disabling psrule for now #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Scenario 1: Bicep Multi-Tenant ASEv3 Secure Baseline' | |
| ######################################################### | |
| # Concurrency allows to run 1 cycle at a time | |
| # If worflow is running, 2nd one will automatically go in pending state | |
| # if concurrency is enabled | |
| # If 1st running, 2nd in pending and 3rd is triggered then 2nd which was | |
| # in pending will be cancelled and only 3rd (latest) will run | |
| # | |
| # If this is enabled it will cancel current running and start latest | |
| # cancel-in-progress: true | |
| # | |
| # When a concurrent job or workflow is queued, | |
| # if another job or workflow using the same concurrency group in the repository | |
| # is in progress, the queued job or workflow will be pending. | |
| # | |
| # Any previously pending job or workflow in the concurrency group will be canceled. | |
| # To also cancel any currently running job or workflow in the same concurrency group, | |
| # specify cancel-in-progress: true. | |
| ############################################################ | |
| concurrency: | |
| group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
| cancel-in-progress: false | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - refactor/iac-cicd | |
| paths: | |
| - '.github/workflows/_template.bicep.yml' | |
| - '.github/workflows/ase-multitenant.bicep.yml' | |
| - 'scenarios/secure-baseline-multitenant/bicep/**.bicep' | |
| - 'scenarios/secure-baseline-multitenant/bicep/parameters/ase-multitenant.parameters.jsonc' | |
| - '!scenarios/secure-baseline-multitenant/**.md' | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - '.github/workflows/_template.bicep.yml' | |
| - '.github/workflows/ase-multitenant.bicep.yml' | |
| - 'scenarios/secure-baseline-multitenant/bicep/**.bicep' | |
| - 'scenarios/secure-baseline-multitenant/bicep/parameters/ase-multitenant.parameters.jsonc' | |
| - '!scenarios/secure-baseline-multitenant/**.md' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| deploymentPath: 'scenarios/secure-baseline-multitenant/bicep/main.bicep' | |
| scenarioName: 'ase-multitenant' | |
| region: 'westus2' | |
| jobs: | |
| prepare-environment: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@main | |
| outputs: | |
| region: ${{ env.region }} | |
| modulePath: ${{ env.deploymentPath }} | |
| bicepParamPath: ${{ env.deploymentPath }}/parameters/${{ env.scenarioName }}.parameters.jsonc | |
| call-workflow-passing-data: | |
| name: 'Bicep CICD' | |
| needs: | |
| - prepare-environment | |
| uses: ./.github/workflows/.template.bicep.yml | |
| with: | |
| region: ${{ needs.prepare-environment.outputs.region }} | |
| modulePath: ${{ needs.prepare-environment.outputs.modulePath }} | |
| bicepParamPath: ${{ needs.prepare-environment.outputs.bicepParamPath }} | |
| # Ensure this value is a boolean | |
| destroy: ${{ github.event.inputs.destroy == 'true' }} | |
| secrets: inherit | |
| # jobs: | |
| # validate: | |
| # name: "Validate Bicep files" | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout the code | |
| # uses: actions/checkout@v4 | |
| # # Log into Azure via OIDC | |
| # - uses: azure/login@v1 | |
| # with: | |
| # client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| # tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # - name: Run Bicep linter | |
| # run: az bicep build --file main.bicep | |
| # working-directory: ${{ env.modulePath }} | |
| # # Validate Bicep File | |
| # # Note: Requires same level of permissions to write to resources (no just read only) | |
| # # - name: deployment-validation | |
| # # uses: azure/arm-deploy@v1 | |
| # # with: | |
| # # scope: subscription | |
| # # subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # # region: ${{ env.region }} | |
| # # template: ${{ env.modulePath }}/main.bicep | |
| # # parameters: ${{ env.modulePath }}/main.parameters.jsonc | |
| # # failOnStdErr: false | |
| # # additionalArguments: "--what-if" | |
| # # deploymentMode: Validate | |
| # build-and-deploy: | |
| # # if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch' | |
| # timeout-minutes: 360 | |
| # name: "Deploy Bicep templates" | |
| # needs: [lint, validate] | |
| # runs-on: ubuntu-latest | |
| # environment: Production | |
| # steps: | |
| # # Checkout code | |
| # - name: Checkout the code | |
| # uses: actions/checkout@main | |
| # # Log into Azure via OIDC | |
| # - uses: azure/login@v1 | |
| # with: | |
| # client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| # tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # # Validate Bicep File | |
| # - name: what-if | |
| # uses: azure/arm-deploy@v1 | |
| # with: | |
| # scope: subscription | |
| # subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # region: ${{ env.region }} | |
| # template: ${{ env.modulePath }}/main.bicep | |
| # parameters: ${{ env.modulePath }}/main.parameters.jsonc | |
| # failOnStdErr: false | |
| # additionalArguments: "--what-if" | |
| # # Deploy Bicep file | |
| # - name: deploy | |
| # uses: azure/arm-deploy@v1 | |
| # with: | |
| # scope: subscription | |
| # subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # region: ${{ env.region }} | |
| # template: ${{ env.modulePath }}/main.bicep | |
| # parameters: ${{ env.modulePath }}/main.parameters.jsonc | |
| # failOnStdErr: false | |
| # # - name: Run Preflight Validation | |
| # # working-directory: ${{ env.modulePath }} | |
| # # run: | | |
| # # az deployment sub validate \ | |
| # # --location ${{ fromJson(env.config).AZURE_LOCATION }} \ | |
| # # --parameters --template-file main.bicep | |
| # # Deploy Bicep file, need to point parameters to the main.parameters.json location | |
| # # - name: deploy | |
| # # uses: azure/arm-deploy@v1 | |
| # # with: | |
| # # subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION }} | |
| # # scope: subscription | |
| # # region: ${{ fromJson(env.config).AZURE_LOCATION }} | |
| # # deploymentName: "${{ fromJson(env.config).DEPLOYMENT_NAME }}-${{ fromJson(env.config).AZURE_LOCATION }}" | |
| # # template: ${{ env.modulePath }}/main.bicep | |
| # # parameters: > | |
| # # workloadName=${{ fromJson(env.config).RESOURCE_NAME_PREFIX }} environment=${{ fromJson(env.config).ENVIRONMENT_TAG }} | |
| # # vmUsername=${{ fromJson(env.config).VM_USERNAME }} vmPassword=${{ secrets.VM_PW }} location=${{ fromJson(env.config).AZURE_LOCATION }} | |
| # # accountName=${{ secrets.ACCOUNT_NAME }} personalAccessToken=${{ secrets.PAT }} CICDAgentType=${{ fromJson(env.config).CICD_AGENT_TYPE}} | |
| # # createRedisResource=${{ fromJson(env.config).CREATE_REDIS_RESOURCE }} redisTier=${{ fromJson(env.config).REDIS_TIER }} |