = @{}
         $projectsOrderToBuild = @()
 
         if ($projects) {
@@ -238,21 +237,13 @@ function Get-ProjectsToBuild {
                 $projectsToBuild = @($projects | Where-Object { ShouldBuildProject -baseFolder $baseFolder -project $_ -modifiedFiles $modifiedFilesFullPaths })
             }
 
-            if($settings.useProjectDependencies) {
-                $buildAlso = @{}
+            # Calculate the full projects order
+            $projectBuildInfo = AnalyzeProjectDependencies -baseFolder $baseFolder -projects $projects
 
-                # Calculate the full projects order
-                $fullProjectsOrder = AnalyzeProjectDependencies -baseFolder $baseFolder -projects $projects -buildAlso ([ref]$buildAlso) -projectDependencies ([ref]$projectDependencies)
-
-                $projectsToBuild = @($projectsToBuild | ForEach-Object { $_; if ($buildAlso.Keys -contains $_) { $buildAlso."$_" } } | Select-Object -Unique)
-            }
-            else {
-                # Use a flatten build order (all projects on the same level)
-                $fullProjectsOrder = @(@{ 'projects' = $projectsToBuild; 'projectsCount' = $projectsToBuild.Count})
-            }
+            $projectsToBuild = @($projectsToBuild | ForEach-Object { $_; if ($projectBuildInfo.AdditionalProjectsToBuild.Keys -contains $_) { $projectBuildInfo.AdditionalProjectsToBuild."$_" } } | Select-Object -Unique)
 
             # Create a project order based on the projects to build
-            foreach($depth in $fullProjectsOrder) {
+            foreach($depth in $projectBuildInfo.FullProjectsOrder) {
                 $projectsOnDepth = @($depth.projects | Where-Object { $projectsToBuild -contains $_ })
 
                 if ($projectsOnDepth) {
@@ -281,7 +272,7 @@ function Get-ProjectsToBuild {
             throw "The build depth is too deep, the maximum build depth is $maxBuildDepth. You need to run 'Update AL-Go System Files' to update the workflows"
         }
 
-        return $projects, $projectsToBuild, $projectDependencies, $projectsOrderToBuild
+        return $projects, $projectsToBuild, $projectBuildInfo.projectDependencies, $projectsOrderToBuild
     }
     finally {
         Pop-Location

Templates/AppSource App/.github/workflows/IncrementVersionNumber.yaml

@@ -26,10 +26,6 @@ on:
         type: boolean
         default: false
 
-permissions:
-  actions: read
-  contents: read
-
 defaults:
   run:
     shell: powershell
@@ -43,6 +39,7 @@ jobs:
     needs: [ ]
     runs-on: [ windows-latest ]
     permissions:
+      actions: read
       contents: write
       id-token: write
       pull-requests: write

Templates/Per Tenant Extension/.github/workflows/IncrementVersionNumber.yaml

@@ -26,10 +26,6 @@ on:
         type: boolean
         default: false
 
-permissions:
-  actions: read
-  contents: read
-
 defaults:
   run:
     shell: powershell
@@ -43,6 +39,7 @@ jobs:
     needs: [ ]
     runs-on: [ windows-latest ]
     permissions:
+      actions: read
       contents: write
       id-token: write
       pull-requests: write