From 272047f81ab46b9b4a61f98d187d4d0a9ba96f38 Mon Sep 17 00:00:00 2001
From: Alexander Sehr <ASehr@hotmail.de>
Date: Tue, 5 Dec 2023 00:03:01 +0100
Subject: [PATCH] feat: Moved GitHub pipeline state/toggle action to script to
 enable local testing & execution (#698)

## Description

Moved GitHub pipeline state/toggle action to script to enable local
testing & execution

Examples:
- [Running enable on
all](https://github.com/AlexanderSehr/bicep-registry-modules/actions/runs/7088913136/job/19292448089)
- [Running disable for only
network](https://github.com/AlexanderSehr/bicep-registry-modules/actions/runs/7088929214/job/19292497453)

---------

Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com>
---
 .../avm.platform.toggle-avm-workflows.yml     | 35 +++----
 .../platform/Switch-WorkflowSate.ps1          | 96 +++++++++++++++++++
 2 files changed, 115 insertions(+), 16 deletions(-)
 create mode 100644 avm/utilities/pipelines/platform/Switch-WorkflowSate.ps1

diff --git a/.github/workflows/avm.platform.toggle-avm-workflows.yml b/.github/workflows/avm.platform.toggle-avm-workflows.yml
index cf4d56d0d6..2fec7d3020 100644
--- a/.github/workflows/avm.platform.toggle-avm-workflows.yml
+++ b/.github/workflows/avm.platform.toggle-avm-workflows.yml
@@ -3,14 +3,14 @@ name: "avm.platform.toggle-avm-workflows"
 on:
   workflow_dispatch:
     inputs:
-      workMode:
+      targetState:
         type: choice
         description: "Enable or disable workflows"
         required: true
         options:
-          - "enable"
-          - "disable"
-        default: "disable"
+          - "Enable"
+          - "Disable"
+        default: "Disable"
       includePattern:
         type: string
         description: "RegEx which workflows are included"
@@ -33,19 +33,22 @@ jobs:
           fetch-depth: 0
       - env:
           GH_TOKEN: ${{ github.token }}
-        name: ${{ inputs.workMode }} AVM workflows
+        name: ${{ inputs.targetState }} AVM workflows
         shell: pwsh
         run: |
-          $repo = "${{ github.repository_owner }}/${{ github.event.repository.name }}"
-          $workflows = gh workflow list --repo $repo --all --json "name,state,id" | ConvertFrom-Json -Depth 100
-          $relevantWorkflows = $workflows | Where-Object {
-              $_.name -match "${{ inputs.includePattern }}" -and $_.name -notmatch "${{ inputs.excludePattern }}"
-          }
+          # Load used functions
+          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines'  'platform' 'Switch-WorkflowSate.ps1')
 
