From 1450e47467425e5beb1bd0d07919966c36a011ed Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 21 Jan 2022 12:58:56 +0100 Subject: [PATCH 01/31] test fake vhd --- arm/Microsoft.Compute/images/.parameters/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Compute/images/.parameters/parameters.json b/arm/Microsoft.Compute/images/.parameters/parameters.json index ce060c3702..12083b20af 100644 --- a/arm/Microsoft.Compute/images/.parameters/parameters.json +++ b/arm/Microsoft.Compute/images/.parameters/parameters.json @@ -12,7 +12,7 @@ "value": "Windows" }, "osDiskBlobUri": { - "value": "https://adpsxxazsax001.blob.core.windows.net/vhds/adp-sxx-az-imgt-x-001.vhd" + "value": "https://adpsxxazsax001.blob.core.windows.net/vhds/adp-emptyvhd.vhd" }, "osDiskCaching": { "value": "ReadWrite" From 8e364c3fd2dfcbafa2e6bbdc8c7caf775bf8c252 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 21 Jan 2022 13:30:12 +0100 Subject: [PATCH 02/31] vhd ref back --- arm/Microsoft.Compute/images/.parameters/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Compute/images/.parameters/parameters.json b/arm/Microsoft.Compute/images/.parameters/parameters.json index 12083b20af..ce060c3702 100644 --- a/arm/Microsoft.Compute/images/.parameters/parameters.json +++ b/arm/Microsoft.Compute/images/.parameters/parameters.json @@ -12,7 +12,7 @@ "value": "Windows" }, "osDiskBlobUri": { - "value": "https://adpsxxazsax001.blob.core.windows.net/vhds/adp-emptyvhd.vhd" + "value": "https://adpsxxazsax001.blob.core.windows.net/vhds/adp-sxx-az-imgt-x-001.vhd" }, "osDiskCaching": { "value": "ReadWrite" From 23c9b88aab1de972626a004f2036d594ecf0c1f0 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 21 Jan 2022 13:31:11 +0100 Subject: [PATCH 03/31] add vhds container to sa dep --- .../storageAccounts/parameters/parameters.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/utilities/pipelines/dependencies/Microsoft.Storage/storageAccounts/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Storage/storageAccounts/parameters/parameters.json index 8ec2fd4ff6..1dcb375152 100644 --- a/utilities/pipelines/dependencies/Microsoft.Storage/storageAccounts/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Storage/storageAccounts/parameters/parameters.json @@ -23,6 +23,10 @@ { "name": "scripts", "publicAccess": "None" + }, + { + "name": "vhds", + "publicAccess": "None" } ] } From ea4dcd5bf71c7169c7600279e236ec39fbf3f936 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 21 Jan 2022 13:41:50 +0100 Subject: [PATCH 04/31] add imgt to dep --- .github/workflows/platform.dependencies.yml | 34 ++++++++++ .../imageTemplates/parameters/parameters.json | 66 +++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 83c4d0778f..30d12f1c9e 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -8,6 +8,11 @@ on: description: 'Enable SqlMi dependencies deployment' required: false default: 'false' + deployVhdDependencies: + type: boolean + description: 'Enable deployment of a vhd stored in a blob container' + required: false + default: 'false' # push: # branches: @@ -285,6 +290,35 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' + job_deploy_imgt: + runs-on: ubuntu-20.04 + name: 'Deploy image template' + if: github.event.inputs.deployVhdDependencies == 'true' + env: + namespace: 'Microsoft.VirtualMachineImages\imageTemplates' + needs: + - job_deploy_msi + - job_deploy_sig + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + job_deploy_ag: runs-on: ubuntu-20.04 name: 'Deploy action groups' diff --git a/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json new file mode 100644 index 0000000000..3356dfe9c9 --- /dev/null +++ b/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json @@ -0,0 +1,66 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "adp-sxx-az-imgt-x-001" + }, + "userMsiName": { + "value": "adp-sxx-az-msi-x-001" + }, + "userMsiResourceGroup": { + "value": "validation-rg" + }, + "buildTimeoutInMinutes": { + "value": 0 + }, + "vmSize": { + "value": "Standard_D2s_v3" + }, + "osDiskSizeGB": { + "value": 127 + }, + "subnetId": { + "value": "" + }, + "imageSource": { + "value": { + "type": "PlatformImage", + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-10", + "sku": "19h2-evd", + "version": "latest" + } + }, + "customizationSteps": { + "value": [ + { + "type": "WindowsRestart", + "restartTimeout": "30m" + } + ] + }, + "managedImageName": { + "value": "sxx-az-mi-x-001" + }, + "unManagedImageName": { + "value": "sxx-az-umi-x-001" + }, + "sigImageDefinitionId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/galleries/adpsxxazsigweux001/images/adp-sxx-az-imgd-x-001" + }, + "imageReplicationRegions": { + "value": [] + }, + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "<>" + ] + } + ] + } + } +} From e8815d9ca9f8eed3364e52cd9d9d14f70cfa8172 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 21 Jan 2022 18:45:03 +0100 Subject: [PATCH 05/31] test runcommand output dep --- .github/workflows/platform.dependencies.yml | 1680 ++++++++++--------- 1 file changed, 851 insertions(+), 829 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 30d12f1c9e..8aa80104b2 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -99,169 +99,169 @@ jobs: Write-Output ('::set-output name={0}::{1}' -f 'msiPrincipalId', $msiPrincipalId) azPSVersion: 'latest' - job_deploy_pa: - runs-on: ubuntu-20.04 - name: 'Deploy policy assignment' - env: - namespace: 'Microsoft.Authorization\policyAssignments' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_policyAssignments_sub.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_pa: + # runs-on: ubuntu-20.04 + # name: 'Deploy policy assignment' + # env: + # namespace: 'Microsoft.Authorization\policyAssignments' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_policyAssignments_sub.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_evh: - runs-on: ubuntu-20.04 - name: 'Deploy eventhub' - env: - namespace: 'Microsoft.EventHub\namespaces' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_evh: + # runs-on: ubuntu-20.04 + # name: 'Deploy eventhub' + # env: + # namespace: 'Microsoft.EventHub\namespaces' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_law: - runs-on: ubuntu-20.04 - name: 'Deploy log analytics workspace' - env: - namespace: 'Microsoft.OperationalInsights\workspaces' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['appi.parameters.json', 'parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_law: + # runs-on: ubuntu-20.04 + # name: 'Deploy log analytics workspace' + # env: + # namespace: 'Microsoft.OperationalInsights\workspaces' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['appi.parameters.json', 'parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_sa: - runs-on: ubuntu-20.04 - name: 'Deploy storage account' - env: - namespace: 'Microsoft.Storage\storageAccounts' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: - ['fa.parameters.json', 'law.parameters.json', 'parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_sa: + # runs-on: ubuntu-20.04 + # name: 'Deploy storage account' + # env: + # namespace: 'Microsoft.Storage\storageAccounts' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # ['fa.parameters.json', 'law.parameters.json', 'parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_sa_upload_storage_files: - runs-on: ubuntu-20.04 - name: 'Upload files to storage account' - env: - namespace: 'Microsoft.Storage\storageAccounts' - needs: - - job_deploy_sa - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Setup agent' - shell: pwsh - run: | - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + # job_sa_upload_storage_files: + # runs-on: ubuntu-20.04 + # name: 'Upload files to storage account' + # env: + # namespace: 'Microsoft.Storage\storageAccounts' + # needs: + # - job_deploy_sa + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Setup agent' + # shell: pwsh + # run: | + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - # Define PS modules to install on the runner - $Modules = @( - @{ Name = 'Az.Storage' } - ) + # # Define PS modules to install on the runner + # $Modules = @( + # @{ Name = 'Az.Storage' } + # ) - # Set agent up - Set-EnvironmentOnAgent -PSModules $Modules - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true - - name: Run PowerShell - uses: azure/powershell@v1 - with: - inlineScript: | - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') + # # Set agent up + # Set-EnvironmentOnAgent -PSModules $Modules + # - name: Azure Login + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + # enable-AzPSSession: true + # - name: Run PowerShell + # uses: azure/powershell@v1 + # with: + # inlineScript: | + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') - # Get storage account name - $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.namespace }}' 'parameters' 'parameters.json' - $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + # # Get storage account name + # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.namespace }}' 'parameters' 'parameters.json' + # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - # Upload files to storage account - $functionInput = @{ - ResourceGroupName = '${{ env.defaultResourceGroupName }}' - StorageAccountName = $storageAccountParameters.name.value - contentDirectories = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.namespace }}' 'uploads' - targetContainer = $storageAccountParameters.blobServices.value.containers[0].name - } + # # Upload files to storage account + # $functionInput = @{ + # ResourceGroupName = '${{ env.defaultResourceGroupName }}' + # StorageAccountName = $storageAccountParameters.name.value + # contentDirectories = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.namespace }}' 'uploads' + # targetContainer = $storageAccountParameters.blobServices.value.containers[0].name + # } - Write-Verbose "Invoke task with" -Verbose - Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose + # Write-Verbose "Invoke task with" -Verbose + # Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose - Export-ContentToBlob @functionInput -Verbose - azPSVersion: 'latest' + # Export-ContentToBlob @functionInput -Verbose + # azPSVersion: 'latest' job_deploy_sig: runs-on: ubuntu-20.04 @@ -318,711 +318,733 @@ jobs: subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' - - job_deploy_ag: - runs-on: ubuntu-20.04 - name: 'Deploy action groups' - env: - namespace: 'Microsoft.Insights\actionGroups' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment + - name: 'Trigger building new image' + uses: azure/powershell@v1 with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + inlineScript: | + Write-Verbose "Retrieving command to run" -Verbose + $deploymentOutput = '${{ steps.deploy_msi.outputs.deploymentOutput }}' + $RunThisCommand = (ConvertFrom-Json $deploymentOutput).runThisCommand + $ImageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName + $ResourceGroupName = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup + Write-Verbose "Trigger new image creation with command $RunThisCommand" -Verbose + # $ImageTemplateName = 'adp-sxx-az-imgt-x-001-2022-01-18-18-48-33' + # $ResourceGroupName = 'validation-rg' - job_deploy_asg: - runs-on: ubuntu-20.04 - name: 'Deploy application security groups' - env: - namespace: 'Microsoft.Network\applicationSecurityGroups' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # $resourceActionInputObject = @{ + # ResourceName = $ImageTemplateName + # ResourceGroupName = $ResourceGroupName + # ResourceType = 'Microsoft.VirtualMachineImages/imageTemplates' + # Action = 'Run' + # Force = $true + # } + # Invoke-AzResourceAction @resourceActionInputObject + azPSVersion: 'latest' - job_deploy_udr: - runs-on: ubuntu-20.04 - name: 'Deploy route tables' - env: - namespace: 'Microsoft.Network\routeTables' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_ag: + # runs-on: ubuntu-20.04 + # name: 'Deploy action groups' + # env: + # namespace: 'Microsoft.Insights\actionGroups' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_sqlmi_udr: - runs-on: ubuntu-20.04 - name: 'Deploy sqlmi route tables' - if: github.event.inputs.deploySqlMiDependencies == 'true' - env: - namespace: 'Microsoft.Network\routeTables' - needs: - - job_deploy_rg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['sqlMi.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_asg: + # runs-on: ubuntu-20.04 + # name: 'Deploy application security groups' + # env: + # namespace: 'Microsoft.Network\applicationSecurityGroups' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_nsg: - runs-on: ubuntu-20.04 - name: 'Deploy network security groups' - env: - namespace: 'Microsoft.Network\networkSecurityGroups' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: - [ - 'apgw.parameters.json', - 'ase.parameters.json', - 'bastion.parameters.json', - 'parameters.json', - ] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_udr: + # runs-on: ubuntu-20.04 + # name: 'Deploy route tables' + # env: + # namespace: 'Microsoft.Network\routeTables' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_sqlmi_nsg: - runs-on: ubuntu-20.04 - name: 'Deploy sqlmi network security group' - if: github.event.inputs.deploySqlMiDependencies == 'true' - env: - namespace: 'Microsoft.Network\networkSecurityGroups' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['sqlmi.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_sqlmi_udr: + # runs-on: ubuntu-20.04 + # name: 'Deploy sqlmi route tables' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # env: + # namespace: 'Microsoft.Network\routeTables' + # needs: + # - job_deploy_rg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['sqlMi.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_pip: - runs-on: ubuntu-20.04 - name: 'Deploy public IP addresses' - env: - namespace: 'Microsoft.Network\publicIPAddresses' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: - ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_nsg: + # runs-on: ubuntu-20.04 + # name: 'Deploy network security groups' + # env: + # namespace: 'Microsoft.Network\networkSecurityGroups' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # [ + # 'apgw.parameters.json', + # 'ase.parameters.json', + # 'bastion.parameters.json', + # 'parameters.json', + # ] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_appi: - runs-on: ubuntu-20.04 - name: 'Deploy application insight' - env: - namespace: 'Microsoft.Insights\components' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_sqlmi_nsg: + # runs-on: ubuntu-20.04 + # name: 'Deploy sqlmi network security group' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # env: + # namespace: 'Microsoft.Network\networkSecurityGroups' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['sqlmi.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_aut: - runs-on: ubuntu-20.04 - name: 'Deploy automation account' - env: - namespace: 'Microsoft.Automation\automationAccounts' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_pip: + # runs-on: ubuntu-20.04 + # name: 'Deploy public IP addresses' + # env: + # namespace: 'Microsoft.Network\publicIPAddresses' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_avdhp: - runs-on: ubuntu-20.04 - name: 'Deploy AVD host pool' - env: - namespace: 'Microsoft.DesktopVirtualization\hostpools' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_appi: + # runs-on: ubuntu-20.04 + # name: 'Deploy application insight' + # env: + # namespace: 'Microsoft.Insights\components' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_rsv: - runs-on: ubuntu-20.04 - name: 'Deploy recovery services vault' - env: - namespace: 'Microsoft.RecoveryServices\vaults' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - - job_deploy_msi - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + # job_deploy_aut: + # runs-on: ubuntu-20.04 + # name: 'Deploy automation account' + # env: + # namespace: 'Microsoft.Automation\automationAccounts' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_kv: - runs-on: ubuntu-20.04 - name: 'Deploy key vaults' - env: - namespace: 'Microsoft.KeyVault\vaults' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - - job_deploy_msi - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json', 'pe.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + # job_deploy_avdhp: + # runs-on: ubuntu-20.04 + # name: 'Deploy AVD host pool' + # env: + # namespace: 'Microsoft.DesktopVirtualization\hostpools' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_kv_secrets: - runs-on: ubuntu-20.04 - name: 'Set key vault secrets keys and certificates' - env: - namespace: 'Microsoft.KeyVault\vaults' - needs: - - job_deploy_kv - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Setup agent' - shell: pwsh - run: | - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + # job_deploy_rsv: + # runs-on: ubuntu-20.04 + # name: 'Deploy recovery services vault' + # env: + # namespace: 'Microsoft.RecoveryServices\vaults' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # - job_deploy_msi + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' - # Define PS modules to install on the runner - $Modules = @( - @{ Name = 'Az.KeyVault' } - ) + # job_deploy_kv: + # runs-on: ubuntu-20.04 + # name: 'Deploy key vaults' + # env: + # namespace: 'Microsoft.KeyVault\vaults' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # - job_deploy_msi + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json', 'pe.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' - # Set agent up - Set-EnvironmentOnAgent -PSModules $Modules - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true - - name: 'Set key vault secrets keys and certificates' - uses: azure/powershell@v1 - with: - inlineScript: | - # Get key vault name - $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies' '${{ env.namespace }}' 'parameters' 'parameters.json' - $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters - $keyVaultName = $keyVaultParameters.name.value + # job_deploy_kv_secrets: + # runs-on: ubuntu-20.04 + # name: 'Set key vault secrets keys and certificates' + # env: + # namespace: 'Microsoft.KeyVault\vaults' + # needs: + # - job_deploy_kv + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Setup agent' + # shell: pwsh + # run: | + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - # Generate values - $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length - $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - $passwordString = (New-Guid).Guid.SubString(0, 19) - $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - $vpnSharedKeyString = (New-Guid).Guid.SubString(0, 32) - $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force + # # Define PS modules to install on the runner + # $Modules = @( + # @{ Name = 'Az.KeyVault' } + # ) - # Set secrets - # ------- - @( - @{ name = 'adminUsername'; secretValue = $username } # VirtualMachines and VMSS - @{ name = 'adminPassword'; secretValue = $password } # VirtualMachines and VMSS - @{ name = 'administratorLogin'; secretValue = $username } # Azure SQLServer - @{ name = 'administratorLoginPassword'; secretValue = $password } # Azure SQLServer - @{ name = 'vpnSharedKey'; secretValue = $vpnSharedKey } # VirtualNetworkGateway - @{ name = 'apimClientId'; secretValue = $username } # API management - @{ name = 'apimClientSecret'; secretValue = $password } # API management - ) | ForEach-Object { - $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue - Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } + # # Set agent up + # Set-EnvironmentOnAgent -PSModules $Modules + # - name: Azure Login + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + # enable-AzPSSession: true + # - name: 'Set key vault secrets keys and certificates' + # uses: azure/powershell@v1 + # with: + # inlineScript: | + # # Get key vault name + # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies' '${{ env.namespace }}' 'parameters' 'parameters.json' + # $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters + # $keyVaultName = $keyVaultParameters.name.value - # Set certificates - # ----------- - $certPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal - @( - @{ name = 'applicationGatewaySslCertificate'; CertificatePolicy = $certPolicy } # ApplicationGateway - ) | ForEach-Object { - $null = Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name $_.name -CertificatePolicy $_.CertificatePolicy - Write-Verbose ('Added certificate [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } + # # Generate values + # $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length + # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + # $passwordString = (New-Guid).Guid.SubString(0, 19) + # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + # $vpnSharedKeyString = (New-Guid).Guid.SubString(0, 32) + # $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force - # Set keys - # ---- - @( - @{ name = 'keyEncryptionKey'; Destination = 'Software' } # DiskEncryptionSet, VirtualMachines and VMSS - ) | ForEach-Object { - $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination - Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } - azPSVersion: 'latest' + # # Set secrets + # # ------- + # @( + # @{ name = 'adminUsername'; secretValue = $username } # VirtualMachines and VMSS + # @{ name = 'adminPassword'; secretValue = $password } # VirtualMachines and VMSS + # @{ name = 'administratorLogin'; secretValue = $username } # Azure SQLServer + # @{ name = 'administratorLoginPassword'; secretValue = $password } # Azure SQLServer + # @{ name = 'vpnSharedKey'; secretValue = $vpnSharedKey } # VirtualNetworkGateway + # @{ name = 'apimClientId'; secretValue = $username } # API management + # @{ name = 'apimClientSecret'; secretValue = $password } # API management + # ) | ForEach-Object { + # $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue + # Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } - job_deploy_sqlmi_kv: - runs-on: ubuntu-20.04 - name: 'Deploy sqlmi key vault' - if: github.event.inputs.deploySqlMiDependencies == 'true' - env: - namespace: 'Microsoft.KeyVault\vaults' - needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law - - job_deploy_msi - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['sqlmi.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + # # Set certificates + # # ----------- + # $certPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal + # @( + # @{ name = 'applicationGatewaySslCertificate'; CertificatePolicy = $certPolicy } # ApplicationGateway + # ) | ForEach-Object { + # $null = Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name $_.name -CertificatePolicy $_.CertificatePolicy + # Write-Verbose ('Added certificate [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } - job_deploy_sqlmi_kv_secrets: - runs-on: ubuntu-20.04 - name: 'Set sqlmi key vault secrets and keys' - if: github.event.inputs.deploySqlMiDependencies == 'true' - needs: - - job_deploy_sqlmi_kv - env: - namespace: 'Microsoft.KeyVault\vaults' - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Setup agent' - shell: pwsh - run: | - # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + # # Set keys + # # ---- + # @( + # @{ name = 'keyEncryptionKey'; Destination = 'Software' } # DiskEncryptionSet, VirtualMachines and VMSS + # ) | ForEach-Object { + # $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination + # Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } + # azPSVersion: 'latest' - # Define PS modules to install on the runner - $Modules = @( - @{ Name = 'Az.KeyVault' } - ) + # job_deploy_sqlmi_kv: + # runs-on: ubuntu-20.04 + # name: 'Deploy sqlmi key vault' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # env: + # namespace: 'Microsoft.KeyVault\vaults' + # needs: + # - job_deploy_sa + # - job_deploy_evh + # - job_deploy_law + # - job_deploy_msi + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['sqlmi.