Accelerator Pipelines for Azure Devops

accelerator/.azuredevops/pipelines/alz-bicep-1.yml

@@ -0,0 +1,99 @@
+name: ALZ-Bicep-1 Workflow
+
+trigger:
+  branches:
+    include:
+      - "main"
+  paths:
+    include:
+      - "config/custom-parameters/managementGroups.parameters.all.json"
+      - "config/custom-parameters/resourceGroupLoggingAndSentinel.parameters.all.json"
+      - "config/custom-parameters/logging.parameters.all.json"
+      - "config/custom-parameters/customPolicyDefinitions.parameters.all.json"
+      - "config/custom-parameters/customRoleDefinitions.parameters.all.json"
+      - "config/custom-parameters/mgDiagSettingsAll.parameters.all.json"
+
+variables:
+  ENV_FILE: ".env"
+  SERVICE_CONNECTION_NAME: "[your service connection name here]"
+
+jobs:
+  - job: ALZ_Bicep_1_Workflow_Job
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+      - checkout: self
+        displayName: Checkout Repo
+
+      - pwsh: |
+          (Get-Content -Path $env:ENV_FILE -Encoding UTF8) | ForEach-Object {$_ -replace '"',''} | Out-File -FilePath $env:ENV_FILE -Encoding UTF8
+        displayName: Remove Quotation Marks from Environment File
+
+      - pwsh: |
+          Write-Host $env:ENV_FILE
+          Get-Content -Path $env:ENV_FILE -Encoding UTF8 | ForEach-Object {
+            $envVarName, $envVarValue = ($_ -replace '"','').split('=')
+            echo "##vso[task.setvariable variable=$envVarName;]$envVarValue"
+            echo "Set $envVarName to $envVarValue]"
+          }
+        displayName: Import Environment Variables from File
+
+      - task: AzurePowerShell@5
+        displayName: "Management Groups Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZManagementGroups.ps1
+
+      - task: AzurePowerShell@5
+        displayName: "Logging and Sentinel Resource Group Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZLoggingAndSentinelResourceGroup.ps1
+
+      - task: AzurePowerShell@5
+        displayName: "Logging and Sentinel Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZLoggingAndSentinel.ps1
+
+      - task: AzurePowerShell@5
+        displayName: "Custom Policy Definitions Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZCustomPolicyDefinitions.ps1
+
+      - task: AzurePowerShell@5
+        displayName: "Custom Role Definitions Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZCustomRoleDefinitions.ps1
+
+      - task: AzurePowerShell@5
+        displayName: "Custom Management Group Diagnostic Settings"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZMGDiagnosticSettings.ps1

accelerator/.azuredevops/pipelines/alz-bicep-2.yml

@@ -0,0 +1,44 @@
+name: ALZ-Bicep-2 Workflow
+
+trigger:
+  branches:
+    include:
+      - "main"
+  paths:
+    include:
+      - "config/custom-parameters/alzDefaultPolicyAssignments.parameters.all.json"
+
+variables:
+  ENV_FILE: ".env"
+  SERVICE_CONNECTION_NAME: "[your service connection name here]"
+
+jobs:
+  - job: ALZ_Bicep_2_Workflow_Job
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+      - checkout: self
+        displayName: Checkout Repo
+
+      - pwsh: |
+          (Get-Content -Path $env:ENV_FILE -Encoding UTF8) | ForEach-Object {$_ -replace '"',''} | Out-File -FilePath $env:ENV_FILE -Encoding UTF8
+        displayName: Remove Quotation Marks from Environment File
+
+      - pwsh: |
+          Write-Host $env:ENV_FILE
+          Get-Content -Path $env:ENV_FILE -Encoding UTF8 | ForEach-Object {
+            $envVarName, $envVarValue = ($_ -replace '"','').split('=')
+            echo "##vso[task.setvariable variable=$envVarName;]$envVarValue"
+            echo "Set $envVarName to $envVarValue]"
+          }
+        displayName: Import Environment Variables from File
+
+      - task: AzurePowerShell@5
+        displayName: "Built-in and Custom Policy Assignments Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZPolicyAssignments.ps1

