This repository has been archived by the owner on Oct 5, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 83
62 lines (52 loc) · 3.82 KB
/
sample-workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
name: Deploy ALZ Monitor policies
on:
workflow_dispatch: {}
permissions:
id-token: write
contents: read
env:
Location: "norwayeast"
ManagementGroupPrefix: "alz"
identityManagementGroup: "alz-platform-identity"
managementManagementGroup: "alz-platform-management"
connectivityManagementGroup: "alz-platform-connectivity"
LZManagementGroup: "alz-landing-zone"
jobs:
deploy_job:
runs-on: ubuntu-latest
environment: deploy
steps:
- name: Checkout Repo
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: 'Az CLI login'
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
enable-AzPSSession: true
- name: Az CLI Deploy Monitor Policy Definitions
id: create_monitor_policy_defs
shell: bash
run: |
az deployment mg create --template-file infra-as-code/bicep/deploy_dine_policies.bicep --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }}
- name: Az CLI Deploy Monitor Policy Initiative Definitions
id: create_monitor_policy_initiative_defs
shell: bash
run: |
az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }}
az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }}
az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }}
az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }}
az deployment mg create --template-file ./src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }}
- name: Az CLI Monitor Policy initiative assignments
id: assign_monitor_policy_initiatives
shell: bash
run: |
az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_identity.bicep --location ${{ env.Location }} --management-group-id ${{ env.identityManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-identity.json
az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_management.bicep --location ${{ env.Location }} --management-group-id ${{ env.managementManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-management.json
az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_connectivity.bicep --location ${{ env.Location }} --management-group-id ${{ env.connectivityManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-connectivity.json
az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_landingzones.bicep --location ${{ env.Location }} --management-group-id ${{ env.LZManagementGroup }} --parameters ./infra-as-code/bicep/parameters-complete-landingzones.json
az deployment mg create --template-file ./infra-as-code/bicep/assign_initiatives_servicehealth.bicep --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} --parameters ./infra-as-code/bicep/parameters-complete-servicehealth.json