Skip to content

Commit

Permalink
feat: amba (#94)
Browse files Browse the repository at this point in the history 
Adds Azure Monitor Baseline Alerts as an independent library member that
can be used to augment an existing deployment.

In future we will publish one that combines ALZ and AMBA for ease of
consumption.

---------

Co-authored-by: Arjen Huitema <arjenhuitema@microsoft.com>
Co-authored-by: github-actions <action@github.com>
  • Loading branch information
@matt-FFFFFF @arjenhuitema @actions-user
3 people authored Dec 19, 2024
1 parent 4787f4d commit 2f4aa36
Show file tree
Hide file tree
Showing 156 changed files with 64,981 additions and 0 deletions.
174 changes: 174 additions & 0 deletions .github/workflows/update-amba.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
---
name: update platform/amba

# yamllint disable-line rule:truthy
on:
schedule:
- cron: "0 8 * * 1-5"
workflow_dispatch: {}

permissions:
contents: write

env:
alz_repository: "Azure/Enterprise-Scale"
remote_repository: "Azure/azure-monitor-baseline-alerts"
alzlib_repository: "Azure/alzlib"
library_dir: "platform/amba"
pr_title: "feat: update platform/amba library (automated)"
pr_body: |-
This is an automated pull_request containing updates to the library templates stored in 'platform/amba'.
Please review the files changed tab to review changes.
jobs:
update-lib:
name: update
runs-on: ubuntu-latest
environment: libupdate
steps:
- name: Local repository checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
path: ${{ github.repository }}
fetch-depth: 0

- name: Remote repository checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: ${{ env.remote_repository }}
path: ${{ env.remote_repository }}
ref: main

- name: Alz repository checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: ${{ env.alz_repository }}
path: ${{ env.alz_repository }}
ref: main

- name: setup go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 'stable'

- name: install alzlibtool
run: go install github.com/Azure/alzlib/cmd/alzlibtool@v0.18.0

- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
id: generate-token
with:
app_id: ${{ secrets.TOKEN_APP_ID }}
private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}

- name: Configure local git
run: |
git config user.name github-actions
git config user.email action@github.com
working-directory: ${{ github.repository }}

- name: Create and checkout branch
id: branch
run: |
BRANCH="platform-amba-${{ github.run_number }}"
echo "name=$BRANCH" >> "$GITHUB_OUTPUT"
git checkout -b "$BRANCH"
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}

- name: Copy policy definitions
uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0
with:
inlineScript: |
Write-Information "==> Running copy policy definitions script..." -InformationAction Continue
${{ github.repository }}/platform/amba/scripts/Copy-PolicyDefinitions.ps1 `
-TemplatePath "${{ github.workspace }}/${{ env.remote_repository }}/patterns/alz/templates" `
-TargetPath "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy" `
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
azPSVersion: "latest"

- name: Update library policy definitions
run: |
alzlibtool convert policydefinition -o \
"${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy" \
"${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions"
- name: Update library policy set definitions
run: |
alzlibtool convert policysetdefinition -o \
"${{ github.workspace }}/${{ env.remote_repository }}/patterns/alz/policySetDefinitions" \
"${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_set_definitions"
- name: Clean up copied policy definitions
run: |
rm -rf "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions_copy"
working-directory: ${{ github.workspace }}

- name: Remove deprecated policy definitions
run: |
rm -rf "${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_set_definitions/Alerting-LandingZone.alz_policy_set_definition.json"
working-directory: ${{ github.workspace }}

- name: Update library policy assignments and archetypes
uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0
with:
inlineScript: |
Write-Information "==> Running policy assignments and archetypes script..." -InformationAction Continue
${{ github.repository }}/platform/amba/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 `
-AlzToolsPath "${{ github.workspace }}/${{ env.alz_repository }}/src/Alz.Tools/" `
-TargetPath "${{ github.workspace }}/${{ github.repository }}" `
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
azPSVersion: "latest"

- name: Update library policy definitions in archetype definitions
uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0
with:
inlineScript: |
Write-Information "==> Running policy definitions in archetype definitions script..." -InformationAction Continue
${{ github.repository }}/platform/amba/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 `
-AlzToolsPath "${{ github.workspace }}/${{ env.alz_repository }}/src/Alz.Tools/" `
-TargetPath "${{ github.workspace }}/${{ github.repository }}" `
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
azPSVersion: "latest"

- name: Check for changes
id: git_status
run: |
mapfile -t "CHECK_GIT_STATUS" < <(git status -s ${{ env.library_dir }})
printf "%s\n" "${CHECK_GIT_STATUS[@]}"
echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT"
working-directory: ${{ github.workspace }}/${{ github.repository }}

- name: Add files, commit and push
if: steps.git_status.outputs.changes > 0
run: |
echo "Pushing changes to origin..."
git add ${{ env.library_dir }}
git commit -m '${{ env.pr_title }}'
git push origin ${{ steps.branch.outputs.name }}
working-directory: ${{ github.repository }}

- name: Create pull request
if: steps.git_status.outputs.changes > 0
id: pr
run: |
PR="$(gh pr create \
--title "${{ env.pr_title }}" \
--body "${{ env.pr_body }}" \
--base "${{ github.ref }}" \
--head "${{ steps.branch.outputs.name }}" \
--draft)"
echo "Created new PR: $CHECK_PULL_REQUEST_URL"
echo number=$(gh pr view $PR_URL --json number | jq -r '.number') >> "$GITHUB_OUTPUT"
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}

- name: close and comment out of date prs
if: steps.git_status.outputs.changes > 0
run: |
PULL_REQUESTS=$(gh pr list --search 'feat: update platform/amba library (automated)' --json number,headRefName)
echo "$PULL_REQUESTS" | jq -r '.[] | select(.number != ${{ steps.pr.outputs.number }}) | .number' | xargs -I {} gh pr close {} --delete-branch --comment "Supersceeded by #${{ steps.pr.outputs.pull-request-number }}"
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
Loading

0 comments on commit 2f4aa36

Please sign in to comment.