From 569bc2be7480d98095376c1adbc301c56b5e2386 Mon Sep 17 00:00:00 2001 From: Rohan Cragg Date: Thu, 6 Jul 2023 14:39:10 +0000 Subject: [PATCH 1/4] Add Github Action to run PSRule --- .github/workflows/repository.yml | 33 ++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/repository.yml diff --git a/.github/workflows/repository.yml b/.github/workflows/repository.yml new file mode 100644 index 0000000..24ab44a --- /dev/null +++ b/.github/workflows/repository.yml @@ -0,0 +1,33 @@ +# +# Analyze repository with PSRule +# + +# For PSRule documentation see: +# https://aka.ms/ps-rule + +# For action details see: +# https://aka.ms/ps-rule-action + +name: Analyze repository + +# Run for main or PRs against main +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + analyze: + name: Analyze repository + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Run PSRule analysis + uses: Microsoft/ps-rule@v2.9.0 + with: + modules: PSRule.Rules.Azure From 827e4d0b3097661188161e05600a87f1cff78fb3 Mon Sep 17 00:00:00 2001 From: Rohan Cragg Date: Thu, 6 Jul 2023 14:50:49 +0000 Subject: [PATCH 2/4] Fix failing rules to see action go green (?!) --- examples/bicep/storage.bicep | 67 ++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 30 deletions(-) diff --git a/examples/bicep/storage.bicep b/examples/bicep/storage.bicep index 2109b79..35b6e0d 100644 --- a/examples/bicep/storage.bicep +++ b/examples/bicep/storage.bicep @@ -1,13 +1,13 @@ @description('Storage Account type') @allowed([ - 'Premium_LRS' - 'Premium_ZRS' - 'Standard_GRS' - 'Standard_GZRS' - 'Standard_LRS' - 'Standard_RAGRS' - 'Standard_RAGZRS' - 'Standard_ZRS' + 'Premium_LRS' + 'Premium_ZRS' + 'Standard_GRS' + 'Standard_GZRS' + 'Standard_LRS' + 'Standard_RAGRS' + 'Standard_RAGZRS' + 'Standard_ZRS' ]) param storageAccountType string @@ -18,30 +18,37 @@ param location string param storageAccountName string resource sa 'Microsoft.Storage/storageAccounts@2022-09-01' = { - name: storageAccountName - location: location - sku: { - name: storageAccountType - } - kind: 'StorageV2' - properties: { - supportsHttpsTrafficOnly: true - minimumTlsVersion: 'TLS1_2' - allowBlobPublicAccess: false - } - resource blobs 'blobServices@2022-09-01' = { - name: 'default' + name: storageAccountName + location: location + sku: { + name: storageAccountType + } + kind: 'StorageV2' properties: { - deleteRetentionPolicy: { - enabled: true - days: 7 - } - containerDeleteRetentionPolicy: { - enabled: true - days: 7 - } + supportsHttpsTrafficOnly: true + minimumTlsVersion: 'TLS1_2' + allowBlobPublicAccess: false + networkAcls: { + defaultAction: 'Deny' + } + } + tags: { + environment: 'Production' + costCode: '123456' + } + resource blobs 'blobServices@2022-09-01' = { + name: 'default' + properties: { + deleteRetentionPolicy: { + enabled: true + days: 7 + } + containerDeleteRetentionPolicy: { + enabled: true + days: 7 + } + } } - } } output storageAccountName string = storageAccountName From 21c3b6edb6dfb57e171066ea2d01781629ddfa70 Mon Sep 17 00:00:00 2001 From: Rohan Cragg Date: Thu, 6 Jul 2023 14:54:32 +0000 Subject: [PATCH 3/4] Satisfying required param defaults (to remove error for now) --- examples/bicep/storage.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/bicep/storage.bicep b/examples/bicep/storage.bicep index 35b6e0d..0609ece 100644 --- a/examples/bicep/storage.bicep +++ b/examples/bicep/storage.bicep @@ -9,13 +9,13 @@ 'Standard_RAGZRS' 'Standard_ZRS' ]) -param storageAccountType string +param storageAccountType string = 'Standard_LRS' @description('The storage account location.') -param location string +param location string = resourceGroup().location @description('The name of the storage account') -param storageAccountName string +param storageAccountName string = 'storageDefaultName' resource sa 'Microsoft.Storage/storageAccounts@2022-09-01' = { name: storageAccountName From 6c6ca44da9c538e6e598b07d46c388211779e2da Mon Sep 17 00:00:00 2001 From: Rohan Cragg Date: Thu, 6 Jul 2023 14:56:35 +0000 Subject: [PATCH 4/4] Fix error in storage name --- examples/bicep/storage.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/bicep/storage.bicep b/examples/bicep/storage.bicep index 0609ece..dd83805 100644 --- a/examples/bicep/storage.bicep +++ b/examples/bicep/storage.bicep @@ -15,7 +15,7 @@ param storageAccountType string = 'Standard_LRS' param location string = resourceGroup().location @description('The name of the storage account') -param storageAccountName string = 'storageDefaultName' +param storageAccountName string = 'storagedefaultname' resource sa 'Microsoft.Storage/storageAccounts@2022-09-01' = { name: storageAccountName