forked from Azure/azure-monitor-baseline-alerts
-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (122 loc) · 5.32 KB
/
alz-pattern-update-policies.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
---
name: Update Policy Deployment Templates
##########################################
# Start the job on push for all branches #
##########################################
# yamllint disable-line rule:truthy
on:
pull_request_target:
types:
- opened
- reopened
- synchronize
- ready_for_review
paths:
- "services/**.json"
- "patterns/alz/**.json"
- "patterns/alz/templates/**.bicep"
env:
github_user_name: "github-actions"
github_email: "41898282+github-actions[bot]@users.noreply.github.com"
github_commit_message: "Auto-update Policies"
github_pr_number: ${{ github.event.number }}
github_pr_repo: ${{ github.event.pull_request.head.repo.full_name }}
permissions:
contents: write
###############
# Set the Job #
###############
jobs:
update-portal:
name: Update Policy Deployment Templates
runs-on: ubuntu-latest
if: |
(
github.event.pull_request.head.repo.full_name == 'arjenhuitema/azure-monitor-baseline-alerts'
)
||
(
github.event.pull_request.head.repo.full_name != 'arjenhuitema/azure-monitor-baseline-alerts'
&&
contains(github.event.pull_request.labels.*.name, 'PR: Safe to test :test_tube:')
)
||
(
github.event_name == 'workflow_dispatch'
)
||
(
github.event_name == 'merge_group'
)
steps:
- name: Check out repository
uses: actions/checkout@v3
- name: Show env
run: env | sort
- name: Check out PR
run: |
echo "==> Check out PR..."
gh pr checkout "$github_pr_number"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Configure local git
run: |
echo "git user name : $github_user_name"
git config --global user.name "$github_user_name"
echo "git user email : $github_email"
git config --global user.email "$github_email"
- name: Update Automation policies
run: bicep build ./patterns/alz/templates/policies-Automation.bicep --outfile ./patterns/alz/policyDefinitions/policies-Automation.json
- name: Update Compute policies
run: bicep build ./patterns/alz/templates/policies-Compute.bicep --outfile ./patterns/alz/policyDefinitions/policies-Compute.json
- name: Update Hybrid policies
run: bicep build ./patterns/alz/templates/policies-Hybrid.bicep --outfile ./patterns/alz/policyDefinitions/policies-Hybrid.json
- name: Update Key Management policies
run: bicep build ./patterns/alz/templates/policies-KeyManagement.bicep --outfile ./patterns/alz/policyDefinitions/policies-KeyManagement.json
- name: Update Monitoring policies
run: bicep build ./patterns/alz/templates/policies-Monitoring.bicep --outfile ./patterns/alz/policyDefinitions/policies-Monitoring.json
- name: Update Network policies
run: bicep build ./patterns/alz/templates/policies-Network.bicep --outfile ./patterns/alz/policyDefinitions/policies-Network.json
- name: Update Notification Assets policies
run: bicep build ./patterns/alz/templates/policies-NotificationAssets.bicep --outfile ./patterns/alz/policyDefinitions/policies-NotificationAssets.json
- name: Update Recovery Services policies
run: bicep build ./patterns/alz/templates/policies-RecoveryServices.bicep --outfile ./patterns/alz/policyDefinitions/policies-RecoveryServices.json
- name: Update Resource Management policies
run: bicep build ./patterns/alz/templates/policies-ServiceHealth.bicep --outfile ./patterns/alz/policyDefinitions/policies-ServiceHealth.json
- name: Update Security policies
run: bicep build ./patterns/alz/templates/policies-Storage.bicep --outfile ./patterns/alz/policyDefinitions/policies-Storage.json
- name: Update Web policies
run: bicep build ./patterns/alz/templates/policies-Web.bicep --outfile ./patterns/alz/policyDefinitions/policies-Web.json
- name: Update policy set definitions
run: bicep build ./patterns/alz/templates/policySets.bicep --outfile ./patterns/alz/policyDefinitions/policySets.json
- name: Check git status
run: |
echo "==> Check git status..."
git status --short --branch
- name: Stage changes
run: |
echo "==> Stage changes..."
mapfile -t STATUS_LOG < <(git status --short | grep patterns/alz)
if [ ${#STATUS_LOG[@]} -gt 0 ]; then
echo "Found changes to the following files:"
printf "%s\n" "${STATUS_LOG[@]}"
git add --all ./patterns/alz
else
echo "No changes to add."
fi
- name: Push changes
run: |
echo "==> Check git diff..."
mapfile -t GIT_DIFF < <(git diff --cached)
printf "%s\n" "${GIT_DIFF[@]}"
if [ ${#GIT_DIFF[@]} -gt 0 ]; then
echo "==> Commit changes..."
git commit --message "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]"
echo "==> Push changes..."
echo "Pushing changes to: $github_pr_repo"
git push "https://[email protected]/$github_pr_repo.git" "HEAD:$GITHUB_HEAD_REF"
else
echo "No changes found."
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}