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' - # Set agent up - Set-EnvironmentOnAgent -PSModules $Modules - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - enable-AzPSSession: true - - name: 'Set sqlmi key vault secrets and keys' - uses: azure/powershell@v1 - with: - inlineScript: | - # Get key vault name - $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies' '${{ env.namespace }}' 'parameters' 'sqlmi.parameters.json' - $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters - $keyVaultName = $keyVaultParameters.name.value + # job_deploy_sqlmi_kv_secrets: + # runs-on: ubuntu-20.04 + # name: 'Set sqlmi key vault secrets and keys' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # needs: + # - job_deploy_sqlmi_kv + # env: + # namespace: 'Microsoft.KeyVault\vaults' + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Setup agent' + # shell: pwsh + # run: | + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - # Generate values - $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length - $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - $passwordString = (New-Guid).Guid.SubString(0, 19) - $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + # # Define PS modules to install on the runner + # $Modules = @( + # @{ Name = 'Az.KeyVault' } + # ) - # Set secrets - # ------- - @( - @{ name = 'administratorLogin'; secretValue = $username } # SQLManagedInstances - @{ name = 'administratorLoginPassword'; secretValue = $password } # SQLManagedInstances - ) | ForEach-Object { - $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue - Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } + # # Set agent up + # Set-EnvironmentOnAgent -PSModules $Modules + # - name: Azure Login + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + # enable-AzPSSession: true + # - name: 'Set sqlmi key vault secrets and keys' + # uses: azure/powershell@v1 + # with: + # inlineScript: | + # # Get key vault name + # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies' '${{ env.namespace }}' 'parameters' 'sqlmi.parameters.json' + # $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters + # $keyVaultName = $keyVaultParameters.name.value - # Set keys - # ---- - @( - @{ name = 'keyEncryptionKeySqlMi'; Destination = 'Software' } # SQLManagedInstances - ) | ForEach-Object { - $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination - Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } - azPSVersion: 'latest' + # # Generate values + # $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length + # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + # $passwordString = (New-Guid).Guid.SubString(0, 19) + # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - job_deploy_avdag: - runs-on: ubuntu-20.04 - name: 'Deploy AVD application group' - env: - namespace: 'Microsoft.DesktopVirtualization\applicationgroups' - needs: - - job_deploy_avdhp - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # # Set secrets + # # ------- + # @( + # @{ name = 'administratorLogin'; secretValue = $username } # SQLManagedInstances + # @{ name = 'administratorLoginPassword'; secretValue = $password } # SQLManagedInstances + # ) | ForEach-Object { + # $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue + # Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } - job_deploy_rolea: - runs-on: ubuntu-20.04 - name: 'Deploy role assignments' - env: - namespace: 'Microsoft.Authorization\roleAssignments' - needs: - - job_deploy_msi - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_rbac_sub.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + # # Set keys + # # ---- + # @( + # @{ name = 'keyEncryptionKeySqlMi'; Destination = 'Software' } # SQLManagedInstances + # ) | ForEach-Object { + # $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination + # Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } + # azPSVersion: 'latest' - job_deploy_vnet: - runs-on: ubuntu-20.04 - name: 'Deploy virtual networks' - env: - namespace: 'Microsoft.Network\virtualNetworks' - needs: - - job_deploy_nsg - strategy: - fail-fast: false - matrix: - parameterFilePaths: - [ - '1.bastion.parameters.json', - '2.vnetpeer01.parameters.json', - '3.vnetpeer02.parameters.json', - '4.azfw.parameters.json', - '5.aks.parameters.json', - 'parameters.json', - ] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_avdag: + # runs-on: ubuntu-20.04 + # name: 'Deploy AVD application group' + # env: + # namespace: 'Microsoft.DesktopVirtualization\applicationgroups' + # needs: + # - job_deploy_avdhp + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_sqlmi_vnet: - runs-on: ubuntu-20.04 - name: 'Deploy sqlmi virtual network' - if: github.event.inputs.deploySqlMiDependencies == 'true' - env: - namespace: 'Microsoft.Network\virtualNetworks' - needs: - - job_deploy_sqlmi_udr - - job_deploy_sqlmi_nsg - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['6.sqlmi.parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_rolea: + # runs-on: ubuntu-20.04 + # name: 'Deploy role assignments' + # env: + # namespace: 'Microsoft.Authorization\roleAssignments' + # needs: + # - job_deploy_msi + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_rbac_sub.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' - job_deploy_dnszone: - runs-on: ubuntu-20.04 - name: 'Deploy private DNS zones' - env: - namespace: 'Microsoft.Network\privateDnsZones' - needs: - - job_deploy_vnet - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_vnet: + # runs-on: ubuntu-20.04 + # name: 'Deploy virtual networks' + # env: + # namespace: 'Microsoft.Network\virtualNetworks' + # needs: + # - job_deploy_nsg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: + # [ + # '1.bastion.parameters.json', + # '2.vnetpeer01.parameters.json', + # '3.vnetpeer02.parameters.json', + # '4.azfw.parameters.json', + # '5.aks.parameters.json', + # 'parameters.json', + # ] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' - job_deploy_vm: - runs-on: ubuntu-20.04 - name: 'Deploy virtual machines' - env: - namespace: 'Microsoft.Compute\virtualMachines' - needs: - - job_deploy_kv_secrets - - job_deploy_vnet - - job_deploy_rsv - strategy: - fail-fast: false - matrix: - parameterFilePaths: ['parameters.json'] - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: 'Deploy module' - uses: ./.github/actions/templates/validateModuleDeployment - with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - location: '${{ env.defaultLocation }}' - resourceGroupName: '${{ env.defaultResourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ env.removeDeployment }}' + # job_deploy_sqlmi_vnet: + # runs-on: ubuntu-20.04 + # name: 'Deploy sqlmi virtual network' + # if: github.event.inputs.deploySqlMiDependencies == 'true' + # env: + # namespace: 'Microsoft.Network\virtualNetworks' + # needs: + # - job_deploy_sqlmi_udr + # - job_deploy_sqlmi_nsg + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['6.sqlmi.parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_dnszone: + # runs-on: ubuntu-20.04 + # name: 'Deploy private DNS zones' + # env: + # namespace: 'Microsoft.Network\privateDnsZones' + # needs: + # - job_deploy_vnet + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' + + # job_deploy_vm: + # runs-on: ubuntu-20.04 + # name: 'Deploy virtual machines' + # env: + # namespace: 'Microsoft.Compute\virtualMachines' + # needs: + # - job_deploy_kv_secrets + # - job_deploy_vnet + # - job_deploy_rsv + # strategy: + # fail-fast: false + # matrix: + # parameterFilePaths: ['parameters.json'] + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Deploy module' + # uses: ./.github/actions/templates/validateModuleDeployment + # with: + # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + # location: '${{ env.defaultLocation }}' + # resourceGroupName: '${{ env.defaultResourceGroupName }}' + # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + # removeDeployment: '${{ env.removeDeployment }}' From fb03bbbd4fc4ce241f9d8dcd089b6cc353616666 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 21 Jan 2022 19:02:04 +0100 Subject: [PATCH 06/31] test runcommand output dep step id --- .github/workflows/platform.dependencies.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 8aa80104b2..cc284d22e1 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -309,6 +309,7 @@ jobs: with: fetch-depth: 0 - name: 'Deploy module' + id: deploy_imgt uses: ./.github/actions/templates/validateModuleDeployment with: templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' @@ -323,7 +324,7 @@ jobs: with: inlineScript: | Write-Verbose "Retrieving command to run" -Verbose - $deploymentOutput = '${{ steps.deploy_msi.outputs.deploymentOutput }}' + $deploymentOutput = '${{ steps.deploy_imgt.outputs.deploymentOutput }}' $RunThisCommand = (ConvertFrom-Json $deploymentOutput).runThisCommand $ImageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName $ResourceGroupName = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup From 3b70187699b1fd1b536f310396433912f3840c3f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Fri, 21 Jan 2022 19:20:39 +0100 Subject: [PATCH 07/31] test runcommand --- .github/workflows/platform.dependencies.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index cc284d22e1..ad31b99435 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -329,6 +329,7 @@ jobs: $ImageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName $ResourceGroupName = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup Write-Verbose "Trigger new image creation with command $RunThisCommand" -Verbose + $RunThisCommand # $ImageTemplateName = 'adp-sxx-az-imgt-x-001-2022-01-18-18-48-33' # $ResourceGroupName = 'validation-rg' From 866945c0159c394868103ba7536cc60a1a292eb3 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 24 Jan 2022 16:20:14 +0100 Subject: [PATCH 08/31] update dep param file --- .github/workflows/platform.dependencies.yml | 3 ++- .../imageTemplates/parameters/parameters.json | 24 +------------------ 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index ad31b99435..ab2803ecac 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -329,7 +329,8 @@ jobs: $ImageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName $ResourceGroupName = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup Write-Verbose "Trigger new image creation with command $RunThisCommand" -Verbose - $RunThisCommand + + # Start-AzImageBuilderTemplate -ImageTemplateName $ImageTemplateName -ResourceGroupName $ResourceGroupName # $ImageTemplateName = 'adp-sxx-az-imgt-x-001-2022-01-18-18-48-33' # $ResourceGroupName = 'validation-rg' diff --git a/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json index 3356dfe9c9..12f647476c 100644 --- a/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json @@ -20,9 +20,6 @@ "osDiskSizeGB": { "value": 127 }, - "subnetId": { - "value": "" - }, "imageSource": { "value": { "type": "PlatformImage", @@ -40,27 +37,8 @@ } ] }, - "managedImageName": { - "value": "sxx-az-mi-x-001" - }, "unManagedImageName": { - "value": "sxx-az-umi-x-001" - }, - "sigImageDefinitionId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/galleries/adpsxxazsigweux001/images/adp-sxx-az-imgd-x-001" - }, - "imageReplicationRegions": { - "value": [] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] + "value": "adp-sxx-az-umi-x-001" } } } From 399d785e4d52d6b6be1473d32f206518e7c4643b Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 24 Jan 2022 17:25:03 +0100 Subject: [PATCH 09/31] imgt post deployment --- .github/workflows/platform.dependencies.yml | 67 +++++++++++++++++++-- 1 file changed, 61 insertions(+), 6 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 1d2e2a3736..243a413abc 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -300,6 +300,9 @@ jobs: needs: - job_deploy_msi - job_deploy_sig + outputs: + imageTemplateName: ${{ steps.print_imgt_output.outputs.imageTemplateName }} + imageTemplateResourceGroup: ${{ steps.print_imgt_output.outputs.imageTemplateResourceGroup }} strategy: fail-fast: false matrix: @@ -320,16 +323,68 @@ jobs: subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' - - name: 'Trigger building new image' + - name: 'Set image template output' + id: print_imgt_output uses: azure/powershell@v1 with: inlineScript: | - Write-Verbose "Retrieving command to run" -Verbose $deploymentOutput = '${{ steps.deploy_imgt.outputs.deploymentOutput }}' - $RunThisCommand = (ConvertFrom-Json $deploymentOutput).runThisCommand - $ImageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName - $ResourceGroupName = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup - Write-Verbose "Trigger new image creation with command $RunThisCommand" -Verbose + $imageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName + $imageTemplateResourceGroup = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup + Write-Verbose "imageTemplateName: $imageTemplateName" -Verbose + Write-Verbose "imageTemplateResourceGroup: $imageTemplateResourceGroup" -Verbose + Write-Output ('::set-output name={0}::{1}' -f 'imageTemplateName', $imageTemplateName) + Write-Output ('::set-output name={0}::{1}' -f 'imageTemplateResourceGroup', $imageTemplateResourceGroup) + azPSVersion: 'latest' + + job_deploy_vhd_to_sa: + runs-on: ubuntu-20.04 + name: 'Trigger vhd build and store it to a storage account blob container' + if: github.event.inputs.deployVhdDependencies == 'true' + env: + namespace: 'Microsoft.VirtualMachineImages\imageTemplates' + needs: + - job_deploy_imgt + - job_deploy_sa + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Setup agent' + shell: pwsh + run: | + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.ImageBuilder' }, + @{ Name = 'Az.Storage' } + ) + + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - name: Azure Login + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + enable-AzPSSession: true + - name: 'Trigger building new image' + uses: azure/powershell@v1 + with: + inlineScript: | + Write-Verbose "Retrieving output from previous job" -Verbose + $imageTemplateName = ${{ needs.job_deploy_imgt.outputs.imageTemplateName }} + $imageTemplateResourceGroup = ${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }} + Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose + + # Write-Verbose "Retrieving command to run" -Verbose + # $deploymentOutput = '${{ steps.deploy_imgt.outputs.deploymentOutput }}' + # $RunThisCommand = (ConvertFrom-Json $deploymentOutput).runThisCommand + # $ImageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName + # $ResourceGroupName = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup + # Write-Verbose "Trigger new image creation with command $RunThisCommand" -Verbose # Start-AzImageBuilderTemplate -ImageTemplateName $ImageTemplateName -ResourceGroupName $ResourceGroupName # $ImageTemplateName = 'adp-sxx-az-imgt-x-001-2022-01-18-18-48-33' From c926a84a179544f73c21402d68980bb6f5525c3d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 24 Jan 2022 17:32:17 +0100 Subject: [PATCH 10/31] enable sa --- .github/workflows/platform.dependencies.yml | 54 ++++++++++----------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 243a413abc..d3bfb1fcc1 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -181,33 +181,33 @@ jobs: # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' # removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_sa: - # runs-on: ubuntu-20.04 - # name: 'Deploy storage account' - # env: - # namespace: 'Microsoft.Storage\storageAccounts' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # ['fa.parameters.json', 'law.parameters.json', 'parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_sa: + runs-on: ubuntu-20.04 + name: 'Deploy storage account' + env: + namespace: 'Microsoft.Storage\storageAccounts' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: + ['fa.parameters.json', 'law.parameters.json', 'parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' # job_sa_upload_storage_files: # runs-on: ubuntu-20.04 From 5f6a413a8cf95c8a882ef1343313d299978e7af8 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 24 Jan 2022 17:43:22 +0100 Subject: [PATCH 11/31] quotes output --- .github/workflows/platform.dependencies.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index d3bfb1fcc1..3121d8a5b2 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -297,9 +297,9 @@ jobs: if: github.event.inputs.deployVhdDependencies == 'true' env: namespace: 'Microsoft.VirtualMachineImages\imageTemplates' - needs: - - job_deploy_msi - - job_deploy_sig + # needs: + # - job_deploy_msi + # - job_deploy_sig outputs: imageTemplateName: ${{ steps.print_imgt_output.outputs.imageTemplateName }} imageTemplateResourceGroup: ${{ steps.print_imgt_output.outputs.imageTemplateResourceGroup }} @@ -345,7 +345,7 @@ jobs: namespace: 'Microsoft.VirtualMachineImages\imageTemplates' needs: - job_deploy_imgt - - job_deploy_sa + # - job_deploy_sa steps: - name: 'Checkout' uses: actions/checkout@v2 @@ -375,8 +375,8 @@ jobs: with: inlineScript: | Write-Verbose "Retrieving output from previous job" -Verbose - $imageTemplateName = ${{ needs.job_deploy_imgt.outputs.imageTemplateName }} - $imageTemplateResourceGroup = ${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }} + $imageTemplateName = '${{ needs.job_deploy_imgt.outputs.imageTemplateName }}' + $imageTemplateResourceGroup = '${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }}' Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose # Write-Verbose "Retrieving command to run" -Verbose From 494df66df8c9d37dd3f522386675eea506b666dd Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 24 Jan 2022 19:43:21 +0100 Subject: [PATCH 12/31] trigger image baking --- .github/workflows/platform.dependencies.yml | 34 ++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 3121d8a5b2..5bfbc39ff6 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -342,7 +342,8 @@ jobs: name: 'Trigger vhd build and store it to a storage account blob container' if: github.event.inputs.deployVhdDependencies == 'true' env: - namespace: 'Microsoft.VirtualMachineImages\imageTemplates' + imgtNamespace: 'Microsoft.VirtualMachineImages\imageTemplates' + saNamespace: 'Microsoft.Storage\storageAccounts' needs: - job_deploy_imgt # - job_deploy_sa @@ -377,7 +378,38 @@ jobs: Write-Verbose "Retrieving output from previous job" -Verbose $imageTemplateName = '${{ needs.job_deploy_imgt.outputs.imageTemplateName }}' $imageTemplateResourceGroup = '${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }}' + Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose + Start-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup + azPSVersion: 'latest' + - name: 'Copy baked vhd to a storage account' + uses: azure/powershell@v1 + with: + inlineScript: | + Write-Verbose "Retrieving output from previous job" -Verbose + $imageTemplateName = '${{ needs.job_deploy_imgt.outputs.imageTemplateName }}' + $imageTemplateResourceGroup = '${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }}' + + # Get source storage account parameters + $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null + $sourceUri = $imgtRunOutput.ArtifactUri + $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] + $sourceStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $sourceStorageAccountName + $sourceStorageAccountContext = $sourceStorageAccount.Context + $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName + Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose + + # Get destination storage account parameters + $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.saNamespace }}' 'parameters' 'parameters.json' + $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + $destinationStorageAccountName = $storageAccountParameters.name.value + Write-Verbose "Destination storage account name $destinationStorageAccountName" -Verbose + + # Get image template parameters + $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.imgtNamespace }}' 'parameters' 'parameters.json' + $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + $destinationBlobName = $imageTemplateParameters.name.value + Write-Verbose "Destination blob name $destinationBlobName" -Verbose # Write-Verbose "Retrieving command to run" -Verbose # $deploymentOutput = '${{ steps.deploy_imgt.outputs.deploymentOutput }}' From 630f357f3d24938be75d63f2f7ef5c2d5ec7f356 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 25 Jan 2022 09:44:11 +0100 Subject: [PATCH 13/31] copy blob --- .github/workflows/platform.dependencies.yml | 32 ++++++++----------- .../imageTemplates/parameters/parameters.json | 2 +- 2 files changed, 14 insertions(+), 20 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 5bfbc39ff6..8b450824b4 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -404,6 +404,9 @@ jobs: $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters $destinationStorageAccountName = $storageAccountParameters.name.value Write-Verbose "Destination storage account name $destinationStorageAccountName" -Verbose + $destinationContainerName = 'vhds' + $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName + $destinationStorageAccountContext = $destinationStorageAccount.Context # Get image template parameters $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.imgtNamespace }}' 'parameters' 'parameters.json' @@ -411,25 +414,16 @@ jobs: $destinationBlobName = $imageTemplateParameters.name.value Write-Verbose "Destination blob name $destinationBlobName" -Verbose - # Write-Verbose "Retrieving command to run" -Verbose - # $deploymentOutput = '${{ steps.deploy_imgt.outputs.deploymentOutput }}' - # $RunThisCommand = (ConvertFrom-Json $deploymentOutput).runThisCommand - # $ImageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName - # $ResourceGroupName = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup - # Write-Verbose "Trigger new image creation with command $RunThisCommand" -Verbose - - # Start-AzImageBuilderTemplate -ImageTemplateName $ImageTemplateName -ResourceGroupName $ResourceGroupName - # $ImageTemplateName = 'adp-sxx-az-imgt-x-001-2022-01-18-18-48-33' - # $ResourceGroupName = 'validation-rg' - - # $resourceActionInputObject = @{ - # ResourceName = $ImageTemplateName - # ResourceGroupName = $ResourceGroupName - # ResourceType = 'Microsoft.VirtualMachineImages/imageTemplates' - # Action = 'Run' - # Force = $true - # } - # Invoke-AzResourceAction @resourceActionInputObject + $resourceActionInputObject = @{ + AbsoluteUri = $sourceUri + Context = $sourceStorageAccountContext + DestContext = $destinationStorageAccountContext + DestBlob = $destinationBlobName + DestContainer = $destinationContainerName + Force = $true + } + Write-Verbose "Copying blob" -Verbose + Start-AzStorageBlobCopy @resourceActionInputObject azPSVersion: 'latest' # job_deploy_ag: diff --git a/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json index 12f647476c..4534451f6b 100644 --- a/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "adp-sxx-az-imgt-x-001" + "value": "adp-sxx-az-imgt-x-003" }, "userMsiName": { "value": "adp-sxx-az-msi-x-001" From 228fabb278a15d5313145de26a8e76e6b8a920a7 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 25 Jan 2022 10:47:27 +0100 Subject: [PATCH 14/31] copy blob extension --- .github/workflows/platform.dependencies.