Skip to content

Update to latest stable version of PSRule #1777

Update to latest stable version of PSRule

Update to latest stable version of PSRule #1777

name: InfraCI - Regression Validation
on:
#Run on Manual execution
workflow_dispatch:
#Run when our bicep code changes
push:
paths:
- "bicep/*"
#Run when PR's are made to main, where the changes are in the bicep directory or this workflow file itself
pull_request:
branches: [main]
paths:
- "bicep/*"
- ".github/workflows/regressionparams.yml"
- ".github/workflows_dep/regressionparams/*"
#Run on a weekly schedule
schedule:
# At 11:00pm, every Thursday week
- cron: "0 23 * * 4"
env:
RG: "AksBicepAcc-Ci-HelperValidate" #The resource group we're deploying to.
ParamDir: ".github/workflows_dep/regressionparams/" #Path to parameter file
AZCLIVERSION: 2.58.0 #2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest
jobs:
GetParamFiles:
runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.head.repo.fork }}
name: Get Param File List
outputs:
FILELIST: ${{ steps.getfiles.outputs.FILELIST}}
steps:
#Get the code files from the repo
- uses: actions/[email protected]
- name: Job parameter check
run: |
RG='${{ env.RG }}'
echo "RG is: $RG"
echo "Param dir path is: ${{ env.ParamDir }}"
- name: Get List of json files
id: getfiles
shell: pwsh
run: |
$FilePath="${{ env.ParamDir }}"
$FILELISTJSON=get-ChildItem -Path $FilePath -File '*.json' | select-object -ExpandProperty Name | ConvertTo-Json -Compress
Write-Output $FILELISTJSON
echo "FILELIST=$FILELISTJSON" >> $Env:GITHUB_OUTPUT
Validation:
needs: [GetParamFiles]
strategy:
matrix:
files: ${{ fromJson(needs.GetParamFiles.outputs.FILELIST) }}
max-parallel: 4
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: Job parameter check
run: |
RG='${{ env.RG }}'
echo "RG is: $RG"
echo "Param dir path is: ${{ env.ParamDir }}"
echo "Param file is ${{ matrix.files }}"
echo "Input path is ${{ env.ParamDir }}${{ matrix.files }}"
echo "Do PS Rule is ${{ steps.paramfile.outputs.DOPSRULE }}"
- name: Arm Parameter file check
shell: pwsh
id: paramfile
run: |
Write-Output "Checking parameter file existance/contents"
$paramFilePath="${{ env.ParamDir }}${{ matrix.files }}"
Test-Path $paramFilePath
if (Test-Path $paramFilePath) {
$paramFileContent=Get-Content $paramFilePath
Write-Output $paramFileContent
Write-Output "Checking for PSrule template link metadata"
$paramfile=$paramFileContent|ConvertFrom-Json
if ($null -ne $paramfile.metadata.template) {
Write-Output "Temnplate value found"
Write-Output $paramfile.metadata.template
Write-Output $paramfile.metadata.template.length
echo "DOPSRULE=true" >> $GITHUB_OUTPUT
} else {
Write-Output "Temnplate value NOT found"
echo "DOPSRULE=false" >> $GITHUB_OUTPUT
}
}
- name: Replace subnet, dnszone and kv param values from secret
shell: pwsh
run: |
$paramFilePath="${{ env.ParamDir }}${{ matrix.files }}"
$params = Get-Content $paramFilePath | ConvertFrom-Json
if($params.parameters.dnsZoneId.value -ne $null) {
$params.parameters.dnsZoneId.value = "${{ secrets.BYODNSZONEID }}"
}
if($params.parameters.byoAKSSubnetId.value -ne $null) {
$params.parameters.byoAKSSubnetId.value = "${{ secrets.ByoAksSubnetId }}"
}
if($params.parameters.byoAGWSubnetId.value -ne $null) {
$params.parameters.byoAGWSubnetId.value = "${{ secrets.ByoAgwSubnetId }}"
}
if($params.parameters.keyVaultKmsByoKeyId.value -ne $null) {
$params.parameters.keyVaultKmsByoKeyId.value = "${{ secrets.ByoKmsKeyId }}"
}
$params | ConvertTo-Json -Depth 4 | Out-File "${{ env.ParamDir }}${{ matrix.files }}"
- name: Azure Login
uses: Azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
enable-AzPSSession: false
environment: azurecloud
allow-no-subscriptions: false
- name: Validate Infrastructure deployment
uses: Azure/cli@v2
with:
azcliversion: ${{ env.AZCLIVERSION }}
inlineScript: |
RG='${{ env.RG }}'
az deployment group validate -f bicep/main.bicep -g $RG -p ${{ env.ParamDir }}${{ matrix.files }}
- name: WhatIf Infrastructure deployment
if: steps.paramfile.outputs.DOPSRULE == 'true'
continue-on-error: ${{ secrets.ISAZCLIWHATIFUNRELIABLE == 'true' }}
uses: Azure/cli@v2
with:
azcliversion: ${{ env.AZCLIVERSION }}
inlineScript: |
RG='${{ env.RG }}'
az deployment group what-if -f bicep/main.bicep -g $RG -p ${{ env.ParamDir }}${{ matrix.files }}
# PSRule does this cool thing where it traverse the parameter file through to the arm template
# PSRule performs IaC recommendations of the template.
# https://azure.github.io/PSRule.Rules.Azure/
- name: PSRule - Analyze Azure parameter file
if: steps.paramfile.outputs.DOPSRULE == 'true'
uses: microsoft/[email protected]
continue-on-error: true #Setting this whilst PSRule gets bedded in, in this project
with:
modules: 'PSRule.Rules.Azure'
inputPath: "${{ env.ParamDir }}${{ matrix.files }}"
#prerelease: false
baseline: 'Azure.Default' #'Azure.Preview'
- name: PSRule - Analyze Azure parameter file including Preview feature rulesets
if: steps.paramfile.outputs.DOPSRULE == 'true'
uses: microsoft/[email protected]
continue-on-error: true #Preview feature checking means we need to suppress errors
with:
modules: 'PSRule.Rules.Azure'
inputPath: "${{ env.ParamDir }}${{ matrix.files }}"
baseline: 'Azure.All' #All includes preview and internal rules