Azure · krowlandson · Jul 19, 2022 · Jul 19, 2022 · Jul 19, 2022 · Jul 19, 2022
@@ -0,0 +1,76 @@
+---
+name: Code Review
+
+##########################################
+# Start the job on push for all branches #
+##########################################
+
+# yamllint disable-line rule:truthy
+on:
+  push: {}
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch: {}
+
+###############
+# Set the Job #
+###############
+jobs:
+  super-linter:
+    name: GitHub Super Linter
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Lint eslzArm directory
+        uses: docker://github/super-linter:v4.9.5
+        env:
+          # Lint all code
+          VALIDATE_ALL_CODEBASE: true
+          # Need to define main branch as default
+          # is set to master in super-linter
+          DEFAULT_BRANCH: main
+          # Enable setting the status of each individual linter
+          # run in the Checks section of a pull request
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Only the following files will be linted:
+          FILTER_REGEX_INCLUDE: .*eslzArm\/.*
+          # The following linter types will be enabled:
+          VALIDATE_ARM: true
+          VALIDATE_JSON: true
+          VALIDATE_MARKDOWN: true
+          # Additional settings:
+          # Disable errors to only generate a report
+          DISABLE_ERRORS: true
+
+      - name: Lint src directory
+        uses: docker://github/super-linter:v4.9.5
+        env:
+          # Lint all code
+          VALIDATE_ALL_CODEBASE: true
+          # Need to define main branch as default
+          # is set to master in super-linter
+          DEFAULT_BRANCH: main
+          # Enable setting the status of each individual linter
+          # run in the Checks section of a pull request
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Only the following files will be linted:
+          FILTER_REGEX_INCLUDE: .*src\/.*
+          FILTER_REGEX_EXCLUDE: .*src\/.*\/(Deploy-Diagnostics-Firewall\.json|Deploy-FirewallPolicy\.json)
+          # The following linter types will be enabled:
+          VALIDATE_ARM: true
+          VALIDATE_BASH: true
+          VALIDATE_BASH_EXEC: true
+          VALIDATE_JSON: true
+          VALIDATE_MARKDOWN: true
+          VALIDATE_POWERSHELL: true
+          VALIDATE_YAML: true
+          # Additional settings:
+          # If a shell script is not executable, the bash-exec
+          # linter will report an error when set to true
+          ERROR_ON_MISSING_EXEC_BIT: true
@@ -0,0 +1,117 @@
+---
+name: Test Portal Experience
+
+##########################################
+# Start the job on push for all branches #
+##########################################
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request:
+    types:
+      - edited
+      - opened
+      - reopened
+      - synchronize
+    paths:
+      - "eslzArm/**.json"
+      - "src/**.json"
+      - "src/**.bicep"
+  workflow_dispatch: {}
+
+env:
+  GITHUB_COMMIT_ID: ${{ github.event.pull_request.head.sha }}
+  GITHUB_PR_ID: ${{ github.event.pull_request.id }}
+  TEMP_SUBSCRIPTIONS_JSON_PATH: "./src/data/subscriptions.json"
+  TEMP_DEPLOYMENT_OBJECT_PATH: "./src/data/eslzArm.test.deployment.json"
+
+permissions:
+  contents: read
+  id-token: write
+
+###############
+# Set the Job #
+###############
+jobs:
+  test-portal:
+    name: Test Portal Experience
+    runs-on: ubuntu-latest
+    environment: csu-rw
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+
+      - name: Show env
+        run: env | sort
+
+      - name: List available pwsh modules
+        uses: azure/powershell@v1
+        with:
+          inlineScript: Get-Module -ListAvailable
+          azPSVersion: "latest"
+
+      - name: Azure login (OIDC)
+        uses: azure/login@v1
+        if: ${{ success() && env.AZURE_CLIENT_SECRET == '' }}
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          enable-AzPSSession: true
+        env:
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+
+      - name: Azure login (Client Secret)
+        uses: azure/login@v1
+        if: ${{ success() && env.AZURE_CLIENT_SECRET != '' }}
+        with:
+          creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
+          enable-AzPSSession: true
+        env:
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+
+      - name: Register subscriptions
+        uses: azure/powershell@v1
+        with:
+          inlineScript: |
+            ./src/scripts/Invoke-ActionRegisterSubscriptions.ps1
+            Get-Content -Path $env:TEMP_SUBSCRIPTIONS_JSON_PATH | jq
+          azPSVersion: "latest"
+        env:
+          BILLING_SCOPE: ${{ secrets.BILLING_SCOPE }}
+
+      - name: Generate eslzArm configuration
+        id: config
+        uses: azure/powershell@v1
+        with:
+          inlineScript: |
+            ./src/scripts/Invoke-ActionGenerateEslzArmConfig.ps1
+            Get-Content -Path $env:TEMP_DEPLOYMENT_OBJECT_PATH | jq
+          azPSVersion: "latest"
+        env:
+          DEPLOYMENT_LOCATION: ${{ secrets.DEPLOYMENT_LOCATION }}
+
+      - name: Run eslzArm deployment (TEST)
+        uses: azure/powershell@v1
+        with:
+          inlineScript: ./src/scripts/Invoke-ActionRunEslzArmDeployment.ps1 -Test
