Skip to content

.Platform: Library PSRule pre-flight validation #134

.Platform: Library PSRule pre-flight validation

.Platform: Library PSRule pre-flight validation #134

name: '.Platform: Library PSRule pre-flight validation'
on:
workflow_dispatch:
schedule:
- cron: '0 12 * * 0' # Weekly Sunday Analysis
env:
variablesPath: 'settings.yml'
modulesPath: 'modules'
TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}'
jobs:
psrule:
name: 'PSRule validation'
runs-on: ubuntu-latest
steps:
# Analyze module library with PSRule
- name: Checkout
uses: actions/checkout@v4
- name: Set environment
uses: ./.github/actions/templates/setEnvironment
with:
variablesPath: ${{ env.variablesPath }}
- name: 'Replace tokens in template file'
uses: azure/powershell@v1
with:
azPSVersion: 'latest'
inlineScript: |
# Grouping task logs
Write-Output '::group::Replace tokens in template file'
# Load used functions
. (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'tokensReplacement' 'Convert-TokensInFileList.ps1')
# Populate tokens
$Tokens = @{
subscriptionId = '${{ secrets.ARM_SUBSCRIPTION_ID }}'
managementGroupId = '${{ secrets.ARM_MGMTGROUP_ID }}'
tenantId = '${{ env.ARM_TENANT_ID }}'
}
## Add local (source control) tokens
$tokenMap = @{}
foreach ($token in (Get-ChildItem env: | Where-Object -Property Name -Like "localToken_*")) {
$tokenMap += @{ $token.Name.Replace('localToken_','','OrdinalIgnoreCase') = $token.value }
}
Write-Verbose ('Using local tokens [{0}]' -f ($tokenMap.Keys -join ', ')) -Verbose
$Tokens += $tokenMap
## Swap 'namePrefix' token if empty and provided as a GitHub secret
if([String]::IsNullOrEmpty($Tokens['namePrefix'])){
Write-Verbose 'Using [namePrefix] token from GitHub' -Verbose
$Tokens['namePrefix'] = '${{ env.TOKEN_NAMEPREFIX }}'
}
# Get File Path List
$modulesFolderPath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}'
$moduleTestFiles = [System.Collections.ArrayList]@()
$moduleTestFiles += Get-ChildItem -Path $env:GITHUB_WORKSPACE -Filter *.test.bicep -Recurse -Force -Name
# Construct Token Function Input
$ConvertTokensInputs = @{
FilePathList = $moduleTestFiles
Tokens = $Tokens
TokenPrefix = '${{ env.tokenPrefix }}'
TokenSuffix = '${{ env.tokenSuffix }}'
}
Write-Verbose "Convert Tokens Input:`n $($ConvertTokensInputs | ConvertTo-Json -Depth 10)" -Verbose
# Invoke Token Replacement Functionality [For Module]
$null = Convert-TokensInFileList @ConvertTokensInputs -verbose
Write-Output '::endgroup::'
- name: Run PSRule analysis
uses: microsoft/ps-rule@v2.4.0
continue-on-error: true # Setting this whilst PSRule gets bedded in, in this project
with:
modules: 'PSRule.Rules.Azure'
inputPath: '${{ env.modulesPath }}/'
outputFormat: Csv
outputPath: '${{ env.modulesPath }}/PSRule-output.csv'
- name: 'Parse CSV content'
uses: azure/powershell@v1
with:
azPSVersion: 'latest'
inlineScript: |
# Grouping task logs
Write-Output '::group::Parse CSV content'
# Load used functions
. (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'PSRuleValidation' 'Set-PSRuleGitHubOutput.ps1')
# Populate parameter input
$ParameterInput = @{
inputFilePath = '${{ env.modulesPath }}/PSRule-output.csv'
outputFilePath = '${{ env.modulesPath }}/PSRule-output.md'
skipPassedRulesReport = $true
}
# Invoke function
$null = Set-PSRuleGitHubOutput @ParameterInput
Write-Output '::endgroup::'
- name: Output to GitHub job summaries
if: always()
shell: pwsh
run: |
# Grouping task logs
Write-Output '::group::Output to GitHub job summaries'
$mdPSRuleOutputFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.modulesPath }}/PSRule-output.md'
if (-not (Test-Path $mdPSRuleOutputFilePath)) {
Write-Warning ('Input file [{0}] not found' -f $mdPSRuleOutputFilePath)
return ''
} else {
Get-Content $mdPSRuleOutputFilePath >> $env:GITHUB_STEP_SUMMARY
Write-Verbose ('Successfully printed out file [{0}] to Job Summaries' -f $mdPSRuleOutputFilePath) -Verbose
}
Write-Output '::endgroup::'