feat: Schema updates and minor workflow fixes (#474)

.github/scripts/build-recommendation-object.ps1

@@ -10,7 +10,7 @@ function Build-APRLJsonObject {
 
   $yamlobj = foreach($file in $yamlfiles){
       $content = Get-Content $file.FullName -Raw | ConvertFrom-Yaml
-      $content | Select-Object publishedToAdvisor,aprlGuid,recommendationTypeId,recommendationMetadataState,learnMoreLink,recommendationControl,longDescription,pgVerified,description,potentialBenefits,publishedToLearn,tags,recommendationResourceType,recommendationImpact,automationAvailable,query
+      $content | Select-Object publishedToAdvisor,aprlGuid,recommendationTypeId,recommendationMetadataState,learnMoreLink,recommendationControl,longDescription,pgVerified,description,potentialBenefits,tags,recommendationResourceType,recommendationImpact,automationAvailable,query
   }
 
   $kqlobj = foreach($file in $kqlfiles){

.github/scripts/schemas/azure-resources-and-waf-schema.yaml

@@ -12,7 +12,6 @@ recommendation:
   longDescription: str(max=300)
   potentialBenefits: str(max=60)
   pgVerified: bool()
-  publishedToLearn: bool()
   automationAvailable: bool()
   tags: null()
   learnMoreLink: list()

.github/scripts/schemas/azure-specialized-workloads-schema.yaml

@@ -12,7 +12,6 @@ recommendation:
   longDescription: str()
   potentialBenefits: str(max=60)
   pgVerified: bool()
-  publishedToLearn: bool()
   automationAvailable: bool()
   tags: null()
   learnMoreLink: list()

.github/workflows/ado-sync-workitems.yml

@@ -26,6 +26,7 @@ jobs:
         env:
           ado_token: '${{ secrets.ADO_PERSONAL_ACCESS_TOKEN }}'
           github_token: '${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}'
+          ado.autoCreate: 'true'
           config_file: './.github/actions-config/gh-ado-sync-config.json'
         with:
           ado: ${{ secrets.ADO_MAPPINGS_HANDLES }}

azure-resources/AAD/domainServices/recommendations.yaml

@@ -9,7 +9,6 @@
     You need to use a minimum of Enterprise SKU for your managed domain to support replica sets.
   potentialBenefits: The Enterprise SKU enables creation of replica sets.
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -28,7 +27,6 @@
     You can add a replica set to any peered virtual network in any Azure region that supports Domain Services.
   potentialBenefits: The replica sets provide geographical resiliency.
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:

azure-resources/AVS/privateClouds/recommendations.yaml

@@ -9,7 +9,6 @@
     Ensure Azure Service Health notifications are set for Azure VMware Solution across all used regions and subscriptions. This communicates service/security issues and maintenance activities like host replacements and upgrades, reducing service request submissions.
   potentialBenefits: Prompt mitigation of issues.
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -27,7 +26,6 @@
     Set an alert for when the node count in Azure VMware Solution Private Cloud hits or exceeds 90 hosts, enabling timely planning for a new private cloud.
   potentialBenefits: Proactive capacity planning
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -45,7 +43,6 @@
     Alert when the cluster size reaches 14 hosts. Set up periodic alerts for planning new clusters or datastores due to growth, especially from storage needs. Beyond 14 hosts, trigger alerts for each new host addition for proactive resource monitoring.
   potentialBenefits: Proactive resource management
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -63,7 +60,6 @@
     For Azure VMware Solution, enabling Stretched Clusters offers 99.99% SLA, synchronous storage replication (RPO=0), and spreads vSAN datastore across two AZs. Must be done at initial setup, needing double quota due to extension across AZs.
   potentialBenefits: 99.99% SLA, 0 RPO, Multi-AZ
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -83,7 +79,6 @@
     Ensure VMware vSAN datastore slack space is maintained for SLA by monitoring storage utilization and setting alerts at 70% and 75% utilization to allow for capacity planning. To expand, add hosts or external storage like Azure Elastic SAN, Azure NetApp Files, if CPU and RAM requirements are met.
   potentialBenefits: Optimized capacity planning for vSAN
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -101,7 +96,6 @@
     Ensure Diagnostic Settings are configured for each private cloud to send syslogs to external sources for analysis and/or archiving. Azure VMware Solution Syslogs contain data for troubleshooting and performance, aiding quicker issue resolution and early detection of issues.
   potentialBenefits: Faster issue resolution, early detection
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -119,7 +113,6 @@
     Ensure sufficient compute resources to avoid host resource exhaustion in Azure VMware Solution, which utilizes vSphere DRS and HA for dynamic workload resource management. However, sustained CPU utilization over 95% may increase CPU Ready times, impacting workloads.
   potentialBenefits: Avoids resource exhaustion, optimizes performance
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -137,7 +130,6 @@
     Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads.
   potentialBenefits: Avoids host exhaustion and swapping
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -155,7 +147,6 @@
     Applying a resource delete lock to the Azure VMware Solution Private Cloud resource group prevents unauthorized or accidental deletion by anyone with contributor access, ensuring the protection and reliability of the Azure VMware Solution Private Cloud.
   potentialBenefits: Prevents accidental deletion
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -173,7 +164,6 @@
     When using customer-managed keys for encrypting vSAN datastores, leveraging Azure Key Vault for central management and accessing them via a managed identity linked to the private cloud is advised. The expiration of these keys can render the vSAN datastore and its associated workloads inaccessible.
   potentialBenefits: Avoid outages with key auto-rotation
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -191,7 +181,6 @@
     Azure VMware Solution private clouds support up to three DNS servers for a single FQDN, preventing a single DNS server from becoming a point of failure. It's crucial to use multiple DNS servers for on-premises FQDN resolution from each private cloud.
   potentialBenefits: Enhances reliability and avoids failure
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:

azure-resources/ApiManagement/service/recommendations.yaml

@@ -9,7 +9,6 @@
     Upgrading the API Management instance to the Premium SKU adds support for Availability Zones, enhancing availability and resilience by distributing services across physically separate locations within Azure regions.
   potentialBenefits: Enhanced availability and resilience
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -29,7 +28,6 @@
     Zone redundancy for APIM instances ensures the gateway and control plane (Management API, developer portal, Git configuration) are replicated across datacenters in physically separated zones, boosting resilience to zone failures.
   potentialBenefits: Improved resilience to zone failures
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -49,7 +47,6 @@
     Upgrading to API Management stv2 is required as stv1 retires on 31 Aug 2024, offering enhanced capabilities with the new platform version.
   potentialBenefits: Ensures service continuity
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -69,7 +66,6 @@
     Use API Management with auto-scale for high availability in workloads that experience variable traffic patterns. There are several limitations with auto-scale, so review the documentation to ensure it meets your requirements.
   potentialBenefits: Enhanced availability and resilience
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:

azure-resources/App/containerApps/recommendations.yaml

@@ -9,7 +9,6 @@
     Enable container health probes to monitor the health of your container apps and ensure that unhealthy containers are restarted automatically.
   potentialBenefits: Enhanced availability and resilience
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:

azure-resources/App/managedEnvironments/recommendations.yaml

@@ -9,7 +9,6 @@
     To take advantage of availability zones, you must enable zone redundancy when you create a Container Apps environment. The environment must include a virtual network with an available subnet. To ensure proper distribution of replicas, set your app's minimum replica count to three.
   potentialBenefits: Enhances app resiliency and reliability
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:

azure-resources/AppConfiguration/configurationStores/recommendations.yaml

@@ -9,7 +9,6 @@
     With Purge protection enabled, soft deleted stores can't be purged in the retention period. If disabled, the soft deleted store can be purged before the retention period expires.
   potentialBenefits: Prevent accidental deletion of configuration stores.
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -27,7 +26,6 @@
     SLA is not available for Free tier. Upgrade to the Standard tier to get an SLA of 99.9%
   potentialBenefits: High availability, more storage, higher request quota.
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:

azure-resources/Automation/automationAccounts/recommendations.yaml

@@ -9,7 +9,6 @@
     Set up disaster recovery for Automation accounts and resources like Modules, Connections, Credentials, Certificates, Variables, and Schedules to deal with region or zone failures. A replica Automation account should be ready in a secondary region for failover.
   potentialBenefits: Ensures continuity during outages
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:

azure-resources/Batch/batchAccounts/recommendations.yaml

@@ -9,7 +9,6 @@
     To ensure cross-region disaster recovery and business continuity, set the right quotas for all Batch accounts to allocate necessary core numbers upfront, preventing execution interruptions from reaching quota limits.
   potentialBenefits: Ensures business continuity
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -27,7 +26,6 @@
     When using Virtual Machine Configuration for Azure Batch pools, opting to distribute your pool across Availability Zones bolsters your compute nodes against Azure datacenter failures.
   potentialBenefits: Enhanced reliability and failure protection
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:

azure-resources/Cache/Redis/recommendations.yaml

@@ -9,7 +9,6 @@
     Azure Cache for Redis offers zone redundancy in Premium and Enterprise tiers, using VMs across multiple Availability Zones to ensure greater resilience and availability.
   potentialBenefits: Higher resilience and availability
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -26,7 +25,6 @@
     Azure Cache for Redis allows for specifying maintenance windows. A maintenance window allows you to control the days and times of a week during which the VMs hosting your cache can be updated.
   potentialBenefits: Higher resilience and availability
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -44,7 +42,6 @@
     Use private endpoints for secure connection to cache via a private link, avoiding the public internet.
   potentialBenefits: Secure, private VNet ingress, efficient data transfer
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:

azure-resources/Cdn/profiles/recommendations.yaml

@@ -9,7 +9,6 @@
     For most solutions, choose either Azure Front Door for content caching, CDN, TLS termination, and WAF, or Traffic Manager for simple global load balancing.
   potentialBenefits: Optimized network routing and security
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -33,7 +32,6 @@
     Front Door's features perform optimally when traffic exclusively comes through Front Door. It's advised to set up your origin to deny access to traffic that bypasses Front Door.
   potentialBenefits: Enhances security and performance
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -51,7 +49,6 @@
     When working with Azure Front Door through APIs, ARM templates, Bicep, or SDKs, using the latest API or SDK version is crucial. Updates bring new functions, important security patches, and bug fixes.
   potentialBenefits: Enhanced security and features
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -73,7 +70,6 @@
     Front Door logs offer comprehensive telemetry on each request, crucial for understanding your solution's performance and responses, especially when caching is enabled, as origin servers might not receive every request.
   potentialBenefits: Enhanced insights and solution monitoring
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -95,7 +91,6 @@
     Front Door terminates TCP and TLS connections from clients and establishes new connections from each PoP to the origin. Securing these connections with TLS, even for Azure-hosted origins, ensures data is always encrypted during transit.
   potentialBenefits: Ensures data encryption in transit
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -113,7 +108,6 @@
     Using HTTPS is ideal for secure connections. However, for compatibility with older clients, HTTP requests may be necessary. Azure Front Door enables auto redirection of HTTP to HTTPS, enhancing security without sacrificing accessibility.
   potentialBenefits: Enhances security and compliance
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -131,7 +125,6 @@
     When Front Door manages your TLS certificates, it reduces your operational costs and helps you to avoid costly outages caused by forgetting to renew a certificate. Front Door automatically issues and rotates the managed TLS certificates.
   potentialBenefits: Lowers costs, avoids outages
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -149,7 +142,6 @@
     If you use your own TLS certificates, set the Key Vault certificate version to 'Latest' to avoid reconfiguring Azure Front Door for new certificate versions and waiting for deployment across Front Door's environments.
   potentialBenefits: Saves time and automates TLS updates
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -167,7 +159,6 @@
     Front Door can rewrite Host headers for custom domain names routing to a single origin, useful for avoiding custom domain configuration at both Front Door and the origin.
   potentialBenefits: Improves session/auth handling
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -185,7 +176,6 @@
     For internet-facing applications, enabling the Front Door web application firewall (WAF) and configuring it to use managed rules is recommended for protection against a wide range of attacks using Microsoft-managed rules.
   potentialBenefits: Enhances web app security
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -203,7 +193,6 @@
     Front Door health probes help detect unavailable or unhealthy origins, directing traffic to alternate origins if needed.
   potentialBenefits: Reduces unnecessary origin traffic
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -221,7 +210,6 @@
     Consider selecting a webpage or location specifically designed for health monitoring as the endpoint for Azure Front Door's health probes. This should encompass the status of critical components like application servers, databases, and caches to serve production traffic efficiently.
   potentialBenefits: Improves traffic routing and uptime
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -239,7 +227,6 @@
     Health probes in Azure Front Door can use GET or HEAD HTTP methods. Using the HEAD method for health probes is a recommended practice because it reduces the traffic load on your origins, being less resource-intensive.
   potentialBenefits: Reduces traffic load on origins
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -257,7 +244,6 @@
     Azure Front Door's geo-filtering through WAF enables defining custom access rules by country/region to restrict or allow web app access.
   potentialBenefits: Enhanced regional access control
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -275,7 +261,6 @@
     Azure Private Link enables secure access to Azure PaaS and services over a private endpoint in your virtual network, ensuring traffic goes over the Microsoft backbone network, not the public internet.
   potentialBenefits: Enhanced security and private connectivity
   pgVerified: true
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -293,7 +278,6 @@
     Azure Front Door standard is ~45% cheaper then AFD classic and has many additional benefits. Classic is also scheduled to be retired on March 31, 2027.
   potentialBenefits: Costs savings and additional supported features
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink:

azure-resources/CognitiveServices/accounts/recommendations.yaml

@@ -9,7 +9,6 @@
     All Logs and Metrics should be configured. These logs provide rich, frequent data about the operation of a resource that are used for issue identification and debugging.
   potentialBenefits: Enhanced monitoring and troubleshooting capabilities
   pgVerified: false
-  publishedToLearn: false
   automationAvailable: false
   tags: null
   learnMoreLink: