forked from Azure/azure-monitor-baseline-alerts
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into dev-alz-pattern
- Loading branch information
Showing
1,094 changed files
with
182,498 additions
and
83 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
--- | ||
name: Update Policy Deployment Templates | ||
|
||
########################################## | ||
# Start the job on push for all branches # | ||
########################################## | ||
|
||
# yamllint disable-line rule:truthy | ||
on: | ||
pull_request_target: | ||
types: | ||
- opened | ||
- reopened | ||
- synchronize | ||
- ready_for_review | ||
paths: | ||
- "services/**.json" | ||
- "patterns/alz/**.json" | ||
- "patterns/alz/templates/**.bicep" | ||
|
||
env: | ||
github_user_name: "github-actions" | ||
github_email: "41898282+github-actions[bot]@users.noreply.github.com" | ||
github_commit_message: "Auto-update Policies" | ||
github_pr_number: ${{ github.event.number }} | ||
github_pr_repo: ${{ github.event.pull_request.head.repo.full_name }} | ||
|
||
permissions: | ||
contents: write | ||
|
||
############### | ||
# Set the Job # | ||
############### | ||
|
||
jobs: | ||
update-portal: | ||
name: Update Policy Deployment Templates | ||
runs-on: ubuntu-latest | ||
if: | | ||
( | ||
github.event.pull_request.head.repo.full_name == 'Azure/azure-monitor-baseline-alerts' | ||
) | ||
|| | ||
( | ||
github.event.pull_request.head.repo.full_name != 'Azure/azure-monitor-baseline-alerts' | ||
&& | ||
contains(github.event.pull_request.labels.*.name, 'PR: Safe to test :test_tube:') | ||
) | ||
|| | ||
( | ||
github.event_name == 'workflow_dispatch' | ||
) | ||
|| | ||
( | ||
github.event_name == 'merge_group' | ||
) | ||
steps: | ||
- name: Check out repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Show env | ||
run: env | sort | ||
|
||
- name: Check out PR | ||
run: | | ||
echo "==> Check out PR..." | ||
gh pr checkout "$github_pr_number" | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Configure local git | ||
run: | | ||
echo "git user name : $github_user_name" | ||
git config --global user.name "$github_user_name" | ||
echo "git user email : $github_email" | ||
git config --global user.email "$github_email" | ||
- name: Update policies | ||
run: bicep build ./patterns/alz/templates/policies-Automation.bicep --outfile ./patterns/alz/policyDefinitions/policies-Automation.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-Compute.bicep --outfile ./patterns/alz/policyDefinitions/policies-Compute.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-Hybrid.bicep --outfile ./patterns/alz/policyDefinitions/policies-Hybrid.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-KeyManagement.bicep --outfile ./patterns/alz/policyDefinitions/policies-KeyManagement.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-Monitoring.bicep --outfile ./patterns/alz/policyDefinitions/policies-Monitoring.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-Network.bicep --outfile ./patterns/alz/policyDefinitions/policies-Network.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-NotificationAssets.bicep --outfile ./patterns/alz/policyDefinitions/policies-NotificationAssets.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-RecoveryServices.bicep --outfile ./patterns/alz/policyDefinitions/policies-RecoveryServices.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-ServiceHealth.bicep --outfile ./patterns/alz/policyDefinitions/policies-ServiceHealth.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-Storage.bicep --outfile ./patterns/alz/policyDefinitions/policies-Storage.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policies-Web.bicep --outfile ./patterns/alz/policyDefinitions/policies-Web.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./patterns/alz/templates/policySets.bicep --outfile ./patterns/alz/policyDefinitions/policySets.json | ||
|
||
- name: Update policy set definitions (initiatives) | ||
run: bicep build ./src/templates/initiatives.bicep --outfile ./eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json | ||
|
||
- name: Check git status | ||
run: | | ||
echo "==> Check git status..." | ||
git status --short --branch | ||
- name: Stage changes | ||
run: | | ||
echo "==> Stage changes..." | ||
mapfile -t STATUS_LOG < <(git status --short | grep eslzArm/) | ||
if [ ${#STATUS_LOG[@]} -gt 0 ]; then | ||
echo "Found changes to the following files:" | ||
printf "%s\n" "${STATUS_LOG[@]}" | ||
git add --all ./eslzArm | ||
else | ||
echo "No changes to add." | ||
fi | ||
- name: Push changes | ||
run: | | ||
echo "==> Check git diff..." | ||
mapfile -t GIT_DIFF < <(git diff --cached) | ||
printf "%s\n" "${GIT_DIFF[@]}" | ||
if [ ${#GIT_DIFF[@]} -gt 0 ]; then | ||
echo "==> Commit changes..." | ||
git commit --message "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]" | ||
echo "==> Push changes..." | ||
echo "Pushing changes to: $github_pr_repo" | ||
git push "https://[email protected]/$github_pr_repo.git" "HEAD:$GITHUB_HEAD_REF" | ||
else | ||
echo "No changes found." | ||
fi | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
# Workflow for generating (arm/bicep/etc) templates for each alert | ||
name: Generate Templates | ||
|
||
on: | ||
# Runs on pushes targeting the default branch | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- 'services/**/alerts.yaml' | ||
- 'tooling/generate-templates/**' | ||
|
||
# Allows you to run this workflow manually from the Actions tab | ||
workflow_dispatch: {} | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
|
||
jobs: | ||
generate-templates: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: main | ||
submodules: recursive | ||
fetch-depth: 0 | ||
|
||
- name: Setup Python | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: '3.12' # install the python version needed | ||
|
||
- name: Install Python Packages and Requirements | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install -r requirements.txt | ||
working-directory: tooling/generate-templates | ||
|
||
- name: Generate Templates | ||
id: generate | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
git config --local user.email "github-actions[bot]@users.noreply.github.com" | ||
git config --local user.name "github-actions[bot]" | ||
git checkout -b github-action-generate-templates | ||
# Generate templates for alerts | ||
echo "Generating templates for alerts..." | ||
python tooling/generate-templates/generate-templates.py --path services --output services --template_path tooling/generate-templates/templates | ||
# Check if there are any changes in the services directory | ||
git add services | ||
# Check if there are any changes to commit | ||
if [[ `git status --porcelain` ]]; then | ||
git commit -m "[GitHub Action - Generate Templates] Generate templates for alerts" | ||
# Push changes to the current branch | ||
git push --set-upstream origin github-action-generate-templates --force | ||
prs=$(gh pr list \ | ||
--repo "$GITHUB_REPOSITORY" \ | ||
--head 'github-action-generate-templates' \ | ||
--base 'main' \ | ||
--json title \ | ||
--jq 'length') | ||
if ((prs > 0)); then | ||
echo "skippr=true" >> "$GITHUB_OUTPUT" | ||
fi | ||
else | ||
echo "skippr=true" >> "$GITHUB_OUTPUT" | ||
fi | ||
# Diasble PR creation for now since it is not supported in the Azure repo | ||
# - name: Create pull request | ||
# if: '!steps.generate.outputs.skippr' | ||
# env: | ||
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
# run: | | ||
# # Create a pull request | ||
# echo "Creating a pull request..." | ||
# gh pr --repo ${{ github.repository }} create --title "[GitHub Action - Generate Templates] Generate templates for alerts" --body "This PR was automatically generated by the workflow." --base main --head github-action-generate-templates | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.