feat: Added 'Publish from tag' pipeline for AVM (#673)

## Description - Added 'Publish from tag' pipeline for AVM - Updated description of current publishing script | Pipeline | | - | | [Test-Run in fork](https://github.com/AlexanderSehr/bicep-registry-modules/actions/runs/6995186301/job/19029748855) | --------- Co-authored-by: Erika Gressi <[email protected]>
Azure · Dec 11, 2023 · 25b9c23 · 25b9c23
1 parent 31b5e39
commit 25b9c23
Show file tree

Hide file tree

Showing 5 changed files with 148 additions and 82 deletions.
diff --git a/.github/actions/templates/avm-publishModule/action.yml b/.github/actions/templates/avm-publishModule/action.yml
@@ -57,22 +57,16 @@ runs:
           # Load used functions
           . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines'  'publish' 'Publish-ModuleFromPathToPBR.ps1')
 
-          ################################
-          ##   Get modules to publish   ##
-          ################################
           $functionInput = @{
             TemplateFilePath     = Join-Path $env:GITHUB_WORKSPACE "${{ inputs.templateFilePath }}"
             PublicRegistryServer = ConvertTo-SecureString '${{ env.PUBLISH_REGISTRY_SERVER }}' -AsPlainText -Force
+            RepoRoot             = $env:GITHUB_WORKSPACE
           }
 
           Write-Verbose "Invoke function with" -Verbose
           Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
 
-          # Get the modified child resources
-          if($publishOutputs = Publish-ModuleFromPathToPBR @functionInput -Verbose) {
-            Write-Output ('{0}={1}' -f 'version', $publishOutputs.version) >> $env:GITHUB_OUTPUT
-            Write-Output ('{0}={1}' -f 'publishedModuleName', $publishOutputs.publishedModuleName) >> $env:GITHUB_OUTPUT
-          }
+          Publish-ModuleFromPathToPBR @functionInput -Verbose
 
           Write-Output '::endgroup::'
 

diff --git a/.github/workflows/avm.platform.publish-tag.yml b/.github/workflows/avm.platform.publish-tag.yml
@@ -0,0 +1,64 @@
+name: "avm.platform.publish-tag"
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "The git tag of the module to publish. For example: [avm/res/key-vault/vault/1.0.0]"
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  job_publish_module_with_tag:
+    runs-on: ubuntu-latest
+    name: "Publish module with tag"
+    steps:
+      - name: Checkout tag
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.tag }}
+
+      - name: Log in to Azure
+        uses: azure/login@v1
+        with:
+          client-id: ${{ env.PUBLISH_CLIENT_ID }}
+          tenant-id: ${{ env.PUBLISH_TENANT_ID }}
+          subscription-id: ${{ env.PUBLISH_SUBSCRIPTION_ID }}
+
+      # Adding a step to explicitly install the latest Bicep CLI because there is
+      # always a delay in updating Bicep CLI in the job runner environments.
+      - name: Install the latest Bicep CLI
+        shell: bash
+        run: |
+          curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
+          chmod +x ./bicep
+          sudo mv ./bicep /usr/local/bin/bicep
+          bicep --version
+
+      - name: "Publish tagged module to public bicep registry"
+        uses: azure/powershell@v1
+        with:
+          azPSVersion: "latest"
+          inlineScript: |
+            # Grouping task logs
+            Write-Output '::group::Publish tagged module to public bicep registry'
+
+            # Load used functions
+            . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'platform' 'Publish-ModuleFromTagToPBR.ps1')
+
+            $functionInput = @{
+              ModuleReleaseTagName = '${{ github.event.inputs.tag }}'
+              PublicRegistryServer = ConvertTo-SecureString '${{ secrets.PUBLISH_REGISTRY_SERVER }}' -AsPlainText -Force
+              RepoRoot             = $env:GITHUB_WORKSPACE
+            }
+
+            Write-Verbose 'Invoke function with' -Verbose
+            Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
+
+            Publish-ModuleFromTagToPBR @functionInput -Verbose
+
+            Write-Output '::endgroup::'
diff --git a/avm/utilities/pipelines/platform/Publish-ModuleFromTagToPBR.ps1 b/avm/utilities/pipelines/platform/Publish-ModuleFromTagToPBR.ps1
@@ -0,0 +1,67 @@
+<#
+.SYNOPSIS
+Publish a module based on the provided git tag
+
+.DESCRIPTION
+Publish a module based on the provided git tag
+
+.PARAMETER ModuleReleaseTagName
+Mandatory. The git tag to identify the module with & publish its code state of
+
+.PARAMETER PublicRegistryServer
+Mandatory. The public registry server.
+
+.PARAMETER RepoRoot
+Optional. Path to the root of the repository.
+
+.EXAMPLE
+Publish-ModuleFromTagToPBR -ModuleReleaseTagName 'avm/res/key-vault/vault/0.3.0' -PublicRegistryServer (ConvertTo-SecureString 'myServer' -AsPlainText -Force)
+
+Publish the module 'avm/res/key-vault/vault' of git tag 'avm/res/key-vault/vault/0.3.0' to the public registry server 'myServer'
+#>
+function Publish-ModuleFromTagToPBR {
+
+  [CmdletBinding(SupportsShouldProcess)]
+  param (
+    [Parameter(Mandatory = $true)]
+    [string] $ModuleReleaseTagName,
+
+    [Parameter(Mandatory = $true)]
+    [secureString] $PublicRegistryServer,
+
+    [Parameter(Mandatory = $false)]
+    [string] $RepoRoot = (Get-Item -Path $PSScriptRoot).parent.parent.parent.parent.FullName
+  )
+
+  # Load used functions
+  . (Join-Path $RepoRoot 'avm' 'utilities' 'pipelines' 'publish' 'helper' 'Get-ModuleReadmeLink.ps1')
+
+  # 1. Extract information from the tag
+  $targetVersion = Split-Path $ModuleReleaseTagName -Leaf
+  $moduleRelativeFolderPath = $ModuleReleaseTagName -replace "\/$targetVersion$", ''
+  $moduleFolderPath = Join-Path $repositoryRoot $moduleRelativeFolderPath
+  $moduleJsonFilePath = Join-Path $moduleFolderPath 'main.json'
+  Write-Verbose "Determined JSON template Path [$moduleJsonFilePath]"
+
+  # 2. Get the documentation link
+  $documentationUri = Get-ModuleReadmeLink -TagName $ModuleReleaseTagName -ModuleFolderPath $moduleFolderPath
+  Write-Verbose "Determined documentation URI [$documentationUri]"
+
+  ###################
+  ## 3.  Publish   ##
+  ###################
+  $plainPublicRegistryServer = ConvertFrom-SecureString $PublicRegistryServer -AsPlainText
+
+  $publishInput = @(
+    $moduleJsonFilePath
+    '--target', ("br:{0}/public/bicep/{1}:{2}" -f $plainPublicRegistryServer, $moduleRelativeFolderPath, $targetVersion)
+    '--documentationUri', $documentationUri
+    '--force'
+  )
+
+  Write-Verbose "Publish Input:`n $($publishInput | ConvertTo-Json -Depth 10)" -Verbose
+
+  if ($PSCmdlet.ShouldProcess("Module of tag [$ModuleReleaseTagName]", "Publish")) {
+    bicep publish @publishInput
+  }
+}
diff --git a/avm/utilities/pipelines/publish/Publish-ModuleFromPathToPBR.ps1 b/avm/utilities/pipelines/publish/Publish-ModuleFromPathToPBR.ps1
@@ -15,9 +15,13 @@ Mandatory. The path to the deployment file
 .PARAMETER PublicRegistryServer
 Mandatory. The public registry server.
 
