.Platform: Library PSRule pre-flight validation #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: '.Platform: Library PSRule pre-flight validation' | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 12 * * 0' # Weekly Sunday Analysis | |
env: | |
variablesPath: 'settings.yml' | |
modulesPath: 'modules' | |
TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}' | |
jobs: | |
psrule: | |
name: 'PSRule validation' | |
runs-on: ubuntu-latest | |
steps: | |
# Analyze module library with PSRule | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set environment | |
uses: ./.github/actions/templates/setEnvironment | |
with: | |
variablesPath: ${{ env.variablesPath }} | |
- name: 'Replace tokens in template file' | |
uses: azure/powershell@v1 | |
with: | |
azPSVersion: 'latest' | |
inlineScript: | | |
# Grouping task logs | |
Write-Output '::group::Replace tokens in template file' | |
# Load used functions | |
. (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1') | |
# Populate tokens | |
$Tokens = @{ | |
subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}' | |
managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}' | |
tenantId = '${{ env.ARM_TENANT_ID }}' | |
} | |
## Add local (source control) tokens | |
$tokenMap = @{} | |
foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) { | |
$tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value } | |
} | |
Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose | |
$Tokens += $tokenMap | |
## Swap 'namePrefix' token if empty and provided as a GitHub secret | |
if([String]::IsNullOrEmpty($Tokens['namePrefix'])){ | |
Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose | |
$Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}' | |
} | |
# Get File Path List | |
$modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}' | |
$moduleTestFiles = [System.Collections.ArrayList]@() | |
$moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name | |
# Construct Token Function Input | |
$ConvertTokensInputs = @{ | |
FilePathList = $moduleTestFiles | |
Tokens = $Tokens | |
TokenPrefix = '${{ env.tokenPrefix }}' | |
TokenSuffix = '${{ env.tokenSuffix }}' | |
} | |
Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose | |
# Invoke Token Replacement Functionality [For Module] | |
$null = Convert-TokensInFileList @ConvertTokensInputs -verbose | |
Write-Output '::endgroup::' | |
- name: Run PSRule analysis | |
uses: microsoft/[email protected] | |
continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project | |
with: | |
modules: 'PSRule.Rules.Azure' | |
inputPath: '${{ env.modulesPath }}/' | |
outputFormat: Csv | |
outputPath: '${{ env.modulesPath }}/PSRule-output.csv' | |
- name: 'Parse CSV content' | |
uses: azure/powershell@v1 | |
with: | |
azPSVersion: 'latest' | |
inlineScript: | | |
# Grouping task logs | |
Write-Output '::group::Parse CSV content' | |
# Load used functions | |
. (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleGitHubOutput.ps1') | |
# Populate parameter input | |
$ParameterInput = @{ | |
inputFilePath = '${{ env.modulesPath }}/PSRule-output.csv' | |
outputFilePath = '${{ env.modulesPath }}/PSRule-output.md' | |
skipPassedRulesReport = $true | |
} | |
# Invoke function | |
$null = Set-PSRuleGitHubOutput @ParameterInput | |
Write-Output '::endgroup::' | |
- name: Output to GitHub job summaries | |
if: always() | |
shell: pwsh | |
run: | | |
# Grouping task logs | |
Write-Output '::group::Output to GitHub job summaries' | |
$mdPSRuleOutputFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}/PSRule-output.md' | |
if (-not (Test-Path $mdPSRuleOutputFilePath)) { | |
Write-Warning ('Input file [{0}] not found' -f $mdPSRuleOutputFilePath) | |
return '' | |
} else { | |
Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY | |
Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) -Verbose | |
} | |
Write-Output '::endgroup::' |