Azure Commercial Cloud - Policy Update Issue in Workflow (#350)

* added autocrlf input * autocrlf input * testing purposes * testing line endings * remove working directory * cd to right place in workflow * parameter * import module case sensitivity * remove crlf * Fix `Invoke-RunFilesThroughLineEndings` * update-policy yml if condition in job * quick test * back to main for review * function name update * suppress BOM Co-authored-by: Kevin Rowlandson <kevin.rowlandson@microsoft.com>
Azure · Oct 21, 2022 · d05e7c8 · d05e7c8
1 parent 1bfd8d1
commit d05e7c8
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 8 deletions.
diff --git a/.github/scripts/Invoke-LibraryUpdate.ps1 b/.github/scripts/Invoke-LibraryUpdate.ps1
@@ -32,8 +32,7 @@ param (
 $ErrorActionPreference = "Stop"
 
 # This script relies on a custom set of classes and functions
-# defined within the EnterpriseScaleLibraryTools PowerShell
-# module.
+# defined within the Alz.Tools PowerShell module.
 Import-Module $AlzToolsPath -ErrorAction Stop
 
 # To avoid needing to authenticate with Azure, the following

diff --git a/.github/scripts/Invoke-PolicyToBicep.ps1 b/.github/scripts/Invoke-PolicyToBicep.ps1
@@ -5,15 +5,20 @@ AUTHOR/S: jtracey93, seseicht
 VERSION: 2.0.0
 #>
 [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSReviewUnusedParameter", "", Justification = "False Positive")]
+[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseBOMForUnicodeEncodedFile", "", Justification = "False Positive")]
 
 [CmdletBinding(SupportsShouldProcess)]
 param (
   [Parameter()]
   [string]
   $rootPath = "./infra-as-code/bicep/modules/policy",
   [string]
+  $alzToolsPath = "$PWD/../Enterprise-Scale/src/Alz.Tools",
+  [string]
   $definitionsRoot = "definitions",
   [string]
+  $lineEnding = "unix",
+  [string]
   $definitionsPath = "lib/policy_definitions",
   [string]
   $definitionsLongPath = "$definitionsRoot/$definitionsPath",
@@ -35,6 +40,21 @@ param (
   $assignmentsTxtFileName = "_policyAssignmentsBicepInput.txt"
 )
 
+# This script relies on a custom set of classes and functions
+# defined within the Alz.Tools PowerShell module.
+Import-Module $alzToolsPath -ErrorAction Stop
+
+# Line Endings function to be used in three functions below
+function Update-FileLineEndingType {
+  [CmdletBinding(SupportsShouldProcess)]
+  param(
+    [string]
+    $filePath
+  )
+
+  (Get-Content $filePath | Edit-LineEndings -LineEnding $LineEnding) | Out-File $filePath
+}
+
 #region Policy Definitions
 function New-PolicyDefinitionsBicepInputTxtFile {
   [CmdletBinding(SupportsShouldProcess)]
@@ -54,6 +74,9 @@ function New-PolicyDefinitionsBicepInputTxtFile {
     Add-Content -Path "$rootPath/$definitionsLongPath/$defintionsTxtFileName" -Encoding "utf8" -Value "{`r`n`tname: '$policyDefinitionName'`r`n`tlibDefinition: loadJsonContent('$definitionsPath/$fileName')`r`n}"
   }
 
+  Write-Information "====> Running '$defintionsTxtFileName' through Line Endings" -InformationAction Continue
+  Update-FileLineEndingType -filePath "$rootPath/$definitionsLongPath/$defintionsTxtFileName"
+
   $policyDefCount = Get-ChildItem -Recurse -Path "$rootPath/$definitionsLongPath" -Filter "*.json" | Measure-Object
   $policyDefCountString = $policyDefCount.Count
   Write-Information "====> Policy Definitions Total: $policyDefCountString" -InformationAction Continue
@@ -187,6 +210,9 @@ function New-PolicySetDefinitionsBicepInputTxtFile {
     Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "$_`r`n"
   }
 
+  Write-Information "====> Running '$defintionsSetTxtFileName' through Line Endings" -InformationAction Continue
+  Update-FileLineEndingType -filePath "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName"
+
   $policyDefCount = Get-ChildItem -Recurse -Path "$rootPath/$definitionsSetLongPath" -Filter "*.json" -Exclude "*.parameters.json" | Measure-Object
   $policyDefCountString = $policyDefCount.Count
   Write-Information "====> Policy Set/Initiative Definitions Total: $policyDefCountString" -InformationAction Continue
@@ -216,6 +242,9 @@ function New-PolicyAssignmentsBicepInputTxtFile {
     Add-Content -Path "$rootPath/$assignmentsLongPath/$assignmentsTxtFileName" -Encoding "utf8" -Value "var varPolicyAssignment$policyAssignmentNameNoHyphens = {`r`n`tdefinitionId: '$policyAssignmentDefinitionID'`r`n`tlibDefinition: loadJsonContent('../../policy/$assignmentsLongPath/$fileName')`r`n}`r`n"
   }
 
+  Write-Information "====> Running '$assignmentsTxtFileName' through Line Endings" -InformationAction Continue
+  Update-FileLineEndingType -filePath "$rootPath/$assignmentsLongPath/$assignmentsTxtFileName"
+
   $policyAssignmentCount = Get-ChildItem -Recurse -Path "$rootPath/$assignmentsLongPath" -Filter "*.json" | Measure-Object
   $policyAssignmentCountString = $policyAssignmentCount.Count
   Write-Information "====> Policy Assignments Total: $policyAssignmentCountString" -InformationAction Continue

diff --git a/.github/workflows/update-policy.yml b/.github/workflows/update-policy.yml
@@ -69,18 +69,21 @@ jobs:
           azPSVersion: "latest"
 
       - name: Update Policy Definition Bicep Input Files
-        run: |
-          Write-Information "==> Running script..." -InformationAction Continue
-          .github/scripts/Invoke-PolicyToBicep.ps1
-        shell: pwsh
-        working-directory: ${{ github.repository }}
+        uses: azure/powershell@v1
+        with:
+          inlineScript: |
+            cd ${{ github.workspace }}/${{ github.repository }}
+            Write-Information "==> Running script..." -InformationAction Continue
+            .github/scripts/Invoke-PolicyToBicep.ps1 `
+              -alzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/"
+          azPSVersion: "latest"
 
       - name: Check for changes
         id: git_status
         run: |
           CHECK_GIT_STATUS=($(git status -s))
           git status -s
-          echo "::set-output name=changes::${#CHECK_GIT_STATUS[@]}"
+          echo "changes=${#CHECK_GIT_STATUS[@]}" >> $GITHUB_OUTPUT
         working-directory: ${{ github.repository }}
 
       - name: Add files, commit and push
@@ -89,6 +92,7 @@ jobs:
           echo "Pushing changes to origin..."
           git add infra-as-code/bicep/modules/policy/definitions/lib
           git add infra-as-code/bicep/modules/policy/assignments/lib
+          git config --global core.autocrlf input
           git commit -m '${{ env.pr_title }}'
           git push origin ${{ env.branch_name }}
         working-directory: ${{ github.repository }}