Skip to content

Commit

Permalink
Create alz-pattern-update-policies.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
arjenhuitema authored Jul 19, 2024
1 parent 0b870b7 commit fd2a86d
Showing 1 changed file with 154 additions and 0 deletions.
154 changes: 154 additions & 0 deletions .github/workflows/alz-pattern-update-policies.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
---
name: Update Policy Deployment Templates

##########################################
# Start the job on push for all branches #
##########################################

# yamllint disable-line rule:truthy
on:
pull_request_target:
types:
- opened
- reopened
- synchronize
- ready_for_review
paths:
- "services/**.json"
- "patterns/alz/**.json"
- "patterns/alz/templates/**.bicep"

env:
github_user_name: "github-actions"
github_email: "41898282+github-actions[bot]@users.noreply.github.com"
github_commit_message: "Auto-update Policies"
github_pr_number: ${{ github.event.number }}
github_pr_repo: ${{ github.event.pull_request.head.repo.full_name }}

permissions:
contents: write

###############
# Set the Job #
###############

jobs:
update-portal:
name: Update Policy Deployment Templates
runs-on: ubuntu-latest
if: |
(
github.event.pull_request.head.repo.full_name == 'Azure/azure-monitor-baseline-alerts'
)
||
(
github.event.pull_request.head.repo.full_name != 'Azure/azure-monitor-baseline-alerts'
&&
contains(github.event.pull_request.labels.*.name, 'PR: Safe to test :test_tube:')
)
||
(
github.event_name == 'workflow_dispatch'
)
||
(
github.event_name == 'merge_group'
)
steps:
- name: Check out repository
uses: actions/checkout@v3

- name: Show env
run: env | sort

- name: Check out PR
run: |
echo "==> Check out PR..."
gh pr checkout "$github_pr_number"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Configure local git
run: |
echo "git user name : $github_user_name"
git config --global user.name "$github_user_name"
echo "git user email : $github_email"
git config --global user.email "$github_email"
- name: Update policies
run: bicep build ./patterns/alz/templates/policies-Automation.bicep --outfile ./patterns/alz/policyDefinitions/policies-Automation.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Compute.bicep --outfile ./patterns/alz/policyDefinitions/policies-Compute.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Hybrid.bicep --outfile ./patterns/alz/policyDefinitions/policies-Hybrid.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-KeyManagement.bicep --outfile ./patterns/alz/policyDefinitions/policies-KeyManagement.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Monitoring.bicep --outfile ./patterns/alz/policyDefinitions/policies-Monitoring.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Network.bicep --outfile ./patterns/alz/policyDefinitions/policies-Network.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-NotificationAssets.bicep --outfile ./patterns/alz/policyDefinitions/policies-NotificationAssets.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-RecoveryServices.bicep --outfile ./patterns/alz/policyDefinitions/policies-RecoveryServices.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-ServiceHealth.bicep --outfile ./patterns/alz/policyDefinitions/policies-ServiceHealth.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Storage.bicep --outfile ./patterns/alz/policyDefinitions/policies-Storage.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policies-Web.bicep --outfile ./patterns/alz/policyDefinitions/policies-Web.json

- name: Update policy set definitions (initiatives)
run: bicep build ./patterns/alz/templates/policySets.bicep --outfile ./patterns/alz/policyDefinitions/policySets.json

- name: Update policy set definitions (initiatives)
run: bicep build ./src/templates/initiatives.bicep --outfile ./eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json

- name: Check git status
run: |
echo "==> Check git status..."
git status --short --branch
- name: Stage changes
run: |
echo "==> Stage changes..."
mapfile -t STATUS_LOG < <(git status --short | grep eslzArm/)
if [ ${#STATUS_LOG[@]} -gt 0 ]; then
echo "Found changes to the following files:"
printf "%s\n" "${STATUS_LOG[@]}"
git add --all ./eslzArm
else
echo "No changes to add."
fi
- name: Push changes
run: |
echo "==> Check git diff..."
mapfile -t GIT_DIFF < <(git diff --cached)
printf "%s\n" "${GIT_DIFF[@]}"
if [ ${#GIT_DIFF[@]} -gt 0 ]; then
echo "==> Commit changes..."
git commit --message "$github_commit_message [$GITHUB_ACTOR/${GITHUB_SHA::8}]"
echo "==> Push changes..."
echo "Pushing changes to: $github_pr_repo"
git push "https://[email protected]/$github_pr_repo.git" "HEAD:$GITHUB_HEAD_REF"
else
echo "No changes found."
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 comments on commit fd2a86d

Please sign in to comment.