+.PARAMETER RepoRoot
+Optional. Path to the root of the repository.
+
 .EXAMPLE
-Publish-ModuleFromPathToPBR -TemplateFilePath 'C:\avm\res\key-vault\vault\main.bicep -PublicRegistryServer '<secureString>'
+Publish-ModuleFromPathToPBR -TemplateFilePath 'C:\avm\res\key-vault\vault\main.bicep -PublicRegistryServer (ConvertTo-SecureString 'myServer' -AsPlainText -Force)
 
+Publish the module in path 'key-vault/vault' to the public registry server 'myServer'
 #>
 function Publish-ModuleFromPathToPBR {
 
@@ -27,16 +31,19 @@ function Publish-ModuleFromPathToPBR {
     [string] $TemplateFilePath,
 
     [Parameter(Mandatory = $true)]
-    [secureString] $PublicRegistryServer
+    [secureString] $PublicRegistryServer,
+
+    [Parameter(Mandatory = $false)]
+    [string] $RepoRoot = (Get-Item -Path $PSScriptRoot).parent.parent.parent.parent.FullName
   )
 
   # Load used functions
-  . (Join-Path $PSScriptRoot 'helper' 'Get-ModulesToPublish.ps1')
-  . (Join-Path $PSScriptRoot 'helper' 'Get-ModuleTargetVersion.ps1')
-  . (Join-Path (Split-Path $PSScriptRoot) 'sharedScripts' 'Get-BRMRepositoryName.ps1')
-  . (Join-Path $PSScriptRoot 'helper' 'New-ModuleReleaseTag.ps1')
-  . (Join-Path $PSScriptRoot 'helper' 'Get-ModuleReadmeLink.ps1')
-  . (Join-Path (Split-Path $PSScriptRoot -Parent) 'sharedScripts' 'tokenReplacement' 'Convert-TokensInFileList.ps1')
+  . (Join-Path $RepoRoot 'avm' 'utilities' 'pipelines' 'publish' 'helper' 'Get-ModulesToPublish.ps1')
+  . (Join-Path $RepoRoot 'avm' 'utilities' 'pipelines' 'publish' 'helper' 'Get-ModuleTargetVersion.ps1')
+  . (Join-Path $RepoRoot 'avm' 'utilities' 'pipelines' 'publish' 'helper' 'New-ModuleReleaseTag.ps1')
+  . (Join-Path $RepoRoot 'avm' 'utilities' 'pipelines' 'publish' 'helper' 'Get-ModuleReadmeLink.ps1')
+  . (Join-Path $RepoRoot 'avm' 'utilities' 'pipelines' 'sharedScripts' 'Get-BRMRepositoryName.ps1')
+  . (Join-Path $RepoRoot 'avm' 'utilities' 'pipelines' 'sharedScripts' 'tokenReplacement' 'Convert-TokensInFileList.ps1')
 
   $moduleFolderPath = Split-Path $TemplateFilePath -Parent
   $moduleJsonFilePath = Join-Path $moduleFolderPath 'main.json'

diff --git a/avm/utilities/pipelines/publish/Publish-ModuleFromTagToPBR.ps1 b/avm/utilities/pipelines/publish/Publish-ModuleFromTagToPBR.ps1