accelerator/.azuredevops/pipelines/alz-bicep-3.yml

@@ -0,0 +1,44 @@
+name: ALZ-Bicep-3 Workflow
+
+trigger:
+  branches:
+    include:
+      - "main"
+  paths:
+    include:
+      - "config/custom-parameters/subPlacementAll.parameters.all.json"
+
+variables:
+  ENV_FILE: ".env"
+  SERVICE_CONNECTION_NAME: "[your service connection name here]"
+
+jobs:
+  - job: ALZ_Bicep_3_Workflow_Job
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+      - checkout: self
+        displayName: Checkout Repo
+
+      - pwsh: |
+          (Get-Content -Path $env:ENV_FILE -Encoding UTF8) | ForEach-Object {$_ -replace '"',''} | Out-File -FilePath $env:ENV_FILE -Encoding UTF8
+        displayName: Remove Quotation Marks from Environment File
+
+      - pwsh: |
+          Write-Host $env:ENV_FILE
+          Get-Content -Path $env:ENV_FILE -Encoding UTF8 | ForEach-Object {
+            $envVarName, $envVarValue = ($_ -replace '"','').split('=')
+            echo "##vso[task.setvariable variable=$envVarName;]$envVarValue"
+            echo "Set $envVarName to $envVarValue]"
+          }
+        displayName: Import Environment Variables from File
+
+      - task: AzurePowerShell@5
+        displayName: "Deploy Subscription Placement"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZSubscriptionPlacement.ps1

accelerator/.azuredevops/pipelines/alz-bicep-4a.yml

@@ -0,0 +1,55 @@
+name: ALZ-Bicep-4a Workflow
+
+trigger:
+  branches:
+    include:
+      - "main"
+  paths:
+    include:
+      - "config/custom-parameters/resourceGroupConnectivity.parameters.all.json"
+      - "config/custom-parameters/hubNetworking.parameters.all.json"
+
+variables:
+  ENV_FILE: ".env"
+  SERVICE_CONNECTION_NAME: "[your service connection name here]"
+
+jobs:
+  - job: ALZ_Bicep_4a_Workflow_Job
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+      - checkout: self
+        displayName: Checkout Repo
+
+      - pwsh: |
+          (Get-Content -Path $env:ENV_FILE -Encoding UTF8) | ForEach-Object {$_ -replace '"',''} | Out-File -FilePath $env:ENV_FILE -Encoding UTF8
+        displayName: Remove Quotation Marks from Environment File
+
+      - pwsh: |
+          Write-Host $env:ENV_FILE
+          Get-Content -Path $env:ENV_FILE -Encoding UTF8 | ForEach-Object {
+            $envVarName, $envVarValue = ($_ -replace '"','').split('=')
+            echo "##vso[task.setvariable variable=$envVarName;]$envVarValue"
+            echo "Set $envVarName to $envVarValue]"
+          }
+        displayName: Import Environment Variables from File
+
+      - task: AzurePowerShell@5
+        displayName: "Connectivity Resource Group Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZConnectivityResourceGroup.ps1
+
+      - task: AzurePowerShell@5
+        displayName: "Hub (Hub-and-Spoke) Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZHub-HubAndSpoke.ps1