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 8b450824b4..3edb76f267 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -297,9 +297,9 @@ jobs: if: github.event.inputs.deployVhdDependencies == 'true' env: namespace: 'Microsoft.VirtualMachineImages\imageTemplates' - # needs: - # - job_deploy_msi - # - job_deploy_sig + needs: + - job_deploy_msi + - job_deploy_sig outputs: imageTemplateName: ${{ steps.print_imgt_output.outputs.imageTemplateName }} imageTemplateResourceGroup: ${{ steps.print_imgt_output.outputs.imageTemplateResourceGroup }} @@ -346,7 +346,7 @@ jobs: saNamespace: 'Microsoft.Storage\storageAccounts' needs: - job_deploy_imgt - # - job_deploy_sa + - job_deploy_sa steps: - name: 'Checkout' uses: actions/checkout@v2 @@ -412,6 +412,7 @@ jobs: $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.imgtNamespace }}' 'parameters' 'parameters.json' $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters $destinationBlobName = $imageTemplateParameters.name.value + $destinationBlobName = "$destinationBlobName.vhd" Write-Verbose "Destination blob name $destinationBlobName" -Verbose $resourceActionInputObject = @{ From 8d1550c4b250db2062911b44fe645e6947074541 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 25 Jan 2022 11:29:23 +0100 Subject: [PATCH 15/31] test compute image --- arm/Microsoft.Compute/images/.parameters/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Compute/images/.parameters/parameters.json b/arm/Microsoft.Compute/images/.parameters/parameters.json index ce060c3702..317e316fde 100644 --- a/arm/Microsoft.Compute/images/.parameters/parameters.json +++ b/arm/Microsoft.Compute/images/.parameters/parameters.json @@ -12,7 +12,7 @@ "value": "Windows" }, "osDiskBlobUri": { - "value": "https://adpsxxazsax001.blob.core.windows.net/vhds/adp-sxx-az-imgt-x-001.vhd" + "value": "https://adpsxxazsax001.blob.core.windows.net/vhds/adp-sxx-az-imgt-x-003.vhd" }, "osDiskCaching": { "value": "ReadWrite" From 2810f4336f21379f95b49f0e6d55fd88715e0645 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 25 Jan 2022 14:14:36 +0100 Subject: [PATCH 16/31] Code cleanup --- .github/workflows/platform.dependencies.yml | 30 ++++++++++++--------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 3edb76f267..afad812ddc 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -386,11 +386,21 @@ jobs: uses: azure/powershell@v1 with: inlineScript: | - Write-Verbose "Retrieving output from previous job" -Verbose + # Retrieving parameters from previous job outputs and parameter files + Write-Verbose "Retrieving parameters from previous job outputs" -Verbose $imageTemplateName = '${{ needs.job_deploy_imgt.outputs.imageTemplateName }}' $imageTemplateResourceGroup = '${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }}' - # Get source storage account parameters + Write-Verbose "Retrieving parameters from storage account parameter files" -Verbose + $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.saNamespace }}' 'parameters' 'parameters.json' + $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + Write-Verbose "Retrieving parameters from image template parameter files" -Verbose + $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.imgtNamespace }}' 'parameters' 'parameters.json' + $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # Initializing parameters before the blob copy + Write-Verbose "Initializing source storage account parameters before the blob copy" -Verbose $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null $sourceUri = $imgtRunOutput.ArtifactUri $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] @@ -399,22 +409,17 @@ jobs: $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose - # Get destination storage account parameters - $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.saNamespace }}' 'parameters' 'parameters.json' - $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + Write-Verbose "Initializing destination storage account parameters before the blob copy" -Verbose $destinationStorageAccountName = $storageAccountParameters.name.value - Write-Verbose "Destination storage account name $destinationStorageAccountName" -Verbose - $destinationContainerName = 'vhds' $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName $destinationStorageAccountContext = $destinationStorageAccount.Context - - # Get image template parameters - $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.imgtNamespace }}' 'parameters' 'parameters.json' - $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + $destinationContainerName = 'vhds' $destinationBlobName = $imageTemplateParameters.name.value $destinationBlobName = "$destinationBlobName.vhd" - Write-Verbose "Destination blob name $destinationBlobName" -Verbose + Write-Verbose "Planning for destination blob name $destinationBlobName in container $destinationContainerName and storage account $destinationStorageAccountName" -Verbose + # Copying the vhd to a destination blob container + Write-Verbose "Copying the vhd to a destination blob container" -Verbose $resourceActionInputObject = @{ AbsoluteUri = $sourceUri Context = $sourceStorageAccountContext @@ -423,7 +428,6 @@ jobs: DestContainer = $destinationContainerName Force = $true } - Write-Verbose "Copying blob" -Verbose Start-AzStorageBlobCopy @resourceActionInputObject azPSVersion: 'latest' From afab0b04df49dee20c03fbaed051eb6c69c710cb Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Tue, 25 Jan 2022 18:57:05 +0100 Subject: [PATCH 17/31] dep param naming --- arm/Microsoft.Compute/images/.parameters/parameters.json | 2 +- .../imageTemplates/parameters/parameters.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.Compute/images/.parameters/parameters.json b/arm/Microsoft.Compute/images/.parameters/parameters.json index 317e316fde..ce060c3702 100644 --- a/arm/Microsoft.Compute/images/.parameters/parameters.json +++ b/arm/Microsoft.Compute/images/.parameters/parameters.json @@ -12,7 +12,7 @@ "value": "Windows" }, "osDiskBlobUri": { - "value": "https://adpsxxazsax001.blob.core.windows.net/vhds/adp-sxx-az-imgt-x-003.vhd" + "value": "https://adpsxxazsax001.blob.core.windows.net/vhds/adp-sxx-az-imgt-x-001.vhd" }, "osDiskCaching": { "value": "ReadWrite" diff --git a/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json index 4534451f6b..12f647476c 100644 --- a/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.VirtualMachineImages/imageTemplates/parameters/parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "adp-sxx-az-imgt-x-003" + "value": "adp-sxx-az-imgt-x-001" }, "userMsiName": { "value": "adp-sxx-az-msi-x-001" From 474aff1c3b9bcfd204df1390ad6f9ab51958caad Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 11:50:59 +0100 Subject: [PATCH 18/31] dep ado imgt --- .../platform.dependencies.yml | 233 ++++++++++++++++++ 1 file changed, 233 insertions(+) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index 2698a1286c..ecdc8b9af5 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -219,6 +219,239 @@ stages: templateFilePath: $(templateFilePath) displayName: Default SIG and SID + - stage: deploy_imgt + displayName: Deploy user assigned identity + dependsOn: + - deploy_msi + - deploy_sig + - deploy_sa + variables: + resourceType: 'Microsoft.VirtualMachineImages\imageTemplates' + saResourceType: 'Microsoft.Storage\storageAccounts' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: User Assigned Identity + jobName: job_deploy_imgt + # - job: job_print_imgt_output + # displayName: Set image template output + # dependsOn: + # - job_deploy_imgt + # pool: + # ${{ if eq(variables['vmImage'], '') }}: + # name: $(poolName) + # ${{ if eq(variables['poolName'], '') }}: + # vmImage: $(vmImage) + # variables: + # deploymentOutput: $[ dependencies.job_deploy_imgt.outputs['DeployModule.deploymentOutput'] ] + # steps: + # - task: PowerShell@2 + # name: print_imgt_output + # inputs: + # targetType: inline + # pwsh: true + # script: | + # # Write-Verbose $(deploymentOutput) -Verbose + # $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName + # $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup + # Write-Verbose "imageTemplateName: $imageTemplateName" -Verbose + # Write-Verbose "imageTemplateResourceGroup: $imageTemplateResourceGroup" -Verbose + # Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateName', $imageTemplateName) + # Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateResourceGroup', $imageTemplateResourceGroup) + - job: + displayName: Trigger vhd build and store it to a storage account blob container + dependsOn: + - job_deploy_imgt + pool: + ${{ if eq(variables['vmImage'], '') }}: + name: $(poolName) + ${{ if eq(variables['poolName'], '') }}: + vmImage: $(vmImage) + steps: + - task: PowerShell@2 + displayName: 'Setup agent' + inputs: + targetType: inline + pwsh: true + script: | + # Load used functions + . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.ImageBuilder' }, + @{ Name = 'Az.Storage' } + ) + + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - task: AzurePowerShell@5 + displayName: Trigger building new image + inputs: + azureSubscription: $(serviceConnection) + ScriptType: 'InlineScript' + Inline: | + # Retrieving parameters from previous job outputs + Write-Verbose "Retrieving parameters from previous job outputs" -Verbose + $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName + $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup + + # Trigger new image creation + Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose + Start-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup + azurePowerShellVersion: 'LatestVersion' + pwsh: true + - task: AzurePowerShell@5 + displayName: Trigger building new image + inputs: + azureSubscription: $(serviceConnection) + ScriptType: 'InlineScript' + Inline: | + # Retrieving parameters from previous job outputs and parameter files + Write-Verbose "Retrieving parameters from previous job outputs" -Verbose + $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName + $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup + + Write-Verbose "Retrieving parameters from storage account parameter files" -Verbose + $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(saResourceType)' 'parameters' 'parameters.json' + $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + Write-Verbose "Retrieving parameters from image template parameter files" -Verbose + $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' + $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # Initializing parameters before the blob copy + Write-Verbose "Initializing source storage account parameters before the blob copy" -Verbose + $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null + $sourceUri = $imgtRunOutput.ArtifactUri + $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] + $sourceStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $sourceStorageAccountName + $sourceStorageAccountContext = $sourceStorageAccount.Context + $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName + Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose + + Write-Verbose "Initializing destination storage account parameters before the blob copy" -Verbose + $destinationStorageAccountName = $storageAccountParameters.name.value + $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName + $destinationStorageAccountContext = $destinationStorageAccount.Context + $destinationContainerName = 'vhds' + $destinationBlobName = $imageTemplateParameters.name.value + $destinationBlobName = "$destinationBlobName.vhd" + Write-Verbose "Planning for destination blob name $destinationBlobName in container $destinationContainerName and storage account $destinationStorageAccountName" -Verbose + + # Copying the vhd to a destination blob container + Write-Verbose "Copying the vhd to a destination blob container" -Verbose + $resourceActionInputObject = @{ + AbsoluteUri = $sourceUri + Context = $sourceStorageAccountContext + DestContext = $destinationStorageAccountContext + DestBlob = $destinationBlobName + DestContainer = $destinationContainerName + Force = $true + } + Start-AzStorageBlobCopy @resourceActionInputObject + azPSVersion: 'latest' + azurePowerShellVersion: 'LatestVersion' + pwsh: true + + # job_deploy_vhd_to_sa: + # runs-on: ubuntu-20.04 + # name: 'Trigger vhd build and store it to a storage account blob container' + # if: github.event.inputs.deployVhdDependencies == 'true' + # env: + # imgtNamespace: 'Microsoft.VirtualMachineImages\imageTemplates' + # saNamespace: 'Microsoft.Storage\storageAccounts' + # needs: + # - job_deploy_imgt + # - job_deploy_sa + # steps: + # - name: 'Checkout' + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + # - name: 'Setup agent' + # shell: pwsh + # run: | + # # Load used functions + # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # # Define PS modules to install on the runner + # $Modules = @( + # @{ Name = 'Az.ImageBuilder' }, + # @{ Name = 'Az.Storage' } + # ) + + # # Set agent up + # Set-EnvironmentOnAgent -PSModules $Modules + # - name: Azure Login + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_CREDENTIALS }} + # enable-AzPSSession: true + # - name: 'Trigger building new image' + # uses: azure/powershell@v1 + # with: + # inlineScript: | + # Write-Verbose "Retrieving output from previous job" -Verbose + # $imageTemplateName = '${{ needs.job_deploy_imgt.outputs.imageTemplateName }}' + # $imageTemplateResourceGroup = '${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }}' + + # Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose + # Start-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup + # azPSVersion: 'latest' + # - name: 'Copy baked vhd to a storage account' + # uses: azure/powershell@v1 + # with: + # inlineScript: | + # # Retrieving parameters from previous job outputs and parameter files + # Write-Verbose "Retrieving parameters from previous job outputs" -Verbose + # $imageTemplateName = '${{ needs.job_deploy_imgt.outputs.imageTemplateName }}' + # $imageTemplateResourceGroup = '${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }}' + + # Write-Verbose "Retrieving parameters from storage account parameter files" -Verbose + # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.saNamespace }}' 'parameters' 'parameters.json' + # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # Write-Verbose "Retrieving parameters from image template parameter files" -Verbose + # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.imgtNamespace }}' 'parameters' 'parameters.json' + # $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # # Initializing parameters before the blob copy + # Write-Verbose "Initializing source storage account parameters before the blob copy" -Verbose + # $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null + # $sourceUri = $imgtRunOutput.ArtifactUri + # $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] + # $sourceStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $sourceStorageAccountName + # $sourceStorageAccountContext = $sourceStorageAccount.Context + # $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName + # Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose + + # Write-Verbose "Initializing destination storage account parameters before the blob copy" -Verbose + # $destinationStorageAccountName = $storageAccountParameters.name.value + # $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName + # $destinationStorageAccountContext = $destinationStorageAccount.Context + # $destinationContainerName = 'vhds' + # $destinationBlobName = $imageTemplateParameters.name.value + # $destinationBlobName = "$destinationBlobName.vhd" + # Write-Verbose "Planning for destination blob name $destinationBlobName in container $destinationContainerName and storage account $destinationStorageAccountName" -Verbose + + # # Copying the vhd to a destination blob container + # Write-Verbose "Copying the vhd to a destination blob container" -Verbose + # $resourceActionInputObject = @{ + # AbsoluteUri = $sourceUri + # Context = $sourceStorageAccountContext + # DestContext = $destinationStorageAccountContext + # DestBlob = $destinationBlobName + # DestContainer = $destinationContainerName + # Force = $true + # } + # Start-AzStorageBlobCopy @resourceActionInputObject + # azPSVersion: 'latest' + - stage: deploy_ag displayName: Deploy action groups dependsOn: From a573997f275e83985bc1f7b09228a287de19860f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 12:25:05 +0100 Subject: [PATCH 19/31] dep ado imgt variables --- .../platform.dependencies.yml | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index ecdc8b9af5..1ef4f56621 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -5,6 +5,10 @@ parameters: displayName: Enable SqlMi dependencies deployment type: boolean default: false + - name: deployVhdDependencies + displayName: Enable deployment of a vhd stored in a blob container + type: boolean + default: false trigger: none @@ -220,11 +224,11 @@ stages: displayName: Default SIG and SID - stage: deploy_imgt - displayName: Deploy user assigned identity - dependsOn: - - deploy_msi - - deploy_sig - - deploy_sa + displayName: Deploy image template + # dependsOn: + # - deploy_msi + # - deploy_sig + # - deploy_sa variables: resourceType: 'Microsoft.VirtualMachineImages\imageTemplates' saResourceType: 'Microsoft.Storage\storageAccounts' @@ -235,7 +239,7 @@ stages: deploymentBlocks: - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json templateFilePath: $(templateFilePath) - displayName: User Assigned Identity + displayName: Image template jobName: job_deploy_imgt # - job: job_print_imgt_output # displayName: Set image template output @@ -271,6 +275,8 @@ stages: name: $(poolName) ${{ if eq(variables['poolName'], '') }}: vmImage: $(vmImage) + variables: + deploymentOutput: $[ dependencies.job_deploy_imgt.outputs['DeployModule.deploymentOutput'] ] steps: - task: PowerShell@2 displayName: 'Setup agent' @@ -306,7 +312,7 @@ stages: azurePowerShellVersion: 'LatestVersion' pwsh: true - task: AzurePowerShell@5 - displayName: Trigger building new image + displayName: Copy baked vhd to a storage account inputs: azureSubscription: $(serviceConnection) ScriptType: 'InlineScript' From 1d4e792b2202d54015f6b334282b6b6c47f42f7d Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 13:18:34 +0100 Subject: [PATCH 20/31] comment --- .../platform.dependencies.yml | 668 ++++++++---------- 1 file changed, 287 insertions(+), 381 deletions(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index 1ef4f56621..babc676cfc 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -34,25 +34,204 @@ variables: value: 'validation-rg' stages: - - stage: deploy_rg - displayName: Deploy resource group - variables: - resourceType: 'Microsoft.Resources/resourceGroups' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/validation.parameters.json - templateFilePath: $(templateFilePath) - displayName: Validation Resource Group + # - stage: deploy_rg + # displayName: Deploy resource group + # variables: + # resourceType: 'Microsoft.Resources/resourceGroups' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/validation.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Validation Resource Group + + # - stage: deploy_msi + # displayName: Deploy user assigned identity + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.ManagedIdentity/userAssignedIdentities' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: User Assigned Identity + # jobName: job_deploy_msi + # - job: job_set_msi_id + # displayName: Set msi principal ID output + # dependsOn: + # - job_deploy_msi + # pool: + # ${{ if eq(variables['vmImage'], '') }}: + # name: $(poolName) + # ${{ if eq(variables['poolName'], '') }}: + # vmImage: $(vmImage) + # variables: + # deploymentOutput: $[ dependencies.job_deploy_msi.outputs['DeployModule.deploymentOutput'] ] + # steps: + # - task: PowerShell@2 + # name: print_msi_prinId + # inputs: + # targetType: inline + # pwsh: true + # script: | + # # Write-Verbose $(deploymentOutput) -Verbose + # $msiPrincipalId = (ConvertFrom-Json '$(deploymentOutput)').principalId + # Write-Verbose "msiPrincipalId: $msiPrincipalId" -Verbose + # Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'msiPrincipalId', $msiPrincipalId) + + # - stage: deploy_pa + # displayName: Deploy policy assignment + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.Authorization/policyAssignments' + # templateFilePath: $(modulesPath)/$(resourceType)/.bicep/nested_policyAssignments_sub.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Policy assignment + + # - stage: deploy_evh + # displayName: Deploy event hub + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.EventHub/namespaces' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: EventHub + + # - stage: deploy_law + # displayName: Deploy log analytics workspace + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.OperationalInsights/workspaces' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default LAW + # - path: $(dependencyPath)/$(resourceType)/parameters/appi.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: AppInsights LAW + + # - stage: deploy_sa + # displayName: Deploy storage account + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.Storage/storageAccounts' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default storage account + # jobName: default_sa + # - path: $(dependencyPath)/$(resourceType)/parameters/law.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: LAW storage account + # - path: $(dependencyPath)/$(resourceType)/parameters/fa.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: FunctionApp storage account + # - job: + # displayName: Upload files to storage account + # dependsOn: + # - default_sa + # pool: + # ${{ if eq(variables['vmImage'], '') }}: + # name: $(poolName) + # ${{ if eq(variables['poolName'], '') }}: + # vmImage: $(vmImage) + # steps: + # - task: PowerShell@2 + # displayName: 'Setup agent' + # inputs: + # targetType: inline + # pwsh: true + # script: | + # # Load used functions + # . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # # Define PS modules to install on the runner + # $Modules = @( + # @{ Name = 'Az.Storage' } + # ) + + # # Set agent up + # Set-EnvironmentOnAgent -PSModules $Modules + # - task: AzurePowerShell@5 + # displayName: Upload files to storage account + # inputs: + # azureSubscription: $(serviceConnection) + # ScriptType: 'InlineScript' + # Inline: | + # # Load used functions + # . (Join-Path '$(Build.SourcesDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') + + # # Get storage account name + # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' + # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # # Upload files to storage account + # $functionInput = @{ + # ResourceGroupName = '$(defaultResourceGroupName)' + # StorageAccountName = $storageAccountParameters.name.value + # contentDirectories = Join-Path '$(Build.SourcesDirectory)' $(dependencyPath) '$(resourceType)' 'uploads' + # targetContainer = $storageAccountParameters.blobServices.value.containers[0].name + # } + + # Write-Verbose "Invoke task with" -Verbose + # Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose + + # Export-ContentToBlob @functionInput -Verbose + # azurePowerShellVersion: 'LatestVersion' + # pwsh: true + + # - stage: deploy_sig + # displayName: Deploy shared image gallery and definition + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.Compute/galleries' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default SIG and SID - - stage: deploy_msi - displayName: Deploy user assigned identity - dependsOn: - - deploy_rg + - stage: deploy_imgt + displayName: Deploy image template + # dependsOn: + # - deploy_msi + # - deploy_sig + # - deploy_sa variables: - resourceType: 'Microsoft.ManagedIdentity/userAssignedIdentities' + resourceType: 'Microsoft.VirtualMachineImages\imageTemplates' + saResourceType: 'Microsoft.Storage\storageAccounts' templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep jobs: - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml @@ -60,189 +239,35 @@ stages: deploymentBlocks: - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json templateFilePath: $(templateFilePath) - displayName: User Assigned Identity - jobName: job_deploy_msi - - job: job_set_msi_id - displayName: Set msi principal ID output + displayName: Image template + jobName: job_deploy_imgt + - job: job_print_imgt_output + displayName: Set image template output dependsOn: - - job_deploy_msi + - job_deploy_imgt pool: ${{ if eq(variables['vmImage'], '') }}: name: $(poolName) ${{ if eq(variables['poolName'], '') }}: vmImage: $(vmImage) variables: - deploymentOutput: $[ dependencies.job_deploy_msi.outputs['DeployModule.deploymentOutput'] ] + deploymentOutput: $[ dependencies.job_deploy_imgt.outputs['DeployModule.deploymentOutput'] ] steps: - task: PowerShell@2 - name: print_msi_prinId + name: print_imgt_output inputs: targetType: inline pwsh: true script: | # Write-Verbose $(deploymentOutput) -Verbose - $msiPrincipalId = (ConvertFrom-Json '$(deploymentOutput)').principalId - Write-Verbose "msiPrincipalId: $msiPrincipalId" -Verbose - Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'msiPrincipalId', $msiPrincipalId) - - - stage: deploy_pa - displayName: Deploy policy assignment - dependsOn: - - deploy_rg - variables: - resourceType: 'Microsoft.Authorization/policyAssignments' - templateFilePath: $(modulesPath)/$(resourceType)/.bicep/nested_policyAssignments_sub.