InfraCI - Regression Validation #1776

Workflow file for this run

.github/workflows/regressionparams.yml at d0042cd

	name: InfraCI - Regression Validation

	on:
	#Run on Manual execution
	workflow_dispatch:

	#Run when our bicep code changes
	push:
	paths:
	- "bicep/*"

	#Run when PR's are made to main, where the changes are in the bicep directory or this workflow file itself
	pull_request:
	branches: [main]
	paths:
	- "bicep/*"
	- ".github/workflows/regressionparams.yml"
	- ".github/workflows_dep/regressionparams/*"

	#Run on a weekly schedule
	schedule:
	# At 11:00pm, every Thursday week
	- cron: "0 23 * * 4"

	env:
	RG: "AksBicepAcc-Ci-HelperValidate" #The resource group we're deploying to.
	ParamDir: ".github/workflows_dep/regressionparams/" #Path to parameter file
	AZCLIVERSION: 2.58.0 #2.53.0 #2.43.0 #2.34.1 #2.29.2 #2.26.0 #latest

	jobs:
	GetParamFiles:
	runs-on: ubuntu-latest
	if: ${{ !github.event.pull_request.head.repo.fork }}
	name: Get Param File List
	outputs:
	FILELIST: ${{ steps.getfiles.outputs.FILELIST}}
	steps:
	#Get the code files from the repo
	- uses: actions/[email protected]

	- name: Job parameter check
	run: \|
	RG='${{ env.RG }}'
	echo "RG is: $RG"
	echo "Param dir path is: ${{ env.ParamDir }}"

	- name: Get List of json files
	id: getfiles
	shell: pwsh
	run: \|
	$FilePath="${{ env.ParamDir }}"

	$FILELISTJSON=get-ChildItem -Path $FilePath -File '*.json' \| select-object -ExpandProperty Name \| ConvertTo-Json -Compress
	Write-Output $FILELISTJSON
	echo "FILELIST=$FILELISTJSON" >> $Env:GITHUB_OUTPUT

	Validation:
	needs: [GetParamFiles]
	strategy:
	matrix:
	files: ${{ fromJson(needs.GetParamFiles.outputs.FILELIST) }}
	max-parallel: 4

	runs-on: ubuntu-latest
	steps:
	- uses: actions/[email protected]

	- name: Job parameter check
	run: \|
	RG='${{ env.RG }}'
	echo "RG is: $RG"
	echo "Param dir path is: ${{ env.ParamDir }}"
	echo "Param file is ${{ matrix.files }}"
	echo "Input path is ${{ env.ParamDir }}${{ matrix.files }}"
	echo "Do PS Rule is ${{ steps.paramfile.outputs.DOPSRULE }}"

	- name: Arm Parameter file check
	shell: pwsh
	id: paramfile
	run: \|
	Write-Output "Checking parameter file existance/contents"
	$paramFilePath="${{ env.ParamDir }}${{ matrix.files }}"
	Test-Path $paramFilePath

	if (Test-Path $paramFilePath) {
	$paramFileContent=Get-Content $paramFilePath
	Write-Output $paramFileContent

	Write-Output "Checking for PSrule template link metadata"
	$paramfile=$paramFileContent\|ConvertFrom-Json
	if ($null -ne $paramfile.metadata.template) {
	Write-Output "Temnplate value found"
	Write-Output $paramfile.metadata.template
	Write-Output $paramfile.metadata.template.length

	echo "DOPSRULE=true" >> $GITHUB_OUTPUT
	} else {
	Write-Output "Temnplate value NOT found"
	echo "DOPSRULE=false" >> $GITHUB_OUTPUT
	}
	}

	- name: Replace subnet, dnszone and kv param values from secret
	shell: pwsh
	run: \|
	$paramFilePath="${{ env.ParamDir }}${{ matrix.files }}"
	$params = Get-Content $paramFilePath \| ConvertFrom-Json

	if($params.parameters.dnsZoneId.value -ne $null) {
	$params.parameters.dnsZoneId.value = "${{ secrets.BYODNSZONEID }}"
	}
	if($params.parameters.byoAKSSubnetId.value -ne $null) {
	$params.parameters.byoAKSSubnetId.value = "${{ secrets.ByoAksSubnetId }}"
	}
	if($params.parameters.byoAGWSubnetId.value -ne $null) {
	$params.parameters.byoAGWSubnetId.value = "${{ secrets.ByoAgwSubnetId }}"
	}
	if($params.parameters.keyVaultKmsByoKeyId.value -ne $null) {
	$params.parameters.keyVaultKmsByoKeyId.value = "${{ secrets.ByoKmsKeyId }}"
	}

	$params \| ConvertTo-Json -Depth 4 \| Out-File "${{ env.ParamDir }}${{ matrix.files }}"

	- name: Azure Login
	uses: Azure/login@v2
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS }}
	enable-AzPSSession: false
	environment: azurecloud
	allow-no-subscriptions: false

	- name: Validate Infrastructure deployment
	uses: Azure/cli@v2
	with:
	azcliversion: ${{ env.AZCLIVERSION }}
	inlineScript: \|
	RG='${{ env.RG }}'
	az deployment group validate -f bicep/main.bicep -g $RG -p ${{ env.ParamDir }}${{ matrix.files }}

	- name: WhatIf Infrastructure deployment
	if: steps.paramfile.outputs.DOPSRULE == 'true'
	continue-on-error: ${{ secrets.ISAZCLIWHATIFUNRELIABLE == 'true' }}
	uses: Azure/cli@v2
	with:
	azcliversion: ${{ env.AZCLIVERSION }}
	inlineScript: \|
	RG='${{ env.RG }}'
	az deployment group what-if -f bicep/main.bicep -g $RG -p ${{ env.ParamDir }}${{ matrix.files }}

	# PSRule does this cool thing where it traverse the parameter file through to the arm template
	# PSRule performs IaC recommendations of the template.
	# https://azure.github.io/PSRule.Rules.Azure/
	- name: PSRule - Analyze Azure parameter file
	if: steps.paramfile.outputs.DOPSRULE == 'true'
	uses: Microsoft/ps-rule@main
	continue-on-error: true #Setting this whilst PSRule gets bedded in, in this project
	with:
	modules: 'PSRule.Rules.Azure'
	inputPath: "${{ env.ParamDir }}${{ matrix.files }}"
	#prerelease: false
	baseline: 'Azure.Default' #'Azure.Preview'

	- name: PSRule - Analyze Azure parameter file including Preview feature rulesets
	if: steps.paramfile.outputs.DOPSRULE == 'true'
	uses: Microsoft/ps-rule@main
	continue-on-error: true #Preview feature checking means we need to suppress errors
	with:
	modules: 'PSRule.Rules.Azure'
	inputPath: "${{ env.ParamDir }}${{ matrix.files }}"
	baseline: 'Azure.All' #All includes preview and internal rules

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

InfraCI - Regression Validation #1776

Workflow file

InfraCI - Regression Validation #1776

Jobs

Run details

Workflow file for this run