forked from Azure/azure-monitor-baseline-alerts
-
Notifications
You must be signed in to change notification settings - Fork 0
154 lines (124 loc) · 5.68 KB
/
alz-pattern-update-policies.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
---
name: Update Policy Deployment Templates
##########################################
# Start the job on push for all branches #
##########################################
# yamllint disable-line rule:truthy
on:
pull_request_target:
types:
- opened
- reopened
- synchronize
- ready_for_review
paths:
- "services/**.json"
- "patterns/alz/**.json"
- "patterns/alz/templates/**.bicep"
env:
github_user_name: "github-actions"
github_email: "41898282+github-actions[bot]@users.noreply.github.com"
github_commit_message: "Auto-update Policies"
github_pr_number: ${{ github.event.number }}
github_pr_repo: ${{ github.event.pull_request.head.repo.full_name }}
permissions:
contents: write
###############
# Set the Job #
###############
jobs:
update-portal:
name: Update Policy Deployment Templates
runs-on: ubuntu-latest
if: |
(
github.event.pull_request.head.repo.full_name == 'Azure/azure-monitor-baseline-alerts'
)
||
(
github.event.pull_request.head.repo.full_name != 'Azure/azure-monitor-baseline-alerts'
&&
contains(github.event.pull_request.labels.*.name, 'PR: Safe to test :test_tube:')
)
||
(
github.event_name == 'workflow_dispatch'
)
||
(
github.event_name == 'merge_group'
)
steps:
- name: Check out repository
uses: actions/checkout@v3
- name: Show env
run: env | sort
- name: Check out PR
run: |
echo "==> Check out PR..."
gh pr checkout "$github_pr_number"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Configure local git
run: |
echo "git user name : $github_user_name"
git config --global user.name "$github_user_name"
echo "git user email : $github_email"
git config --global user.email "$github_email"
- name: Update policies
run: bicep build ./patterns/alz/templates/policies-Automation.bicep --outfile ./patterns/alz/policyDefinitions/policies-Automation.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Compute.bicep --outfile ./patterns/alz/policyDefinitions/policies-Compute.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Hybrid.bicep --outfile ./patterns/alz/policyDefinitions/policies-Hybrid.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-KeyManagement.bicep --outfile ./patterns/alz/policyDefinitions/policies-KeyManagement.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Monitoring.bicep --outfile ./patterns/alz/policyDefinitions/policies-Monitoring.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Network.bicep --outfile ./patterns/alz/policyDefinitions/policies-Network.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-NotificationAssets.bicep --outfile ./patterns/alz/policyDefinitions/policies-NotificationAssets.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-RecoveryServices.bicep --outfile ./patterns/alz/policyDefinitions/policies-RecoveryServices.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-ServiceHealth.bicep --outfile ./patterns/alz/policyDefinitions/policies-ServiceHealth.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Storage.bicep --outfile ./patterns/alz/policyDefinitions/policies-Storage.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Web.bicep --outfile ./patterns/alz/policyDefinitions/policies-Web.json
- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policySets.bicep --outfile ./patterns/alz/policyDefinitions/policySets.json
- name: Update policy set definitions (initiatives)
run: bicep build ./src/templates/initiatives.bicep --outfile ./eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
- name: Check git status
run: |
echo "==> Check git status..."
git status --short --branch
- name: Stage changes
run: |
echo "==> Stage changes..."
mapfile -t STATUS_LOG < <(git status --short | grep eslzArm/)
if [ ${#STATUS_LOG[@]} -gt 0 ]; then
echo "Found changes to the following files:"
printf "%s\n" "${STATUS_LOG[@]}"
git add --all ./eslzArm
else
echo "No changes to add."
fi
- name: Push changes
run: |
echo "==> Check git diff..."
mapfile -t GIT_DIFF < <(git diff --cached)
printf "%s\n" "${GIT_DIFF[@]}"
if [ ${#GIT_DIFF[@]} -gt 0 ]; then
echo "==> Commit changes..."
git commit --message "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]"
echo "==> Push changes..."
echo "Pushing changes to: $github_pr_repo"
git push "https://[email protected]/$github_pr_repo.git" "HEAD:$GITHUB_HEAD_REF"
else
echo "No changes found."
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}