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Policy assignment - - - stage: deploy_evh - displayName: Deploy event hub - dependsOn: - - deploy_rg - variables: - resourceType: 'Microsoft.EventHub/namespaces' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: EventHub - - - stage: deploy_law - displayName: Deploy log analytics workspace - dependsOn: - - deploy_rg - variables: - resourceType: 'Microsoft.OperationalInsights/workspaces' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default LAW - - path: $(dependencyPath)/$(resourceType)/parameters/appi.parameters.json - templateFilePath: $(templateFilePath) - displayName: AppInsights LAW - - - stage: deploy_sa - displayName: Deploy storage account - dependsOn: - - deploy_rg - variables: - resourceType: 'Microsoft.Storage/storageAccounts' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default storage account - jobName: default_sa - - path: $(dependencyPath)/$(resourceType)/parameters/law.parameters.json - templateFilePath: $(templateFilePath) - displayName: LAW storage account - - path: $(dependencyPath)/$(resourceType)/parameters/fa.parameters.json - templateFilePath: $(templateFilePath) - displayName: FunctionApp storage account - - job: - displayName: Upload files to storage account - dependsOn: - - default_sa - pool: - ${{ if eq(variables['vmImage'], '') }}: - name: $(poolName) - ${{ if eq(variables['poolName'], '') }}: - vmImage: $(vmImage) - steps: - - task: PowerShell@2 - displayName: 'Setup agent' - inputs: - targetType: inline - pwsh: true - script: | - # Load used functions - . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # Define PS modules to install on the runner - $Modules = @( - @{ Name = 'Az.Storage' } - ) - - # Set agent up - Set-EnvironmentOnAgent -PSModules $Modules - - task: AzurePowerShell@5 - displayName: Upload files to storage account - inputs: - azureSubscription: $(serviceConnection) - ScriptType: 'InlineScript' - Inline: | - # Load used functions - . (Join-Path '$(Build.SourcesDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') - - # Get storage account name - $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' - $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # Upload files to storage account - $functionInput = @{ - ResourceGroupName = '$(defaultResourceGroupName)' - StorageAccountName = $storageAccountParameters.name.value - contentDirectories = Join-Path '$(Build.SourcesDirectory)' $(dependencyPath) '$(resourceType)' 'uploads' - targetContainer = $storageAccountParameters.blobServices.value.containers[0].name - } - - Write-Verbose "Invoke task with" -Verbose - Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose - - Export-ContentToBlob @functionInput -Verbose - azurePowerShellVersion: 'LatestVersion' - pwsh: true - - - stage: deploy_sig - displayName: Deploy shared image gallery and definition - dependsOn: - - deploy_rg - variables: - resourceType: 'Microsoft.Compute/galleries' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default SIG and SID - - - stage: deploy_imgt - displayName: Deploy image template - # dependsOn: - # - deploy_msi - # - deploy_sig - # - deploy_sa - variables: - resourceType: 'Microsoft.VirtualMachineImages\imageTemplates' - saResourceType: 'Microsoft.Storage\storageAccounts' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Image template - jobName: job_deploy_imgt - # - job: job_print_imgt_output - # displayName: Set image template output + $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName + $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup + Write-Verbose "imageTemplateName: $imageTemplateName" -Verbose + Write-Verbose "imageTemplateResourceGroup: $imageTemplateResourceGroup" -Verbose + Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateName', $imageTemplateName) + Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateResourceGroup', $imageTemplateResourceGroup) + # - job: + # displayName: Trigger vhd build and store it to a storage account blob container # dependsOn: # - job_deploy_imgt # pool: @@ -254,209 +279,90 @@ stages: # deploymentOutput: $[ dependencies.job_deploy_imgt.outputs['DeployModule.deploymentOutput'] ] # steps: # - task: PowerShell@2 - # name: print_imgt_output + # displayName: 'Setup agent' # inputs: # targetType: inline # pwsh: true # script: | - # # Write-Verbose $(deploymentOutput) -Verbose + # # Load used functions + # . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # # Define PS modules to install on the runner + # $Modules = @( + # @{ Name = 'Az.ImageBuilder' }, + # @{ Name = 'Az.Storage' } + # ) + + # # Set agent up + # Set-EnvironmentOnAgent -PSModules $Modules + # - task: AzurePowerShell@5 + # displayName: Trigger building new image + # inputs: + # azureSubscription: $(serviceConnection) + # ScriptType: 'InlineScript' + # Inline: | + # # Retrieving parameters from previous job outputs + # Write-Verbose "Retrieving parameters from previous job outputs" -Verbose # $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName # $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup - # Write-Verbose "imageTemplateName: $imageTemplateName" -Verbose - # Write-Verbose "imageTemplateResourceGroup: $imageTemplateResourceGroup" -Verbose - # Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateName', $imageTemplateName) - # Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateResourceGroup', $imageTemplateResourceGroup) - - job: - displayName: Trigger vhd build and store it to a storage account blob container - dependsOn: - - job_deploy_imgt - pool: - ${{ if eq(variables['vmImage'], '') }}: - name: $(poolName) - ${{ if eq(variables['poolName'], '') }}: - vmImage: $(vmImage) - variables: - deploymentOutput: $[ dependencies.job_deploy_imgt.outputs['DeployModule.deploymentOutput'] ] - steps: - - task: PowerShell@2 - displayName: 'Setup agent' - inputs: - targetType: inline - pwsh: true - script: | - # Load used functions - . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # Define PS modules to install on the runner - $Modules = @( - @{ Name = 'Az.ImageBuilder' }, - @{ Name = 'Az.Storage' } - ) - # Set agent up - Set-EnvironmentOnAgent -PSModules $Modules - - task: AzurePowerShell@5 - displayName: Trigger building new image - inputs: - azureSubscription: $(serviceConnection) - ScriptType: 'InlineScript' - Inline: | - # Retrieving parameters from previous job outputs - Write-Verbose "Retrieving parameters from previous job outputs" -Verbose - $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName - $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup - - # Trigger new image creation - Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose - Start-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup - azurePowerShellVersion: 'LatestVersion' - pwsh: true - - task: AzurePowerShell@5 - displayName: Copy baked vhd to a storage account - inputs: - azureSubscription: $(serviceConnection) - ScriptType: 'InlineScript' - Inline: | - # Retrieving parameters from previous job outputs and parameter files - Write-Verbose "Retrieving parameters from previous job outputs" -Verbose - $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName - $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup - - Write-Verbose "Retrieving parameters from storage account parameter files" -Verbose - $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(saResourceType)' 'parameters' 'parameters.json' - $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - Write-Verbose "Retrieving parameters from image template parameter files" -Verbose - $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' - $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # Initializing parameters before the blob copy - Write-Verbose "Initializing source storage account parameters before the blob copy" -Verbose - $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null - $sourceUri = $imgtRunOutput.ArtifactUri - $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] - $sourceStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $sourceStorageAccountName - $sourceStorageAccountContext = $sourceStorageAccount.Context - $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName - Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose - - Write-Verbose "Initializing destination storage account parameters before the blob copy" -Verbose - $destinationStorageAccountName = $storageAccountParameters.name.value - $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName - $destinationStorageAccountContext = $destinationStorageAccount.Context - $destinationContainerName = 'vhds' - $destinationBlobName = $imageTemplateParameters.name.value - $destinationBlobName = "$destinationBlobName.vhd" - Write-Verbose "Planning for destination blob name $destinationBlobName in container $destinationContainerName and storage account $destinationStorageAccountName" -Verbose - - # Copying the vhd to a destination blob container - Write-Verbose "Copying the vhd to a destination blob container" -Verbose - $resourceActionInputObject = @{ - AbsoluteUri = $sourceUri - Context = $sourceStorageAccountContext - DestContext = $destinationStorageAccountContext - DestBlob = $destinationBlobName - DestContainer = $destinationContainerName - Force = $true - } - Start-AzStorageBlobCopy @resourceActionInputObject - azPSVersion: 'latest' - azurePowerShellVersion: 'LatestVersion' - pwsh: true + # # Trigger new image creation + # Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose + # Start-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup + # azurePowerShellVersion: 'LatestVersion' + # pwsh: true + # - task: AzurePowerShell@5 + # displayName: Copy baked vhd to a storage account + # inputs: + # azureSubscription: $(serviceConnection) + # ScriptType: 'InlineScript' + # Inline: | + # # Retrieving parameters from previous job outputs and parameter files + # Write-Verbose "Retrieving parameters from previous job outputs" -Verbose + # $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName + # $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup - # job_deploy_vhd_to_sa: - # runs-on: ubuntu-20.04 - # name: 'Trigger vhd build and store it to a storage account blob container' - # if: github.event.inputs.deployVhdDependencies == 'true' - # env: - # imgtNamespace: 'Microsoft.VirtualMachineImages\imageTemplates' - # saNamespace: 'Microsoft.Storage\storageAccounts' - # needs: - # - job_deploy_imgt - # - job_deploy_sa - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Setup agent' - # shell: pwsh - # run: | - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # # Define PS modules to install on the runner - # $Modules = @( - # @{ Name = 'Az.ImageBuilder' }, - # @{ Name = 'Az.Storage' } - # ) - - # # Set agent up - # Set-EnvironmentOnAgent -PSModules $Modules - # - name: Azure Login - # uses: azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # - name: 'Trigger building new image' - # uses: azure/powershell@v1 - # with: - # inlineScript: | - # Write-Verbose "Retrieving output from previous job" -Verbose - # $imageTemplateName = '${{ needs.job_deploy_imgt.outputs.imageTemplateName }}' - # $imageTemplateResourceGroup = '${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }}' - - # Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose - # Start-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup - # azPSVersion: 'latest' - # - name: 'Copy baked vhd to a storage account' - # uses: azure/powershell@v1 - # with: - # inlineScript: | - # # Retrieving parameters from previous job outputs and parameter files - # Write-Verbose "Retrieving parameters from previous job outputs" -Verbose - # $imageTemplateName = '${{ needs.job_deploy_imgt.outputs.imageTemplateName }}' - # $imageTemplateResourceGroup = '${{ needs.job_deploy_imgt.outputs.imageTemplateResourceGroup }}' - - # Write-Verbose "Retrieving parameters from storage account parameter files" -Verbose - # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.saNamespace }}' 'parameters' 'parameters.json' - # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # Write-Verbose "Retrieving parameters from image template parameter files" -Verbose - # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.imgtNamespace }}' 'parameters' 'parameters.json' - # $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # # Initializing parameters before the blob copy - # Write-Verbose "Initializing source storage account parameters before the blob copy" -Verbose - # $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null - # $sourceUri = $imgtRunOutput.ArtifactUri - # $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] - # $sourceStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $sourceStorageAccountName - # $sourceStorageAccountContext = $sourceStorageAccount.Context - # $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName - # Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose - - # Write-Verbose "Initializing destination storage account parameters before the blob copy" -Verbose - # $destinationStorageAccountName = $storageAccountParameters.name.value - # $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName - # $destinationStorageAccountContext = $destinationStorageAccount.Context - # $destinationContainerName = 'vhds' - # $destinationBlobName = $imageTemplateParameters.name.value - # $destinationBlobName = "$destinationBlobName.vhd" - # Write-Verbose "Planning for destination blob name $destinationBlobName in container $destinationContainerName and storage account $destinationStorageAccountName" -Verbose - - # # Copying the vhd to a destination blob container - # Write-Verbose "Copying the vhd to a destination blob container" -Verbose - # $resourceActionInputObject = @{ - # AbsoluteUri = $sourceUri - # Context = $sourceStorageAccountContext - # DestContext = $destinationStorageAccountContext - # DestBlob = $destinationBlobName - # DestContainer = $destinationContainerName - # Force = $true - # } - # Start-AzStorageBlobCopy @resourceActionInputObject - # azPSVersion: 'latest' + # Write-Verbose "Retrieving parameters from storage account parameter files" -Verbose + # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(saResourceType)' 'parameters' 'parameters.json' + # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # Write-Verbose "Retrieving parameters from image template parameter files" -Verbose + # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' + # $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # # Initializing parameters before the blob copy + # Write-Verbose "Initializing source storage account parameters before the blob copy" -Verbose + # $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null + # $sourceUri = $imgtRunOutput.ArtifactUri + # $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] + # $sourceStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $sourceStorageAccountName + # $sourceStorageAccountContext = $sourceStorageAccount.Context + # $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName + # Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose + + # Write-Verbose "Initializing destination storage account parameters before the blob copy" -Verbose + # $destinationStorageAccountName = $storageAccountParameters.name.value + # $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName + # $destinationStorageAccountContext = $destinationStorageAccount.Context + # $destinationContainerName = 'vhds' + # $destinationBlobName = $imageTemplateParameters.name.value + # $destinationBlobName = "$destinationBlobName.vhd" + # Write-Verbose "Planning for destination blob name $destinationBlobName in container $destinationContainerName and storage account $destinationStorageAccountName" -Verbose + + # # Copying the vhd to a destination blob container + # Write-Verbose "Copying the vhd to a destination blob container" -Verbose + # $resourceActionInputObject = @{ + # AbsoluteUri = $sourceUri + # Context = $sourceStorageAccountContext + # DestContext = $destinationStorageAccountContext + # DestBlob = $destinationBlobName + # DestContainer = $destinationContainerName + # Force = $true + # } + # Start-AzStorageBlobCopy @resourceActionInputObject + # azPSVersion: 'latest' + # azurePowerShellVersion: 'LatestVersion' + # pwsh: true - stage: deploy_ag displayName: Deploy action groups From 0086b6f029f74343137f1ea675b298a86d8061ed Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 13:20:25 +0100 Subject: [PATCH 21/31] comment all --- .../platform.dependencies.yml | 896 +++++++++--------- 1 file changed, 448 insertions(+), 448 deletions(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index babc676cfc..037c68dd00 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -364,455 +364,455 @@ stages: # azurePowerShellVersion: 'LatestVersion' # pwsh: true - - stage: deploy_ag - displayName: Deploy action groups - dependsOn: - - deploy_rg - variables: - resourceType: 'Microsoft.Insights/actionGroups' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Action Group + # - stage: deploy_ag + # displayName: Deploy action groups + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.Insights/actionGroups' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Action Group - - stage: deploy_asg - displayName: Deploy application security groups - dependsOn: - - deploy_rg - variables: - resourceType: 'Microsoft.Network/applicationSecurityGroups' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Application Security Groups + # - stage: deploy_asg + # displayName: Deploy application security groups + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.Network/applicationSecurityGroups' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Application Security Groups - - stage: deploy_udr - displayName: Deploy route tables - dependsOn: - - deploy_rg - variables: - resourceType: 'Microsoft.Network/routeTables' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default User Defined Routes - - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - - path: $(dependencyPath)/$(resourceType)/parameters/sqlMi.parameters.json - templateFilePath: $(templateFilePath) - displayName: SQLMI User Defined Routes - - - stage: deploy_nsg - displayName: Deploy network security groups - dependsOn: - - deploy_sa - - deploy_evh - - deploy_law - variables: - resourceType: 'Microsoft.Network/networkSecurityGroups' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default NSG - - path: $(dependencyPath)/$(resourceType)/parameters/apgw.parameters.json - templateFilePath: $(templateFilePath) - displayName: App Gateway NSG - - path: $(dependencyPath)/$(resourceType)/parameters/ase.parameters.json - templateFilePath: $(templateFilePath) - displayName: ASE NSG - - path: $(dependencyPath)/$(resourceType)/parameters/bastion.parameters.json - templateFilePath: $(templateFilePath) - displayName: Bastion NSG - - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - - path: $(dependencyPath)/$(resourceType)/parameters/sqlmi.parameters.json - templateFilePath: $(templateFilePath) - displayName: SQLMI NSG - - - stage: deploy_pip - displayName: Deploy public IP addresses - dependsOn: - - deploy_sa - - deploy_evh - - deploy_law - variables: - resourceType: 'Microsoft.Network\publicIPAddresses' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/apgw.parameters.json - templateFilePath: $(templateFilePath) - displayName: App Gateway Public IP - - path: $(dependencyPath)/$(resourceType)/parameters/bas.parameters.json - templateFilePath: $(templateFilePath) - displayName: Bastion Public IP - - path: $(dependencyPath)/$(resourceType)/parameters/lb.parameters.json - templateFilePath: $(templateFilePath) - displayName: Load balancer Public IP - - path: $(dependencyPath)/$(resourceType)/parameters/fw.parameters.json - templateFilePath: $(templateFilePath) - displayName: Firewall Public IP - - - stage: deploy_appi - displayName: Deploy application insight - dependsOn: - - deploy_sa - - deploy_evh - - deploy_law - variables: - resourceType: 'Microsoft.Insights/components' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Application Insights - - - stage: deploy_aut - displayName: Deploy automation account - dependsOn: - - deploy_sa - - deploy_evh - - deploy_law - variables: - resourceType: 'Microsoft.Automation/automationAccounts' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Automation Account - - - stage: deploy_avdhp - displayName: Deploy AVD host pool - dependsOn: - - deploy_sa - - deploy_evh - - deploy_law - variables: - resourceType: 'Microsoft.DesktopVirtualization/hostpools' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default AVD Host Pool - - - stage: deploy_rsv - displayName: Deploy recovery services vault - dependsOn: - - deploy_sa - - deploy_evh - - deploy_law - - deploy_msi - variables: - resourceType: 'Microsoft.RecoveryServices/vaults' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default recovery services vault - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - - - stage: deploy_kv - displayName: Deploy key vaults - dependsOn: - - deploy_sa - - deploy_evh - - deploy_law - - deploy_msi - variables: - resourceType: 'Microsoft.KeyVault/vaults' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Key Vault - jobName: default_kv - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - - path: $(dependencyPath)/$(resourceType)/parameters/pe.parameters.json - templateFilePath: $(templateFilePath) - displayName: Private Endpoint Key Vault - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - - path: $(dependencyPath)/$(resourceType)/parameters/sqlmi.parameters.json - templateFilePath: $(templateFilePath) - displayName: SQLMI key vault - jobName: sqlmi_kv - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - - job: - displayName: Set key vault secrets keys and certificates - dependsOn: - - default_kv - pool: - ${{ if eq(variables['vmImage'], '') }}: - name: $(poolName) - ${{ if eq(variables['poolName'], '') }}: - vmImage: $(vmImage) - steps: - - task: PowerShell@2 - displayName: 'Setup agent' - inputs: - targetType: inline - pwsh: true - script: | - # Load used functions - . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # Define PS modules to install on the runner - $Modules = @( - @{ Name = 'Az.KeyVault' } - ) - - # Set agent up - Set-EnvironmentOnAgent -PSModules $Modules - - task: AzurePowerShell@5 - displayName: Set key vault secrets keys and certificates - inputs: - azureSubscription: $(serviceConnection) - ScriptType: 'InlineScript' - Inline: | - # Get key vault name - $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' - $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters - $keyVaultName = $keyVaultParameters.name.value - - # Generate values - $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length - $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - $passwordString = (New-Guid).Guid.SubString(0, 19) - $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - $vpnSharedKeyString = (New-Guid).Guid.SubString(0, 32) - $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force - - # Set secrets - # ------- - @( - @{ name = 'adminUsername'; secretValue = $username } # VirtualMachines and VMSS - @{ name = 'adminPassword'; secretValue = $password } # VirtualMachines and VMSS - @{ name = 'administratorLogin'; secretValue = $username } # Azure SQLServer - @{ name = 'administratorLoginPassword'; secretValue = $password } # Azure SQLServer - @{ name = 'vpnSharedKey'; secretValue = $vpnSharedKey } # VirtualNetworkGateway - @{ name = 'apimClientId'; secretValue = $username } # API management - @{ name = 'apimClientSecret'; secretValue = $password } # API management - ) | ForEach-Object { - $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue - Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } - - # Certificats - # ----------- - $certPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal - @( - @{ name = 'applicationGatewaySslCertificate'; CertificatePolicy = $certPolicy } # ApplicationGateway - ) | ForEach-Object { - $null = Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name $_.name -CertificatePolicy $_.CertificatePolicy - Write-Verbose ('Added certificate [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } - - # Set keys - # ---- - @( - @{ name = 'keyEncryptionKey'; Destination = 'Software' } # DiskEncryptionSet, VirtualMachines and VMSS - ) | ForEach-Object { - $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination - Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } - azurePowerShellVersion: 'LatestVersion' - pwsh: true + # - stage: deploy_udr + # displayName: Deploy route tables + # dependsOn: + # - deploy_rg + # variables: + # resourceType: 'Microsoft.Network/routeTables' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default User Defined Routes + # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + # - path: $(dependencyPath)/$(resourceType)/parameters/sqlMi.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: SQLMI User Defined Routes + + # - stage: deploy_nsg + # displayName: Deploy network security groups + # dependsOn: + # - deploy_sa + # - deploy_evh + # - deploy_law + # variables: + # resourceType: 'Microsoft.Network/networkSecurityGroups' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default NSG + # - path: $(dependencyPath)/$(resourceType)/parameters/apgw.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: App Gateway NSG + # - path: $(dependencyPath)/$(resourceType)/parameters/ase.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: ASE NSG + # - path: $(dependencyPath)/$(resourceType)/parameters/bastion.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Bastion NSG + # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + # - path: $(dependencyPath)/$(resourceType)/parameters/sqlmi.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: SQLMI NSG + + # - stage: deploy_pip + # displayName: Deploy public IP addresses + # dependsOn: + # - deploy_sa + # - deploy_evh + # - deploy_law + # variables: + # resourceType: 'Microsoft.Network\publicIPAddresses' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/apgw.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: App Gateway Public IP + # - path: $(dependencyPath)/$(resourceType)/parameters/bas.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Bastion Public IP + # - path: $(dependencyPath)/$(resourceType)/parameters/lb.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Load balancer Public IP + # - path: $(dependencyPath)/$(resourceType)/parameters/fw.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Firewall Public IP - - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - - job: - displayName: Set sqlmi key vault secrets and keys - condition: eq(${{ parameters.deploySqlMiDependencies }}, true) - dependsOn: - - sqlmi_kv - pool: - ${{ if eq(variables['vmImage'], '') }}: - name: $(poolName) - ${{ if eq(variables['poolName'], '') }}: - vmImage: $(vmImage) - steps: - - task: PowerShell@2 - displayName: 'Setup agent' - inputs: - targetType: inline - pwsh: true - script: | - # Load used functions - . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # Define PS modules to install on the runner - $Modules = @( - @{ Name = 'Az.KeyVault' } - ) - - # Set agent up - Set-EnvironmentOnAgent -PSModules $Modules - - task: AzurePowerShell@5 - displayName: Set sqlmi key vault secrets and keys - inputs: - azureSubscription: $(serviceConnection) - ScriptType: 'InlineScript' - Inline: | - # Get key vault name - $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'sqlmi.parameters.json' - $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters - $keyVaultName = $keyVaultParameters.name.value - - # Generate values - $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length - $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - $passwordString = (New-Guid).Guid.SubString(0, 19) - $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - - # Set secrets - # ------- - @( - @{ name = 'administratorLogin'; secretValue = $username } # SQLManagedInstances - @{ name = 'administratorLoginPassword'; secretValue = $password } # SQLManagedInstances - ) | ForEach-Object { - $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue - Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } - - # Set keys - # ---- - @( - @{ name = 'keyEncryptionKeySqlMi'; Destination = 'Software' } # SQLManagedInstances - ) | ForEach-Object { - $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination - Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - } - azurePowerShellVersion: 'LatestVersion' - pwsh: true - - - stage: deploy_avdag - displayName: Deploy AVD application group - dependsOn: - - deploy_avdhp - variables: - resourceType: 'Microsoft.DesktopVirtualization/applicationgroups' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Application Group + # - stage: deploy_appi + # displayName: Deploy application insight + # dependsOn: + # - deploy_sa + # - deploy_evh + # - deploy_law + # variables: + # resourceType: 'Microsoft.Insights/components' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Application Insights - - stage: deploy_rolea - displayName: Deploy role assignments - dependsOn: - - deploy_msi - variables: - resourceType: 'Microsoft.Authorization/roleAssignments' - templateFilePath: $(modulesPath)/$(resourceType)/.bicep/nested_rbac_sub.bicep - msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: MSI Role Assignment - customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - - - stage: deploy_vnet - displayName: Deploy virtual networks - dependsOn: - - deploy_nsg - - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - - deploy_udr - variables: - resourceType: 'Microsoft.Network/virtualNetworks' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Virtual Network - - path: $(dependencyPath)/$(resourceType)/parameters/1.bastion.parameters.json - templateFilePath: $(templateFilePath) - displayName: Bastion Virtual Network - - path: $(dependencyPath)/$(resourceType)/parameters/2.vnetpeer01.parameters.json - templateFilePath: $(templateFilePath) - displayName: VNET PEering 1 Virtual Network - - path: $(dependencyPath)/$(resourceType)/parameters/3.vnetpeer02.parameters.json - templateFilePath: $(templateFilePath) - displayName: VNET Peering 2 Virtual Network - - path: $(dependencyPath)/$(resourceType)/parameters/4.azfw.parameters.json - templateFilePath: $(templateFilePath) - displayName: Azure Firewall Virtual Network - - path: $(dependencyPath)/$(resourceType)/parameters/5.aks.parameters.json - templateFilePath: $(templateFilePath) - displayName: AKS Virtual Network - - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - - path: $(dependencyPath)/$(resourceType)/parameters/6.sqlmi.parameters.json - templateFilePath: $(templateFilePath) - displayName: SQL MI Virtual Network - - - stage: deploy_dnszone - displayName: Deploy private DNS zones - dependsOn: - - deploy_vnet - variables: - resourceType: 'Microsoft.Network/privateDnsZones' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Private DNS Zones - - - stage: deploy_vm - displayName: Deploy virtual machines - dependsOn: - - deploy_vnet - - deploy_rsv - - deploy_kv - variables: - resourceType: 'Microsoft.Compute/virtualMachines' - templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - parameters: - deploymentBlocks: - - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - templateFilePath: $(templateFilePath) - displayName: Default Virtual Machine + # - stage: deploy_aut + # displayName: Deploy automation account + # dependsOn: + # - deploy_sa + # - deploy_evh + # - deploy_law + # variables: + # resourceType: 'Microsoft.Automation/automationAccounts' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Automation Account + + # - stage: deploy_avdhp + # displayName: Deploy AVD host pool + # dependsOn: + # - deploy_sa + # - deploy_evh + # - deploy_law + # variables: + # resourceType: 'Microsoft.DesktopVirtualization/hostpools' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default AVD Host Pool + + # - stage: deploy_rsv + # displayName: Deploy recovery services vault + # dependsOn: + # - deploy_sa + # - deploy_evh + # - deploy_law + # - deploy_msi + # variables: + # resourceType: 'Microsoft.RecoveryServices/vaults' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default recovery services vault + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + + # - stage: deploy_kv + # displayName: Deploy key vaults + # dependsOn: + # - deploy_sa + # - deploy_evh + # - deploy_law + # - deploy_msi + # variables: + # resourceType: 'Microsoft.KeyVault/vaults' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Key Vault + # jobName: default_kv + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + # - path: $(dependencyPath)/$(resourceType)/parameters/pe.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Private Endpoint Key Vault + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + # - path: $(dependencyPath)/$(resourceType)/parameters/sqlmi.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: SQLMI key vault + # jobName: sqlmi_kv + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + # - job: + # displayName: Set key vault secrets keys and certificates + # dependsOn: + # - default_kv + # pool: + # ${{ if eq(variables['vmImage'], '') }}: + # name: $(poolName) + # ${{ if eq(variables['poolName'], '') }}: + # vmImage: $(vmImage) + # steps: + # - task: PowerShell@2 + # displayName: 'Setup agent' + # inputs: + # targetType: inline + # pwsh: true + # script: | + # # Load used functions + # . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # # Define PS modules to install on the runner + # $Modules = @( + # @{ Name = 'Az.KeyVault' } + # ) + + # # Set agent up + # Set-EnvironmentOnAgent -PSModules $Modules + # - task: AzurePowerShell@5 + # displayName: Set key vault secrets keys and certificates + # inputs: + # azureSubscription: $(serviceConnection) + # ScriptType: 'InlineScript' + # Inline: | + # # Get key vault name + # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' + # $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters + # $keyVaultName = $keyVaultParameters.name.value + + # # Generate values + # $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length + # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + # $passwordString = (New-Guid).Guid.SubString(0, 19) + # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + # $vpnSharedKeyString = (New-Guid).Guid.SubString(0, 32) + # $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force + + # # Set secrets + # # ------- + # @( + # @{ name = 'adminUsername'; secretValue = $username } # VirtualMachines and VMSS + # @{ name = 'adminPassword'; secretValue = $password } # VirtualMachines and VMSS + # @{ name = 'administratorLogin'; secretValue = $username } # Azure SQLServer + # @{ name = 'administratorLoginPassword'; secretValue = $password } # Azure SQLServer + # @{ name = 'vpnSharedKey'; secretValue = $vpnSharedKey } # VirtualNetworkGateway + # @{ name = 'apimClientId'; secretValue = $username } # API management + # @{ name = 'apimClientSecret'; secretValue = $password } # API management + # ) | ForEach-Object { + # $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue + # Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } + + # # Certificats + # # ----------- + # $certPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal + # @( + # @{ name = 'applicationGatewaySslCertificate'; CertificatePolicy = $certPolicy } # ApplicationGateway + # ) | ForEach-Object { + # $null = Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name $_.name -CertificatePolicy $_.CertificatePolicy + # Write-Verbose ('Added certificate [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } + + # # Set keys + # # ---- + # @( + # @{ name = 'keyEncryptionKey'; Destination = 'Software' } # DiskEncryptionSet, VirtualMachines and VMSS + # ) | ForEach-Object { + # $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination + # Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } + # azurePowerShellVersion: 'LatestVersion' + # pwsh: true + + # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + # - job: + # displayName: Set sqlmi key vault secrets and keys + # condition: eq(${{ parameters.deploySqlMiDependencies }}, true) + # dependsOn: + # - sqlmi_kv + # pool: + # ${{ if eq(variables['vmImage'], '') }}: + # name: $(poolName) + # ${{ if eq(variables['poolName'], '') }}: + # vmImage: $(vmImage) + # steps: + # - task: PowerShell@2 + # displayName: 'Setup agent' + # inputs: + # targetType: inline + # pwsh: true + # script: | + # # Load used functions + # . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # # Define PS modules to install on the runner + # $Modules = @( + # @{ Name = 'Az.KeyVault' } + # ) + + # # Set agent up + # Set-EnvironmentOnAgent -PSModules $Modules + # - task: AzurePowerShell@5 + # displayName: Set sqlmi key vault secrets and keys + # inputs: + # azureSubscription: $(serviceConnection) + # ScriptType: 'InlineScript' + # Inline: | + # # Get key vault name + # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'sqlmi.parameters.json' + # $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters + # $keyVaultName = $keyVaultParameters.name.value + + # # Generate values + # $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length + # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + # $passwordString = (New-Guid).Guid.SubString(0, 19) + # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + + # # Set secrets + # # ------- + # @( + # @{ name = 'administratorLogin'; secretValue = $username } # SQLManagedInstances + # @{ name = 'administratorLoginPassword'; secretValue = $password } # SQLManagedInstances + # ) | ForEach-Object { + # $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue + # Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } + + # # Set keys + # # ---- + # @( + # @{ name = 'keyEncryptionKeySqlMi'; Destination = 'Software' } # SQLManagedInstances + # ) | ForEach-Object { + # $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination + # Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + # } + # azurePowerShellVersion: 'LatestVersion' + # pwsh: true + + # - stage: deploy_avdag + # displayName: Deploy AVD application group + # dependsOn: + # - deploy_avdhp + # variables: + # resourceType: 'Microsoft.DesktopVirtualization/applicationgroups' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Application Group + + # - stage: deploy_rolea + # displayName: Deploy role assignments + # dependsOn: + # - deploy_msi + # variables: + # resourceType: 'Microsoft.Authorization/roleAssignments' + # templateFilePath: $(modulesPath)/$(resourceType)/.bicep/nested_rbac_sub.bicep + # msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: MSI Role Assignment + # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + + # - stage: deploy_vnet + # displayName: Deploy virtual networks + # dependsOn: + # - deploy_nsg + # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + # - deploy_udr + # variables: + # resourceType: 'Microsoft.Network/virtualNetworks' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Virtual Network + # - path: $(dependencyPath)/$(resourceType)/parameters/1.bastion.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Bastion Virtual Network + # - path: $(dependencyPath)/$(resourceType)/parameters/2.vnetpeer01.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: VNET PEering 1 Virtual Network + # - path: $(dependencyPath)/$(resourceType)/parameters/3.vnetpeer02.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: VNET Peering 2 Virtual Network + # - path: $(dependencyPath)/$(resourceType)/parameters/4.azfw.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Azure Firewall Virtual Network + # - path: $(dependencyPath)/$(resourceType)/parameters/5.aks.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: AKS Virtual Network + # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + # - path: $(dependencyPath)/$(resourceType)/parameters/6.sqlmi.parameters.json + # templateFilePath: $(templateFilePath) + # displayName: SQL MI Virtual Network + + # - stage: deploy_dnszone + # displayName: Deploy private DNS zones + # dependsOn: + # - deploy_vnet + # variables: + # resourceType: 'Microsoft.Network/privateDnsZones' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Private DNS Zones + + # - stage: deploy_vm + # displayName: Deploy virtual machines + # dependsOn: + # - deploy_vnet + # - deploy_rsv + # - deploy_kv + # variables: + # resourceType: 'Microsoft.Compute/virtualMachines' + # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + # jobs: + # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + # parameters: + # deploymentBlocks: + # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + # templateFilePath: $(templateFilePath) + # displayName: Default Virtual Machine From 1f78207f2b9c2b8707e0724ec30ca5c9a794e5bb Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 13:42:31 +0100 Subject: [PATCH 22/31] comment dependson --- .azuredevops/platformPipelines/platform.dependencies.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index 037c68dd00..baf10d9e42 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -223,12 +223,13 @@ stages: # templateFilePath: $(templateFilePath) # displayName: Default SIG and SID - - stage: deploy_imgt - displayName: Deploy image template # dependsOn: # - deploy_msi # - deploy_sig # - deploy_sa + + - stage: deploy_imgt + displayName: Deploy image template variables: resourceType: 'Microsoft.VirtualMachineImages\imageTemplates' saResourceType: 'Microsoft.Storage\storageAccounts' From 7d57f0f4bcea8ff4e87e1e09d6a003813535fb99 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 13:55:22 +0100 Subject: [PATCH 23/31] fix output param name --- .../platform.dependencies.yml | 198 +++++++++--------- .github/workflows/platform.dependencies.yml | 4 +- 2 files changed, 101 insertions(+), 101 deletions(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index baf10d9e42..f42f8936fb 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -261,109 +261,109 @@ stages: pwsh: true script: | # Write-Verbose $(deploymentOutput) -Verbose - $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName - $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup + $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').name + $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').resourceGroupName Write-Verbose "imageTemplateName: $imageTemplateName" -Verbose Write-Verbose "imageTemplateResourceGroup: $imageTemplateResourceGroup" -Verbose Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateName', $imageTemplateName) Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateResourceGroup', $imageTemplateResourceGroup) - # - job: - # displayName: Trigger vhd build and store it to a storage account blob container - # dependsOn: - # - job_deploy_imgt - # pool: - # ${{ if eq(variables['vmImage'], '') }}: - # name: $(poolName) - # ${{ if eq(variables['poolName'], '') }}: - # vmImage: $(vmImage) - # variables: - # deploymentOutput: $[ dependencies.job_deploy_imgt.outputs['DeployModule.deploymentOutput'] ] - # steps: - # - task: PowerShell@2 - # displayName: 'Setup agent' - # inputs: - # targetType: inline - # pwsh: true - # script: | - # # Load used functions - # . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # # Define PS modules to install on the runner - # $Modules = @( - # @{ Name = 'Az.ImageBuilder' }, - # @{ Name = 'Az.Storage' } - # ) - - # # Set agent up - # Set-EnvironmentOnAgent -PSModules $Modules - # - task: AzurePowerShell@5 - # displayName: Trigger building new image - # inputs: - # azureSubscription: $(serviceConnection) - # ScriptType: 'InlineScript' - # Inline: | - # # Retrieving parameters from previous job outputs - # Write-Verbose "Retrieving parameters from previous job outputs" -Verbose - # $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName - # $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup - - # # Trigger new image creation - # Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose - # Start-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup - # azurePowerShellVersion: 'LatestVersion' - # pwsh: true - # - task: AzurePowerShell@5 - # displayName: Copy baked vhd to a storage account - # inputs: - # azureSubscription: $(serviceConnection) - # ScriptType: 'InlineScript' - # Inline: | - # # Retrieving parameters from previous job outputs and parameter files - # Write-Verbose "Retrieving parameters from previous job outputs" -Verbose - # $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateName - # $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').imageTemplateResourceGroup - - # Write-Verbose "Retrieving parameters from storage account parameter files" -Verbose - # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(saResourceType)' 'parameters' 'parameters.json' - # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # Write-Verbose "Retrieving parameters from image template parameter files" -Verbose - # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' - # $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # # Initializing parameters before the blob copy - # Write-Verbose "Initializing source storage account parameters before the blob copy" -Verbose - # $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null - # $sourceUri = $imgtRunOutput.ArtifactUri - # $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] - # $sourceStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $sourceStorageAccountName - # $sourceStorageAccountContext = $sourceStorageAccount.Context - # $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName - # Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose - - # Write-Verbose "Initializing destination storage account parameters before the blob copy" -Verbose - # $destinationStorageAccountName = $storageAccountParameters.name.value - # $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName - # $destinationStorageAccountContext = $destinationStorageAccount.Context - # $destinationContainerName = 'vhds' - # $destinationBlobName = $imageTemplateParameters.name.value - # $destinationBlobName = "$destinationBlobName.vhd" - # Write-Verbose "Planning for destination blob name $destinationBlobName in container $destinationContainerName and storage account $destinationStorageAccountName" -Verbose - - # # Copying the vhd to a destination blob container - # Write-Verbose "Copying the vhd to a destination blob container" -Verbose - # $resourceActionInputObject = @{ - # AbsoluteUri = $sourceUri - # Context = $sourceStorageAccountContext - # DestContext = $destinationStorageAccountContext - # DestBlob = $destinationBlobName - # DestContainer = $destinationContainerName - # Force = $true - # } - # Start-AzStorageBlobCopy @resourceActionInputObject - # azPSVersion: 'latest' - # azurePowerShellVersion: 'LatestVersion' - # pwsh: true + - job: + displayName: Trigger vhd build and store it to a storage account blob container + dependsOn: + - job_deploy_imgt + pool: + ${{ if eq(variables['vmImage'], '') }}: + name: $(poolName) + ${{ if eq(variables['poolName'], '') }}: + vmImage: $(vmImage) + variables: + deploymentOutput: $[ dependencies.job_deploy_imgt.outputs['DeployModule.deploymentOutput'] ] + steps: + - task: PowerShell@2 + displayName: 'Setup agent' + inputs: + targetType: inline + pwsh: true + script: | + # Load used functions + . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.ImageBuilder' }, + @{ Name = 'Az.Storage' } + ) + + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - task: AzurePowerShell@5 + displayName: Trigger building new image + inputs: + azureSubscription: $(serviceConnection) + ScriptType: 'InlineScript' + Inline: | + # Retrieving parameters from previous job outputs + Write-Verbose "Retrieving parameters from previous job outputs" -Verbose + $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').name + $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').resourceGroupName + + # Trigger new image creation + Write-Verbose "Trigger new image creation with imageTemplateName $imageTemplateName and imageTemplateResourceGroup $imageTemplateResourceGroup" -Verbose + Start-AzImageBuilderTemplate -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup + azurePowerShellVersion: 'LatestVersion' + pwsh: true + - task: AzurePowerShell@5 + displayName: Copy baked vhd to a storage account + inputs: + azureSubscription: $(serviceConnection) + ScriptType: 'InlineScript' + Inline: | + # Retrieving parameters from previous job outputs and parameter files + Write-Verbose "Retrieving parameters from previous job outputs" -Verbose + $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').name + $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').resourceGroupName + + Write-Verbose "Retrieving parameters from storage account parameter files" -Verbose + $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(saResourceType)' 'parameters' 'parameters.json' + $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + Write-Verbose "Retrieving parameters from image template parameter files" -Verbose + $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' + $imageTemplateParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # Initializing parameters before the blob copy + Write-Verbose "Initializing source storage account parameters before the blob copy" -Verbose + $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null + $sourceUri = $imgtRunOutput.ArtifactUri + $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] + $sourceStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $sourceStorageAccountName + $sourceStorageAccountContext = $sourceStorageAccount.Context + $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName + Write-Verbose "Retrieving artifact uri $sourceUri stored in resource group $sourceStorageAccountRGName" -Verbose + + Write-Verbose "Initializing destination storage account parameters before the blob copy" -Verbose + $destinationStorageAccountName = $storageAccountParameters.name.value + $destinationStorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -EQ $destinationStorageAccountName + $destinationStorageAccountContext = $destinationStorageAccount.Context + $destinationContainerName = 'vhds' + $destinationBlobName = $imageTemplateParameters.name.value + $destinationBlobName = "$destinationBlobName.vhd" + Write-Verbose "Planning for destination blob name $destinationBlobName in container $destinationContainerName and storage account $destinationStorageAccountName" -Verbose + + # Copying the vhd to a destination blob container + Write-Verbose "Copying the vhd to a destination blob container" -Verbose + $resourceActionInputObject = @{ + AbsoluteUri = $sourceUri + Context = $sourceStorageAccountContext + DestContext = $destinationStorageAccountContext + DestBlob = $destinationBlobName + DestContainer = $destinationContainerName + Force = $true + } + Start-AzStorageBlobCopy @resourceActionInputObject + azPSVersion: 'latest' + azurePowerShellVersion: 'LatestVersion' + pwsh: true # - stage: deploy_ag # displayName: Deploy action groups diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index afad812ddc..5c8b880e3f 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -329,8 +329,8 @@ jobs: with: inlineScript: | $deploymentOutput = '${{ steps.deploy_imgt.outputs.deploymentOutput }}' - $imageTemplateName = (ConvertFrom-Json $deploymentOutput).imageTemplateName - $imageTemplateResourceGroup = (ConvertFrom-Json $deploymentOutput).imageTemplateResourceGroup + $imageTemplateName = (ConvertFrom-Json $deploymentOutput).name + $imageTemplateResourceGroup = (ConvertFrom-Json $deploymentOutput).resourceGroupName Write-Verbose "imageTemplateName: $imageTemplateName" -Verbose Write-Verbose "imageTemplateResourceGroup: $imageTemplateResourceGroup" -Verbose Write-Output ('::set-output name={0}::{1}' -f 'imageTemplateName', $imageTemplateName) From 2f215b33f720e0c2d838063dc3508d75083df203 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 19:48:20 +0100 Subject: [PATCH 24/31] uncomment --- .../platform.dependencies.yml | 1289 +++++++------ .github/workflows/platform.dependencies.yml | 1652 ++++++++--------- 2 files changed, 1470 insertions(+), 1471 deletions(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index f42f8936fb..315255c9e4 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -34,202 +34,201 @@ variables: value: 'validation-rg' stages: - # - stage: deploy_rg - # displayName: Deploy resource group - # variables: - # resourceType: 'Microsoft.Resources/resourceGroups' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/validation.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Validation Resource Group - - # - stage: deploy_msi - # displayName: Deploy user assigned identity - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.ManagedIdentity/userAssignedIdentities' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: User Assigned Identity - # jobName: job_deploy_msi - # - job: job_set_msi_id - # displayName: Set msi principal ID output - # dependsOn: - # - job_deploy_msi - # pool: - # ${{ if eq(variables['vmImage'], '') }}: - # name: $(poolName) - # ${{ if eq(variables['poolName'], '') }}: - # vmImage: $(vmImage) - # variables: - # deploymentOutput: $[ dependencies.job_deploy_msi.outputs['DeployModule.deploymentOutput'] ] - # steps: - # - task: PowerShell@2 - # name: print_msi_prinId - # inputs: - # targetType: inline - # pwsh: true - # script: | - # # Write-Verbose $(deploymentOutput) -Verbose - # $msiPrincipalId = (ConvertFrom-Json '$(deploymentOutput)').principalId - # Write-Verbose "msiPrincipalId: $msiPrincipalId" -Verbose - # Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'msiPrincipalId', $msiPrincipalId) - - # - stage: deploy_pa - # displayName: Deploy policy assignment - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.Authorization/policyAssignments' - # templateFilePath: $(modulesPath)/$(resourceType)/.bicep/nested_policyAssignments_sub.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Policy assignment - - # - stage: deploy_evh - # displayName: Deploy event hub - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.EventHub/namespaces' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: EventHub - - # - stage: deploy_law - # displayName: Deploy log analytics workspace - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.OperationalInsights/workspaces' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default LAW - # - path: $(dependencyPath)/$(resourceType)/parameters/appi.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: AppInsights LAW - - # - stage: deploy_sa - # displayName: Deploy storage account - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.Storage/storageAccounts' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default storage account - # jobName: default_sa - # - path: $(dependencyPath)/$(resourceType)/parameters/law.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: LAW storage account - # - path: $(dependencyPath)/$(resourceType)/parameters/fa.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: FunctionApp storage account - # - job: - # displayName: Upload files to storage account - # dependsOn: - # - default_sa - # pool: - # ${{ if eq(variables['vmImage'], '') }}: - # name: $(poolName) - # ${{ if eq(variables['poolName'], '') }}: - # vmImage: $(vmImage) - # steps: - # - task: PowerShell@2 - # displayName: 'Setup agent' - # inputs: - # targetType: inline - # pwsh: true - # script: | - # # Load used functions - # . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # # Define PS modules to install on the runner - # $Modules = @( - # @{ Name = 'Az.Storage' } - # ) - - # # Set agent up - # Set-EnvironmentOnAgent -PSModules $Modules - # - task: AzurePowerShell@5 - # displayName: Upload files to storage account - # inputs: - # azureSubscription: $(serviceConnection) - # ScriptType: 'InlineScript' - # Inline: | - # # Load used functions - # . (Join-Path '$(Build.SourcesDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') - - # # Get storage account name - # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' - # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - - # # Upload files to storage account - # $functionInput = @{ - # ResourceGroupName = '$(defaultResourceGroupName)' - # StorageAccountName = $storageAccountParameters.name.value - # contentDirectories = Join-Path '$(Build.SourcesDirectory)' $(dependencyPath) '$(resourceType)' 'uploads' - # targetContainer = $storageAccountParameters.blobServices.value.containers[0].name - # } - - # Write-Verbose "Invoke task with" -Verbose - # Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose - - # Export-ContentToBlob @functionInput -Verbose - # azurePowerShellVersion: 'LatestVersion' - # pwsh: true - - # - stage: deploy_sig - # displayName: Deploy shared image gallery and definition - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.Compute/galleries' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default SIG and SID - - # dependsOn: - # - deploy_msi - # - deploy_sig - # - deploy_sa + - stage: deploy_rg + displayName: Deploy resource group + variables: + resourceType: 'Microsoft.Resources/resourceGroups' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/validation.parameters.json + templateFilePath: $(templateFilePath) + displayName: Validation Resource Group + + - stage: deploy_msi + displayName: Deploy user assigned identity + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.ManagedIdentity/userAssignedIdentities' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: User Assigned Identity + jobName: job_deploy_msi + - job: job_set_msi_id + displayName: Set msi principal ID output + dependsOn: + - job_deploy_msi + pool: + ${{ if eq(variables['vmImage'], '') }}: + name: $(poolName) + ${{ if eq(variables['poolName'], '') }}: + vmImage: $(vmImage) + variables: + deploymentOutput: $[ dependencies.job_deploy_msi.outputs['DeployModule.deploymentOutput'] ] + steps: + - task: PowerShell@2 + name: print_msi_prinId + inputs: + targetType: inline + pwsh: true + script: | + # Write-Verbose $(deploymentOutput) -Verbose + $msiPrincipalId = (ConvertFrom-Json '$(deploymentOutput)').principalId + Write-Verbose "msiPrincipalId: $msiPrincipalId" -Verbose + Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'msiPrincipalId', $msiPrincipalId) + + - stage: deploy_pa + displayName: Deploy policy assignment + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.Authorization/policyAssignments' + templateFilePath: $(modulesPath)/$(resourceType)/.bicep/nested_policyAssignments_sub.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Policy assignment + + - stage: deploy_evh + displayName: Deploy event hub + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.EventHub/namespaces' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: EventHub + + - stage: deploy_law + displayName: Deploy log analytics workspace + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.OperationalInsights/workspaces' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default LAW + - path: $(dependencyPath)/$(resourceType)/parameters/appi.parameters.json + templateFilePath: $(templateFilePath) + displayName: AppInsights LAW + + - stage: deploy_sa + displayName: Deploy storage account + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.Storage/storageAccounts' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default storage account + jobName: default_sa + - path: $(dependencyPath)/$(resourceType)/parameters/law.parameters.json + templateFilePath: $(templateFilePath) + displayName: LAW storage account + - path: $(dependencyPath)/$(resourceType)/parameters/fa.parameters.json + templateFilePath: $(templateFilePath) + displayName: FunctionApp storage account + - job: + displayName: Upload files to storage account + dependsOn: + - default_sa + pool: + ${{ if eq(variables['vmImage'], '') }}: + name: $(poolName) + ${{ if eq(variables['poolName'], '') }}: + vmImage: $(vmImage) + steps: + - task: PowerShell@2 + displayName: 'Setup agent' + inputs: + targetType: inline + pwsh: true + script: | + # Load used functions + . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.Storage' } + ) + + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - task: AzurePowerShell@5 + displayName: Upload files to storage account + inputs: + azureSubscription: $(serviceConnection) + ScriptType: 'InlineScript' + Inline: | + # Load used functions + . (Join-Path '$(Build.SourcesDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') + + # Get storage account name + $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' + $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + + # Upload files to storage account + $functionInput = @{ + ResourceGroupName = '$(defaultResourceGroupName)' + StorageAccountName = $storageAccountParameters.name.value + contentDirectories = Join-Path '$(Build.SourcesDirectory)' $(dependencyPath) '$(resourceType)' 'uploads' + targetContainer = $storageAccountParameters.blobServices.value.containers[0].name + } + + Write-Verbose "Invoke task with" -Verbose + Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose + + Export-ContentToBlob @functionInput -Verbose + azurePowerShellVersion: 'LatestVersion' + pwsh: true + + - stage: deploy_sig + displayName: Deploy shared image gallery and definition + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.Compute/galleries' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default SIG and SID - stage: deploy_imgt displayName: Deploy image template + dependsOn: + - deploy_msi + - deploy_sig + - deploy_sa variables: resourceType: 'Microsoft.VirtualMachineImages\imageTemplates' saResourceType: 'Microsoft.Storage\storageAccounts' @@ -365,455 +364,455 @@ stages: azurePowerShellVersion: 'LatestVersion' pwsh: true - # - stage: deploy_ag - # displayName: Deploy action groups - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.Insights/actionGroups' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Action Group - - # - stage: deploy_asg - # displayName: Deploy application security groups - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.Network/applicationSecurityGroups' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Application Security Groups - - # - stage: deploy_udr - # displayName: Deploy route tables - # dependsOn: - # - deploy_rg - # variables: - # resourceType: 'Microsoft.Network/routeTables' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default User Defined Routes - # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - # - path: $(dependencyPath)/$(resourceType)/parameters/sqlMi.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: SQLMI User Defined Routes - - # - stage: deploy_nsg - # displayName: Deploy network security groups - # dependsOn: - # - deploy_sa - # - deploy_evh - # - deploy_law - # variables: - # resourceType: 'Microsoft.Network/networkSecurityGroups' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default NSG - # - path: $(dependencyPath)/$(resourceType)/parameters/apgw.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: App Gateway NSG - # - path: $(dependencyPath)/$(resourceType)/parameters/ase.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: ASE NSG - # - path: $(dependencyPath)/$(resourceType)/parameters/bastion.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Bastion NSG - # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - # - path: $(dependencyPath)/$(resourceType)/parameters/sqlmi.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: SQLMI NSG - - # - stage: deploy_pip - # displayName: Deploy public IP addresses - # dependsOn: - # - deploy_sa - # - deploy_evh - # - deploy_law - # variables: - # resourceType: 'Microsoft.Network\publicIPAddresses' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/apgw.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: App Gateway Public IP - # - path: $(dependencyPath)/$(resourceType)/parameters/bas.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Bastion Public IP - # - path: $(dependencyPath)/$(resourceType)/parameters/lb.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Load balancer Public IP - # - path: $(dependencyPath)/$(resourceType)/parameters/fw.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Firewall Public IP - - # - stage: deploy_appi - # displayName: Deploy application insight - # dependsOn: - # - deploy_sa - # - deploy_evh - # - deploy_law - # variables: - # resourceType: 'Microsoft.Insights/components' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Application Insights - - # - stage: deploy_aut - # displayName: Deploy automation account - # dependsOn: - # - deploy_sa - # - deploy_evh - # - deploy_law - # variables: - # resourceType: 'Microsoft.Automation/automationAccounts' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Automation Account - - # - stage: deploy_avdhp - # displayName: Deploy AVD host pool - # dependsOn: - # - deploy_sa - # - deploy_evh - # - deploy_law - # variables: - # resourceType: 'Microsoft.DesktopVirtualization/hostpools' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default AVD Host Pool - - # - stage: deploy_rsv - # displayName: Deploy recovery services vault - # dependsOn: - # - deploy_sa - # - deploy_evh - # - deploy_law - # - deploy_msi - # variables: - # resourceType: 'Microsoft.RecoveryServices/vaults' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default recovery services vault - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - - # - stage: deploy_kv - # displayName: Deploy key vaults - # dependsOn: - # - deploy_sa - # - deploy_evh - # - deploy_law - # - deploy_msi - # variables: - # resourceType: 'Microsoft.KeyVault/vaults' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Key Vault - # jobName: default_kv - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - # - path: $(dependencyPath)/$(resourceType)/parameters/pe.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Private Endpoint Key Vault - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - # - path: $(dependencyPath)/$(resourceType)/parameters/sqlmi.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: SQLMI key vault - # jobName: sqlmi_kv - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - # - job: - # displayName: Set key vault secrets keys and certificates - # dependsOn: - # - default_kv - # pool: - # ${{ if eq(variables['vmImage'], '') }}: - # name: $(poolName) - # ${{ if eq(variables['poolName'], '') }}: - # vmImage: $(vmImage) - # steps: - # - task: PowerShell@2 - # displayName: 'Setup agent' - # inputs: - # targetType: inline - # pwsh: true - # script: | - # # Load used functions - # . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # # Define PS modules to install on the runner - # $Modules = @( - # @{ Name = 'Az.KeyVault' } - # ) - - # # Set agent up - # Set-EnvironmentOnAgent -PSModules $Modules - # - task: AzurePowerShell@5 - # displayName: Set key vault secrets keys and certificates - # inputs: - # azureSubscription: $(serviceConnection) - # ScriptType: 'InlineScript' - # Inline: | - # # Get key vault name - # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' - # $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters - # $keyVaultName = $keyVaultParameters.name.value - - # # Generate values - # $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length - # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - # $passwordString = (New-Guid).Guid.SubString(0, 19) - # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - # $vpnSharedKeyString = (New-Guid).Guid.SubString(0, 32) - # $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force - - # # Set secrets - # # ------- - # @( - # @{ name = 'adminUsername'; secretValue = $username } # VirtualMachines and VMSS - # @{ name = 'adminPassword'; secretValue = $password } # VirtualMachines and VMSS - # @{ name = 'administratorLogin'; secretValue = $username } # Azure SQLServer - # @{ name = 'administratorLoginPassword'; secretValue = $password } # Azure SQLServer - # @{ name = 'vpnSharedKey'; secretValue = $vpnSharedKey } # VirtualNetworkGateway - # @{ name = 'apimClientId'; secretValue = $username } # API management - # @{ name = 'apimClientSecret'; secretValue = $password } # API management - # ) | ForEach-Object { - # $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue - # Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - - # # Certificats - # # ----------- - # $certPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal - # @( - # @{ name = 'applicationGatewaySslCertificate'; CertificatePolicy = $certPolicy } # ApplicationGateway - # ) | ForEach-Object { - # $null = Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name $_.name -CertificatePolicy $_.CertificatePolicy - # Write-Verbose ('Added certificate [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - - # # Set keys - # # ---- - # @( - # @{ name = 'keyEncryptionKey'; Destination = 'Software' } # DiskEncryptionSet, VirtualMachines and VMSS - # ) | ForEach-Object { - # $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination - # Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - # azurePowerShellVersion: 'LatestVersion' - # pwsh: true - - # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - # - job: - # displayName: Set sqlmi key vault secrets and keys - # condition: eq(${{ parameters.deploySqlMiDependencies }}, true) - # dependsOn: - # - sqlmi_kv - # pool: - # ${{ if eq(variables['vmImage'], '') }}: - # name: $(poolName) - # ${{ if eq(variables['poolName'], '') }}: - # vmImage: $(vmImage) - # steps: - # - task: PowerShell@2 - # displayName: 'Setup agent' - # inputs: - # targetType: inline - # pwsh: true - # script: | - # # Load used functions - # . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # # Define PS modules to install on the runner - # $Modules = @( - # @{ Name = 'Az.KeyVault' } - # ) - - # # Set agent up - # Set-EnvironmentOnAgent -PSModules $Modules - # - task: AzurePowerShell@5 - # displayName: Set sqlmi key vault secrets and keys - # inputs: - # azureSubscription: $(serviceConnection) - # ScriptType: 'InlineScript' - # Inline: | - # # Get key vault name - # $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'sqlmi.parameters.json' - # $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters - # $keyVaultName = $keyVaultParameters.name.value - - # # Generate values - # $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length - # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - # $passwordString = (New-Guid).Guid.SubString(0, 19) - # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - - # # Set secrets - # # ------- - # @( - # @{ name = 'administratorLogin'; secretValue = $username } # SQLManagedInstances - # @{ name = 'administratorLoginPassword'; secretValue = $password } # SQLManagedInstances - # ) | ForEach-Object { - # $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue - # Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - - # # Set keys - # # ---- - # @( - # @{ name = 'keyEncryptionKeySqlMi'; Destination = 'Software' } # SQLManagedInstances - # ) | ForEach-Object { - # $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination - # Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - # azurePowerShellVersion: 'LatestVersion' - # pwsh: true - - # - stage: deploy_avdag - # displayName: Deploy AVD application group - # dependsOn: - # - deploy_avdhp - # variables: - # resourceType: 'Microsoft.DesktopVirtualization/applicationgroups' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Application Group - - # - stage: deploy_rolea - # displayName: Deploy role assignments - # dependsOn: - # - deploy_msi - # variables: - # resourceType: 'Microsoft.Authorization/roleAssignments' - # templateFilePath: $(modulesPath)/$(resourceType)/.bicep/nested_rbac_sub.bicep - # msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: MSI Role Assignment - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' - - # - stage: deploy_vnet - # displayName: Deploy virtual networks - # dependsOn: - # - deploy_nsg - # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - # - deploy_udr - # variables: - # resourceType: 'Microsoft.Network/virtualNetworks' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Virtual Network - # - path: $(dependencyPath)/$(resourceType)/parameters/1.bastion.