Skip to content

fix: Add missing private dns zones to applicable policy assignment and module #1126

fix: Add missing private dns zones to applicable policy assignment and module

fix: Add missing private dns zones to applicable policy assignment and module #1126

# Example: .github/workflows/arm-docs.yaml
name: Generate Markdown
on:
pull_request_target:
types:
- edited
- opened
- reopened
- synchronize
paths:
- '**.bicep'
env:
github_user_name: 'github-actions'
github_email: '41898282+github-actions[bot]@users.noreply.github.com'
github_commit_message: 'Generate Parameter Markdowns'
github_pr_number: ${{ github.event.number }}
github_pr_repo: ${{ github.event.pull_request.head.repo.full_name }}
permissions:
contents: read
jobs:
arm_docs:
name: Generate Markdown
permissions:
contents: write
runs-on: ubuntu-latest
environment: BicepUpdateDocumentation
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Show env
run: env | sort
- name: Check out PR
run: |
echo "==> Check out PR..."
gh pr checkout "$github_pr_number"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Configure local git
run: |
echo "git user name : $github_user_name"
git config --global user.name "$github_user_name"
echo "git user email : $github_email"
git config --global user.email "$github_email"
- name: Bicep Build
shell: pwsh
run: |
Get-ChildItem -Recurse -Path infra-as-code/bicep/ -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object {
Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue
$output = bicep build $_.FullName 2>&1
if ($LastExitCode -ne 0)
{
throw $output
}
Else
{
echo $output
}
}
- name: Generate ARM markdowns
run: |
Install-Module -Name 'PSDocs.Azure' -Repository PSGallery -force;
# Scan for Azure template file recursively in the infra-as-code/bicep/ directory
Get-AzDocTemplateFile -Path infra-as-code/bicep/ | ForEach-Object {
# Generate a standard name of the markdown file. i.e. <name>_<version>.md
$template = Get-Item -Path $_.TemplateFile;
$templateraw = Get-Content -Raw -Path $_.Templatefile;
$templateName = $template.Directory.Parent.Name;
$version = $template.Directory.Name;
$docNameWithoutExtension = [System.IO.Path]::GetFileNameWithoutExtension($template.Name);
$docName = "$($docNameWithoutExtension)_$version";
$jobj = ConvertFrom-Json -InputObject $templateraw
$outputpathformds = $template.DirectoryName+'/generateddocs'
New-Item -Path $outputpathformds -ItemType Directory -Force
# Conversion
$templatepath = $template.DirectoryName
$convertedtemplatename = $template.Name
$convertedfullpath = $templatepath+"\"+$convertedtemplatename
$jobj | ConvertTo-Json -Depth 100 | Set-Content -Path $convertedfullpath
$mdname = ($docNameWithoutExtension)+'.bicep'
# Generate markdown
Invoke-PSDocument -Module PSDocs.Azure -OutputPath $outputpathformds -InputObject $template.FullName -InstanceName $mdname -Culture en-US;
}
shell: pwsh
- name: Remove Generated JSONs
shell: pwsh
run: |
Get-ChildItem -Recurse -Path infra-as-code/bicep/ -Filter '*.json' -Exclude 'bicepconfig.json','*.parameters.json','*.parameters.*.json','policy_*' | ForEach-Object {
Write-Information "==> Removing generated JSON file $_ from Bicep Build" -InformationAction Continue
Remove-Item -Path $_.FullName
}
- name: Check git status
run: |
echo "==> Check git status..."
git status --short --branch
- name: Stage changes
run: |
echo "==> Stage changes..."
mapfile -t STATUS_LOG < <(git status --short | grep .)
if [ ${#STATUS_LOG[@]} -gt 0 ]; then
echo "Found changes to the following files:"
printf "%s\n" "${STATUS_LOG[@]}"
git add --all
else
echo "No changes to add."
fi
- name: Push changes
run: |
echo "==> Check git diff..."
mapfile -t GIT_DIFF < <(git diff --cached)
printf "%s\n" "${GIT_DIFF[@]}"
if [ ${#GIT_DIFF[@]} -gt 0 ]; then
echo "==> Commit changes..."
git commit --message "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]"
echo "==> Push changes..."
echo "Pushing changes to: $github_pr_repo"
git push "https://$GITHUB_TOKEN@github.com/$github_pr_repo.git"
else
echo "No changes found."
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}