Skip to content

Update build-policy-sets.yml #5

Update build-policy-sets.yml

Update build-policy-sets.yml #5

name: Build Policy Sets
on:
push:
branches:
- main
workflow_dispatch: # This allows the workflow to be triggered manually
permissions:
contents: write
pull-requests: write
jobs:
cleanup-arm-templates:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Delete ARMTemplates folder if it exists
run: |
if [ -d "ARMTemplates" ]; then
rm -rf ARMTemplates
fi
- name: Commit changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git add -A
git commit -m "Delete ARMTemplates folder" --allow-empty
git push --force
cleanup-readme-files:
needs: cleanup-arm-templates
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Sync with main branch
run: git pull
- name: Remove Deploy to Azure button from README.md files
run: |
find PolicyInitiatives -name "README.md" | while read file; do
sed -i '/\[!\[Deploy to Azure\](.*)\](.*)/d' "$file"
done
- name: Commit changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git add -A
git commit -m "Remove Deploy to Azure button from README.md files" --allow-empty
git push --force
list-bicep-files:
needs: cleanup-readme-files
runs-on: ubuntu-latest
outputs:
files: ${{ steps.list.outputs.files }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: List Bicep files
id: list
run: |
files=$(find PolicyInitiatives -name "*.bicep" | jq -R -s -c 'split("\n")[:-1]')
echo "FILES=$files" >> "$GITHUB_OUTPUT"
build:
needs: list-bicep-files
runs-on: ubuntu-latest
strategy:
matrix:
file: ${{ fromJson(needs.list-bicep-files.outputs.FILES) }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Sync with main branch
run: git pull
- name: Extract branch name
id: extract_branch
run: echo "BRANCH_NAME=${GITHUB_REF#refs/heads/}" >> "$GITHUB_OUTPUT"
- name: Make output directory
run: mkdir -p ARMTemplates
- name: Set output file path
id: set-output-path
run: echo "OUTPUT_FILE_PATH=ARMTemplates/$(basename ${{ matrix.file }} .bicep).json" >> "$GITHUB_OUTPUT"
- name: Set output file name
id: set-output-name
run: echo "OUTPUT_FILE_NAME=$(basename ${{ matrix.file }} .bicep).json" >> "$GITHUB_OUTPUT"
- name: Bicep Build
uses: Azure/[email protected]
with:
bicepFilePath: ${{ matrix.file }}
outputFilePath: ${{ steps.set-output-path.outputs.OUTPUT_FILE_PATH }}
- name: Update README.md with Deploy to Azure button
run: |
urlencode() {
local length="${#1}"
for (( i = 0; i < length; i++ )); do
local c="${1:i:1}"
case $c in
[a-zA-Z0-9.~_-]) printf "$c" ;;
*) printf '%%%02X' "'$c" ;;
esac
done
}
dir=$(dirname ${{ matrix.file }})
readme="$dir/README.md"
if [ -f "$readme" ]; then
arm_template_url="https://raw.githubusercontent.com/${{ github.repository }}/${{ steps.extract_branch.outputs.BRANCH_NAME }}/ARMTemplates/${{ steps.set-output-name.outputs.OUTPUT_FILE_NAME }}"
encoded_url=$(urlencode "$arm_template_url")
button="[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/$encoded_url)"
first_line=$(head -n 1 $readme)
if [[ $first_line == *"[![Deploy to Azure]"* ]]; then
tail -n +2 $readme > $readme.tmp
echo -e "$button\n$(cat $readme.tmp)" > $readme
rm $readme.tmp
else
temp_file=$(mktemp)
echo -e "$button\n$(cat $readme)" > $temp_file
mv $temp_file $readme
fi
fi
- name: Set git user
run: git config --global user.name "GitHub Actions" && git config --global user.email "GitHub Actions"
- name: Commit changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git pull
git add ${{ steps.set-output-path.outputs.OUTPUT_FILE_PATH }}
git add $(dirname ${{ matrix.file }})/README.md
git commit -m "Add generated ARM templates and update README.md" --allow-empty
git push --force