merge latest

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "Ubuntu",
-  "image": "mcr.microsoft.com/devcontainers/javascript-node:0-18-bullseye",
+  "image": "mcr.microsoft.com/devcontainers/javascript-node:20-bullseye",
   "customizations": {
     "vscode": {
       "extensions": [
@@ -17,15 +17,26 @@
       ]
     }
   },
-  "postCreateCommand": "npm install -g prettier && dotnet tool install -g Azure.Bicep.RegistryModuleTool && pwsh -C Install-Module Az.Accounts -Repository PSGallery -Force && pwsh -C Install-Module Az.Resources -Repository PSGallery -Force && pwsh -C Install-Module Az.KeyVault -Repository PSGallery -Force",
-  "postStartCommand": "az bicep install",
+  "postCreateCommand": "dotnet tool install -g Azure.Bicep.RegistryModuleTool",
+  "postStartCommand": "",
   "remoteEnv": {
     "PATH": "${containerEnv:PATH}:/home/node/.dotnet/tools:/home/node/.azure/bin"
   },
   "features": {
-    "azure-cli": "latest",
-    "dotnet": "8.0",
+    "ghcr.io/devcontainers/features/azure-cli:1": {
+      "version": "latest",
+      "installBicep": true
+    },
+    "ghcr.io/devcontainers/features/dotnet:2": {},
     "ghcr.io/devcontainers/features/node:1": {},
-    "ghcr.io/devcontainers/features/powershell:1": {}
+    "ghcr.io/devcontainers/features/powershell:1": {
+      "modules": ["Az.Accounts", "Az.Resources", "Az.KeyVault", "Pester"]
+    },
+    "ghcr.io/devcontainers-contrib/features/prettier:1": {},
+    "ghcr.io/devcontainers/features/github-cli:1": {},
+    // act to run github actions locally
+    "ghcr.io/devcontainers-contrib/features/act-asdf:2": {},
+    // for act
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}
   }
 }

.github/CODEOWNERS

@@ -29,7 +29,7 @@
 /avm/res/compute/proximity-placement-group/ @Azure/avm-res-compute-proximityplacementgroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/compute/ssh-public-key/ @Azure/avm-res-compute-sshpublickey-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/compute/virtual-machine/ @Azure/avm-res-compute-virtualmachine-module-owners-bicep @Azure/avm-core-team-technical-bicep
-#/avm/res/compute/virtual-machine-scale-set/ @Azure/avm-res-compute-virtualmachinescaleset-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/compute/virtual-machine-scale-set/ @Azure/avm-res-compute-virtualmachinescaleset-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/consumption/budget/ @Azure/avm-res-consumption-budget-module-owners-bicep @Azure/avm-core-team-technical-bicep
 #/avm/res/container-instance/container-group/ @Azure/avm-res-containerinstance-containergroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/container-registry/registry/ @Azure/avm-res-containerregistry-registry-module-owners-bicep @Azure/avm-core-team-technical-bicep
@@ -46,9 +46,10 @@
 /avm/res/desktop-virtualization/workspace/ @Azure/avm-res-desktopvirtualization-workspace-module-owners-bicep @Azure/avm-core-team-technical-bicep
 #/avm/res/dev-center/devcenter/ @Azure/avm-res-devcenter-devcenter-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/dev-test-lab/lab/ @Azure/avm-res-devtestlab-lab-module-owners-bicep @Azure/avm-core-team-technical-bicep
-#/avm/res/digital-twins/digital-twins-instance/ @Azure/avm-res-digitaltwins-digitaltwinsinstance-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/digital-twins/digital-twins-instance/ @Azure/avm-res-digitaltwins-digitaltwinsinstance-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/document-db/database-account/ @Azure/avm-res-documentdb-databaseaccount-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/event-grid/domain/ @Azure/avm-res-eventgrid-domain-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/event-grid/namespace/ @Azure/avm-res-eventgrid-namespace-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/event-grid/system-topic/ @Azure/avm-res-eventgrid-systemtopic-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/event-grid/topic/ @Azure/avm-res-eventgrid-topic-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/event-hub/namespace/ @Azure/avm-res-eventhub-namespace-module-owners-bicep @Azure/avm-core-team-technical-bicep
@@ -78,7 +79,7 @@
 #/avm/res/network/application-gateway/ @Azure/avm-res-network-applicationgateway-module-owners-bicep @Azure/avm-core-team-technical-bicep
 #/avm/res/network/application-gateway-web-application-firewall-policy/ @Azure/avm-res-network-applicationgatewaywebapplicationfirewallpolicy-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/network/application-security-group/ @Azure/avm-res-network-applicationsecuritygroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
-#/avm/res/network/azure-firewall/ @Azure/avm-res-network-azurefirewall-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/network/azure-firewall/ @Azure/avm-res-network-azurefirewall-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/network/bastion-host/ @Azure/avm-res-network-bastionhost-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/network/connection/ @Azure/avm-res-network-connection-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/network/ddos-protection-plan/ @Azure/avm-res-network-ddosprotectionplan-module-owners-bicep @Azure/avm-core-team-technical-bicep
@@ -117,8 +118,8 @@
 #/avm/res/policy-insights/remediation/ @Azure/avm-res-policyinsights-remediation-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/power-bi-dedicated/capacity/ @Azure/avm-res-powerbidedicated-capacity-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/purview/account/ @Azure/avm-res-purview-account-module-owners-bicep @Azure/avm-core-team-technical-bicep
-#/avm/res/recovery-services/vault/ @Azure/avm-res-recoveryservices-vault-module-owners-bicep @Azure/avm-core-team-technical-bicep
-#/avm/res/relay/namespace/ @Azure/avm-res-relay-namespace-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/recovery-services/vault/ @Azure/avm-res-recoveryservices-vault-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/relay/namespace/ @Azure/avm-res-relay-namespace-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/resource-graph/query/ @Azure/avm-res-resourcegraph-query-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/resources/deployment-script/ @Azure/avm-res-resources-deploymentscript-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/resources/resource-group/ @Azure/avm-res-resources-resourcegroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
@@ -134,7 +135,7 @@
 /avm/res/synapse/private-link-hub/ @Azure/avm-res-synapse-privatelinkhub-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/synapse/workspace/ @Azure/avm-res-synapse-workspace-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/virtual-machine-images/image-template/ @Azure/avm-res-virtualmachineimages-imagetemplate-module-owners-bicep @Azure/avm-core-team-technical-bicep
-#/avm/res/web/connection/ @Azure/avm-res-web-connection-module-owners-bicep @Azure/avm-core-team-technical-bicep
+/avm/res/web/connection/ @Azure/avm-res-web-connection-module-owners-bicep @Azure/avm-core-team-technical-bicep
 #/avm/res/web/hosting-environment/ @Azure/avm-res-web-hostingenvironment-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/web/serverfarm/ @Azure/avm-res-web-serverfarm-module-owners-bicep @Azure/avm-core-team-technical-bicep
 /avm/res/web/site/ @Azure/avm-res-web-site-module-owners-bicep @Azure/avm-core-team-technical-bicep
@@ -144,3 +145,5 @@
 #/avm/ptn/avd-lza/networking/ @Azure/avm-ptn-avd-lza-networking-module-owners-bicep @Azure/avm-core-team-technical-bicep
 #/avm/ptn/avd-lza/session-hosts/ @Azure/avm-ptn-avd-lza-sessionhosts-module-owners-bicep @Azure/avm-core-team-technical-bicep
 #/avm/ptn/security/security-center/ @Azure/avm-ptn-securitycenter-module-owners-bicep @Azure/avm-core-team-technical-bicep
+
+*avm.core.team.tests.ps1 @Azure/avm-core-team-technical-bicep

