Skip to content
Infra - Build

Resolve PSRule failure. #5

Sign in to view logs

Resolve PSRule failure.

Resolve PSRule failure. #5

Workflow file for this run

.github/workflows/build.yml at b09fd6e
# Builds a JSON file from the main.json bicep
name: Infra - Build
on:
pull_request: #On PR, we're just doing validation that it compiled to support the build policy
branches:
- main
paths:
- "bicep/*"
- "bicep/modules_bicep/**/*"
workflow_dispatch: #Manual execution will be good for debugging
jobs:
Validation:
permissions:
id-token: write
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: ContextCheck
shell: pwsh
run: |
echo 'ghen : ${{ github.event_name }}'
echo "Sha is ${{ github.sha }}"
echo "Ref is ${{ github.ref }}"
echo "Ref name is ${{GITHUB.REF_NAME}}"
dir
- name: Install Bicep
shell: pwsh
run: |
az bicep install
- name: Azure Login
uses: Azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
enable-AzPSSession: true
environment: azurecloud
allow-no-subscriptions: false
- name: Bicep build
shell: pwsh
run: |
#write-output $pwd
$compiledir=Join-Path -Path $pwd -ChildPath "bicep/compiled"
write-output $compiledir
If(!(test-path $compiledir))
{
New-Item -ItemType Directory -Force -Path $compiledir
}
/home/runner/.azure/bin/bicep build bicep/main.bicep --outdir $compiledir
- uses: actions/checkout@v3
if: github.event_name != 'push'
name: Git Checkout target
with:
path: old
ref: ${{ github.event.pull_request.base.sha }}
- name: Bicep build (old)
shell: pwsh
run: |
#write-output $pwd
$compiledir=Join-Path -Path $pwd -ChildPath "old/bicep/compiled"
write-output $compiledir
If(!(test-path $compiledir))
{
New-Item -ItemType Directory -Force -Path $compiledir
}
/home/runner/.azure/bin/bicep build bicep/main.bicep --outdir $compiledir
- name: Check for Parameter changes in main.json
if: github.event_name != 'push'
env:
oldFilePath: "old/bicep/compiled/main.json"
newFilePath: "bicep/compiled/main.json"
shell: pwsh
run: |
$arm1params = get-content $Env:oldFilePath | ConvertFrom-Json -AsHashtable | Select -expandProperty parameters
$arm2params = get-content $Env:newFilePath | ConvertFrom-Json -AsHashtable | Select -expandProperty parameters
$arm1paramList = @()
$arm1params.keys | % {$arm1paramList += New-Object PSObject -Property ([Ordered]@{Parameter=$_; DefaultValue=$arm1params.Get_Item($_).defaultValue | ConvertTo-Json -Compress })}
$arm2paramList = @()
$arm2params.keys | % {$arm2paramList+= New-Object PSObject -Property ([Ordered]@{Parameter=$_; DefaultValue=$arm2params.Get_Item($_).defaultValue | ConvertTo-Json -Compress })}
$comparison = Compare-Object $arm1paramList $arm2paramList -Property Parameter, DefaultValue -PassThru | select Parameter, DefaultValue, @{N='FileVersion';E={$_.SideIndicator.replace('<=','Old').replace('=>','New')}}
write-output $comparison
if ($comparison.length -gt 0) {
#cd old #Need to change directory to give the gh cli repo context
#GitHub uses a markdown rendering tool called Glamour. It copes with HTML pretty well, and pwsh loves html not markdown.
[string]$html = $comparison | sort-object Parameter, @{e='FileVersion';desc=$true} | ConvertTo-Html -Fragment | Out-String
Write-Output $html
"<h2>Detected parameter change</h2><p>Parameter changes need to be reviewed carefully</p>" + $html | Out-File "ghpr.html"
} else {
write-output "no changes to parameters"
}
- name: Add comment to PR
if: github.event_name == 'pull_request'
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: pwsh
run: |
if (test-path "ghpr.html") {
gh pr comment ${{ github.event.pull_request.number }} -F "ghpr.html"
}
else {
write-output "ghpr.html not found, no pr comment required"
}