-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds Azure Monitor Baseline Alerts as an independent library member that can be used to augment an existing deployment. In future we will publish one that combines ALZ and AMBA for ease of consumption. --------- Co-authored-by: Arjen Huitema <arjenhuitema@microsoft.com> Co-authored-by: github-actions <action@github.com>
- Loading branch information
1 parent
4787f4d
commit 2f4aa36
Showing
156 changed files
with
64,981 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,174 @@ | ||
--- | ||
name: update platform/amba | ||
|
||
# yamllint disable-line rule:truthy | ||
on: | ||
schedule: | ||
- cron: "0 8 * * 1-5" | ||
workflow_dispatch: {} | ||
|
||
permissions: | ||
contents: write | ||
|
||
env: | ||
alz_repository: "Azure/Enterprise-Scale" | ||
remote_repository: "Azure/azure-monitor-baseline-alerts" | ||
alzlib_repository: "Azure/alzlib" | ||
library_dir: "platform/amba" | ||
pr_title: "feat: update platform/amba library (automated)" | ||
pr_body: |- | ||
This is an automated pull_request containing updates to the library templates stored in 'platform/amba'. | ||
Please review the files changed tab to review changes. | ||
jobs: | ||
update-lib: | ||
name: update | ||
runs-on: ubuntu-latest | ||
environment: libupdate | ||
steps: | ||
- name: Local repository checkout | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
with: | ||
path: ${{ github.repository }} | ||
fetch-depth: 0 | ||
|
||
- name: Remote repository checkout | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
with: | ||
repository: ${{ env.remote_repository }} | ||
path: ${{ env.remote_repository }} | ||
ref: main | ||
|
||
- name: Alz repository checkout | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
with: | ||
repository: ${{ env.alz_repository }} | ||
path: ${{ env.alz_repository }} | ||
ref: main | ||
|
||
- name: setup go | ||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | ||
with: | ||
go-version: 'stable' | ||
|
||
- name: install alzlibtool | ||
run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.18.0 | ||
|
||
- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 | ||
id: generate-token | ||
with: | ||
app_id: ${{ secrets.TOKEN_APP_ID }} | ||
private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} | ||
|
||
- name: Configure local git | ||
run: | | ||
git config user.name github-actions | ||
git config user.email action@github.com | ||
working-directory: ${{ github.repository }} | ||
|
||
- name: Create and checkout branch | ||
id: branch | ||
run: | | ||
BRANCH="platform-amba-${{ github.run_number }}" | ||
echo "name=$BRANCH" >> "$GITHUB_OUTPUT" | ||
git checkout -b "$BRANCH" | ||
working-directory: ${{ github.repository }} | ||
env: | ||
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} | ||
|
||
- name: Copy policy definitions | ||
uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0 | ||
with: | ||
inlineScript: | | ||
Write-Information "==> Running copy policy definitions script..." -InformationAction Continue | ||
${{ github.repository }}/platform/amba/scripts/Copy-PolicyDefinitions.ps1 ` | ||
-TemplatePath "${{ github.workspace }}/${{ env.remote_repository }}/patterns/alz/templates" ` | ||
-TargetPath "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy" ` | ||
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}" | ||
azPSVersion: "latest" | ||
|
||
- name: Update library policy definitions | ||
run: | | ||
alzlibtool convert policydefinition -o \ | ||
"${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy" \ | ||
"${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions" | ||
- name: Update library policy set definitions | ||
run: | | ||
alzlibtool convert policysetdefinition -o \ | ||
"${{ github.workspace }}/${{ env.remote_repository }}/patterns/alz/policySetDefinitions" \ | ||
"${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_set_definitions" | ||
- name: Clean up copied policy definitions | ||
run: | | ||
rm -rf "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy" | ||
working-directory: ${{ github.workspace }} | ||
|
||
- name: Remove deprecated policy definitions | ||
run: | | ||
rm -rf "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_set_definitions/Alerting-LandingZone.alz_policy_set_definition.json" | ||
working-directory: ${{ github.workspace }} | ||
|
||
- name: Update library policy assignments and archetypes | ||
uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0 | ||
with: | ||
inlineScript: | | ||
Write-Information "==> Running policy assignments and archetypes script..." -InformationAction Continue | ||
${{ github.repository }}/platform/amba/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 ` | ||
-AlzToolsPath "${{ github.workspace }}/${{ env.alz_repository }}/src/Alz.Tools/" ` | ||
-TargetPath "${{ github.workspace }}/${{ github.repository }}" ` | ||
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}" | ||
azPSVersion: "latest" | ||
|
||
- name: Update library policy definitions in archetype definitions | ||
uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0 | ||
with: | ||
inlineScript: | | ||
Write-Information "==> Running policy definitions in archetype definitions script..." -InformationAction Continue | ||
${{ github.repository }}/platform/amba/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 ` | ||
-AlzToolsPath "${{ github.workspace }}/${{ env.alz_repository }}/src/Alz.Tools/" ` | ||
-TargetPath "${{ github.workspace }}/${{ github.repository }}" ` | ||
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}" | ||
azPSVersion: "latest" | ||
|
||
- name: Check for changes | ||
id: git_status | ||
run: | | ||
mapfile -t "CHECK_GIT_STATUS" < <(git status -s ${{ env.library_dir }}) | ||
printf "%s\n" "${CHECK_GIT_STATUS[@]}" | ||
echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT" | ||
working-directory: ${{ github.workspace }}/${{ github.repository }} | ||
|
||
- name: Add files, commit and push | ||
if: steps.git_status.outputs.changes > 0 | ||
run: | | ||
echo "Pushing changes to origin..." | ||
git add ${{ env.library_dir }} | ||
git commit -m '${{ env.pr_title }}' | ||
git push origin ${{ steps.branch.outputs.name }} | ||
working-directory: ${{ github.repository }} | ||
|
||
- name: Create pull request | ||
if: steps.git_status.outputs.changes > 0 | ||
id: pr | ||
run: | | ||
PR="$(gh pr create \ | ||
--title "${{ env.pr_title }}" \ | ||
--body "${{ env.pr_body }}" \ | ||
--base "${{ github.ref }}" \ | ||
--head "${{ steps.branch.outputs.name }}" \ | ||
--draft)" | ||
echo "Created new PR: $CHECK_PULL_REQUEST_URL" | ||
echo number=$(gh pr view $PR_URL --json number | jq -r '.number') >> "$GITHUB_OUTPUT" | ||
working-directory: ${{ github.repository }} | ||
env: | ||
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} | ||
|
||
- name: close and comment out of date prs | ||
if: steps.git_status.outputs.changes > 0 | ||
run: | | ||
PULL_REQUESTS=$(gh pr list --search 'feat: update platform/amba library (automated)' --json number,headRefName) | ||
echo "$PULL_REQUESTS" | jq -r '.[] | select(.number != ${{ steps.pr.outputs.number }}) | .number' | xargs -I {} gh pr close {} --delete-branch --comment "Supersceeded by #${{ steps.pr.outputs.pull-request-number }}" | ||
working-directory: ${{ github.repository }} | ||
env: | ||
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} |
Oops, something went wrong.