-
Notifications
You must be signed in to change notification settings - Fork 42
152 lines (136 loc) · 6.78 KB
/
module-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Module Tests
on:
pull_request:
branches:
- main
paths:
- "**.bicep"
- "tests/pester/**.ps1"
workflow_dispatch: {}
env:
ARM_BILLING_SCOPE_RID: "${{ secrets.ARM_BILLING_SCOPE_RID }}"
ARM_LOCATION: "uksouth"
ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}"
ARM_CLIENT_ID: "${{ secrets.ARM_CLIENT_ID }}"
GH_PR_NUMBER: "${{ github.event.number }}"
SUB_HUB_ID: "${{ secrets.SUB_HUB_ID }}"
permissions:
id-token: write
contents: read
jobs:
vending:
name: Vending Subscription for Tests and Networking Scenarios
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
id: checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Azure Login
id: login
uses: azure/login@v1
with:
client-id: ${{ secrets.ARM_CLIENT_ID }}
tenant-id: ${{ secrets.ARM_TENANT_ID }}
enable-AzPSSession: true
allow-no-subscriptions: true
- name: Vend Subscriptions & Networking Scenarios (What-If & Validate)
id: vend-whatif
uses: azure/powershell@v1
with:
inlineScript: |
$inputObject = @{
DeploymentName = 'pr-${{ env.GH_PR_NUMBER }}-lz-vend-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
ManagementGroupId = "bicep-lz-vending-automation"
Location = "${{ env.ARM_LOCATION }}"
TemplateFile = "./tests/lz-vending/full.test.bicep"
TemplateParameterObject = @{
location = "${{ env.ARM_LOCATION }}"
prNumber = "${{ env.GH_PR_NUMBER }}"
subscriptionBillingScope = "${{ env.ARM_BILLING_SCOPE_RID }}"
}
}
New-AzManagementGroupDeployment @inputObject -Whatif
azPSVersion: "10.4.1"
- name: Vend Subscriptions & Networking Scenarios (Deploy)
id: vend
uses: azure/powershell@v1
with:
inlineScript: |
$inputObject = @{
DeploymentName = 'pr-${{ env.GH_PR_NUMBER }}-lz-vend-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
ManagementGroupId = "bicep-lz-vending-automation"
Location = "${{ env.ARM_LOCATION }}"
TemplateFile = "./tests/lz-vending/full.test.bicep"
TemplateParameterObject = @{
location = "${{ env.ARM_LOCATION }}"
prNumber = "${{ env.GH_PR_NUMBER }}"
subscriptionBillingScope = "${{ env.ARM_BILLING_SCOPE_RID }}"
}
}
$bicepDeployment = New-AzManagementGroupDeployment @inputObject
$outputValue = $bicepDeployment.Outputs.createdSubId.Value
"SUBID=$outputValue" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
azPSVersion: "10.4.1"
- name: Pester Tests
id: pester
uses: azure/powershell@v1
with:
inlineScript: |
Import-Module Pester -Force
$pesterConfiguration = @{
Run = @{
Container = New-PesterContainer -Path "./tests/pester/full.tests.ps1" -Data @{
subId = "${{ env.SUBID }}"
prNumber = "${{ env.GH_PR_NUMBER }}"
location = "${{ env.ARM_LOCATION }}"
}
PassThru = $true
}
Output = @{
Verbosity = 'Detailed'
}
}
$result = Invoke-Pester -Configuration $pesterConfiguration
exit $result.FailedCount
azPSVersion: "10.4.1"
- name: Cleanup Vended Subscription & Networking Scenarios
id: cleanup-vend
if: always()
uses: azure/powershell@v1
with:
inlineScript: |
# Resource Group Names
$subId = "${{ env.SUBID }}"
$rsgHsName = "rsg-${{ env.ARM_LOCATION }}-net-hs-pr-${{ env.GH_PR_NUMBER }}"
$rsgVwanName = "rsg-${{ env.ARM_LOCATION }}-net-vwan-pr-${{ env.GH_PR_NUMBER }}"
$rsgNetworkWatcherName = "NetworkWatcherRG"
$guid = $subId.substring(0,8)
$rsgDeploymentScriptName = "rsg-${{ env.ARM_LOCATION }}-ds-pr-${{ env.GH_PR_NUMBER }}-$guid"
$allRoleAssignmentsSub = Get-AzRoleAssignment -Scope "/subscriptions/$subId" -ErrorAction SilentlyContinue
$rbacIdentitiyNotFoundToCleanupContributor = $allRoleAssignmentsSub | Where-Object { $_.ObjectType -eq "Unknown" -and $_.RoleDefinitionName -eq "Contributor" }
Write-Host "Cleanup Vended Subscription Resources & Resource Groups..." -ForegroundColor Yellow
Select-AzSubscription -SubscriptionId "${{ env.SUBID }}"
Remove-AzResourceGroup -Name $rsgHsName -Force
Remove-AzResourceGroup -Name $rsgVwanName -Force
Remove-AzResourceGroup -Name $rsgNetworkWatcherName -Force
Remove-AzResourceGroup -Name $rsgDeploymentScriptName -Force
Write-Host "Cleanup registered resource providers and features..." -ForegroundColor Yellow
Unregister-AzProviderFeature -FeatureName "ArcServerPrivateLinkPreview" -ProviderNamespace "Microsoft.HybridCompute"
Unregister-AzProviderFeature -FeatureName "AzureServicesVm" -ProviderNamespace "Microsoft.AVS"
Unregister-AzResourceProvider -ProviderNamespace "Microsoft.HybridCompute"
Unregister-AzResourceProvider -ProviderNamespace "Microsoft.AVS"
Write-Host "Cleanup Hub Subscription Resources..." -ForegroundColor Yellow
Select-AzSubscription -SubscriptionId "${{ env.SUB_HUB_ID }}"
$vwanHubVhc = Get-AzVirtualHubVnetConnection -ResourceGroupName "rsg-blzv-perm-hubs-001" -VirtualHubName "vhub-uksouth-blzv" -Name *
Remove-AzVirtualHubVnetConnection -ResourceId $vwanHubVhc[0].Id -Force
$hubVnetPeering = Get-AzVirtualNetworkPeering -ResourceGroupName "rsg-blzv-perm-hubs-001" -VirtualNetworkName "vnet-uksouth-hub-blzv" -Name *
Remove-AzVirtualNetworkPeering -ResourceGroupName "rsg-blzv-perm-hubs-001" -VirtualNetworkName "vnet-uksouth-hub-blzv" -Name "$($hubVnetPeering.Name)" -Force
Write-Host "Cleanup Hub Subscription Resources... Complete!" -ForegroundColor Green
Write-Host "Cleanup Unknown Contributor RBAC Assignments on Sub Scope..." -ForegroundColor Yellow
foreach ($assignment in $rbacIdentitiyNotFoundToCleanupContributor) {
Remove-AzRoleAssignment -objectId $assignment.ObjectId -Scope $assignment.Scope -RoleDefinitionName $assignment.RoleDefinitionName
}
Write-Host "Cleanup Unknown Contributor RBAC Assignments on Sub Scope... Complete!" -ForegroundColor Green
azPSVersion: "10.4.1"