-
Notifications
You must be signed in to change notification settings - Fork 310
141 lines (127 loc) · 6.77 KB
/
AzGovViz.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Azure Governance Visualizer v6_major_20230728_1
# First things first:
# 1. Mandatory: define <Management Group Id> in line 11
# 2. Optional: enable the schedule (line 21,22)
# Documentation: https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting
name: AzureGovernanceVisualizer
env:
OutputPath: wiki
ManagementGroupId: <Management Group Id> #provide the Management Group Id, not the displayName
ScriptDir: pwsh #example: 'my folder\pwsh' or 'my folder/pwsh'
ScriptPrereqFile: prerequisites.ps1
ScriptFile: AzGovVizParallel.ps1
WebAppPublish: false #set to true and define the Web App details in the next 3 lines
WebAppSubscriptionId: <subscriptionId> e.g. 2674403a-4acd-40e6-a694-2ac7b968761e
WebAppResourceGroup: <ResourceGroupName> e.g. MyWebAppResourceGroup
WebAppName: <Name> e.g. MyAzGovVizWebApp
#handle the GitHub 100MB file size limit; files in the folder 'OutputPath' hitting the limit will be removed https://docs.github.com/en/repositories/working-with-files/managing-large-files/about-large-files-on-github#file-size-limits
#set to true AND uncomment line 80
HandleGitHub100MBFileSizeLimit: false
on:
#schedule:
# - cron: '30 4 * * *'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
AzureGovernanceVisualizer:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout
uses: actions/checkout@v2
- name: Connect Azure
uses: azure/login@v2
with:
creds: ${{secrets.CREDS}}
enable-AzPSSession: true
# Create secret CREDS (GitHub/Setting/Secrets)
# CREDS looks like this:
# {
# "tenantId": "<GUID>",
# "subscriptionId": "<GUID>",
# "clientId": "<GUID>",
# "clientSecret": "<GUID>"
# }
- name: Check prerequisites
uses: azure/powershell@v1
with:
inlineScript: |
. .\$($env:ScriptDir)\$($env:ScriptPrereqFile) -OutputPath ${env:OutputPath}
azPSVersion: "latest"
- name: Run Azure Governance Visualizer
uses: azure/powershell@v1
with:
inlineScript: |
. .\$($env:ScriptDir)\$($env:ScriptFile) -ManagementGroupId ${env:ManagementGroupId} -ScriptPath ${env:ScriptDir} -OutputPath ${env:OutputPath}
azPSVersion: "latest"
- name: Handle GH 100MB file size limit
if: env.HandleGitHub100MBFileSizeLimit == 'true'
shell: pwsh
run: |
Write-Host "Checking files in $($env:OutputPath) for GitHub 100MB file size limit"
Write-Host "Ref: https://docs.github.com/en/repositories/working-with-files/managing-large-files/about-large-files-on-github#file-size-limits"
$files = Get-ChildItem -Path $($env:OutputPath) -File -Recurse -ErrorAction Stop
Write-Host "Found total of $($files.Count) files"
$gitHubFileSizeLimit = 100
$largeFiles = $files.where({ $_.Length / 1MB -gt $gitHubFileSizeLimit })
Write-Host "Found $($largeFiles.Count) files hitting the GitHub file size limit"
foreach ($file in $largeFiles) {
Write-Host "File '$($file.Name)' size $($file.Length / 1MB)MB exceeds the GitHub 100MB file size limit - removing file $($file.FullName)"
#Remove-Item -Path $file.FullName -Force
}
- name: Push Azure Governance Visualizer output to repository
run: |
git config --global user.email "AzureGovernanceVisualizerGHActions@ghActions.com"
git config --global user.name "$GITHUB_ACTOR"
git config pull.rebase false
git add --all
git commit -m "$GITHUB_WORKFLOW $GITHUB_JOB"
git push
- name: Publish HTML to WebApp
if: env.WebAppPublish == 'true'
uses: azure/powershell@v1
with:
inlineScript: |
$azAPICallConf = initAzAPICall -DebugAzAPICall $true
$currentTask = "AzAPICall - Check if WebApp ($($env:WebAppName)) has Authentication enabled"
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($env:WebAppSubscriptionId)/resourceGroups/$($env:WebAppResourceGroup)/providers/Microsoft.Web/sites/$($env:WebAppName)/config/authsettings/list?api-version=2021-02-01"
$method = 'POST'
$request = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -listenOn 'Content'
$authStatus = $request.properties.enabled
Write-Host "WebApp ($($env:WebAppName)) has Authentication enabled: $authStatus"
if ($authStatus) {
try {
if (Test-Path -Path "$($env:OutputPath)/AzGovViz_$($env:ManagementGroupId)_DefinitionInsights.html") {
try {
Compress-Archive -Path "$($env:OutputPath)/AzGovViz_$($env:ManagementGroupId).html", "$($env:OutputPath)/AzGovViz_$($env:ManagementGroupId)_DefinitionInsights.html" -DestinationPath "$($env:OutputPath)/AzGovViz_$($env:ManagementGroupId).zip" -ErrorAction Stop
}
catch {
throw 'Make sure that the ManagementGroupId variable in the AzGovViz*.yml has correct casing (Linux!=linuX)'
}
}
else {
try {
Compress-Archive -Path "$($env:OutputPath)/AzGovViz_$($env:ManagementGroupId).html" -DestinationPath "$($env:OutputPath)/AzGovViz_$($env:ManagementGroupId).zip" -ErrorAction Stop
}
catch {
throw 'Make sure that the ManagementGroupId variable in the AzGovViz*.yml has correct casing (Linux!=linuX)'
}
}
$null = Select-AzSubscription -SubscriptionId $($env:WebAppSubscriptionId)
if (Publish-AzWebApp -ResourceGroupName $($env:WebAppResourceGroup) -Name $($env:WebAppName) -ArchivePath "$($env:OutputPath)/AzGovViz_$($env:ManagementGroupId).zip" -Force) {
Write-Host 'HTML published'
}
}
catch {
$_
Write-Host 'HTML NOT published'
Write-Host "RBAC Role 'Website Contributor' is required"
exit 1
}
}
else {
Write-Host 'Assuming and insisting that you do not want to publish your tenant insights to the public'
Write-Host "HTML NOT published. Please configure authentication on the Azure Web App ($($env:WebAppName))."
exit 1
}
azPSVersion: "latest"