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Bastion Virtual Network - # - path: $(dependencyPath)/$(resourceType)/parameters/2.vnetpeer01.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: VNET PEering 1 Virtual Network - # - path: $(dependencyPath)/$(resourceType)/parameters/3.vnetpeer02.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: VNET Peering 2 Virtual Network - # - path: $(dependencyPath)/$(resourceType)/parameters/4.azfw.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Azure Firewall Virtual Network - # - path: $(dependencyPath)/$(resourceType)/parameters/5.aks.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: AKS Virtual Network - # - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: - # - path: $(dependencyPath)/$(resourceType)/parameters/6.sqlmi.parameters.json - # templateFilePath: $(templateFilePath) - # displayName: SQL MI Virtual Network - - # - stage: deploy_dnszone - # displayName: Deploy private DNS zones - # dependsOn: - # - deploy_vnet - # variables: - # resourceType: 'Microsoft.Network/privateDnsZones' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Private DNS Zones - - # - stage: deploy_vm - # displayName: Deploy virtual machines - # dependsOn: - # - deploy_vnet - # - deploy_rsv - # - deploy_kv - # variables: - # resourceType: 'Microsoft.Compute/virtualMachines' - # templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep - # jobs: - # - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml - # parameters: - # deploymentBlocks: - # - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json - # templateFilePath: $(templateFilePath) - # displayName: Default Virtual Machine + - stage: deploy_ag + displayName: Deploy action groups + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.Insights/actionGroups' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Action Group + + - stage: deploy_asg + displayName: Deploy application security groups + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.Network/applicationSecurityGroups' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Application Security Groups + + - stage: deploy_udr + displayName: Deploy route tables + dependsOn: + - deploy_rg + variables: + resourceType: 'Microsoft.Network/routeTables' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default User Defined Routes + - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + - path: $(dependencyPath)/$(resourceType)/parameters/sqlMi.parameters.json + templateFilePath: $(templateFilePath) + displayName: SQLMI User Defined Routes + + - stage: deploy_nsg + displayName: Deploy network security groups + dependsOn: + - deploy_sa + - deploy_evh + - deploy_law + variables: + resourceType: 'Microsoft.Network/networkSecurityGroups' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default NSG + - path: $(dependencyPath)/$(resourceType)/parameters/apgw.parameters.json + templateFilePath: $(templateFilePath) + displayName: App Gateway NSG + - path: $(dependencyPath)/$(resourceType)/parameters/ase.parameters.json + templateFilePath: $(templateFilePath) + displayName: ASE NSG + - path: $(dependencyPath)/$(resourceType)/parameters/bastion.parameters.json + templateFilePath: $(templateFilePath) + displayName: Bastion NSG + - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + - path: $(dependencyPath)/$(resourceType)/parameters/sqlmi.parameters.json + templateFilePath: $(templateFilePath) + displayName: SQLMI NSG + + - stage: deploy_pip + displayName: Deploy public IP addresses + dependsOn: + - deploy_sa + - deploy_evh + - deploy_law + variables: + resourceType: 'Microsoft.Network\publicIPAddresses' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/apgw.parameters.json + templateFilePath: $(templateFilePath) + displayName: App Gateway Public IP + - path: $(dependencyPath)/$(resourceType)/parameters/bas.parameters.json + templateFilePath: $(templateFilePath) + displayName: Bastion Public IP + - path: $(dependencyPath)/$(resourceType)/parameters/lb.parameters.json + templateFilePath: $(templateFilePath) + displayName: Load balancer Public IP + - path: $(dependencyPath)/$(resourceType)/parameters/fw.parameters.json + templateFilePath: $(templateFilePath) + displayName: Firewall Public IP + + - stage: deploy_appi + displayName: Deploy application insight + dependsOn: + - deploy_sa + - deploy_evh + - deploy_law + variables: + resourceType: 'Microsoft.Insights/components' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Application Insights + + - stage: deploy_aut + displayName: Deploy automation account + dependsOn: + - deploy_sa + - deploy_evh + - deploy_law + variables: + resourceType: 'Microsoft.Automation/automationAccounts' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Automation Account + + - stage: deploy_avdhp + displayName: Deploy AVD host pool + dependsOn: + - deploy_sa + - deploy_evh + - deploy_law + variables: + resourceType: 'Microsoft.DesktopVirtualization/hostpools' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default AVD Host Pool + + - stage: deploy_rsv + displayName: Deploy recovery services vault + dependsOn: + - deploy_sa + - deploy_evh + - deploy_law + - deploy_msi + variables: + resourceType: 'Microsoft.RecoveryServices/vaults' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default recovery services vault + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + + - stage: deploy_kv + displayName: Deploy key vaults + dependsOn: + - deploy_sa + - deploy_evh + - deploy_law + - deploy_msi + variables: + resourceType: 'Microsoft.KeyVault/vaults' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Key Vault + jobName: default_kv + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + - path: $(dependencyPath)/$(resourceType)/parameters/pe.parameters.json + templateFilePath: $(templateFilePath) + displayName: Private Endpoint Key Vault + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + - path: $(dependencyPath)/$(resourceType)/parameters/sqlmi.parameters.json + templateFilePath: $(templateFilePath) + displayName: SQLMI key vault + jobName: sqlmi_kv + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + - job: + displayName: Set key vault secrets keys and certificates + dependsOn: + - default_kv + pool: + ${{ if eq(variables['vmImage'], '') }}: + name: $(poolName) + ${{ if eq(variables['poolName'], '') }}: + vmImage: $(vmImage) + steps: + - task: PowerShell@2 + displayName: 'Setup agent' + inputs: + targetType: inline + pwsh: true + script: | + # Load used functions + . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.KeyVault' } + ) + + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - task: AzurePowerShell@5 + displayName: Set key vault secrets keys and certificates + inputs: + azureSubscription: $(serviceConnection) + ScriptType: 'InlineScript' + Inline: | + # Get key vault name + $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'parameters.json' + $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters + $keyVaultName = $keyVaultParameters.name.value + + # Generate values + $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length + $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + $passwordString = (New-Guid).Guid.SubString(0, 19) + $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + $vpnSharedKeyString = (New-Guid).Guid.SubString(0, 32) + $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force + + # Set secrets + # ------- + @( + @{ name = 'adminUsername'; secretValue = $username } # VirtualMachines and VMSS + @{ name = 'adminPassword'; secretValue = $password } # VirtualMachines and VMSS + @{ name = 'administratorLogin'; secretValue = $username } # Azure SQLServer + @{ name = 'administratorLoginPassword'; secretValue = $password } # Azure SQLServer + @{ name = 'vpnSharedKey'; secretValue = $vpnSharedKey } # VirtualNetworkGateway + @{ name = 'apimClientId'; secretValue = $username } # API management + @{ name = 'apimClientSecret'; secretValue = $password } # API management + ) | ForEach-Object { + $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue + Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + + # Certificats + # ----------- + $certPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal + @( + @{ name = 'applicationGatewaySslCertificate'; CertificatePolicy = $certPolicy } # ApplicationGateway + ) | ForEach-Object { + $null = Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name $_.name -CertificatePolicy $_.CertificatePolicy + Write-Verbose ('Added certificate [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + + # Set keys + # ---- + @( + @{ name = 'keyEncryptionKey'; Destination = 'Software' } # DiskEncryptionSet, VirtualMachines and VMSS + ) | ForEach-Object { + $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination + Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + azurePowerShellVersion: 'LatestVersion' + pwsh: true + + - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + - job: + displayName: Set sqlmi key vault secrets and keys + condition: eq(${{ parameters.deploySqlMiDependencies }}, true) + dependsOn: + - sqlmi_kv + pool: + ${{ if eq(variables['vmImage'], '') }}: + name: $(poolName) + ${{ if eq(variables['poolName'], '') }}: + vmImage: $(vmImage) + steps: + - task: PowerShell@2 + displayName: 'Setup agent' + inputs: + targetType: inline + pwsh: true + script: | + # Load used functions + . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.KeyVault' } + ) + + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - task: AzurePowerShell@5 + displayName: Set sqlmi key vault secrets and keys + inputs: + azureSubscription: $(serviceConnection) + ScriptType: 'InlineScript' + Inline: | + # Get key vault name + $parameterFilePath = Join-Path '$(Build.SourcesDirectory)' '$(dependencyPath)' '$(resourceType)' 'parameters' 'sqlmi.parameters.json' + $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters + $keyVaultName = $keyVaultParameters.name.value + + # Generate values + $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length + $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + $passwordString = (New-Guid).Guid.SubString(0, 19) + $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + + # Set secrets + # ------- + @( + @{ name = 'administratorLogin'; secretValue = $username } # SQLManagedInstances + @{ name = 'administratorLoginPassword'; secretValue = $password } # SQLManagedInstances + ) | ForEach-Object { + $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue + Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + + # Set keys + # ---- + @( + @{ name = 'keyEncryptionKeySqlMi'; Destination = 'Software' } # SQLManagedInstances + ) | ForEach-Object { + $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination + Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + azurePowerShellVersion: 'LatestVersion' + pwsh: true + + - stage: deploy_avdag + displayName: Deploy AVD application group + dependsOn: + - deploy_avdhp + variables: + resourceType: 'Microsoft.DesktopVirtualization/applicationgroups' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Application Group + + - stage: deploy_rolea + displayName: Deploy role assignments + dependsOn: + - deploy_msi + variables: + resourceType: 'Microsoft.Authorization/roleAssignments' + templateFilePath: $(modulesPath)/$(resourceType)/.bicep/nested_rbac_sub.bicep + msiPrincipalId: $[ stageDependencies.deploy_msi.job_set_msi_id.outputs['print_msi_prinId.msiPrincipalId'] ] + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: MSI Role Assignment + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"$(msiPrincipalId)"}]' + + - stage: deploy_vnet + displayName: Deploy virtual networks + dependsOn: + - deploy_nsg + - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + - deploy_udr + variables: + resourceType: 'Microsoft.Network/virtualNetworks' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Virtual Network + - path: $(dependencyPath)/$(resourceType)/parameters/1.bastion.parameters.json + templateFilePath: $(templateFilePath) + displayName: Bastion Virtual Network + - path: $(dependencyPath)/$(resourceType)/parameters/2.vnetpeer01.parameters.json + templateFilePath: $(templateFilePath) + displayName: VNET PEering 1 Virtual Network + - path: $(dependencyPath)/$(resourceType)/parameters/3.vnetpeer02.parameters.json + templateFilePath: $(templateFilePath) + displayName: VNET Peering 2 Virtual Network + - path: $(dependencyPath)/$(resourceType)/parameters/4.azfw.parameters.json + templateFilePath: $(templateFilePath) + displayName: Azure Firewall Virtual Network + - path: $(dependencyPath)/$(resourceType)/parameters/5.aks.parameters.json + templateFilePath: $(templateFilePath) + displayName: AKS Virtual Network + - ${{ if eq( parameters.deploySqlMiDependencies, true) }}: + - path: $(dependencyPath)/$(resourceType)/parameters/6.sqlmi.parameters.json + templateFilePath: $(templateFilePath) + displayName: SQL MI Virtual Network + + - stage: deploy_dnszone + displayName: Deploy private DNS zones + dependsOn: + - deploy_vnet + variables: + resourceType: 'Microsoft.Network/privateDnsZones' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Private DNS Zones + + - stage: deploy_vm + displayName: Deploy virtual machines + dependsOn: + - deploy_vnet + - deploy_rsv + - deploy_kv + variables: + resourceType: 'Microsoft.Compute/virtualMachines' + templateFilePath: $(modulesPath)/$(resourceType)/deploy.bicep + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + parameters: + deploymentBlocks: + - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json + templateFilePath: $(templateFilePath) + displayName: Default Virtual Machine diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 5c8b880e3f..4f6c47c141 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -100,86 +100,86 @@ jobs: Write-Output ('::set-output name={0}::{1}' -f 'msiPrincipalId', $msiPrincipalId) azPSVersion: 'latest' - # job_deploy_pa: - # runs-on: ubuntu-20.04 - # name: 'Deploy policy assignment' - # env: - # namespace: 'Microsoft.Authorization\policyAssignments' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_policyAssignments_sub.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_pa: + runs-on: ubuntu-20.04 + name: 'Deploy policy assignment' + env: + namespace: 'Microsoft.Authorization\policyAssignments' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_policyAssignments_sub.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_evh: - # runs-on: ubuntu-20.04 - # name: 'Deploy eventhub' - # env: - # namespace: 'Microsoft.EventHub\namespaces' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_evh: + runs-on: ubuntu-20.04 + name: 'Deploy eventhub' + env: + namespace: 'Microsoft.EventHub\namespaces' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_law: - # runs-on: ubuntu-20.04 - # name: 'Deploy log analytics workspace' - # env: - # namespace: 'Microsoft.OperationalInsights\workspaces' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['appi.parameters.json', 'parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_law: + runs-on: ubuntu-20.04 + name: 'Deploy log analytics workspace' + env: + namespace: 'Microsoft.OperationalInsights\workspaces' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['appi.parameters.json', 'parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' job_deploy_sa: runs-on: ubuntu-20.04 @@ -209,60 +209,60 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' - # job_sa_upload_storage_files: - # runs-on: ubuntu-20.04 - # name: 'Upload files to storage account' - # env: - # namespace: 'Microsoft.Storage\storageAccounts' - # needs: - # - job_deploy_sa - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Setup agent' - # shell: pwsh - # run: | - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + job_sa_upload_storage_files: + runs-on: ubuntu-20.04 + name: 'Upload files to storage account' + env: + namespace: 'Microsoft.Storage\storageAccounts' + needs: + - job_deploy_sa + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Setup agent' + shell: pwsh + run: | + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - # # Define PS modules to install on the runner - # $Modules = @( - # @{ Name = 'Az.Storage' } - # ) + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.Storage' } + ) - # # Set agent up - # Set-EnvironmentOnAgent -PSModules $Modules - # - name: Azure Login - # uses: azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # - name: Run PowerShell - # uses: azure/powershell@v1 - # with: - # inlineScript: | - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - name: Azure Login + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + enable-AzPSSession: true + - name: Run PowerShell + uses: azure/powershell@v1 + with: + inlineScript: | + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Export-ContentToBlob.ps1') - # # Get storage account name - # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.namespace }}' 'parameters' 'parameters.json' - # $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters + # Get storage account name + $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.namespace }}' 'parameters' 'parameters.json' + $storageAccountParameters = (ConvertFrom-Json (Get-Content -path $parameterFilePath -Raw)).parameters - # # Upload files to storage account - # $functionInput = @{ - # ResourceGroupName = '${{ env.defaultResourceGroupName }}' - # StorageAccountName = $storageAccountParameters.name.value - # contentDirectories = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.namespace }}' 'uploads' - # targetContainer = $storageAccountParameters.blobServices.value.containers[0].name - # } + # Upload files to storage account + $functionInput = @{ + ResourceGroupName = '${{ env.defaultResourceGroupName }}' + StorageAccountName = $storageAccountParameters.name.value + contentDirectories = Join-Path $env:GITHUB_WORKSPACE '${{ env.dependencyPath }}' '${{ env.namespace }}' 'uploads' + targetContainer = $storageAccountParameters.blobServices.value.containers[0].name + } - # Write-Verbose "Invoke task with" -Verbose - # Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose + Write-Verbose "Invoke task with" -Verbose + Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose - # Export-ContentToBlob @functionInput -Verbose - # azPSVersion: 'latest' + Export-ContentToBlob @functionInput -Verbose + azPSVersion: 'latest' job_deploy_sig: runs-on: ubuntu-20.04 @@ -431,713 +431,713 @@ jobs: Start-AzStorageBlobCopy @resourceActionInputObject azPSVersion: 'latest' - # job_deploy_ag: - # runs-on: ubuntu-20.04 - # name: 'Deploy action groups' - # env: - # namespace: 'Microsoft.Insights\actionGroups' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_asg: - # runs-on: ubuntu-20.04 - # name: 'Deploy application security groups' - # env: - # namespace: 'Microsoft.Network\applicationSecurityGroups' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_pip: - # runs-on: ubuntu-20.04 - # name: 'Deploy public IP addresses' - # env: - # namespace: 'Microsoft.Network\publicIPAddresses' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json', 'fw.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_sqlmi_udr: - # runs-on: ubuntu-20.04 - # name: 'Deploy sqlmi route tables' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # env: - # namespace: 'Microsoft.Network\routeTables' - # needs: - # - job_deploy_rg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['sqlMi.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_nsg: - # runs-on: ubuntu-20.04 - # name: 'Deploy network security groups' - # env: - # namespace: 'Microsoft.Network\networkSecurityGroups' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # [ - # 'apgw.parameters.json', - # 'ase.parameters.json', - # 'bastion.parameters.json', - # 'parameters.json', - # ] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_sqlmi_nsg: - # runs-on: ubuntu-20.04 - # name: 'Deploy sqlmi network security group' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # env: - # namespace: 'Microsoft.Network\networkSecurityGroups' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['sqlmi.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_pip: - # runs-on: ubuntu-20.04 - # name: 'Deploy public IP addresses' - # env: - # namespace: 'Microsoft.Network\publicIPAddresses' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_appi: - # runs-on: ubuntu-20.04 - # name: 'Deploy application insight' - # env: - # namespace: 'Microsoft.Insights\components' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_aut: - # runs-on: ubuntu-20.04 - # name: 'Deploy automation account' - # env: - # namespace: 'Microsoft.Automation\automationAccounts' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_avdhp: - # runs-on: ubuntu-20.04 - # name: 'Deploy AVD host pool' - # env: - # namespace: 'Microsoft.DesktopVirtualization\hostpools' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - - # job_deploy_rsv: - # runs-on: ubuntu-20.04 - # name: 'Deploy recovery services vault' - # env: - # namespace: 'Microsoft.RecoveryServices\vaults' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # - job_deploy_msi - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' - - # job_deploy_kv: - # runs-on: ubuntu-20.04 - # name: 'Deploy key vaults' - # env: - # namespace: 'Microsoft.KeyVault\vaults' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # - job_deploy_msi - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json', 'pe.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' - - # job_deploy_kv_secrets: - # runs-on: ubuntu-20.04 - # name: 'Set key vault secrets keys and certificates' - # env: - # namespace: 'Microsoft.KeyVault\vaults' - # needs: - # - job_deploy_kv - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Setup agent' - # shell: pwsh - # run: | - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # # Define PS modules to install on the runner - # $Modules = @( - # @{ Name = 'Az.KeyVault' } - # ) - - # # Set agent up - # Set-EnvironmentOnAgent -PSModules $Modules - # - name: Azure Login - # uses: azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # - name: 'Set key vault secrets keys and certificates' - # uses: azure/powershell@v1 - # with: - # inlineScript: | - # # Get key vault name - # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies' '${{ env.namespace }}' 'parameters' 'parameters.json' - # $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters - # $keyVaultName = $keyVaultParameters.name.value - - # # Generate values - # $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length - # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - # $passwordString = (New-Guid).Guid.SubString(0, 19) - # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force - # $vpnSharedKeyString = (New-Guid).Guid.SubString(0, 32) - # $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force - - # # Set secrets - # # ------- - # @( - # @{ name = 'adminUsername'; secretValue = $username } # VirtualMachines and VMSS - # @{ name = 'adminPassword'; secretValue = $password } # VirtualMachines and VMSS - # @{ name = 'administratorLogin'; secretValue = $username } # Azure SQLServer - # @{ name = 'administratorLoginPassword'; secretValue = $password } # Azure SQLServer - # @{ name = 'vpnSharedKey'; secretValue = $vpnSharedKey } # VirtualNetworkGateway - # @{ name = 'apimClientId'; secretValue = $username } # API management - # @{ name = 'apimClientSecret'; secretValue = $password } # API management - # ) | ForEach-Object { - # $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue - # Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - - # # Set certificates - # # ----------- - # $certPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal - # @( - # @{ name = 'applicationGatewaySslCertificate'; CertificatePolicy = $certPolicy } # ApplicationGateway - # ) | ForEach-Object { - # $null = Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name $_.name -CertificatePolicy $_.CertificatePolicy - # Write-Verbose ('Added certificate [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - - # # Set keys - # # ---- - # @( - # @{ name = 'keyEncryptionKey'; Destination = 'Software' } # DiskEncryptionSet, VirtualMachines and VMSS - # ) | ForEach-Object { - # $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination - # Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - # azPSVersion: 'latest' - - # job_deploy_sqlmi_kv: - # runs-on: ubuntu-20.04 - # name: 'Deploy sqlmi key vault' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # env: - # namespace: 'Microsoft.KeyVault\vaults' - # needs: - # - job_deploy_sa - # - job_deploy_evh - # - job_deploy_law - # - job_deploy_msi - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['sqlmi.