AzOps - Pull #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "AzOps - Pull" | |
on: | |
# | |
# Workflow Dispatch | |
# This is to invoke the action from the GitHub UI | |
# | |
workflow_dispatch: | |
# | |
# Repository Dispatch | |
# Invoke this action based on event / webhook, this | |
# could be from an activity logs when a specific condition | |
# is met and triggered | |
# | |
repository_dispatch: | |
types: | |
- "Enterprise-Scale Deployment" | |
- "Enterprise-Scale Event" | |
# | |
# Schedule | |
# This is an optional trigger to pull the latest Azure | |
# hierarchy into the Git repository in a recurring | |
# manner. | |
# | |
# Default: Every 6 hours | |
# | |
schedule: | |
- cron: "0 */6 * * *" | |
# | |
# Workflow Run | |
# Triggers this workflow upon the completion of | |
# the Push action. | |
# | |
workflow_run: | |
workflows: ["AzOps - Push"] | |
branches: [main] | |
types: | |
- completed | |
# | |
# Permissions required for the pipeline to interact with repo and federated credentials | |
# | |
permissions: | |
id-token: write | |
contents: write | |
pull-requests: write | |
env: | |
# | |
# Credentials | |
# | |
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
ARM_ENVIRONMENT: ${{ secrets.ARM_ENVIRONMENT }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
AZOPS_MODULE_VERSION: ${{ secrets.AZOPS_MODULE_VERSION }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# | |
# modulesFolder | |
# To enable caching of PowerShell modules between | |
# runs, the modules are stored in a modules folder | |
# that can be cached. | |
# | |
modulesFolder: "~/.local/share/powershell/Modules" | |
# | |
# Folder Name | |
# By default we generate the hierachy within the | |
# 'azops' folder within the root of the repository. | |
# If this property is modified, the config value within | |
# the settings.json file - Core.State will also need | |
# to be changed. | |
# | |
# Default: root | |
# | |
folder: "root" | |
# | |
# Branch Name | |
# As part of the Pull workflow we check a temporary branch | |
# this branch was previously know as system, this value can | |
# be changed if this name is already reserved for other systems | |
# within the repository. | |
# | |
# Default: automated | |
# | |
branch: "automated" | |
# | |
# Commit Message | |
# During the Pull workflow, the changes are commited to the | |
# temporary branch, the message which is applied within the | |
# Git history can be changed as needed. | |
# | |
# Default: Automated commit | |
# | |
commit_message: "Automated commit" | |
# | |
# Pull Request | |
# The generated Pull Request for the Pull workflow can be | |
# modified to help indicate when changes we're merged in the | |
# Git history. | |
# | |
# Default: Automated state | |
# | |
pull_request: "Automated State" | |
jobs: | |
pull: | |
# | |
# Pull | |
# | |
name: "Pull" | |
runs-on: ubuntu-20.04 | |
# | |
# Environment if using Federated Credentials | |
# https://github.com/azure/azops/wiki/github-oidc | |
# | |
# environment: prod | |
# | |
# Only run Pull after successful Push or on manually triggered/scheduled events | |
# | |
if: ${{ github.event.workflow_run.conclusion == 'success' || | |
contains(fromJson('["schedule", "workflow_dispatch", "repository_dispatch"]'), github.event_name) }} | |
steps: | |
# | |
# Checkout | |
# Checks-out the repository | |
# | |
- name: "Checkout" | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# | |
# Shared steps | |
# Include shared steps from the 'action.yml' file | |
# to not have to repeat them in every pipeline. | |
# | |
- name: 'Shared steps' | |
uses: ./.github/actions/sharedSteps | |
# | |
# Configure | |
# Set global options | |
# | |
- name: "Configure" | |
shell: bash | |
run: | | |
git config user.name github-actions | |
git config user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
# | |
# Checkout | |
# Switch branches | |
# | |
- name: "Checkout" | |
shell: bash | |
run: | | |
git checkout -b ${{ env.branch }} | |
# | |
# Initialize | |
# Generate new state data | |
# | |
- name: "Initialize" | |
shell: pwsh | |
run: | | |
Import-PSFConfig -Path settings.json -Schema MetaJson -EnableException | |
if ($env:ACTION -eq "Enterprise-Scale Deployment") { | |
Set-PSFConfig -FullName AzOps.Core.SkipResource -Value $false | |
} | |
Invoke-AzOpsPull -Rebuild | |
Get-Job | Remove-Job -Force | |
env: | |
ACTION: ${{ github.event.action }} | |
# | |
# Status | |
# Check for data changes | |
# | |
- name: "Status" | |
id: status | |
shell: bash | |
run: | | |
STATUS=$(git status --short) | |
echo $STATUS | |
if [ -z "$STATUS" ] | |
then | |
echo "state=stop" >> $GITHUB_OUTPUT | |
else | |
echo "state=continue" >> $GITHUB_OUTPUT | |
fi | |
# | |
# Add | |
# Add file content to index | |
# | |
- name: "Add" | |
if: steps.status.outputs.state == 'continue' | |
run: | | |
git add "./${{ env.folder }}" | |
shell: bash | |
# | |
# Commit | |
# Record changes to the repository | |
# | |
- name: "Commit" | |
if: steps.status.outputs.state == 'continue' | |
shell: bash | |
run: | | |
git commit -m "${{ env.commit_message }}" | |
# | |
# Push | |
# Update remote refs along with associated objects | |
# | |
- name: "Push" | |
if: steps.status.outputs.state == 'continue' | |
shell: bash | |
run: | | |
git push origin ${{ env.branch }} -f | |
# | |
# Merge | |
# Automatically merge the head branch into base | |
# | |
- name: "Merge" | |
if: steps.status.outputs.state == 'continue' | |
shell: bash | |
run: | | |
gh pr create --title "${{ env.pull_request }}" --body "-" --base 'main' --head ${{ env.branch }} | |
gh pr merge "${{ env.branch }}" --squash --delete-branch |