.github/ISSUE_TEMPLATE/avm_module_issue.yml

@@ -63,7 +63,7 @@ body:
         - "avm/res/compute/proximity-placement-group"
         - "avm/res/compute/ssh-public-key"
         - "avm/res/compute/virtual-machine"
-        # - "avm/res/compute/virtual-machine-scale-set"
+        - "avm/res/compute/virtual-machine-scale-set"
         - "avm/res/consumption/budget"
         # - "avm/res/container-instance/container-group"
         - "avm/res/container-registry/registry"
@@ -80,9 +80,10 @@ body:
         - "avm/res/desktop-virtualization/workspace"
         # - "avm/res/dev-center/devcenter"
         - "avm/res/dev-test-lab/lab"
-        # - "avm/res/digital-twins/digital-twins-instance"
+        - "avm/res/digital-twins/digital-twins-instance"
         - "avm/res/document-db/database-account"
         - "avm/res/event-grid/domain"
+        - "avm/res/event-grid/namespace"
         - "avm/res/event-grid/system-topic"
         - "avm/res/event-grid/topic"
         - "avm/res/event-hub/namespace"
@@ -112,7 +113,7 @@ body:
         # - "avm/res/network/application-gateway"
         # - "avm/res/network/application-gateway-web-application-firewall-policy"
         - "avm/res/network/application-security-group"
-        # - "avm/res/network/azure-firewall"
+        - "avm/res/network/azure-firewall"
         - "avm/res/network/bastion-host"
         - "avm/res/network/connection"
         - "avm/res/network/ddos-protection-plan"
@@ -151,8 +152,8 @@ body:
         # - "avm/res/policy-insights/remediation"
         - "avm/res/power-bi-dedicated/capacity"
         - "avm/res/purview/account"
-        # - "avm/res/recovery-services/vault"
-        # - "avm/res/relay/namespace"
+        - "avm/res/recovery-services/vault"
+        - "avm/res/relay/namespace"
         - "avm/res/resource-graph/query"
         - "avm/res/resources/deployment-script"
         - "avm/res/resources/resource-group"
@@ -168,7 +169,7 @@ body:
         - "avm/res/synapse/private-link-hub"
         - "avm/res/synapse/workspace"
         - "avm/res/virtual-machine-images/image-template"
-        # - "avm/res/web/connection"
+        - "avm/res/web/connection"
         # - "avm/res/web/hosting-environment"
         - "avm/res/web/serverfarm"
         - "avm/res/web/site"

.github/actions/templates/avm-publishModule/action.yml

@@ -67,8 +67,10 @@ runs:
           Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
 
           if($publishOutputs = Publish-ModuleFromPathToPBR @functionInput -Verbose) {
-            Write-Output ('{0}={1}' -f 'version', $publishOutputs.version) >> $env:GITHUB_OUTPUT
-            Write-Output ('{0}={1}' -f 'publishedModuleName', $publishOutputs.publishedModuleName) >> $env:GITHUB_OUTPUT
+            $publishOutputs.Keys | Foreach-Object {
+              Write-Verbose ('Passing pipeline variable [{0}] with value [{1}]' -f $_, $publishOutputs.$_) -Verbose
+              Write-Output ('{0}={1}' -f $_, $publishOutputs.$_) >> $env:GITHUB_OUTPUT
+            }
           }
 
           Write-Output '::endgroup::'
@@ -88,6 +90,7 @@ runs:
           $functionInput = @{
             Version             = "${{ steps.publish_step.outputs.version }}"
             PublishedModuleName = "${{ steps.publish_step.outputs.publishedModuleName }}"
+            GitTagName          = "${{ steps.publish_step.outputs.gitTagName }}"
           }
 