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' - - # job_deploy_sqlmi_kv_secrets: - # runs-on: ubuntu-20.04 - # name: 'Set sqlmi key vault secrets and keys' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # needs: - # - job_deploy_sqlmi_kv - # env: - # namespace: 'Microsoft.KeyVault\vaults' - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Setup agent' - # shell: pwsh - # run: | - # # Load used functions - # . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') - - # # Define PS modules to install on the runner - # $Modules = @( - # @{ Name = 'Az.KeyVault' } - # ) + job_deploy_ag: + runs-on: ubuntu-20.04 + name: 'Deploy action groups' + env: + namespace: 'Microsoft.Insights\actionGroups' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # # Set agent up - # Set-EnvironmentOnAgent -PSModules $Modules - # - name: Azure Login - # uses: azure/login@v1 - # with: - # creds: ${{ secrets.AZURE_CREDENTIALS }} - # enable-AzPSSession: true - # - name: 'Set sqlmi key vault secrets and keys' - # uses: azure/powershell@v1 - # with: - # inlineScript: | - # # Get key vault name - # $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies' '${{ env.namespace }}' 'parameters' 'sqlmi.parameters.json' - # $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters - # $keyVaultName = $keyVaultParameters.name.value + job_deploy_asg: + runs-on: ubuntu-20.04 + name: 'Deploy application security groups' + env: + namespace: 'Microsoft.Network\applicationSecurityGroups' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # # Generate values - # $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length - # $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force - # $passwordString = (New-Guid).Guid.SubString(0, 19) - # $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + job_deploy_pip: + runs-on: ubuntu-20.04 + name: 'Deploy public IP addresses' + env: + namespace: 'Microsoft.Network\publicIPAddresses' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: + ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json', 'fw.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # # Set secrets - # # ------- - # @( - # @{ name = 'administratorLogin'; secretValue = $username } # SQLManagedInstances - # @{ name = 'administratorLoginPassword'; secretValue = $password } # SQLManagedInstances - # ) | ForEach-Object { - # $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue - # Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } + job_deploy_sqlmi_udr: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi route tables' + if: github.event.inputs.deploySqlMiDependencies == 'true' + env: + namespace: 'Microsoft.Network\routeTables' + needs: + - job_deploy_rg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['sqlMi.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # # Set keys - # # ---- - # @( - # @{ name = 'keyEncryptionKeySqlMi'; Destination = 'Software' } # SQLManagedInstances - # ) | ForEach-Object { - # $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination - # Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose - # } - # azPSVersion: 'latest' + job_deploy_nsg: + runs-on: ubuntu-20.04 + name: 'Deploy network security groups' + env: + namespace: 'Microsoft.Network\networkSecurityGroups' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: + [ + 'apgw.parameters.json', + 'ase.parameters.json', + 'bastion.parameters.json', + 'parameters.json', + ] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_avdag: - # runs-on: ubuntu-20.04 - # name: 'Deploy AVD application group' - # env: - # namespace: 'Microsoft.DesktopVirtualization\applicationgroups' - # needs: - # - job_deploy_avdhp - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_sqlmi_nsg: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi network security group' + if: github.event.inputs.deploySqlMiDependencies == 'true' + env: + namespace: 'Microsoft.Network\networkSecurityGroups' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['sqlmi.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_rolea: - # runs-on: ubuntu-20.04 - # name: 'Deploy role assignments' - # env: - # namespace: 'Microsoft.Authorization\roleAssignments' - # needs: - # - job_deploy_msi - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_rbac_sub.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' - # customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + job_deploy_pip: + runs-on: ubuntu-20.04 + name: 'Deploy public IP addresses' + env: + namespace: 'Microsoft.Network\publicIPAddresses' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: + ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_vnet: - # runs-on: ubuntu-20.04 - # name: 'Deploy virtual networks' - # env: - # namespace: 'Microsoft.Network\virtualNetworks' - # needs: - # - job_deploy_nsg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: - # [ - # '1.bastion.parameters.json', - # '2.vnetpeer01.parameters.json', - # '3.vnetpeer02.parameters.json', - # '4.azfw.parameters.json', - # '5.aks.parameters.json', - # 'parameters.json', - # ] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_appi: + runs-on: ubuntu-20.04 + name: 'Deploy application insight' + env: + namespace: 'Microsoft.Insights\components' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_sqlmi_vnet: - # runs-on: ubuntu-20.04 - # name: 'Deploy sqlmi virtual network' - # if: github.event.inputs.deploySqlMiDependencies == 'true' - # env: - # namespace: 'Microsoft.Network\virtualNetworks' - # needs: - # - job_deploy_sqlmi_udr - # - job_deploy_sqlmi_nsg - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['6.sqlmi.parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_aut: + runs-on: ubuntu-20.04 + name: 'Deploy automation account' + env: + namespace: 'Microsoft.Automation\automationAccounts' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_dnszone: - # runs-on: ubuntu-20.04 - # name: 'Deploy private DNS zones' - # env: - # namespace: 'Microsoft.Network\privateDnsZones' - # needs: - # - job_deploy_vnet - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_avdhp: + runs-on: ubuntu-20.04 + name: 'Deploy AVD host pool' + env: + namespace: 'Microsoft.DesktopVirtualization\hostpools' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' - # job_deploy_vm: - # runs-on: ubuntu-20.04 - # name: 'Deploy virtual machines' - # env: - # namespace: 'Microsoft.Compute\virtualMachines' - # needs: - # - job_deploy_kv_secrets - # - job_deploy_vnet - # - job_deploy_rsv - # strategy: - # fail-fast: false - # matrix: - # parameterFilePaths: ['parameters.json'] - # steps: - # - name: 'Checkout' - # uses: actions/checkout@v2 - # with: - # fetch-depth: 0 - # - name: 'Deploy module' - # uses: ./.github/actions/templates/validateModuleDeployment - # with: - # templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' - # parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' - # location: '${{ env.defaultLocation }}' - # resourceGroupName: '${{ env.defaultResourceGroupName }}' - # subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - # managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - # removeDeployment: '${{ env.removeDeployment }}' + job_deploy_rsv: + runs-on: ubuntu-20.04 + name: 'Deploy recovery services vault' + env: + namespace: 'Microsoft.RecoveryServices\vaults' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + - job_deploy_msi + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + + job_deploy_kv: + runs-on: ubuntu-20.04 + name: 'Deploy key vaults' + env: + namespace: 'Microsoft.KeyVault\vaults' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + - job_deploy_msi + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json', 'pe.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + + job_deploy_kv_secrets: + runs-on: ubuntu-20.04 + name: 'Set key vault secrets keys and certificates' + env: + namespace: 'Microsoft.KeyVault\vaults' + needs: + - job_deploy_kv + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Setup agent' + shell: pwsh + run: | + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.KeyVault' } + ) + + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - name: Azure Login + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + enable-AzPSSession: true + - name: 'Set key vault secrets keys and certificates' + uses: azure/powershell@v1 + with: + inlineScript: | + # Get key vault name + $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies' '${{ env.namespace }}' 'parameters' 'parameters.json' + $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters + $keyVaultName = $keyVaultParameters.name.value + + # Generate values + $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length + $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + $passwordString = (New-Guid).Guid.SubString(0, 19) + $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + $vpnSharedKeyString = (New-Guid).Guid.SubString(0, 32) + $vpnSharedKey = ConvertTo-SecureString -String $vpnSharedKeyString -AsPlainText -Force + + # Set secrets + # ------- + @( + @{ name = 'adminUsername'; secretValue = $username } # VirtualMachines and VMSS + @{ name = 'adminPassword'; secretValue = $password } # VirtualMachines and VMSS + @{ name = 'administratorLogin'; secretValue = $username } # Azure SQLServer + @{ name = 'administratorLoginPassword'; secretValue = $password } # Azure SQLServer + @{ name = 'vpnSharedKey'; secretValue = $vpnSharedKey } # VirtualNetworkGateway + @{ name = 'apimClientId'; secretValue = $username } # API management + @{ name = 'apimClientSecret'; secretValue = $password } # API management + ) | ForEach-Object { + $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue + Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + + # Set certificates + # ----------- + $certPolicy = New-AzKeyVaultCertificatePolicy -SecretContentType 'application/x-pkcs12' -SubjectName 'CN=fabrikam.com' -IssuerName 'Self' -ValidityInMonths 12 -ReuseKeyOnRenewal + @( + @{ name = 'applicationGatewaySslCertificate'; CertificatePolicy = $certPolicy } # ApplicationGateway + ) | ForEach-Object { + $null = Add-AzKeyVaultCertificate -VaultName $keyVaultName -Name $_.name -CertificatePolicy $_.CertificatePolicy + Write-Verbose ('Added certificate [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + + # Set keys + # ---- + @( + @{ name = 'keyEncryptionKey'; Destination = 'Software' } # DiskEncryptionSet, VirtualMachines and VMSS + ) | ForEach-Object { + $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination + Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + azPSVersion: 'latest' + + job_deploy_sqlmi_kv: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi key vault' + if: github.event.inputs.deploySqlMiDependencies == 'true' + env: + namespace: 'Microsoft.KeyVault\vaults' + needs: + - job_deploy_sa + - job_deploy_evh + - job_deploy_law + - job_deploy_msi + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['sqlmi.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + + job_deploy_sqlmi_kv_secrets: + runs-on: ubuntu-20.04 + name: 'Set sqlmi key vault secrets and keys' + if: github.event.inputs.deploySqlMiDependencies == 'true' + needs: + - job_deploy_sqlmi_kv + env: + namespace: 'Microsoft.KeyVault\vaults' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Setup agent' + shell: pwsh + run: | + # Load used functions + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1') + + # Define PS modules to install on the runner + $Modules = @( + @{ Name = 'Az.KeyVault' } + ) + + # Set agent up + Set-EnvironmentOnAgent -PSModules $Modules + - name: Azure Login + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + enable-AzPSSession: true + - name: 'Set sqlmi key vault secrets and keys' + uses: azure/powershell@v1 + with: + inlineScript: | + # Get key vault name + $parameterFilePath = Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'dependencies' '${{ env.namespace }}' 'parameters' 'sqlmi.parameters.json' + $keyVaultParameters = (ConvertFrom-Json (Get-Content -Path $parameterFilePath -Raw)).parameters + $keyVaultName = $keyVaultParameters.name.value + + # Generate values + $usernameString = ( -join ((65..90) + (97..122) | Get-Random -Count 9 -SetSeed 1 | ForEach-Object { [char]$_ + "$_" })).substring(0, 19) # max length + $userName = ConvertTo-SecureString -String $usernameString -AsPlainText -Force + $passwordString = (New-Guid).Guid.SubString(0, 19) + $password = ConvertTo-SecureString -String $passwordString -AsPlainText -Force + + # Set secrets + # ------- + @( + @{ name = 'administratorLogin'; secretValue = $username } # SQLManagedInstances + @{ name = 'administratorLoginPassword'; secretValue = $password } # SQLManagedInstances + ) | ForEach-Object { + $null = Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $_.name -SecretValue $_.secretValue + Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + + # Set keys + # ---- + @( + @{ name = 'keyEncryptionKeySqlMi'; Destination = 'Software' } # SQLManagedInstances + ) | ForEach-Object { + $null = Add-AzKeyVaultKey -VaultName $keyVaultName -Name $_.name -Destination $_.Destination + Write-Verbose ('Added key [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose + } + azPSVersion: 'latest' + + job_deploy_avdag: + runs-on: ubuntu-20.04 + name: 'Deploy AVD application group' + env: + namespace: 'Microsoft.DesktopVirtualization\applicationgroups' + needs: + - job_deploy_avdhp + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_rolea: + runs-on: ubuntu-20.04 + name: 'Deploy role assignments' + env: + namespace: 'Microsoft.Authorization\roleAssignments' + needs: + - job_deploy_msi + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/.bicep/nested_rbac_sub.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + customParameterFileTokens: '[{"Name":"msiPrincipalId","Value":"${{ needs.job_deploy_msi.outputs.msiPrincipalId }}"}]' + + job_deploy_vnet: + runs-on: ubuntu-20.04 + name: 'Deploy virtual networks' + env: + namespace: 'Microsoft.Network\virtualNetworks' + needs: + - job_deploy_nsg + strategy: + fail-fast: false + matrix: + parameterFilePaths: + [ + '1.bastion.parameters.json', + '2.vnetpeer01.parameters.json', + '3.vnetpeer02.parameters.json', + '4.azfw.parameters.json', + '5.aks.parameters.json', + 'parameters.json', + ] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_sqlmi_vnet: + runs-on: ubuntu-20.04 + name: 'Deploy sqlmi virtual network' + if: github.event.inputs.deploySqlMiDependencies == 'true' + env: + namespace: 'Microsoft.Network\virtualNetworks' + needs: + - job_deploy_sqlmi_udr + - job_deploy_sqlmi_nsg + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['6.sqlmi.parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_dnszone: + runs-on: ubuntu-20.04 + name: 'Deploy private DNS zones' + env: + namespace: 'Microsoft.Network\privateDnsZones' + needs: + - job_deploy_vnet + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' + + job_deploy_vm: + runs-on: ubuntu-20.04 + name: 'Deploy virtual machines' + env: + namespace: 'Microsoft.Compute\virtualMachines' + needs: + - job_deploy_kv_secrets + - job_deploy_vnet + - job_deploy_rsv + strategy: + fail-fast: false + matrix: + parameterFilePaths: ['parameters.json'] + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Deploy module' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' + location: '${{ env.defaultLocation }}' + resourceGroupName: '${{ env.defaultResourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ env.removeDeployment }}' From fb2f921ba783b05291da605c7757e4c9e51f176f Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 19:53:10 +0100 Subject: [PATCH 25/31] udr back --- .github/workflows/platform.dependencies.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 4f6c47c141..f281ae30d8 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -485,20 +485,17 @@ jobs: managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' removeDeployment: '${{ env.removeDeployment }}' - job_deploy_pip: + job_deploy_udr: runs-on: ubuntu-20.04 - name: 'Deploy public IP addresses' + name: 'Deploy route tables' env: - namespace: 'Microsoft.Network\publicIPAddresses' + namespace: 'Microsoft.Network\routeTables' needs: - - job_deploy_sa - - job_deploy_evh - - job_deploy_law + - job_deploy_rg strategy: fail-fast: false matrix: - parameterFilePaths: - ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json', 'fw.parameters.json'] + parameterFilePaths: ['parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 @@ -621,7 +618,7 @@ jobs: fail-fast: false matrix: parameterFilePaths: - ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json'] + ['apgw.parameters.json', 'bas.parameters.json', 'lb.parameters.json', 'fw.parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 From 073a4b048c00b7c21b69d8acbcb73209d7fd0b3e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 19:57:29 +0100 Subject: [PATCH 26/31] stage condition --- .azuredevops/platformPipelines/platform.dependencies.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index 315255c9e4..ee47ff9a86 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -225,6 +225,7 @@ stages: - stage: deploy_imgt displayName: Deploy image template + condition: eq(parameters.deployVhdDependencies, 'true') dependsOn: - deploy_msi - deploy_sig From fa25503d1db9ff0d5075a8e1717ff322c38de766 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 20:43:57 +0100 Subject: [PATCH 27/31] ado stage condition if --- .azuredevops/platformPipelines/platform.dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index ee47ff9a86..c5ef49a944 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -225,7 +225,7 @@ stages: - stage: deploy_imgt displayName: Deploy image template - condition: eq(parameters.deployVhdDependencies, 'true') + condition: ${{ if eq( parameters.deployVhdDependencies, true) }} dependsOn: - deploy_msi - deploy_sig From 6759b21d326cd289ed2f3cd8729376ca05bec2e7 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Wed, 26 Jan 2022 20:55:39 +0100 Subject: [PATCH 28/31] ado stage condition and --- .azuredevops/platformPipelines/platform.dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index c5ef49a944..7f4c3b4f80 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -225,7 +225,7 @@ stages: - stage: deploy_imgt displayName: Deploy image template - condition: ${{ if eq( parameters.deployVhdDependencies, true) }} + condition: and(succeeded(), eq('${{ parameters.deployVhdDependencies }}', true)) dependsOn: - deploy_msi - deploy_sig From b8488d3dc5655b9715e5be9e973efddfe3336ec0 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 27 Jan 2022 10:20:40 +0100 Subject: [PATCH 29/31] dependson update --- .azuredevops/platformPipelines/platform.dependencies.yml | 2 +- .github/workflows/platform.dependencies.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index 7f4c3b4f80..f68666c18a 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -227,7 +227,7 @@ stages: displayName: Deploy image template condition: and(succeeded(), eq('${{ parameters.deployVhdDependencies }}', true)) dependsOn: - - deploy_msi + - deploy_rolea - deploy_sig - deploy_sa variables: diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index f281ae30d8..5a0d73b85e 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -298,7 +298,7 @@ jobs: env: namespace: 'Microsoft.VirtualMachineImages\imageTemplates' needs: - - job_deploy_msi + - job_deploy_rolea - job_deploy_sig outputs: imageTemplateName: ${{ steps.print_imgt_output.outputs.imageTemplateName }} From 2ebcc96a24a51393feac5ee0d24ff6382b8d0da2 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 27 Jan 2022 10:59:17 +0100 Subject: [PATCH 30/31] Update wiki --- docs/wiki/TestingDesign.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/wiki/TestingDesign.md b/docs/wiki/TestingDesign.md index 16d255850e..1e2d6619fb 100644 --- a/docs/wiki/TestingDesign.md +++ b/docs/wiki/TestingDesign.md @@ -167,6 +167,7 @@ Since also dependency resources are in turn subject to dependencies with each ot >**Note**: This resource is deployed and configured only if sqlmi dependency resources are enabled. - '_adp-sxx-az-vnet-x-001_': Hosting multiple subnets to be leveraged by [virtual machine], [virtual machine scale set], [service bus], [azure NetApp files], [azure bastion], [private endpoints], [app service environment] and [application gateway] resources. 1. AVD application group: This resource is leveraged by the [AVD workspace] resource. + 1. Azure Image Builder template: This resource triggers the build and distribution of a VHD in a storage account. The VHD file is copied to a known storage account blob container and leveraged by [compute disks] and [compute images] resources. **Fifth level resources**: This group of resources has a dependency on one or more resources in the groups above. From 8f9214aeb9c262fe6504156d1587e852d4657b01 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 27 Jan 2022 11:25:57 +0100 Subject: [PATCH 31/31] Remove test ado job --- .../platform.dependencies.yml | 25 ------------------- 1 file changed, 25 deletions(-) diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index f68666c18a..d350052615 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -242,31 +242,6 @@ stages: templateFilePath: $(templateFilePath) displayName: Image template jobName: job_deploy_imgt - - job: job_print_imgt_output - displayName: Set image template output - dependsOn: - - job_deploy_imgt - pool: - ${{ if eq(variables['vmImage'], '') }}: - name: $(poolName) - ${{ if eq(variables['poolName'], '') }}: - vmImage: $(vmImage) - variables: - deploymentOutput: $[ dependencies.job_deploy_imgt.outputs['DeployModule.deploymentOutput'] ] - steps: - - task: PowerShell@2 - name: print_imgt_output - inputs: - targetType: inline - pwsh: true - script: | - # Write-Verbose $(deploymentOutput) -Verbose - $imageTemplateName = (ConvertFrom-Json '$(deploymentOutput)').name - $imageTemplateResourceGroup = (ConvertFrom-Json '$(deploymentOutput)').resourceGroupName - Write-Verbose "imageTemplateName: $imageTemplateName" -Verbose - Write-Verbose "imageTemplateResourceGroup: $imageTemplateResourceGroup" -Verbose - Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateName', $imageTemplateName) - Write-Output ('##vso[task.setvariable variable={0};isOutput=true]{1}' -f 'imageTemplateResourceGroup', $imageTemplateResourceGroup) - job: displayName: Trigger vhd build and store it to a storage account blob container dependsOn: