-
Notifications
You must be signed in to change notification settings - Fork 384
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into users/donk-msft/policyinsights-remediation
- Loading branch information
Showing
205 changed files
with
26,279 additions
and
1,106 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
95 changes: 95 additions & 0 deletions
95
.github/workflows/avm.platform.publish-module-index-json.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| # This publishes the list of all public bicep modules to an index file that the Bicep vscode extension can read for intellisense using pwsh | ||
| name: .Platform - Publish [moduleIndex.json] | ||
| on: | ||
| schedule: | ||
| - cron: 45 11 * * * # Run daily at 3:45 AM PST | ||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
|
|
||
| jobs: | ||
| upload-index-data: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 // Needed to fetch all history and tags | ||
|
|
||
| - name: Log in to Azure | ||
| uses: azure/login@v2 | ||
| with: | ||
| client-id: ${{ secrets.PUBLISH_CLIENT_ID }} | ||
| tenant-id: ${{ secrets.PUBLISH_TENANT_ID }} | ||
| subscription-id: ${{ secrets.PUBLISH_SUBSCRIPTION_ID }} | ||
| enable-AzPSSession: true | ||
|
|
||
| - name: Install Azure Powershell Modules | ||
| shell: pwsh | ||
| run: | | ||
| if(-not (Get-Module 'Az.Storage' -ListAvailable)) { | ||
| Install-Module -Name 'Az.Storage' -Force | ||
| } | ||
| - name: Generate moduleIndex.json | ||
| shell: pwsh | ||
| run: | | ||
| # Load used functions | ||
| . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'platform' 'Invoke-AvmJsonModuleIndexGeneration.ps1') | ||
| $functionInput = @{ | ||
| storageAccountName = 'biceplivedatasaprod' | ||
| storageAccountContainer = 'bicep-cdn-live-data-container' | ||
| storageBlobName = 'module-index' | ||
| moduleIndexJsonFilePath = 'moduleIndex.json' | ||
| prefixForLastModuleIndexJsonFile = 'last-' | ||
| prefixForCurrentGeneratedModuleIndexJsonFile = 'generated-' | ||
| } | ||
| Write-Verbose "Invoke task with" -Verbose | ||
| Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose | ||
| if(-not (Invoke-AvmJsonModuleIndexGeneration @functionInput)) { | ||
| Write-Output ('{0}={1}' -f 'anyErrorsOccurred', $true) >> $env:GITHUB_ENV | ||
| } | ||
| - name: Upload artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: publish-module-index-json-artifacts | ||
| path: | | ||
| moduleIndex.json | ||
| last-moduleIndex.json | ||
| generated-moduleIndex.json | ||
| - name: Upload to blob storage | ||
| shell: pwsh | ||
| run: | | ||
| $storageAccountInfo = @{ | ||
| storageAccountName = 'biceplivedatasaprod' | ||
| storageAccountContainer = 'bicep-cdn-live-data-container' | ||
| storageBlobName = 'module-index' | ||
| storageBlobContentType = @{'ContentType' = 'application/json'} | ||
| } | ||
| Write-Verbose ('Uploading [moduleIndex.json] to blob storage account [{0}] in container [{1}] as blob [{2}]' -f $storageAccountInfo.storageAccountName, $storageAccountInfo.storageAccountContainer, $storageAccountInfo.storageBlobName) -Verbose | ||
| $storageContext = New-AzStorageContext -StorageAccountName $storageAccountInfo.storageAccountName -UseConnectedAccount | ||
| $functionInput = @{ | ||
| Context = $storageContext | ||
| Container = $storageAccountInfo.storageAccountContainer | ||
| Blob = $storageAccountInfo.storageBlobName | ||
| File = 'moduleIndex.json' | ||
| Properties = $storageAccountInfo.storageBlobContentType | ||
| } | ||
| Set-AzStorageBlobContent @functionInput -Force | ||
| Write-Verbose ('Upload of [{0}] complete.' -f $storageAccountInfo.storageBlobName) -Verbose | ||
| - name: Check if any errors occurred during 'Generate moduleIndex.json' | ||
| if: ${{ env.anyErrorsOccurred == 'true' }} | ||
| shell: pwsh | ||
| run: | | ||
| throw "Errors occurred during 'Generate moduleIndex.json' step. Please check the logs of that step in the workflow." |
2 changes: 1 addition & 1 deletion
2
.github/workflows/avm.platform.set-avm-github-issue-owner-config.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| # Workflow to create an issue, if AVM module list is not in sync with CSV file | ||
| name: .Platform - Sync AVM module list | ||
|
|
||
| on: | ||
| schedule: | ||
| - cron: "30 4 * * *" # Every day at 4:30 am | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| sync-avm-modules-list: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| issues: write | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: tibdex/github-app-token@v2 | ||
| id: generate-token | ||
| with: | ||
| app_id: ${{ secrets.TEAM_LINTER_APP_ID }} | ||
| private_key: ${{ secrets.TEAM_LINTER_PRIVATE_KEY }} | ||
| - name: sync avm modules list | ||
| shell: pwsh | ||
| env: | ||
| GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} | ||
| run: | | ||
| # Load used functions | ||
| . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'platform' 'Sync-AvmModulesList.ps1') | ||
| $functionInput = @{ | ||
| Repo = "${{ github.repository_owner }}/${{ github.event.repository.name }}" | ||
| RepoRoot = $env:GITHUB_WORKSPACE | ||
| } | ||
| Sync-AvmModulesList @functionInput -Verbose |
86 changes: 86 additions & 0 deletions
86
.github/workflows/avm.ptn.authorization.policy-assignment.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| name: "avm.ptn.authorization.policy-assignment" | ||
|
|
||
| on: | ||
| schedule: | ||
| - cron: "0 12 1/15 * *" # Bi-Weekly Test (on 1st & 15th of month) | ||
| workflow_dispatch: | ||
| inputs: | ||
| staticValidation: | ||
| type: boolean | ||
| description: "Execute static validation" | ||
| required: false | ||
| default: true | ||
| deploymentValidation: | ||
| type: boolean | ||
| description: "Execute deployment validation" | ||
| required: false | ||
| default: true | ||
| removeDeployment: | ||
| type: boolean | ||
| description: "Remove deployed module" | ||
| required: false | ||
| default: true | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - ".github/actions/templates/avm-**" | ||
| - ".github/workflows/avm.template.module.yml" | ||
| - ".github/workflows/avm.ptn.authorization.policy-assignment.yml" | ||
| - "avm/ptn/authorization/policy-assignment/**" | ||
| - "avm/utilities/pipelines/**" | ||
| - "!avm/utilities/pipelines/platform/**" | ||
| - "!*/**/README.md" | ||
|
|
||
| env: | ||
| modulePath: "avm/ptn/authorization/policy-assignment" | ||
| workflowPath: ".github/workflows/avm.ptn.authorization.policy-assignment.yml" | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }} | ||
|
|
||
| jobs: | ||
| ########################### | ||
| # Initialize pipeline # | ||
| ########################### | ||
| job_initialize_pipeline: | ||
| runs-on: ubuntu-latest | ||
| name: "Initialize pipeline" | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: "Set input parameters to output variables" | ||
| id: get-workflow-param | ||
| uses: ./.github/actions/templates/avm-getWorkflowInput | ||
| with: | ||
| workflowPath: "${{ env.workflowPath}}" | ||
| - name: "Get module test file paths" | ||
| id: get-module-test-file-paths | ||
| uses: ./.github/actions/templates/avm-getModuleTestFiles | ||
| with: | ||
| modulePath: "${{ env.modulePath }}" | ||
| outputs: | ||
| workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} | ||
| moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} | ||
| psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} | ||
| modulePath: "${{ env.modulePath }}" | ||
|
|
||
| ############################## | ||
| # Call reusable workflow # | ||
| ############################## | ||
| call-workflow-passing-data: | ||
| name: "Run" | ||
| permissions: | ||
| id-token: write # For OIDC | ||
| contents: write # For release tags | ||
| needs: | ||
| - job_initialize_pipeline | ||
| uses: ./.github/workflows/avm.template.module.yml | ||
| with: | ||
| workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" | ||
| moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" | ||
| psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" | ||
| modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" | ||
| secrets: inherit |
Oops, something went wrong.