           Write-Verbose "Invoke function with" -Verbose

.github/actions/templates/avm-validateModulePSRule/action.yml

@@ -5,20 +5,6 @@
 ## This composite action contains the logic to validate a module using a set of PSRule tests
 ##
 #########################################################
-##
-##-------------------------------------------##
-## ACTION PARAMETERS                         ##
-##-------------------------------------------##
-##
-##   |=================================================================================================================================================================|
-##   | Parameter                | Required | Default | Description                          | Example                                                                  |
-##   |--------------------------|----------|---------|--------------------------------------|--------------------------------------------------------------------------|
-##   | templateFilePath         | true     | ''      | The path to the module PSRule tests. | 'modules/api-management/service/.test/common/main.test.bicep'            |
-##   | subscriptionId           | false    | ''      | The subscriptionId to deploy to      | '1a97b80a-4dda-4f50-ab53-349e29344654'                                   |
-##   | managementGroupId        | false    | ''      | The managementGroupId to deploy to   | '1a97b80a-4dda-4f50-ab53-349e29344654'                                   |
-##   |=================================================================================================================================================================|
-##
-##---------------------------------------------##
 
 name: "Execute PSRule module tests"
 description: "Execute PSRule module tests (if any)"
@@ -37,6 +23,14 @@ inputs:
   psrulePath:
     description: "The path to PSRule configurations"
     required: false
+  skipPassedRulesReport:
+    description: "Show only failed rules in job summary"
+    required: false
+    default: $false
+  psruleBaseline:
+    description: "The PSRule baseline to be used"
+    required: true
+    default: "Azure.Default"
 
 runs:
   using: "composite"
@@ -109,11 +103,27 @@ runs:
 
     # [PSRule validation] task(s)
     #-----------------------------
-    - name: Run PSRule analysis
+    - name: Run PSRule analysis - All Pillars (Azure.Default)
+      uses: microsoft/[email protected]
+      if: ${{ inputs.psruleBaseline == 'Azure.Default' }}
+      continue-on-error: true
+      with:
+        modules: "PSRule.Rules.Azure"
+        baseline: "${{ inputs.psruleBaseline }}"
+        inputPath: "${{ inputs.templateFilePath}}"
+        outputFormat: Csv
+        outputPath: "${{ inputs.templateFilePath}}-PSRule-output.csv"
+        option: "${{ github.workspace }}/${{ inputs.psrulePath}}/ps-rule.yaml" # Path to PSRule configuration options file
+        source: "${{ inputs.psrulePath}}/.ps-rule/" # Path to folder containing suppression rules to use for analysis.
+        summary: false # Disabling as taken care in customized task
+
+    - name: Run PSRule analysis - Reliability Pillar Only (Azure.Pillar.Reliability)
       uses: microsoft/[email protected]
-      continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project
+      if: ${{ inputs.psruleBaseline == 'Azure.Pillar.Reliability' }}
       with:
         modules: "PSRule.Rules.Azure"
+        prerelease: true
+        baseline: "${{ inputs.psruleBaseline }}"
         inputPath: "${{ inputs.templateFilePath}}"
         outputFormat: Csv
         outputPath: "${{ inputs.templateFilePath}}-PSRule-output.csv"
@@ -135,9 +145,9 @@ runs:
 
           # Populate parameter input
           $ParameterInput = @{
-            inputFilePath           = '${{ inputs.templateFilePath}}-PSRule-output.csv'
-            outputFilePath          = '${{ inputs.templateFilePath}}-PSRule-output.md'
-            skipPassedRulesReport   = $false
+            inputFilePath         = '${{ inputs.templateFilePath}}-PSRule-output.csv'
+            outputFilePath        = '${{ inputs.templateFilePath}}-PSRule-output.md'
+            skipPassedRulesReport = ${{ inputs.skipPassedRulesReport}}
           }
 
           Write-Verbose ('Set PS Rule Output with following parameters:`n{0}' -f (ConvertTo-Json $ParameterInput -Depth 10)) -Verbose

.github/actions/templates/avm-validateModulePester/action.yml

@@ -72,6 +72,7 @@ runs:
           Run    = @{
             Container = New-PesterContainer -Path $testFiles -Data @{
               moduleFolderPaths = $moduleFolderPaths
+              RepoRootPath      = $env:GITHUB_WORKSPACE
             }
             PassThru  = $true
           }