Merge pull request #1 from qnrl/feature/addGitHubAction

Add Github Action to run PSRule
qnrl · Jul 7, 2023 · 9e31e76 · 9e31e76
2 parents f05583f + 6c6ca44
commit 9e31e76
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 33 deletions.
diff --git a/.github/workflows/repository.yml b/.github/workflows/repository.yml
@@ -0,0 +1,33 @@
+#
+# Analyze repository with PSRule
+#
+
+# For PSRule documentation see:
+# https://aka.ms/ps-rule
+
+# For action details see:
+# https://aka.ms/ps-rule-action
+
+name: Analyze repository
+
+# Run for main or PRs against main
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  analyze:
+    name: Analyze repository
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Run PSRule analysis
+        uses: Microsoft/[email protected]
+        with:
+          modules: PSRule.Rules.Azure
diff --git a/examples/bicep/storage.bicep b/examples/bicep/storage.bicep
@@ -1,47 +1,54 @@
 @description('Storage Account type')
 @allowed([
-  'Premium_LRS'
-  'Premium_ZRS'
-  'Standard_GRS'
-  'Standard_GZRS'
-  'Standard_LRS'
-  'Standard_RAGRS'
-  'Standard_RAGZRS'
-  'Standard_ZRS'
+    'Premium_LRS'
+    'Premium_ZRS'
+    'Standard_GRS'
+    'Standard_GZRS'
+    'Standard_LRS'
+    'Standard_RAGRS'
+    'Standard_RAGZRS'
+    'Standard_ZRS'
 ])
-param storageAccountType string
+param storageAccountType string = 'Standard_LRS'
 
 @description('The storage account location.')
-param location string
+param location string = resourceGroup().location
 
 @description('The name of the storage account')
-param storageAccountName string
+param storageAccountName string = 'storagedefaultname'
 
 resource sa 'Microsoft.Storage/storageAccounts@2022-09-01' = {
-  name: storageAccountName
-  location: location
-  sku: {
-    name: storageAccountType
-  }
-  kind: 'StorageV2'
-  properties: {
-    supportsHttpsTrafficOnly: true
-    minimumTlsVersion: 'TLS1_2'
-    allowBlobPublicAccess: false
-  }
-  resource blobs 'blobServices@2022-09-01' = {
-    name: 'default'
+    name: storageAccountName
+    location: location
+    sku: {
+        name: storageAccountType
+    }
+    kind: 'StorageV2'
     properties: {
-      deleteRetentionPolicy: {
-        enabled: true
-        days: 7
-      }
-      containerDeleteRetentionPolicy: {
-        enabled: true
-        days: 7
-      }
+        supportsHttpsTrafficOnly: true
+        minimumTlsVersion: 'TLS1_2'
+        allowBlobPublicAccess: false
+        networkAcls: {
+            defaultAction: 'Deny'
+        }
+    }
+    tags: {
+        environment: 'Production'
+        costCode: '123456'
+    }
+    resource blobs 'blobServices@2022-09-01' = {
+        name: 'default'
+        properties: {
+            deleteRetentionPolicy: {
+                enabled: true
+                days: 7
+            }
+            containerDeleteRetentionPolicy: {
+                enabled: true
+                days: 7
+            }
+        }
     }
-  }
 }
 
 output storageAccountName string = storageAccountName