GitHub workflow implementation (Azure#276)

Implement GitHub workflows to deploy the Azure Landing Zones for Canadian Public Sector

.github/workflows/0-everything.yml

@@ -0,0 +1,106 @@
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+#
+# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
+# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+# ----------------------------------------------------------------------------------
+
+name: 0 - Everything
+
+on:
+  workflow_dispatch:
+    inputs:
+      hubNetworkType:
+        type: choice
+        description: "Select the hub network type"
+        required: true
+        options:
+          - "HubNetworkWithNVA"
+          - "HubNetworkWithAzureFirewall"
+        default: "HubNetworkWithAzureFirewall"
+      subscriptionIds:
+        type: string
+        description: The subscription ID(s) to use for the deployment.
+        required: true
+
+defaults:
+  run:
+    shell: pwsh
+    working-directory: scripts/deployments
+
+jobs:
+  everything:
+    name: Everything (${{github.event.inputs.hubNetworkType}})
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Required modules
+      run: |
+        Install-Module Az -Force
+        Install-Module powershell-yaml -Force
+
+    - name: Deploy Management Groups
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployManagementGroups `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}
+
+    - name: Deploy Roles
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployRoles `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}
+
+    - name: Deploy Logging
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployLogging `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}
+
+    - name: Deploy Policy
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployPolicy `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}
+
+    - name: Deploy Hub Network with Azure Firewall
+      if: github.event.inputs.hubNetworkType == 'HubNetworkWithAzureFirewall'
+      run: |
+        ./RunWorkflows.ps1 `
+          -Deploy${{github.event.inputs.hubNetworkType}} `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}
+
+    - name: Deploy Hub Network with NVA
+      if: github.event.inputs.hubNetworkType == 'HubNetworkWithNVA'
+      run: |
+        ./RunWorkflows.ps1 `
+          -Deploy${{github.event.inputs.hubNetworkType}} `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF} `
+          -NvaUsername '${{secrets.NVA_USERNAME}}' `
+          -NvaPassword '${{secrets.NVA_PASSWORD}}'
+
+    - name: Deploy Subscriptions
+      if: github.event.inputs.subscriptionIds != ''
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeploySubscriptionIds ${{github.event.inputs.subscriptionIds}} `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}

.github/workflows/1-management-groups.yml

@@ -0,0 +1,39 @@
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+#
+# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
+# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+# ----------------------------------------------------------------------------------
+
+name: 1 - Management Groups
+
+on: workflow_dispatch
+
+defaults:
+  run:
+    shell: pwsh
+    working-directory: scripts/deployments
+
+jobs:
+  management-groups:
+    name: Management Groups
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Required modules
+      run: |
+        Install-Module Az -Force
+        Install-Module powershell-yaml -Force
+
+    - name: Deploy Management Groups
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployManagementGroups `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}

.github/workflows/2-roles.yml

@@ -0,0 +1,39 @@
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+#
+# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
+# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+# ----------------------------------------------------------------------------------
+
+name: 2 - Roles
+
+on: workflow_dispatch
+
+defaults:
+  run:
+    shell: pwsh
+    working-directory: scripts/deployments
+
+jobs:
+  roles:
+    name: Roles
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Required modules
+      run: |
+        Install-Module Az -Force
+        Install-Module powershell-yaml -Force
+
+    - name: Deploy Roles
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployRoles `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}

.github/workflows/3-logging.yml

@@ -0,0 +1,39 @@
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+#
+# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
+# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+# ----------------------------------------------------------------------------------
+
+name: 3 - Logging
+
+on: workflow_dispatch
+
+defaults:
+  run:
+    shell: pwsh
+    working-directory: scripts/deployments
+
+jobs:
+  logging:
+    name: Logging
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Required modules
+      run: |
+        Install-Module Az -Force
+        Install-Module powershell-yaml -Force
+
+    - name: Deploy Logging
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployLogging `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}

.github/workflows/4-policy.yml

@@ -0,0 +1,39 @@
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+#
+# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
+# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+# ----------------------------------------------------------------------------------
+
+name: 4 - Policy
+
+on: workflow_dispatch
+
+defaults:
+  run:
+    shell: pwsh
+    working-directory: scripts/deployments
+
+jobs:
+  policy:
+    name: Policy
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Required modules
+      run: |
+        Install-Module Az -Force
+        Install-Module powershell-yaml -Force
+
+    - name: Deploy Policy
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployPolicy `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}

.github/workflows/5-hub-network-with-azure-firewall.yml

@@ -0,0 +1,39 @@
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+#
+# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
+# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+# ----------------------------------------------------------------------------------
+
+name: 5 - Hub Network with Azure Firewall
+
+on: workflow_dispatch
+
+defaults:
+  run:
+    shell: pwsh
+    working-directory: scripts/deployments
+
+jobs:
+  hub-network-with-azure-firewall:
+    name: Hub Network with Azure Firewall
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Required modules
+      run: |
+        Install-Module Az -Force
+        Install-Module powershell-yaml -Force
+
+    - name: Deploy Hub Network with Azure Firewall
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployHubNetworkWithAzureFirewall `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}

.github/workflows/5-hub-network-with-nva.yml

@@ -0,0 +1,41 @@
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+#
+# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
+# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+# ----------------------------------------------------------------------------------
+
+name: 5 - Hub Network with NVA
+
+on: workflow_dispatch
+
+defaults:
+  run:
+    shell: pwsh
+    working-directory: scripts/deployments
+
+jobs:
+  hub-network-with-nva:
+    name: Hub Network with NVA
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Required modules
+      run: |
+        Install-Module Az -Force
+        Install-Module powershell-yaml -Force
+
+    - name: Deploy Hub Network with NVA
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeployHubNetworkWithNVA `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF} `
+          -NvaUsername '${{secrets.NVA_USERNAME}}' `
+          -NvaPassword '${{secrets.NVA_PASSWORD}}'

.github/workflows/6-subscriptions.yml

@@ -0,0 +1,45 @@
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+#
+# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES 
+# OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+# ----------------------------------------------------------------------------------
+
+name: 6 - Subscriptions
+
+on:
+  workflow_dispatch:
+    inputs:
+      subscriptionIds:
+        type: string
+        description: The subscription ID(s) to use for the deployment.
+        required: true
+
+defaults:
+  run:
+    shell: pwsh
+    working-directory: scripts/deployments
+
+jobs:
+  subscriptions:
+    name: Subscriptions
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Required modules
+      run: |
+        Install-Module Az -Force
+        Install-Module powershell-yaml -Force
+
+    - name: Deploy Subscriptions
+      run: |
+        ./RunWorkflows.ps1 `
+          -DeploySubscriptionIds ${{github.event.inputs.subscriptionIds}} `
+          -LoginServicePrincipalJson '${{secrets.ALZ_CREDENTIALS}}' `
+          -GitHubRepo ${env:GITHUB_REPOSITORY} `
+          -GitHubRef ${env:GITHUB_REF}