accelerator/.azuredevops/pipelines/alz-bicep-4b.yml

@@ -0,0 +1,55 @@
+name: ALZ-Bicep-4b Workflow
+
+trigger:
+  branches:
+    include:
+      - "main"
+  paths:
+    include:
+      - "config/custom-parameters/resourceGroupConnectivity.parameters.all.json"
+      - "config/custom-parameters/vwanConnectivity.parameters.all.json"
+
+variables:
+  ENV_FILE: ".env"
+  SERVICE_CONNECTION_NAME: "[your service connection name here]"
+
+jobs:
+  - job: ALZ_Bicep_4b_Workflow_Job
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+      - checkout: self
+        displayName: Checkout Repo
+
+      - pwsh: |
+          (Get-Content -Path $env:ENV_FILE -Encoding UTF8) | ForEach-Object {$_ -replace '"',''} | Out-File -FilePath $env:ENV_FILE -Encoding UTF8
+        displayName: Remove Quotation Marks from Environment File
+
+      - pwsh: |
+          Write-Host $env:ENV_FILE
+          Get-Content -Path $env:ENV_FILE -Encoding UTF8 | ForEach-Object {
+            $envVarName, $envVarValue = ($_ -replace '"','').split('=')
+            echo "##vso[task.setvariable variable=$envVarName;]$envVarValue"
+            echo "Set $envVarName to $envVarValue]"
+          }
+        displayName: Import Environment Variables from File
+
+      - task: AzurePowerShell@5
+        displayName: "Connectivity Resource Group Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZConnectivityResourceGroup.ps1
+
+      - task: AzurePowerShell@5
+        displayName: "Hub (VWAN) Deployment"
+        inputs:
+          azureSubscription: ${{ variables.SERVICE_CONNECTION_NAME }}
+          azurePowerShellVersion: "LatestVersion"
+          pwsh: true
+          ScriptType: "InlineScript"
+          Inline: |
+            .\pipeline-scripts\Deploy-ALZHub-VWAN.ps1

accelerator/.azuredevops/pipelines/alz-bicep-pr-1.yml

@@ -0,0 +1,76 @@
+name: ALZ-Bicep-PR-1 Workflow
+
+trigger: none
+# YAML PR triggers are supported only in GitHub and Bitbucket Cloud.
+# If you use Azure Repos Git, you can configure a branch policy for build validation to trigger your build pipeline for validation.
+# https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies#build-validation
+pr:
+  branches:
+    include:
+      - "main"
+  paths:
+    include:
+      - "**/bicepconfig.json"
+      - "**.bicep"
+
+jobs:
+  - job: pr_lint
+    displayName: Bicep Build & Lint All Modules
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+      - checkout: self
+        displayName: Checkout Repo
+
+      - pwsh: |
+            $bicepVersion = bicep --version
+            Write-Information "=====> Currently installed Bicep version is: $bicepVersion <=====" -InformationAction Continue
+        displayName: List Currently Installed Bicep Version
+
+      - bash: |
+          curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
+          chmod +x ./bicep
+          sudo mv ./bicep /usr/local/bin/bicep
+          bicep --help
+        displayName: Install Latest Version of Bicep
+
+      - pwsh: |
+          $bicepVersion = bicep --version
+          Write-Information "=====> Now installed Bicep version is: $bicepVersion <=====" -InformationAction Continue
+        displayName: List Now Installed Bicep Version
+
+      - pwsh: |
+          if (Test-Path -Path ./custom-modules/*)
+          {
+            echo "##vso[task.setvariable variable=CUSTOM_MODULES;]true"
+            echo "Set CUSTOM_MODULES to true"
+          }
+          else
+          {
+            echo "Set CUSTOM_MODULES to false"
+          }
+        workingDirectory: config
+        displayName: Check for Custom Modules
+
+      - pwsh: |
+          $output = @()
+          Get-ChildItem -Recurse -Filter '*.bicep' | ForEach-Object {
+              Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue
+              $bicepOutput = bicep build $_.FullName 2>&1
+              if ($LastExitCode -ne 0)
+              {
+                foreach ($item in $bicepOutput) {
+                  $output += "$($item) `r`n"
+                }
+              }
+              else
+              {
+                echo "Bicep Build Successful for File: $_"
+              }
+          }
+          if ($output.length -gt 0) {
+            throw $output
+          }
+        workingDirectory: config/custom-modules
+        condition: eq(variables['CUSTOM_MODULES'], 'true')
+        displayName: Bicep Build & Lint All Custom Modules