Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create bicep-pr-yml #19

Merged
merged 1 commit into from
Nov 28, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 84 additions & 0 deletions .github/workflows/bicep-pr-yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: "PR - IaC (Bicep)"

# run on pr to main branch only
on:
pull_request:
branches:
- main
paths:
- ".azure/bicep/**"
workflow_dispatch:

permissions:
id-token: write
contents: read
pull-requests: write
issues: write

# Set envs
env:
WORKDIR: ".azure/bicep"

# Set defaults for GitHub Actions runner
defaults:
run:
working-directory: ".azure/bicep"

jobs:
codequalitycheck:
name: "Code Quality Check"
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v2

# Get RESOURCES_PREFIX based on the repo name
- name: Get repo name
uses: actions/github-script@v5
id: resources_prefix
with:
result-encoding: string
script: return context.repo.repo.toLowerCase()

# Login to Azure with Service Principal
- name: Azure login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

# Checks that all Bicep configuration files adhere to a canonical format
- name: Bicep Lint
uses: Azure/[email protected]
with:
inlineScript: az bicep build --file ${{ env.WORKDIR }}/webapp.bicep
id: lint

# Validate whether a template is valid at subscription scope
- name: Bicep Validate
uses: Azure/[email protected]
with:
inlineScript: |
az deployment sub validate \
--name ${{ github.run_id }} \
--template-file ${{ env.WORKDIR }}/webapp.bicep \
--location uksouth \
--parameters resourcesPrefix=${{ steps.resources_prefix.outputs.result }}
id: validate

- name: Update Pull Request
uses: actions/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Bicep Lint 🖌\`${{ steps.lint.outcome }}\`
#### Bicep Validation 🤖\`${{ steps.validate.outcome }}\`
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
Loading