-
Notifications
You must be signed in to change notification settings - Fork 517
140 lines (125 loc) · 4.95 KB
/
bicep-build-to-validate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Unit Tests - Bicep Files and Modules
on:
pull_request:
branches:
- main
paths:
- "**.bicep"
- "ps-rule.yaml"
- ".ps-rule/*"
- "**/bicepconfig.json"
workflow_dispatch: {}
permissions:
contents: read
jobs:
bicep_unit_tests:
name: Bicep Build & Lint All Modules
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: List Currently Installed Bicep Version
shell: pwsh
run: |
$bicepVersion = bicep --version
Write-Information "=====> Currently installed Bicep version is: $bicepVersion <=====" -InformationAction Continue
- name: Install latest version of Bicep
shell: sh
run: |
# From https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/install#linux
# Fetch the latest Bicep CLI binary
curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
# Mark it as executable
chmod +x ./bicep
# Add bicep to your PATH (requires admin)
sudo mv ./bicep /usr/local/bin/bicep
# Verify you can now access the 'bicep' command
bicep --help
# Done!
- name: List Now Installed Bicep Version
shell: pwsh
run: |
$bicepVersion = bicep --version
Write-Information "=====> Now installed Bicep version is: $bicepVersion <=====" -InformationAction Continue
- name: Bicep Build & Lint All Modules
shell: pwsh
run: |
$output = @()
Get-ChildItem -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object {
Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue
$bicepOutput = bicep build $_.FullName 2>&1
if ($LastExitCode -ne 0)
{
foreach ($item in $bicepOutput) {
$output += "$($item) `r`n"
}
}
Else
{
echo "Bicep Build Successful for File: $_"
}
}
if ($output.length -gt 0) {
throw $output
}
- name: List Azure Resource Types
shell: pwsh
run: |
function Add-ToResourceTypesList {
param (
[Parameter(Mandatory = $true)]
[string] $Type
)
if (!$resourceTypesFullList.ContainsKey($Type)) {
$resourceTypesFullList.Add($Type, 1)
}
else {
$resourceTypesFullList[$Type] += 1
}
}
$resourceTypesFullList = @{}
Get-ChildItem -Path '.\infra-as-code\bicep\modules' -Recurse -Filter '*.json' -Exclude 'callModuleFromACR.example.json', 'orchHubSpoke.json', '*parameters*.json', 'bicepconfig.json', '*policy_*.json' | ForEach-Object {
Write-Information "==> Reading Built ARM Template JSON File: $_" -InformationAction Continue
$armTemplate = Get-Content $_.FullName | ConvertFrom-Json -Depth 100
$armResourceTypes = $armTemplate.Resources
$armResourceTypes | ForEach-Object {
if ($null -eq $_.Type) {
$_.PSObject.Properties | ForEach-Object {
Add-ToResourceTypesList -Type $_.Value.Type
}
}
else {
Add-ToResourceTypesList -Type $_.Type
}
}
}
Write-Information "==> Remove nested deployments resource type" -InformationAction Continue
$resourceTypesFullList.Remove('Microsoft.Resources/Deployments')
Write-Information "***** List of resource types in ALZ-Bicep modules *****" -InformationAction Continue
$resourceTypesFullList.Keys | Sort-Object
azure_waf:
name: Test Azure Well-Architected Framework (PSRule)
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
# Add pipeline tests for Azure Well-Architected Framework.
# See https://aka.ms/ps-rule-action for configuration options.
- name: Run PSRule analysis
uses: Microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
with:
modules: PSRule.Rules.Azure
baseline: Azure.Preview
continue-on-error: true