Skip to content

Commit

Permalink
Merge branch 'Azure:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
Menghua1 authored Nov 20, 2024
2 parents 4f34881 + 46042e7 commit 09a0caa
Show file tree
Hide file tree
Showing 672 changed files with 68,429 additions and 22,397 deletions.
2 changes: 2 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
/avm/ptn/azd/ml-hub-dependencies/ @Azure/avm-ptn-azd-mlhubdependencies-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/azd/ml-project/ @Azure/avm-ptn-azd-mlproject-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/azd/monitoring/ @Azure/avm-ptn-azd-monitoring-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/data/private-analytical-workspace/ @Azure/avm-ptn-data-privateanalyticalworkspace-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/deployment-script/import-image-to-acr/ @Azure/avm-ptn-deploymentscript-importimagetoacr-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/dev-ops/cicd-agents-and-runners/ @Azure/avm-ptn-devops-cicdagentsandrunners-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/ptn/finops-toolkit/finops-hub/ @Azure/avm-ptn-finopstoolkit-finopshub-module-owners-bicep @Azure/avm-module-reviewers-bicep
Expand Down Expand Up @@ -171,4 +172,5 @@
/avm/res/web/serverfarm/ @Azure/avm-res-web-serverfarm-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/res/web/site/ @Azure/avm-res-web-site-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/res/web/static-site/ @Azure/avm-res-web-staticsite-module-owners-bicep @Azure/avm-module-reviewers-bicep
/avm/utl/types/avm-common-types/ @Azure/avm-utl-types-avmcommontypes-module-owners-bicep @Azure/avm-module-reviewers-bicep
*avm.core.team.tests.ps1 @Azure/avm-core-team-technical-bicep
2 changes: 2 additions & 0 deletions .github/ISSUE_TEMPLATE/avm_module_issue.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ body:
- "avm/ptn/azd/ml-hub-dependencies"
- "avm/ptn/azd/ml-project"
- "avm/ptn/azd/monitoring"
- "avm/ptn/data/private-analytical-workspace"
- "avm/ptn/deployment-script/import-image-to-acr"
- "avm/ptn/dev-ops/cicd-agents-and-runners"
- "avm/ptn/finops-toolkit/finops-hub"
Expand Down Expand Up @@ -206,6 +207,7 @@ body:
- "avm/res/web/serverfarm"
- "avm/res/web/site"
- "avm/res/web/static-site"
- "avm/utl/types/avm-common-types"
validations:
required: true
- type: input
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ runs:
Write-Output ('{0}={1}' -f 'deploymentNames', ($res.deploymentNames | ConvertTo-Json -Compress)) >> $env:GITHUB_OUTPUT
# Populate further outputs
$deploymentOutput = $res.deploymentOutput | ConvertTo-Json -Depth 99 -Compress
$deploymentOutput = ($res.deploymentOutput | ConvertTo-Json -Depth 99 -Compress) -replace "'", "''" # Escaping single quotes for resilient access in subsequent steps
Write-Output ('{0}={1}' -f 'deploymentOutput', $deploymentOutput) >> $env:GITHUB_OUTPUT
Write-Verbose "Deployment output: $deploymentOutput" -Verbose
Expand Down
29 changes: 29 additions & 0 deletions .github/actions/templates/avm-validateModulePSRule/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,35 @@ runs:
source: "${{ inputs.psrulePath}}/.ps-rule/" # Path to folder containing suppression rules to use for analysis.
summary: false # Disabling as taken care in customized task

- name: Run PSRule analysis - Security Pillar Only (Custom Security Pillar)
uses: microsoft/[email protected]
if: ${{ inputs.psruleBaseline == 'CB.AVM.WAF.Security' }}
with:
modules: "PSRule.Rules.Azure"
prerelease: true
baseline: "${{ inputs.psruleBaseline }}"
inputPath: "${{ inputs.templateFilePath}}"
outputFormat: Csv
outputPath: "${{ inputs.templateFilePath}}-PSRule-output.csv"
option: "${{ github.workspace }}/${{ inputs.psrulePath}}/ps-rule.yaml" # Path to PSRule configuration options file
source: "${{ inputs.psrulePath}}/.ps-rule/" # Path to folder containing suppression rules to use for analysis.
summary: false # Disabling as taken care in customized task

- name: Run PSRule analysis - Security Pillar Only (Azure.Pillar.Security)
uses: microsoft/[email protected]
if: ${{ inputs.psruleBaseline == 'Azure.Pillar.Security' }}
continue-on-error: true
with:
modules: "PSRule.Rules.Azure"
prerelease: true
baseline: "${{ inputs.psruleBaseline }}"
inputPath: "${{ inputs.templateFilePath}}"
outputFormat: Csv
outputPath: "${{ inputs.templateFilePath}}-PSRule-output.csv"
option: "${{ github.workspace }}/${{ inputs.psrulePath}}/ps-rule.yaml" # Path to PSRule configuration options file
source: "${{ inputs.psrulePath}}/.ps-rule/" # Path to folder containing suppression rules to use for analysis.
summary: false # Disabling as taken care in customized task

- name: "Parse CSV content"
if: always()
uses: azure/powershell@v2
Expand Down
88 changes: 88 additions & 0 deletions .github/workflows/avm.ptn.data.private-analytical-workspace.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: "avm.ptn.data.private-analytical-workspace"

on:
workflow_dispatch:
inputs:
staticValidation:
type: boolean
description: "Execute static validation"
required: false
default: true
deploymentValidation:
type: boolean
description: "Execute deployment validation"
required: false
default: true
removeDeployment:
type: boolean
description: "Remove deployed module"
required: false
default: true
customLocation:
type: string
description: "Default location overwrite (e.g., eastus)"
required: false
push:
branches:
- main
paths:
- ".github/actions/templates/avm-**"
- ".github/workflows/avm.template.module.yml"
- ".github/workflows/avm.ptn.data.private-analytical-workspace.yml"
- "avm/ptn/data/private-analytical-workspace/**"
- "avm/utilities/pipelines/**"
- "!avm/utilities/pipelines/platform/**"
- "!*/**/README.md"

env:
modulePath: "avm/ptn/data/private-analytical-workspace"
workflowPath: ".github/workflows/avm.ptn.data.private-analytical-workspace.yml"

concurrency:
group: ${{ github.workflow }}

jobs:
###########################
# Initialize pipeline #
###########################
job_initialize_pipeline:
runs-on: ubuntu-latest
name: "Initialize pipeline"
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Set input parameters to output variables"
id: get-workflow-param
uses: ./.github/actions/templates/avm-getWorkflowInput
with:
workflowPath: "${{ env.workflowPath}}"
- name: "Get module test file paths"
id: get-module-test-file-paths
uses: ./.github/actions/templates/avm-getModuleTestFiles
with:
modulePath: "${{ env.modulePath }}"
outputs:
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
modulePath: "${{ env.modulePath }}"

##############################
# Call reusable workflow #
##############################
call-workflow-passing-data:
name: "Run"
permissions:
id-token: write # For OIDC
contents: write # For release tags
needs:
- job_initialize_pipeline
uses: ./.github/workflows/avm.template.module.yml
with:
workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
secrets: inherit
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
name: "avm.ptn.deployment-script.import-image-to-acr"

on:
schedule:
- cron: "0 12 1/15 * *" # Bi-Weekly Test (on 1st & 15th of month)
workflow_dispatch:
inputs:
staticValidation:
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/avm.res.hybrid-compute.machine.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
name: "avm.res.hybrid-compute.machine"

on:
schedule:
- cron: "0 12 1/15 * *" # Bi-Weekly Test (on 1st & 15th of month)
workflow_dispatch:
inputs:
staticValidation:
Expand Down
48 changes: 47 additions & 1 deletion .github/workflows/avm.template.module.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,50 @@ jobs:
psrulePath: "avm/utilities/pipelines/staticValidation/psrule" #'${{ github.workspace }}/avm'
psruleBaseline: "Azure.Pillar.Reliability"

job_psrule_test_waf_security_cb: # Note: Please don't change this job name. It is used by the setEnvironment action to define which PS modules to install on runners.
name: "PSRule - WAF Security - AVM Custom Baseline [${{ matrix.testCases.name }}]"
runs-on: ubuntu-latest
if: ${{ inputs.psRuleModuleTestFilePaths != '' && (fromJson(inputs.workflowInput)).staticValidation == 'true' }}
strategy:
fail-fast: false
matrix:
testCases: ${{ fromJson(inputs.psRuleModuleTestFilePaths) }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set environment
uses: ./.github/actions/templates/avm-setEnvironment
- name: "Run PSRule validation with [${{ matrix.testCases.path }}]"
uses: ./.github/actions/templates/avm-validateModulePSRule
with:
templateFilePath: "${{ inputs.modulePath }}/${{ matrix.testCases.path }}"
subscriptionId: "${{ secrets.ARM_SUBSCRIPTION_ID }}"
managementGroupId: "${{ secrets.ARM_MGMTGROUP_ID }}"
psrulePath: "avm/utilities/pipelines/staticValidation/psrule" #'${{ github.workspace }}/avm'
psruleBaseline: "CB.AVM.WAF.Security"

job_psrule_test_waf_security: # Note: Please don't change this job name. It is used by the setEnvironment action to define which PS modules to install on runners.
name: "PSRule - WAF Security [${{ matrix.testCases.name }}]"
runs-on: ubuntu-latest
if: ${{ inputs.psRuleModuleTestFilePaths != '' && (fromJson(inputs.workflowInput)).staticValidation == 'true' }}
strategy:
fail-fast: false
matrix:
testCases: ${{ fromJson(inputs.psRuleModuleTestFilePaths) }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set environment
uses: ./.github/actions/templates/avm-setEnvironment
- name: "Run PSRule validation with [${{ matrix.testCases.path }}]"
uses: ./.github/actions/templates/avm-validateModulePSRule
with:
templateFilePath: "${{ inputs.modulePath }}/${{ matrix.testCases.path }}"
subscriptionId: "${{ secrets.ARM_SUBSCRIPTION_ID }}"
managementGroupId: "${{ secrets.ARM_MGMTGROUP_ID }}"
psrulePath: "avm/utilities/pipelines/staticValidation/psrule" #'${{ github.workspace }}/avm'
psruleBaseline: "Azure.Pillar.Security"

#############################
# Deployment validation #
#############################
Expand All @@ -104,10 +148,12 @@ jobs:
!cancelled() &&
(fromJson(inputs.workflowInput)).deploymentValidation == 'true' &&
needs.job_module_static_validation.result != 'failure' &&
needs.job_psrule_test_waf_reliability.result != 'failure'
needs.job_psrule_test_waf_reliability.result != 'failure' &&
needs.job_psrule_test_waf_security_cb.result != 'failure'
needs:
- job_module_static_validation
- job_psrule_test_waf_reliability
- job_psrule_test_waf_security_cb
strategy:
fail-fast: false
matrix:
Expand Down
88 changes: 88 additions & 0 deletions .github/workflows/avm.utl.types.avm-common-types.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: "avm.utl.types.avm-common-types"

on:
workflow_dispatch:
inputs:
staticValidation:
type: boolean
description: "Execute static validation"
required: false
default: true
deploymentValidation:
type: boolean
description: "Execute deployment validation"
required: false
default: true
removeDeployment:
type: boolean
description: "Remove deployed module"
required: false
default: true
customLocation:
type: string
description: "Default location overwrite (e.g., eastus)"
required: false
push:
branches:
- main
paths:
- ".github/actions/templates/avm-**"
- ".github/workflows/avm.template.module.yml"
- ".github/workflows/avm.utl.types.avm-common-types.yml"
- "avm/utl/types/avm-common-types/**"
- "avm/utilities/pipelines/**"
- "!avm/utilities/pipelines/platform/**"
- "!*/**/README.md"

env:
modulePath: "avm/utl/types/avm-common-types"
workflowPath: ".github/workflows/avm.utl.types.avm-common-types.yml"

concurrency:
group: ${{ github.workflow }}

jobs:
###########################
# Initialize pipeline #
###########################
job_initialize_pipeline:
runs-on: ubuntu-latest
name: "Initialize pipeline"
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Set input parameters to output variables"
id: get-workflow-param
uses: ./.github/actions/templates/avm-getWorkflowInput
with:
workflowPath: "${{ env.workflowPath}}"
- name: "Get module test file paths"
id: get-module-test-file-paths
uses: ./.github/actions/templates/avm-getModuleTestFiles
with:
modulePath: "${{ env.modulePath }}"
outputs:
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
modulePath: "${{ env.modulePath }}"

##############################
# Call reusable workflow #
##############################
call-workflow-passing-data:
name: "Run"
permissions:
id-token: write # For OIDC
contents: write # For release tags
needs:
- job_initialize_pipeline
uses: ./.github/workflows/avm.template.module.yml
with:
workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
secrets: inherit
4 changes: 2 additions & 2 deletions .github/workflows/platform.ossf-scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: SARIF file
path: results.sarif
Expand All @@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/platform.publish-module-index-json.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ jobs:
}
- name: Upload artifacts
uses: actions/[email protected].2
uses: actions/[email protected].3
with:
name: publish-module-index-json-artifacts
path: |
Expand Down
Loading

0 comments on commit 09a0caa

Please sign in to comment.