-
Notifications
You must be signed in to change notification settings - Fork 29
/
action.yml
26 lines (26 loc) · 2.58 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
name: "Azure Policy Compliance Scan"
description: "Triggers compliance scan on Azure resources and passes/fails based on the compliance state of the resources"
inputs:
scopes:
description: "Mandatory. Takes full identifier for one or more azure resources, resource groups or subscriptions. The on-demand policy compliance scan is triggered for all of these. The ID can generally be found in the properties section of the resource in Azure Portal."
required: true
scopes-ignore:
description: "Optional. Takes full identifier for one or more azure resources, resource groups(followed by /*). If the resources are found non-compliant after the scan completion, the action fails. However, in this input you can specify resources or resource groups for which the compliance state will be ignored. The action will pass irrespective of the compliance state of these resources. In case you want the action to always pass irrespective of the compliance state of resources, you can set its value as all."
required: false
policy-assignments-ignore:
description: "Optional. Takes full identifier for one or more policy assignments ids. If the resources are found non-compliant for given policy assignment after the scan completion, the action fails. However, in this input you can specify policy assignments ids for which the compliance state will be ignored. The action will pass irrespective of the compliance state of these policies."
required: false
wait:
description: "Optional. Depending on the breadth, the time taken for compliance scan can range from a few minutes to several hours. By default, the action will wait for the compliance scan to complete and succeed or fail based on the compliance state of resources. However, you can mark this input as false, in which case the action will trigger the compliance scan and succeed immediately. The status of the triggered scan and the compliance state of resources would have to be then viewed in activity log of the resource in Azure portal."
required: false
default: true
skip-report:
description: "Optional. Defaults to false. If false, the action will upload a CSV file containing a list of resources that are non-compliant after the triggered scan is complete. The CSV file can be downloaded as an artifact from the workflow run for manual analysis. Note that the number of rows in CSV are capped at 100,000."
required: false
default: false
report-name:
description: "Optional. The filename for the CSV to be uploaded. Ignored if skip-report is set to true."
required: false
runs:
using: "node12"
main: "lib/run.js"