Work on sarif output

.github/workflows/validate-bicep.yml

@@ -29,11 +29,18 @@ jobs:
     - name: PSRule analysis
       uses: microsoft/[email protected]
       with:
-        modules: PSRule.Rules.Azure,PSRule.Rules.Azure
+        modules: PSRule.Rules.Azure
         inputType: repository
-        outputFormat: None
+        outputFormat: Sarif
+        outputPath: ./psrule.sarif
         outcome: Processed
 
+    - name: Upload PSRule SARIF results
+      uses: github/codeql-action/upload-sarif@v2
+      if: always()
+      with:
+        sarif_file: psrule.sarif
+
     - name: Build Bicep
       run: bicep build src/bicep/main.bicep
 

LICENSE.md

@@ -0,0 +1,25 @@
+The MIT License (MIT)
+=====================
+
+Copyright © 2023 Roderick Bant
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the “Software”), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

ps-rule.yml

@@ -15,6 +15,16 @@ input:
   - '.cz-config.js'
   - 'docs/**'
 
+output:
+  as: Detail
+  encoding: Default
+  format: Sarif
+  jsonIndent: 0
+  outcome: Processed
+  style: Detect
+  sarifProblemsOnly: true
+  path: ./psrule.sarif
+
 execution:
   notProcessedWarning: false
 

src/bicep/main.bicep

@@ -30,17 +30,21 @@ var shortLocations = {
 
 // Name convention parts for infra
 var infraName = '${ shortLocations[location] }-infra-${ labName }'
+var lzName = '${ shortLocations[location] }-lz-${ labName }'
 
 // Name convention resource group names
 var rgNetworkName = 'rg-${ infraName }-network'
 var rgMonitoringName = 'rg-${ infraName }-monitoring'
+var rgLzName = 'rg-${ lzName }'
 
+// Ensure resource group for monitoring exists
 resource rgMonitoring 'Microsoft.Resources/resourceGroups@2022-09-01' = {
   name: rgMonitoringName
   location: location
   tags: tags
 }
 
+// Ensure monitoring resources are deployed
 module monitoring 'modules/monitoring.bicep' = {
   scope: rgMonitoring
   name: 'deploy-monitoring-${ labName }'
@@ -51,12 +55,14 @@ module monitoring 'modules/monitoring.bicep' = {
   }
 }
 
+// Ensure networking resource group exists
 resource rgNetwork 'Microsoft.Resources/resourceGroups@2022-09-01' = {
   name: rgNetworkName
   location: location
   tags: tags
 }
 
+// Deploy hub network resources
 module hubNetwork 'modules/hub-network.bicep' = {
   scope: rgNetwork
   name: 'deploy-hubnetwork-${ labName }'
@@ -68,3 +74,22 @@ module hubNetwork 'modules/hub-network.bicep' = {
     tags: tags
   }
 }
+
+resource rgLz 'Microsoft.Resources/resourceGroups@2022-09-01' = {
+  name: rgLzName
+  location: location
+  tags: tags
+}
+
+module lzNetwork 'modules/peered-vnet-to-hub.bicep' = {
+  scope: rgLz
+  name: 'deploy-lznetwork-${ labName }'
+  params: {
+    location: location
+    firewallIp: hubNetwork.outputs.firewallPrivateIpAddress
+    hubVnetId: hubNetwork.outputs.hubVnetId
+    tags: tags
+    vNetAddressPrefix: '10.0.100.0/24'
+    vNetName: 'vnet-${ lzName }'
+  }
+}

src/bicep/modules/peered-vnet-to-hub.bicep

@@ -121,3 +121,5 @@ resource peerVnetToHub 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings
     }
   }
 }
+
+output spokeVnetId string = newVnet.id