From 5807a12906ec9909a84f1d6b8613cad2783ae6fb Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Wed, 14 Aug 2024 08:43:57 +0000 Subject: [PATCH 1/2] kv multi-env condition example addition --- bicep-examples/conditions/README.md | 8 ++++++++ bicep-examples/conditions/main.bicep | 21 +++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/bicep-examples/conditions/README.md b/bicep-examples/conditions/README.md index a6b24ae..d537102 100644 --- a/bicep-examples/conditions/README.md +++ b/bicep-examples/conditions/README.md @@ -57,6 +57,14 @@ param kvEnv string = 'prod' var kvSku = kvEnv == 'prod' ? 'premium' : 'standard' ``` +In addition, you can use conditions to determine if certain parameters are true or false depending on the enviornment you are deploying to. For example, in the second Key Vault example within `main.bicep`: + +```javascript +enablePurgeProtection: env == 'preprod' || env == 'prod' ? true : false +``` + +Will only enable purge protection on a Key Vault if the enviornment is `preprod` or `prod`. Therefore, if you were deploying the Key Vault to `dev` the Key Vault would not have purge protection enabled. This type of conditon can be expanded to other parameters and objects such as Azure App Service slots, etc. + ## 🚀 Deployment > [!NOTE] diff --git a/bicep-examples/conditions/main.bicep b/bicep-examples/conditions/main.bicep index faec204..e9e8bf7 100644 --- a/bicep-examples/conditions/main.bicep +++ b/bicep-examples/conditions/main.bicep @@ -10,6 +10,9 @@ param location string = resourceGroup().location @description('Azure Key Vault resource names that will be created. Must be globally unique.') param kvName string = 'kv-uks-bicepify-prod-001' +@description('Azure Key Vault resource names that will be created. Must be globally unique.') +param kvName2 string = 'kv-uks-bicepify-prod-002' + @description('Deploy Azure Key Vault true/false.') param deployResource bool = false @@ -19,10 +22,10 @@ param deployResource bool = false 'preprod' 'dev' ]) -param kvEnv string = 'prod' +param env string = 'prod' // Environment variable for Key Vault SKU else if -var kvSku = kvEnv == 'prod' ? 'premium' : 'standard' +var kvSku = env == 'prod' ? 'premium' : 'standard' module KeyVault 'br/public:avm/res/key-vault/vault:0.7.0' = if (deployResource) { name: '${uniqueString(deployment().name, location)}-${kvName}' @@ -36,3 +39,17 @@ module KeyVault 'br/public:avm/res/key-vault/vault:0.7.0' = if (deployResource) // Output Key Vault name output kvUri string = KeyVault.outputs.name + +// Multi-enviornment condition param example +module KeyVault2 'br/public:avm/res/key-vault/vault:0.6.2' = { + name: '${uniqueString(deployment().name, location)}-kv' + params: { + name: kvName + location: location + enablePurgeProtection: env == 'preprod' || env == 'prod' ? true : false + enableSoftDelete: true + softDeleteRetentionInDays: 7 + enableRbacAuthorization: true + sku: kvSku + } +} \ No newline at end of file From e07fcdb10d2036119cbe95e96fddc514a644c3d6 Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Wed, 14 Aug 2024 08:50:27 +0000 Subject: [PATCH 2/2] Excluding REPOSITORY_GRYPE from ML --- .github/workflows/mega-linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index aba8da3..a5ba874 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -49,7 +49,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks - DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL,ACTION_ACTIONLINT,REPOSITORY_GITLEAKS + DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL,ACTION_ACTIONLINT,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE REPOSITORY_KICS_DISABLE_ERRORS: true # Upload MegaLinter artifacts