+          azPSVersion: "latest"
+
+      - name: Run eslzArm deployment (WHAT IF)
+        uses: azure/powershell@v1
+        with:
+          inlineScript: ./src/scripts/Invoke-ActionRunEslzArmDeployment.ps1 -WhatIf
+          azPSVersion: "latest"
+
+      - name: Run eslzArm deployment (DEPLOY)
+        uses: azure/powershell@v1
+        with:
+          inlineScript: ./src/scripts/Invoke-ActionRunEslzArmDeployment.ps1
+          azPSVersion: "latest"
+
+      - name: Run eslzArm deployment (DESTROY)
+        uses: azure/powershell@v1
+        with:
+          inlineScript: ./src/scripts/Invoke-ActionRunEslzArmDeployment.ps1 -Destroy
+          azPSVersion: "latest"
@@ -0,0 +1,84 @@
+---
+name: Update ALZ Tools
+
+##########################################
+# Start the job on push for all branches #
+##########################################
+
+# yamllint disable-line rule:truthy
+on:
+  schedule:
+    - cron: '0 5 * * 0'
+  workflow_dispatch: {}
+
+env:
+  github_user_name: 'github-actions'
+  github_email: '41898282+github-actions[bot]@users.noreply.github.com'
+  github_commit_message: 'Auto-update ALZ.Tools'
+
+permissions:
+  contents: write
+  id-token: write
+
+###############
+# Set the Job #
+###############
+jobs:
+  update-alz-tools:
+    name: Update ALZ Tools
+    runs-on: ubuntu-latest
+    environment: csu-ro
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+
+      - name: Configure local git
+        run: |
+          git config --global user.name "$github_user_name"
+          git config --global user.email "$github_email"
+
+      - name: Azure login
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          enable-AzPSSession: true
+
+      - name: Update ProviderApiVersions
+        uses: azure/powershell@v1
+        with:
+          inlineScript: src/Alz.Tools/scripts/Update-ProviderApiVersionsZip.ps1
+          azPSVersion: "latest"
+
+      - name: Stage changes
+        run: |
+          echo "==> Stage changes..."
+          mapfile -t STATUS_LOG < <(git status --short | grep src/Alz.Tools/)
+          if [ ${#STATUS_LOG[@]} -gt 0 ]; then
+              echo "Found changes to the following files:"
+              printf "%s\n" "${STATUS_LOG[@]}"
+              git add --all ./src/Alz.Tools/
+          else
+              echo "No changes to add."
+          fi
+
+      - name: Push changes
+        run: |
+          echo "==> Check git diff..."
+          mapfile -t GIT_DIFF < <(git diff --cached)
+          printf "%s\n" "${GIT_DIFF[@]}"
+
+          if [ ${#GIT_DIFF[@]} -gt 0 ]; then
+
+              echo "==> Commit changes..."
+              git commit --message "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]"
+
+              echo "==> Push changes..."
+              echo "Pushing changes to: $GITHUB_REPOSITORY"
+              git push origin
+
+          else
+              echo "No changes found."
+          fi
@@ -0,0 +1,80 @@
+---
+name: Update Portal Experience
+
+##########################################
+# Start the job on push for all branches #
+##########################################
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request:
+    types:
+      - edited
+      - opened
+      - reopened
+      - synchronize
+    paths:
+      - 'src/**.json'
+      - 'src/**.bicep'
+  workflow_dispatch: {}
+
+env:
+  github_user_name: 'github-actions'
+  github_email: '41898282+github-actions[bot]@users.noreply.github.com'
+  github_commit_message: 'Auto-update Portal experience'
+
+###############
+# Set the Job #
+###############
+
+jobs:
+  update-portal:
+    name: Update Portal Experience
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Configure local git
+        run: |
+          echo "git user name  : $github_user_name"
+          git config --global user.name "$github_user_name"
+          echo "git user email : $github_email"
+          git config --global user.email "$github_email"
+
+      - name: Update policies
+        run: bicep build ./src/templates/policies.bicep --outfile ./eslzArm/managementGroupTemplates/policyDefinitions/policies.json
+
+      - name: Stage changes
+        run: |
+          echo "==> Stage changes..."
+          mapfile -t STATUS_LOG < <(git status --short | grep eslzArm/)
+          if [ ${#STATUS_LOG[@]} -gt 0 ]; then
+              echo "Found changes to the following files:"
+              printf "%s\n" "${STATUS_LOG[@]}"
+              git add --all ./eslzArm
+          else
+              echo "No changes to add."
+          fi
+
+      - name: Push changes
+        run: |
+          echo "==> Check git diff..."
+          mapfile -t GIT_DIFF < <(git diff --cached)
+          printf "%s\n" "${GIT_DIFF[@]}"
+
+          if [ ${#GIT_DIFF[@]} -gt 0 ]; then
+
+              echo "==> Commit changes..."
+              git commit --message "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]"
+
+              echo "==> Push changes..."
+              echo "Pushing changes to: $GITHUB_REPOSITORY [$GITHUB_HEAD_REF]"
+              git push origin HEAD:"$GITHUB_HEAD_REF"
+
+          else
+              echo "No changes found."
+          fi
@@ -10,3 +10,6 @@
 !.vscode/extensions.json
 *.code-workspace
 .vscode/settings.json
+
+# GitHub Super Linter
+super-linter.log