-          foreach ($workflow in $relevantWorkflows) {
-              if (("${{ inputs.workMode }}" -eq "disable" -and $workflow.state -eq "active") -or ("${{ inputs.workMode }}" -eq "enable" -and $workflow.state -ne "active"))
-              {
-                Write-Verbose "${{ inputs.workMode }} $($workflow.name)" -Verbose
-                gh workflow ${{ inputs.workMode }} $workflow.id  --repo $repo
-              }
+          $functionInput = @{
+            RepositoryOwner = '${{ github.repository_owner }}'
+            RepositoryName  = '${{ github.event.repository.name }}'
+            TargetState     = '${{ inputs.targetState }}'.ToLower()
+            IncludePattern  = '${{ inputs.includePattern }}'
+            ExlcudePattern  = '${{ inputs.excludePattern }}'
           }
+
+          Write-Verbose "Invoke function with" -Verbose
+          Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose
+
+          # Get the modified child resources
+          Switch-WorkflowSate @functionInput -Verbose
diff --git a/avm/utilities/pipelines/platform/Switch-WorkflowSate.ps1 b/avm/utilities/pipelines/platform/Switch-WorkflowSate.ps1
new file mode 100644
index 0000000000..9b7b2929eb
--- /dev/null
+++ b/avm/utilities/pipelines/platform/Switch-WorkflowSate.ps1
@@ -0,0 +1,96 @@
+<#
+.SYNOPSIS
+Toggle the state of GitHub workflows in a given repository to either being enabled or disabled.
+
+.DESCRIPTION
+Toggle the state of GitHub workflows in a given repository to either being enabled or disabled.
+
+.PARAMETER TargetState
+Mandatory. The state to set the workflows to. Must be either 'enable' or 'disable'.
+
+.PARAMETER RepositoryOwner
+Mandatory. The owning organization of the repository. For example, 'MyOrg'.
+
+.PARAMETER RepositoryName
+Optional. The name of the repository. Defaults to 'bicep-registry-modules'.
+
+.PARAMETER IncludePattern
+Optional. A regex pattern to match against the workflow names. Defaults to 'avm\.(?:res|ptn)' - avm.res & avm.ptn.
+
+.PARAMETER ExlcudePattern
+Optional. A regex pattern that should not match against the workflow names. Defaults to '^$' - empty.
+
+.PARAMETER GitHubToken
+Optional. The GitHub PAT token to use for authentication when interacting with GitHub. If not provided, the PAT must be available in the environment variable 'GH_TOKEN'
+
+.EXAMPLE
+Switch-WorkflowSate -RepositoryOwner 'Paul' -RepositoryName 'bicep-registry-modules' -TargetState 'enable' -GitHubToken ('iAmAToken' | ConvertTo-SecureString -AsPlainText -Force)
+
+Enable any AVM res/ptn workflow in the [Paul/bicep-registry-modules] repository that is not in state 'active' using a custom GitHub PAT token.
+
+.EXAMPLE
+Switch-WorkflowSate -RepositoryOwner 'Paul' -RepositoryName 'bicep-registry-modules' -TargetState 'disable'
+
+Disable any workflow in the [Paul/bicep-registry-modules] repository that has the state 'active', assuming you have a GitHub PAT token 'GH_TOKEN' set in your environment.
+
+.EXAMPLE
+Switch-WorkflowSate -RepositoryOwner 'Paul' -RepositoryName 'bicep-registry-modules' -TargetState 'disable' -IncludePattern 'avm\.res\.network\.'
+
+Disable any workflow with a naming matching [avm.res.network*] in the [Paul/bicep-registry-modules] repository that has the state 'active', assuming you have a GitHub PAT token 'GH_TOKEN' set in your environment.
+
+.EXAMPLE
+Switch-WorkflowSate -RepositoryOwner 'Paul' -RepositoryName 'bicep-registry-modules' -TargetState 'disable' -IncludePattern 'avm\.res\.network' -ExlcudePattern 'avm\.res\.network\.virtual-network'
+
+Disable any workflow with a naming matching [avm.res.network*] but exluding those that match the name [avm.res.network.virtual-network] in the [Paul/bicep-registry-modules] repository that has the state 'active', assuming you have a GitHub PAT token 'GH_TOKEN' set in your environment.
+#>
+function Switch-WorkflowSate {
+
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [ValidateSet('enable', 'disable')]
+        [string] $TargetState,
+
+        [Parameter(Mandatory = $true)]
+        [string] $RepositoryOwner,
+
+        [Parameter(Mandatory = $false)]
+        [string] $RepositoryName = 'bicep-registry-modules',
+
+        [Parameter(Mandatory = $false)]
+        [string] $IncludePattern = 'avm\.(?:res|ptn)',
+
+        [Parameter(Mandatory = $false)]
+        [string] $ExlcudePattern = '^$',
+
+        [Parameter(Mandatory = $false)]
+        [secureString] $GitHubToken
+    )
+
+    if (-not [String]::IsNullOrEmpty($GitHubToken)) {
+        $env:GH_TOKEN = $GitHubToken | ConvertFrom-SecureString -AsPlainText
+    }
+
+    $repo = "$RepositoryOwner/$RepositoryName"
+
+    if ($repo -eq 'Azure/bicep-registry-modules') {
+        throw 'Function should not run for [Azure/bicep-registry-modules].'
+    }
+
+    $workflows = gh workflow list --repo $repo --all --json "name,state,id" | ConvertFrom-Json -Depth 100
+    $relevantWorkflows = $workflows | Where-Object {
+        $_.name -match $IncludePattern -and $_.name -notmatch $ExlcudePattern
+    }
+
+    if ($TargetState -eq 'disable') {
+        foreach ($workflow in ($relevantWorkflows | Where-Object { $_.state -eq 'active' })) {
+            gh workflow $TargetState $workflow.id --repo $repo
+            Write-Verbose ('- Disabled workflow [{0}]' -f $workflow.name)
+        }
+    } else {
+        foreach ($workflow in ($relevantWorkflows | Where-Object { $_.state -ne 'active' })) {
+            gh workflow $TargetState $workflow.id --repo $repo
+            Write-Verbose ('+ Enabled workflow [{0}]' -f $workflow.name)
+        }
+    }
+}